Fast algorithms for heavy distinct hitters using associative memories

Nagender Bandi, Divyakant Agrawal, Amr El Abbadi

Research output: Chapter in Book/Report/Conference proceedingConference contribution

14 Citations (Scopus)

Abstract

Real-time detection of worm attacks, port scans and Distributed Denial of Service (DDoS) attacks, as network packets belonging to these security attacks flow through a network router, is of paramount importance. In a typical worm attack, a worm infected host tries to spread the worm by scanning a number of other hosts thus resulting in significant number of network connections at an intermediate router. Detecting such attacks amounts to finding all hosts that are associated with unusually high number of other hosts, which is equivalent to solving the classic heavy distinct hitter problem over data streams. While several heavy distinct hitter solutions have been proposed and evaluated in a standard CPU setting, most of the above applications typically execute on special networking architectures called Network Processing Units (NPUs). These NPUs interface with special associative memories known as the Ternary Content Addressable Memories (TCAMs) to provide gigabit rate forwarding at network routers. In this paper, we describe how the integrated architecture of NPU and TCAMs can be exploited to develop high-speed solutions for heavy distinct hitters.

Original languageEnglish
Title of host publicationProceedings - International Conference on Distributed Computing Systems
DOIs
Publication statusPublished - 8 Oct 2007
Externally publishedYes
Event27th International Conference on Distributed Computing Systems, ICDCS'07 - Toronto, ON, Canada
Duration: 25 Jun 200727 Jun 2007

Other

Other27th International Conference on Distributed Computing Systems, ICDCS'07
CountryCanada
CityToronto, ON
Period25/6/0727/6/07

Fingerprint

Routers
Associative storage
Data storage equipment
Processing
Packet networks
Computer networks
Network architecture
Interfaces (computer)
Program processors
Scanning

ASJC Scopus subject areas

  • Hardware and Architecture

Cite this

Bandi, N., Agrawal, D., & El Abbadi, A. (2007). Fast algorithms for heavy distinct hitters using associative memories. In Proceedings - International Conference on Distributed Computing Systems [4268163] https://doi.org/10.1109/ICDCS.2007.110

Fast algorithms for heavy distinct hitters using associative memories. / Bandi, Nagender; Agrawal, Divyakant; El Abbadi, Amr.

Proceedings - International Conference on Distributed Computing Systems. 2007. 4268163.

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Bandi, N, Agrawal, D & El Abbadi, A 2007, Fast algorithms for heavy distinct hitters using associative memories. in Proceedings - International Conference on Distributed Computing Systems., 4268163, 27th International Conference on Distributed Computing Systems, ICDCS'07, Toronto, ON, Canada, 25/6/07. https://doi.org/10.1109/ICDCS.2007.110
Bandi N, Agrawal D, El Abbadi A. Fast algorithms for heavy distinct hitters using associative memories. In Proceedings - International Conference on Distributed Computing Systems. 2007. 4268163 https://doi.org/10.1109/ICDCS.2007.110
Bandi, Nagender ; Agrawal, Divyakant ; El Abbadi, Amr. / Fast algorithms for heavy distinct hitters using associative memories. Proceedings - International Conference on Distributed Computing Systems. 2007.
@inproceedings{f81dad89b64c46c08ac2fed38bf38f8e,
title = "Fast algorithms for heavy distinct hitters using associative memories",
abstract = "Real-time detection of worm attacks, port scans and Distributed Denial of Service (DDoS) attacks, as network packets belonging to these security attacks flow through a network router, is of paramount importance. In a typical worm attack, a worm infected host tries to spread the worm by scanning a number of other hosts thus resulting in significant number of network connections at an intermediate router. Detecting such attacks amounts to finding all hosts that are associated with unusually high number of other hosts, which is equivalent to solving the classic heavy distinct hitter problem over data streams. While several heavy distinct hitter solutions have been proposed and evaluated in a standard CPU setting, most of the above applications typically execute on special networking architectures called Network Processing Units (NPUs). These NPUs interface with special associative memories known as the Ternary Content Addressable Memories (TCAMs) to provide gigabit rate forwarding at network routers. In this paper, we describe how the integrated architecture of NPU and TCAMs can be exploited to develop high-speed solutions for heavy distinct hitters.",
author = "Nagender Bandi and Divyakant Agrawal and {El Abbadi}, Amr",
year = "2007",
month = "10",
day = "8",
doi = "10.1109/ICDCS.2007.110",
language = "English",
isbn = "0769528376",
booktitle = "Proceedings - International Conference on Distributed Computing Systems",

}

TY - GEN

T1 - Fast algorithms for heavy distinct hitters using associative memories

AU - Bandi, Nagender

AU - Agrawal, Divyakant

AU - El Abbadi, Amr

PY - 2007/10/8

Y1 - 2007/10/8

N2 - Real-time detection of worm attacks, port scans and Distributed Denial of Service (DDoS) attacks, as network packets belonging to these security attacks flow through a network router, is of paramount importance. In a typical worm attack, a worm infected host tries to spread the worm by scanning a number of other hosts thus resulting in significant number of network connections at an intermediate router. Detecting such attacks amounts to finding all hosts that are associated with unusually high number of other hosts, which is equivalent to solving the classic heavy distinct hitter problem over data streams. While several heavy distinct hitter solutions have been proposed and evaluated in a standard CPU setting, most of the above applications typically execute on special networking architectures called Network Processing Units (NPUs). These NPUs interface with special associative memories known as the Ternary Content Addressable Memories (TCAMs) to provide gigabit rate forwarding at network routers. In this paper, we describe how the integrated architecture of NPU and TCAMs can be exploited to develop high-speed solutions for heavy distinct hitters.

AB - Real-time detection of worm attacks, port scans and Distributed Denial of Service (DDoS) attacks, as network packets belonging to these security attacks flow through a network router, is of paramount importance. In a typical worm attack, a worm infected host tries to spread the worm by scanning a number of other hosts thus resulting in significant number of network connections at an intermediate router. Detecting such attacks amounts to finding all hosts that are associated with unusually high number of other hosts, which is equivalent to solving the classic heavy distinct hitter problem over data streams. While several heavy distinct hitter solutions have been proposed and evaluated in a standard CPU setting, most of the above applications typically execute on special networking architectures called Network Processing Units (NPUs). These NPUs interface with special associative memories known as the Ternary Content Addressable Memories (TCAMs) to provide gigabit rate forwarding at network routers. In this paper, we describe how the integrated architecture of NPU and TCAMs can be exploited to develop high-speed solutions for heavy distinct hitters.

UR - http://www.scopus.com/inward/record.url?scp=34848855126&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=34848855126&partnerID=8YFLogxK

U2 - 10.1109/ICDCS.2007.110

DO - 10.1109/ICDCS.2007.110

M3 - Conference contribution

SN - 0769528376

SN - 9780769528373

BT - Proceedings - International Conference on Distributed Computing Systems

ER -