Presentation is loading. Please wait.

Presentation is loading. Please wait.

Scalable and Efficient Data Streaming Algorithms for Detecting Common Content in Internet Traffic Minho Sung Networking & Telecommunications Group College.

Published byAmice Lee Modified over 8 years ago

Similar presentations

Presentation on theme: "Scalable and Efficient Data Streaming Algorithms for Detecting Common Content in Internet Traffic Minho Sung Networking & Telecommunications Group College."— Presentation transcript:

1 Scalable and Efficient Data Streaming Algorithms for Detecting Common Content in Internet Traffic Minho Sung Networking & Telecommunications Group College of Computing Georgia Institute of Technology Joint work with A. Kumar(Georgia Tech), L. Li (Bell lab), J. Wang(AT&T – Research) and J. Xu(Georgia Tech) 2nd IEEE International Workshop on Networking Meets Databases

2 1/17 Monitoring and analyzing aggregate traffic Essential for detecting “global” events –important in network measurement/management We focus on : detecting common content –motivations early stage detection of Internet worms/viruses/spam emails flash crowd event detection in web browsing or P2P traffic –challenge : hard to detect by per-link monitoring signal is usually too weak to be detected locally correlation of traffic among many links is required our approach : distributed data streaming

3 2/17 Problem statement Aligned case (e.g. Web browsing, CodeRed worm) Unaligned case (e.g. Email worms such as Nimda or Sircam) Assumption : fixed MTU size is used –few popular packet sizes in Internet (> 500) (e.g. 576,1500) –our algorithm can be extended later header 1common substring header 2common substring packetization header 1common substring header 2common substring

4 3/17 Solution framework Data Collection Module Data Collection Module Packet stream 1. Update Packet stream 1. Update Monitoring station 2 Monitoring station m m x n 3. Compose matrix Data Collection Module Packet stream 1. Update Monitoring station 1 1 x n Data Analysis Module 2. Transmit digest Central Monitoring Station 4. Analyze & sound alarm Feedback to stations Valued customers

5 4/17 Challenges & Requirements Data Collection Module –fast enough for high-speed links –much smaller size of digests than original traffic –digests should contain enough information Data Analysis Module –low computational complexity –high accuracy in identifying patterns

6 5/17 –size of bitmap n determined by link speed & measurement epoch Assuming 1000 bits average packet size, 4 Mbits for OC-48 (2.4 Gbps) is enough for 1 sec traffic –hash packets only if enough payload exist (  500bytes) Aligned case : Data Collection Module 1. pkt arrives IP header contents 3. Set a bit 1 2. Get an index hash n

7 6/17 Aligned case : Data Analysis Module – a x b submatrix : common content of b packets seen by a points –problem of finding the largest all-1 submatrix in general case equivalent to “maximum edge biclique problem” : known to NP-hard –our case is more tractable : each element is drawn by Bernoulli trial our polynomial greedy algorithm utilizes this property 1 1111 11 11 111 1 1 1 1 1 1 11 11 11 11 1 1 1 11 1 1 1 1 2 3 a 123b 12345n 1 2 3 4 5 m 1 1111 m x n bitmap composed after receiving 1 x n digests from m routers red 1s : a x b pattern gray 1s: noises Header 1Common substring Header 2Common substring

8 7/17 Case 2 : Unaligned case Much more challenging than aligned case –same content can be packetized differently –detecting correlations among bitmaps is more complex assuming 576 MTU size & prefix length ~ uniform[0,535], matching probability between bitmaps is only 1/536. Our approaches –data collection amplify the weakened signal due to the noise (random offsets) design two techniques : offset sampling and flow splitting –data analysis design new statistical data analysis techniques Header 1Common substring Header 2Common substring prefix length

9 8/17 Unaligned case: Data Collection Module Offset sampling –use k bitmaps : can magnify signal strength to around k 2 –update bitmaps using k random offsets in [0,535] A[1] A[2] A[k] A[3] IP header contents Hash len 1 Offset[1] Offset[2] Offset[k] Hash 1 len Hash len 1 1

10 9/17 Unaligned case: Data Collection Module flow splitting –split flows into t different groups of arrays –increases correlation between two matching arrays IP header contents flow label Hash group 1group 2group t flow 21,6,3… flow 2,10,9…

11 10/17 Overview of statistical techniques Phase transition theory in ER random graph –ER graph G(n,p) n : number of vertices p : probability that two vertices are connected by an edge –phase transition theory if p  1/n, all connected components are of size O(log n) if p > 1/n, a giant connected components of  (n) begins to emerge p  1/n p > 1/n

