Presentation is loading. Please wait.

Presentation is loading. Please wait.

Constant Time Updates in Hierarchical Heavy Hitters

Published byInkeri Pesonen Modified over 5 years ago

Similar presentations

Presentation on theme: "Constant Time Updates in Hierarchical Heavy Hitters"— Presentation transcript:

1 Constant Time Updates in Hierarchical Heavy Hitters
Ran Ben Basat, Technion Gil Einziger, Nokia Bell Labs Joint work with Erez Waisbard (Nokia Bell Labs) Roy Friedman (Technion) and Marcello Luzieli (UFGRS)

2 Distributed Denial of Service

3 Hierarchical Heavy Hitters (HHH)
identify traffic clusters. They are at the core of numerous DDoS mitigation systems… DDoS attack (Aug. 2014) DREAM: dynamic resource allocation for software-defined Counting. ACM SIGCOMM 2014 LADS: Large-scale Automated DDoS Detection System. USENIX ATC 2006 Automatically Inferring Patterns of Resource Consumption in Network Traffic. ACM SIGCOMM 2003

4 DDoS Mitigation Can we block only the attacking devices? 181.7.20.1
Can we block only the attacking devices?

5 Hierarchical Heavy Hitters
Hierarchical Heavy Hitters identifies frequent: Flows (heavy hitters) Source networks. Source-Destination pairs. 181.7.∗.∗

6 State of the art “Count each prefix independently.” 181.7.20.6
Level0 Counting Level0 Counting Level1 Counting Level1 Counting Compute all prefixes * Level2 Counting Level2 Counting 181.7.*.* 181.*.*.* Level3 Counting Level3 Counting *.*.*.* Level4 Counting Level4 Counting Mitzenmacher et al., Hierarchical Heavy Hitters with the Space Saving Algorithm, ALENEX 2012

7 Randomized HHH (Our work)
“Select a prefix at random and count it” Level0 Counting Level1 Counting Level1 Counting Compute a random prefix Level2 Counting * Level3 Counting Level4 Counting

8 Compute a random prefix
Additional Speedup Level0 Counting Level1 Counting Level1 Counting With probability 90% Compute a random prefix Level2 Counting * Level3 Counting Level4 Counting Ignore packet

9 We did the math Accuracy and convergence guarantees .
After enough packets there are: No false negatives. No counting errors. Only a few false positives.

10 How much traffic is needed for convergence?
“Accuracy improves with the number of packets” 128M packets 128M packets Counting Errors False Negatives 32M packets 32M packets One prefix packet One prefix per 10 packets

11 Comparison with other HHH algorithms
“Accuracy improves with the number of packets” One prefix per packet One prefix per 10 packets Mitzenmacher et al. Cormode et al., Finding hierarchical heavy hitters in streaming data, TKDD 2008

12 Comparison with other HHH algorithms
Up to X62 speedup! One update per packet One update per 10 packets Mitzenmacher et al. Cormode et al., Finding hierarchical heavy hitters in streaming data, TKDD 2008

13 Open vSwitch Implementation
Server A: Traffic Generator We send min-sized packets with headers from Internet traces. Server B: DPDK enabled Open vSwitch Performs HHH Counting in data plane Server A: Traffic generator Serve B: Open vSwitch Traffic Generator Open vSwitch

14 Comparing Implementation Overhead
Highlights: Only -4% overheads for HHH in the OVS data plane! +250% throughput improvement compared to previous work. One prefix per packet One prefix per 10 packets OVS Mitzenmacher et al.

15 Takeaways Real time hierarchical heavy hitters measurement in networking devices. Provable accuracy guarantees. Open source code: How to detect the maximal-prefix networks?

16 Any Questions

Download ppt "Constant Time Updates in Hierarchical Heavy Hitters"

Similar presentations

Network Security Highlights Nick Feamster Georgia Tech.

Network Security Highlights Nick Feamster Georgia Tech.
Traffic Engineering with Forward Fault Correction (FFC)

Traffic Engineering with Forward Fault Correction (FFC)
New Directions in Traffic Measurement and Accounting Cristian Estan – UCSD George Varghese - UCSD Reviewed by Michela Becchi Discussion Leaders Andrew.

New Directions in Traffic Measurement and Accounting Cristian Estan – UCSD George Varghese - UCSD Reviewed by Michela Becchi Discussion Leaders Andrew.
COS 461 Fall 1997 Routing COS 461 Fall 1997 Typical Structure.

COS 461 Fall 1997 Routing COS 461 Fall 1997 Typical Structure.
Summarizing Distributed Data Ke Yi HKUST += ?. Small summaries for BIG data  Allow approximate computation with guarantees and small space – save space,

Summarizing Distributed Data Ke Yi HKUST += ?. Small summaries for BIG data  Allow approximate computation with guarantees and small space – save space,
OpenSketch Slides courtesy of Minlan Yu 1. Management = Measurement + Control Traffic engineering – Identify large traffic aggregates, traffic changes.

