Methods and apparatus for detection of hierarchical heavy hitters
First Claim
Patent Images
1. A method for detecting at least one hierarchical heavy hitter from a stream of packets, comprising:
- receiving at least one packet from said stream of packets;
associating at least one key with at least one field of said at least one packet;
applying an adaptive trie data structure, where each node of said adaptive trie data structure is associated with one of said at least one key; and
using said adaptive trie data structure to determine said at least one hierarchical heavy hitter, wherein said using said adaptive trie data structure to determine said at least one hierarchical heavy hitter comprises;
reconstructing a volume for each node this is an internal node;
estimating missed traffic for each of said internal node; and
determining said at least one hierarchical heavy hitter in accordance with a combination of said reconstructed volume and said estimated missed traffic.
3 Assignments
0 Petitions
Accused Products
Abstract
An efficient streaming method and apparatus for detecting hierarchical heavy hitters from massive data streams is disclosed. In one embodiment, the method enables near real time detection of anomaly behavior in networks.
-
Citations
4 Claims
-
1. A method for detecting at least one hierarchical heavy hitter from a stream of packets, comprising:
-
receiving at least one packet from said stream of packets; associating at least one key with at least one field of said at least one packet; applying an adaptive trie data structure, where each node of said adaptive trie data structure is associated with one of said at least one key; and using said adaptive trie data structure to determine said at least one hierarchical heavy hitter, wherein said using said adaptive trie data structure to determine said at least one hierarchical heavy hitter comprises; reconstructing a volume for each node this is an internal node; estimating missed traffic for each of said internal node; and determining said at least one hierarchical heavy hitter in accordance with a combination of said reconstructed volume and said estimated missed traffic. - View Dependent Claims (2)
-
-
3. A computer-readable medium having stored thereon a plurality of instructions, the plurality of instructions including instructions which, when executed by a processor, cause the processor to perform the steps of a method for detecting at least one hierarchical heavy hitter from a stream of packets, comprising:
-
receiving at least one packet from said stream of packets; associating at least one key with at least one field of said at least one packet; applying an adaptive trie data structure, where each node of said adaptive trie data structure is associated with one of said at least one key; and using said adaptive trie data structure to determine said at least one hierarchical heavy hitter, wherein said using said adaptive trie data structure to determine said at least one hierarchical heavy hitter comprises; reconstructing a volume for each node this is an internal node; estimating missed traffic for each of said internal node; and determining said at least one hierarchical heavy hitter in accordance with a combination of said reconstructed volume and said estimated missed traffic. - View Dependent Claims (4)
-
Specification
-
- Resources
Litigation Campaign Assessment
Thank you for your request. You will receive a custom alert email when the Litigation Campaign Assessment is available.
×
-
Current AssigneeAT&T Intellectual Property I LP (AT&T, Inc.)
-
Original AssigneeAT&T Corporation (AT&T, Inc.)
-
InventorsSingh, Sumeet, Zhang, Yin, Duffield, Nicholas, Sen, Subhabrata, Lund, Carsten
-
Primary Examiner(s)Vy; Hung T
-
Application NumberUS11/042,771Time in Patent Office1,359 DaysField of Search370/352, 370/395.3, 370/338, 370/310, 370/227, 370/408, 714/57, 707/104, 707100-102, 726/22US Class Current1/1CPC Class CodesH04L 2101/604 Address structures or formatsH04L 63/1425 Traffic logging, e.g. anoma...H04L 63/1441 Countermeasures against mal...H04L 63/1458 Denial of Service
