Efficient Constraint Monitoring Using Adaptive Thresholds Srinivas Kashyap, IBM T. J. Watson Research Center Jeyashankar Ramamirtham, Netcore Solutions.

Slides:

Advertisements

Similar presentations

Theory Lunch. 2 Problem Areas Network Virtualization for Experimentation and Architecture –Embedding problems –Economics problems (markets, etc.) Network.

Advertisements

Optimizing Cost and Performance for Multihoming Nick Feamster CS 6250 Fall 2011.

State Monitoring in Cloud Datacenters Shing Meng (Student Member, IEEE) Ling Liu (Senior Member, IEEE) Ting Wang (Student Member, IEEE) IEEE Transactions.

Quality-of-Service Routing in IP Networks Donna Ghosh, Venkatesh Sarangan, and Raj Acharya IEEE TRANSACTIONS ON MULTIMEDIA JUNE 2001.

Energy-Efficient Congestion Control Opportunistically reduce link capacity to save energy Lingwen Gan 1, Anwar Walid 2, Steven Low 1 1 Caltech, 2 Bell.

COS 461 Fall 1997 Routing COS 461 Fall 1997 Typical Structure.

A Fast and Compact Method for Unveiling Significant Patterns in High-Speed Networks Tian Bu 1, Jin Cao 1, Aiyou Chen 1, Patrick P. C. Lee 2 Bell Labs,

Optimizing Buffer Management for Reliable Multicast Zhen Xiao AT&T Labs – Research Joint work with Ken Birman and Robbert van Renesse.

MPAC 2004Rae Harbird 1 RUBI Adaptive Resource Discovery for Ubiquitous Computing Rae Harbird Stephen Hailes

1 BGP Anomaly Detection in an ISP Jian Wu (U. Michigan) Z. Morley Mao (U. Michigan) Jennifer Rexford (Princeton) Jia Wang (AT&T Labs)

Receiver-driven Layered Multicast S. McCanne, V. Jacobsen and M. Vetterli SIGCOMM 1996.

1 Internet Networking Spring 2004 Tutorial 13 LSNAT - Load Sharing NAT (RFC 2391)

Ashish Gupta Under Guidance of Prof. B.N. Jain Department of Computer Science and Engineering Advanced Networking Laboratory.

1 In-Network PCA and Anomaly Detection Ling Huang* XuanLong Nguyen* Minos Garofalakis § Michael Jordan* Anthony Joseph* Nina Taft § *UC Berkeley § Intel.

1 Finding a Needle in a Haystack: Pinpointing Significant BGP Routing Changes in an IP Network Jian Wu (University of Michigan) Z. Morley Mao (University.

Beneficial Caching in Mobile Ad Hoc Networks Bin Tang, Samir Das, Himanshu Gupta Computer Science Department Stony Brook University.

Multiple constraints QoS Routing Given: - a (real time) connection request with specified QoS requirements (e.g., Bdw, Delay, Jitter, packet loss, path.

CMPE 150- Introduction to Computer Networks 1 CMPE 150 Fall 2005 Lecture 22 Introduction to Computer Networks.

Communication-Efficient Distributed Monitoring of Thresholded Counts Ram Keralapura, UC-Davis Graham Cormode, Bell Labs Jai Ramamirtham, Bell Labs.

Efficient Monitoring of QoS Parameters (EMQP) Authors: Vadim Drabkin Arie Orlovsky Constantine Elster Instructors: Dr. Danny Raz Mr. Ran Wolff.

1 Toward Sophisticated Detection With Distributed Triggers Ling Huang* Minos Garofalakis § Joe Hellerstein* Anthony Joseph* Nina Taft § *UC Berkeley §

Cumulative Violation For any window size  t  Communication-Efficient Tracking for Distributed Cumulative Triggers Ling Huang* Minos Garofalakis.

Detecting SYN-Flooding Attacks ＡａｒｏｎＢｅａｃｈＣＳ３９５ＮｅｔｗｏｒｋＳｅｃｕｒｉｔｙＳｐｒｉｎｇ２００４.

Spring Routing & Switching Umar Kalim Dept. of Communication Systems Engineering 06/04/2007.

The Delta Routing Project Low-loss Routing for Hybrid Private Networks George Porter (UCB) Minwen Ji, Ph.D. (SRC - HP Labs)

Multipath Routing CS 522 F2003 Beaux Sharifi. Agenda Description of Multipath Routing Necessity of Multipath Routing 3 Major Components Necessary for.

1 Spring Semester 2007, Dept. of Computer Science, Technion Internet Networking recitation #12 LSNAT - Load Sharing NAT (RFC 2391)

Building a Strong Foundation for a Future Internet Jennifer Rexford ’91 Computer Science Department (and Electrical Engineering and the Center for IT Policy)

Host Intrusion Prevention Systems & Beyond

1 Minimization of Network Power Consumption with Redundancy Elimination T. Khoa Phan* Joint work with: Frédéric Giroire*, Joanna Moulierac* and Frédéric.

