Public access to the Internet
Pricing in computer networks: reshaping the research agenda
ACM SIGCOMM Computer Communication Review
Computer organization and design (2nd ed.): the hardware/software interface
Computer organization and design (2nd ed.): the hardware/software interface
New sampling-based summary statistics for improving approximate query answers
SIGMOD '98 Proceedings of the 1998 ACM SIGMOD international conference on Management of data
Load-sensitive routing of long-lived IP flows
Proceedings of the conference on Applications, technologies, architectures, and protocols for computer communication
Deriving traffic demands for operational IP networks: methodology and experience
Proceedings of the conference on Applications, Technologies, Architectures, and Protocols for Computer Communication
Trajectory sampling for direct traffic observation
Proceedings of the conference on Applications, Technologies, Architectures, and Protocols for Computer Communication
Space/time trade-offs in hash coding with allowable errors
Communications of the ACM
Efficient and flexible value sampling
ASPLOS IX Proceedings of the ninth international conference on Architectural support for programming languages and operating systems
Rapid profiling via stratified sampling
ISCA '01 Proceedings of the 28th annual international symposium on Computer architecture
Charging from sampled network usage
IMW '01 Proceedings of the 1st ACM SIGCOMM Workshop on Internet Measurement
Identifying Long-Term High-Bandwidth Flows at a Router
HiPC '01 Proceedings of the 8th International Conference on High Performance Computing
Computing Iceberg Queries Efficiently
VLDB '98 Proceedings of the 24rd International Conference on Very Large Data Bases
A simple algorithm for finding frequent elements in streams and bags
ACM Transactions on Database Systems (TODS)
Catching Accurate Profiles in Hardware
HPCA '03 Proceedings of the 9th International Symposium on High-Performance Computer Architecture
Proceedings of the 2003 ACM SIGMOD international conference on Management of data
Wide-area Internet traffic patterns and characteristics
IEEE Network: The Magazine of Global Internetworking
On the difficulty of scalably detecting network attacks
Proceedings of the 11th ACM conference on Computer and communications security
Duplicate detection in click streams
WWW '05 Proceedings of the 14th international conference on World Wide Web
A simpler and more efficient deterministic scheme for finding frequent items over sliding windows
Proceedings of the twenty-fifth ACM SIGMOD-SIGACT-SIGART symposium on Principles of database systems
Fair service for mice in the presence of elephants
Information Processing Letters
An integrated efficient solution for computing frequent and top-k elements in data streams
ACM Transactions on Database Systems (TODS)
Data streams: algorithms and applications
Foundations and Trends® in Theoretical Computer Science
A dictionary for approximate string search and longest prefix search
CIKM '06 Proceedings of the 15th ACM international conference on Information and knowledge management
High-throughput sketch update on a low-power stream processor
Proceedings of the 2006 ACM/IEEE symposium on Architecture for networking and communications systems
Fast data stream algorithms using associative memories
Proceedings of the 2007 ACM SIGMOD international conference on Management of data
The power of slicing in internet flow measurement
IMC '05 Proceedings of the 5th ACM SIGCOMM conference on Internet Measurement
WormShield: Fast Worm Signature Generation with Distributed Fingerprint Aggregation
IEEE Transactions on Dependable and Secure Computing
Instability effects of two-way traffic in a TCP/AQM system
Computer Communications
ProgME: towards programmable network measurement
Proceedings of the 2007 conference on Applications, technologies, architectures, and protocols for computer communications
Resource sharing in continuous sliding-window aggregates
VLDB '04 Proceedings of the Thirtieth international conference on Very large data bases - Volume 30
Explicit constructions for compressed sensing of sparse signals
Proceedings of the nineteenth annual ACM-SIAM symposium on Discrete algorithms
A generic language for application-specific flow sampling
ACM SIGCOMM Computer Communication Review
Secretly monopolizing the CPU without superuser privileges
SS'07 Proceedings of 16th USENIX Security Symposium on USENIX Security Symposium
A scalable sampling scheme for clustering in network traffic analysis
Proceedings of the 2nd international conference on Scalable information systems
Memory Efficient Algorithm for Mining Recent Frequent Items in a Stream
RSEISP '07 Proceedings of the international conference on Rough Sets and Intelligent Systems Paradigms
Fast monitoring of traffic subpopulations
Proceedings of the 8th ACM SIGCOMM conference on Internet measurement
Adaptive shared-state sampling
Proceedings of the 8th ACM SIGCOMM conference on Internet measurement
SLEUTH: Single-pubLisher attack dEtection Using correlaTion Hunting
Proceedings of the VLDB Endowment
Certainty closure: Reliable constraint reasoning with incomplete or erroneous data
ACM Transactions on Computational Logic (TOCL)
A programmable architecture for scalable and real-time network traffic measurements
Proceedings of the 4th ACM/IEEE Symposium on Architectures for Networking and Communications Systems
A Sampling Method for Intrusion Detection System
APNOMS '08 Proceedings of the 11th Asia-Pacific Symposium on Network Operations and Management: Challenges for Next Generation Network Operations and Service Management
The design of a query monitoring system
ACM Transactions on Database Systems (TODS)
HIDS: a multifunctional generator of hierarchical data streams
ACM SIGMIS Database
Portscan Detection with Sampled NetFlow
