skip to main content
10.1145/3321408.3326654acmotherconferencesArticle/Chapter ViewAbstractPublication Pagesacm-turcConference Proceedingsconference-collections
research-article

Abnormal traffic detection of IoT terminals based on Bloom filter

Authors Info & Claims
Published:17 May 2019Publication History

ABSTRACT

As the size and speed of the network increase, the discovery of abnormal traffic becomes more difficult. It is not only necessary to accurately detect real-time traffic but also to determine the type of abnormality. Therefore, in view of the requirement for network anomaly discovery, this paper proposes a Bloom Filter (BF) based abnormal traffic detection framework. This framework could retrieve information from real-time data accurately under low time complexity. This article mainly analyzes two kinds of abnormal traffic (port scanning traffic and TCP flooding traffic). For port scanning traffic, with BF structure the framework could retrieve what ports this stream has accessed. If there is too much traffic on different ports, an abnormality could be determined. For the TCP flooding traffic, the Count Bloom Filter (CBF) is used to count the number of packets with similar length in each type of stream for a period of time. If a higher proportion of packets with similar length has been detected, an abnormality has a strong probability. Finally, the paper analyzes the proposed abnormal traffic detection framework in the real environment. The experiment finds that there is less false positive for normal traffic and it can correctly identify the above two abnormal traffic.

