This paper presents a family of bitmap algorithms that ad-dress the problem of counting the number of distinct header patterns (flows) seen on a high speed link. Such counting can be used to detect DoS attacks and port scans, and to solve measurement problems. Counting is especially hard when processing must be done within a packet arrival time (8 nsec at OC-768 speeds) and, hence, must require only a small number of accesses to limited, fast memory. A naive solution that maintains a hash table requires several Mbytes because the number of flows can be above a million. By contrast, our new probabilistic algorithms take very little memory and are fast. The reduction in memory is particu-larly important for applications that run multiple conc...
Accurate network traffic measurement is required for accounting, bandwidth provisioning and detectin...
Port scans are continuously used by both worms and human attackers to probe for vulnerabilities in I...
In order to provide high quality network management, traffic scheduling and network security, we nee...
In this paper we present a family of algorithms that address the problem of counting the number of d...
In this paper we address the problem of counting the number of distinct header patterns (flows) seen...
While the number of concurrent flows passing through backbone routers is large (more than 250,000), ...
Abstract. This paper presents a novel approach that can simultane-ously detect, classify, calibrate ...
Knowing the distribution of the sizes of traffic flows passing through a network link helps a networ...
Many attacks that threaten service providers and legitimate users are anomalous behaviors out of spe...
Frequently, port scans are early indicators of more serious attacks. Unfortunately, the detection of...
Frequently, port scans are early indicators of more serious attacks. Unfortunately, the detection of...
Detecting Heavy Hitter (HH) flows, i.e., flows exceeding a pre-determined threshold in a time window...
This book presents several compact and fast methods for online traffic measurement of big network da...
In this paper, we present the design and implementation of a new approach for anomaly detection and ...
The network system usually falls into the complexity of preventing the real time anomalies in the cr...
Accurate network traffic measurement is required for accounting, bandwidth provisioning and detectin...
Port scans are continuously used by both worms and human attackers to probe for vulnerabilities in I...
In order to provide high quality network management, traffic scheduling and network security, we nee...
In this paper we present a family of algorithms that address the problem of counting the number of d...
In this paper we address the problem of counting the number of distinct header patterns (flows) seen...
While the number of concurrent flows passing through backbone routers is large (more than 250,000), ...
Abstract. This paper presents a novel approach that can simultane-ously detect, classify, calibrate ...
Knowing the distribution of the sizes of traffic flows passing through a network link helps a networ...
Many attacks that threaten service providers and legitimate users are anomalous behaviors out of spe...
Frequently, port scans are early indicators of more serious attacks. Unfortunately, the detection of...
Frequently, port scans are early indicators of more serious attacks. Unfortunately, the detection of...
Detecting Heavy Hitter (HH) flows, i.e., flows exceeding a pre-determined threshold in a time window...
This book presents several compact and fast methods for online traffic measurement of big network da...
In this paper, we present the design and implementation of a new approach for anomaly detection and ...
The network system usually falls into the complexity of preventing the real time anomalies in the cr...
Accurate network traffic measurement is required for accounting, bandwidth provisioning and detectin...
Port scans are continuously used by both worms and human attackers to probe for vulnerabilities in I...
In order to provide high quality network management, traffic scheduling and network security, we nee...