Ziqi Sun,Yu-E Sun,Yang Du,Jia Liu,He Huang

DOI: https://doi.org/10.1007/978-981-97-0811-6_2

2024-01-01

Abstract:Finding top-k persistent flows in high-speed network traffic is crucial for applications like click-fraud detection and covert attacker detection. The prior studies either do not separate persistent and non-persistent flows during online traffic processing and waste significant space to record numerous non-persistent flows, or only realize unstable separation that is not robust to flow frequency. We proposes Persistent Sketch (PE-Sketch), the first memory-efficient and robust algorithm for finding top-k persistent flows. The basic idea is accurately separating persistent flows and then tracking them. Because it is difficult to perform separation by persistence directly, PE-Sketch introduces the concept of event sampling to sample the persistence increment events (each flow’s first arrival in every time window) with a pre-defined probability, where the number of sampled events is proportional to flow persistence. Then we design a memory-efficient candidate matrix to accurately separate and track the flows with the most sampled events, i.e., persistent flows. With the two key techniques, we find persistent flows regardless of their frequencies, attaining robust and accurate estimation results. Experimental results demonstrate that, compared to the state-of-the-art (On-Off Sketch), PE-Sketch is robust, and it can improve the precision by up to 15.6 times and reduce the error by up to 2 orders of magnitude when using the same space.

Zhuochen Fan,Xiangyuan Wang,Xiaodong Li,Jiarui Guo,Wenrui Liu,Haoyu Li,Sheng Long,Zheng Zhong,Tong Yang,Xuebin Chen,Bin Cui

DOI: https://doi.org/10.1109/iwqos57198.2023.10188743

2024-01-01

Abstract:In this paper, we study steady flows in data streams, which refers to those flows whose arrival rate is always non-zero and around a fixed value for several consecutive time windows. To find steady flows in real time, we propose a novel sketch, SteadySketch, aiming to accurately report steady flows with limited memory. To the best of our knowledge, this is the first work to define and find steady flows in data streams. The key novelty of SteadySketch is our proposed reborn technique, which reduces the required memory space by 75%. Experimental results show that SteadySketch improves the Precision Rate (PR) by 81.1% and reduces the Average Relative Error (ARE) by 955.3× compared with the strawman solution. Finally, we provide a concrete case: cache prefetch, and prove that SteadySketch can effectively improve the cache hit ratio. All related codes of SteadySketch are open-source and available at GitHub.

Yinda Zhang,Jinyang Li,Yutian Lei,Tong Yang,Zhetao Li,Gong Zhang,Bin Cui

DOI: https://doi.org/10.14778/3425879.3425884

2020-01-01

Abstract:AbstractApproximate stream processing has attracted much attention recently. Prior art mostly focuses on characteristics like frequency, cardinality, and quantile. Persistence, as a new characteristic, is getting increasing attention. Unlike frequency, persistence highlights behaviors where an item appears recurrently in many time windows of a data stream. There are two typical problems with persistence - persistence estimation and finding persistent items. In this paper, we propose the On-Off sketch to address both problems. For persistence estimation, using the characteristic that the persistence of an item is increased periodically, we compress increments when multiple items are mapped to the same counter, which significantly reduces the error. Compared with the Count-Min sketch, 1) in theory, we prove that the error of the On-Off sketch is always smaller; 2) in experiments, the On-Off sketch achieves around 6.17 times smaller error and 2.2 times higher throughput. For finding persistent items, we propose a technique to separate persistent and non-persistent items, further improving the accuracy. We show that the space complexity of our On-Off sketch is much better than the state-of-the-art (PIE), and it reduces the error up to 4 orders of magnitude and achieves 2.84 times higher throughput than prior algorithms in experiments.

