Research On Network Traffic Measurement Method Based On Sketch Structure

The network scale has become larger and the network infrastructure is increasingly complex,a series of network security issues have become prominent.Lawbreakers invade the network through security vulnerabilities and carry out malicious attacks and spread network viruses,causing server crashes,network paralysis,information leakage,which bring huge economic losses to the enterprises.In this case,network traffic measurement is indispensable.Traffic measurement is a process in which collects packets from switches or routers,counts them and reports data characteristics of network behavior to network managers.Real-time traffic statistics can not only detect potential network security threats,maintain network stability,but also provide important information for network functions such as network performance diagnosis,congestion control,load balancing and network billing.Network traffic has increased dramatically,traditional traffic measurement methods are faced with challenges in terms of memory resources and computing resources,resulting the measurement performance deteriorates seriously.How to achieve a real-time and accurate traffic measurement under resource constraints has become an urgent problem.The sketch-based measurement method uses a sketch data structure to compress massive data into a small memory for statistical analysis,which is an effective approach to solve the current problem.Based on sketch structure,this paper designs two traffic measurement methods:1.The distribution characteristics of traffic in computer networks are analyzed in detail.The flow size distribution is skewed-the elephant flow is far less than mouse flow in quantity,while the total volume of elephant flows is far more than that of mouse flows.According to this characteristic,a measurement algorithm based on heavy-tailed distribution is proposed.It constructs a scoring model to evaluate the possibility that the current flow belongs to the elephant flow.When all packets are processed,the flow with a high grade belongs to elephant flow,and the flow with a low grade is a mouse flow.The algorithm separates the elephant flows from the mouse flows accurately and reduces the super-errors.2.In addition to finding heavy hitter and heavy changer,superspreader detection and DDoS attack detection are also essential measurement tasks.The measurement algorithm based on cuckoo hashing is proposed to monitor malicious attacks in the network.The algorithm sets two pair-independent hash functions in a single hash table.When a hash conflict occurs in the bucket,it expels the mouse flow from the hash table and retains the elephant flow by greedy algorithm.The algorithm can keep more important information in the limited memory.3.This paper conducts experiments on multiple datasets such as CAIDA,MACCDC.Compared with CM sketch,Elastic sketch,the two algorithms proposed in this paper show good performance in terms of memory consumption and accuracy when performing elephant flow detection,entropy estimation,and flow distribution.And the SIMD instructions are used to optimize the processing speed,which increases the throughput to 1.2 times the original version.