Analyzing the Number of Varieties in Frequently Found Flows

Yusuke SHOMURA  Yoshinori WATANABE  Kenichi YOSHIDA  

Publication
IEICE TRANSACTIONS on Communications   Vol.E91-B   No.6   pp.1896-1905
Publication Date: 2008/06/01
Online ISSN: 1745-1345
DOI: 10.1093/ietcom/e91-b.6.1896
Print ISSN: 0916-8516
Type of Manuscript: PAPER
Category: Network Management/Operation
Keyword: 
DDoS,  worm,  scan,  P2P,  

Full Text: PDF(530.6KB)>>
Buy this Article




Summary: 
Abnormal traffic that causes various problems on the Internet, such as P2P flows, DDoS attacks, and Internet worms, is increasing; therefore, the importance of methods that identify and control abnormal traffic is also increasing. Though the application of frequent-itemset-mining techniques is a promising way to analyze Internet traffic, the huge amount of data on the Internet prevents such techniques from being effective. To overcome this problem, we have developed a simple frequent-itemset-mining method that uses only a small amount of memory but is effective even with the large volumes of data associated with broadband Internet traffic. Using our method also involves analyzing the number of distinct elements in the itemsets found, which helps identify abnormal traffic. We used a cache-based implementation of our method to analyze actual data on the Internet and demonstrated that such an implementation can be used to provide on-line analysis of data while using only a small amount of memory.