An Algorithm Based on LRU and SCBF for Elephant Flows Identification and Its Application in DDoS Defense
-
-
Abstract
It is valuable for defending large-scale network security incidents to identify elephant flows in time and accurately. Aiming at the disadvantages of single use of LRU and SCBF in identifying elephant flows, an elephant flow identification algorithm based on LRU and SCBF, LRU_SCBF, is proposed. The LRU_SCBF uses two-level structure which is LRU list and SCBF array. The arrival mice flow is stored into the SCBF at first. Then it is extracted to the LRU when its count is greater than a certain threshold. If the LRU is full, the mice flow is out from LRU according to the LRU strategy and put into the SCBF, and so on. The elephant flows and mice flows are stored separately. Theoretical analysis and simulated experiment show that the storage complexity is low, and the false positive rate and the false negative are both low in LRU_SCBF. It makes the extraction of elephant flows accurate and timely in high-speed network. Applying this in DDoS defense, we realize the detection and traceback against DDoS attacks in time.
-
-