In this paper we present a family of algorithms that address the problem of counting the number of distinct header patterns (flows) seen on a high speed link. Such counting can be used to detect DoS attacks and port scans, and to solve measurement problems. The central difficulty is that count processing must be done within a packet arrival time (8 nsec at OC-768 speeds) and, hence, must require only a small number of memory references to limited, fast memory. A naive solution that maintains a hash table requires several Mbytes because the number of flows can be more than a million. By contrast, our new algorithms take very little memory and are fast. The reduction in memory is particularly important for applications that run multiple concu...
Most network intrusion tools (e.g., Bro) use per-flow state to reassemble TCP connections and fragme...
Many networking and security applications can benefit from exact detection of large flows over arbit...
In order to provide high quality network management, traffic scheduling and network security, we nee...
In this paper we present a family of algorithms that address the problem of counting the number of d...
In this paper we address the problem of counting the number of distinct header patterns (flows) seen...
While the number of concurrent flows passing through backbone routers is large (more than 250,000), ...
Accurate network traffic measurement is required for accounting, bandwidth provisioning and detectin...
Abstract. This paper presents a novel approach that can simultane-ously detect, classify, calibrate ...
Many attacks that threaten service providers and legitimate users are anomalous behaviors out of spe...
This book presents several compact and fast methods for online traffic measurement of big network da...
Knowing the distribution of the sizes of traffic flows passing through a network link helps a networ...
The network system usually falls into the complexity of preventing the real time anomalies in the cr...
Detecting Heavy Hitter (HH) flows, i.e., flows exceeding a pre-determined threshold in a time window...
Reliably tracking large network flows in order to determine so-called elephant flows, also known as ...
In this paper, we present the design and implementation of a new approach for anomaly detection and ...
Most network intrusion tools (e.g., Bro) use per-flow state to reassemble TCP connections and fragme...
Many networking and security applications can benefit from exact detection of large flows over arbit...
In order to provide high quality network management, traffic scheduling and network security, we nee...
In this paper we present a family of algorithms that address the problem of counting the number of d...
In this paper we address the problem of counting the number of distinct header patterns (flows) seen...
While the number of concurrent flows passing through backbone routers is large (more than 250,000), ...
Accurate network traffic measurement is required for accounting, bandwidth provisioning and detectin...
Abstract. This paper presents a novel approach that can simultane-ously detect, classify, calibrate ...
Many attacks that threaten service providers and legitimate users are anomalous behaviors out of spe...
This book presents several compact and fast methods for online traffic measurement of big network da...
Knowing the distribution of the sizes of traffic flows passing through a network link helps a networ...
The network system usually falls into the complexity of preventing the real time anomalies in the cr...
Detecting Heavy Hitter (HH) flows, i.e., flows exceeding a pre-determined threshold in a time window...
Reliably tracking large network flows in order to determine so-called elephant flows, also known as ...
In this paper, we present the design and implementation of a new approach for anomaly detection and ...
Most network intrusion tools (e.g., Bro) use per-flow state to reassemble TCP connections and fragme...
Many networking and security applications can benefit from exact detection of large flows over arbit...
In order to provide high quality network management, traffic scheduling and network security, we nee...