Yinda Zhang,Jinyang Li,Yutian Lei,Tong Yang,Zhetao Li,Gong Zhang,Bin Cui

DOI: https://doi.org/10.14778/3425879.3425884

IF: 2.5

2020-01-01

Proceedings of the VLDB Endowment

Abstract:Approximate stream processing has attracted much attention recently. Prior art mostly focuses on characteristics like frequency, cardinality, and quantile. Persistence, as a new characteristic, is getting increasing attention. Unlike frequency, persistence highlights behaviors where an item appears recurrently in many time windows of a data stream. There are two typical problems with persistence - persistence estimation and finding persistent items. In this paper, we propose the On-Off sketch to address both problems. For persistence estimation, using the characteristic that the persistence of an item is increased periodically, we compress increments when multiple items are mapped to the same counter, which significantly reduces the error. Compared with the Count-Min sketch, 1) in theory, we prove that the error of the On-Off sketch is always smaller; 2) in experiments, the On-Off sketch achieves around 6.17 times smaller error and 2.2 times higher throughput. For finding persistent items, we propose a technique to separate persistent and non-persistent items, further improving the accuracy. We show that the space complexity of our On-Off sketch is much better than the state-of-the-art (PIE), and it reduces the error up to 4 orders of magnitude and achieves 2.84 times higher throughput than prior algorithms in experiments.

Yang Zhou,Hao Jin,Peng Liu,Haowei Zhang,Tong Yang,Xiaoming Li

DOI: https://doi.org/10.1109/INFCOMW.2018.8406964

2018-01-01

Abstract:Sketch is a probabilistic data structure, and is widely used for per-flow measurement in network. The most common sketches are the CM sketch and its several variants. However, given a limited memory size, these sketches always significantly overestimate some flows, exhibiting poor accuracy. To address this issue, we proposed a novel sketch named the Bloom sketch, combining the sketch with the Bloom filter, another well-known probabilistic data structure widely used for membership queries. Extensive experiments based on real IP traces show that our Bloom sketch achieves up to 14:47x higher accurac y compared with the CM sketch, while exhibiting comparable insertion and query speed. Our source code is available at Github [1].

Zhuochen Fan,Ruixin Wang,Yalun Cai,Ruwen Zhang,Tong Yang,Yuhan Wu,Bin Cui,Steve Uhlig

DOI: https://doi.org/10.1109/tkde.2023.3278028

IF: 9.235

2023-01-01

IEEE Transactions on Knowledge and Data Engineering

Abstract:In this paper, we propose a generic sketch algorithm capable of achieving more accuracy in the following five tasks: finding top-$k$ frequent items, finding heavy hitters, per-item frequency estimation, and heavy changes in the time and spatial dimension. The state-of-the-art (SOTA) sketch solution for multiple measurement tasks is ElasticSketch (ES). However, the accuracy of its frequency estimation has room for improvement. The reason for this is that ES suffers from overestimation errors in the light part, which introduces errors when querying both frequent and infrequent items. To address these problems, we propose a generic sketch, OneSketch, designed to minimize overestimation errors. To achieve the design goal, we propose four key techniques, which embrace hash collisions and minimize possible errors by handling highly recurrent item replacements well. Experimental results show that OneSketch clearly outperforms 12 SOTA schemes. For example, compared with ES, OneSketch achieves more than 10× lower Average Absolute Error on finding top-$k$ frequent items and heavy hitters, as well as 48.3% and 38.4% higher F1 Scores on two heavy changes under 200KB memory, respectively.

computer science, information systems, artificial intelligence,engineering, electrical & electronic

Tong Yang,Haowei Zhang,Hao Wang,Muhammad Shahzad,Xue Liu,Qin Xin,Xiaoming Li

DOI: https://doi.org/10.1007/s11280-018-0546-5

2018-01-01

World Wide Web

Abstract:Sketches are being extensively used in a large number of real world applications to estimate frequencies of data items. Due to the unprecedented increase in the amount of Internet data and a relatively slower increase in the size of on-chip memories, existing sketches are becoming increasingly unable to keep the accuracy of the frequency estimates at an acceptable level. In this paper, we design a new sketch, called FID-sketch, that has a significantly higher accuracy and a much smaller on-chip memory footprint compared to the existing sketches. The key intuition behind the design of the FID-sketch is that before inserting an item, unlike prior sketches, it first estimates the current value of the frequency of that item stored in the sketch, and then increments as few counters as possible instead of incrementing a pre-determined fixed number of counters. We carried out extensive experiments to evaluate and compare the performance of FID-sketch with existing sketches on multi-core CPU and GPU platforms. Our experimental results show that our FID-sketch significantly outperforms the state-of-the-art with 36.7 times lower relative error. We have released the source code of our proposed sketch and other related sketches that we implemented at Github [21].

