Carousel: scalable logging for intrusion prevention systems
作者: Michael Mitzenmacher , George Varghese
关键词: Context (language use) 、 Time optimal 、 Intrusion prevention system 、 Factor (programming language) 、 Logging 、 Real-time computing 、 Gigabit 、 Computer science 、 Computer network 、 Scalability 、 Set (abstract data type)
摘要: We address the problem of collecting unique items in a large stream information context Intrusion Prevention Systems (IPSs). IPSs detect attacks at gigabit speeds and must log infected source IP addresses for remediation or forensics. An attack with millions sources can result hundreds records when counting duplicates. If logging are much slower than packet arrival rates memory IPS is limited, scalable technical challenge. After showing that naive approaches will not suffice, we solve new algorithm call Carousel. Carousel randomly partitions set into groups be logged without duplicates, then cycles through possible groups. prove collects almost all high probability close to optimal time as long keep transmitting. describe details Snort implementation hardware design. Simulations worm propagation models show up factor 10 improvement collection times practical scenarios. Our technique applies any non-cooperative appears repeatedly.
acm.org
harvard.edu 
sci-hub.st 参考文章(14)
Ran El-Yaniv, Allan Borodin, Online Computation and Competitive Analysis ,(1998)
Martin Raab, Angelika Steger, Balls into Bins - A Simple and Tight Analysis randomization and approximation techniques in computer science. pp. 159- 170 ,(1998) , 10.1007/3-540-49543-6_13
Eli Upfal, Michael Mitzenmacher, Probability and Computing: Randomized Algorithms and Probabilistic Analysis ,(2005)
Robert Sproull, Butler Lampson, David Boggs, Chuck Thacker, Ed McCreight, Alto: A personal computer McGraw-Hill. ,(1981)
Vern Paxson, Sarang Dharmapurikar, Robust TCP stream reassembly in the presence of adversaries usenix security symposium. pp. 5- 5 ,(2005)
Cliff Changchun Zou, Weibo Gong, Don Towsley, Code red worm propagation modeling and analysis Proceedings of the 9th ACM conference on Computer and communications security - CCS '02. pp. 138- 147 ,(2002) , 10.1145/586110.586130
Andrei Broder, Michael Mitzenmacher, Network Applications of Bloom Filters: A Survey Internet Mathematics. ,vol. 1, pp. 485- 509 ,(2004) , 10.1080/15427951.2004.10129096
Burton H. Bloom, Space/time trade-offs in hash coding with allowable errors Communications of the ACM. ,vol. 13, pp. 422- 426 ,(1970) , 10.1145/362686.362692
Li Fan, Pei Cao, J. Almeida, A.Z. Broder, Summary cache: a scalable wide-area web cache sharing protocol IEEE ACM Transactions on Networking. ,vol. 8, pp. 281- 293 ,(2000) , 10.1109/90.851975
Mythili Vutukuru, Hari Balakrishnan, Vern Paxson, Efficient and Robust TCP Stream Normalization ieee symposium on security and privacy. pp. 96- 110 ,(2008) , 10.1109/SP.2008.27