Skip to main content
SpringerLink
Log in

Winnowing Multihashing Structure with Wildcard Query

  • Conference paper
Web Technologies and Applications (APWeb 2014)

Part of the book series: Lecture Notes in Computer Science ((LNISA,volume 8710))

Included in the following conference series:

Abstract

Payload attribution is the process to identify source and destination of packets which appeared in the network and contained certain excerpt. Payload attribution structures process and store corresponding network traffic in order to support identification and analysis afterwards. The work of this paper is based on an existing payload attribution data structure which stores and processes network traffic based on Bloom Filters. We propose a novel data structure called Winnowing Multihashing structure with Wildcard Query (WMWQ). Our methods support wildcard queries efficiently and have higher data reduction ratio as well as lower false positive rate. In addition, we show that the time complexity of querying a WMWQ is shown to be constant in the number of inserted data elements. The proposed methods can be used for network forensics traffic processing in large scale networks and can improve the efficiency of network forensics processing and analysis.

Network Forensics, Payload Attribution, Bloom Filter, Block Structure, False Positive

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Sembiring, I., Istiyanto, J.E., Winarko, E., Ashari, A.: Payload Attribution Using Winnowing Multi Hashing Method. International Journal of Information & Network Security (IJINS) 2(5), 360–370 (2013) ISSN: 2089-3299

    Google Scholar 

  2. Ponec, M., Giura, P., Wein, J., Bronnimann, H.: New Payload Attribution Methods for Network Forensic Investigations. ACM Transactions on Information and System Security 13(2), Article 15 Publication. date: (February 2010)

    Google Scholar 

  3. Haghighat, M.H., Tavakoli, M., Kharrazi, M.: Payload Attribution via Character Dependent Multi-Bloom Filters. IEEE Transactions on Information Forensics and Security 8(5), 705–716 (2013)

    Article  Google Scholar 

  4. Ranum, M.J.: Intrusion Detection and Network Forensics. Technical Report. Report from the Second USENIX symposium on Internet Technologies & Systems (USITS 1999), Boulder, Colorado, USA (1999)

    Google Scholar 

  5. Shanmugasundaram, K., Brönnimann, H., Memon, N.: Payload attribution via hierarchical bloom filters. In: Proc. 11th ACM Conf. Computer and Communications Security, pp. 31–41. ACM (2004)

    Google Scholar 

  6. Wiki. Payload (computing), http://en.wikipedia.org/wiki/Payload_computing (March 15, 2014)

  7. Ponec, M., Giura, P., Brönnimann, H., Wein, J.: Highly efficient techniques for network forensics. In: Proc. 14th ACM Conf. Computer and Communications Security, pp. 150–160. ACM (2007)

    Google Scholar 

  8. Jiao, M.: The concept and theory of Bloom Filter, http://blog.csdn.net/jiaomeng/article/details/1495500.2007-01-27

  9. Snoeren, A.: Hash-based ip traceback. Proc. ACM SIGCOMM Computer Communication Rev. 31(4), 3–14 (2001)

    Article  Google Scholar 

  10. Demir, O., Ji, P., Kim, J.: Session based logging (sbl) for ip-traceback on network forensics. In: Proc. 2006 Int. Conf. Security and Management, pp. 233–239 (2006)

    Google Scholar 

  11. Cho, C., Lee, S., Tan, C., Tan, Y.: Network forensics on packet fingerprints. In: Fischer-Hübner, S., Rannenberg, K., Yngström, L., Lindskog, S. (eds.) Security and Privacy in Dynamic Environments. IFIP AICT, vol. 201, pp. 401–412. Springer US (2006)

    Google Scholar 

  12. Bloom, B.: Space/time tradeoffs in in hash coding with allowable errors. In: CACM, pp. 422–426 (1970)

    Google Scholar 

  13. Broder, A., Mitzenmacher, M.: Network Applications of Bloom Filters: A Survey. Internet Mathematics 1(4), 485–509 (2004)

    Article  MATH  MathSciNet  Google Scholar 

  14. Rabin, M.O.: Fingerprinting by random polynomials. Center for Research in Computing Technology, Harvard University, Report TR-15-81 (1981)

    Google Scholar 

  15. Babcock, B., Datar, M., Motwani, R.: Sampling from a moving window over streaming data. In: Proceedings of 13th Annual ACM-SIAM Symposium on Discrete Algorithms (2002)

    Google Scholar 

  16. Datar, M., Gionis, A., Indyk, P., Motwani, R.: Maintaining stream statistics over sliding windows. In: ACM Symposium on Discrete Algorithms, pp. 635–644 (2001)

    Google Scholar 

  17. Mitzenmacher, M.: Compressed Bloom Filters. IEEE/ACM Transactions on Networking 10(5), 604–612 (2002)

    Article  Google Scholar 

  18. Garfinkel, S.: Network Forensics: Tapping the internet

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. School of Software and Microelectronics, Peking University, Beijing, China

    Yichen Wei & Sihan Qing

  2. Institute of Information Engineering, CAS, Beijing, China

    Yichen Wei, Xu Fei, Xiaojun Chen, Jinqiao Shi & Sihan Qing

Authors
  1. Yichen Wei
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Xu Fei
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Xiaojun Chen
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Jinqiao Shi
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Sihan Qing
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. School of Computer Science, National University of Defense Technology, 410073, Changsha, China

    Weihong Han

  2. School of Information Technology & Electrical Engineering, University of Queensland, 4107, Brisbane, QLD, Australia

    Zi Huang

  3. School of Computer and Communication Engineering, University of Science and Technology Beijing, 100083, Beijing, China

    Changjun Hu

  4. School of Computer Science and Technology, Harbin Institute of Technology, 150006, Harbin, China

    Hongli Zhang

  5. Institute of Information Engineering, Chinese Academy of Sciences, 100864, Beijing, China

    Li Guo

Rights and permissions

Reprints and permissions

Copyright information

© 2014 Springer International Publishing Switzerland

About this paper

Cite this paper

Wei, Y., Fei, X., Chen, X., Shi, J., Qing, S. (2014). Winnowing Multihashing Structure with Wildcard Query. In: Han, W., Huang, Z., Hu, C., Zhang, H., Guo, L. (eds) Web Technologies and Applications. APWeb 2014. Lecture Notes in Computer Science, vol 8710. Springer, Cham. https://doi.org/10.1007/978-3-319-11119-3_25

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-11119-3_25

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-11118-6

  • Online ISBN: 978-3-319-11119-3

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation