TY - GEN
T1 - Poster
T2 - 12th Conference on Security and Privacy in Wireless and Mobile Networks, WiSec 2019
AU - Jang, Rhongho
AU - Moon, Seongkwang
AU - Noh, Youngtae
AU - Mohaisen, Aziz
AU - Nyang, Daehun
N1 - Funding Information:
In this work, we have developed FlowRegulator for instant flow monitoring. Our approach is different from conventional measurement frameworks by introducing a new notion of very large In-DRAM working set of active flows. Acknowledgement. This work was supported by NRF grant number 2016K1A1A2912757 (Global Research Lab Initiative).
Publisher Copyright:
© 2019 Copyright held by the owner/author(s).
PY - 2019/5/15
Y1 - 2019/5/15
N2 - In the zettabyte era, per-flow measurement becomes more challenging owing to the growth of both traffic volumes and the number of flows. Also, swiftness of detection of anomalies becomes paramount. For fast and accurate anomaly detection, managing an accurate working set of active flows (WSAF) from massive volumes of packet influxes at line rates is a key challenge. WSAF is usually located in a very fast but expensive memory, such as TCAM or SRAM, and thus the number of entries to be stored is quite limited. To cope with the scalability issue of WSAF, we propose to use In- DRAM WSAF with scales, and put a compact data structure called FlowRegulator in front of WSAF to compensate for DRAM's slow access time by substantially reducing massive influxes to WSAF without compromising measurement accuracy. We evaluated our system in a large scale real-world experiment. As one key application, FlowRegulator detected heavy hitters with 99.8% accuracy.
AB - In the zettabyte era, per-flow measurement becomes more challenging owing to the growth of both traffic volumes and the number of flows. Also, swiftness of detection of anomalies becomes paramount. For fast and accurate anomaly detection, managing an accurate working set of active flows (WSAF) from massive volumes of packet influxes at line rates is a key challenge. WSAF is usually located in a very fast but expensive memory, such as TCAM or SRAM, and thus the number of entries to be stored is quite limited. To cope with the scalability issue of WSAF, we propose to use In- DRAM WSAF with scales, and put a compact data structure called FlowRegulator in front of WSAF to compensate for DRAM's slow access time by substantially reducing massive influxes to WSAF without compromising measurement accuracy. We evaluated our system in a large scale real-world experiment. As one key application, FlowRegulator detected heavy hitters with 99.8% accuracy.
KW - Intrusion detection system
KW - Sketch
KW - Traffic measurement
UR - http://www.scopus.com/inward/record.url?scp=85066740064&partnerID=8YFLogxK
U2 - 10.1145/3317549.3326294
DO - 10.1145/3317549.3326294
M3 - Conference contribution
AN - SCOPUS:85066740064
T3 - WiSec 2019 - Proceedings of the 2019 Conference on Security and Privacy in Wireless and Mobile Networks
SP - 286
EP - 287
BT - WiSec 2019 - Proceedings of the 2019 Conference on Security and Privacy in Wireless and Mobile Networks
PB - Association for Computing Machinery, Inc
Y2 - 15 May 2019 through 17 May 2019
ER -