On Detecting Service Violations and Bandwidth Theft in QoS Network Domains

Get BibTex-formatted data

Download

PDF

Author

A Habib, S Fahmy, S Avasarala, V Prabhakar, B Bhargava

Tech report number

CERIAS TR 2003-52

Entry type

article

Abstract

We design and evaluate a simple and scalable system to verify quality of service (QoS) in a differentiated services domain. The system uses a distributed edge-to-edge monitoring approach with measurement agents collecting information about delays, losses and throughput, and reporting to a service level agreement monitor (SLAM). The SLAM detects potential service violations, bandwidth theft, denial of service attacks, and flags the need to re-dimension the network domain or limit its users. Measurements may be performed entirely edge-to-edge, or the core routers may participate in logging packet drop information. We compare the core-assisted and edge-to-edge schemes, and we extend network tomography-based loss inference mechanisms to cope with different drop precedences in a QoS network. We also develop a load-based service monitoring scheme which probes the appropriate edge routers for loss and throughput on demand. Simulation results indicate that the system detects attacks with reasonable accuracy, and is useful for damage control in both QoS-enabled and best effort network domains.

Download

PDF

Date

2003

URL

http://www.cs.purdue.edu/resea ... eports/2001/TR 01-022.pdf

Journal

Elsevier Science Journal of Computer Communications

Key alpha

Bhargava

Number

Pages

861-871

Volume

Publication Date

2003-01-01

BibTex-formatted data

To refer to this entry, you may select and copy the text below and paste it into your BibTex document. Note that the text may not contain all macros that BibTex supports.

@Article{ Bhargava,
	title = "On Detecting Service Violations and Bandwidth Theft in QoS Network Domains",
	author = "A Habib, S Fahmy, S Avasarala, V Prabhakar, B Bhargava",
	year = "2003",
	journal = "Elsevier Science Journal of Computer Communications",
	number = "8",
	pages = "861-871",
	volume = "26",
	abstract = "We design and evaluate a simple and scalable system to verify quality of service (QoS) in a differentiated services domain. The system uses a distributed edge-to-edge monitoring approach with measurement agents collecting information about delays, losses and throughput, and reporting to a service level agreement monitor (SLAM). The SLAM detects potential service violations, bandwidth theft, denial of service attacks, and flags the need to re-dimension the network domain or limit its users. Measurements may be performed entirely edge-to-edge, or the core routers may participate in logging packet drop information. We compare the core-assisted and edge-to-edge schemes, and we extend network tomography-based loss inference mechanisms to cope with different drop precedences in a QoS network. We also develop a load-based service monitoring scheme which probes the appropriate edge routers for loss and throughput on demand. Simulation results indicate that the system detects attacks with reasonable accuracy, and is useful for damage control in both QoS-enabled and best effort network domains. ",
	url = "http://www.cs.purdue.edu/research/technical_reports/2001/TR 01-022.pdf",
}