A recurring task in security monitoring consists in finding scan-type flows, namely flows which exhibit a large cardinality in terms of number of distinct source/destination addresses, or in most generality packet-level identifiers (e.g. ports, header fields, etc). But cardinality estimation requires to 'remember' the identifiers seen in the past, and becomes quite challenging when the goal is to implement per-flow distinct count at wire speed, while maintaining high processing throughput and limited memory footprint. In this demo, we will show how to use HyperLogLog sketches to implement an efficient and innovative top-k cardinality estimation algorithm, called FlowFight. The algorithm has been tested and integrated in a full-fledged software router such as Vector Packet Processor.
DEMO: Top-k cardinality estimation with HyperLogLog sketches / Bruschi, V.; Pontarelli, S.; Tolle, J.; Barach, D.; Bianchi, G.. - (2021), pp. 83-85. (Intervento presentato al convegno 24th Conference on Innovation in Clouds, Internet and Networks and Workshops, ICIN 2021 tenutosi a fra) [10.1109/ICIN51074.2021.9385549].
DEMO: Top-k cardinality estimation with HyperLogLog sketches
Pontarelli S.;
2021
Abstract
A recurring task in security monitoring consists in finding scan-type flows, namely flows which exhibit a large cardinality in terms of number of distinct source/destination addresses, or in most generality packet-level identifiers (e.g. ports, header fields, etc). But cardinality estimation requires to 'remember' the identifiers seen in the past, and becomes quite challenging when the goal is to implement per-flow distinct count at wire speed, while maintaining high processing throughput and limited memory footprint. In this demo, we will show how to use HyperLogLog sketches to implement an efficient and innovative top-k cardinality estimation algorithm, called FlowFight. The algorithm has been tested and integrated in a full-fledged software router such as Vector Packet Processor.I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.
