This paper presents a mechanism for detecting flooding-attacks. The simplicity of the mechanism lies in its statelessness and low computation overhead, which makes the detection mechanism itself immune to flooding-att...This paper presents a mechanism for detecting flooding-attacks. The simplicity of the mechanism lies in its statelessness and low computation overhead, which makes the detection mechanism itself immune to flooding-attacks. The SYN-flooding, as an instance of flooding-attack, is used to illustrate the anomaly detection mechanism. The mechanism applies an exponentially weighted moving average (EWMA) method to detect the abrupt net flow and applies a symmetry analysis method to detect the anomaly activity of the network flow. Experiment shows that the mechanism has high detection accuracy and low detection latency.展开更多
In this paper, we present Real-Time Flow Filter (RTFF) -a system that adopts a middle ground between coarse-grained volume anomaly detection and deep packet inspection. RTFF was designed with the goal of scaling to hi...In this paper, we present Real-Time Flow Filter (RTFF) -a system that adopts a middle ground between coarse-grained volume anomaly detection and deep packet inspection. RTFF was designed with the goal of scaling to high volume data feeds that are common in large Tier-1 ISP networks and providing rich, timely information on observed attacks. It is a software solution that is designed to run on off-the-shelf hardware platforms and incorporates a scalable data processing architecture along with lightweight analysis algorithms that make it suitable for deployment in large networks. RTFF also makes use of state of the art machine learning algorithms to construct attack models that can be used to detect as well as predict attacks.展开更多
基金TheNationalHighTechnologyResearchandDevelopmentProgramofChina(863Program) (No .2 0 0 2AA14 5 0 90 )
文摘This paper presents a mechanism for detecting flooding-attacks. The simplicity of the mechanism lies in its statelessness and low computation overhead, which makes the detection mechanism itself immune to flooding-attacks. The SYN-flooding, as an instance of flooding-attack, is used to illustrate the anomaly detection mechanism. The mechanism applies an exponentially weighted moving average (EWMA) method to detect the abrupt net flow and applies a symmetry analysis method to detect the anomaly activity of the network flow. Experiment shows that the mechanism has high detection accuracy and low detection latency.
文摘In this paper, we present Real-Time Flow Filter (RTFF) -a system that adopts a middle ground between coarse-grained volume anomaly detection and deep packet inspection. RTFF was designed with the goal of scaling to high volume data feeds that are common in large Tier-1 ISP networks and providing rich, timely information on observed attacks. It is a software solution that is designed to run on off-the-shelf hardware platforms and incorporates a scalable data processing architecture along with lightweight analysis algorithms that make it suitable for deployment in large networks. RTFF also makes use of state of the art machine learning algorithms to construct attack models that can be used to detect as well as predict attacks.
