Lead University: Carnegie Mellon University
PI:  Vyas Sekar, Electrical and Computer Engineering

Network management requires accurate estimates of metrics for traffic engineering (e.g., heavy hitters), anomaly detection (e.g., entropy of source addresses), and security (e.g., DDoS detection). Obtaining accurate estimates given router CPU and memory constraints is a challenging problem. Existing approaches fall in one of two undesirable extremes: (1) low fidelity general-purpose approaches such as sampling, or (2) high fidelity but complex algorithms customized to specific application-level metrics. Ideally, a solution should be both general (i.e., supports many applications) and pro- vide accuracy comparable to custom algorithms. This proposal will culminate in the design and implementation of a framework for network monitoring which leverages recent theoretical advances and demonstrates that it is possible to achieve both generality and high accuracy. The solution called Universal Monitoring (UnivMon) uses an application-agnostic monitoring primitive that runs on routers and dedicated packet monitoring appliances. Different (and possibly unforeseen) estimation algorithms run in a programmable network control platform, and use the statistics from the data plane to compute application-level metrics. The goal of the project will be to develop a proof-of-concept implementation of UnivMon using emerging software-programmable network router platforms and develop simple coordination techniques to provide a whole system-wide approach for network monitoring. We will demonstrate the application of this approach in the context of large-scale Distributed Denial of Service Detection. We will evaluate the effectiveness of UnivMon using a range of trace-driven evaluations and show that it offers comparable (and better) accuracy relative to custom sketching solutions. We will investigate the viability and performance of this approach using hardware platforms and programmable support offered by our PA industrial partner Netronome.