References

  1. Perera, C., Chi, H. L., & Jayawardena, S. (2017). The emerging internet of things marketplace from an industrial perspective: a survey. IEEE Transactions on Emerging Topics in Computing, 3(4), 585--598. Google ScholarGoogle ScholarCross RefCross Ref
  2. Perera, C., Chi, H. L., Jayawardena, S., & Min, C. (2017). A survey on internet of things from industrial market perspective. IEEE Access, 2, 1660--1679.Google ScholarGoogle ScholarCross RefCross Ref
  3. Islam, N., & Islam, N. (2017). Botnets and internet of things security. Computer, 50(2), 76--79. Google ScholarGoogle ScholarDigital LibraryDigital Library
  4. Xin, Y., Mo, X., Wang, C., & Xin, Y. (2017). Research on Real-Time Flow Abnormal Traffic Detection System Based on DDoS Attack.Google ScholarGoogle Scholar
  5. Marnerides, A. K., Schaeffer-Filho, A., & Mauthe, A. (2014). Traffic anomaly diagnosis in internet backbone networks: a survey. Computer Networks, 73(C), 224--243. Google ScholarGoogle ScholarDigital LibraryDigital Library
  6. Chen, M., Chen, S., & Cai, Z. . (2017). Counter tree: a scalable counter architecture for per-flow traffic measurement. IEEE/ACM Transactions on Networking, PP(99), 1--14. Google ScholarGoogle ScholarDigital LibraryDigital Library
  7. Geng, T., Wang, Z., Xia, Y., Chen, J., Shi, X., & Chao, Z., et al. (2017). CEFF: An efficient approach for traffic anomaly detection and classification. Computers & Communications.Google ScholarGoogle Scholar
  8. Denning, D. E. (2006). An intrusion-detection model. IEEE Transactions on Software Engineering, SE-13(2), 222--232. Google ScholarGoogle ScholarDigital LibraryDigital Library
  9. Cheng G, Gong J, Ding W. (2003). A real-time detection model based on sampling measurement in a high-speed network. Journal of Software, 14(3), 594--599.Google ScholarGoogle Scholar
  10. Wei, Y., & Jun, Z. . (2017). Network traffic anomaly detection based on time series analysis. Journal of Jilin University.Google ScholarGoogle Scholar
  11. Barbhuiya, F. A., Roopa, S., Ratti, R., Biswas, S., & Nandi, S. (2012). An active detection mechanism for detecting icmp based attacks.Google ScholarGoogle ScholarDigital LibraryDigital Library
  12. Barford, P., Kline, J., Plonka, D., & Ron, A. (2002). A signal analysis of network traffic anomalies. Proc Acm Sigcomm Internet Measurement Workshop. Google ScholarGoogle ScholarDigital LibraryDigital Library
  13. Nurohman, H., Purwanto, Y., & Hafidudin. (2015). Traffic anomaly based detection: Anomaly detection by self-similar analysis. International Conference on Control.Google ScholarGoogle ScholarCross RefCross Ref
  14. Zhang, Z., He, Q., Jing, G., & Ming, N. (2018). A deep learning approach for detecting traffic accidents from social media data. Transportation Research Part C Emerging Technologies, 86, 580--596.Google ScholarGoogle ScholarCross RefCross Ref
  15. Zou, M., Wang, C., Li, F., & Song, W. Z. (2018). Network phenotyping for network traffic classification and anomaly detection.Google ScholarGoogle ScholarCross RefCross Ref
  16. Kong, L., Huang, G., & Wu, K. (2017). Identification of Abnormal Network Traffic Using Support Vector Machine. International Conference on Parallel & Distributed Computing.Google ScholarGoogle Scholar
  17. Yan, G. (2017). Network Anomaly Traffic Detection Method Based on Support Vector Machine. International Conference on Smart City & Systems Engineering.Google ScholarGoogle Scholar
  18. Ciptaningtyas, H. T. . (2017). Network Traffic Anomaly Prediction Using Artificial Neural Network. International Conference on Education. 5th International Conference on Education, Concept, and Application of Green Technology.Google ScholarGoogle Scholar
  19. Peng, X., Li, Z., Qi, H., Qu, W., & Yu, H. (2017). An Efficient DDoS Detection with Bloom Filter in SDN. Trustcom/bigdatase/ispa.Google ScholarGoogle Scholar
  20. Kumar, A., Xu, J., Li, L., & Jia, W. (2003). Space-code bloom filter for efficient traffic flow measurement. Acm Sigcomm Conference on Internet Measurement. Google ScholarGoogle ScholarDigital LibraryDigital Library
  21. Shang, G., Zhe, P., Bin, X., & Yubo, S. . (2016). Secure and energy efficient prefetching design for smartphones. IEEE International Conference on Communications. IEEE.Google ScholarGoogle ScholarCross RefCross Ref
  22. Shang, G., Zhe, P., Bin, X., Aiqun, H., & Kui, R. . (2017). Flood Defender: Protecting data and control plane resources under SDN-aimed DoS attacks. IEEE INFOCOM 2017 - IEEE Conference on Computer Communications. IEEE.Google ScholarGoogle ScholarCross RefCross Ref
  23. Xue, N. M., Wang, N. J., & Hux, N. A. . (2016). An enhanced classification-based golden chips-free hardware Trojan detection technique. 2016 IEEE Asian Hardware-Oriented Security and Trust (AsianHOST). IEEE Computer Society.Google ScholarGoogle Scholar
  24. Jiang, Y., Hu, A., & Huang, J.. (2018). A lightweight physical-layer based security strategy for internet of things. Cluster Computing.Google ScholarGoogle Scholar
  25. Benson, T., & Chandrasekaran, B. (2017). Sounding the bell for improving internet (of things) security.Google ScholarGoogle ScholarDigital LibraryDigital Library
  26. Andoh-Baidoo, F. K., & Osei-Bryson, K. M. (2007). Exploring the characteristics of internet security breaches that impact the market value of breached firms. Expert Systems with Applications, 32(3), 703--725. Google ScholarGoogle ScholarDigital LibraryDigital Library
  27. Saez, M., Maturana, F. P., Barton, K., & Tilbury, D. M. (2018). Real-time manufacturing machine and system performance monitoring using internet of things. IEEE Transactions on Automation Science & Engineering, PP(99), 1--14.Google ScholarGoogle ScholarCross RefCross Ref
  28. Abhishta, Joosten, R., & Nieuwenhuis, L. J. M. (2018). Comparing alternatives to measure the impact of ddos attack announcements on target stock prices.Google ScholarGoogle Scholar
  1. Abnormal traffic detection of IoT terminals based on Bloom filter

    Recommendations

    Comments

    Login options

    Check if you have access through your login credentials or your institution to get full access on this article.

    Sign in
    • Published in

      cover image ACM Other conferences
      ACM TURC '19: Proceedings of the ACM Turing Celebration Conference - China
      May 2019
      963 pages
      ISBN:9781450371582
      DOI:10.1145/3321408

      Copyright © 2019 ACM

      Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

      Publisher

      Association for Computing Machinery

      New York, NY, United States

      Publication History

      • Published: 17 May 2019

      Permissions

      Request permissions about this article.

      Request Permissions

      Check for updates

      Qualifiers

      • research-article

    PDF Format

    View or Download as a PDF file.

    PDF

    eReader

    View online with eReader.

    eReader