Traffic measurement in high-speed networks has many important functions in improving network performance, assisting resource allocation, and detecting anomalies. In this paper, we study a generalized problem called ${k}$ -persistent spread estimation, which measures the volume of persist traffic elements in each flow that appear during at least ${k}$ out of ${t}$ measurement periods, where ${k}$ and ${t}$ are two positive integers that can be arbitrarily set in user queries, with ${k} \le {t}$ . Solutions to this problem have interesting applications in network attack detection, popular content identification, user access profiling, etc. There is very limited prior art for this problem, only addressing the special case of ${k} = {t}$ under a flawed assumption. Removing this assumption, we propose an efficient and accurate estimator for generalized ${k}$ -persistent traffic measurement, with ${k} \le {t}$ . Our method relies on bitwise SUM, instead of bitwise AND in the prior art, to combine the information collected from different periods. This change has fundamental impact on the probabilistic analysis that derives the estimator, particular over space-saving virtual bitmaps. Based on real network traces, we demonstrate experimentally the effectiveness of our new method in estimating the ${k}$ -persistent spreads of all network flows. Our estimator performs much better than the prior art on its case of ${k} = {t}$ . We also incorporate a sampling module to the estimator for improved flexibility, and give a use study on how to detect and find DDoS attackers using the proposed estimator.

中文翻译：

---

高效 ķ网络中流量测量的持久扩散估计器

高速网络中的流量测量在提高网络性能，协助资源分配和检测异常方面具有许多重要功能。在本文中，我们研究了一个广义问题 $ {k} $ -持续传播估计，用于测量至少在以下期间出现的每个流中持续存在的流量元素的数量 $ {k} $ 在......之外 $ {t} $ 测量周期，其中 $ {k} $ 和 $ {t} $ 是可以在用户查询中任意设置的两个正整数，其中 $ {k} \ le {t} $ 。该问题的解决方案在网络攻击检测，流行的内容标识，用户访问配置文件等方面具有有趣的应用。此问题的现有技术非常有限，仅解决了以下特殊情况： $ {k} = {t} $ 在一个错误的假设下。去掉这个假设，我们提出了一个有效和准确的估计 $ {k} $ 持续流量测量，具有 $ {k} \ le {t} $ 。我们的方法依赖于按位求和，而不是现有技术中的按位与，来组合从不同时段收集的信息。这种变化对推导估计器的概率分析有根本的影响，尤其是在节省空间的虚拟位图上。根据真实的网络轨迹，我们通过实验证明了我们的新方法在估算网络中的有效性 $ {k} $ -所有网络流量的持续传播。在这种情况下，我们的估算器的性能比现有技术好得多 $ {k} = {t} $ 。我们还将抽样模块合并到估计器中，以提高灵活性，并就如何使用建议的估计器检测和发现DDoS攻击者进行了使用研究。