{"title":"使用联想记忆的重型不同击球手的快速算法","authors":"Nagender Bandi, D. Agrawal, A. E. Abbadi","doi":"10.1109/ICDCS.2007.110","DOIUrl":null,"url":null,"abstract":"Real-time detection of worm attacks, port scans and distributed denial of service (DDoS) attacks, as network packets belonging to these security attacks flow through a network router, is of paramount importance. In a typical worm attack, a worm infected host tries to spread the worm by scanning a number of other hosts thus resulting in significant number of network connections at an intermediate router. Detecting such attacks amounts to finding all hosts that are associated with unusually high number of other hosts, which is equivalent to solving the classic heavy distinct hitter problem over data streams. While several heavy distinct hitter solutions have been proposed and evaluated in a standard CPU setting, most of the above applications typically execute on special networking architectures called network processing units (NPUs). These NPUs interface with special associative memories known as the ternary content addressable memories (TCAMs) to provide gigabit rate forwarding at network routers. In this paper, we describe how the integrated architecture of NPU and TCAMs can be exploited to develop high-speed solutions for heavy distinct hitters.","PeriodicalId":170317,"journal":{"name":"27th International Conference on Distributed Computing Systems (ICDCS '07)","volume":"220 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2007-06-25","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"22","resultStr":"{\"title\":\"Fast Algorithms for Heavy Distinct Hitters using Associative Memories\",\"authors\":\"Nagender Bandi, D. Agrawal, A. E. Abbadi\",\"doi\":\"10.1109/ICDCS.2007.110\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Real-time detection of worm attacks, port scans and distributed denial of service (DDoS) attacks, as network packets belonging to these security attacks flow through a network router, is of paramount importance. In a typical worm attack, a worm infected host tries to spread the worm by scanning a number of other hosts thus resulting in significant number of network connections at an intermediate router. Detecting such attacks amounts to finding all hosts that are associated with unusually high number of other hosts, which is equivalent to solving the classic heavy distinct hitter problem over data streams. While several heavy distinct hitter solutions have been proposed and evaluated in a standard CPU setting, most of the above applications typically execute on special networking architectures called network processing units (NPUs). These NPUs interface with special associative memories known as the ternary content addressable memories (TCAMs) to provide gigabit rate forwarding at network routers. In this paper, we describe how the integrated architecture of NPU and TCAMs can be exploited to develop high-speed solutions for heavy distinct hitters.\",\"PeriodicalId\":170317,\"journal\":{\"name\":\"27th International Conference on Distributed Computing Systems (ICDCS '07)\",\"volume\":\"220 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2007-06-25\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"22\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"27th International Conference on Distributed Computing Systems (ICDCS '07)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/ICDCS.2007.110\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"27th International Conference on Distributed Computing Systems (ICDCS '07)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/ICDCS.2007.110","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 22
摘要
蠕虫攻击、端口扫描和DDoS (distributed denial of service,分布式拒绝服务)攻击等安全攻击的网络数据包流经网络路由器,因此对这些攻击的实时检测至关重要。在典型的蠕虫攻击中,受蠕虫感染的主机试图通过扫描许多其他主机来传播蠕虫,从而导致中间路由器上的大量网络连接。检测此类攻击相当于找到与异常多的其他主机相关联的所有主机,这相当于解决数据流中典型的严重不同攻击问题。虽然已经在标准CPU设置中提出并评估了几种不同的重型hit解决方案,但上述大多数应用程序通常在称为网络处理单元(npu)的特殊网络体系结构上执行。这些npu与称为三元内容可寻址存储器(TCAMs)的特殊关联存储器相连接,以在网络路由器上提供千兆速率转发。在本文中,我们描述了如何利用NPU和tcam的集成架构来开发重型不同击打器的高速解决方案。
Fast Algorithms for Heavy Distinct Hitters using Associative Memories
Real-time detection of worm attacks, port scans and distributed denial of service (DDoS) attacks, as network packets belonging to these security attacks flow through a network router, is of paramount importance. In a typical worm attack, a worm infected host tries to spread the worm by scanning a number of other hosts thus resulting in significant number of network connections at an intermediate router. Detecting such attacks amounts to finding all hosts that are associated with unusually high number of other hosts, which is equivalent to solving the classic heavy distinct hitter problem over data streams. While several heavy distinct hitter solutions have been proposed and evaluated in a standard CPU setting, most of the above applications typically execute on special networking architectures called network processing units (NPUs). These NPUs interface with special associative memories known as the ternary content addressable memories (TCAMs) to provide gigabit rate forwarding at network routers. In this paper, we describe how the integrated architecture of NPU and TCAMs can be exploited to develop high-speed solutions for heavy distinct hitters.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
