Flexible Network Flow Measurement

Táto diplomová práca sa zaoberá návrhom a implementáciou sondy pre meranie tokov na sieti. Obsahuje teoretický rozbor problematiky merania, popis algoritmov a techník používaných pri meraní na báze tokov. Pri návrhu architektúry sondy je kladený dôraz na efektívnu indexáciu záznamov tokov a flexibilitu záznamu tak, aby bola užívateľovi umožnená parametrizácia merania.This thesis deals with designing the probe used for measuring network flows. It contains theoretical analysis of network measurment topic, description of algorithms and principles used for network flow measurement. Emphasis on the probe architecture lies on efficient indexing algorithm and flow record flexibility, such that user is able to define format of flow record.

Adaptive Flow Aggregation - A New Solution for Robust Flow Monitoring under Security Attacks

Flow-level traffic measurement is required for a wide range of applications including accounting, network planning and security management. A key design challenge is how to gracefully deal with traffic surges that exhaust the resources (memory, export bandwidth or CPU) of the flow monitor. A standard solution is to do sampling (look at one out of every n packets). This is implemented in Cisco's Netflow, a popular platform. Setting the sampling rate according to the normal traffic, however, cannot avoid overrunning available memory for flow records during abnormal situations, such as when there is a DoS attack or other security breaches. Currently available countermeasures have their own problems: (1) reject new flows when the cache is full - some legitimate new flows will not be counted; (2) export not-terminated flows to make room for new ones - this will exhaust the export bandwidth; (3) adapt the sampling rate to traffic rate - this will reduce the overall accuracy of accounting, including legitimate flows