TY - GEN
T1 - An integrated solution for policy filtering and traffic anomaly detection
AU - Wang, Zhijun
AU - Che, Hao
AU - Cao, Jiannong
PY - 2008/8/4
Y1 - 2008/8/4
N2 - In this paper, we propose a Ternary Content Addressable Memory (TCAM) coprocessor based solution for high speed, integrated policy filtering and TCP flow anomaly detection. In the proposed solution, the TCP flow anomaly is detected through two dimensional (2D) matching. The key features of the solution include: (1) setting flag bits in TCAM action code to support various packet treatments; (2) managing TCP flow state in pair to do 2D matching. The solution's ability for detecting TCP-based flooding attacks based on real-world-trace simulations are conducted. The results show that the proposed solution can match up OC-192 line rate while doing the integrated tasks.
AB - In this paper, we propose a Ternary Content Addressable Memory (TCAM) coprocessor based solution for high speed, integrated policy filtering and TCP flow anomaly detection. In the proposed solution, the TCP flow anomaly is detected through two dimensional (2D) matching. The key features of the solution include: (1) setting flag bits in TCAM action code to support various packet treatments; (2) managing TCP flow state in pair to do 2D matching. The solution's ability for detecting TCP-based flooding attacks based on real-world-trace simulations are conducted. The results show that the proposed solution can match up OC-192 line rate while doing the integrated tasks.
UR - http://www.scopus.com/inward/record.url?scp=48249136540&partnerID=8YFLogxK
U2 - 10.1007/978-3-540-69295-9_11
DO - 10.1007/978-3-540-69295-9_11
M3 - Conference article published in proceeding or book
SN - 3540692940
SN - 9783540692942
T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
SP - 106
EP - 120
BT - Autonomic and Trusted Computing - 5th International Conference, ATC 2008, Proceedings
T2 - 5th International Conference on Autonomic and Trusted Computing, ATC 2008
Y2 - 23 June 2008 through 25 June 2008
ER -