An Algorithm Based on LRU and SCBF for Elephant Flows Identification and Its Application in DDoS Defense

Xie Dongqing; Zhou Zaihong; Luo Jiawei

Journal of Computer Research and Development > 2011 > 48(8): 1517-1523.

Xie Dongqing, Zhou Zaihong, Luo Jiawei. An Algorithm Based on LRU and SCBF for Elephant Flows Identification and Its Application in DDoS Defense[J]. Journal of Computer Research and Development, 2011, 48(8): 1517-1523.

Citation:

PDF (1165 KB)

An Algorithm Based on LRU and SCBF for Elephant Flows Identification and Its Application in DDoS Defense

1(School of Computer Science and Educational Software, Guangzhou University, Guangzhou 510006) 2(School of Information Science and Engineering, Hunan University, Changsha 410082)

More Information

Published Date: August 14, 2011

Graphical Abstract

Abstract

Abstract

It is valuable for defending large-scale network security incidents to identify elephant flows in time and accurately. Aiming at the disadvantages of single use of LRU and SCBF in identifying elephant flows, an elephant flow identification algorithm based on LRU and SCBF, LRU_SCBF, is proposed. The LRU_SCBF uses two-level structure which is LRU list and SCBF array. The arrival mice flow is stored into the SCBF at first. Then it is extracted to the LRU when its count is greater than a certain threshold. If the LRU is full, the mice flow is out from LRU according to the LRU strategy and put into the SCBF, and so on. The elephant flows and mice flows are stored separately. Theoretical analysis and simulated experiment show that the storage complexity is low, and the false positive rate and the false negative are both low in LRU_SCBF. It makes the extraction of elephant flows accurate and timely in high-speed network. Applying this in DDoS defense, we realize the detection and traceback against DDoS attacks in time.
- traffic measurement,
- elephant flow,
- least recently used (LRU),
- space code bloom filters (SCBF),
- DDoS defense

FullText(HTML)

References (0)

[1]	Pan Yuting, Lin Li. A Trust-Based DDoS Discovery Approach for Encrypted Traffic in Cloud Environment[J]. Journal of Computer Research and Development, 2021, 58(4): 822-833. DOI: 10.7544/issn1000-1239.2021.20200183
[2]	Zhang Long, Wang Jinsong. DDoS Attack Detection Model Based on Information Entropy and DNN in SDN[J]. Journal of Computer Research and Development, 2019, 56(5): 909-918. DOI: 10.7544/issn1000-1239.2019.20190017
[3]	Liu Zihao, Zhang Bin, Zhu Ning, Tang Huilin. Adaptive App-DDoS Detection Method Based on Improved AP Algorithm[J]. Journal of Computer Research and Development, 2018, 55(6): 1236-1246. DOI: 10.7544/issn1000-1239.2018.20170124
[4]	Wang Yichuan, Ma Jianfeng, Lu Di, Zhang Liumei, Meng Xianjia. Game Optimization for Internal DDoS Attack Detection in Cloud Computing[J]. Journal of Computer Research and Development, 2015, 52(8): 1873-1882. DOI: 10.7544/issn1000-1239.2015.20140608
[5]	Li Wei, Zhang Dafang, Xie Kun, Li Wenwei, He Jie. A Matrix-Indexed Bloom Filter for Flash-Based Key-Value Store[J]. Journal of Computer Research and Development, 2015, 52(5): 1210-1222. DOI: 10.7544/issn1000-1239.2015.20131940
[6]	Huang Liang, Feng Dengguo, Lian Yifeng, Chen Kai. Artificial-Neural-Network-Based DDoS Defense Effectiveness Evaluation[J]. Journal of Computer Research and Development, 2013, 50(10): 2100-2108.
[7]	Cheng Jieren, Yin Jianping, Liu Yun, Cai Zhiping, Li Min. Detecting Distributed Denial of Service Attack Based on Address Correlation Value[J]. Journal of Computer Research and Development, 2009, 46(8): 1334-1340.
[8]	Ren Wei, Liu Tenghong, Jin Hai. Congestion-Based RoQ DDoS Attacking and Defense Scheme in Mobile Ad Hoc Networks[J]. Journal of Computer Research and Development, 2006, 43(11): 1927-1932.
[9]	Qu Haipeng, Li Dequan, Su Purui, Feng Dengguo. An IP Traceback Scheme with Packet Marking in Blocks[J]. Journal of Computer Research and Development, 2005, 42(12): 2084-2092.
[10]	Zhou Dongqing, Zhang Haifeng, Zhang Shaowu, Hu Xiangpei. A DDoS Attack Detection Method Based on Hidden Markov Model[J]. Journal of Computer Research and Development, 2005, 42(9): 1594-1599.