Abstract
In the zettabyte era, per-flow measurement becomes more challenging owing to the growth of both traffic volumes and the number of flows. Also, swiftness of detection of anomalies becomes paramount. For fast and accurate anomaly detection, managing an accurate working set of active flows (WSAF) from massive volumes of packet influxes at line rates is a key challenge. WSAF is usually located in a very fast but expensive memory, such as TCAM or SRAM, and thus the number of entries to be stored is quite limited. To cope with the scalability issue of WSAF, we propose to use In- DRAM WSAF with scales, and put a compact data structure called FlowRegulator in front of WSAF to compensate for DRAM's slow access time by substantially reducing massive influxes to WSAF without compromising measurement accuracy. We evaluated our system in a large scale real-world experiment. As one key application, FlowRegulator detected heavy hitters with 99.8% accuracy.
Original language | English |
---|---|
Title of host publication | WiSec 2019 - Proceedings of the 2019 Conference on Security and Privacy in Wireless and Mobile Networks |
Publisher | Association for Computing Machinery, Inc |
Pages | 286-287 |
Number of pages | 2 |
ISBN (Electronic) | 9781450367264 |
DOIs | |
State | Published - 15 May 2019 |
Event | 12th Conference on Security and Privacy in Wireless and Mobile Networks, WiSec 2019 - Miami, United States Duration: 15 May 2019 → 17 May 2019 |
Publication series
Name | WiSec 2019 - Proceedings of the 2019 Conference on Security and Privacy in Wireless and Mobile Networks |
---|
Conference
Conference | 12th Conference on Security and Privacy in Wireless and Mobile Networks, WiSec 2019 |
---|---|
Country/Territory | United States |
City | Miami |
Period | 15/05/19 → 17/05/19 |
Bibliographical note
Funding Information:In this work, we have developed FlowRegulator for instant flow monitoring. Our approach is different from conventional measurement frameworks by introducing a new notion of very large In-DRAM working set of active flows. Acknowledgement. This work was supported by NRF grant number 2016K1A1A2912757 (Global Research Lab Initiative).
Publisher Copyright:
© 2019 Copyright held by the owner/author(s).
Keywords
- Intrusion detection system
- Sketch
- Traffic measurement