Sampling-Based Stream Mining for Network Risk Management

Network security is an important issue in maintaining the Internet as an important social infrastructure. Especially, finding excessive consumption of network bandwidth caused by P2P mass flow, finding internet viruses, and finding DDoS attacks are important security issues. Although stream mining techniques seem to be promising techniques for network security, extensive network flow prevents the simple application of such techniques. Since conventional methods require non-realistic memory resources, a mining technique which works well using limited memory is required. This paper proposes a sampling-based mining method to achieve network security. By analyzing the characteristics of the proposed method with real Internet backbone flow data, we show the advantages of the proposed method, i.e. less memory consumption.

[1]  Rajeev Motwani,et al.  Computing Iceberg Queries Efficiently , 1998, VLDB.

[2]  Erik D. Demaine,et al.  Frequency Estimation of Internet Packet Streams with Limited Space , 2002, ESA.

[3]  Masayuki Murata,et al.  Detecting distributed denial-of-service attacks by analyzing TCP SYN packets statistically , 2004, IEEE Global Telecommunications Conference, 2004. GLOBECOM '04..

[4]  Graham Cormode,et al.  What's hot and what's not: tracking most frequent items dynamically , 2003, TODS.

[5]  Rajeev Motwani,et al.  Approximate Frequency Counts over Data Streams , 2012, VLDB.

[6]  Moses Charikar,et al.  Finding frequent items in data streams , 2004, Theor. Comput. Sci..

[7]  Jelena Mirkovic,et al.  Attacking DDoS at the source , 2002, 10th IEEE International Conference on Network Protocols, 2002. Proceedings..

[8]  Erik D. Demaine,et al.  Identifying frequent items in sliding windows over on-line packet streams , 2003, IMC '03.

[9]  Aoying Zhou,et al.  Dynamically maintaining frequent items over a data stream , 2003, CIKM '03.

[10]  Rajeev Raman,et al.  Algorithms — ESA 2002 , 2002, Lecture Notes in Computer Science.