Abstract
The rapid development of the explosive growth of the network traffic and new networks, such as cloud computing and IoT have challenged the traditional network measurement techniques with limited memory resources and computational resources. The measurement method based on sketch structure can compress and store massive traffic data by hash calculation, which facilitates statistical analysis in limited memory and has a greater impact on anomalous traffic detection. Current researches show that using sketch structure to store network traffic and combining it with machine learning to detect anomalous traffic in network traffic can solve the above problem effectively. However, the classical sketch structure has some problems such as hash collision and low memory usage, etc., which in turn affect the accuracy of machine learning models for anomalous traffic detection. In this paper, an improved sketch structure is proposed based on the cuckoo hash and CK Sketch structure which replaces the hash function in the classical sketch with the mechanism of cuckoo hash to avoid hash conflict, adds Bloom filter, and can self-adaption allocate the number of Hash buckets. By storing the anomalous traffic data as CK Sketch structure and classical sketch structure respectively, and conducting the anomalous traffic detection comparison experiments with machine learning respectively, the experimental results show that the CK sketch structure proposed in this paper can effectively improve the accuracy of machine learning to determine the anomalous traffic, the utilization rate of hash buckets and the network throughput.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
https://www.miit.gov.cn/jgsj/yxj/xxfb/art/2022/art_3b457a2cda504fe89b75605fe7235492.html
Agarwal, S., Kodialam, M., Lakshman, T.V.: Traffic engineering in software defined networks. In: International Conference on Computer Communications, pp. 2211–2219 (2013)
Raspall, F.: Efficient packet sampling for accurate traffic measurements. Comput. Netw. 56(6), 1667–1684 (2012)
Wu, G., Yun, X., Wang, Y., et al.: A sketching approach for obtaining real-time statistics over data streams in cloud. IEEE Trans. Cloud Comput. 99, 1–1 (2020)
Lin, Y.B., Huang, C.C., Tsai, S.C.: SDN soft computing application for detecting heavy hitters. IEEE Trans. Indust. Inform. 15(10), 5690–5699 (2019)
Manku, G.S., Motwani, R.: Approximate frequency counts over data streams. Proceedings of VLDB Endow., vol. 5, 12 (August 2012), p. 1699 (2012)
Wu, M., Huang, H., Sun, Y.-E., Du, Y., Chen, S., Gao, G.: ActiveKeeper: an accurate and efficient algorithm for finding top-k elephant flows. IEEE Commun. Lett. 25(8), 2545–2549 (2021). https://doi.org/10.1109/LCOMM.2021.3077902
Cormode, G., Muthukrishnan, S.: An improved data stream summary: the count-min sketch and its applications. J. Algor. 55(1), 58–75 (2005)
Salem, O., Makke, A., Tajer, J., et al.: Flooding attacks detection in traffic of backbone networks. In: Local Computer Networks. IEEE (2011)
Jing, X., Yan, Z., Liang, X., et al.: Network traffic fusion and analysis against DDoS flooding attacks with a novel reversible sketch. Inf. Fus. 51, 100–113 (2019)
Salem, O., Vaton, S., Gravey, A.: A scalable, efficient and informative approach for anomaly-based intrusion detection systems: theory and practice. John Wiley & Sons, Ltd. 20(5), 271–293 (2010)
Kim, M.S., Kang, H.J., Hong, S.C., et al.: A flow-based method for abnormal network traffic detection. In: Managing Next Generation Convergence Networks and Services, IEEE/IFIP Network Operations and Management Symposium, NOMS 2004, Seoul, Korea, pp. 19–23 April 2004, Proceedings. IEEE, 2004
Tang, J., Cheng, Y., Hao, Y., et al.: SIP flooding attack detection with a multi-dimensional sketch design. IEEE Trans. Depend. Secure Comput. 11(6), 582–595 (2014)
Shi, Y., Anandkumar, A.: Higher-order count sketch: dimensionality reduction that retains efficient tensor operations. 2020 Data Compression Conference (DCC), pp. 394–394 (2020). https://doi.org/10.1109/DCC47342.2020.00045
Liu, C.H., Kind, A., Vasilakos, A.V.: Sketching the data center network traffic. IEEE Network 27(4), 33–39 (2013). https://doi.org/10.1109/MNET.2013.6574663
Tao, L., Shigang, C., et al.: Per-flow traffic measurement through randomized counter sharing. IEEE/ACM Trans. Network. (2012)
Zhang, M., Wang, H., Li, J., et al.: Learned sketches for frequency estimation. Inf. Sci. 507, 365–385 (2020)
Huang, Q., Lee, P.P.C., Bao, Y.: Sketchlearn: relieving user burdens in approximate measurement with automated statistical inference. In: The 2018 Conference of the ACM Special Interest Group. ACM (2018)
Pagh, R., Rodler, F.F.: Cuckoo hashing. J. Algorithms 51(2), 122–144 (2004)
Jiang, J., Fu, F., Ya, T., et al.: SketchML: Accelerating distributed machine learning with data sketches. In: The 2018 International Conference (2018)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2022 The Author(s), under exclusive license to Springer Nature Switzerland AG
About this paper
Cite this paper
Chi, Y., Xue, D., Yue, Z., Wang, Z., Jiaming, L. (2022). Anomalous Network Traffic Detection Based on CK Sketch and Machine Learning. In: Chen, X., Shen, J., Susilo, W. (eds) Cyberspace Safety and Security. CSS 2022. Lecture Notes in Computer Science, vol 13547. Springer, Cham. https://doi.org/10.1007/978-3-031-18067-5_17
Download citation
DOI: https://doi.org/10.1007/978-3-031-18067-5_17
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-031-18066-8
Online ISBN: 978-3-031-18067-5
eBook Packages: Computer ScienceComputer Science (R0)