Academia.eduAcademia.edu

Outline

Title
Abstract
Introduction
Related Work
Background
Data
Conclusions
References

Enabling Real-Time Querying of Live and Historical Stream Data

Profile image of Kesheng WuKesheng Wu

2007, 19th International Conference on Scientific and Statistical Database Management (SSDBM 2007)

https://doi.org/10.1109/SSDBM.2007.34
visibility

description

10 pages

link

1 file

Abstract

Applications that query data streams in order to identify trends, patterns, or anomalies can often benefit from comparing the live stream data with archived historical stream data. However, searching this historical data in real time has been considered so far to be prohibitively expensive. One of the main bottlenecks is the update costs of the indices over the archived data. In this paper, we address this problem by using our highly-efficient bitmap indexing technology (called FastBit) and demonstrate that the index update operations are sufficiently efficient for this bottleneck to be removed. We describe our prototype system based on the TelegraphCQ streaming query processor and the FastBit bitmap index. We present a detailed performance evaluation of our system using a complex query workload for analyzing real network traffic data. The combined system uses TelegraphCQ to analyze streams of traffic information and FastBit to correlate current behaviors with historical trends. We demonstrate that our system can simultaneously analyze (1) live streams with high data rates and (2) a large repository of historical stream data.

Related papers

Comparison of Tools for Data Mining and Retrieval in High Volume Data Stream
Faraz Khan

2009

Applications querying real time data streams in order to identify trends, patterns, or anomalies can often benefit from comparing the live stream data with archived historical stream data. This is especially true for applications involving live & unpredictable data like in traffic analysis & stock markets. However this data mining in DSMSs have turned out to be a costly proposition. In this paper, perform a comparative analysis between various tools available that can handle this historical data & hence facilitate in the Data Mining. For comparing the tools for data retrieval, we cover inclemently, from using traditional DBMS to the more sophisticated tools that utilize Bit-Map indexing or Hoeffding Algorithm. We will see how these tools can simultaneously analyze (1) live streams with high data rates and maintain (2) a large repository of historical stream data.

View PDFchevron_right
Data stream management system: Tools for live stream handling & their application on trivial network analysis problems
Faraz Khan

2008

System tool TelegraphCQ. The number of tools for analyzing data traffic in the Internet is continuously increasing, because there is an increasing need in many different application domains. The high volume data that flows within a network requires one to rethink the fundamental architecture of a DBMS for this application area. The huge amount of data that has to be managed and analyzed together with the fact that many different analysis tasks are performed over a small set of different network trace formats, motivates us to study whether Data Stream Management Systems (DSMSs) might be useful to develop network traffic analysis tools .We will see that there are many tools available for Live Stream handling-each with its advantages & disadvantages.

View PDFchevron_right
Data stream management system: Tools for live stream handling & their application on trivial network analysis problems
Nadeem Akhtar

2008 International Conference on Innovations in Information Technology, 2008

System tool TelegraphCQ. The number of tools for analyzing data traffic in the Internet is continuously increasing, because there is an increasing need in many different application domains. The high volume data that flows within a network requires one to rethink the fundamental architecture of a DBMS for this application area. The huge amount of data that has to be managed and analyzed together with the fact that many different analysis tasks are performed over a small set of different network trace formats, motivates us to study whether Data Stream Management Systems (DSMSs) might be useful to develop network traffic analysis tools .We will see that there are many tools available for Live Stream handling-each with its advantages & disadvantages.

View PDFchevron_right
Hyperion: high volume stream archival for retrospective querying
Peter Desnoyers

2007

Abstract Network monitoring systems that support data archiving and after-the-fact (retrospective) queries are useful for a multitude of purposes, such as anomaly detection and network and security forensics. Data archiving for such systems, however, is complicated by (a) data arrival rates, which may be hundreds of thousands of packets per second on a single link, and (b) the need for online indexing of this data to support retrospective queries.

View PDFchevron_right
Data Stream Processing for Packet-Level Analytics
Stefano Giordano

Sensors, 2021

One of the most challenging tasks for network operators is implementing accurate per-packet monitoring, looking for signs of performance degradation, security threats, and so on. Upon critical event detection, corrective actions must be taken to keep the network running smoothly. Implementing this mechanism requires the analysis of packet streams in a real-time (or close to) fashion. In a softwarized network context, Stream Processing Systems (SPSs) can be adopted for this purpose. Recent solutions based on traditional SPSs, such as Storm and Flink, can support the definition of general complex queries, but they show poor performance at scale. To handle input data rates in the order of gigabits per seconds, programmable switch platforms are typically used, although they offer limited expressiveness. With the proposed approach, we intend to offer high performance and expressive power in a unified framework by solely relying on SPSs for multicores. Captured packets are translated into...