PROMISE: Peer-to-Peer Media Streaming Using CollectCast Presented by: Randeep Singh Gakhal CMPT 886, July 2004.

Not All Microseconds are Equal: Fine-Grained Per-Flow Measurements with Reference Latency Interpolation Myungjin Lee †, Nick Duffield‡, Ramana Rao Kompella†

Data Communications and Networks

DaVinci: Dynamically Adaptive Virtual Networks for a Customized Internet Jennifer Rexford Princeton University With Jiayue He, Rui Zhang-Shen, Ying Li,

1 Pertemuan 20 Teknik Routing Matakuliah: H0174/Jaringan Komputer Tahun: 2006 Versi: 1/0.

Optimizing Cost and Performance in Online Service Provider COSC7388 – Advanced Distributed Computing Presented By: Eshwar Rohit

1 Introducing Routing 1. Dynamic routing - information is learned from other routers, and routing protocols adjust routes automatically. 2. Static routing.

Networks – Network Architecture Network architecture is specification of design principles (including data formats and procedures) for creating a network.

Overlay Network Physical LayerR : router Overlay Layer N R R R R R N.

Wireless Sensor Networks COE 499 Energy Aware Routing

PRESENTED BY A. B. C. 1 User Oriented Regional Registration- Based Mobile Multicast Service Management in Mobile IP Networks Ing-Ray Chen and Ding-Chau.

Scalable Multi-Class Traffic Management in Data Center Backbone Networks Amitabha Ghosh (UtopiaCompression) Sangtae Ha (Princeton) Edward Crabbe (Google)

1 LD-Sketch: A Distributed Sketching Design for Accurate and Scalable Anomaly Detection in Network Data Streams Qun Huang and Patrick P. C. Lee The Chinese.

An optimal power-saving class II for VoIP traffic and its performance evaluations in IEEE e JungRyun Lee School of Electrical and Electronics Eng,Chung-Ang.

Zibin Zheng DR 2 : Dynamic Request Routing for Tolerating Latency Variability in Cloud Applications CLOUD 2013 Jieming Zhu, Zibin.

1 Efficient Dependency Tracking for Relevant Events in Shared Memory Systems Anurag Agarwal Vijay K. Garg

Open-Eye Georgios Androulidakis National Technical University of Athens.

Presented by Rebecca Meinhold But How Does the Internet Work?

Two-Tier Resource Management Designed after the Internet’s two-tier routing hierarchy Separate packet forwarding from admission and resource allocation.

DaVinci: Dynamically Adaptive Virtual Networks for a Customized Internet Jiayue He, Rui Zhang-Shen, Ying Li, Cheng-Yen Lee, Jennifer Rexford, and Mung.

1 Utilizing Shared Vehicle Trajectories for Data Forwarding in Vehicular Networks IEEE INFOCOM MINI-CONFERENCE Fulong Xu, Shuo Gu, Jaehoon Jeong, Yu Gu,

Stainov - DataComMET CS TC5353 THE NETWORK LAYER 5.2 ROUTING ALGORITHMS - adaptive Distance Vector Routing (Bellman-Ford, Ford-Fulkenson). It was used.

Low-Rate TCP-Targeted DoS Attack Disrupts Internet Routing Ying Zhang Z. Morley Mao Jia Wang Presented in NDSS07 Prepared by : Hale Ismet.

1 An Arc-Path Model for OSPF Weight Setting Problem Dr.Jeffery Kennington Anusha Madhavan.

THE IMPACT OF OSPF ROUTING ON MILITARY MANETS BY ROCCO LUPOI UNDER THE GUIDANCE OF DR. GRANT WIGLEY THESIS - BACHELOR OF COMPUTER SCIENCE (HONOURS) - LHIS.

November 4, 2003Applied Research Laboratory, Washington University in St. Louis APOC 2003 Wuhan, China Cost Efficient Routing in Ad Hoc Mobile Wireless.

Efficient Resource Allocation for Wireless Multicast De-Nian Yang, Member, IEEE Ming-Syan Chen, Fellow, IEEE IEEE Transactions on Mobile Computing, April.

MATE: MPLS Adaptive Traffic Engineering Anwar Elwalid Cheng Jin Steven Low Indra Widjaja Bell Labs Michigan altech Fujitsu 2006.

Delay in packet switched network. Circuit switching In Circuit switched networks the resources needed along a path (buffers and link transmission rate)

1 Transport Layer: Basics Outline Intro to transport UDP Congestion control basics.

2009/6/221 BotMiner: Clustering Analysis of Network Traffic for Protocol- and Structure- Independent Botnet Detection Reporter : Fong-Ruei, Li Machine.

Internet Traffic Engineering Motivation: –The Fish problem, congested links. –Two properties of IP routing Destination based Local optimization TE: optimizing.

