TY - GEN
T1 - Real-time feature extraction for high speed networks
AU - Nguyen, David
AU - Memik, Gokhan
AU - Memik, Seda Ogrenci
AU - Choudhary, Alok
N1 - Copyright:
Copyright 2011 Elsevier B.V., All rights reserved.
PY - 2005
Y1 - 2005
N2 - With the onset of Gigabit networks, current generation networking components will soon be insufficient for numerous reasons: most notably because existing methods cannot support high performance demands. Feature extraction (or flow monitoring), an essential component in anomaly detection, summarizes network behavior from a packet stream. This information is fed into intrusion detection methods such as association rule mining, outlier analysis, and classification algorithms in order to characterize network behavior. However, current feature extraction methods based on per-flow analysis are expensive, not scalable, and thus prohibitive for large-scale networks. In this paper, we propose an accurate and scalable Feature Extraction Module (FEM) based on sketches. We present the details of the FEM design on an FPGA and show that using FPGAs we can achieve significantly better performance compared to existing software and ASIC implementations. Specifically, the optimal FEM configuration achieves 21.25 Gbps throughput and 97.61% accuracy.
AB - With the onset of Gigabit networks, current generation networking components will soon be insufficient for numerous reasons: most notably because existing methods cannot support high performance demands. Feature extraction (or flow monitoring), an essential component in anomaly detection, summarizes network behavior from a packet stream. This information is fed into intrusion detection methods such as association rule mining, outlier analysis, and classification algorithms in order to characterize network behavior. However, current feature extraction methods based on per-flow analysis are expensive, not scalable, and thus prohibitive for large-scale networks. In this paper, we propose an accurate and scalable Feature Extraction Module (FEM) based on sketches. We present the details of the FEM design on an FPGA and show that using FPGAs we can achieve significantly better performance compared to existing software and ASIC implementations. Specifically, the optimal FEM configuration achieves 21.25 Gbps throughput and 97.61% accuracy.
UR - http://www.scopus.com/inward/record.url?scp=33746896618&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=33746896618&partnerID=8YFLogxK
U2 - 10.1109/FPL.2005.1515761
DO - 10.1109/FPL.2005.1515761
M3 - Conference contribution
AN - SCOPUS:33746896618
SN - 0780393627
SN - 9780780393622
T3 - Proceedings - 2005 International Conference on Field Programmable Logic and Applications, FPL
SP - 438
EP - 443
BT - Proceedings - 2005 International Conference on Field Programmable Logic and Applications, FPL
T2 - 2005 International Conference on Field Programmable Logic and Applications, FPL
Y2 - 24 August 2005 through 26 August 2005
ER -