Abstract
The host cardinality is the number of distinct destinations that a host communicates with. Host cardinality is an important metric for high-speed network profiling. With the development of internet, network attacks occur frequently such as worm spreading, DDoS attack and port scanning and so on. One common characteristic of these attacks is that they usually generate a lot of traffic connections in a short time which will lead the host cardinality distribution to change. Hence we can detect these attacks according to the host cardinality distribution. In this paper, we present an algorithm based on continuous virtual vector to estimate the host cardinality distribution. Through experiments using real internet traces, we demonstrate that our algorithm can estimate the host cardinality distribution accurately while using little storage.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
Similar content being viewed by others
References
Li, T., Chen, S., Ling, Y.: Fast and compact per-flow traffic measurement through randomized counter sharing. In: INFOCOM, pp. 1799–1807 (2011)
Lieven, P., Scheuermann, B.: High-speed per-flow traffic measurement with probabilistic multiplicity counting. In: INFOCOM, pp. 1–9 (2010)
Marold, A., Lieven, P., Scheuermann, B.: Probabilistic parallel measurement of network traffic at multiple locations. IEEE Network 26, 6–12 (2012)
Chen, A., Li, L., Cao, J.: Tracking cardinality distributions in network traffic. In: INFOCOM, pp. 819–827 (2009)
Duffield, N., Lund, C., Thorup, M.: Estimating flow distributions from sampled flow statistics. In: SIGCOMM, pp. 325–336 (2003)
Yang, L., Michailidis, G.: Sampled based estimation of network traffic flow characteristics. In: INFOCOM, pp. 1775–1783 (2007)
Kumar, A., Sung, M., Xu, J.J., Wang, J.: Data streaming algorithms for efficient and accurate estimation of flow size distribution. In: SIGMETRICS, vol. 32, pp. 177–188 (2004)
Karamcheti, V., Geiger, D., Kedem, Z., Muthukrishnan, S.: Detecting malicious network traffic using inverse distributions of packet contents. In: SIGCOMM, pp. 165–170 (2005)
Chen, W., Liu, Y., Guan, Y.: Cardinality change-based early detection of largescale cyber-attacks. In: INFOCOM, pp. 1788–1796 (2013)
Guan, X., Wang, P., Qin, T.: A new data streaming method for locating hosts with large connection degree. In: GLOBECOM, pp. 1–6 (2009)
Whang, K.Y., Vander-Zanden, B.T., Taylor, H.M.: A linear-time probabilistic counting algorithm for database applications. ACM Transactions on Database Systems 15, 208–229 (1990)
Estan, C., Varghese, G., Fisk, M.: Bitmap algorithms for counting active flows on high speed links. In: SIGCOMM, pp. 153–166 (2003)
Yoon, M., Li, T., Chen, S., Peir, J.K.: Fit a spread estimator in small memory. In: INFOCOM, pp. 504–512 (2009)
Wide: http://tracer.csl.sony.co.jp/mawi/samplepoint-f/20090330/200903300000.html (2014)
Jslab: http://ntds.njnet.edu.cn/data/index.php (2014)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2014 Springer International Publishing Switzerland
About this paper
Cite this paper
Zhou, X., Liu, W., Li, Z., Gao, W. (2014). A Continuous Virtual Vector-Based Algorithm for Measuring Cardinality Distribution. In: Sun, Xh., et al. Algorithms and Architectures for Parallel Processing. ICA3PP 2014. Lecture Notes in Computer Science, vol 8631. Springer, Cham. https://doi.org/10.1007/978-3-319-11194-0_4
Download citation
DOI: https://doi.org/10.1007/978-3-319-11194-0_4
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-11193-3
Online ISBN: 978-3-319-11194-0
eBook Packages: Computer ScienceComputer Science (R0)