Programmable traffic monitoring method based on active network techniques and application to DDoS detection

As the Internet has become the infrastructure for the global communication, the quality degradation due to network failures and illegal traffic such as DDoS (Distributed Denial of Service) have become a serious problem. In order to solve the problem, a network monitoring system that monitors the traffic of Internet in real time is strongly desired. Traffic monitors that collect the statistics from captured packets play a key roll in the system; however, they are not flexible enough for being used in the rapidly changing Internet. The traditional approach such that a new traffic monitor is developed for a new requirement results in a long turn around time of the development. Therefore, we have proposed a flexible network monitoring system that consists of programmable traffic monitors. Traffic monitors are made programmable by introducing active network techniques; therefore, we call the network monitoring system as the programmable monitor network. This paper describes the implementation of the programmable monitor network and its application to DDoS (Distributed Denial of Service) attack detection.