Bitwise sketch for lightweight reverse IP reconstruction in network anomaly detection

Author

Fei Wang ; Xiaofeng Wang ; Xiaofeng Hu ; Jinshu Su

Author_Institution

Sch. of Comput., Nat. Univ. of Defense Technol., Changsha, China

Volume

Supplement

fYear

2012

fDate

8-11 Oct. 2012

Firstpage

1

Lastpage

4

Abstract

Sketch is commonly used in network anomaly detection. However, its irreversibility seriously obstacle for identification of origin of traffic anomaly, such as attack flows. In this paper, we design a novel sketch structure, called Bitwise Sketch, with the ability of fast and lightweight reverse deduction. Bitwisebased hash function, which distributes keys (IPs) is Sketch, is adopted in bitwise sketch, instead of traditional universal hash function. We propose an IP reconstruction algorithm that can reversely infer anomalous keys (IP) from a set of anomalous buckets, with very low overhead. Simulation result shows the effectiveness of the algorithm¿s results in filtering attack traffic. Through theoretical analysis, we compare our approach with three resultant approaches, and our approach outperforms both in memory requirement and computational cost.

Keywords

IP networks; computer network security; telecommunication traffic; bitwise sketch; computational cost; distributes keys; filtering attack traffic; lightweight reverse IP reconstruction; memory requirement; network anomaly detection; traffic anomaly; Accuracy; Computer crime; IP networks; Memory management; Noise; Reconstruction algorithms; Vectors; anomaly detection; bitwise hash function; reverse IP reconstruction;

fLanguage

English

Publisher

ieee

Conference_Titel

Mobile Adhoc and Sensor Systems (MASS), 2012 IEEE 9th International Conference on

Conference_Location

Las Vegas, NV

Print_ISBN

978-1-4673-2433-5

Type

conf

DOI

10.1109/MASS.2012.6708530

Filename

6708530