A TCP Connection Establishment Filter: Symmetric Connection Detection
Whitehead, B.
Chung-Horng Lung
Rabinovitch, P.
Carleton Univ., Ottawa;
This paper appears in: Communications, 2007. ICC '07. IEEE International Conference on
Publication Date: 24-28 June 2007
On page(s): 247-253
Location: Glasgow,
ISBN: 1-4244-0353-7
INSPEC Accession Number: 9874742
Digital Object Identifier: 10.1109/ICC.2007.49
Current Version Published: 2007-08-13
Abstract
Network measurement at 10+Gbps speeds imposes many restrictions on the resource consumption of the measurement application, making any filtering of input data highly desirable. Symmetric connection detection (SCD) is a method of filtering TCP sessions, passing only those sessions which become fully established. SCD can benefit network monitoring applications that are only interested fully established TCP connections by reducing processing requirements. Incomplete connection attempts, such as port scanning attempts, simply waste resources in many applications if they are not filtered. SCD filters out unsuccessful connection attempts using a combination of Bloom filters to track the state of connection establishment for every flow passing through a network device. Unsuccessful flows can be filtered out to a very high degree of accuracy, depending on the size of the Bloom filter and traffic rate, 99.5% is typical. Resource consumption, both memory and CPU is low. The core SCD algorithm is designed to work in high-speed routers, in real-time, and at line speed. Using an upper bound of 32 k bytes of RAM our experimental results indicate 99+% accuracy with 900,000 active flows.
Index
Terms
Available to subscribers and IEEE members.
References
Available to subscribers and IEEE members.
Citing Documents
Available to subscribers and IEEE members.
Cart
