skip to main content
10.1145/3317549.3326294acmconferencesArticle/Chapter ViewAbstractPublication PageswisecConference Proceedingsconference-collections
poster

A cost-effective anomaly detection system using in-DRAM working set of active flows table: poster

Published: 15 May 2019 Publication History

Abstract

In the zettabyte era, per-flow measurement becomes more challenging owing to the growth of both traffic volumes and the number of flows. Also, swiftness of detection of anomalies becomes paramount. For fast and accurate anomaly detection, managing an accurate working set of active flows (WSAF) from massive volumes of packet influxes at line rates is a key challenge. WSAF is usually located in a very fast but expensive memory, such as TCAM or SRAM, and thus the number of entries to be stored is quite limited. To cope with the scalability issue of WSAF, we propose to use In-DRAM WSAF with scales, and put a compact data structure called FlowRegulator in front of WSAF to compensate for DRAM's slow access time by substantially reducing massive influxes to WSAF without compromising measurement accuracy. We evaluated our system in a large scale real-world experiment. As one key application, FlowRegulator detected heavy hitters with 99.8% accuracy.

References

[1]
Q. Huang, X. Jin, P. P. C. Lee, R Li, L. Tang, Y. Chen, and G. Zhang. 2017. SketchVisor: Robust Network Measurement for Software Packet Processing. In Proc. of ACM SIGCOMM. 113--126.
[2]
R. Jang, D. Cho, A. Mohaisen, Y. Noh, and D. Nyang. 2017. Two-level network monitoring and management in WLAN using software-defined networking: poster. In Proc. of ACM WiSec. 279--280.
[3]
R. Jang, D. Cho, Y. Noh, and D. Nyang. 2017. RFlow+: An SDN-based WLAN Monitoring and Management Framework. In Proc. of IEEE INFOCOM. 1--9.
[4]
R. Jang, S. moon, Y. Noh, A. Mohaisen, and D. Nyang. 2019. InstaMeasure: Instant Per-flow Detection Using Large In-DRAM Working Set of Active Flows. In Proc. of IEEE ICDCS.
[5]
D. Nyang and D. Shin. 2016. Recyclable Counter With Confinement for Real-Time Per-Flow Measurement. IEEE/ACM Trans. Netw. 24, 5 (2016), 3191--3203.

Index Terms

  1. A cost-effective anomaly detection system using in-DRAM working set of active flows table: poster

    Recommendations

    Comments

    Information & Contributors

    Information

    Published In

    cover image ACM Conferences
    WiSec '19: Proceedings of the 12th Conference on Security and Privacy in Wireless and Mobile Networks
    May 2019
    359 pages
    ISBN:9781450367264
    DOI:10.1145/3317549
    Permission to make digital or hard copies of part or all of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for third-party components of this work must be honored. For all other uses, contact the Owner/Author.

    Sponsors

    In-Cooperation

    Publisher

    Association for Computing Machinery

    New York, NY, United States

    Publication History

    Published: 15 May 2019

    Check for updates

    Author Tags

    1. intrusion detection system
    2. sketch
    3. traffic measurement

    Qualifiers

    • Poster

    Conference

    WiSec '19
    Sponsor:

    Acceptance Rates

    Overall Acceptance Rate 98 of 338 submissions, 29%

    Contributors

    Other Metrics

    Bibliometrics & Citations

    Bibliometrics

    Article Metrics

    • 0
      Total Citations
    • 71
      Total Downloads
    • Downloads (Last 12 months)3
    • Downloads (Last 6 weeks)0
    Reflects downloads up to 18 Feb 2025

    Other Metrics

    Citations

    View Options

    Login options

    View options

    PDF

    View or Download as a PDF file.

    PDF

    eReader

    View online with eReader.

    eReader

    Figures

    Tables

    Media

    Share

    Share

    Share this Publication link

    Share on social media