Poster: A cost-effective anomaly detection system using in-DRAM working set of active flows table

Rhongho Jang; Seongkwang Moon; Youngtae Noh; Aziz Mohaisen; Daehun Nyang

doi:10.1145/3317549.3326294

Poster: A cost-effective anomaly detection system using in-DRAM working set of active flows table

Rhongho Jang, Seongkwang Moon, Youngtae Noh, Aziz Mohaisen, Daehun Nyang

Department of Cyber Security

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

Abstract

In the zettabyte era, per-flow measurement becomes more challenging owing to the growth of both traffic volumes and the number of flows. Also, swiftness of detection of anomalies becomes paramount. For fast and accurate anomaly detection, managing an accurate working set of active flows (WSAF) from massive volumes of packet influxes at line rates is a key challenge. WSAF is usually located in a very fast but expensive memory, such as TCAM or SRAM, and thus the number of entries to be stored is quite limited. To cope with the scalability issue of WSAF, we propose to use In- DRAM WSAF with scales, and put a compact data structure called FlowRegulator in front of WSAF to compensate for DRAM's slow access time by substantially reducing massive influxes to WSAF without compromising measurement accuracy. We evaluated our system in a large scale real-world experiment. As one key application, FlowRegulator detected heavy hitters with 99.8% accuracy.

Original language	English
Title of host publication	WiSec 2019 - Proceedings of the 2019 Conference on Security and Privacy in Wireless and Mobile Networks
Publisher	Association for Computing Machinery, Inc
Pages	286-287
Number of pages	2
ISBN (Electronic)	9781450367264
DOIs	https://doi.org/10.1145/3317549.3326294
State	Published - 15 May 2019
Event	12th Conference on Security and Privacy in Wireless and Mobile Networks, WiSec 2019 - Miami, United States Duration: 15 May 2019 → 17 May 2019

Publication series

Name	WiSec 2019 - Proceedings of the 2019 Conference on Security and Privacy in Wireless and Mobile Networks

Conference

Conference	12th Conference on Security and Privacy in Wireless and Mobile Networks, WiSec 2019
Country/Territory	United States
City	Miami
Period	15/05/19 → 17/05/19

Bibliographical note

Funding Information:
In this work, we have developed FlowRegulator for instant flow monitoring. Our approach is different from conventional measurement frameworks by introducing a new notion of very large In-DRAM working set of active flows. Acknowledgement. This work was supported by NRF grant number 2016K1A1A2912757 (Global Research Lab Initiative).

Publisher Copyright:
© 2019 Copyright held by the owner/author(s).

Keywords

Intrusion detection system
Sketch
Traffic measurement

Access to Document

10.1145/3317549.3326294

Cite this

Jang, R., Moon, S., Noh, Y., Mohaisen, A., & Nyang, D. (2019). Poster: A cost-effective anomaly detection system using in-DRAM working set of active flows table. In WiSec 2019 - Proceedings of the 2019 Conference on Security and Privacy in Wireless and Mobile Networks (pp. 286-287). (WiSec 2019 - Proceedings of the 2019 Conference on Security and Privacy in Wireless and Mobile Networks). Association for Computing Machinery, Inc. https://doi.org/10.1145/3317549.3326294

Jang, Rhongho ; Moon, Seongkwang ; Noh, Youngtae et al. / Poster : A cost-effective anomaly detection system using in-DRAM working set of active flows table. WiSec 2019 - Proceedings of the 2019 Conference on Security and Privacy in Wireless and Mobile Networks. Association for Computing Machinery, Inc, 2019. pp. 286-287 (WiSec 2019 - Proceedings of the 2019 Conference on Security and Privacy in Wireless and Mobile Networks).

@inproceedings{c7ac7ce5093846558f5b3654adc7b246,

title = "Poster: A cost-effective anomaly detection system using in-DRAM working set of active flows table",

abstract = "In the zettabyte era, per-flow measurement becomes more challenging owing to the growth of both traffic volumes and the number of flows. Also, swiftness of detection of anomalies becomes paramount. For fast and accurate anomaly detection, managing an accurate working set of active flows (WSAF) from massive volumes of packet influxes at line rates is a key challenge. WSAF is usually located in a very fast but expensive memory, such as TCAM or SRAM, and thus the number of entries to be stored is quite limited. To cope with the scalability issue of WSAF, we propose to use In- DRAM WSAF with scales, and put a compact data structure called FlowRegulator in front of WSAF to compensate for DRAM's slow access time by substantially reducing massive influxes to WSAF without compromising measurement accuracy. We evaluated our system in a large scale real-world experiment. As one key application, FlowRegulator detected heavy hitters with 99.8% accuracy.",

keywords = "Intrusion detection system, Sketch, Traffic measurement",

author = "Rhongho Jang and Seongkwang Moon and Youngtae Noh and Aziz Mohaisen and Daehun Nyang",

note = "Funding Information: In this work, we have developed FlowRegulator for instant flow monitoring. Our approach is different from conventional measurement frameworks by introducing a new notion of very large In-DRAM working set of active flows. Acknowledgement. This work was supported by NRF grant number 2016K1A1A2912757 (Global Research Lab Initiative). Publisher Copyright: {\textcopyright} 2019 Copyright held by the owner/author(s).; 12th Conference on Security and Privacy in Wireless and Mobile Networks, WiSec 2019 ; Conference date: 15-05-2019 Through 17-05-2019",

year = "2019",

month = may,

day = "15",

doi = "10.1145/3317549.3326294",

language = "English",

series = "WiSec 2019 - Proceedings of the 2019 Conference on Security and Privacy in Wireless and Mobile Networks",

publisher = "Association for Computing Machinery, Inc",

pages = "286--287",

booktitle = "WiSec 2019 - Proceedings of the 2019 Conference on Security and Privacy in Wireless and Mobile Networks",

