Article

Simple and Adaptive Identification of Superspreaders by Flow Sampling

Authors:

N. Kamiyama,

T. Mori,

R. KawaharaAuthors Info & Claims

Proceedings of the IEEE INFOCOM 2007 - 26th IEEE International Conference on Computer Communications

Pages 2481 - 2485

https://doi.org/10.1109/INFCOM.2007.305

Published: 01 May 2007 Publication History

Abstract

Abusive traffic caused by worms is increasing severely in the Internet. In many cases, worm-infected hosts generate a huge number of flows of small size during a short time. To suppress the abusive traffic and prevent worms from spreading, identifying these "superspreaders" as soon as possible and coping with them, e.g, disconnecting them from the network, is important. This paper proposes a simple and adaptive method of identifying superspreaders by flow sampling. By satisfying the given memory size and the requirement for the processing time, the proposed method can adaptively optimize parameters according to changes in traffic patterns.

References

[1]

M. Roesch, Snort - lightweight intrusion detection for networks, Systems Administration Conference, USENIX, 1999.

Digital Library

Google Scholar

[2]

B. H. Bloom, Space/Time Trade-offs in Hash Coding with Allowable Errors, Communications of the ACM, 13(7), 1970.

Digital Library

Google Scholar

[3]

K. Keys, D. Moore, C. Estan, A Robust System for Accurate Real-time Summaries of Internet Traffic, ACM SIGMETRICS2005.

Digital Library

Google Scholar

[4]

S. Venkataraman, D. Song, P. B. Gibbons, and A. Blum, New Streaming Algorithms for Fast Detection of Supersuperspreaders, ISOC NDSS2005.

Google Scholar

[5]

S. Kong, T. He, X. Shao, and X. Li, Scalable Double Filter Structure for Port Scan Detection, IEEE ICC2006.

Google Scholar

[6]

H. Song, S. Dharmapurikar, J. Turner, and J. Lockwood, Fast Hash Table Lookup Using BF: An Aid to Network Processing, ACM SIGCOMM2005.

Digital Library

Google Scholar

[7]

N. Kamiyama and T. Mori, Simple and Accurate Identification of High-Rate Flows by Packet Sampling, IEEE INFOCOM2006.

Google Scholar

[8]

L. Carter and M. Wegman, Universal classes of hashing functions, J. of Computer and System Sciences, 18(2), 1979.

Google Scholar

[9]

M. V. Ramakrishna, E. Fu, and E. Bahcekapili, A performance study of hashing functions for hardware applications, Int. Conf. on Computing and Information, pp.1621-1636, 1994.

Google Scholar

[10]

NLANR, http://pma.nlanr.net/Special/ipls3.html

Google Scholar

[11]

L. Fan, P. Cao, J. Almeida, and A. Z. Broder, Summary Cache: A Scalable Wide-Area Web Cache Sharing Protocol,. IEEE/ACM Trans. on Networking, 8, 3, 2000.

Digital Library

Google Scholar

[12]

Xilinx Inc., http://www.xilinx.com

Google Scholar

Cited By

View all

Wang H(2024)Enhancing Accuracy for Super Spreader Identification in High-Speed Data StreamsProceedings of the VLDB Endowment10.14778/3681954.368198817:11(3124-3137)Online publication date: 30-Aug-2024
https://doi.org/10.14778/3681954.3681988
Wang HMelissourgos DMa CChen S(2023)Real-time Spread Burst Detection in Data StreamingProceedings of the ACM on Measurement and Analysis of Computing Systems10.1145/35899797:2(1-31)Online publication date: 22-May-2023
https://dl.acm.org/doi/10.1145/3589979
Zheng HTian CYang TLin HLiu CZhang ZDou WChen GKuipers FOrda A(2022)FlyMonProceedings of the ACM SIGCOMM 2022 Conference10.1145/3544216.3544239(486-502)Online publication date: 22-Aug-2022
https://dl.acm.org/doi/10.1145/3544216.3544239
Show More Cited By

Recommendations

A control flow graph-based signature for packer identification
MILCOM 2017 - 2017 IEEE Military Communications Conference (MILCOM)
The large number of malicious files that are produced daily outpaces the current capacity of malware analysis and detection. For example, Intel Security Labs reported that during the second quarter of 2016, their system found more than 40M of new malware [...
Simple security using flow data
WOCC'09: Proceedings of the 18th international conference on Wireless and Optical Communications Conference

