Abstract:
|
The Internet, as an extensive array of information resources and services requires real-time monitoring and rapid, online, statistical analysis of network traffic for comprehension of its structure, identification and prevention of cyber-attacks. We develop an open source architecture, AMON (All-packet MONitor), for online monitoring and sequential analysis of multi-gigabit data streams under relatively stringent time and space constraints. AMON examines all packets passing through a high-performance software packet monitor PF-RING, partitions traffic into sub-streams by using rapid hashing and computes certain real-time statistical summaries to detect statistically significant heavy hitters (outliers) in traffic volume, relative volume and connectivity. AMON framework does not require specialized hardware, is readily deployable, and allows for the visualization and statistical detection at the time-of-onset of high-connectivity events such as DDoS (Distributed Denial of Service Attacks).
|