Jiuhua Qi,Wenjun Li,Tong Yang,Dagang Li,Hui Li

DOI: https://doi.org/10.1109/ancs.2019.8901891

2019-01-01

Abstract:Per-flow frequency estimation plays a fundamental role in network measurement. As a probabilistic data structure, sketch has been extensively investigated and used for per-flow frequency estimation, but most sketch-based proposals in previous literatures cannot achieve high accuracy and high speed simultaneously. Moreover, because each insertion to a sketch causes increment in multiple entries, the over-estimation error will accumulate quickly over time. In this paper, we propose Cuckoo Counter, a compact and accurate framework for per-flow frequency estimation, which employs three novel ideas: (1) kicking out conflicting flows instead of using multiple entries counts to improve accuracy; (2) using different sizes of entries to insulate mice flows from elephant flows, which can handle the skewed data streams efficiently and improve memory utilization; (3) a Cuckoo-like replacement strategy for mice flows, so as to maintain accurate records for elephant flows. To verify the effectiveness and efficiency of our framework, we compared it with two well-known sketches as well as the recent proposed Augmented sketch and Pyramid sketch. Extensive experimental results on three different types of test datasets show that Cuckoo Counter outperforms these sketches considerably.

Tong Yang,Siang Gao,Zhouyi Sun,Yufei Wang,Yulong Shen,Xiaoming Li

DOI: https://doi.org/10.1109/tpds.2019.2923772

IF: 5.3

2019-01-01

IEEE Transactions on Parallel and Distributed Systems

Abstract:Per-flow measurement is a critical issue in computer networks, and one of its key tasks is to count the number of packets in each flow (for big streaming data). The literature has demonstrated that sketch is the most memory-efficient data structure for the counting task, and is widely used in distributed systems. Existing sketches often use many counters that are of the same size to record the number of packets in a flow, thus the counters are forced to be large enough to accommodate the size of the largest flow. Unfortunately, as most flows are small (i.e., mice flows) and only a very few flows are large (i.e., elephant flows), many counters represent very small values, which is a waste of memory. Sketches are often stored in fast but expensive memory (e.g., SRAM), thus it is critical to achieve high memory efficiency. To address this issue, we propose a novel sketch, namely the Diamond sketch. The Diamond sketch is composed of atom sketches, and each atom sketch uses small counters. The key idea of Diamond is to dynamically assign an appropriate number of atom sketches to each flow on demand, thus optimizing memory efficiency. Experimental results show that the Diamond sketch outperforms the best of the five typical sketches by up to 508.3 times in terms of relative error while keeping comparable speed. We made the source code of all the six sketches available on GitHub [1] .

Tong Yang,Yang Zhou,Hao Jin,Shigang Chen,Xiaoming Li

DOI: https://doi.org/10.14778/3137628.3137652

IF: 2.5

2017-01-01

Proceedings of the VLDB Endowment

Abstract:Sketch is a probabilistic data structure, and is used to store and query the frequency of any item in a given multiset. Due to its high memory efficiency, it has been applied to various fields in computer science, such as stream database, network traffic measurement, etc. The key metrics of sketches for data streams are accuracy, speed, and memory usage. Various sketches have been proposed, but they cannot achieve both high accuracy and high speed using limited memory, especially for skewed datasets. To address this issue, we propose a sketch framework, the Pyramid sketch, which can significantly improve accuracy as well as update and query speed. To verify the effectiveness and efficiency of our framework, we applied our framework to four typical sketches. Extensive experimental results show that the accuracy is improved up to 3.50 times, while the speed is improved up to 2.10 times. We have released our source codes at Github [1].

