Persistent Spread Measurement for Big Network Data Based on Register Intersection
You Zhou, Yian Zhou, Min Chen, Shigang Chen

TL;DR
This paper introduces VI-HLL, a memory-efficient architecture for persistent spread measurement in big network data, enabling accurate detection of long-term network activities with minimal memory overhead.
Contribution
The paper proposes VI-HLL, a novel compact architecture that significantly improves memory efficiency and measurement range over prior methods for persistent spread measurement.
Findings
VI-HLL outperforms V-Bitmap in memory efficiency.
It achieves accurate measurements with less than 1 bit per flow.
Theoretical and experimental results validate its effectiveness.
Abstract
Persistent spread measurement is to count the number of distinct elements that persist in each network flow for predefined time periods. It has many practical applications, including detecting long-term stealthy network activities in the background of normal-user activities, such as stealthy DDoS attack, stealthy network scan, or faked network trend, which cannot be detected by traditional flow cardinality measurement. With big network data, one challenge is to measure the persistent spreads of a massive number of flows without incurring too much memory overhead as such measurement may be performed at the line speed by network processors with fast but small on-chip memory. We propose a highly compact Virtual Intersection HyperLogLog (VI-HLL) architecture for this purpose. It achieves far better memory efficiency than the best prior work of V-Bitmap, and in the meantime drastically…
Click any figure to enlarge with its caption.
Figure 1Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
Taxonomy
TopicsNetwork Security and Intrusion Detection · Internet Traffic Analysis and Secure E-voting · Network Packet Processing and Optimization
See pages 1-last of paper.pdf
