Adaptive network flow clustering

Document Type

Conference Proceeding

Publication Date

10-1-2007

Abstract

Flow level measurements are used to provide insights into the traffic flow crossing a network link. However, existing flow based network detection devices lack adaptive reconfigure functions when facing large number of flow sources such as spoofed attacks. The cache memory for storing flow records and the CPU for processing and/or exporting them could be increasing dramatically beyond what are available. The static sampling technique could not alleviate the issue totally. Instead it missed the ability to log accurately network traffic information. In this paper, we use Fuzzy Logic to achieve adaptive flow clustering. It reacts to the abrupt changes of flow numbers caused by flooding attack or any other attacks, and suggests a best clustering level. Therefore, large amount of flows are aggregated into a few flows in a real time. Our experiments demonstrate that the adaptive flow clustering prevents huge amount of malicious flows from exhausting memories and CPU resources while guarantees the legitimate flows. © 2007 IEEE.

Identifier

34748855477 (Scopus)

ISBN

[1424410762, 9781424410767]

Publication Title

2007 IEEE International Conference on Networking Sensing and Control Icnsc 07

External Full Text Location

https://doi.org/10.1109/ICNSC.2007.372846

First Page

596

Last Page

601

This document is currently not available here.

Share

COinS