Methods and apparatus for space efficient adaptive detection of multidimensional hierarchical heavy hitters
First Claim
Patent Images
1. A method for detecting at least one hierarchical heavy hitter from a stream of packets, comprising:
- receiving at least one packet from said stream of packets;
associating at least two keys with at least two fields of said at least one packet;
applying an adaptive trie data structure, where each node of said adaptive trie data structure is associated with said at least two keys; and
using said adaptive trie data structure to determine said at least one hierarchical heavy hitter, wherein said using said adaptive trie data structure to determine said at least one hierarchical heavy hitter comprises;
reconstructing a volume for each node that is an internal node;
estimating missed traffic for each of said internal node; and
determining said at least one hierarchical heavy hitter in accordance with a combination of said reconstructed volume and said estimated missed traffic.
3 Assignments
0 Petitions
Accused Products
Abstract
The present invention develops an efficient streaming method for detecting multidimensional hierarchical heavy hitters from massive data streams and enables near real time detection of anomaly behavior in networks.
-
Citations
4 Claims
-
1. A method for detecting at least one hierarchical heavy hitter from a stream of packets, comprising:
-
receiving at least one packet from said stream of packets; associating at least two keys with at least two fields of said at least one packet; applying an adaptive trie data structure, where each node of said adaptive trie data structure is associated with said at least two keys; and using said adaptive trie data structure to determine said at least one hierarchical heavy hitter, wherein said using said adaptive trie data structure to determine said at least one hierarchical heavy hitter comprises; reconstructing a volume for each node that is an internal node; estimating missed traffic for each of said internal node; and determining said at least one hierarchical heavy hitter in accordance with a combination of said reconstructed volume and said estimated missed traffic. - View Dependent Claims (2)
-
-
3. A computer-readable medium having stored thereon a plurality of instructions, the plurality of instructions including instructions which, when executed by a processor, cause the processor to perform the steps of a method for detecting at least one hierarchical heavy hitter from a stream of packets, comprising:
-
receiving at least one packet from said stream of packets; associating at least two keys with at least two fields of said at least one packet; applying an adaptive trie data structure, where each node of said adaptive trie data structure is associated with said at least two keys; and using said adaptive trie data structure to determine said at least one hierarchical heavy hitter, wherein said using said adaptive trie data structure to determine said at least one hierarchical heavy hitter comprises; reconstructing a volume for each node this is an internal node; estimating missed traffic for each of said internal node; and determining said at least one hierarchical heavy hitter in accordance with a combination of said reconstructed volume and said estimated missed traffic. - View Dependent Claims (4)
-
Specification