Abnormal Traffic Detection of IoT Terminals Based on Bloom Filter
As the size and speed of the network increase,the discovery of abnormal traffic becomes more difficult.It is not only necessary to accurately detect real-time traffic but also to determine the type of abnormality.Therefore,in view of the requirement for network anomaly discovery,this paper proposes a Bloom Filter(BF)based abnormal traffic detection framework.This framework could retrieve information from real-time data accurately under low time complexity.This article mainly analyzes two kinds of abnormal traffic(port scanning traffic and TCP flooding traffic).For port scanning traffic,with BF structure the framework could retrieve what ports this stream has accessed.If there is too much traffic on different ports,an abnormality could be determined.For the TCP flooding traffic,the Count Bloom Filter(CBF)is used to count the number of packets with similar length in each type of stream for a period of time.If a higher proportion of packets with similar length has been detected,an abnormality has a strong probability.Finally,the paper analyzes the proposed abnormal traffic detection framework in the real environment.The experiment finds that there.is less false positive for normal traffic and it can correctly identify the above two abnormal traffic.
Bloom Filter Abnormal Detection IoT
Fengjie DENG Yubo SONG Aiqun HU Min FAN Yu JIANG
School of Cyber Science and Engineering Southeast University Jiangsu,Nanjing,China
国际会议
2019国图灵大会(ACM Turing Celebration conference-China 2019 )
成都
英文
737-743
2019-05-17(万方平台首次上网日期,不代表论文的发表时间)