Measuring cloud service health using NetFlow/IPFIX: the WikiLeaks case

Idilio Drago, R.J. Hofstede, R. Sadre, Anna Sperotto, Aiko Pras

Research output: Contribution to journalArticleAcademicpeer-review

Abstract

The increasing trend of outsourcing services to cloud providers is changing the way computing power is delivered to enterprises and end users. Although cloud services offer several advantages, they also make cloud consumers strongly dependent on providers. Hence, consumers have a vital interest to be immediately informed about any problems in their services. This paper aims at a first step toward a network-based approach to monitor cloud services. We focus on severe problems that affect most services, such as outages or extreme server overload, and propose a method to monitor these problems that relies solely on the traffic exchanged between users and cloud providers. Our proposal is entirely based on NetFlow/IPFIX data and, therefore, explicitly targets high-speed networks. By combining a methodology to reassemble and classify flow records with stochastic estimations, our proposal has the distinct characteristic of being applicable to both sampled and non-sampled data. We validate our proposal and show its applicability using data collected at both the University of Twente and an international backbone during the WikiLeaks Cablegate. Our results show that, in contrast to Anonymous’ claims, the users of the targeted services have been only marginally affected by the attacks.
Original languageUndefined
Pages (from-to)58-88
Number of pages31
JournalJournal of network and systems management
Volume23
Issue number1
DOIs
Publication statusPublished - Jan 2015

Keywords

  • EWI-23673
  • IR-87379
  • METIS-300000

Cite this

@article{2b7dbfa5da63459eb7bd24f28ca7eca6,
title = "Measuring cloud service health using NetFlow/IPFIX: the WikiLeaks case",
abstract = "The increasing trend of outsourcing services to cloud providers is changing the way computing power is delivered to enterprises and end users. Although cloud services offer several advantages, they also make cloud consumers strongly dependent on providers. Hence, consumers have a vital interest to be immediately informed about any problems in their services. This paper aims at a first step toward a network-based approach to monitor cloud services. We focus on severe problems that affect most services, such as outages or extreme server overload, and propose a method to monitor these problems that relies solely on the traffic exchanged between users and cloud providers. Our proposal is entirely based on NetFlow/IPFIX data and, therefore, explicitly targets high-speed networks. By combining a methodology to reassemble and classify flow records with stochastic estimations, our proposal has the distinct characteristic of being applicable to both sampled and non-sampled data. We validate our proposal and show its applicability using data collected at both the University of Twente and an international backbone during the WikiLeaks Cablegate. Our results show that, in contrast to Anonymous’ claims, the users of the targeted services have been only marginally affected by the attacks.",
keywords = "EWI-23673, IR-87379, METIS-300000",
author = "Idilio Drago and R.J. Hofstede and R. Sadre and Anna Sperotto and Aiko Pras",
note = "eemcs-eprint-23673",
year = "2015",
month = "1",
doi = "10.1007/s10922-013-9278-0",
language = "Undefined",
volume = "23",
pages = "58--88",
journal = "Journal of network and systems management",
issn = "1064-7570",
publisher = "Springer",
number = "1",

}

Measuring cloud service health using NetFlow/IPFIX: the WikiLeaks case. / Drago, Idilio; Hofstede, R.J.; Sadre, R.; Sperotto, Anna; Pras, Aiko.

In: Journal of network and systems management, Vol. 23, No. 1, 01.2015, p. 58-88.

Research output: Contribution to journalArticleAcademicpeer-review

TY - JOUR

T1 - Measuring cloud service health using NetFlow/IPFIX: the WikiLeaks case

AU - Drago, Idilio

AU - Hofstede, R.J.

AU - Sadre, R.

AU - Sperotto, Anna

AU - Pras, Aiko

N1 - eemcs-eprint-23673

PY - 2015/1

Y1 - 2015/1

N2 - The increasing trend of outsourcing services to cloud providers is changing the way computing power is delivered to enterprises and end users. Although cloud services offer several advantages, they also make cloud consumers strongly dependent on providers. Hence, consumers have a vital interest to be immediately informed about any problems in their services. This paper aims at a first step toward a network-based approach to monitor cloud services. We focus on severe problems that affect most services, such as outages or extreme server overload, and propose a method to monitor these problems that relies solely on the traffic exchanged between users and cloud providers. Our proposal is entirely based on NetFlow/IPFIX data and, therefore, explicitly targets high-speed networks. By combining a methodology to reassemble and classify flow records with stochastic estimations, our proposal has the distinct characteristic of being applicable to both sampled and non-sampled data. We validate our proposal and show its applicability using data collected at both the University of Twente and an international backbone during the WikiLeaks Cablegate. Our results show that, in contrast to Anonymous’ claims, the users of the targeted services have been only marginally affected by the attacks.

AB - The increasing trend of outsourcing services to cloud providers is changing the way computing power is delivered to enterprises and end users. Although cloud services offer several advantages, they also make cloud consumers strongly dependent on providers. Hence, consumers have a vital interest to be immediately informed about any problems in their services. This paper aims at a first step toward a network-based approach to monitor cloud services. We focus on severe problems that affect most services, such as outages or extreme server overload, and propose a method to monitor these problems that relies solely on the traffic exchanged between users and cloud providers. Our proposal is entirely based on NetFlow/IPFIX data and, therefore, explicitly targets high-speed networks. By combining a methodology to reassemble and classify flow records with stochastic estimations, our proposal has the distinct characteristic of being applicable to both sampled and non-sampled data. We validate our proposal and show its applicability using data collected at both the University of Twente and an international backbone during the WikiLeaks Cablegate. Our results show that, in contrast to Anonymous’ claims, the users of the targeted services have been only marginally affected by the attacks.

KW - EWI-23673

KW - IR-87379

KW - METIS-300000

U2 - 10.1007/s10922-013-9278-0

DO - 10.1007/s10922-013-9278-0

M3 - Article

VL - 23

SP - 58

EP - 88

JO - Journal of network and systems management

JF - Journal of network and systems management

SN - 1064-7570

IS - 1

ER -