12 11/17 Unaligned case: Data Analysis Module Converting bitmaps to a graph 1)vertex mapping 2 3 m group 1group 2group t 1 12t 2)edge mapping if matching_test(group1,group2) = positive  add an edge matching_test

13 12/17 Unaligned case: Data Analysis Module Case 1 - no large common content - output : random graph G(n,p) (by tuning thresholds) 1 2 3 m 12t Case 2 - contains popular common content - output : random graph G(n,p) + preferential attachment 1 2 3 m 12t

14 13/17 Overview of statistical techniques Erdös-Renyi test : pattern presence test –procedure 1)pairwise correlation is computed 2)construct a graph with scaling factor p ( < 1/n ) 3)test {the size of largest connected component >> O(log n) } –can provide very accurate binary(yes/no) answer Finding the core : identifying nodes –greedy algorithm to find most of the nodes that saw the common content is proposed

15 14/17 Computational complexity Major bottleneck : bitmap-to-graph conversion –memory read-only operation : can be highly parallelized use multiple processors use specially designed hardwares –reduce detection accuracy to decrease the complexity can reduce number of monitoring points or groups find pattern in only sampled vertices

16 15/17 Unaligned case: Evaluation Simulation : monitor 800 links x 128 groups each = 102,400 vertices Erdös-Renyi test –common content is packetized into 100 packets –p = 0.65/10 5 ( < phase transition probability 1/n = 1.024/10 5 ) –varing # of vertices seen the common content 120 vertices seen (15%) 140 vertices seen (17.5%)

17 16/17 Unaligned case: Evaluation Finding the core Evaluation using tier-1 ISP trace –demonstrates the effectiveness of the proposed algorithms # packets in common content # of vertices seen the common content Average Core Size Average False Negative Average False Positive 100 125 144 165 65.3(50%) 112.1(75%) 154.4(90%) 0.485 0.241 0.099 0.014 0.025 0.037 110 67 77 89 35.6(50%) 59.3(75%) 81.8(90%) 0.481 0.239 0.096 0.023 0.012 0.017 120 44 51 57 22.4(50%) 38.5(75%) 51.9(90%) 0.491 0.249 0.092 0.001 0.006 0.002

18 17/17 Conclusion designed a distributed algorithms to detect common content in Internet traffic proposed distributed data streaming approach algorithms are shown to be effective through extensive simulations

19 Thank you !

Download ppt "Scalable and Efficient Data Streaming Algorithms for Detecting Common Content in Internet Traffic Minho Sung Networking & Telecommunications Group College."

Similar presentations

Monitoring very high speed links Gianluca Iannaccone Sprint ATL joint work with: Christophe Diot – Sprint ATL Ian Graham – University of Waikato Nick McKeown.

Monitoring very high speed links Gianluca Iannaccone Sprint ATL joint work with: Christophe Diot – Sprint ATL Ian Graham – University of Waikato Nick McKeown.
IP Router Architectures. Outline Basic IP Router Functionalities IP Router Architectures.

IP Router Architectures. Outline Basic IP Router Functionalities IP Router Architectures.
New Directions in Traffic Measurement and Accounting Cristian Estan – UCSD George Varghese - UCSD Reviewed by Michela Becchi Discussion Leaders Andrew.

New Directions in Traffic Measurement and Accounting Cristian Estan – UCSD George Varghese - UCSD Reviewed by Michela Becchi Discussion Leaders Andrew.
Data Streaming Algorithms for Accurate and Efficient Measurement of Traffic and Flow Matrices Qi Zhao*, Abhishek Kumar*, Jia Wang + and Jun (Jim) Xu* *College.

Data Streaming Algorithms for Accurate and Efficient Measurement of Traffic and Flow Matrices Qi Zhao*, Abhishek Kumar*, Jia Wang + and Jun (Jim) Xu* *College.
1 CONGESTION CONTROL. 2 Congestion Control When one part of the subnet (e.g. one or more routers in an area) becomes overloaded, congestion results. Because.

1 CONGESTION CONTROL. 2 Congestion Control When one part of the subnet (e.g. one or more routers in an area) becomes overloaded, congestion results. Because.
A Fast and Compact Method for Unveiling Significant Patterns in High-Speed Networks Tian Bu 1, Jin Cao 1, Aiyou Chen 1, Patrick P. C. Lee 2 Bell Labs,

A Fast and Compact Method for Unveiling Significant Patterns in High-Speed Networks Tian Bu 1, Jin Cao 1, Aiyou Chen 1, Patrick P. C. Lee 2 Bell Labs,
Estimating TCP Latency Approximately with Passive Measurements Sriharsha Gangam, Jaideep Chandrashekar, Ítalo Cunha, Jim Kurose.

