{"title":"网络流量行为分析引擎","authors":"M. Faezipour, M. Nourani, Sateesh Addepalli","doi":"10.1109/CCNC.2010.5421828","DOIUrl":null,"url":null,"abstract":"Network intrusion detection systems continuously monitor the network traffic in order to identify any traces of suspicious activities such as worm, viruses or spam. One attractive technique for identifying potential Internet threats is detecting previously unknown, but common sub-strings that appear very frequently in data packets. In this paper, we propose a novel architectural platform that thoroughly analyzes the network traffic behavior in terms of repetitions to identify potential Internet threats. The main idea is to use a two-phase hashing system and small memory units functioning in parallel to achieve a high-throughput and memory efficient behavioral analysis engine. The system performs behavioral analysis on selected information/user(s) and builds a bell-shaped curve for normal traffic using parallel counters. Our traffic behavioral analysis system has been fully prototyped on Altera Stratix FPGA. Experimental results verify that our system can support line speed of gigabit-rates with very negligible false positive and negative rates.","PeriodicalId":172400,"journal":{"name":"2010 7th IEEE Consumer Communications and Networking Conference","volume":"22 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2010-01-09","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"3","resultStr":"{\"title\":\"A Behavioral Analysis Engine for Network Traffic\",\"authors\":\"M. Faezipour, M. Nourani, Sateesh Addepalli\",\"doi\":\"10.1109/CCNC.2010.5421828\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Network intrusion detection systems continuously monitor the network traffic in order to identify any traces of suspicious activities such as worm, viruses or spam. One attractive technique for identifying potential Internet threats is detecting previously unknown, but common sub-strings that appear very frequently in data packets. In this paper, we propose a novel architectural platform that thoroughly analyzes the network traffic behavior in terms of repetitions to identify potential Internet threats. The main idea is to use a two-phase hashing system and small memory units functioning in parallel to achieve a high-throughput and memory efficient behavioral analysis engine. The system performs behavioral analysis on selected information/user(s) and builds a bell-shaped curve for normal traffic using parallel counters. Our traffic behavioral analysis system has been fully prototyped on Altera Stratix FPGA. Experimental results verify that our system can support line speed of gigabit-rates with very negligible false positive and negative rates.\",\"PeriodicalId\":172400,\"journal\":{\"name\":\"2010 7th IEEE Consumer Communications and Networking Conference\",\"volume\":\"22 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2010-01-09\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"3\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2010 7th IEEE Consumer Communications and Networking Conference\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/CCNC.2010.5421828\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2010 7th IEEE Consumer Communications and Networking Conference","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/CCNC.2010.5421828","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Network intrusion detection systems continuously monitor the network traffic in order to identify any traces of suspicious activities such as worm, viruses or spam. One attractive technique for identifying potential Internet threats is detecting previously unknown, but common sub-strings that appear very frequently in data packets. In this paper, we propose a novel architectural platform that thoroughly analyzes the network traffic behavior in terms of repetitions to identify potential Internet threats. The main idea is to use a two-phase hashing system and small memory units functioning in parallel to achieve a high-throughput and memory efficient behavioral analysis engine. The system performs behavioral analysis on selected information/user(s) and builds a bell-shaped curve for normal traffic using parallel counters. Our traffic behavioral analysis system has been fully prototyped on Altera Stratix FPGA. Experimental results verify that our system can support line speed of gigabit-rates with very negligible false positive and negative rates.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
