Go to DBLP homepageFluxSketch: A Sketch-Based Solution for Long-Term Fluctuating Key Flow Detection
Abstract: Traffic measurement is crucial for ensuring network security and performance. Analyzing network flow attributes supports critical applications such as network attack detection and anomalous behavior analysis. Although existing methods have made progress in detecting flow dynamic behavior, they fall short of capturing the long-term fluxes of flows, making it challenging to identify continuous dynamic behavior effectively. To address this deficiency, we first introduce the FluxFlow detection task, which aims to detect flows whose recorded number of fluxes within a recent time window reaches a certain threshold. To more precisely characterize different flows, we further define four specific detection types: total, increase, decrease, and burst flux. Due to memory resource limitations and the data volume challenges posed by long-term measurement, achieving efficient FluxFlow detection is difficult. To this end, we propose two efficient FluxSketch data structures that employ replacement strategies based on flux counts or weighted scores to track long-term flow flux information and detect FluxFlows under limited memory. Through experimental evaluation on multiple real-world datasets, the results demonstrate that our proposed FluxSketch structures significantly outperform existing solutions and primitive methods regarding memory efficiency and detection accuracy.
External IDs:dblp:conf/icics/XuGSHD25
Loading