Predictive network anomaly detection and visualization
IEEE Transactions on Information Forensics and Security
A fast and scalable conflict detection algorithm for packet classifiers
ISPA'05 Proceedings of the Third international conference on Parallel and Distributed Processing and Applications
Automated immunization against denial-of-service attacks featuring stochastic packet inspection
GCC'05 Proceedings of the 4th international conference on Grid and Cooperative Computing
Hi-index | 0.00 |
This paper presents an aggregation technique targeted for near real-time, long-term, and wide-area traffic monitoring. Our technique, called aguri, adapts itself to spatial traffic distribution by aggregating small volume flows into aggregates, and achieves temporal aggregation by creating a summary of summaries applying the same algorithm to its outputs. A set of scripts are used for archiving and visualizing summaries in different time scales.For near real-time monitoring, our prototype implementation employs a Patricia tree and a variant of the LRU replacement policy to limit memory use and search time with variable length keys. The algorithm is fairy insensitive to parameter settings and network conditions.Aguri does not need a predefined rule set and is capable of detecting an unexpected increase of unknown protocols or DoS attacks, which considerably simplifies the task of network monitoring. We have been monitoring the WIDE backbone network using aguri, and found it useful for network operation.