KIT | KIT-Bibliothek | Impressum | Datenschutz

Balancing Performance Characteristics of Hierarchical Heavy Hitters

Heseding, Hauke; Glöckle, Johannes; Bauer, Robert; Zitterbart, Martina

Abstract:
Hierarchical Heavy Hitters (HHHs) identify frequent items in streaming data. Finding these items has several applications to network monitoring, particularly in distributed denial-of-service (DDoS) mitigation and anomaly detection. Several algorithms are available to compute HHHs, each with different performance characteristics in terms of resource consumption, speed and accuracy. These characteristics determine which HHH algorithm may be best suited for a given network situation (e.g., because it offers sufficient accuracy for fine-grained traffic analysis). However, since the situation can evolve over time, the best choice for an HHH algorithm may also change. Simply replacing a chosen HHH algorithm has the drawback of losing all previously acquired monitoring information.
This paper introduces the novel concept of HHH-transitions that transfer monitoring information between HHH variants and consequently allows it to adopt new performance characteristics by switching algorithms at runtime. For example, this enables a DDoS mitigation system to adapt to evolving network situations and therefore increase overall Return-on-Mitigation ... mehr



Zugehörige Institution(en) am KIT Institut für Telematik (TM)
Karlsruher Institut für Technologie (KIT)
Kompetenzzentrum für angewandte Sicherheitstechnologie (KASTEL)
Publikationstyp Proceedingsbeitrag
Jahr 2019
Sprache Englisch
Identifikator KITopen-ID: 1000092802
Erschienen in IFIP NETWORKING 2019, Warsaw, Poland, May 20-22, 2019
Schlagworte HHH, monitoring, DDoS defense, HHH-transitions
KIT – Die Forschungsuniversität in der Helmholtz-Gemeinschaft
KITopen Landing Page