TMA '09 Proceedings of the First International Workshop on Traffic Monitoring and Analysis
Every microsecond counts: tracking fine-grain latencies with a lossy difference aggregator
Proceedings of the ACM SIGCOMM 2009 conference on Data communication
On the detection of signaling DoS attacks on 3G/WiMax wireless networks
Computer Networks: The International Journal of Computer and Telecommunications Networking
TCP revisited: a fresh look at TCP in the wild
Proceedings of the 9th ACM SIGCOMM conference on Internet measurement conference
An analysis of packet sampling in the frequency domain
Proceedings of the 9th ACM SIGCOMM conference on Internet measurement conference
Improvement of LRU cache for the detection and control of long-lived high bandwidth flows
Computer Communications
mPlane: an architecture for scalable fault localization
Proceedings of the 2009 workshop on Re-architecting the internet
On the statistical characterization of flows in Internet traffic with application to sampling
Computer Communications
Differential equation models of flow-size based priorities in internet routers
International Journal of Systems, Control and Communications
Fast classification and estimation of internet traffic flows
PAM'07 Proceedings of the 8th international conference on Passive and active network measurement
Discovering correlated items in data streams
PAKDD'07 Proceedings of the 11th Pacific-Asia conference on Advances in knowledge discovery and data mining
Finding frequent items in data streams using ESBF
PAKDD'07 Proceedings of the 2007 international conference on Emerging technologies in knowledge discovery and data mining
Aggregate computation over data streams
APWeb'08 Proceedings of the 10th Asia-Pacific web conference on Progress in WWW research and development
Packet sampling for flow accounting: challenges and limitations
PAM'08 Proceedings of the 9th international conference on Passive and active network measurement
Journal of Network and Computer Applications
An online framework for catching top spreaders and scanners
Computer Networks: The International Journal of Computer and Telecommunications Networking
Policy-based monitoring and high precision control for converged multi-gigabit IP networks
APNOMS'09 Proceedings of the 12th Asia-Pacific network operations and management conference on Management enabling the future internet for changing business and new computing services
Computer Networks: The International Journal of Computer and Telecommunications Networking
High-speed per-flow traffic measurement with probabilistic multiplicity counting
INFOCOM'10 Proceedings of the 29th conference on Information communications
Measurouting: a framework for routing assisted traffic monitoring
INFOCOM'10 Proceedings of the 29th conference on Information communications
Two samples are enough: opportunistic flow-level latency estimation using netflow
INFOCOM'10 Proceedings of the 29th conference on Information communications
Finding top-k elements in data streams
Information Sciences: an International Journal
Evolution of cache replacement policies to track heavy-hitter flows
Proceedings of the 6th ACM/IEEE Symposium on Architectures for Networking and Communications Systems
Estimating top-k destinations in data streams
IPMU'10 Proceedings of the Computational intelligence for knowledge-based systems design, and 13th international conference on Information processing and management of uncertainty
Experience with high-speed automated application-identification for network-management
Proceedings of the 5th ACM/IEEE Symposium on Architectures for Networking and Communications Systems
Approximate counting with a floating-point counter
COCOON'10 Proceedings of the 16th annual international conference on Computing and combinatorics
Network DVR: a programmable framework for application-aware trace collection
PAM'10 Proceedings of the 11th international conference on Passive and active measurement
Sequential hashing: A flexible approach for unveiling significant patterns in high speed networks
Computer Networks: The International Journal of Computer and Telecommunications Networking
Popularity is everything: a new approach to protecting passwords from statistical-guessing attacks
HotSec'10 Proceedings of the 5th USENIX conference on Hot topics in security
Transformation-based parallelization of request-processing applications
MODELS'10 Proceedings of the 13th international conference on Model driven engineering languages and systems: Part II
Parallelizing weighted frequency counting in high-speed network monitoring
Computer Communications
ProgME: towards programmable network measurement
IEEE/ACM Transactions on Networking (TON)
Bounded vector signatures and their applications
Proceedings of the 6th ACM Symposium on Information, Computer and Communications Security
A Generalized Bloom Filter to Secure Distributed Network Applications
Computer Networks: The International Journal of Computer and Telecommunications Networking
Evolution of cache replacement policies to track heavy-hitter flows
PAM'11 Proceedings of the 12th international conference on Passive and active measurement
Finding heavy distinct hitters in data streams
Proceedings of the twenty-third annual ACM symposium on Parallelism in algorithms and architectures
Fine-grained latency and loss measurements in the presence of reordering
Proceedings of the ACM SIGMETRICS joint international conference on Measurement and modeling of computer systems
The design and evolution of live storage migration in VMware ESX
USENIXATC'11 Proceedings of the 2011 USENIX conference on USENIX annual technical conference
Space-efficient tracking of persistent items in a massive data stream
Proceedings of the 5th ACM international conference on Distributed event-based system
Fine-grained latency and loss measurements in the presence of reordering
