基于有效负载的流量快速估计，用于流量监控和网络安全

2005 Symposium on Architectures for Networking and Communications Systems (ANCS) Pub Date : 2005-10-26 DOI:10.1145/1095890.1095920

F. Hao, M. Kodialam, T. V. Lakshman, Hui Zhang, Way Holmdel

{"title":"基于有效负载的流量快速估计，用于流量监控和网络安全","authors":"F. Hao, M. Kodialam, T. V. Lakshman, Hui Zhang, Way Holmdel","doi":"10.1145/1095890.1095920","DOIUrl":null,"url":null,"abstract":"Real-time IP flow estimation has many potential applications in network management, monitoring, security, and traffic engineering. Existing techniques typically rely on flow definitions being constrained as subsets of the fields in packet headers. This makes flow-membership tests relatively inexpensive. In this paper, we consider a more general flow estimation problem that needs complex packet-payload based tests for flow-membership. An example is to estimate traffic with common strings in the payload and detect potential virus signatures for early alarm generation. We develop a fast, memory efficient algorithm for solving this problem as a variant of the longest common subsequence problem. This is done via an application of Rabin fingerprinting in combination with bloom filters. Both analysis and simulation show the effectiveness of the developed method.","PeriodicalId":417086,"journal":{"name":"2005 Symposium on Architectures for Networking and Communications Systems (ANCS)","volume":"1 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2005-10-26","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"14","resultStr":"{\"title\":\"Fast payload-based flow estimation for traffic monitoring and network security\",\"authors\":\"F. Hao, M. Kodialam, T. V. Lakshman, Hui Zhang, Way Holmdel\",\"doi\":\"10.1145/1095890.1095920\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Real-time IP flow estimation has many potential applications in network management, monitoring, security, and traffic engineering. Existing techniques typically rely on flow definitions being constrained as subsets of the fields in packet headers. This makes flow-membership tests relatively inexpensive. In this paper, we consider a more general flow estimation problem that needs complex packet-payload based tests for flow-membership. An example is to estimate traffic with common strings in the payload and detect potential virus signatures for early alarm generation. We develop a fast, memory efficient algorithm for solving this problem as a variant of the longest common subsequence problem. This is done via an application of Rabin fingerprinting in combination with bloom filters. Both analysis and simulation show the effectiveness of the developed method.\",\"PeriodicalId\":417086,\"journal\":{\"name\":\"2005 Symposium on Architectures for Networking and Communications Systems (ANCS)\",\"volume\":\"1 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2005-10-26\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"14\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2005 Symposium on Architectures for Networking and Communications Systems (ANCS)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1145/1095890.1095920\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2005 Symposium on Architectures for Networking and Communications Systems (ANCS)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1145/1095890.1095920","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 14

摘要

实时IP流量估计在网络管理、监控、安全和流量工程中具有许多潜在的应用。现有技术通常依赖于流定义被约束为包头中字段的子集。这使得流成员测试相对便宜。在本文中，我们考虑了一个更一般的流量估计问题，该问题需要复杂的基于数据包负载的流隶属性测试。一个例子是估计负载中具有公共字符串的流量，并检测潜在的病毒签名，以便早期生成警报。我们开发了一种快速，内存高效的算法来解决这个问题，作为最长公共子序列问题的一个变体。这是通过Rabin指纹识别与bloom过滤器相结合的应用程序完成的。分析和仿真结果表明了该方法的有效性。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

Fast payload-based flow estimation for traffic monitoring and network security

Real-time IP flow estimation has many potential applications in network management, monitoring, security, and traffic engineering. Existing techniques typically rely on flow definitions being constrained as subsets of the fields in packet headers. This makes flow-membership tests relatively inexpensive. In this paper, we consider a more general flow estimation problem that needs complex packet-payload based tests for flow-membership. An example is to estimate traffic with common strings in the payload and detect potential virus signatures for early alarm generation. We develop a fast, memory efficient algorithm for solving this problem as a variant of the longest common subsequence problem. This is done via an application of Rabin fingerprinting in combination with bloom filters. Both analysis and simulation show the effectiveness of the developed method.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

2005 Symposium on Architectures for Networking and Communications Systems (ANCS)

自引率

0.00%

发文量