Retour au site du LAAS-CNRS

Abstract

Several studies have considered control theory tools for traffic control in communication networks, as for example the congestion control issue in IP (Internet Protocol) routers. In this paper, we propose to design a linear observer for time-delay systems to address the traffic monitoring issue in TCP/AQM (Transmission Control Protocol/Active Queue Management) networks. Due to several propagation delays and the queueing delay, the set TCP/AQM is modeled as a multiple delayed system of a particular form. Hence, appropriate robust control tools as quadratic separation are adopted to construct a delay dependent observer for TCP flows estimation. Note that, the developed mechanism enables also the anomaly detection issue for a class of DoS (Denial of Service) attacks. At last, simulations via the network simulator NS-2 and an emulation experiment validate the proposed methodology.

Mots-Clés / Keywords

Mots-Clés / Keywords

Abstract

On-line end-to-end Service Level Agreement (SLA) monitoring is of key importance nowadays. For this purpose, past recent researches focused on measuring (when possible) or estimating (most of the times) network QoS or performance parameters. Up to now, attempts to provide accurate techniques for estimating such parameters have failed. In addition, live reporting of the estimated network status requires a huge amount of resources, and lead to unscalable systems. The originality of the contribution presented in this paper, relies on the statement that the accurate estimation of network QoS parameters is absolutely not required in most cases: specifically it is sufficient to be aware of service disruptions, i.e. when the QoS provided by the network collapses. For this purpose, we propose an algorithm for disruption detection of network services. The proposed solution is based on the use of the wellknown Kullback-Leibler Divergence algorithm. More specifically, we work on simple to measure time series, i.e. received interpacket arrival times. In addition of efficiently detecting network QoS disruptions, the algorithm, also drastically reduces the required resources, and the overhead produced by the traffic collection for scalable SLA monitoring systems. The validity of the proposal is verified both in terms of accuracy and consumed resources in a real testbed, using different traffic profiles.

Résumé

De nombreux travaux de recherche ont montré les liens existants entre le contrôle de congestion dans les réseaux de communication et la théorie de la commande en Automatique. Nous présentons dans cet article une méthode pour la synthèse d'un AQM (Active Queue Management) assurant le contrôle de congestion d'un routeur. Le modèle utilisé est une représentation fluide linéarisée du comportement de TCP (Transmission Control Protocol). La synthèse de l'AQM est alors transformée en un problème de commande par retour d'état pour les systèmes à retards. Enfin, un exemple numérique extrait de la littérature et des simulations via le simulateur de réseaux NS-2 complètent notre étude.

Mots-Clés / Keywords

Mots-Clés / Keywords

Abstract

Recent research has shown the link between congestion control in communication networks and feedback control system. In this paper, the design of an active queue management (AQM) which can be viewed as a controller, is considered. Based on a state space representation of a linearized fluid flow model of TCP, the AQM design is converted to a state feedback synthesis problem for time delay systems. Finally, an example extracted from the literature and simulations via a network simulator NS (under cross traffic conditions) support our study.

Abstract

DoS attacks represent a big threat for the Internet. While most of attack detection techniques are based on passive monitoring of traffic, we propose a detection method, HIDDEN, based on active measurements, the objective being to make possible the real-time detection and classification of DoS attacks, without intrusive probing. The originality of our contribution relies on the use of the entropy function computed from probabilities of time series of measured ICMP request/echo delays. However, the evaluation of the method exhibits a dramatic number of false positives. It has then been enriched by the use of the Hausdorff distance on probabilities of time series, which significantly decreases the number of false positives. In addition, a method for discriminating ICMP attacks from others (TCP/UDP attacks) using icmp seq has been added. Experiments for evaluating the effectiveness of the approach have been run on the French operational RENATER network, on which artificial attacks have been generated using TFN2K [14]. Results exhibit that TCP, UDP and ICMP DoS attacks have been accurately detected in less than 1 second.

Abstract

Network experiments are essential for assessing and validating new networking technologies, architectures and protocols. These assessments have long been performed using network simulators. But it clearly appeared that the results got in simulations cannot be reproduced in real environment. Emulators can hardly integrate accurate models of all networking components, end host operating systems and applications what leads to unrealistic simulations very often. Therefore, some work has been issued for developing real experiment platform and network emulators. This paper addresses the motivations that raised the design and development of such an experimental platform at LAAS ⬠laasnetexp ⬠and describes its constituting features and components. It is in particular detailed how experimental conditions can be fully controlled for reproducible and easy to analyze experiments. Last, this paper describes how realistic conditions can be set-up in experiments by using the results of actual Internet and Internet traffic characterization, analysis and modeling. Such information helps to realistically configure emulators as well as define realistic traffic generators. The realism of such experiments is illustrated as a demonstration of the interest of laasnetexp for networking research.

Mots-Clés / Keywords