Volumetric Hierarchical Heavy Hitters

Hierarchical heavy hitters (HHH) identification is useful for various network utilities such as anomaly detection, DDoS mitigation, and traffic analysis. However, the increasing support for jumbo frames enables attackers to overload the system with fewer packets, avoiding detection by packet counting techniques. This paper suggests an efficient algorithm for detecting HHH based on their traffic volume that asymptotically improves the runtime of previous works. We implement our algorithm in Open vSwitch (OVS) and incur a 4-6% overhead compared to a 42% throughput reduction experienced by the state-of-the-art.

[1]  Marios Hadjieleftheriou,et al.  Methods for finding frequent items in data streams , 2010, The VLDB Journal.

[2]  Roy Friedman,et al.  TinyLFU: A Highly Efficient Cache Admission Policy , 2014, 2014 22nd Euromicro International Conference on Parallel, Distributed, and Network-Based Processing.

[3]  Roy Friedman,et al.  Heavy hitters in streams and sliding windows , 2016, IEEE INFOCOM 2016 - The 35th Annual IEEE International Conference on Computer Communications.

[4]  Divyakant Agrawal,et al.  Efficient Computation of Frequent and Top-k Elements in Data Streams , 2005, ICDT.

[5]  Edo Liberty,et al.  A high-performance algorithm for identifying frequent items in data streams , 2017, Internet Measurement Conference.

[6]  Divesh Srivastava,et al.  Finding hierarchical heavy hitters in streaming data , 2008, TKDD.

[7]  Roy Friedman,et al.  Fast Flow Volume Estimation , 2017, ICDCN.

[8]  Thomas Steinke,et al.  Hierarchical Heavy Hitters with the Space Saving Algorithm , 2011, ALENEX.

[9]  Hong Zhang,et al.  Resilient Datacenter Load Balancing in the Wild , 2017, SIGCOMM.

[10]  Danny Raz,et al.  Network-wide routing-oblivious heavy hitters , 2018, ANCS.

[11]  Peng Liu,et al.  Elastic sketch: adaptive and fast network-wide measurements , 2018, SIGCOMM.

[12]  Martín Casado,et al.  The Design and Implementation of Open vSwitch , 2015, NSDI.

[13]  Divesh Srivastava,et al.  Diamond in the rough: finding Hierarchical Heavy Hitters in multi-dimensional data , 2004, SIGMOD '04.

[14]  Csaba D. Tóth,et al.  Space complexity of hierarchical heavy hitters in multi-dimensional data streams , 2005, PODS '05.

[15]  Ming Zhang,et al.  MicroTE: fine grained traffic engineering for data centers , 2011, CoNEXT '11.

[16]  Farnam Jahanian,et al.  A comparative study of two network-based anomaly detection methods , 2011, 2011 Proceedings IEEE INFOCOM.

[17]  Zhi-Li Zhang,et al.  Adaptive random sampling for load change detection , 2002, SIGMETRICS '02.

[18]  Erez Waisbard,et al.  Constant Time Weighted Frequency Estimation for Virtual Network Functionalities , 2017, 2017 26th International Conference on Computer Communication and Networks (ICCCN).

[19]  Vyas Sekar,et al.  LADS: Large-scale Automated DDoS Detection System , 2006, USENIX Annual Technical Conference, General Track.

[20]  Carsten Lund,et al.  Online identification of hierarchical heavy hitters: algorithms, evaluation, and applications , 2004, IMC '04.

[21]  George Varghese,et al.  CONGA: distributed congestion-aware load balancing for datacenters , 2015, SIGCOMM.

[22]  S. Muthukrishnan,et al.  Heavy-Hitter Detection Entirely in the Data Plane , 2016 .

[23]  Minlan Yu,et al.  Online Measurement of Large Traffic Aggregates on Commodity Switches , 2011, Hot-ICE.

[24]  Sujata Banerjee,et al.  DevoFlow: scaling flow management for high-performance networks , 2011, SIGCOMM 2011.

[25]  Divesh Srivastava,et al.  Finding Hierarchical Heavy Hitters in Data Streams , 2003, VLDB.

[26]  Rong Pan,et al.  AF-QCN: Approximate Fairness with Quantized Congestion Notification for Multi-tenanted Data Centers , 2010, 2010 18th IEEE Symposium on High Performance Interconnects.

[27]  Roy Friedman,et al.  Constant Time Updates in Hierarchical Heavy Hitters , 2017, SIGCOMM.

[28]  Roy Friedman,et al.  Randomized admission policy for efficient top-k and frequency estimation , 2016, IEEE INFOCOM 2017 - IEEE Conference on Computer Communications.

[29]  R. Srikant,et al.  The Power of Slightly More than One Sample in Randomized Load Balancing , 2017, Math. Oper. Res..

[30]  Laurent Vanbever,et al.  Stroboscope: Declarative Network Monitoring on a Budget , 2018, NSDI.

[31]  David P. Woodruff New Algorithms for Heavy Hitters in Data Streams (Invited Talk) , 2016, ICDT.

[32]  Roy Friedman,et al.  Optimal elephant flow detection , 2017, IEEE INFOCOM 2017 - IEEE Conference on Computer Communications.

[33]  Daniel Raumer,et al.  MoonGen: A Scriptable High-Speed Packet Generator , 2014, Internet Measurement Conference.

[34]  Arpit Gupta,et al.  Network-Wide Heavy Hitter Detection with Commodity Switches , 2018, SOSR.