Flash crowds and denial of service attacks: characterization and implications for CDNs and web sites
Proceedings of the 11th international conference on World Wide Web
New directions in traffic measurement and accounting: Focusing on the elephants, ignoring the mice
ACM Transactions on Computer Systems (TOCS)
Diamond in the rough: finding Hierarchical Heavy Hitters in multi-dimensional data
SIGMOD '04 Proceedings of the 2004 ACM SIGMOD international conference on Management of data
Online identification of hierarchical heavy hitters: algorithms, evaluation, and applications
Proceedings of the 4th ACM SIGCOMM conference on Internet measurement
An improved data stream summary: the count-min sketch and its applications
Journal of Algorithms
Is sampled data sufficient for anomaly detection?
Proceedings of the 6th ACM SIGCOMM conference on Internet measurement
ProgME: towards programmable network measurement
Proceedings of the 2007 conference on Applications, technologies, architectures, and protocols for computer communications
Fast monitoring of traffic subpopulations
Proceedings of the 8th ACM SIGCOMM conference on Internet measurement
A programmable architecture for scalable and real-time network traffic measurements
Proceedings of the 4th ACM/IEEE Symposium on Architectures for Networking and Communications Systems
BURAQ: A Dynamically Reconfigurable System for Stateful Measurement of Network Traffic
FCCM '10 Proceedings of the 2010 18th IEEE Annual International Symposium on Field-Programmable Custom Computing Machines
An adaptive flow counting method for anomaly detection in SDN
Proceedings of the ninth ACM conference on Emerging networking experiments and technologies
| Hi-index | 0.00 |
Streaming network traffic measurements and analysis is critical for detecting and preventing any real-time anomalies in the network. The high speeds and complexity of today's network make the traditional slow open-loop measurement schemes infeasible. We propose an alternate closed-loop measurement paradigm and demonstrate its practical realization. To the heart of our solution are three streaming algorithms that provide a tight integration between the measurement platform and the measurements. The algorithms cater to varying degrees of computational budgets, detection latency, and accuracy. We empirically evaluate our streaming solutions on a highly parallel and programmable measurement platform. The algorithms demonstrate a marked 100% accuracy increase from a recently proposed MRT algorithm in detecting DoS attacks made up of synthetic hard-to-track elephant flows. Our proposed algorithms maintain the worst case complexities of the MRT, while empirically demonstrating a moderate increase in average resource utilization.