Estimating TCP Latency Approximately with Passive Measurements Sriharsha Gangam, Jaideep Chandrashekar, Ítalo Cunha, Jim Kurose.
Detecting DDoS Attacks on ISP Networks Ashwin Bharambe Carnegie Mellon University Joint work with: Aditya Akella, Mike Reiter and Srinivasan Seshan.

Detecting DDoS Attacks on ISP Networks Ashwin Bharambe Carnegie Mellon University Joint work with: Aditya Akella, Mike Reiter and Srinivasan Seshan.
1 Advancing Supercomputer Performance Through Interconnection Topology Synthesis Yi Zhu, Michael Taylor, Scott B. Baden and Chung-Kuan Cheng Department.

1 Advancing Supercomputer Performance Through Interconnection Topology Synthesis Yi Zhu, Michael Taylor, Scott B. Baden and Chung-Kuan Cheng Department.
Marios Iliofotou (UC Riverside) Brian Gallagher (LLNL)Tina Eliassi-Rad (Rutgers University) Guowu Xi (UC Riverside)Michalis Faloutsos (UC Riverside) ACM.

Marios Iliofotou (UC Riverside) Brian Gallagher (LLNL)Tina Eliassi-Rad (Rutgers University) Guowu Xi (UC Riverside)Michalis Faloutsos (UC Riverside) ACM.
Topology Control for Effective Interference Cancellation in Multi-User MIMO Networks E. Gelal, K. Pelechrinis, T.S. Kim, I. Broustis Srikanth V. Krishnamurthy,

Topology Control for Effective Interference Cancellation in Multi-User MIMO Networks E. Gelal, K. Pelechrinis, T.S. Kim, I. Broustis Srikanth V. Krishnamurthy,
Topology Generation Suat Mercan. 2 Outline Motivation Topology Characterization Levels of Topology Modeling Techniques Types of Topology Generators.

Topology Generation Suat Mercan. 2 Outline Motivation Topology Characterization Levels of Topology Modeling Techniques Types of Topology Generators.
Resilient Peer-to-Peer Streaming Paper by: Venkata N. Padmanabhan Helen J. Wang Philip A. Chou Discussion Leader: Manfred Georg Presented by: Christoph.

Resilient Peer-to-Peer Streaming Paper by: Venkata N. Padmanabhan Helen J. Wang Philip A. Chou Discussion Leader: Manfred Georg Presented by: Christoph.
The structure of the Internet. How are routers connected? Why should we care? –While communication protocols will work correctly on ANY topology –….they.

The structure of the Internet. How are routers connected? Why should we care? –While communication protocols will work correctly on ANY topology –….they.
Volkan Cevher, Marco F. Duarte, and Richard G. Baraniuk European Signal Processing Conference 2008.

Volkan Cevher, Marco F. Duarte, and Richard G. Baraniuk European Signal Processing Conference 2008.
1 Reversible Sketches for Efficient and Accurate Change Detection over Network Data Streams Robert Schweller Ashish Gupta Elliot Parsons Yan Chen Computer.

1 Reversible Sketches for Efficient and Accurate Change Detection over Network Data Streams Robert Schweller Ashish Gupta Elliot Parsons Yan Chen Computer.
Polytechnic University,ECE Department1 Detection of “Hot Spots” Paper Title : Joint Data Streaming and Sampling Techniques for Detection of Super Sources.

Polytechnic University,ECE Department1 Detection of “Hot Spots” Paper Title : Joint Data Streaming and Sampling Techniques for Detection of Super Sources.
Reverse Hashing for High-speed Network Monitoring: Algorithms, Evaluation, and Applications Robert Schweller 1, Zhichun Li 1, Yan Chen 1, Yan Gao 1, Ashish.

Reverse Hashing for High-speed Network Monitoring: Algorithms, Evaluation, and Applications Robert Schweller 1, Zhichun Li 1, Yan Chen 1, Yan Gao 1, Ashish.
Multi-Scale Analysis for Network Traffic Prediction and Anomaly Detection Ling Huang Joint work with Anthony Joseph and Nina Taft January, 2005.

Multi-Scale Analysis for Network Traffic Prediction and Anomaly Detection Ling Huang Joint work with Anthony Joseph and Nina Taft January, 2005.
1 Distributed Online Simultaneous Fault Detection for Multiple Sensors Ram Rajagopal, Xuanlong Nguyen, Sinem Ergen, Pravin Varaiya EECS, University of.

1 Distributed Online Simultaneous Fault Detection for Multiple Sensors Ram Rajagopal, Xuanlong Nguyen, Sinem Ergen, Pravin Varaiya EECS, University of.

Similar presentations

Ads by Google