论文信息 - A Detecting Superpoint Algorithm on Multiple Sampling Technology

A Detecting Superpoint Algorithm on Multiple Sampling Technology

Super points are sources or destinations that connect to a larger number of distinct destinations or sources during a measurement time interval. High-speed monitoring of super points is a challenging problem with application to real-time attack detection using a limited memory space. In this paper, we propose a method for detecting super points, and prove guarantees on their accuracy and memory requirements. Our method is based on sampling and data streaming, and sampling technique can probabilistically assure to sample only large-flow sources or destinations. Data streaming technique sets an IP bitmap and flow bitmap to judge an existed IP. Our method are both theoretically and experimentally more efficient than previous approaches.

Gong Jian | Cheng Guang

[1] David Plonka,et al. FlowScan: A Network Traffic Flow Reporting and Visualization Tool , 2000, LISA.

[2] Tatsuya Mori,et al. Simple and Adaptive Identification of Superspreaders by Flow Sampling , 2007, IEEE INFOCOM 2007 - 26th IEEE International Conference on Computer Communications.

[3] Abhishek Kumar,et al. Joint data streaming and sampling techniques for detection of super sources and destinations , 2005, IMC '05.

[4] Dawn Xiaodong Song,et al. New Streaming Algorithms for Fast Detection of Superspreaders , 2005, NDSS.

[5] Martin Roesch,et al. Snort - Lightweight Intrusion Detection for Networks , 1999 .