Winnowing Multihashing Structure with Wildcard Query

Payload attribution is the process to identify source and destination of packets which appeared in the network and contained certain excerpt. Payload attribution structures process and store corresponding network traffic in order to support identification and analysis afterwards. The work of this paper is based on an existing payload attribution data structure which stores and processes network traffic based on Bloom Filters. We propose a novel data structure called Winnowing Multihashing structure with Wildcard Query (WMWQ). Our methods support wildcard queries efficiently and have higher data reduction ratio as well as lower false positive rate. In addition, we show that the time complexity of querying a WMWQ is shown to be constant in the number of inserted data elements. The proposed methods can be used for network forensics traffic processing in large scale networks and can improve the efficiency of network forensics processing and analysis.

[1]  Andrei Broder,et al.  Network Applications of Bloom Filters: A Survey , 2004, Internet Math..

[2]  Burton H. Bloom,et al.  Space/time trade-offs in hash coding with allowable errors , 1970, CACM.

[3]  Hervé Brönnimann,et al.  New payload attribution methods for network forensic investigations , 2010, TSEC.

[4]  Jazi Eko Istiyanto,et al.  Payload Attribution Using Winnowing Multi Hashing Method , 2013 .

[5]  Piotr Indyk,et al.  Maintaining stream statistics over sliding windows: (extended abstract) , 2002, SODA '02.

[6]  Sin Yeung Lee,et al.  Network Forensics on Packet Fingerprints , 2006, SEC.

[7]  Hervé Brönnimann,et al.  Highly efficient techniques for network forensics , 2007, CCS '07.

[8]  Jinwoo Kim,et al.  Session Based Logging (SBL) for IP-Traceback on Network Forensics , 2006, Security and Management.

[9]  Piotr Indyk,et al.  Maintaining Stream Statistics over Sliding Windows , 2002, SIAM J. Comput..

[10]  Craig Partridge,et al.  Hash-based IP traceback , 2001, SIGCOMM.

[11]  Rajeev Motwani,et al.  Sampling from a moving window over streaming data , 2002, SODA '02.

[12]  Michael Mitzenmacher,et al.  Compressed bloom filters , 2002, TNET.

[13]  Kai Rannenberg,et al.  Security and Privacy in Dynamic Environments , 2006 .

[14]  Mohammad Hashem Haghighat,et al.  Payload Attribution via Character Dependent Multi-Bloom Filters , 2013, IEEE Transactions on Information Forensics and Security.

[15]  Nasir D. Memon,et al.  Payload attribution via hierarchical bloom filters , 2004, CCS '04.