Attack monitoring and localization in all-optical networks
The effects of an attack connection can propagate quickly to different parts of a transparent All-Optical Network. Such attacks affect the normal traffic and can either cause service degradation or outright service denial. Quick detection and localization of an attack source can avoid losing large amounts of data in an All-Optical Network. Attack monitors can collect the information from connections and nodes for diagnostic purpose. However, to detect attack sources, it is not necessary to put monitors on all nodes. Since those connections affected by the attack connection would provide valuable information for diagnosis, we show that placing a relatively small number of monitors on a selected set of nodes in a network is sufficient to achieve the required level of performance. However, the monitor placement, routing, and attack diagnosis are challenging problems which need research attention. We, in this paper, first develop our models of crosstalk attack and monitor node. With these models, we prove the necessary and sufficient condition for one-crosstalk-attack diagnosable network. After that, we develop a scalable diagnosis method which can localize the attack connection efficiently with sparse monitor nodes.
This proceeding is published as Wu, Tao, and Arun K. Somani. "Attack monitoring and localization in all-optical networks." In Proceedings of SPIE 4874 (2002): 235-248. DOI: 10.1117/12.475301. Posted with permission.