Cardinality Estimation for Elephant Flows: A Compact Solution Based on Virtual Register Sharing

Xiao, Qingjun; Chen, Shigang; Zhou, You; Chen, Min; Luo, Junzhou; Li, Tengli; Ling, Yibei

doi:10.1109/tnet.2017.2753842

Cited by 37 publications

(22 citation statements)

References 21 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…1) Virtual HyperLogLog (vHLL) [19]: we were not able to implement this strategy for three reasons: (i.) we could not find a way to count tailing 0s for the Update operation in HyperLogLog; (ii.)…”

Section: F Limitations Hindering the Implementation Of Other Solutionsmentioning

confidence: 99%

In-Network Volumetric DDoS Victim Identification Using Programmable Commodity Switches

Ding

Savi

Pederzolli

et al. 2021

IEEE Trans. Netw. Serv. Manage.

View full text Add to dashboard Cite

Volumetric distributed Denial-of-Service (DDoS) attacks have become one of the most significant threats to modern telecommunication networks. However, most existing defense systems require that detection software operates from a centralized monitoring collector, leading to increased traffic load and delayed response. The recent advent of Data Plane Programmability (DPP) enables an alternative solution: thresholdbased volumetric DDoS detection can be performed directly in programmable switches to skim only potentially hazardous traffic, to be analyzed in depth at the controller. In this paper, we first introduce the BACON data structure based on sketches, to estimate per-destination flow cardinality, and theoretically analyze it. Then we employ it in a simple in-network DDoS victim identification strategy, INDDoS, to detect the destination IPs for which the number of incoming connections exceeds a predefined threshold. We describe its hardware implementation on a Tofino-based programmable switch using the domain-specific P4 language, proving that some limitations imposed by real hardware to safeguard processing speed can be overcome to implement relatively complex packet manipulations. Finally, we present some experimental performance measurements, showing that our programmable switch is able to keep processing packets at line-rate while performing volumetric DDoS detection, and also achieves a high F1 score on DDoS victim identification.

show abstract

Section: F Limitations Hindering the Implementation Of Other Solutionsmentioning

confidence: 99%

In-Network Volumetric DDoS Victim Identification Using Programmable Commodity Switches

Ding

Savi

Pederzolli

et al. 2021

IEEE Trans. Netw. Serv. Manage.

View full text Add to dashboard Cite

show abstract

“…The accuracy of the cardinality estimation algorithm is evaluated by standard error [16]. Let n denote the cardinality of aip and n' denote the estimated value obtained by an algorithm.…”

Section: Cardinality Estimationmentioning

confidence: 99%

“…The counter of each logical estimator is randomly selected from a counter pool, as shown in Figure 2. The virtual estimator can be LE [26] [27], Hyper-LogLog [16] and so on. Every counter in the virtual counter vector is relative to a physical counter in the pool.…”

Section: Multi Cardinalities Estimationmentioning

confidence: 99%

VATE: A trade-off between memory and preserving time for high accurate cardinality estimation under sliding time window

Ding

et al. 2019

Computer Communications

View full text Add to dashboard Cite

“…Estimating-based methods [17] are proposed to improve the processing speed and reduce the memory consumption. These methods are based on cardinality estimator.…”

Section: Related Workmentioning

confidence: 99%

A Super Point Detection Algorithm Under Sliding Time Windows Based on Rough and Linear Estimators

Ding

Gong

et al. 2019

IEEE Access

View full text Add to dashboard Cite

Detecting super points from high-speed networks can effectively help to monitor networks, which is a hot topic in network fields. Most existing algorithms are carried out under discrete time windows and the results are in a certain percentage of omission. In this paper, the phenomenon of missed super points detection in discrete time windows is analyzed based on real-world traffic. Then a new algorithm, which detects the super points under sliding time windows, is proposed. Our algorithm uses a lightweight estimator to identify candidate super points and a linear estimator to filter super points. The lightweight estimator is fast, and the linear estimator has high accuracy. Both the lightweight estimator and the linear estimator adopt a data structure, called distance recorder, to support sliding time windows. Moreover, our algorithm is also a parallel algorithm. On the basis of thoroughly discussing the mathematic principles and operation steps of our algorithm, two groups of real-world traffic from a 40-Gb/s high-speed network are applied in the experiments which running on a graphic processing unit (GPU). The experiments are conducted under discrete time windows and sliding time windows separately. The former results show that our algorithm is superior to other existing algorithms in the comprehensive performance, and the latter results indicate that our algorithm can run steadily under sliding time windows.

show abstract

Cardinality Estimation for Elephant Flows: A Compact Solution Based on Virtual Register Sharing

Cited by 37 publications

References 21 publications

In-Network Volumetric DDoS Victim Identification Using Programmable Commodity Switches

In-Network Volumetric DDoS Victim Identification Using Programmable Commodity Switches

VATE: A trade-off between memory and preserving time for high accurate cardinality estimation under sliding time window

A Super Point Detection Algorithm Under Sliding Time Windows Based on Rough and Linear Estimators

Contact Info

Product

Resources

About