Please use this identifier to cite or link to this item: https://repository.cihe.edu.hk/jspui/handle/cihe/2378
DC FieldValueLanguage
dc.contributor.authorChiu, Dah Mingen_US
dc.contributor.otherHu, Y.-
dc.contributor.otherLui, J. C. S.-
dc.date.accessioned2022-02-22T05:06:33Z-
dc.date.available2022-02-22T05:06:33Z-
dc.date.issued2006-
dc.identifier.urihttps://repository.cihe.edu.hk/jspui/handle/cihe/2378-
dc.description.abstractFlow-level traffic measurement is required for a wide range of applications including accounting, network planning and security management. A key design challenge is how to gracefully deal with traffic surges that exhaust the resources (memory, export bandwidth or CPU) of the flow monitor. A standard solution is to do sampling (look at one out of every n packets). This is implemented in Cisco’s Netflow, a popular platform. Setting the sampling rate according to the normal traffic, however, cannot avoid overrunning available memory for flow records during abnormal situations, such as when there is a DoS attack or other security breaches. Currently available countermeasures have their own problems: (1) reject new flows when the cache is full - some legitimate new flows will not be counted; (2) export not-terminated flows to make room for new ones - this will exhaust the export bandwidth; (3) adapt the sampling rate to traffic rate - this will reduce the overall accuracy of accounting, including legitimate flows. In this paper, we propose a new counter-measure to deal with abnormal traffic conditions - adaptive flow aggregation. Often the reason for abnormal traffic conditions is due to security attacks. Fortunately, such attacks usually have some common patterns. For example, packets of DoS attacks have the same destination IP address, while traffic for worm spreading has the same source IP address. Our flow monitoring algorithm identifies these traffic clusters in real-time and aggregates these large amount of short flows into a few flows.en_US
dc.language.isoenen_US
dc.publisherIEEEen_US
dc.titleAdaptive flow aggregation - A new solution for robust flow monitoring under security attacksen_US
dc.typeconference proceedingsen_US
dc.relation.publicationProceedings of the 2006 IEEE/IFIP Network Operations and Management Symposium (NOMS)en_US
dc.identifier.doi10.1109/NOMS.2006.1687572-
dc.contributor.affiliationFelizberta Lo Padilla Tong School of Social Sciencesen_US
dc.relation.isbn9781424401420en_US
dc.description.startpage424en_US
dc.description.endpage435en_US
dc.cihe.affiliatedNo-
item.languageiso639-1en-
item.fulltextNo Fulltext-
item.openairetypeconference proceedings-
item.grantfulltextnone-
item.openairecristypehttp://purl.org/coar/resource_type/c_5794-
item.cerifentitytypePublications-
crisitem.author.deptFelizberta Lo Padilla Tong School of Social Sciences-
crisitem.author.orcid0000-0003-0566-5223-
Appears in Collections:SS Publication
SFX Query Show simple item record

Google ScholarTM

Check

Altmetric

Altmetric


Items in DSpace are protected by copyright, with all rights reserved, unless otherwise indicated.