}

Jang, R, Moon, S, Noh, Y, Mohaisen, A & Nyang, D 2019, Poster: A cost-effective anomaly detection system using in-DRAM working set of active flows table. in WiSec 2019 - Proceedings of the 2019 Conference on Security and Privacy in Wireless and Mobile Networks. WiSec 2019 - Proceedings of the 2019 Conference on Security and Privacy in Wireless and Mobile Networks, Association for Computing Machinery, Inc, pp. 286-287, 12th Conference on Security and Privacy in Wireless and Mobile Networks, WiSec 2019, Miami, United States, 15/05/19. https://doi.org/10.1145/3317549.3326294

Poster: A cost-effective anomaly detection system using in-DRAM working set of active flows table. / Jang, Rhongho; Moon, Seongkwang; Noh, Youngtae et al.
WiSec 2019 - Proceedings of the 2019 Conference on Security and Privacy in Wireless and Mobile Networks. Association for Computing Machinery, Inc, 2019. p. 286-287 (WiSec 2019 - Proceedings of the 2019 Conference on Security and Privacy in Wireless and Mobile Networks).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

TY - GEN

T1 - Poster

T2 - 12th Conference on Security and Privacy in Wireless and Mobile Networks, WiSec 2019

AU - Jang, Rhongho

AU - Moon, Seongkwang

AU - Noh, Youngtae

AU - Mohaisen, Aziz

AU - Nyang, Daehun

N1 - Funding Information: In this work, we have developed FlowRegulator for instant flow monitoring. Our approach is different from conventional measurement frameworks by introducing a new notion of very large In-DRAM working set of active flows. Acknowledgement. This work was supported by NRF grant number 2016K1A1A2912757 (Global Research Lab Initiative). Publisher Copyright: © 2019 Copyright held by the owner/author(s).

PY - 2019/5/15

Y1 - 2019/5/15

N2 - In the zettabyte era, per-flow measurement becomes more challenging owing to the growth of both traffic volumes and the number of flows. Also, swiftness of detection of anomalies becomes paramount. For fast and accurate anomaly detection, managing an accurate working set of active flows (WSAF) from massive volumes of packet influxes at line rates is a key challenge. WSAF is usually located in a very fast but expensive memory, such as TCAM or SRAM, and thus the number of entries to be stored is quite limited. To cope with the scalability issue of WSAF, we propose to use In- DRAM WSAF with scales, and put a compact data structure called FlowRegulator in front of WSAF to compensate for DRAM's slow access time by substantially reducing massive influxes to WSAF without compromising measurement accuracy. We evaluated our system in a large scale real-world experiment. As one key application, FlowRegulator detected heavy hitters with 99.8% accuracy.

AB - In the zettabyte era, per-flow measurement becomes more challenging owing to the growth of both traffic volumes and the number of flows. Also, swiftness of detection of anomalies becomes paramount. For fast and accurate anomaly detection, managing an accurate working set of active flows (WSAF) from massive volumes of packet influxes at line rates is a key challenge. WSAF is usually located in a very fast but expensive memory, such as TCAM or SRAM, and thus the number of entries to be stored is quite limited. To cope with the scalability issue of WSAF, we propose to use In- DRAM WSAF with scales, and put a compact data structure called FlowRegulator in front of WSAF to compensate for DRAM's slow access time by substantially reducing massive influxes to WSAF without compromising measurement accuracy. We evaluated our system in a large scale real-world experiment. As one key application, FlowRegulator detected heavy hitters with 99.8% accuracy.

KW - Intrusion detection system

KW - Sketch

KW - Traffic measurement

UR - http://www.scopus.com/inward/record.url?scp=85066740064&partnerID=8YFLogxK

U2 - 10.1145/3317549.3326294

DO - 10.1145/3317549.3326294

M3 - Conference contribution

AN - SCOPUS:85066740064

T3 - WiSec 2019 - Proceedings of the 2019 Conference on Security and Privacy in Wireless and Mobile Networks

SP - 286

EP - 287

BT - WiSec 2019 - Proceedings of the 2019 Conference on Security and Privacy in Wireless and Mobile Networks

PB - Association for Computing Machinery, Inc

Y2 - 15 May 2019 through 17 May 2019

ER -

Jang R, Moon S, Noh Y, Mohaisen A, Nyang D. Poster: A cost-effective anomaly detection system using in-DRAM working set of active flows table. In WiSec 2019 - Proceedings of the 2019 Conference on Security and Privacy in Wireless and Mobile Networks. Association for Computing Machinery, Inc. 2019. p. 286-287. (WiSec 2019 - Proceedings of the 2019 Conference on Security and Privacy in Wireless and Mobile Networks). doi: 10.1145/3317549.3326294

Poster: A cost-effective anomaly detection system using in-DRAM working set of active flows table

Abstract

Publication series

Conference

Bibliographical note

Keywords

Access to Document

Fingerprint

Cite this