分布式监控系统中检测异常流量的一种新的数据流方法

IF 1.5 4区计算机科学 Q3 COMPUTER SCIENCE, INFORMATION SYSTEMS International Journal of Network Management Pub Date : 2023-03-31 DOI:10.1002/nem.2227

Aiping Zhou, Ye Zhu

{"title":"分布式监控系统中检测异常流量的一种新的数据流方法","authors":"Aiping Zhou, Ye Zhu","doi":"10.1002/nem.2227","DOIUrl":null,"url":null,"abstract":"<p>This paper concentrates on the issue of detecting abnormal flows in distributed monitoring systems, which has many network management applications such as anomaly detection and traffic engineering. Collecting massive network traffic in real-time remains a large challenge due to the limited system resource. Most existing approaches perform abnormal flow detection at one measurement point, while they cause large computation and memory overhead for recovering abnormal flows. In this paper, we propose a novel data streaming method that supports accurate abnormal flow detection with a low memory requirement. The key idea of our method is that each monitor compresses flow information to summary data structure, sends the generated data structure to the controller; then the controller aggregates the received data structures, recovers candidates of abnormal flows and estimates their size and change to find abnormal flows on the basis of the aggregated data structure. The experimental results based on real network traffic show that the proposed approach can detect up to 97% of abnormal flows with low memory and update requirements in comparison with related approaches.</p>","PeriodicalId":14154,"journal":{"name":"International Journal of Network Management","volume":"33 6","pages":""},"PeriodicalIF":1.5000,"publicationDate":"2023-03-31","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"A novel data streaming method for detecting abnormal flows in distributed monitoring systems\",\"authors\":\"Aiping Zhou, Ye Zhu\",\"doi\":\"10.1002/nem.2227\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"<p>This paper concentrates on the issue of detecting abnormal flows in distributed monitoring systems, which has many network management applications such as anomaly detection and traffic engineering. Collecting massive network traffic in real-time remains a large challenge due to the limited system resource. Most existing approaches perform abnormal flow detection at one measurement point, while they cause large computation and memory overhead for recovering abnormal flows. In this paper, we propose a novel data streaming method that supports accurate abnormal flow detection with a low memory requirement. The key idea of our method is that each monitor compresses flow information to summary data structure, sends the generated data structure to the controller; then the controller aggregates the received data structures, recovers candidates of abnormal flows and estimates their size and change to find abnormal flows on the basis of the aggregated data structure. The experimental results based on real network traffic show that the proposed approach can detect up to 97% of abnormal flows with low memory and update requirements in comparison with related approaches.</p>\",\"PeriodicalId\":14154,\"journal\":{\"name\":\"International Journal of Network Management\",\"volume\":\"33 6\",\"pages\":\"\"},\"PeriodicalIF\":1.5000,\"publicationDate\":\"2023-03-31\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"International Journal of Network Management\",\"FirstCategoryId\":\"94\",\"ListUrlMain\":\"https://onlinelibrary.wiley.com/doi/10.1002/nem.2227\",\"RegionNum\":4,\"RegionCategory\":\"计算机科学\",\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"Q3\",\"JCRName\":\"COMPUTER SCIENCE, INFORMATION SYSTEMS\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"International Journal of Network Management","FirstCategoryId":"94","ListUrlMain":"https://onlinelibrary.wiley.com/doi/10.1002/nem.2227","RegionNum":4,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q3","JCRName":"COMPUTER SCIENCE, INFORMATION SYSTEMS","Score":null,"Total":0}

引用次数: 0

摘要

本文主要研究分布式监控系统中的异常流量检测问题，该问题在异常检测和流量工程等网络管理领域有着广泛的应用。由于系统资源有限，实时采集海量网络流量仍然是一个巨大的挑战。现有的异常流检测方法大多是在一个测量点上进行异常流检测，而异常流恢复的计算和内存开销较大。在本文中，我们提出了一种新的数据流方法，该方法支持在低内存要求下精确检测异常流量。该方法的核心思想是每个监视器将流量信息压缩成汇总数据结构，将生成的数据结构发送给控制器;然后对接收到的数据结构进行聚合，恢复异常流候选项，并根据聚合后的数据结构估计异常流的大小和变化，发现异常流。基于真实网络流量的实验结果表明，与相关方法相比，该方法可以检测到97%的低内存和低更新要求的异常流量。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

摘要图片

查看原文

微信好友朋友圈 QQ好友复制链接

本刊更多论文

A novel data streaming method for detecting abnormal flows in distributed monitoring systems

This paper concentrates on the issue of detecting abnormal flows in distributed monitoring systems, which has many network management applications such as anomaly detection and traffic engineering. Collecting massive network traffic in real-time remains a large challenge due to the limited system resource. Most existing approaches perform abnormal flow detection at one measurement point, while they cause large computation and memory overhead for recovering abnormal flows. In this paper, we propose a novel data streaming method that supports accurate abnormal flow detection with a low memory requirement. The key idea of our method is that each monitor compresses flow information to summary data structure, sends the generated data structure to the controller; then the controller aggregates the received data structures, recovers candidates of abnormal flows and estimates their size and change to find abnormal flows on the basis of the aggregated data structure. The experimental results based on real network traffic show that the proposed approach can detect up to 97% of abnormal flows with low memory and update requirements in comparison with related approaches.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

International Journal of Network Management COMPUTER SCIENCE, INFORMATION SYSTEMS-TELECOMMUNICATIONS

CiteScore

5.10

自引率

6.70%

发文量

审稿时长

>12 weeks

期刊介绍： Modern computer networks and communication systems are increasing in size, scope, and heterogeneity. The promise of a single end-to-end technology has not been realized and likely never will occur. The decreasing cost of bandwidth is increasing the possible applications of computer networks and communication systems to entirely new domains. Problems in integrating heterogeneous wired and wireless technologies, ensuring security and quality of service, and reliably operating large-scale systems including the inclusion of cloud computing have all emerged as important topics. The one constant is the need for network management. Challenges in network management have never been greater than they are today. The International Journal of Network Management is the forum for researchers, developers, and practitioners in network management to present their work to an international audience. The journal is dedicated to the dissemination of information, which will enable improved management, operation, and maintenance of computer networks and communication systems. The journal is peer reviewed and publishes original papers (both theoretical and experimental) by leading researchers, practitioners, and consultants from universities, research laboratories, and companies around the world. Issues with thematic or guest-edited special topics typically occur several times per year. Topic areas for the journal are largely defined by the taxonomy for network and service management developed by IFIP WG6.6, together with IEEE-CNOM, the IRTF-NMRG and the Emanics Network of Excellence.

期刊最新文献

Issue Information Intent-Based Network Configuration Using Large Language Models Issue Information Security, Privacy, and Trust Management on Decentralized Systems and Networks A Blockchain-Based Proxy Re-Encryption Scheme With Cryptographic Reverse Firewall for IoV