TL;DR
This paper introduces a randomized constant time algorithm for hierarchical heavy hitters detection, significantly reducing processing overhead while maintaining accuracy, and demonstrates its high performance in real-world network environments.
Contribution
The paper presents the first randomized constant time algorithm for hierarchical heavy hitters detection, enabling faster processing with comparable accuracy to existing methods.
Findings
Achieves up to 62 times faster processing than previous algorithms.
Handles 13.8 million packets per second in Open vSwitch.
Maintains accuracy and recall comparable to prior algorithms.
Abstract
Monitoring tasks, such as anomaly and DDoS detection, require identifying frequent flow aggregates based on common IP prefixes. These are known as \emph{hierarchical heavy hitters} (HHH), where the hierarchy is determined based on the type of prefixes of interest in a given application. The per packet complexity of existing HHH algorithms is proportional to the size of the hierarchy, imposing significant overheads. In this paper, we propose a randomized constant time algorithm for HHH. We prove probabilistic precision bounds backed by an empirical evaluation. Using four real Internet packet traces, we demonstrate that our algorithm indeed obtains comparable accuracy and recall as previous works, while running up to 62 times faster. Finally, we extended Open vSwitch (OVS) with our algorithm and showed it is able to handle 13.8 million packets per second. In contrast, incorporating…
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Code & Models
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
