Enhancing performance of cardinality analysis by packet filtering

Shinichi Mori; Akira Sato; Kenichi Yoshida

doi:10.1109/ICOIN.2016.7427068

2016 International Conference on Information Networking (ICOIN)

Enhancing performance of cardinality analysis by packet filtering

Year: 2016, Pages: 23-28

DOI Bookmark: 10.1109/ICOIN.2016.7427068

Authors

Shinichi Mori, University of Tsukuba, 3-29-1 Otsuka, Bunkyo, Tokyo, Japan
Akira Sato, University of Tsukuba, 3-29-1 Otsuka, Bunkyo, Tokyo, Japan
Kenichi Yoshida, University of Tsukuba, 3-29-1 Otsuka, Bunkyo, Tokyo, Japan

Abstract

Cardinality in network flow data gives useful information for network administrators about suspicious communication on their network. Such communication tends to present abnormal number of source and/or destination network address. Our research group reported that cardinality presented in TCP/IP packet header can be used to detect malware propagation and P2P software usage in small size network. However the processing speed of the cardinality analyzer is not enough to analyze high speed network line over 20Gbps. In this paper, we propose a technique to offload the analyzer by packet filtering based on the TCP flags. We also report the performance and the limitation of the proposed technique.

Like what you’re reading?

Already a member?

Get this article FREE with a new membership!

EQF: An Explicit Queue-Length Feedback for TCP Congestion Control in Datacenter Networks
2017 Fifth International Conference on Advanced Cloud and Big Data (CBD)
Performance optimization of TCP/IP over 10 Gigabit Ethernet by precise instrumentation
SC Conference
A network defense system for detecting and preventing potential hacking attempts
2016 International Conference on Information Networking (ICOIN)
Cardinality Counting Circuit for Real-Time Abnormal Traffic Detection
2017 IEEE 41st Annual Computer Software and Applications Conference (COMPSAC)
Tracemax: A novel single packet IP traceback strategy for data-flow analysis
2015 IEEE 40th Conference on Local Computer Networks (LCN 2015)
Packet Slicing for Highly Concurrent TCPs in Data Center Networks with COTS Switches
2015 IEEE 23rd International Conference on Network Protocols (ICNP)
G-Snoop: enhancing TCP performance over wireless networks
Proceedings. ISCC 2004. Ninth International Symposium on Computers And Communications (IEEE Cat. No.04TH8769)
Cardinality Estimation for Elephant Flows: A Compact Solution Based on Virtual Register Sharing
IEEE/ACM Transactions on Networking
A Parallel Data Stream Layer for Large Data Workloads on WANs
2020 IEEE 22nd International Conference on High Performance Computing and Communications; IEEE 18th International Conference on Smart City; IEEE 6th International Conference on Data Science and Systems (HPCC/SmartCity/DSS)
Faulds: A Non-Parametric Iterative Classifier for Internet-Wide OS Fingerprinting
IEEE/ACM Transactions on Networking

Enhancing performance of cardinality analysis by packet filtering

Authors

Abstract

Related Articles