http://iet.metastore.ingenta.com
1887

Hardware-assisted estimation of entropy norm for high-speed network traffic

Hardware-assisted estimation of entropy norm for high-speed network traffic

For access to this article, please select a purchase option:

Buy article PDF
£12.50
(plus tax if applicable)
Buy Knowledge Pack
10 articles for £75.00
(plus taxes if applicable)

IET members benefit from discounts to all IET publications and free access to E&T Magazine. If you are an IET member, log in to your account and the discounts will automatically be applied.

Learn more about IET membership 

Recommend to library

You must fill out fields marked with: *

Librarian details
Name:*
Email:*
Your details
Name:*
Email:*
Department:*
Why are you recommending this title?
Select reason:
 
 
 
 
 
Electronics Letters — Recommend this title to your library

Thank you

Your recommendation has been sent to your librarian.

The computation of the entropy of a high-speed data stream in a one-pass fashion is crucial to many network security applications. Motivated by the work of Lall et al., this study examines the design trade-off of processing speed and accuracy for estimating the entropy norm. The proposed scheme leverages the Count Sketch with constant memory access on counter update and point query operations. With a bounded relative error and a constant memory access cycle, the design can process incoming traffic with a throughput of 30 Gbit/s.

References

    1. 1)
      • A. Lakhina , M. Crovella , C. Diot .
        1. Lakhina, A., Crovella, M., Diot, C.: ‘Mining anomalies using traffic feature distributions’. Proc. 2005 Conf. Applications, Technologies, Architectures, and Protocols for Computer Communications, SIGCOMM '05, ACM, New York, NY, USA, 2005, pp. 217228.
        . Proc. 2005 Conf. Applications, Technologies, Architectures, and Protocols for Computer Communications, SIGCOMM '05, ACM , 217 - 228
    2. 2)
      • G. Nychis , V. Sekar , D.G. Andersen , H. Kim , H. Zhang .
        2. Nychis, G., Sekar, V., Andersen, D.G., Kim, H., Zhang, H.: ‘An empirical evaluation of entropy-based traffic anomaly detection’. Proc. 8th ACM SIGCOMM Conf. Internet Measurement, ACM, Vouliagmeni, Greece, 2008, pp. 151156.
        . Proc. 8th ACM SIGCOMM Conf. Internet Measurement, ACM , 151 - 156
    3. 3)
      • V. Bartos , M. Zadnik , T. Cejka . (2013)
        3. Bartos, V., Zadnik, M., Cejka, T.: ‘Nemea: framework for stream-wise analysis of network traffic’. CESNET Technical Report, 2013.
        .
    4. 4)
      • V. Sekar , M.K. Reiter , H. Zhang .
        4. Sekar, V., Reiter, M.K., Zhang, H.: ‘A case for a RISC architecture for network flow monitoring’. Technical Report, CMU-CS-09-125.
        .
    5. 5)
      • A. Lall , V. Sekar , M. Ogihara , J.J. Xu , H. Zhang .
        5. Lall, A., Sekar, V., Ogihara, M., Xu, J.J., Zhang, H.: ‘Data streaming algorithms for estimating entropy of network traffic’. ACM SIGMETRICS, 2006, pp. 145156.
        . ACM SIGMETRICS , 145 - 156
    6. 6)
    7. 7)
    8. 8)
      • A. Chakrabarti , K. Do Ba , S. Muthukrishnan .
        8. Chakrabarti, A., Do Ba, K., Muthukrishnan, S.: ‘Estimating entropy and entropy norm on data streams’. Proc. 23rd Annual Conf. Theoretical Aspects of Computer Science, STACS'06, Berlin, Heidelberg, 2006, pp. 196205.
        . Proc. 23rd Annual Conf. Theoretical Aspects of Computer Science, STACS'06 , 196 - 205
    9. 9)
      • N. Alon , Y. Matias , M. Szegedy .
        9. Alon, N., Matias, Y., Szegedy, M.: ‘The space complexity of approximating the frequency moments’. Proc. 28th Annual ACM Symp. Theory of Computing, STOC'96, New York, NY, USA, 1996, pp. 2029.
        . Proc. 28th Annual ACM Symp. Theory of Computing, STOC'96 , 20 - 29
    10. 10)
      • G. Cormode .
        10. Cormode, G.: ‘MassDAL public code bank: Sketches, frequent items, changes (Deltoids)’, Massive Data Analysis Lab..
        .
    11. 11)
      • 11. CAIDA: ‘The CAIDA UCSD anonymized internet traces 2012 equinix-sanjose.dira.20120119-130000.utc.anon.pcap.gz’, 2012.
        .
http://iet.metastore.ingenta.com/content/journals/10.1049/el.2014.2377
Loading

Related content

content/journals/10.1049/el.2014.2377
pub_keyword,iet_inspecKeyword,pub_concept
6
6
Loading
This is a required field
Please enter a valid email address