Attack time localization using interval queries

Nikita Ivkin, Ran Ben Basat, Zaoxing Liu, Gil Einziger, Roy Friedman, Vladimir Braverman

Research output: Chapter in Book/Report/Conference proceedingConference contributionpeer-review

Abstract

Modern telemetry systems require advanced analytic capabilities such as drill down queries. These queries can be used to detect the beginning and end of a network anomaly by efficiently refining the search space. We present the first integral solution that (i) enables multiple measurement tasks inside the same data structure, (ii) supports specifying the time frame of interest as part of its queries, and (iii) is sketch-based and thus space efficient. Namely, our approach allows the user to define both the measurement task (e.g., heavy hitters, entropy estimation, cardinality estimation) and the time frame of relevance (e.g., 5PM-6PM) at query time. Our approach provides accuracy guarantees and is the only space-efficient solution that offers such capabilities. Finally, we demonstrate how the algorithm can be used to accurately pinpoint the beginning of a realistic DDoS attack.

Original languageEnglish
Title of host publicationSIGCOMM 2019 - Proceedings of the 2019 ACM SIGCOMM Conference Posters and Demos, Part of SIGCOMM 2019
PublisherAssociation for Computing Machinery, Inc
Pages85-87
Number of pages3
ISBN (Electronic)9781450368865
DOIs
StatePublished - 19 Aug 2019
Event2019 ACM SIGCOMM Conference Posters and Demos, SIGCOMM 2019 - Beijing, China
Duration: 19 Aug 201923 Aug 2019

Publication series

NameSIGCOMM 2019 - Proceedings of the 2019 ACM SIGCOMM Conference Posters and Demos, Part of SIGCOMM 2019

Conference

Conference2019 ACM SIGCOMM Conference Posters and Demos, SIGCOMM 2019
Country/TerritoryChina
CityBeijing
Period19/08/1923/08/19

ASJC Scopus subject areas

  • Software
  • Hardware and Architecture

Fingerprint

Dive into the research topics of 'Attack time localization using interval queries'. Together they form a unique fingerprint.

Cite this