دانلود رایگان مقاله مدل های تصفیه برای تشخیص ترافیک های مخرب در شبکه ها در مقیاس بزرگ

abstract

This study proposes a capable, scalable, and reliable edge-to-edge model for filtering malicious traffic through real-time monitoring of the impact of user behavior on quality of service (QoS) regulations. The model investigates user traffic, including that injected through distributed gateways and that destined to gateways that are experiencing actual attacks. Misbehaving traffic filtration is triggered only when the network is congested, at which point burst gateways generate an explicit congestion notification (ECN) to misbehaving users. To investigate the behavior of misbehaving user traffic, packet delay variation (PDV) ratios are actively estimated and packet transfer rates are passively measured at a unit time. Users who exceed the PDV bit rates specified in their service level agreements (SLAs) are filtered as suspicious users. In addition, suspicious users who exceed the SLA bandwidth bit rates are filtered as network intruders. Simulation results demonstrate that the proposed model efficiently filters network traffic and precisely detects malicious traffic.

7. Conclusion and future work

The model proposed in this study detects the attack before it happens with early warning notifications to uncover intruders while still in the planning stages of an attack. Monitoring ECNs as an early notification when anomaly congestion surfaces is beneficial for filtering malicious traffic and minimizing potential overhead and resources associated with intrusions. Although the results are based on simulation scenarios, a comparison of approximate results indicates that the use of ECNs to trigger traffic filtration reduces more than 40% of traffic investigation overhead and assists the proposed algorithm in supporting a large-scale network in a scalable manner. Estimation of the PDV of misbehaving users ensures that suspicious users are filtered and that the scope of bandwidth measurement is reduced from 40 to 36 suspicious users. The strategy of the proposed model to postpone passive measurements until the final stages and limit the scope to suspicious users also results in a continuously accurate and scalable system performance throughout the measurement period. By providing overlay network-based multi-MRs as a reliable solution for single-point-of-failure problems, this model can obviate failures in making traffic filtration decisions. Conducting an alternative solution for investigating the mBusr-traffic destined to nonresponded edges also increases the reliability of the proposed model to investigate all user traffic, thus resulting in accurate filtration.