Advertisement

Abnormal Flow Detection Technology in GPU Network Based on Statistical Classification Method

  • Huifeng Yang
  • Liandong Chen
  • Boyao Zhang
  • Haikuo Zhang
  • Peng Zuo
  • Ningming Nie
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 11344)

Abstract

Domain Name System (DNS), as the Internet “hub system” of basic resources services, mainly provides the basic services of domain name and IP address mapping. Abnormal flow detection technology plays an important role in the security service quality of Internet basic services, and it is also one of the important contents of Internet security research. The existing research mainly focuses on the analysis of network flow and other technologies at the data level, but in the context of network attacks, especially in the case of DDoS attacks, the accuracy and detection performance need to be improved. Based on the statistical method of high-performance abnormal flow detection technology, in this paper, the flow data are used for real-time statistical fitting, and the difference is made with the historical log data statistics. GPU parallel technology is used to improve the detection performance, which improves the accuracy and detection performance in the case of DDoS attacks on the network.

Keywords

Abnormal flow detection Network flow GPU 

Notes

Acknowledgments

This work was partly supported by the National Key R&D Program of China (No. 2017YFB0203102), the State Key Program of National Natural Science Foundation of China (No. 91530324).

References

  1. 1.
    Verisign. The domain name industry brief [EB/OL]. https://www.verisign.com/assets/domain-name-report-Q42017.pdf
  2. 2.
    CNNIC. The forty-first statistical report on China’s Internet development [EB/OL]. http://www.cnnic.cn/hlwfzyj/hlwxzbg/hlwtjbg/201803/P020180305409870339136.pdf
  3. 3.
    Krishnamurthy, B., Sen, S., Zhang, Y.: Sketch-based change detection: methods, evaluation and applications. In: Proceedings of the 3th ACM SIGCOMM Conference on Internet Measurement (2003)Google Scholar
  4. 4.
    Estan, C., Varghese, G.: New directions in traffic measurement and accounting: focusing on the elephants, ignoring the mice. ACM Trans. Comput. Syst. (TOCS) 21(3), 270–313 (2003)CrossRefGoogle Scholar
  5. 5.
    Tang, J., Cheng, Y., Hao, Y., Song, W.: SIP flooding attack detection with a multi-dimensional sketch design. IEEE Trans. Dependable Secure Comput. 11(6), 582–595 (2014)CrossRefGoogle Scholar
  6. 6.
    Liang, G., Taft, N., Yu, B.: A fast lightweight approach to origin-destination IP traffic estimation using partial measurements. IEEE/ACM Trans. Netw. Special Issue Netw. Inf. Theory 14(6), 2634–2648 (2006)MathSciNetzbMATHGoogle Scholar
  7. 7.
    Dewaele, G., Fukuda, K., Borgnat, P., Abry, P., Cho, K.: Extracting hidden anomalies using sketch and non Gaussian multiresolution statistical detection procedures. In: Workshop on Large Scale Attack Defense (2007)Google Scholar
  8. 8.
    Mikle, O.: Detecting Hidden Anomalies in DNS Communication [EB/OL]. https://www.dns-oarc.net/files/workshop-201210/DNS-anomaly-OF.pdf
  9. 9.
    Luo, N.: Research and implementation of abnormal flow monitoring method based on synopsis data structure (2008)Google Scholar
  10. 10.
    Xie, K., Wang, L., Wang, X., Xie, G., Wen, J., Zhang, G.: Accurate recovery of internet flow data: a tensor completion approach. In: INFOCOM (2016)Google Scholar

Copyright information

© Springer Nature Switzerland AG 2018

Authors and Affiliations

  • Huifeng Yang
    • 1
  • Liandong Chen
    • 1
  • Boyao Zhang
    • 2
  • Haikuo Zhang
    • 2
    • 3
    • 4
  • Peng Zuo
    • 4
  • Ningming Nie
    • 2
  1. 1.State Grid Hebei Electric Power CompanyShijiazhuangChina
  2. 2.Computer Network Information CenterChinese Academy of SciencesBeijingChina
  3. 3.University of Chinese Academy of SciencesBeijingChina
  4. 4.China Internet Network Information CenterBeijingChina

Personalised recommendations