Managing high volume data for network attack detection using real-time flow filtering

Author

Ghosh, A. ; Gottlieb, Y.M. ; Naidu, Abhilasha ; Vashist, Akshay ; Poylisher, Alex ; Kubota, Ayumu ; Sawaya, Y. ; Yamada, Akimasa

Author_Institution

Appl. Commun. Sci., Basking Ridge, NY, USA

Volume

10

Issue

3

fYear

2013

fDate

Mar-13

Firstpage

56

Lastpage

66

Abstract

In this paper, we present Real-Time Flow Filter (RTFF) -a system that adopts a middle ground between coarse-grained volume anomaly detection and deep packet inspection. RTFF was designed with the goal of scaling to high volume data feeds that are common in large Tier-1 ISP networks and providing rich, timely information on observed attacks. It is a software solution that is designed to run on off-the-shelf hardware platforms and incorporates a scalable data processing architecture along with lightweight analysis algorithms that make it suitable for deployment in large networks. RTFF also makes use of state of the art machine learning algorithms to construct attack models that can be used to detect as well as predict attacks.

Keywords

Internet; computer network management; computer network security; Internet service provider; RTFF; Tier-1 ISP networks; coarse-grained volume anomaly detection; deep packet inspection; high volume data feeds; high volume data management; machine learning algorithms; network attack detection; off-the-shelf hardware platforms; real-time flow filtering; scalable data processing architecture; software solution; Data processing; Filters; Intrusion detection; Network architecture; Network security; Real-time systems; Security; intrusion detection; network security; scaling;

fLanguage

English

Journal_Title

Communications, China

Publisher

ieee

ISSN

1673-5447

Type

jour

DOI

10.1109/CC.2013.6488830

Filename

6488830