Entropy Based Flow Aggregation

Yan Hu, Dah-Ming Chiu and John C. S. Lui

View Related Documents

Book Chapter
Dependency Detection Using a Fuzzy Engine
Dimitrios Dechouniotis, Xenofontas Dimitropoulos, Andreas Kind and Spyros Denazis
Lecture Notes in Computer Science, 2007, Volume 4785, Managing Virtualization of Networks and Services, Pages 110-121
- Download PDF (232.0 KB)
Book Chapter
Browser Fingerprinting from Coarse Traffic Summaries: Techniques and Implications
Ting-Fang Yen, Xin Huang, Fabian Monrose and Michael K. Reiter
Lecture Notes in Computer Science, 2009, Volume 5587, Detection of Intrusions and Malware, and Vulnerability Assessment, Pages 157-175
- Download PDF (333.7 KB)
Book Chapter
Finding Peer-to-Peer File-Sharing Using Coarse Network Behaviors
Michael P. Collins and Michael K. Reiter
Lecture Notes in Computer Science, 2006, Volume 4189, Computer Security – ESORICS 2006, Pages 1-17
- Download PDF (533.7 KB)
Book Chapter
Design of a Stream-Based IP Flow Record Query Language
Vladislav Marinov and Jürgen Schönwälder
Lecture Notes in Computer Science, 2009, Volume 5841, Integrated Management of Systems, Services, Processes and People in IT, Pages 15-28
- Download PDF (365.4 KB)
Book Chapter
Design of an IP Flow Record Query Language
Vladislav Marinov and Jürgen Schönwälder
Lecture Notes in Computer Science, 2008, Volume 5127, Resilient Networks and Services, Pages 205-210
- Download PDF (103.1 KB)
Book Chapter
High-Speed Intrusion Detection in Support of Critical Infrastructure Protection
Salvatore D’Antonio, Francesco Oliviero and Roberto Setola
Lecture Notes in Computer Science, 2006, Volume 4347, Critical Information Infrastructures Security, Pages 222-234
- Download PDF (364.5 KB)
Book Chapter
Anticipatory Distributed Packet Filter Configuration for Carrier-Grade IP-Networks
Birger Toedtmann and Erwin P. Rathgeb
Lecture Notes in Computer Science, 2006, Volume 3976, NETWORKING 2006. Networking Technologies, Services, and Protocols; Performance of Computer and Communication Networks; Mobile and Wireless Communications Systems, Pages 928-941
- Download PDF (462.4 KB)
Book Chapter
Effective DDoS Attacks Detection Using Generalized Entropy Metric
Ke Li, Wanlei Zhou, Shui Yu and Bo Dai
Lecture Notes in Computer Science, 2009, Volume 5574, Algorithms and Architectures for Parallel Processing, Pages 266-280
- Download PDF (532.7 KB)
Book Chapter
On the Benefit of Caching Traffic Flow Data in the Link Buffer
Konstantin Septinus, Christian Grimm, Vladislav Rumyantsev and Peter Pirsch
Lecture Notes in Computer Science, 2008, Volume 5114, Embedded Computer Systems: Architectures, Modeling, and Simulation, Pages 2-11
- Download PDF (454.6 KB)
Book Chapter
Trust-Based Classifier Combination for Network Anomaly Detection
Martin rehák, Michal pěchouček, Martin Grill and Karel Bartos
Lecture Notes in Computer Science, 2008, Volume 5180, Cooperative Information Agents XII, Pages 116-130
- Download PDF (509.5 KB)

Abstract

Flow measurement evolved into the primary method for measuring the composition of Internet traffic. Cisco’s NetFlow is a widely deployed flow measurement solution that uses a configurable static sampling rate to control processor and memory usage on the router and the amount of reporting flow records generated. But during flooding attacks the memory and network bandwidth consumed by flow records can increase beyond what is available. In this paper, we propose an entropy based flow aggregation algorithm, which not only alleviates the problem in memory and export bandwidth, but also maximizes the accuracy of legitimate flows. Relying on information-theoretic techniques, the algorithm efficiently identifies the clusters of attack flows in real time and aggregates those large number of short attack flows to a few metaflows. Finally, we evaluate our system using real trace files from the Internet.

Fulltext Preview

Image of the first page of the fulltext document

Frequently asked questions General info on journals and books Send us your feedback Impressum Contact us

SpringerLink

Entropy Based Flow Aggregation

View Related Documents

Abstract

Fulltext Preview