Shuhao Sun,Dagang Li

DOI: https://doi.org/10.1007/978-3-319-96893-3_7

2018-01-01

Abstract:Sketch is a probabilistic data structure designed for the estimation of item frequencies in a multiset, which is extensively used in data stream processing. The key metrics of sketches for data streams are accuracy, speed, and memory usage. There are various sketches in the literature, but most of them cannot achieve high accuracy, high speed and using limited memory at the same time for skewed datasets. Recently, two new sketches, the Pyramid sketch [1] and the OM sketch [2], have been proposed to tackle the problem. In this paper, we look closely at five different but important aspects of these two solutions and discuss the details on conditions and limits of their methods. Three of them, memory utilization, isolation and neutralization are related to accuracy; the other two: memory access and hash calculation are related to speed. We found that the new techniques proposed: automatic enlargement and hierarchy for accuracy, word acceleration and hash bit technique for speed play the central role in the improvement, but they also have limitations and side-effects. Other properties of working sketches such as deletion and generality are also discussed. Our discussions are supported by extensive experimental results, and we believe they can help in future development for better sketches.

Zhuochen Fan,Yinda Zhang,Tong Yang,Mingyi Yan,Gang Wen,Yuhan Wu,Hongze Li,Bin Cui

DOI: https://doi.org/10.1109/icde53745.2022.00012

2022-01-01

Abstract:In this paper, we study periodic items in data streams, which refer to those items arriving with a fixed interval. All existing works involving mining periodic patterns does not fit for data stream scenarios. To find periodic items in real time, we propose a novel sketch, PeriodicSketch, aiming to accurately record top-$K$ periodic items. To the best of our knowledge, this is the first work to find periodic items in data streams. Any interval may occur many times, and we use frequency to denote the number of an interval occurred. To pick out periodic items with high frequency, we propose a key technique called Guaranteed Soft Uniform (GSU) replacement strategy. Our theoretical proofs show that when replacement is successful, it is more likely that the new item has a higher frequency than the current smallest frequency; and GSU can ensure that our items in the sketch will approach the true periodic items closer and closer. And as soon as we get all the periodic items, the state would not change worse with high probability. We conduct extensive experiments, and the experimental results show that the Average Absolute Error (AAE) of our sketch using 1/10 memory is around 737 times (up to 2019 times) lower than the baseline solution. Finally, we provide a concrete case: Cache prefetch, which proves that PeriodicSketch can significantly improve the Cache hit ratio. All related codes of PeriodicSketch are open-sourced and available at GitHub [1].

Lingtong Liu,Yulong Shen,Yibo Yan,Tong Yang,Muhammad Shahzad,Bin Cui,Gaogang Xie

DOI: https://doi.org/10.1109/tpds.2020.2987609

IF: 5.3

2020-10-01

IEEE Transactions on Parallel and Distributed Systems

Abstract:Sketches are probabilistic data structures designed for recording frequencies of items in a multi-set. They are widely used in various fields, especially for gathering Internet statistics from distributed data streams in network measurements. In a distributed streaming application with high data rates, a sketch in each monitoring node "fills up" very quickly and then its content is transferred to a remote collector responsible for answering queries. Thus, the size of the contents transferred must be kept as small as possible while meeting the desired accuracy requirement. To obtain significantly higher accuracy while keeping the same update and query speed as the best prior sketches, in this article, we propose a new sketch – the Slim-Fat (SF) sketch. The key idea behind the SF-sketch is to maintain two separate sketches: a larger sketch, the Fat-subsketch, and a smaller sketch, the Slim-subsketch. The Fat-subsketch is used for updating and periodically producing the Slim-subsketch, which is then transferred to the remote collector for answering queries quickly and accurately. We also present the error bound as well as an accurate model of the correct rate of the SF-sketch, and verify their correctness through experiments. We implemented and extensively evaluated the SF-sketch along with several prior sketches. Our results show that when the size of our Slim-subsketch and of the widely used Count-Min (CM) sketch are kept the same, our SF-sketch outperforms the CM-sketch by up to 33.1 times in terms of accuracy (when the ratio of the sizes of the Fat-subsketch and the Slim-subsketch is 16:1). We have made all source codes publicly available at Github ["Source code of SF sketches," [Online]. Available: https://github.com/paper2017/SF-sketch].

