MIND: A Distributed Multi-Dimensional Indexing System for Network Diagnosis
Detecting coordinated attacks on Internet resources requires a distributed network monitoring infrastructure. Such an infrastructure will have two logically distinct elements: distributed monitors that continuously collect traffic information, and a distributed query system that allows network operators to efficiently correlate information from different monitors in order to detect anomalous traffic patterns. In this paper, the authors discuss the design and implementation of MIND, a distributed index management system that supports the creation and querying of multiple distributed indices. They validate MIND using traffic traces from two large backbone networks, then examine the performance of a MIND prototype on more than 100 PlanetLab machines.