Tsern-Huei Lee

Design of a real-time call admission controller for ATM networks

In this paper, we present a real-time computation algorithm based on the bufferless fluid flow model [Jabbari and Yegenolu, 1992] for call admission control (CAC) on one link of an asynchronous transfer mode (ATM) network with heterogeneous bursty traffic. Cell loss probability is adopted as the measure of quality-of-service (QoS). Our computation algorithm requires a constant memory size and needs only two multiplications and one division to determine whether a connection request can be accepted or not. It is known [Murase et al., 1991], that due to the interference between different types of traffic the individual cell loss probability may not meet the requirement even though the global one does. In this paper, we provide a close upper-bound for individual cell loss probability which can easily be obtained with our computation algorithm. Numerical examples using typical traffic parameters are studied to corroborate the upper-bound. We also compare the performance of the investigated CAC scheme with that of the effective bandwidth technique [Elwalid and Mitra, 1993].

Scalable packet digesting schemes for IP traceback

Identifying the sources of an attack is an important task in the Internet security area. An attack could consist of a large number of packet streams generated by many compromised slaves that consume resources associated with various network elements to deny normal services or a few offending packets to disable a system. Several techniques based on probabilistic samples of transit packets have been developed, to determine the sources of large packet flows. It seems that logging of packet digests is necessary for traceback of an individual packet. A clever technique based on Bloom filters has recently been proposed to generate the audit trails for each individual packet within the network. The scheme is effective. However, the storage requirement is approximately 0.5% of the link capacity, which becomes a problem as link capacity increases. In this paper, we propose packet digesting schemes for flows and sets of packets sharing the same source and destination addresses. Compared with the individual packet digesting scheme, these schemes can achieve similar goals and are much more scalable. Simulations with real Internet traffic show that the storage requirements of our proposed schemes are one to two orders of magnitude lower.

Real time call admission control for ATM networks with heterogeneous bursty traffic

We propose a real time computation algorithm based on the bufferless fluid flow model for call admission control in ATM networks with heterogeneous bursty traffic. Cell loss probability is adopted as the measure of quality of service. Our proposed computation algorithm requires a constant memory size and needs only two multiplications and one division to decide whether a connection request can be accepted or not. It is known that the individual cell loss probability for each type of traffic source may not meet the requirement even though the global one does. We provide a tight upper bound for individual cell loss probability which can be evaluated easily by our proposed computation algorithm. Numerical examples using typical traffic parameters are studied.<<ETX>>

A pattern-matching scheme with high throughput performance and low memory requirement

Pattern-matching techniques have recently been applied to network security applications such as intrusion detection, virus protection, and spam filters. The widely used Aho-Corasick (AC) algorithm can simultaneously match multiple patterns while providing a worst-case performance guarantee. However, as transmission technologies improve, the AC algorithm cannot keep up with transmission speeds in high-speed networks. Moreover, it may require a huge amount of space to store a two-dimensional state transition table when the total length of patterns is large. In this paper, we present a pattern-matching architecture consisting of a stateful pre-filter and an AC-based verification engine. The stateful pre-filter is optimal in the sense that it is equivalent to utilizing all previous query results. In addition, the filter can be easily realized with bitmaps and simple bitwise-AND and shift operations. The size of the two-dimensional state transition table in our proposed architecture is proportional to the number of patterns, as opposed to the total length of patterns in previous designs. Our proposed architecture achieves a significant improvement in both throughput performance and memory usage.

A deterministic packet marking scheme for tracing multiple Internet attackers

Deterministic packet marking (DPM) has recently been proposed as an alternative approach for IP traceback. It requires no extra bandwidth and is backward compatible with Internet equipments that do not implement it. Moreover, service providers can implement it without revealing their internal network topology. Unfortunately, the false positive rate could be very high if multiple hosts use the same source address to attack the victim simultaneously. Even worse, no source is identified if attackers change their source addresses for every packet they send. These two problems can be solved with a modified DPM scheme which we called DPM with address digest (DPM-AD). We found that the false positive rate of the DPM-AD scheme could be much higher than it was claimed when the number of ingress router interfaces is larger than the number of attackers. In this paper, we propose and evaluate the false positive rate of a novel DPM scheme that is much more scalable than the DPM-AD scheme. Our analysis and simulation results show that the proposed DPM scheme can trace 1K simultaneous attackers at a false positive rate less than 0.5% with acceptable reconstruction complexity.

