• DocumentCode
    3144658
  • Title

    Detecting Attacks in Routers Using Sketches

  • Author

    Barman, Dhiman ; Satapathy, Piyush ; Ciardo, Gianfranco

  • Author_Institution
    California Univ., Riverside
  • fYear
    2007
  • fDate
    May 30 2007-June 1 2007
  • Firstpage
    1
  • Lastpage
    6
  • Abstract
    Designing routers against different attacks is imperative in today´s Internet. We propose accurate, memory efficient, and scalable techniques to detect attacks such as worms, viruses, superspreaders, and denials-of-service (DoS) in routers. Our schemes enable detection in the routers by looking only at the IP headers. We propose a general methodology to use sketches, in particular count-min sketch, FM sketch, and counting and multi-counting Bloom filters, to recognize attacks in the routing architecture. Our techniques are based on change detection, for which we propose an algorithm that can work on data-streams and leverage the accurate and efficient estimation provided by sketches. We evaluate the performance of different schemes on real traces to show their accuracy.
  • Keywords
    Internet; computer viruses; telecommunication network routing; telecommunication security; FM sketch; Internet; computer virus; count-min sketch; denials-of-service; multicounting Bloom filter; network attack detection; router design; worm; Change detection algorithms; Computer worms; Data structures; Filters; Internet; Principal component analysis; Telecommunication traffic; Time series analysis; Traffic control; Viruses (medical);
  • fLanguage
    English
  • Publisher
    ieee
  • Conference_Titel
    High Performance Switching and Routing, 2007. HPSR '07. Workshop on
  • Conference_Location
    Brooklyn, NY
  • Print_ISBN
    1-4244-1206-4
  • Electronic_ISBN
    1-4244-1206-4
  • Type

    conf

  • DOI
    10.1109/HPSR.2007.4281248
  • Filename
    4281248
    • Link To Document
    https://search.isc.ac/dl/search/defaultta.aspx?DTC=49&DC=3144658