Poster: A cost-effective anomaly detection system using in-DRAM working set of active flows table

Rhongho Jang, Seongkwang Moon, Youngtae Noh, Aziz Mohaisen, Daehun Nyang

Research output: Chapter in Book/Report/Conference proceedingConference contributionpeer-review

Abstract

In the zettabyte era, per-flow measurement becomes more challenging owing to the growth of both traffic volumes and the number of flows. Also, swiftness of detection of anomalies becomes paramount. For fast and accurate anomaly detection, managing an accurate working set of active flows (WSAF) from massive volumes of packet influxes at line rates is a key challenge. WSAF is usually located in a very fast but expensive memory, such as TCAM or SRAM, and thus the number of entries to be stored is quite limited. To cope with the scalability issue of WSAF, we propose to use In- DRAM WSAF with scales, and put a compact data structure called FlowRegulator in front of WSAF to compensate for DRAM's slow access time by substantially reducing massive influxes to WSAF without compromising measurement accuracy. We evaluated our system in a large scale real-world experiment. As one key application, FlowRegulator detected heavy hitters with 99.8% accuracy.

Original languageEnglish
Title of host publicationWiSec 2019 - Proceedings of the 2019 Conference on Security and Privacy in Wireless and Mobile Networks
PublisherAssociation for Computing Machinery, Inc
Pages286-287
Number of pages2
ISBN (Electronic)9781450367264
DOIs
StatePublished - 15 May 2019
Event12th Conference on Security and Privacy in Wireless and Mobile Networks, WiSec 2019 - Miami, United States
Duration: 15 May 201917 May 2019

Publication series

NameWiSec 2019 - Proceedings of the 2019 Conference on Security and Privacy in Wireless and Mobile Networks

Conference

Conference12th Conference on Security and Privacy in Wireless and Mobile Networks, WiSec 2019
Country/TerritoryUnited States
CityMiami
Period15/05/1917/05/19

Bibliographical note

Funding Information:
In this work, we have developed FlowRegulator for instant flow monitoring. Our approach is different from conventional measurement frameworks by introducing a new notion of very large In-DRAM working set of active flows. Acknowledgement. This work was supported by NRF grant number 2016K1A1A2912757 (Global Research Lab Initiative).

Publisher Copyright:
© 2019 Copyright held by the owner/author(s).

Keywords

  • Intrusion detection system
  • Sketch
  • Traffic measurement

Fingerprint

Dive into the research topics of 'Poster: A cost-effective anomaly detection system using in-DRAM working set of active flows table'. Together they form a unique fingerprint.

Cite this