A Data Streaming Algorithm for Detection of Superpoints With Small Memory Consumption

A superpoint is a host that communicates with a large number of distinct destinations (sources) within a measurement period. Identifying superpoints is an important and meaningful task for network security and monitoring. To keep up with the line speed in a high-speed network, fast memory is indispensable for detecting superpoints. Moreover, the memory is also expensive and size-limited. In this letter, we propose a new data streaming algorithm for detecting superpoints, called Snare, which can work in tight memory space and yield good performance. Its accuracy and efficiency come from a new data structure snare and the compensation mechanism for the number of lost flows. Theoretical analysis and experimental results show that Snare can detect superpoints accurately and efficiently.

[1]  Pele Li,et al.  A survey of internet worm detection and containment , 2008, IEEE Communications Surveys & Tutorials.

[2]  Kyu-Young Whang,et al.  A linear-time probabilistic counting algorithm for database applications , 1990, TODS.

[3]  Saman Taghavi Zargar,et al.  A Survey of Defense Mechanisms Against Distributed Denial of Service (DDoS) Flooding Attacks , 2013, IEEE Communications Surveys & Tutorials.

[4]  Dawn Xiaodong Song,et al.  New Streaming Algorithms for Fast Detection of Superspreaders , 2005, NDSS.

[5]  Jih-Kwon Peir,et al.  Fit a Compact Spread Estimator in Small High-Speed Memory , 2011, IEEE/ACM Transactions on Networking.

[6]  Keqiu Li,et al.  Detection of Superpoints Using a Vector Bloom Filter , 2016, IEEE Transactions on Information Forensics and Security.

[7]  Tao Qin,et al.  A Data Streaming Method for Monitoring Host Connection Degrees of High-Speed Links , 2011, IEEE Transactions on Information Forensics and Security.

[8]  Tatsuya Mori,et al.  Simple and Adaptive Identification of Superspreaders by Flow Sampling , 2007, IEEE INFOCOM 2007 - 26th IEEE International Conference on Computer Communications.