A DoS resilient flow-level intrusion detection approach for High-speed networks

Yan Gao*, Zhichun Li, Yan Chen

*Corresponding author for this work

Research output: Chapter in Book/Report/Conference proceedingConference contribution

39 Scopus citations

Abstract

Global-scale attacks like viruses and worms are increasing in frequency, severity and sophistication, making it critical to detect outbursts at routers/gateways instead of end hosts. In this paper we leverage data streaming techniques such as the reversible sketch to obtain HiFIND, a High-speed Flow-level Intrusion Detection system. In contrast to existing intrusion detection systems, HiFIND 1) is scalable to flow-level detection on high-speed networks; 2) is DoS resilient; 3) can distinguish SYN flooding and various port scans (mostly for worm propagation) for effective mitigation; 4) enables aggregate detection over multiple routers/gateways; and 5) separates anomalies to limit false positives in detection. Both theoretical analysis and evaluation with several router traces show that HiFIND achieves these properties. To the best of our knowledge, HiFIND is the first online DoS resilient flow-level intrusion detection system for high-speed networks (approximately 10s of Gigabit/second), even for the worst case traffic of 40-byte-packet streams with each packet forming a flow.

Original languageEnglish (US)
Title of host publication26th IEEE Internationa26th IEEE International Conference on Distributed Computing Systems, ICDCS 2006
DOIs
StatePublished - 2006
Event26th IEEE Internationa26th IEEE International Conference on Distributed Computing Systems, ICDCS 2006 - Lisboa, Portugal
Duration: Jul 4 2006Jul 7 2006

Publication series

NameProceedings - International Conference on Distributed Computing Systems
Volume2006

Other

Other26th IEEE Internationa26th IEEE International Conference on Distributed Computing Systems, ICDCS 2006
Country/TerritoryPortugal
CityLisboa
Period7/4/067/7/06

Keywords

  • Data streaming
  • High-speed networking
  • Intrusion detection
  • Statistical detection

ASJC Scopus subject areas

  • Software
  • Hardware and Architecture
  • Computer Networks and Communications

Fingerprint

Dive into the research topics of 'A DoS resilient flow-level intrusion detection approach for High-speed networks'. Together they form a unique fingerprint.

Cite this