A Topological Analysis of Monitor Placement

Sixth IEEE International Symposium on Network Computing and Applications (NCA 2007) Pub Date : 2007-07-12 DOI:10.1109/NCA.2007.3

A. Jackson, W. Milliken, C. Santivanez, M. Condell, W. Strayer

{"title":"A Topological Analysis of Monitor Placement","authors":"A. Jackson, W. Milliken, C. Santivanez, M. Condell, W. Strayer","doi":"10.1109/NCA.2007.3","DOIUrl":null,"url":null,"abstract":"The Internet is an extremely complex system, and it is essential that we be able to make accurate measurements in order to understand its underlying behavior or to detect improper behavior (e.g., attacks). The reality, however, is that it is impractical to fully instrument anything but relatively small networks and impossible to even partially instrument many parts of the Internet. This paper analyzes a subset of the general monitor placement problem where the goal is to maximize the coverage of the entire universe of potential communication pairs (i.e., source and destination are randomly distributed in the routable Internet address space). This issue arises, for example, when trying to detect/track a distributed attack. We present results from a simulation, seeded with data from skitter and RouteViews, that indicate we can monitor a packet with a high probability by monitoring relatively few points in the Internet. Our analysis suggests that the preferred strategy to place monitors should be to instrument one or two specific inter-AS links per AS for many ASes rather than deeply instrumenting a subset of the largest ASes.","PeriodicalId":135395,"journal":{"name":"Sixth IEEE International Symposium on Network Computing and Applications (NCA 2007)","volume":null,"pages":null},"PeriodicalIF":0.0000,"publicationDate":"2007-07-12","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"20","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Sixth IEEE International Symposium on Network Computing and Applications (NCA 2007)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/NCA.2007.3","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 20

Abstract

The Internet is an extremely complex system, and it is essential that we be able to make accurate measurements in order to understand its underlying behavior or to detect improper behavior (e.g., attacks). The reality, however, is that it is impractical to fully instrument anything but relatively small networks and impossible to even partially instrument many parts of the Internet. This paper analyzes a subset of the general monitor placement problem where the goal is to maximize the coverage of the entire universe of potential communication pairs (i.e., source and destination are randomly distributed in the routable Internet address space). This issue arises, for example, when trying to detect/track a distributed attack. We present results from a simulation, seeded with data from skitter and RouteViews, that indicate we can monitor a packet with a high probability by monitoring relatively few points in the Internet. Our analysis suggests that the preferred strategy to place monitors should be to instrument one or two specific inter-AS links per AS for many ASes rather than deeply instrumenting a subset of the largest ASes.

查看原文本刊更多论文

监视器放置的拓扑分析

互联网是一个极其复杂的系统，我们必须能够进行准确的测量，以便了解其潜在的行为或检测不适当的行为(例如，攻击)。然而，现实情况是，除了相对较小的网络之外，完全仪器化任何东西都是不切实际的，甚至不可能部分仪器化互联网的许多部分。本文分析了一般监视器放置问题的一个子集，其目标是最大化潜在通信对的整个宇宙的覆盖范围(即，源和目标随机分布在可路由的Internet地址空间中)。例如，当试图检测/跟踪分布式攻击时，就会出现这个问题。我们给出了一个模拟的结果，其中包含了来自skitter和RouteViews的数据，表明我们可以通过监控互联网中相对较少的点来以高概率监控数据包。我们的分析表明，放置监视器的首选策略应该是为许多AS检测每个AS的一个或两个特定的AS间链接，而不是深度检测最大的AS的一个子集。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

Sixth IEEE International Symposium on Network Computing and Applications (NCA 2007)

自引率

0.00%

发文量