ACM SIGMETRICS Performance Evaluation Review - Performance evaluation review
Predictive resource management of multiple monitoring applications
IEEE/ACM Transactions on Networking (TON)
One is enough: distributed filtering for duplicate elimination
Proceedings of the 20th ACM international conference on Information and knowledge management
Streaming Solutions for Fine-Grained Network Traffic Measurements and Analysis
Proceedings of the 2011 ACM/IEEE Seventh Symposium on Architectures for Networking and Communications Systems
LEISURE: A Framework for Load-Balanced Network-Wide Traffic Measurement
Proceedings of the 2011 ACM/IEEE Seventh Symposium on Architectures for Networking and Communications Systems
Sketching the delay: tracking temporally uncorrelated flow-level latencies
Proceedings of the 2011 ACM SIGCOMM conference on Internet measurement conference
Trust extension as a mechanism for secure code execution on commodity computers
Trust extension as a mechanism for secure code execution on commodity computers
STACS'06 Proceedings of the 23rd Annual conference on Theoretical Aspects of Computer Science
Estimating entropy and entropy norm on data streams
STACS'06 Proceedings of the 23rd Annual conference on Theoretical Aspects of Computer Science
CIS'05 Proceedings of the 2005 international conference on Computational Intelligence and Security - Volume Part II
ASIAN'04 Proceedings of the 9th Asian Computing Science conference on Advances in Computer Science: dedicated to Jean-Louis Lassez on the Occasion of His 5th Cycle Birthday
Semantic compression of TCP traces
NETWORKING'06 Proceedings of the 5th international IFIP-TC6 conference on Networking Technologies, Services, and Protocols; Performance of Computer and Communication Networks; Mobile and Wireless Communications Systems
Efficient computation of frequent and top-k elements in data streams
ICDT'05 Proceedings of the 10th international conference on Database Theory
Mitigating network denial-of-service through diversity-based traffic management
ACNS'05 Proceedings of the Third international conference on Applied Cryptography and Network Security
Streams, security and scalability
DBSec'05 Proceedings of the 19th annual IFIP WG 11.3 working conference on Data and Applications Security
Some observations of internet stream lifetimes
PAM'05 Proceedings of the 6th international conference on Passive and Active Network Measurement
Fair bandwidth allocation without per-flow state
Theoretical Computer Science
Efficient packet sampling for accurate traffic measurements
Computer Networks: The International Journal of Computer and Telecommunications Networking
MeasuRouting: a framework for routing assisted traffic monitoring
IEEE/ACM Transactions on Networking (TON)
Opportunistic flow-level latency estimation using consistent netflow
IEEE/ACM Transactions on Networking (TON)
Secure Distributed Data Aggregation
Foundations and Trends in Databases
International Journal of Sensor Networks
Router support for fine-grained latency measurements
IEEE/ACM Transactions on Networking (TON)
Using trustworthy host-based information in the network
Proceedings of the seventh ACM workshop on Scalable trusted computing
Duplicate detection in pay-per-click streams using temporal stateful Bloom filters
International Journal of Data Analysis Techniques and Strategies
Inverting flow durations from sampled traffic
Proceedings of the 24th International Teletraffic Congress
Optimizing adaptive multi-route query processing via time-partitioned indices
Journal of Computer and System Sciences
Computer Networks: The International Journal of Computer and Telecommunications Networking
Scalable identification and measurement of heavy-hitters
Computer Communications
Line speed accurate superspreader identification using dynamic error compensation
Computer Communications
A methodological overview on anomaly detection
DataTraffic Monitoring and Analysis
Mining frequent items in data stream using time fading model
Information Sciences: an International Journal
Optimally Adaptive Power-Saving Protocols for Ad Hoc Networks Using the Hyper Quorum System
IEEE/ACM Transactions on Networking (TON)
Hi-index | 0.00 |
Accurate network traffic measurement is required for accounting, bandwidth provisioning and detecting DoS attacks. These applications see the traffic as a collection of flows they need to measure. As link speeds and the number of flows increase, keeping a counter for each flow is too expensive (using SRAM) or slow (using DRAM). The current state-of-the-art methods (Cisco's sampled NetFlow), which count periodically sampled packets are slow, inaccurate and resource-intensive. Previous work showed that at different granularities a small number of "heavy hitters" accounts for a large share of traffic. Our paper introduces a paradigm shift by concentrating the measurement process on large flows only---those above some threshold such as 0.1% of the link capacity.We propose two novel and scalable algorithms for identifying the large flows: sample and hold and multistage filters, which take a constant number of memory references per packet and use a small amount of memory. If M is the available memory, we show analytically that the errors of our new algorithms are proportional to 1/M; by contrast, the error of an algorithm based on classical sampling is proportional to 1/&sqrt;M, thus providing much less accuracy for the same amount of memory. We also describe optimizations such as early removal and conservative update that further improve the accuracy of our algorithms, as measured on real traffic traces, by an order of magnitude. Our schemes allow a new form of accounting called threshold accounting in which only flows above a threshold are charged by usage while the rest are charged a fixed fee. Threshold accounting generalizes usage-based and duration based pricing.