A Survey of the High-Speed Self-learning Intrusion Detection Research Area
AIMS '07 Proceedings of the 1st international conference on Autonomous Infrastructure, Management and Security: Inter-Domain Management
Robust network monitoring in the presence of non-cooperative traffic queries
Computer Networks: The International Journal of Computer and Telecommunications Networking
Measurement data reduction through variation rate metering
INFOCOM'10 Proceedings of the 29th conference on Information communications
Predictive resource management of multiple monitoring applications
IEEE/ACM Transactions on Networking (TON)
Fit a compact spread estimator in small high-speed memory
IEEE/ACM Transactions on Networking (TON)
Spreader classification based on optimal dynamic bit sharing
IEEE/ACM Transactions on Networking (TON)
A grand spread estimator using a graphics processing unit
Journal of Parallel and Distributed Computing
Hi-index | 0.07 |
Detecting the sources or destinations that have communicated with a large number of distinct destinations or sources (i.e., large "fan-out" or "fan-in") during a small time interval is an important problem in network measurement and security. Previous detection approaches are not able to deliver the desired accuracy at high link speeds (10-40 Gb/s). In this work, we propose two novel algorithms that provide accurate and efficient solutions to this problem. Their designs are based on the insight that sampling and data streaming are often suitable for capturing different and complementary regions of the information spectrum, and a close collaboration between them is an excellent way to recover the complete information. Our first solution builds on the standard hash-based flow sampling algorithm. Its main innovation is that the sampled traffic is further filtered by a data streaming module which allows for much higher sampling rate (hence, much higher accuracy) than achievable with standard hash-based flow sampling. Our second solution is more sophisticated but offers higher accuracy. It combines the power of data streaming in efficiently estimating quantities (e.g., fan-out) associated with a given identity, and the power of sampling in collecting a list of candidate identities. The performance of both solutions are evaluated using both mathematical analysis and trace-driven experiments on real-world Internet traffic