Title :
Detecting Attacks in Routers Using Sketches
Author :
Barman, Dhiman ; Satapathy, Piyush ; Ciardo, Gianfranco
Author_Institution :
California Univ., Riverside
fDate :
May 30 2007-June 1 2007
Abstract :
Designing routers against different attacks is imperative in today´s Internet. We propose accurate, memory efficient, and scalable techniques to detect attacks such as worms, viruses, superspreaders, and denials-of-service (DoS) in routers. Our schemes enable detection in the routers by looking only at the IP headers. We propose a general methodology to use sketches, in particular count-min sketch, FM sketch, and counting and multi-counting Bloom filters, to recognize attacks in the routing architecture. Our techniques are based on change detection, for which we propose an algorithm that can work on data-streams and leverage the accurate and efficient estimation provided by sketches. We evaluate the performance of different schemes on real traces to show their accuracy.
Keywords :
Internet; computer viruses; telecommunication network routing; telecommunication security; FM sketch; Internet; computer virus; count-min sketch; denials-of-service; multicounting Bloom filter; network attack detection; router design; worm; Change detection algorithms; Computer worms; Data structures; Filters; Internet; Principal component analysis; Telecommunication traffic; Time series analysis; Traffic control; Viruses (medical);
Conference_Titel :
High Performance Switching and Routing, 2007. HPSR '07. Workshop on
Conference_Location :
Brooklyn, NY
Print_ISBN :
1-4244-1206-4
Electronic_ISBN :
1-4244-1206-4
DOI :
10.1109/HPSR.2007.4281248
