TY - GEN
T1 - Lightweight Coordinated Sampling for Dynamic Flows under Budget Constraints
AU - Chen, Mingming
AU - La Porta, Thomas
AU - Jaeger, Trent Ray
AU - Krishnamurthy, Srikanth
N1 - Publisher Copyright:
© 2024 IEEE.
PY - 2024
Y1 - 2024
N2 - As cyber-attacks on networks become more stealthy, monitoring techniques relying on low-rate packet sampling may prove insufficient to detect attacks. While various sampling methods have been proposed to address capacity limitations and enhance detection rates, achieving sampling at line speed at a single point remains challenging due to limited CPU or bandwidth capacity at sampling points. In this paper, we propose harnessing coordinating sampling across switches to create a unified system that can dynamically activate sampling points to meet sampling rate needs. We introduce and implement a coordinated sampling algorithm on multiple P4-programmable switches and show that the algorithm ensures coordination among multiple sampling points for each flow, preventing duplicate samples, with negligible network overhead and real-time configurability. We formulate sampling point placement as budgeted maximum multi-coverage problems, solving them optimally in pseudo-polynomial time. We show our system far outperforms those based on greedy algorithms along many key dimensions.
AB - As cyber-attacks on networks become more stealthy, monitoring techniques relying on low-rate packet sampling may prove insufficient to detect attacks. While various sampling methods have been proposed to address capacity limitations and enhance detection rates, achieving sampling at line speed at a single point remains challenging due to limited CPU or bandwidth capacity at sampling points. In this paper, we propose harnessing coordinating sampling across switches to create a unified system that can dynamically activate sampling points to meet sampling rate needs. We introduce and implement a coordinated sampling algorithm on multiple P4-programmable switches and show that the algorithm ensures coordination among multiple sampling points for each flow, preventing duplicate samples, with negligible network overhead and real-time configurability. We formulate sampling point placement as budgeted maximum multi-coverage problems, solving them optimally in pseudo-polynomial time. We show our system far outperforms those based on greedy algorithms along many key dimensions.
UR - http://www.scopus.com/inward/record.url?scp=85203298660&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85203298660&partnerID=8YFLogxK
U2 - 10.1109/ICCCN61486.2024.10637612
DO - 10.1109/ICCCN61486.2024.10637612
M3 - Conference contribution
AN - SCOPUS:85203298660
T3 - Proceedings - International Conference on Computer Communications and Networks, ICCCN
BT - ICCCN 2024 - 2024 33rd International Conference on Computer Communications and Networks
PB - Institute of Electrical and Electronics Engineers Inc.
T2 - 33rd International Conference on Computer Communications and Networks, ICCCN 2024
Y2 - 29 July 2024 through 31 July 2024
ER -