Detection and location for single faults in bitonic sorters

Bitonic sorters have previously been adopted to construct along with banyan networks the switching fabrics of future broadband networks. Unfortunately, a single fault in the bitonic sorter may become a disaster to the switching system. Therefore, a bitonic sorter must be proved to be free of faults before it can be used. The authors present an efficient fault diagnosis procedure to detect and locate single faults in bitonic sorters without state control lines. The diagnosis procedure can detect most single faults in two tests. The faults which cannot be detected in two tests can always be detected in four tests. Several binary search techniques are developed to locate a faulty sorting element (i.e. 2/spl times/2 sorter.).<<ETX>>

Characterization of delay-sensitive traffic

Resource allocation is necessary for a network which guarantees quality of service (QoS). In this paper we first present a definition for a traffic stream to be burstier than another traffic stream. The definition is based on the loss probability of a bufferless multiplexer and thus is appropriate for delay-sensitive traffic which cannot tolerate queueing delay caused by buffering. An optimum quantization algorithm is then derived for source characterization. The optimally quantized version achieves minimum loss rate for all possible allocated bandwidths under the condition that it is burstier than the real traffic. The quantized source is called a pseudosource and can be used by the network for resource allocation. Some numerical examples are studied. Results show that, for a bufferless multiplexer, the allocated bandwidth based on optimally quantized pseudosources is only slightly greater than the minimum bandwidth required to meet the requested QoS.

NISp1-03: Robust and Scalable Deterministic Packet Marking Scheme for IP Traceback

Deterministic packet marking (DPM) has recently been proposed as an alternative approach for IP traceback to identify the ingress router interfaces that receive and forward attack packets. Scalable, simple to implement, and no extra bandwidth required are the major advantages of DPM. Besides, it allows incremental deployment and service providers can implement it without revealing their internal network topology. Several DPM schemes have recently been proposed. Unfortunately, these schemes suffer from either a high false positive rate when there are multiple simultaneous attackers or a high false negative rate when packet loss happens because of congestion. In this paper, we propose and evaluate the false positive and false negative rates of a novel DPM scheme that is much scalable than the previous schemes. In the proposed DPM scheme, we use multiple hash functions to reduce the probability of address digest collision. Our analysis and computer simulations show that the proposed DPM scheme results in much smaller false positive rate than previous schemes. Moreover, by modifying the reconstruction procedure, one can control the false negative rate to combat packet loss with slight increase of false positive rate. With eight different kinds of marks, the expected number of packets required to reconstruct an interface address is only 22.

Identification of fault types for single faults in bitonic sorters

Chou (1994) presented a procedure for detecting and locating single solid logical faults in bitonic sorters. That author showed that it takes at most four tests to detect a single fault and most faults need only two tests to be detected. The present authors provide a procedure for identifying the fault type, assuming the faulty component has been located. In general, in order to identify the fault type, one needs to know whether the faulty sorting element is an up sorting element or a down sorting element as well as the values of erroneous and unidentified outputs. For some sorting element faults, an additional test is required to identify the fault types.

Admission control of traffic-shaped rate monotonic scheduler for bursty sources

The rate monotonic algorithm has been proposed to be used along with traffic shapers to provide quality of service guarantee in ATM networks. Admission criterion and a fast admission control procedure were developed assuming that cell arrivals are periodic. For bursty traffic, this assumption is conservative and may significantly reduce the efficiency of bandwidth utilization. We present an efficient admission criterion for bursty sources. We assume that the traffic generated by each source is regulated with a leaky bucket regulator. Our admission criterion takes into consideration the traffic characteristics. Since the arrival pattern changes in every hop, every network node is required to know how many hops a connection has traversed. We derive the admission criterion for a network (such as the Internet) which allows different users to transmit packets of different lengths. Numerical results show that, compared with the conservative criterion which assumes periodic traffic sources, system utilization could be largely improved.