An Adaptive Method for Identifying Super Nodes from Network-wide View
Authors: 
Aiping Zhou, Jin QianAuthors Info & Claims
Abstract
Super nodes with large cardinalities remain serious threats to production networks. Super node identification is significant for network security and management, including network attacks detection such as DDoS attacks, spam emails, etc. Since the cardinality distribution exhibits dynamic change, most existing approaches are not able to adaptively allocate the memory size for nodes with small and large cardinalities in order to balance accuracy and memory usage in cardinality estimation. Moreover, there are not capable of simultaneously measuring multiple kinds of cardinalities and efficiently recover super nodes due to high calculation and memory cost by constructing data structures only once. To solve these problems, we present a data streaming approach for identifying super nodes based on novel summary data structures. The main idea of our approach is to design a changeable and reversible data structure, which increase its size according to the dynamic cardinality distribution, collect the information associated with cardinalities in network-wide view, and reconstruct super sources and destinations by simple inverse computation based on the aggregated data structure. We perform theoretical analysis and conduct extensive experiments on real network traffic. The experimental results show that the proposed approach can identify up to 96% super nodes with the low memory and computation requirement in comparison with state-of-the-art approaches.
References
[1]
Zuo Y, Wu Y, Min G, and Cui L Learning-based network path planning for traffic engineering Futur. Gener. Comput. Syst. 2019 92 59-67
[2]
Xie K, Li X, Wang X, Cao J, Xie G, Wen J, Zhang D, and Qin Z On-line anomaly detection with high accuracy IEEE/ACM Trans. Netw. 2018 26 3 1222-1235
[3]
Khan S, Gani A, Wahab A, Shiraz M, and Ahmad I Network forensics: review, taxonomy, and open challenges J. Netw. Comput. Appl. 2016 66 214-235
[4]
Ma C, Chen S, Zhang Y, Xiao Q, and Odegbile OO Super spreader identification using geometric-min filter IEEE/ACM Trans. Netw. 2022 30 1 299-312
[5]
Jing X, Han H, Yan Z, and Pedrycz W SuperSketch: a multi-dimensional reversible data structure for super host identification IEEE Trans. Dependable Secur. Comput. 2021 19 4 2741-2754
[6]
Zheng L, Liu D, Liu W, Liu Z, Li Z, and Wu T A data streaming algorithm for detection of superpoints with small memory consumption IEEE Commun. Lett. 2017 21 5 1067-1070
[7]
Tang F, Kawamoto Y, Kato N, Yano K, and Suzuki Y Probe delay based adaptive port scanning for IoT devices with private IP address behind NAT IEEE Netw. 2020 34 2 195-201
[8]
Singh A, Awasthi AK, Singh K, and Srivastava P Modeling and analysis of worm propagation in wireless sensor networks Wirel. Pers. Commun. 2018 98 3 2535-2551
[9]
Faris H, Ala’M A, Heidari A, Aljarah I, Mafarja M, Hassonah M, and Fujita H An intelligent system for spam detection and identification of the most relevant features based on evolutionary random weight networks Inf. Fus. 2019 48 67-83
[10]
Xu Z, Wang X, and Zhang Y Towards persistent detection of DDoS attacks in NDN: A sketch-based approach IEEE Trans. Dependable Secur. Comput. 2022
[11]
Jia P, Wang P, Zhang Y, Zhang X, Tao J, Ding J, Guan X, and Towsley D Accurately estimating user cardinalities and detecting super spreaders over time IEEE Trans. Knowl. Data Eng. 2022 34 1 92-106
[12]
Du, Y., Huang, H., Sun, Y., Chen, S., Gao, G., Wang, X., Xu, S. 2022 Short-term memory sampling for spread measurement in high-speed networks. In: Proceedings of the conference on computer communications, London, United Kingdom, pp. 470–479.
[13]
Wang H, Ma C, Chen S, and Wang Y Fast and accurate cardinality estimation by self-morphing bitmaps IEEE/ACM Trans. Netw. 2022
[14]
Xiao Q, Chen S, Zhou Y, and Luo J Estimating cardinality for arbitrarily large data stream with improved memory efficiency IEEE/ACM Trans. Netw. 2020 28 2 433-446
[15]
Bruschi V, Pontarelli S, Tollet J, Barach D, and Bianchi G FlowFight: High performance–low memory top-k spreader detection Comput. Netw. 2021 196 108239
[16]
Zhou A and Qian J An efficient method for detecting supernodes using reversible summary data structures in the distributed monitoring systems Secur. Commun. Netw. 2022
[17]
Ma, C., Wang, H., Odegbile, O.O., Chen, S.: Virtual filter for non-duplicate sampling. In: Proceedings of the 29th international conference on network protocols, Dallas, TX, USA, 2021, pp. 1–11.