Malware attacks cause billions of dollars in economic damage worldwide yearly, and attackers are becoming smarter. We examine techniques for detecting worm propagation in a network using flow-level data. While worm exploits may be difficult to detect ...
Boosting the scalability of botnet detection using adaptive traffic sampling
ASIACCS '11: Proceedings of the 6th ACM Symposium on Information, Computer and Communications Security

Botnets pose a serious threat to the health of the Internet. Most current network-based botnet detection systems require deep packet inspection (DPI) to detect bots. Because DPI is a computational costly process, such detection systems cannot handle ...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

Proceedings of the IEEE INFOCOM 2007 - 26th IEEE International Conference on Computer Communications

May 2007

2599 pages

ISBN:1424410479

Publisher

IEEE Computer Society

United States

Publication History

Published: 01 May 2007

Qualifiers

Article

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

7
Total Citations
View Citations
0
Total Downloads

Downloads (Last 12 months)0
Downloads (Last 6 weeks)0

Reflects downloads up to 27 Nov 2024

Other Metrics

View Author Metrics

Citations

Cited By

View all

Wang H(2024)Enhancing Accuracy for Super Spreader Identification in High-Speed Data StreamsProceedings of the VLDB Endowment10.14778/3681954.368198817:11(3124-3137)Online publication date: 30-Aug-2024
https://doi.org/10.14778/3681954.3681988
Wang HMelissourgos DMa CChen S(2023)Real-time Spread Burst Detection in Data StreamingProceedings of the ACM on Measurement and Analysis of Computing Systems10.1145/35899797:2(1-31)Online publication date: 22-May-2023
https://dl.acm.org/doi/10.1145/3589979
Zheng HTian CYang TLin HLiu CZhang ZDou WChen GKuipers FOrda A(2022)FlyMonProceedings of the ACM SIGCOMM 2022 Conference10.1145/3544216.3544239(486-502)Online publication date: 22-Aug-2022
https://dl.acm.org/doi/10.1145/3544216.3544239
Wang JLiu WZheng LLi ZLiu Z(2019)A novel algorithm for detecting superpoints based on reversible virtual bitmapsJournal of Information Security and Applications10.1016/j.jisa.2019.10240349:COnline publication date: 1-Dec-2019
https://dl.acm.org/doi/10.1016/j.jisa.2019.102403
Aqil AKhalil KAtya APapalexakis EKrishnamurthy SJaeger TRamakrishnan KYu PSwami A(2017)JaalProceedings of the 13th International Conference on emerging Networking EXperiments and Technologies10.1145/3143361.3143399(134-146)Online publication date: 28-Nov-2017
https://dl.acm.org/doi/10.1145/3143361.3143399
Wellem TLi GLai YPrasanna VBrebner GKeslassy I(2014)Superspreader detection system on NetFPGA platformProceedings of the tenth ACM/IEEE symposium on Architectures for networking and communications systems10.1145/2658260.2661766(247-248)Online publication date: 20-Oct-2014
https://dl.acm.org/doi/10.1145/2658260.2661766
Ding QKatenka NBarford PKolaczyk ECrovella MYang QAgarwal DPei J(2012)Intrusion as (anti)social communicationProceedings of the 18th ACM SIGKDD international conference on Knowledge discovery and data mining10.1145/2339530.2339670(886-894)Online publication date: 12-Aug-2012
https://dl.acm.org/doi/10.1145/2339530.2339670
Locher TMeyer auf der Heide FRajaraman R(2011)Finding heavy distinct hitters in data streamsProceedings of the twenty-third annual ACM symposium on Parallelism in algorithms and architectures10.1145/1989493.1989541(299-308)Online publication date: 4-Jun-2011
https://dl.acm.org/doi/10.1145/1989493.1989541

View Options

View options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Abstract

References

Cited By

Recommendations

A control flow graph-based signature for packer identification

Simple security using flow data

Boosting the scalability of botnet detection using adaptive traffic sampling

Comments

Information

Published In

Publisher

Publication History

Qualifiers

Contributors

Other Metrics

Bibliometrics

Article Metrics

Other Metrics

Citations

Cited By

View options

Login options

Full Access

Figures

Other

Share

Share this Publication link

Share on social media

Affiliations