computer science, theory & methods,engineering, electrical & electronic

Qin Xin,Jianping Wu

DOI: https://doi.org/10.1007/s10619-018-7225-5

IF: 0.974

2018-01-01

Distributed and Parallel Databases

Abstract:Sketch is a memory-efficient data structure, and is used to store and query the frequency of any item in a given multiset. As it can achieve fast query and update, it has been applied to various fields. Different sketches have different advantages and disadvantages. Sketches are originally proposed for estimation of flow size in network measurement. The key factor of sketches for network measurement is the insertion speed and accuracy. In this paper, we propose a new sketch, which can significantly improve the insertion speed while improving the accuracy. Our key methods include on-chip/off-chip separation and partial update algorithm. Extensive experimental results show that our sketch significantly outperforms the state-of-the-art both in terms of accuracy and speed.

Haoyu Li,Qizhi Chen,Yixin Zhang,Tong Yang,Bin Cui

DOI: https://doi.org/10.14778/3523210.3523220

IF: 2.5

2022-01-01

Proceedings of the VLDB Endowment

Abstract:Recording the frequency of items in highly skewed data streams is a fundamental and hot problem in recent years. The literature demonstrates that sketch is the most promising solution. The typical metrics to measure a sketch are accuracy and speed, but existing sketches make only trade-offs between the two dimensions. Our proposed solution is a new sketch framework called Stingy sketch with two key techniques: Bit-pinching Counter Tree ( BCTree ) and Prophet Queue ( PQueue ) which optimizes both the accuracy and speed. The key idea of BCTree is to split a large fixed-size counter into many small nodes of a tree structure, and to use a precise encoding to perform carry-in operations with low processing overhead. The key idea of PQueue is to use pipelined prefetch technique to make most memory accesses happen in L2 cache without losing precision. Importantly, the two techniques are cooperative so that Stingy sketch can improve accuracy and speed simultaneously. Extensive experimental results show that Stingy sketch is up to 50% more accurate than the SOTA of accuracy-oriented sketches and is up to 33% faster than the SOTA of speed-oriented sketches.

Tong Yang,Siang Gao,Zhouyi Sun,Yufei Wang,Yulong Shen,Xiaoming Li

DOI: https://doi.org/10.1109/infcomw.2018.8406946

2018-01-01

Abstract:Existing sketches often have low memory efficiencies when performing per-flow measurement tasks on skewed IP streams. In this paper, we propose Diamond Sketch, a novel sketch that dynamically assigns an appropriate number of atom sketches to each flow on demand, improving the accuracy considerably while keeping a comparable speed.

Keke Zheng,Wenzhu Chen,Botao Feng,Hanxin Zhang

DOI: https://doi.org/10.1109/access.2024.3385499

IF: 3.9

2024-04-16

IEEE Access

Abstract:Efficient real-time top-k flows measurement plays a pivotal role in enhancing both network performance and security, including tasks such as timely traffic scheduling, optimizing network latency and identifying potential security threats. However, traditional methods for detecting top-k flows suffer from decreased accuracy and high memory overhead. Furthermore, many existing methods overlook finer-grained measurements, such as the detection within the latest short time intervals. With the increasing expansion scale and link speed of the network, an accurate real-time top-k flows identified method is required. This paper proposes wSketch, a novel sketch-based method for real-time top-k flows detection. The innovations of wSketch are that it combines with the sliding window model and circular queue model, and introduces a novel probabilistic update solution. The probabilistic update mechanism gives the larger flow a greater chance of retention, the sliding window model focuses on the latest flow in the last time units, and the circular queue reduces memory consumption. Therefore, wSketch provides insights into the current network situation and does well in anticipating future trends. The experimental results showcase wSketch's superior performance, achieving over 96% accuracy with a small memory size of 20KB.

