论文信息 - Simple and Adaptive Identification of Superspreaders by Flow Sampling

Simple and Adaptive Identification of Superspreaders by Flow Sampling

Abusive traffic caused by worms is increasing severely in the Internet. In many cases, worm-infected hosts generate a huge number of flows of small size during a short time. To suppress the abusive traffic and prevent worms from spreading, identifying these "superspreaders" as soon as possible and coping with them, e.g, disconnecting them from the network, is important. This paper proposes a simple and adaptive method of identifying superspreaders by flow sampling. By satisfying the given memory size and the requirement for the processing time, the proposed method can adaptively optimize parameters according to changes in traffic patterns.

[1] Li Fan,et al. Summary cache: a scalable wide-area web cache sharing protocol , 2000, TNET.

[2] David Moore,et al. A robust system for accurate real-time summaries of internet traffic , 2005, SIGMETRICS '05.

[3] Tao He,et al. Scalable Double Filter Structure for Port Scan Detection , 2006, 2006 IEEE International Conference on Communications.

[4] M. V. Ramakrishna,et al. A Performance Study of Hashing Functions for Hardware Applications , 1994 .

[5] Dawn Xiaodong Song,et al. New Streaming Algorithms for Fast Detection of Superspreaders , 2005, NDSS.

[6] Burton H. Bloom,et al. Space/time trade-offs in hash coding with allowable errors , 1970, CACM.

[7] Martin Roesch,et al. Snort - Lightweight Intrusion Detection for Networks , 1999 .

[8] Larry Carter,et al. Universal Classes of Hash Functions , 1979, J. Comput. Syst. Sci..

[9] Haoyu Song,et al. Fast hash table lookup using extended bloom filter: an aid to network processing , 2005, SIGCOMM '05.

[10] Tatsuya Mori,et al. Simple and Accurate Identification of High-Rate Flows by Packet Sampling , 2006, Proceedings IEEE INFOCOM 2006. 25TH IEEE International Conference on Computer Communications.