Managing High Volume Data for Network Attack Detection Using Real-Time Flow Filtering

作     者：Abhrajit Ghosh Yitzchak M. Gottlieb Aditya Naidu Akshay Vashist Alexander Poylisher Ayumu Kubota Yukiko Sawaya Akira Yamada 

作者机构：Applied Communication Sciences 150 Mount Airy RoadBasking Ridge NJ 07920 USA KDDI R&D Laboratories 2-1-15 Ohara Fujimino-shiSaitama 356-8502 Japan 

出 版 物：《China Communications》 (中国通信（英文版）)

年 卷 期：2013年第10卷第3期

页      面：56-66页

核心收录：

学科分类：12[管理学] 1201[管理学-管理科学与工程(可授管理学、工学学位)] 0839[工学-网络空间安全] 08[工学] 

主　　题：network security intrusion detection scaling 

摘      要：In this paper, we present Real-Time Flow Filter (RTFF) -a system that adopts a middle ground between coarse-grained volume anomaly detection and deep packet inspection. RTFF was designed with the goal of scaling to high volume data feeds that are common in large Tier-1 ISP networks and providing rich, timely information on observed attacks. It is a software solution that is designed to run on off-the-shelf hardware platforms and incorporates a scalable data processing architecture along with lightweight analysis algorithms that make it suitable for deployment in large networks. RTFF also makes use of state of the art machine learning algorithms to construct attack models that can be used to detect as well as predict attacks.