2012 IEEE 9th International Conference on Mobile Ad-Hoc and Sensor Systems (MASS 2012)
Download PDF

Abstract

Sketch is commonly used in network anomaly detection. However, its irreversibility seriously obstacle for identification of origin of traffic anomaly, such as attack flows. In this paper, we design a novel sketch structure, called Bitwise Sketch, with the ability of fast and lightweight reverse deduction. Bitwisebased hash function, which distributes keys (IPs) is Sketch, is adopted in bitwise sketch, instead of traditional universal hash function. We propose an IP reconstruction algorithm that can reversely infer anomalous keys (IP) from a set of anomalous buckets, with very low overhead. Simulation result shows the effectiveness of the algorithm¿s results in filtering attack traffic. Through theoretical analysis, we compare our approach with three resultant approaches, and our approach outperforms both in memory requirement and computational cost.
Like what you’re reading?
Already a member?Sign In
Member Price
$11
Non-Member Price
$21
Add to CartSign In
Get this article FREE with a new membership!

Related Articles