High throughput sketch based online heavy change detection on FPGA

Significant changes in traffic patterns often indicate network anomalies. Detecting these changes rapidly and accurately is a critical task for network security. Due to the large number of network users and the high throughput requirement of today's networks, traditional per-item-state techniques are either too expensive when implemented using fast storage devices (such as SRAM) or too slow when implemented using storage devices with massive capacity (such as DRAM). Sketch, as a highly accurate data stream summarization technique, significantly reduces the memory requirements while supporting a large number of items. Sketch based techniques are attractive for exploiting the fast on-chip storage of state-of-the-art computing platforms to achieve high throughput. In this work, we propose a fully pipelined Sketch based architecture on FPGA for online heavy change detection. Our architecture forecasts the activity of the network entities based on their history, then reports the entities whose difference between their observed activities and the forecast activities exceed a given threshold. The post place-and-route results on a state-of-the-art FPGA show that our architecture sustains high throughput of 96 - 103 Gbps using various configurations of online heavy change detection.

[1]  M. V. Ramakrishna,et al.  Efficient Hardware Hashing Functions for High Performance Computers , 1997, IEEE Trans. Computers.

[2]  Viktor K. Prasanna,et al.  High throughput and programmable online trafficclassifier on FPGA , 2013, FPGA '13.

[3]  Viktor K. Prasanna,et al.  High-Performance and Dynamically Updatable Packet Classification Engine on FPGA , 2016, IEEE Transactions on Parallel and Distributed Systems.

[4]  Graham Cormode,et al.  What's new: finding significant differences in network data streams , 2004, IEEE/ACM Transactions on Networking.

[5]  Theophilus Wellem,et al.  Accelerating Sketch-Based Computations with GPU: A Case Study for Network Traffic Change Detection , 2011, 2011 ACM/IEEE Seventh Symposium on Architectures for Networking and Communications Systems.

[6]  Natalie D. Enright Jerger,et al.  Efficient and programmable ethernet switching with a NoC-enhanced FPGA , 2014, 2014 ACM/IEEE Symposium on Architectures for Networking and Communications Systems (ANCS).

[7]  George Varghese,et al.  New directions in traffic measurement and accounting , 2002, CCRV.

[8]  Gustavo Alonso,et al.  A flexible hash table design for 10GBPS key-value stores on FPGAS , 2013, 2013 23rd International Conference on Field programmable Logic and Applications.

[9]  Ming-Yang Kao,et al.  Reversible sketches: enabling monitoring and analysis over high-speed data streams , 2007, TNET.

[10]  Sudipto Guha,et al.  Fast, small-space algorithms for approximate histogram maintenance , 2002, STOC '02.

[11]  Graham Cormode,et al.  An improved data stream summary: the count-min sketch and its applications , 2004, J. Algorithms.

[12]  Gordon J. Brebner,et al.  400 Gb/s Programmable Packet Parsing on a Single FPGA , 2011, 2011 ACM/IEEE Seventh Symposium on Architectures for Networking and Communications Systems.

[13]  Balachander Krishnamurthy,et al.  Sketch-based change detection: methods, evaluation, and applications , 2003, IMC '03.

[14]  Divesh Srivastava,et al.  Finding hierarchical heavy hitters in streaming data , 2008, TKDD.

[15]  Hargyo Tri Nugroho,et al.  Implementing On-line Sketch-Based Change Detection on a NetFPGA Platform , 2010 .

[16]  Yan Gao,et al.  A DoS Resilient Flow-level Intrusion Detection Approach for High-speed Networks , 2006, 26th IEEE International Conference on Distributed Computing Systems (ICDCS'06).