Dissertation > Industrial Technology > Automation technology,computer technology > Computing technology,computer technology > Computer applications > Computer network > General issues > Computer Network Security

Compact Algorithms for Finding Superpoints in High Speed Networks

Author XuFaBo
Tutor LiuWeiJiang
School Dalian Maritime University
Course Computer Science and Technology
Keywords Superpoint IP Flow Detect Compensation Flow Sample
CLC TP393.08
Type Master's thesis
Year 2013
Downloads 16
Quotes 0
Download Dissertation

With the rapid development of Internet, network attacks become increasingly frequent, such as worm propagation, distributed denial-of-service attacks, port scanning, etc. They incur declining the quality of service. We call such a host a superpoint, which is the source that connects to a large number of distinct destinations in a short time. Real-time detecting superpoint and obtaining superpoint information are very important for network management and traffic monitoring.The original SuperpointTrap algorithm only identifies the superpoints, but does not record the number of all IP flows generated by each host. To improve the measurement accuracy, we propose C-SuperpointTrap algorithm and S-SuperpointTrap algorithm. C-SuperpointTrap algorithm composes of two modules:online measurement module and offline processing module. Online measurement module improves the updated operation of the original SuperpointTrap algorithm. There is no output of C-SuperpointTrap algorithm when the number of flow generated by the host is larger than a predefined threshold. In the measurement period, C-SuperpointTrap algorithm records the host information that makes superpoints detection more accurate. On offline processing module, a compensation mechanism is proposed to estimate the number of flow generated by each superpoint. The mechanism will compensate the number of flows that is not recorded because they arrive before a superpoint occupy its corresponding entry. In order to reduce the consumption of processing resource and enhance scalability, we further propose S-SuperpointTrap algorithm that is the combination of C-SuperpointTrap algorithm and flow sampling technique.In experiments, we use three traces gathered at different locations of the Internet to test our algorithms. The false negative rate, false positive rate and the Weighted Mean Relative Difference are the evaluation metric. The experimental results show that our algorithms have certain advantages in accuracy and memory consumption.

Related Dissertations
More Dissertations