[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

attacks on trajectory sampling



>Here's a possible solution: instead of making sampling
>decisions of the form
>
>  sample if h(x) in [a,a+r-1]
>
>(where x is the packet, h the hash function, a the
>lower interval boundary, r the range)
>
>we could use instead
>
>  sample if h(x,s) in [0,r-1]
>
>where s is a secret "seed" value, chosen out of a
>possibly large set (this is equivalent, of course, 
>of having a large family h_s(.) of different hash 
>functions).


Excellent!  this makes the specification of hash function
values, (the valuse of s and r) correspond to what an operator
might want to vary.  the seed value provides the secret that     
cannot be know by malicious packet traffic, and the range
parameter provides a throttling mechanism on the amount of
generated sample traffic.  If the range of the hash function
is a 32-bit value, then r/2^32 becomes the ratio of sampled
traffic to all traffic (assuming smooth distribution).
This method of parameterizing the hash function is clear
and intuitive.  Way to go!

		Rae McLellan


--
to unsubscribe send a message to psamp-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://ops.ietf.org/lists/psamp/>