• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.28 no.11B
• /
• pp.1038-1049
• /
• 2003

Exactly measuring traffic load is the basis for efficient traffic engineering. However, precise traffic measurement involves inspecting every packet traversing a lint resulting in significant overhead on routers with high-speed links. Sampling techniques are proposed as an alternative way to reduce the measurement overhead. But, since sampling inevitably accompany with error, there should be a way to control, or at least limit, the error for traffic engineering applications to work correctly. In this paper, we address the problem of bounding sampling error within a pre-specified tolerance level. We derive a relationship between the number of samples, the accuracy of estimation and the squared coefficient of variation of packet size distribution. Based on this relationship, we propose an adaptive random sampling technique that determines the minimum sampling probability adaptively according to traffic dynamics. Using real network traffic traces, we show that the proposed adaptive random sampling technique indeed produces the desired accuracy, while also yielding significant reduction in the amount of traffic samples.

• The KIPS Transactions:PartC
• /
• v.11C no.6 s.95
• /
• pp.711-718
• /
• 2004

Packet sampling is the techniques to collect a part of the packets through network and analyze the characteristicsof the traffic for managing the network and keeping security. This paper presents a study on the sampling techniques applied to DDoS traffic and on the characteristics of the sampled traffic to detect DDoS attack efficiently and improve traffic analysis capacity. Three famous sampling techniques are evaluated with different sampling rates on various DDoS traffics. To analyze traffic characteristics, one of the DDoS attack detection method. Traffic Rate Analysis (TRA) is used. Simulation results verify that using sampling techniques preserve the traffic characteristics of DDoS and do not significantly reduce the detection accuracy.

• Smart Media Journal
• /
• v.4 no.4
• /
• pp.24-32
• /
• 2015

Recently, SDN is actively used as datacenter networks and gradually increase its applied areas. Along with this change of networking environment, research of deploying network security systems on SDN becomes highlighted. Especially, systems for detecting network flooding attacks by monitoring every packets through ports of OpenFlow switches have been proposed. However, because of the centralized management of a SDN controller which manage multiple switches, it may be substantial overhead that the attack detection system continuously monitors all the flows. In this paper, a sampling based network flooding attack detection and prevention system is proposed to reduce the overhead of monitoring packets and to achieve reasonable functionality of attack detection and prevention. The proposed system periodically takes sample packets of network flows with the given sampling conditions, analyzes the sampled packets to detect network flooding attacks, and block the attack flows actively by managing the flow entries in OpenFlow switches. As network traffic sampler, sFlow agent is used, and snort, an opensource IDS, is used to detect network flooding attack from the sampled packets. For active prevention of the detected attacks, an OpenDaylight application is developed and applied. The proposed system is evaluated on the local testbed composed with multiple OVSes (Open Virtual Switch), and the performance and overhead of the proposed system under various sampling condition is analyzed.

• KIPS Transactions on Computer and Communication Systems
• /
• v.4 no.1
• /
• pp.15-22
• /
• 2015

Estimating the number of distinct values is really well-known problems in network data measurement and many effective algorithms are suggested. Recent works have built upon technique called Linear Counting to solve the estimation problem for massive sets or spreaders in small memory. Sampling is used to reduce the measurement data, and it is assumed that sampling gives bad effect on the accuracy. In this paper, however, we show that the sampling on multi-set estimation sometimes gives better results for CSE with sampling than for MCSE that examines all the packets without sampling in terms of accuracy and estimation range. To prove this, we presented mathematical analysis, conducted experiment with real data, and compared the results of CSE, MCSE, and CSES.

• Journal of Broadcast Engineering
• /
• v.10 no.3
• /
• pp.340-347
• /
• 2005

This paper presents a polyphase down sampling based multiple description coding applied to H.264 video coding standard. For a given macroblock, a residual macroblock is calculated by motion estimation, and before applying DCT, quantization and entrophy coding of the H.264 coding process, the polyphase down sampling is applied to the residual macroblock to code in four separate descriptions. Experiments were performed for all the 9 test sequences of JVT SVC standardization in various packet loss patterns. Experimental results show that the proposed one gives 0.5 to 5 dB enhancement over an error-concealment based on the slice group map technolgoy.

• Journal of Internet Computing and Services
• /
• v.22 no.2
• /
• pp.11-17
• /
• 2021

Software-defined networking provides a programmable and flexible way to manage the network by separating the control plane from data plane. However, the limited switch memory restricts the number of flow entries in the flow table used to forward packets. This leads to flow table overflow and flow entry reinstallation, which severely degrade the network performance. Therefore, this paper proposes a comprehensive policy for timely eviction of inactive flow entries to optimally maintain flow tables usage. In particular, statistics of user datagram protocol flow entries are periodically sampled to enable the inactive entries to be evicted early. Through traffic-based experiments, we found that the proposed system reduces the number of overflow occurrences and flow entries reinstallation compared to the random and FIFO policies.