OpenSketch Slides courtesy of Minlan Yu 1. Management = Measurement + Control Traffic engineering – Identify large traffic aggregates, traffic changes.
A Fast and Compact Method for Unveiling Significant Patterns in High-Speed Networks Tian Bu 1, Jin Cao 1, Aiyou Chen 1, Patrick P. C. Lee 2 Bell Labs,

A Fast and Compact Method for Unveiling Significant Patterns in High-Speed Networks Tian Bu 1, Jin Cao 1, Aiyou Chen 1, Patrick P. C. Lee 2 Bell Labs,
Course Name- CSc 8320 Advanced Operating Systems Instructor- Dr. Yanqing Zhang Presented By- Sunny Shakya Latest AOS techniques, applications and future.

Course Name- CSc 8320 Advanced Operating Systems Instructor- Dr. Yanqing Zhang Presented By- Sunny Shakya Latest AOS techniques, applications and future.
Measuring Large Traffic Aggregates on Commodity Switches Lavanya Jose, Minlan Yu, Jennifer Rexford Princeton University, NJ 1.

Measuring Large Traffic Aggregates on Commodity Switches Lavanya Jose, Minlan Yu, Jennifer Rexford Princeton University, NJ 1.
IP Telephony Project By: Liane Lewin Shahar Eytan Guided By: Ran Cohen - IBM Vitali Sokhin - Technion.

IP Telephony Project By: Liane Lewin Shahar Eytan Guided By: Ran Cohen - IBM Vitali Sokhin - Technion.
Streaming Algorithms for Robust, Real- Time Detection of DDoS Attacks S. Ganguly, M. Garofalakis, R. Rastogi, K. Sabnani Krishan Sabnani Bell Labs Research.

Streaming Algorithms for Robust, Real- Time Detection of DDoS Attacks S. Ganguly, M. Garofalakis, R. Rastogi, K. Sabnani Krishan Sabnani Bell Labs Research.
A Framework for Classifying Denial of Service Attacks Alefiya Hussain, John Heidemann and Christos Papadopoulos presented by Nahur Fonseca NRG, June, 22.

A Framework for Classifying Denial of Service Attacks Alefiya Hussain, John Heidemann and Christos Papadopoulos presented by Nahur Fonseca NRG, June, 22.
5/1/2006Sireesha/IDS1 Intrusion Detection Systems (A preliminary study) Sireesha Dasaraju CS526 - Advanced Internet Systems UCCS.

5/1/2006Sireesha/IDS1 Intrusion Detection Systems (A preliminary study) Sireesha Dasaraju CS526 - Advanced Internet Systems UCCS.
Reverse Hashing for High-speed Network Monitoring: Algorithms, Evaluation, and Applications Robert Schweller 1, Zhichun Li 1, Yan Chen 1, Yan Gao 1, Ashish.

Reverse Hashing for High-speed Network Monitoring: Algorithms, Evaluation, and Applications Robert Schweller 1, Zhichun Li 1, Yan Chen 1, Yan Gao 1, Ashish.
1 CS 577 “TinySec: A Link Layer Security Architecture for Wireless Sensor Networks” Chris Karlof, Naveen Sastry, David Wagner UC Berkeley Summary presented.

1 CS 577 “TinySec: A Link Layer Security Architecture for Wireless Sensor Networks” Chris Karlof, Naveen Sastry, David Wagner UC Berkeley Summary presented.
Communication-Efficient Distributed Monitoring of Thresholded Counts Ram Keralapura, UC-Davis Graham Cormode, Bell Labs Jai Ramamirtham, Bell Labs.

Communication-Efficient Distributed Monitoring of Thresholded Counts Ram Keralapura, UC-Davis Graham Cormode, Bell Labs Jai Ramamirtham, Bell Labs.
Dream Slides Courtesy of Minlan Yu (USC) 1. Challenges in Flow-based Measurement 2 Controller Configure resources1Fetch statistics2(Re)Configure resources1.

Dream Slides Courtesy of Minlan Yu (USC) 1. Challenges in Flow-based Measurement 2 Controller Configure resources1Fetch statistics2(Re)Configure resources1.
Lucent Technologies – Proprietary Use pursuant to company instruction Learning Sequential Models for Detecting Anomalous Protocol Usage (work in progress)

Lucent Technologies – Proprietary Use pursuant to company instruction Learning Sequential Models for Detecting Anomalous Protocol Usage (work in progress)
Load Balancing Dan Priece. What is Load Balancing? Distributed computing with multiple resources Need some way to distribute workload Discreet from the.

Load Balancing Dan Priece. What is Load Balancing? Distributed computing with multiple resources Need some way to distribute workload Discreet from the.
On the Power of Off-line Data in Approximating Internet Distances Danny Raz Technion - Israel Institute.

On the Power of Off-line Data in Approximating Internet Distances Danny Raz Technion - Israel Institute.

Similar presentations

Ads by Google