Please use this identifier to cite or link to this item: http://hdl.handle.net/10397/30050
Title: A TCAM-based solution for integrated traffic anomaly detection and policy filtering
Authors: Wang, Z
Che, H
Cao, J 
Wang, J
Keywords: Flow anomaly detection
TCAM coprocessor
Two-dimensional matching
Issue Date: 2009
Source: Computer communications, 2009, v. 32, no. 17, p. 1893-1901 How to cite?
Journal: Computer Communications 
Abstract: The survivability of the future Internet is largely dependent on whether it will be able to successfully address both security and performance issues facing the Internet. On one hand, the Internet becomes more and more vulnerable due to fast spreading malicious attacks. On the other hand, it is under great stress to meet ever growing/changing application demands while having to sustain multi-gigabit forwarding performance. In this paper, we propose a Ternary Content Addressable Memory (TCAM) coprocessor based solution for high speed, integrated TCP flow anomaly detection and policy filtering. The attacking packets with spoofed source IP addresses are detected through two-dimensional (2D) matching. The key features of the solution are: (1) setting flag bits in TCAM action code to support various packet treatments; (2) managing TCP flow state in pair to do 2D matching. We evaluate the solution's ability to detect TCP-based flooding attacks based on real-world-trace simulations. The results show that the proposed solution can match up OC-192 line rate. The possible modifications of the solution for the detection of low rate TCP-targeted attacks are also discussed.
URI: http://hdl.handle.net/10397/30050
ISSN: 0140-3664
DOI: 10.1016/j.comcom.2009.07.016
Appears in Collections:Journal/Magazine Article

Access
View full-text via PolyU eLinks SFX Query
Show full item record

SCOPUSTM   
Citations

4
Last Week
0
Last month
0
Citations as of May 15, 2017

WEB OF SCIENCETM
Citations

3
Last Week
0
Last month
0
Citations as of May 22, 2017

Page view(s)

22
Last Week
0
Last month
Checked on May 21, 2017

Google ScholarTM

Check

Altmetric



Items in DSpace are protected by copyright, with all rights reserved, unless otherwise indicated.