TY - GEN
T1 - A topological analysis of monitor placement
AU - Jackson, Alden W.
AU - Milliken, Walter
AU - Santiváñez, César A.
AU - Condell, Matthew
AU - Strayer, W. Timothy
PY - 2007
Y1 - 2007
N2 - The Internet is an extremely complex system, and it is essential that we be able to make accurate measurements in order to understand its underlying behavior or to detect improper behavior (e.g., attacks). The reality, however, is that it is impractical to fully instrument anything but relatively small networks and impossible to even partially instrument many parts of the Internet. This paper analyzes a subset of the general monitor placement problem where the goal is to maximize the coverage of the entire universe of potential communication pairs (i.e., source and destination are randomly distributed in the mutable Internet address space). This issue arises, for example, when trying to detect/track a distributed attack. We present results from a simulation, seeded with data from skitter and RouteViews, that indicate we can monitor a packet with a high probability by monitoring relatively few points in the Internet. Our analysis suggests that the preferred strategy to place monitors should be to instrument one or two specific inter-AS links per AS for manyASes rather than deeply instrumenting a subset of the largest ASes.
AB - The Internet is an extremely complex system, and it is essential that we be able to make accurate measurements in order to understand its underlying behavior or to detect improper behavior (e.g., attacks). The reality, however, is that it is impractical to fully instrument anything but relatively small networks and impossible to even partially instrument many parts of the Internet. This paper analyzes a subset of the general monitor placement problem where the goal is to maximize the coverage of the entire universe of potential communication pairs (i.e., source and destination are randomly distributed in the mutable Internet address space). This issue arises, for example, when trying to detect/track a distributed attack. We present results from a simulation, seeded with data from skitter and RouteViews, that indicate we can monitor a packet with a high probability by monitoring relatively few points in the Internet. Our analysis suggests that the preferred strategy to place monitors should be to instrument one or two specific inter-AS links per AS for manyASes rather than deeply instrumenting a subset of the largest ASes.
UR - http://www.scopus.com/inward/record.url?scp=46749123526&partnerID=8YFLogxK
U2 - 10.1109/NCA.2007.3
DO - 10.1109/NCA.2007.3
M3 - Conference contribution
AN - SCOPUS:46749123526
SN - 0769529224
SN - 9780769529226
T3 - Proceedings - 6th IEEE International Symposium on Network Computing and Applications, NCA 2007
SP - 169
EP - 176
BT - Proceedings - 6th IEEE International Symposium on Network Computing and Applications, NCA 2007
T2 - 6th IEEE International Symposium on Network Computing and Applications, NCA 2007
Y2 - 12 July 2007 through 14 July 2007
ER -