computer science, information systems,telecommunications,engineering, electrical & electronic

Haoyu Li,Qizhi Chen,Yixin Zhang,Tong Yang,Bin Cui

DOI: https://doi.org/10.14778/3523210.3523220

IF: 2.5

2022-01-01

Proceedings of the VLDB Endowment

Abstract:Recording the frequency of items in highly skewed data streams is a fundamental and hot problem in recent years. The literature demonstrates that sketch is the most promising solution. The typical metrics to measure a sketch are accuracy and speed, but existing sketches make only trade-offs between the two dimensions. Our proposed solution is a new sketch framework called Stingy sketch with two key techniques: Bit-pinching Counter Tree (BCTree) and Prophet Queue (PQueue) which optimizes both the accuracy and speed. The key idea of BCTree is to split a large fixed-size counter into many small nodes of a tree structure, and to use a precise encoding to perform carry-in operations with low processing overhead. The key idea of PQueue is to use pipelined prefetch technique to make most memory accesses happen in L2 cache without losing precision. Importantly, the two techniques are cooperative so that Stingy sketch can improve accuracy and speed simultaneously. Extensive experimental results show that Stingy sketch is up to 50% more accurate than the SOTA of accuracy-oriented sketches and is up to 33% faster than the SOTA of speed-oriented sketches.

Quan Yuan,Fenghua Li,Jessie Hui Wang,Shuanghong Yu,Allen Hong,Xingkun Yao

DOI: https://doi.org/10.23919/ifipnetworking55013.2022.9829805

2022-01-01

Abstract:Network telemetry provides operators with a fine-grained internal view of network behavior. Recently, various lightweight and high-accuracy sketch algorithms have been proposed for real-time full flow record collection. However, they still have at least two deficiencies: (1) they are mostly designed for counting and cannot accurately support other kinds of aggregation functions, such as max and mean; and (2) the vast majority of them are focused on improving the measurement accuracy of each individual period, overlooking the fact that many elephant flows last for multiple periods. In this paper, we propose PNT sketch, a generic algorithm with well-designed data structures and strategies. The PNT sketch implements multiple aggregation functions to record flow attributes for elephant flows and improves the accuracy of a new period through the full use of historical flow records collected in the previous period with our history-aware reset strategy. We conduct a theoretical analysis of our algorithm, and the results show that it has a more rigorous error bound than the Elastic sketch. We implement our algorithm on both the x86 and P4 platforms and evaluate its performance on seven different tasks. Compared to the state-of-the-art, the PNT sketch achieves 1.4 ~ 437.2 smaller error rates.

Zhuochen Fan,Yubo Zhang,Siyuan Dong,Yi Zhou,Fangyi Liu,Tong Yang,Steve Uhlig,Bin Cui

DOI: https://doi.org/10.1109/tkde.2022.3221111

IF: 9.235

2022-01-01

IEEE Transactions on Knowledge and Data Engineering

Abstract:Nowadays, research on temporal membership queries is indispensable. Generally, temporal membership queries exist in two modalities: fixed windows and sliding windows, the latter having obvious advantages. The first sketch that implements temporal membership queries is the persistent Bloom filter (PBF). PBF has two shortcomings: it does not support sliding windows nor frequency queries. Here, we propose HoppingSketch to promote the original PBF. It is the first sketch that implements temporal membership queries for sliding windows. HoppingSketch is a general and efficient data stream processing framework, able to implement different tasks thanks to different atomic sketches. When the atomic sketches are Bloom filters and we apply them to PBF, HoppingSketch can achieve significantly higher temporal membership query accuracy than the original PBF. When the atomic sketches are sketches of Count-Min, Conservative Update, and Count, HoppingSketch can achieve more accurate frequency query than by applying PBF on the corresponding sketches. Our experimental results demonstrate the advantages of HoppingSketch compared with the state-of-the-art.

computer science, information systems, artificial intelligence,engineering, electrical & electronic