Abstract
Flow measurement evolved into the primary method for measuring the composition of Internet traffic. Cisco’s NetFlow is a widely deployed flow measurement solution that uses a configurable static sampling rate to control processor and memory usage on the router and the amount of reporting flow records generated. But during flooding attacks the memory and network bandwidth consumed by flow records can increase beyond what is available. In this paper, we propose an entropy based flow aggregation algorithm, which not only alleviates the problem in memory and export bandwidth, but also maximizes the accuracy of legitimate flows. Relying on information-theoretic techniques, the algorithm efficiently identifies the clusters of attack flows in real time and aggregates those large number of short attack flows to a few metaflows. Finally, we evaluate our system using real trace files from the Internet.
Chapter PDF
Similar content being viewed by others
Keywords
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.
References
http://www.cisco.com/warp/public/732/Tech/nmp/netflow/index.shtml
Estan, C., Keys, K., Moore, D., Varghese, G.: Building a better netflow. In: Proc. SIGCOMM 2004 (2004)
Hu, Y., Chiu, D.M., Lui, J.: Adaptive flow aggregation - a new solution for robust flow monitoring under security attacks. In: Proc. NOMS 2006 (2006)
Hu, Y., Chiu, D.M., Lui, J.: Entropy based flow aggregation: Tech. report (2006), http://personal.ie.cuhk.edu.hk/~yhu4/paper/entropy_tech.pdf
Estan, C., Varghese, G., Fisk, M.: Bitmap algorithms for counting active flows on high speed links. In: Proc. IMC 2003 (2003)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2006 IFIP International Federation for Information Processing
About this paper
Cite this paper
Hu, Y., Chiu, DM., Lui, J.C.S. (2006). Entropy Based Flow Aggregation. In: Boavida, F., Plagemann, T., Stiller, B., Westphal, C., Monteiro, E. (eds) NETWORKING 2006. Networking Technologies, Services, and Protocols; Performance of Computer and Communication Networks; Mobile and Wireless Communications Systems. NETWORKING 2006. Lecture Notes in Computer Science, vol 3976. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11753810_109
Download citation
DOI: https://doi.org/10.1007/11753810_109
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-34192-5
Online ISBN: 978-3-540-34193-2
eBook Packages: Computer ScienceComputer Science (R0)