[18]
Yang T, Zhang H, Li J, Gong J, Uhlig S, Chen S, and Li X HeavyKeeper: An accurate algorithm for finding top-k elephant flows IEEE/ACM Trans. Netw. 2019 27 5 1845-1858
[19]
Liu L, Ding T, Feng H, Yan Z, and Lu X Tree sketch: an accurate and memory-efficient sketch for network-wide measurement Comput. Commun. 2022
[20]
Umer M, Sher M, and Bi Y Flow-based intrusion detection: Techniques and challenges Comput. Secur. 2017 70 238-254
[21]
Du, Y., Huang, H., Sun, Y., Chen, S., Gao, G. 2021 Self-adaptive sampling for network traffic measurement. In: Proceedings of the Conference on Computer Communications, Vancouver, BC, Canada, pp. 1–10.
[22]
Venkataraman, S., Song, D., Gibbons, P., Blum, A.: New streaming algorithms for fast detection of superspreaders. In: Proceedings of the network and distributed system security symposium, San Diego, California, USA, 2005, pp. 149–166.
[23]
Cao, J., Jin, Y., Chen, A., Bu, T., Zhang, Z.: Identifying high cardinality internet hosts. In: Proceedings of the conference on computer communications, Rio de Janeiro, Brazil, 2009, pp. 810–818.
[24]
Huang H, Sun Y, Ma C, Chen S, Du Y, Wang H, and Xiao Q Spread estimation with non-duplicate sampling in high-speed networks IEEE/ACM Trans. Netw. 2021 29 5 2073-2086
[25]
Ma C, Wang H, Odegbile OO, Chen S, and Melissourgos D Virtual filter for non-duplicate sampling with network applications IEEE/ACM Trans. Netw. 2022
[26]
Han H, Yan Z, Jing X, and Pedrycz W Applications of sketches in network traffic measurement: a survey Inf. Fus. 2022 82 58-85
[27]
Zhao, Q., Kumar, A., Xu, J. 2005 Joint data streaming and sampling techniques for detection of super sources and destinations. In: Proceedings of the 5th ACM SIGCOMM conference on Internet measurement, Berkeley, CA, USA, 2005, pp. 77–90.
[28]
Yoon, M., Li, T., Chen, S., Peir, J.: Fit a spread estimator in small memory. In: Proceedings of the conference on computer communications, Rio de Janeiro, Brazil, 2009, pp. 504–512.
[29]
Yoon M, Li T, Chen S, and Peir J Fit a compact spread estimator in small high-speed memory IEEE/ACM Trans. Netw. 2011 19 5 1253-1264
[30]
Zhao Q, Xu J, and Kumar A Detection of super sources and destinations in high-speed networks: algorithms, analysis and evaluation IEEE J. Sel. Areas Commun. 2006 24 10 1840-1852
[31]
Wang P, Guan X, Towsley D, and Tao J Virtual indexing based methods for estimating node connection degrees Comput. Netw. 2012 56 12 2773-2787
[32]
Schweller R, Li Z, Chen Y, Gao Y, Gupta A, Zhang Y, Dinda P, Kao M, and Memik G Reversible sketches: enabling monitoring and analysis over high-speed data streams IEEE/ACM Trans. Netw. 2007 15 5 1059-1072
[33]
Wang P, Guan X, Qin T, and Huang Q A data streaming method for monitoring host connection degrees of high-speed links IEEE Trans. Inf. Foren. Secur. 2011 6 3 1086-1098
[34]
Liu W, Qu W, Gong J, and Li K Detection of superpoints using a vector bloom filter IEEE Trans. Inf. Foren. Secur. 2016 11 3 514-527
[35]
Wang J, Liu W, Zheng L, Li Z, and Liu Z A novel algorithm for detecting superpoints based on reversible virtual bitmaps J. Inf. Secur. Appl. 2019 49 102403
[36]
Liu Y, Chen W, and Guan Y Identifying high-cardinality hosts from network-wide traffic measurements IEEE Trans. Dependable Secur. Comput. 2016 13 5 547-558
[37]
Tang, L., Huang, Q., Lee, P.: SpreadSketch: Toward invertible and network-wide detection of superspreaders. In: Proceedings of the conference on computer communications, Toronto, ON, Canada, 2020, pp. 1608–1617.
