On the Privacy of the Count-Min Sketch: Extracting the Top-K Elements

Estimating the frequency of elements in a data stream and identifying the elements that appear many times (also known as heavy hitters) are needed in many applications such as traffic monitoring in networks or popularity estimate in web and social networks. The Count-Min Sketch (CMS) is probably one of the most widely used algorithms for frequency estimate. The CMS uses a sub-linear space to provide queries for data streams and retrieve an approximate value for the frequency of events. It has been used in many different applications and scenarios, making its security and privacy a matter of interest. This paper considers the privacy of the CMS and presents an algorithm to extract the most frequent elements (also known as top-K) and their estimate from a CMS. This is possible for universes of a limited size; when the attacker has access to the sketch, its hash functions and the counters at a specific point of time. The algorithm is tested using CAIDA traces showing that it is able to retrieve the group of top-K elements with an acceptable percentage of false positives and negatives. The results improve with the size of the sketch and for smaller values of K, indicating that in some practical settings an attacker can extract substantial information about the top-K elements from the sketch. The code used in the simulation is provided in a public open-source repository to facilitate reproducing our results and extending the ideas presented in this paper.