( , *) one-to-many: e.g., scanning (*, ) many-to-one: e.g., DDoS ( /24, /28) subnet-to-subnet

Transcription

1

2 ( , *) one-to-many: e.g., scanning (*, ) many-to-one: e.g., DDoS ( /24, /28) subnet-to-subnet 2

3 c φn φ: N: / /0 10.1/ / / / / / / / / /

4 src: dst: [ /32, /16] [ /24, /24] [ /16, /32] sum of prefix lengths ,0 24,8 8,24 32,8 8,0 32,24 8,8 0,8 16,8 8,16 24,16 24,24 16,24 24,32 0,24 8,32 [ /32, /24] [ /24, /32] [ /32, /32] Lattice for IPv4 prefix length pair with 8-bit granularity 4

5 5

6 6

7 ci = j cj where { j child(i) cj < φn } 7

8 8

9 child(i) child(i) [16, 16] [16, 16] (1.2/16, 5.6/16) [24, 16] [16, 16] [24, 24] [16, 24] [24, 16] (1.2.0/24, 5.6/16) (1.2.1/24, 5.6/16) (1.2.3/24, 5.6/16)... [16, 24] (1.2/16, 5.6.0/24) (1.2/16, 5.6.1/24) (1.2/16, 5.6.3/24)... bottom-up aggregation top-down space partitioning 9

10 (l0, l1) 8,0 0,8 8,8 24,0 24,8 16,8 8,16 8,24 0,24 32,8 24,16 16,24 8,32 24,24 32,24 24,32 0,8 8,0 8,8 (I) upper sub-area 0,24 8,16 8,24 (II) right sub-area 16,8 24,0 24,8 (III) left sub-area 16,24 24,16 24,24 (IV) lower sub-area 8,32 24,32 (V) right bottom edge 32,8 32,24 (VI) left bottom edge 10

11 8,0 0,8 8,8 24,0 (I) 16,8 8,16 0,24 24,8 8,24 32,8 (III) 24,16 16,24 (II) 8,32 24,24 (VI) 32,24 (IV) 24,32 (V) 11

12 12

13

14

15

16

17

18

19

20

21

22

23

24

25

26

27

28

29

30

31

32

33

34

35

36 4 HHHs extracted

37 14

38 15

39 16

40 17

41 18

42 aggregated by (src,dst) region no src dst c /N (%) VI (1) / / V III II I (2) / / (3) / / (4) * / (5) /23 * 5.0 (6) /20 * 6.8 (7) * / (8) * / (9) * / (10) / / (11) /12 * 6.7 (12) * /7 7.6 () /4 * 5.0 (14) /2 * 6.0 (15) * / * * I aggregated by (dst,src) (1)-(12) identical to (src,dst) () / /2 5.7 (14) * /3 5.3 (15) /1 * * *

43 aggregated by (src,dst) region no src dst c /N (%) VI (1) / / V III II I (2) / / (3) / / (4) * / (5) /23 * 5.0 (6) /20 * 6.8 (7) * / (8) * / (9) * / (10) / / (11) /12 * 6.7 (12) * /7 7.6 () /4 * 5.0 (14) /2 * 6.0 (15) * / * * no RLS(%) SS(%) missing SS HHHs with their c /N (%) (1) (2) (3) (4) (5) (6) (7) (8) (9) (10) (96/3, /16):5.4 (0/2, /16):5.6 (112/4, /12):5.2 (64/2, /12):9.0 (11) (12) (0/1, /20):6.0 (128/2, /16):5.5 (192/4,202/8):5.1 (*, /12):25.5 (16/4,202/7):5.4 (128/1, /9):10.6 (64/2,202/7):15.5 (128/1,202/7):17.7 () (14) ( //1):6.0 (144/4,128/1):5.3 (128/2,96/3):5.0 (128/3,0/1):5.3 (160/3,128/1):7.0 (128/2,0/2):5.7 (128/2,0/1):11.4 (15) (128/1,160/6):5.0 (192/4,128/2):5.2 (0/1,128/2):22.7 (*,128/3): (202/7,0/2):5.4 (192/8,128/1):5.6 (202/8,0/1):5.7 (202/7,128/1):6.0 (192/3,200/5):10.5 (128/1,112/6):5.1 (112/5,128/1):21.8 (200/5,*):17.0 (192/4,128/1):.6 (128/1,16/4):6.2 (*,200/5):42.4 (64/3,128/1):6.0 (96/3,128/1):29.7 (128/1,64/2):10.4 (0/1,128/1):46.7 (128/1,*):53.3 (*,128/1):

44 CPU time (sec) RLS 5x5 RLS 33x33 SS 5x5 SS 33x input N (million packets) 21

45 Memory usage (MB) RLS 5x5 RLS 33x33 SS 5x5 SS 33x input N (million packets) 22