[38]
Xiao, Q., Qiao, Y., Zhen, M., Chen, S.: Estimating the persistent spreads in high-speed networks. In: Proceedings of the 22nd international conference on network protocols, Raleigh, NC, USA, 2014, pp. 131–142.
[39]
Zhou Y, Zhou Y, Chen M, and Chen S Persistent spread measurement for big network data based on register intersection Proc. ACM Meas. Anal. Comput. Syst. 2017 1 1 1-29
[40]
Huang, H., Sun, Y., Chen, S., Tang, S., Han, K., Yuan, J., Yang, W.: You can drop but you can’t hide: K-persistent spread estimation in high-speed networks. In: Proceedings of the conference on computer communications, Honolulu, HI, USA, 2018, pp. 1889–97.
[41]
Huang H, Sun Y, Ma C, Chen S, Zhou Y, Yang W, Tang S, Xu H, and Qiao Y An efficient k-persistent spread estimator for traffic measurement in high-speed networks IEEE/ACM Trans. Netw. 2020 28 4 1463-1476
[42]
Jing X, Yan Z, Han H, and Pedrycz W ExtendedSketch: Fusing network traffic for super host identification with a memory efficient sketch IEEE Trans. Dependable Secur. Comput. 2022 19 6 3913-3924
[43]
Zhang J, Cui J, Zhong H, Chen Z, and Liu L PA-CRT: Chinese remainder theorem based conditional privacy-preserving authentication scheme in vehicular ad-hoc networks IEEE Trans. Dependable Secur. Comput. 2021 18 2 722-735
[44]
WIDE. MAWI working group traffic archive. Accessed on Aug. 2022. http://mawi.wide.ad.jp/mawi/.
Recommendations
Diagnosing network disruptions with network-wide analysis
SIGMETRICS '07 Conference ProceedingsTo maintain high availability in the face of changing network conditions, network operators must quickly detect, identify, and react to events that cause network disruptions. One way to accomplish this goal is to monitor routing dynamics, by analyzing ...
Diagnosing network disruptions with network-wide analysis
SIGMETRICS '07: Proceedings of the 2007 ACM SIGMETRICS international conference on Measurement and modeling of computer systemsTo maintain high availability in the face of changing network conditions, network operators must quickly detect, identify, and react to events that cause network disruptions. One way to accomplish this goal is to monitor routing dynamics, by analyzing ...
On the stability of skype super nodes
TMA'11: Proceedings of the Third international conference on Traffic monitoring and analysisThe heart of skype services, one of the most ubiquitous P2P networks, is based on a set of super nodes. Choosing stable SNs is an important task, since it improves the whole performance and quality of the P2P network [1, 2]. In this paper we shed light ...
Comments
Please enable JavaScript to view thecomments powered by Disqus.Information & Contributors
Information
Published In
© The Author(s), under exclusive licence to Springer Science+Business Media, LLC, part of Springer Nature 2023. Springer Nature or its licensor (e.g. a society or other partner) holds exclusive rights to this article under a publishing agreement with the author(s) or other rightsholder(s); author self-archiving of the accepted manuscript version of this article is solely governed by the terms of such publishing agreement and applicable law.
Publisher
Plenum Press
United States
Publication History
Published: 09 June 2023
Accepted: 22 May 2023
Received: 16 January 2023
Author Tags
Qualifiers
- Research-article
Funding Sources
- National Natural Science Foundation of China
- Open Project Foundation of Key Laboratory of Computer Network and Information Integration (Southeast University), Ministry of Education, China
- Natural Science Foundation of the Jiangsu Higher Education Institutions of China
Contributors
Other Metrics
Bibliometrics & Citations
Bibliometrics
Article Metrics
- 0Total Citations
- 0Total Downloads
- Downloads (Last 12 months)0
- Downloads (Last 6 weeks)0
Reflects downloads up to 29 Nov 2024
Other Metrics
Citations
View Options
View options
Login options
Check if you have access through your login credentials or your institution to get full access on this article.
Sign in