TY - GEN
T1 - Attack time localization using interval queries
AU - Ivkin, Nikita
AU - Basat, Ran Ben
AU - Liu, Zaoxing
AU - Einziger, Gil
AU - Friedman, Roy
AU - Braverman, Vladimir
N1 - Publisher Copyright:
© 2019 Association for Computing Machinery.
PY - 2019/8/19
Y1 - 2019/8/19
N2 - Modern telemetry systems require advanced analytic capabilities such as drill down queries. These queries can be used to detect the beginning and end of a network anomaly by efficiently refining the search space. We present the first integral solution that (i) enables multiple measurement tasks inside the same data structure, (ii) supports specifying the time frame of interest as part of its queries, and (iii) is sketch-based and thus space efficient. Namely, our approach allows the user to define both the measurement task (e.g., heavy hitters, entropy estimation, cardinality estimation) and the time frame of relevance (e.g., 5PM-6PM) at query time. Our approach provides accuracy guarantees and is the only space-efficient solution that offers such capabilities. Finally, we demonstrate how the algorithm can be used to accurately pinpoint the beginning of a realistic DDoS attack.
AB - Modern telemetry systems require advanced analytic capabilities such as drill down queries. These queries can be used to detect the beginning and end of a network anomaly by efficiently refining the search space. We present the first integral solution that (i) enables multiple measurement tasks inside the same data structure, (ii) supports specifying the time frame of interest as part of its queries, and (iii) is sketch-based and thus space efficient. Namely, our approach allows the user to define both the measurement task (e.g., heavy hitters, entropy estimation, cardinality estimation) and the time frame of relevance (e.g., 5PM-6PM) at query time. Our approach provides accuracy guarantees and is the only space-efficient solution that offers such capabilities. Finally, we demonstrate how the algorithm can be used to accurately pinpoint the beginning of a realistic DDoS attack.
UR - http://www.scopus.com/inward/record.url?scp=85071932802&partnerID=8YFLogxK
U2 - 10.1145/3342280.3342316
DO - 10.1145/3342280.3342316
M3 - Conference contribution
AN - SCOPUS:85071932802
T3 - SIGCOMM 2019 - Proceedings of the 2019 ACM SIGCOMM Conference Posters and Demos, Part of SIGCOMM 2019
SP - 85
EP - 87
BT - SIGCOMM 2019 - Proceedings of the 2019 ACM SIGCOMM Conference Posters and Demos, Part of SIGCOMM 2019
PB - Association for Computing Machinery, Inc
T2 - 2019 ACM SIGCOMM Conference Posters and Demos, SIGCOMM 2019
Y2 - 19 August 2019 through 23 August 2019
ER -