Presented by Rukmini and Diksha Chauhan Virginia Tech 2 nd May, 2007 Movement-Based Checkpointing and Logging for Recovery in Mobile Computing Systems.

Firewalls. Overview of Firewalls As the name implies, a firewall acts to provide secured access between two networks A firewall may be implemented as.

Continuous Monitoring of Distributed Data Streams over a Time-based Sliding Window MADALGO – Center for Massive Data Algorithmics, a Center of the Danish.

Constraint-Based Routing

Jian Wu (University of Michigan)

Lei Chen and Wendi B. Heinzelman , University of Rochester

An Adaptive Middleware for Supporting Time-Critical Event Response

IP Traceback Problem: How do we determine where malicious packet came from ? It’s a problem because attacker can spoof source IP address If we know where.

Presentation transcript:

Efficient Constraint Monitoring Using Adaptive Thresholds Srinivas Kashyap, IBM T. J. Watson Research Center Jeyashankar Ramamirtham, Netcore Solutions Rajeev Rastogi, Yahoo! Labs Bangalore Pushpraj Shukla, Univ of Texas at Austin

Talk Outline Motivation Constraint monitoring architecture Existing approaches Problem formulation Markov-based algorithm Reactive algorithm Experimental results Conclusions

Constraint Monitoring Problem Detect violation of distributed SUM constraints –Distributed Triggers [Jain et al. 04] T time X 1 +…+X m T X1X1 XnXn Constraint: X 1 +…+X n T Sites: Detect Variables X1X1

Applications: Network Monitoring Alert when sum of link delays along a Voice over IP path exceeds 200msec Monitor the volume of remote login (telnet, ssh, ftp etc.) requests received by hosts within the organization that originate from the external hosts. Network Operations Center (NOC) Source Destination Duration Bytes Protocol K http K http K http K http K http K ftp K ftp K ftp Example NetFlow IP Session Data Identify all destinations that receive more than 2GB of traffic from the monitored network in a day, and report their transfer totals

Constraint Monitoring Architecture At site j: – if X j >T j : send alarm to coordinator (with X j value) At coordinator: – if X j + : poll X i values to check if constraint is violated (global poll) X1X1 XnXn Coordinator Sites Variables: Local thresholds:T1T1 TnTn

Existing Approaches: Zero Slack Local thresholds satisfy: Drawback: every alarm  global poll ( )

Existing Approaches: Zero Slack Static local thresholds [Jain et al. 04] Dynamic local thresholds [Sharfman et al. 06] –Thresholds reset each time alarm generated

Non-zero Slack [Dilman and Raz 01] Threshold setting with slack: Slack leads to fewer global polls Slack = 30

Non-zero Slack: Key Questions How to set local threshold values so that constraint violations can be detected with minimal communication overhead? – too low  too many local alarms – too high  too many global polls How to adapt thresholds for changing data distributions?

Communication Cost Model Define Y i = X i if X i >T i = T i otherwise Coordinator’s SUM estimate Y =  i Y i Probability of local alarm P l (i) = Pr[X i > T i ] Probability of global poll P g = Pr[Y > T] Local alarm is O(1) messages, global poll is O(n) messages Expected cost = n * P g +  i P l (i)

Problem Formulation Given threshold T and variables X i at sites, select local thresholds T i such that the cost n * P g +  i P l (i) is minimized.

Key Challenge Depends on Ti values at all sites Optimal value computation requires enumerating all Ti value combinations Each site maintains histogram: H i (v) = Pr[X i = v] Then –Can be computed locally for specific T i value Computing

Markov-based Algorithm Key idea: Use Markov’s inequality to decompose Pg into components that can be computed locally Each site can independently determine T i value that minimizes its contribution to the total cost

Drawback of the Markov Algorithm Markov’s inequality over-estimates global poll probability P g –computed thresholds T i ’ lower than optimal

Reactive Algorithm Key idea: Use local alarms and global polls to adjust T i values Let at thresholds T i ’ computed by Markov On local alarm: With probability On global poll: With probability

Analysis At stable state, Since Markov inequality over-estimates P g, at T i ’ So thresholds T i will converge to values > T i ’

Experimental Results Real-life datasets –Netflow traces from Abilene network: 73 million packets across 11 routers – Link traces from NLANR: 21 million packets Distributed constraint: Total amount of traffic flowing into network across ingress links T Schemes considered –Geometric [Sharfman et al. 06], Markov-based, Reactive

Communication Savings (Abilene Dataset)

Breakup of Message Overhead (Abilene Dataset) Geometric Markov Reactive

Effect of scale (NLANR Dataset)

Summary Reactive algorithm for setting local thresholds in non-zero slack setting – Uses on Markov’s inequality to simplify global poll probability estimation –Adjusts thresholds in response to local alarm and global poll events –Adapts to changing data distributions Reactive algorithm incurs 60% less communication overhead compared to the state-of-the-art zero slack scheme