Paper Abstract and Keywords |
Presentation |
2006-09-15 10:50
Performance Evaluation of Flow Hog Identification Method Noriaki Kamiyama, Tatsuya Mori, Ryoichi Kawahara (NTT) IN2006-66 |
Abstract |
(in Japanese) |
(See Japanese page) |
(in English) |
Worm-infected hosts generate a large number of flows during a short time. We proposed a method identifying hosts that generate many flows, i.e., {\it flow hogs}, using flow sampling. This method consists of a Bloom filter finding a new flow and a host table storing the sampled flow count of each host. We also proposed an optimum memory allocation method for each module to minimize the false negative ratio. To obtain the optimum identification threshold, we need to appropriately estimate the median of flow count for flow hogs. In this paper, we propose a method accurately estimating the median from the host set identified in the previous measurement period. We also show the results of performance comparisons with other methods. |
Keyword |
(in Japanese) |
(See Japanese page) |
(in English) |
abusive traffic / security / worm / identification / / / / |
Reference Info. |
IEICE Tech. Rep., vol. 106, no. 237, IN2006-66, pp. 97-102, Sept. 2006. |
Paper # |
IN2006-66 |
Date of Issue |
2006-09-07 (IN) |
ISSN |
Print edition: ISSN 0913-5685 Online edition: ISSN 2432-6380 |
Copyright and reproduction |
All rights are reserved and no part of this publication may be reproduced or transmitted in any form or by any means, electronic or mechanical, including photocopy, recording, or any information storage and retrieval system, without permission in writing from the publisher. Notwithstanding, instructors are permitted to photocopy isolated articles for noncommercial classroom use without fee. (License No.: 10GA0019/12GB0052/13GB0056/17GB0034/18GB0034) |
Download PDF |
IN2006-66 |
Conference Information |
Committee |
IN NS CS |
Conference Date |
2006-09-14 - 2006-09-15 |
Place (in Japanese) |
(See Japanese page) |
Place (in English) |
|
Topics (in Japanese) |
(See Japanese page) |
Topics (in English) |
VPN, NAT, Network security, DDos, P2P, etc. |
Paper Information |
Registration To |
IN |
Conference Code |
2006-09-IN-NS-CS |
Language |
Japanese |
Title (in Japanese) |
(See Japanese page) |
Sub Title (in Japanese) |
(See Japanese page) |
Title (in English) |
Performance Evaluation of Flow Hog Identification Method |
Sub Title (in English) |
|
Keyword(1) |
abusive traffic |
Keyword(2) |
security |
Keyword(3) |
worm |
Keyword(4) |
identification |
Keyword(5) |
|
Keyword(6) |
|
Keyword(7) |
|
Keyword(8) |
|
1st Author's Name |
Noriaki Kamiyama |
1st Author's Affiliation |
NTT Corporation (NTT) |
2nd Author's Name |
Tatsuya Mori |
2nd Author's Affiliation |
NTT Corporation (NTT) |
3rd Author's Name |
Ryoichi Kawahara |
3rd Author's Affiliation |
NTT Corporation (NTT) |
4th Author's Name |
|
4th Author's Affiliation |
() |
5th Author's Name |
|
5th Author's Affiliation |
() |
6th Author's Name |
|
6th Author's Affiliation |
() |
7th Author's Name |
|
7th Author's Affiliation |
() |
8th Author's Name |
|
8th Author's Affiliation |
() |
9th Author's Name |
|
9th Author's Affiliation |
() |
10th Author's Name |
|
10th Author's Affiliation |
() |
11th Author's Name |
|
11th Author's Affiliation |
() |
12th Author's Name |
|
12th Author's Affiliation |
() |
13th Author's Name |
|
13th Author's Affiliation |
() |
14th Author's Name |
|
14th Author's Affiliation |
() |
15th Author's Name |
|
15th Author's Affiliation |
() |
16th Author's Name |
|
16th Author's Affiliation |
() |
17th Author's Name |
|
17th Author's Affiliation |
() |
18th Author's Name |
|
18th Author's Affiliation |
() |
19th Author's Name |
|
19th Author's Affiliation |
() |
20th Author's Name |
|
20th Author's Affiliation |
() |
Speaker |
Author-1 |
Date Time |
2006-09-15 10:50:00 |
Presentation Time |
20 minutes |
Registration for |
IN |
Paper # |
IN2006-66 |
Volume (vol) |
vol.106 |
Number (no) |
no.237 |
Page |
pp.97-102 |
#Pages |
6 |
Date of Issue |
2006-09-07 (IN) |
|