An Integrated Solution for Policy Filtering and Traffic Anomaly Detection

Authors:
Zhijun Wang;Hao Che;Jiannong Cao
Affiliations:
Department of Computing, The Hong Kong Polytechnic University, Hong Kong,;Department of Computer Science and Engineering, The University of Texas at Arlington, Arlington, USA TX 76019;Department of Computing, The Hong Kong Polytechnic University, Hong Kong,
Venue:
ATC '08 Proceedings of the 5th international conference on Autonomic and Trusted Computing
Year:
2008

Citing 11
Cited 0

Hash-based IP traceback

Proceedings of the 2001 conference on Applications, technologies, architectures, and protocols for computer communications
Scalable packet classification

Proceedings of the 2001 conference on Applications, technologies, architectures, and protocols for computer communications
Network support for IP traceback

IEEE/ACM Transactions on Networking (TON)
Efficient packet marking for large-scale IP traceback

Proceedings of the 9th ACM conference on Computer and communications security
A framework for classifying denial of service attacks

Proceedings of the 2003 conference on Applications, technologies, architectures, and protocols for computer communications
Packet Classification Using Extended TCAMs

ICNP '03 Proceedings of the 11th IEEE International Conference on Network Protocols
Diagnosing network-wide traffic anomalies

Proceedings of the 2004 conference on Applications, technologies, architectures, and protocols for computer communications
Gigabit Rate Packet Pattern-Matching Using TCAM

ICNP '04 Proceedings of the 12th IEEE International Conference on Network Protocols
CoPTUA: Consistent Policy Table Update Algorithm for TCAM without Locking

IEEE Transactions on Computers
Algorithms for advanced packet classification with ternary CAMs

Proceedings of the 2005 conference on Applications, technologies, architectures, and protocols for computer communications
ALPi: A DDoS Defense System for High-Speed Networks

IEEE Journal on Selected Areas in Communications

Quantified Score

Hi-index	0.00

Visualization

Abstract

In this paper, we propose a Ternary Content Addressable Memory (TCAM) coprocessor based solution for high speed, integrated policy filtering and TCP flow anomaly detection. In the proposed solution, the TCP flow anomaly is detected through two dimensional (2D) matching. The key features of the solution include: (1) setting flag bits in TCAM action code to support various packet treatments; (2) managing TCP flow state in pair to do 2D matching. The solution's ability for detecting TCP-based flooding attacks based on real-world-trace simulations are conducted. The results show that the proposed solution can match up OC-192 line rate while doing the integrated tasks.