Abnormal Traffic Detection Circuit with Real-time Cardinality Counter

Access this Article

Author(s)

    • Sannomiya Shuji
    • Faculty of Engineering, Information and Systems, University of Tsukuba
    • Sato Akira
    • Faculty of Engineering, Information and Systems, University of Tsukuba
    • Nishikawa Hiroaki
    • Headquarters for International Industry-University Collaboration, University of Tsukuba

Abstract

<p>To identify abnormal traffic such as P2P flows, DDoS attacks, and Internet worms, this paper discusses a circuit design to realize real-time abnormal traffic detection in broadband networks. Real-time counting of cardinality is the key feature of the circuit. Although our previous study showed that cardinality counting is effective for detecting various types of abnormal traffic, the slowness of DRAM access prevented us from deploying cardinality counting in backbone networks. To address the problem of DRAM access time, this paper proposes a new algorithm for cardinality counting. By changing the order of the cardinality counting process, the proposed algorithm enables parallel accesses of DRAM circuits, which hides the slow DRAM access time through a pipeline circuit. In addition, we propose a new hashing function that also hides the DRAM access problem. It partially replaces scattered addresses with successive addresses, in order to use a faster DRAM burst access. We also report the accuracy of the cardinality counting of the new algorithm, and describe the estimated processing performance based on a pipeline tact level circuit simulation. Our experimental results show that the use of the self-timed pipeline circuit can help realize cardinality counting at rates up to 100Gbps.</p>

Journal

  • Journal of Information Processing

    Journal of Information Processing 26(0), 590-600, 2018

    Information Processing Society of Japan

Codes

Page Top