ExtendedSketch: Fusing Network Traffic for Super Host Identification with a Memory Efficient Sketch
Loading...
Access rights
openAccess
publishedVersion
URL
Journal Title
Journal ISSN
Volume Title
A1 Alkuperäisartikkeli tieteellisessä aikakauslehdessä
This publication is imported from Aalto University research portal.
View publication in the Research portal (opens in new window)
View/Open full text file from the Research portal (opens in new window)
Other link related to publication (opens in new window)
View publication in the Research portal (opens in new window)
View/Open full text file from the Research portal (opens in new window)
Other link related to publication (opens in new window)
Date
2021-09-09
Major/Subject
Mcode
Degree programme
Language
en
Pages
12
Series
IEEE Transactions on Dependable and Secure Computing
Abstract
Sketches have been widely applied to identify super hosts in an efficient and accurate way. However, most sketches cannot flexibly balance memory usage and accuracy in host cardinality estimation. In order to solve this issue, we propose a novel extensible and reversible sketch, named ExtendedSketch, to achieve accurate super host identification with high memory efficiency. The core idea of ExtendedSketch is to monitor low-cardinality hosts with small-sized counters while dynamically extend the size of counters when monitoring high-cardinality hosts by applying an adaptive extension strategy. Such the strategy can adaptively increase counter size according to network traffic status at runtime, which not only ensures the accuracy of high-cardinality host estimation but also avoids unnecessary memory consumption. We perform theoretical analysis and conduct a series of experimental evaluations on ExtendedSketch based on real world network traffic. Experimental results show that under same memory usage, compared to the state-of-the-art, ExtendedSketch achieves 1.47.5 times smaller error rate in measuring host cardinality with 1.926.7 times better accuracy on super host identification and 95215 times faster speed on abnormal address reconstruction. Its advance in accuracy and efficiency demonstrates the practical significance of ExtendedSketch for super host identification.Description
Publisher Copyright: Author
Keywords
Estimation, Hash functions, Host cardinality estimation, Information filters, Licenses, Memory efficiency, Memory management, Monitoring, Network traffic measurement, Size measurement, Sketch, Super host identification
Other note
Citation
Jing, X, Yan, Z, Han, H & Pedrycz, W 2021, ' ExtendedSketch : Fusing Network Traffic for Super Host Identification with a Memory Efficient Sketch ', IEEE Transactions on Dependable and Secure Computing . https://doi.org/10.1109/TDSC.2021.3111328