SPArch: A Hardware-oriented Sketch-based Architecture for High-speed Network Flow Measurements

IF 3 4区计算机科学 Q2 COMPUTER SCIENCE, INFORMATION SYSTEMS

ACM Transactions on Privacy and Security Pub Date : 2024-08-08 DOI:10.1145/3687477

Arish Sateesan, J. Vliegen, Simon Scherrer, H. Hsiao, A. Perrig, N. Mentens

{"title":"SPArch: A Hardware-oriented Sketch-based Architecture for High-speed Network Flow Measurements","authors":"Arish Sateesan, J. Vliegen, Simon Scherrer, H. Hsiao, A. Perrig, N. Mentens","doi":"10.1145/3687477","DOIUrl":null,"url":null,"abstract":"Network flow measurement is an integral part of modern high-speed applications for network security and data-stream processing. However, processing at line rate while maintaining the required data structure within the on-chip memory of the hardware platform is a challenging task for measurement algorithms, especially when accuracy is of primary importance, such as in network security applications. Most of the existing measurement algorithms are no exception to such issues when deployed in high-speed networking environments and are also not tailored for efficient hardware implementation. Sketch-based measurement algorithms minimize the memory requirement and are suitable for high-speed networks but possess a low memory-accuracy trade-off and lack the versatility of individual flow mapping. To address these challenges, we present a hardware-friendly data structure named Sketch-based Pseudo-associative array Architecture (SPArch). SPArch is highly accurate and extremely memory-efficient, making it suitable for network flow measurement and security applications. The parallelism in SPArch ensures minimal and constant memory access cycles. Unlike other sketch architectures, SPArch provides the functionality of individual flow mapping similar to associative arrays, and the optimized version of SPArch allows the organization of counters in multiple buckets based on the flow sizes. An in-depth analysis of SPArch is carried out in this paper and implemented SPArch on the Alveo data center accelerator card, demonstrating its suitability for high-speed networks.","PeriodicalId":56050,"journal":{"name":"ACM Transactions on Privacy and Security","volume":null,"pages":null},"PeriodicalIF":3.0000,"publicationDate":"2024-08-08","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"ACM Transactions on Privacy and Security","FirstCategoryId":"94","ListUrlMain":"https://doi.org/10.1145/3687477","RegionNum":4,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q2","JCRName":"COMPUTER SCIENCE, INFORMATION SYSTEMS","Score":null,"Total":0}

引用次数: 0

Abstract

Network flow measurement is an integral part of modern high-speed applications for network security and data-stream processing. However, processing at line rate while maintaining the required data structure within the on-chip memory of the hardware platform is a challenging task for measurement algorithms, especially when accuracy is of primary importance, such as in network security applications. Most of the existing measurement algorithms are no exception to such issues when deployed in high-speed networking environments and are also not tailored for efficient hardware implementation. Sketch-based measurement algorithms minimize the memory requirement and are suitable for high-speed networks but possess a low memory-accuracy trade-off and lack the versatility of individual flow mapping. To address these challenges, we present a hardware-friendly data structure named Sketch-based Pseudo-associative array Architecture (SPArch). SPArch is highly accurate and extremely memory-efficient, making it suitable for network flow measurement and security applications. The parallelism in SPArch ensures minimal and constant memory access cycles. Unlike other sketch architectures, SPArch provides the functionality of individual flow mapping similar to associative arrays, and the optimized version of SPArch allows the organization of counters in multiple buckets based on the flow sizes. An in-depth analysis of SPArch is carried out in this paper and implemented SPArch on the Alveo data center accelerator card, demonstrating its suitability for high-speed networks.

查看原文本刊更多论文

SPArch：面向硬件的基于草图的高速网络流量测量架构

网络流量测量是现代网络安全和数据流处理高速应用不可或缺的一部分。然而，在硬件平台的片上内存中保持所需的数据结构，同时以线速进行处理，这对测量算法来说是一项具有挑战性的任务，尤其是在网络安全应用等对精度要求极高的情况下。现有的大多数测量算法在部署到高速网络环境中时也不例外，而且也不是为高效的硬件实施而量身定制的。基于草图的测量算法能最大限度地减少内存需求，适用于高速网络，但内存-精度权衡较低，且缺乏单个流量映射的多功能性。为了应对这些挑战，我们提出了一种硬件友好型数据结构，命名为基于草图的伪关联阵列架构（SPArch）。SPArch 具有高精度和极高的内存效率，因此适用于网络流量测量和安全应用。SPArch 的并行性可确保内存访问周期最小且保持不变。与其他草图架构不同，SPArch 提供了与关联数组类似的单个流量映射功能，而且 SPArch 的优化版本允许根据流量大小将计数器组织到多个桶中。本文对 SPArch 进行了深入分析，并在 Alveo 数据中心加速卡上实现了 SPArch，证明其适用于高速网络。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

ACM Transactions on Privacy and Security Computer Science-General Computer Science

CiteScore

5.20

自引率

0.00%

发文量

期刊介绍： ACM Transactions on Privacy and Security (TOPS) (formerly known as TISSEC) publishes high-quality research results in the fields of information and system security and privacy. Studies addressing all aspects of these fields are welcomed, ranging from technologies, to systems and applications, to the crafting of policies.