Count Me In: Viable Distributed Summary Statistics for Securing High-Speed Networks
作者: Johanna Amann , Seth Hall , Robin Sommer
DOI: 10.1007/978-3-319-11379-1_16
关键词: Computer science 、 Profiling (computer programming) 、 Network monitoring 、 Login 、 Anomaly detection 、 Intrusion detection system 、 Interface (computing) 、 Distributed computing 、 Data mining 、 Throughput (business) 、 Set (abstract data type)
摘要: Summary statistics represent a key primitive for profiling and protecting operational networks. Many network operators routinely measure properties such as throughput, traffic mix, heavy hitters. Likewise, security monitoring often deploys statistical anomaly detectors that trigger, e.g., when source scans the local IP address range, or exceeds threshold of failed login attempts. Traditionally, diverse set tools is used computations, each typically hard-coding either features it operates on specific calculations performs, both. In this work we present novel framework calculating wide array summary in real-time, independent underlying data, potentially aggregated from points. We focus providing transparent, extensible, easy-to-use interface implement our design top an open-source system. demonstrate example applications detection would traditionally require significant effort different to compute. have released implementation under BSD license report experiences real-world deployments large-scale environments.
springer.com
sci-hub.st 参考文章(22)
Vern Paxson, Bro: a system for detecting network intruders in real-time Computer Networks. ,vol. 31, pp. 2435- 2463 ,(1999) , 10.1016/S1389-1286(99)00112-7
Ahmed Metwally, Divyakant Agrawal, Amr El Abbadi, Efficient Computation of Frequent and Top-k Elements in Data Streams Database Theory - ICDT 2005. pp. 398- 412 ,(2004) , 10.1007/978-3-540-30570-5_27
Martin Roesch, Snort - Lightweight Intrusion Detection for Networks usenix large installation systems administration conference. pp. 229- 238 ,(1999)
Matthias Vallentin, Robin Sommer, Jason Lee, Craig Leres, Vern Paxson, Brian Tierney, The NIDS cluster: scalable, stateful network intrusion detection on commodity hardware recent advances in intrusion detection. pp. 107- 126 ,(2007) , 10.1007/978-3-540-74320-0_6
Stefan Heule, Marc Nunkesser, Alexander Hall, HyperLogLog in practice: algorithmic engineering of a state of the art cardinality estimation algorithm extending database technology. pp. 683- 692 ,(2013) , 10.1145/2452376.2452456
Animesh Patcha, Jung-Min Park, None, An overview of anomaly detection techniques: Existing solutions and latest technological trends Computer Networks. ,vol. 51, pp. 3448- 3470 ,(2007) , 10.1016/J.COMNET.2007.02.001
Tao Peng, Christopher Leckie, Kotagiri Ramamohanarao, Information sharing for distributed intrusion detection systems Journal of Network and Computer Applications. ,vol. 30, pp. 877- 899 ,(2007) , 10.1016/J.JNCA.2005.07.004
Cristian Estan, George Varghese, New directions in traffic measurement and accounting ACM Transactions on Computer Systems. ,vol. 21, pp. 270- 313 ,(2003) , 10.1145/859716.859719
Dhiman Barman, Piyush Satapathy, Gianfranco Ciardo, Detecting Attacks in Routers Using Sketches high performance switching and routing. pp. 1- 6 ,(2007) , 10.1109/HPSR.2007.4281248
Daniel M. Kane, Jelani Nelson, David P. Woodruff, An optimal algorithm for the distinct elements problem Proceedings of the twenty-ninth ACM SIGMOD-SIGACT-SIGART symposium on Principles of database systems of data - PODS '10. pp. 41- 52 ,(2010) , 10.1145/1807085.1807094