| Presentation | 2006-09-15 Performance Evaluation of Flow Hog Identification Method Noriaki KAMIYAMA, Tatsuya MORI, Ryoichi KAWAHARA, |
|---|---|
| PDF Download Page |  PDF download Page Link |
| Abstract(in Japanese) | (See Japanese page) |
| Abstract(in English) | Worm-infected hosts generate a large number of flows during a short time. We proposed a method identifying hosts that generate many flows, i.e., flow hogs, using flow sampling. This method consists of a Bloom filter finding a new flow and a host table storing the sampled flow count of each host. We also proposed an optimum memory allocation method for each module to minimize the false negative ratio. To obtain the optimum identification threshold, we need to appropriately estimate the median of flow count for flow hogs. In this paper, we propose a method accurately estimating the median from the host set identified in the previous measurement period. We also show the results of performance comparisons with other methods. |
| Keyword(in Japanese) | (See Japanese page) |
| Keyword(in English) | abusive traffic / worm / flow sampling / identification |
| Paper # | IN2006-66 |
| Date of Issue |
| Conference Information | |
| Committee | IN |
|---|---|
| Conference Date | 2006/9/7(1days) |
| Place (in Japanese) | (See Japanese page) |
| Place (in English) | |
| Topics (in Japanese) | (See Japanese page) |
| Topics (in English) | |
| Chair | |
| Vice Chair | |
| Secretary | |
| Assistant | |
| Paper Information | |
| Registration To | Information Networks (IN) |
|---|---|
| Language | JPN |
| Title (in Japanese) | (See Japanese page) |
| Sub Title (in Japanese) | (See Japanese page) |
| Title (in English) | Performance Evaluation of Flow Hog Identification Method |
| Sub Title (in English) | |
| Keyword(1) | abusive traffic |
| Keyword(2) | worm |
| Keyword(3) | flow sampling |
| Keyword(4) | identification |
| 1st Author's Name | Noriaki KAMIYAMA |
| 1st Author's Affiliation | NTT Service Integration Laboratories, NTT Corporation() |
| 2nd Author's Name | Tatsuya MORI |
| 2nd Author's Affiliation | NTT Service Integration Laboratories, NTT Corporation |
| 3rd Author's Name | Ryoichi KAWAHARA |
| 3rd Author's Affiliation | NTT Service Integration Laboratories, NTT Corporation |
| Date | 2006-09-15 |
| Paper # | IN2006-66 |
| Volume (vol) | vol.106 |
| Number (no) | 237 |
| Page | pp.pp.- |
| #Pages | 6 |
| Date of Issue | |