View PDFchevron_right
Stream Cube: An Architecture for Multi-Dimensional Analysis of Data Streams
Guozhu Dong

Distributed and Parallel Databases, 2005

Real-time surveillance systems, telecommunication systems, and other dynamic environments often generate tremendous (potentially infinite) volume of stream data: the volume is too huge to be scanned multiple times. Much of such data resides at rather low level of abstraction, whereas most analysts are interested in relatively high-level dynamic changes (such as trends and outliers). To discover such high-level characteristics, one may need to perform on-line multi-level, multi-dimensional analytical processing of stream data. In this paper, we propose an architecture, called stream cube, to facilitate on-line, multi-dimensional, multi-level analysis of stream data.

View PDFchevron_right

References (29)

  1. A. Arasu, S. Babu, and J. Widom. The CQL continuous query language: Semantic foundations and query execution. Tech- nical Report 2003-67, Stanford University, 2003.
  2. E. W. Bethel, S. Campbell, E. Dart, K. Stockinger, and K. Wu. Accelerating Network Traffic Analysis Using Query-Driven Visualization. In 2006 IEEE Symposium on Visual Analytics Science and Technology (to appear), 2006.
  3. C. Y. Chan and Y. E. Ioannidis. An Efficient Bitmap Encoding Scheme for Selection Queries. In SIGMOD, 1999.
  4. S. Chandrasekaran and M. Franklin. Remembrance of Streams Past: Overload-Sensitive Management of Archived Streams. In VLDB, 2004.
  5. S. Chandrasekaran and O. Cooper et al. TelegraphCQ: Con- tinuous Dataflow Processing for an Uncertain World. In CIDR, 2003.
  6. B.-C. Chen, V. Yegneswaran, P. Barford, and R. Ramakrish- nan. Toward a Query Language for Network Attack Data. In NetDB Workshop, 2006.
  7. C. D. Cranor, T. Johnson, O. Spatscheck, and V. Shkapenyuk. Gigascope: A Stream Database for Network Applications. In SIGMOD, 2003.
  8. H. Dreger, A. Feldmann, V. Paxson, and R. Sommer. Opera- tional experiences with high-volume network intrusion detec- tion. In CCS, pages 2-11. ACM Press, 2004.
  9. M. Franklin, S. Jeffery, S. Krishnamurthy, F. Reiss, S. Rizvi, E. Wu, O. Cooper, A. Edakkunni, and W. Hong. Design Con- siderations for High Fan-in Systems: The HiFi Approach. In CIDR, 2005.
  10. L. Golab and M. T. Özsu. Issues in Data Stream Management. SIGMOD Record, 32(2), 2003.
  11. G. Graefe. Goetz graefe. SIGMOD Record, 18(9):509-516, 2006.
  12. P. J. Haas and J. M. Hellerstein. Ripple joins for online ag- gregation. In A. Delis, C. Faloutsos, and S. Ghandeharizadeh, editors, SIGMOD, pages 287-298. ACM Press, 1999.
  13. G. Iannaccone. CoMo: An Open Infrastructure for Network Monitoring -Research Agenda, 2005.
  14. S. Kornexl, V. Paxson, H. Dreger, A. Feldmann, and R. Som- mer. Building a Time Machine for Efficient Recording and Retrieval of High-Volume Network Traffic. In Internet Mea- surement Conference, 2005.
  15. P. O'Neil and D. Quass. Improved Query Performance with Variant Indices. In SIGMOD, 1997.
  16. V. Paxson. Bro: A System for Detecting Network Intruders in Real-Time. In USENIX Security Symposium, January 1998.
  17. T. Plagemann, V. Goebel, A. Bergamini, G. Tolu, G. Urvoy- Keller, and E. W. Biersack. Using Data Stream Management Systems for Traffic Analysis -A Case Study. In Passive and Active Measurements, 2004.
  18. F. Reiss. Data Triage. PhD thesis, University of California, Berkeley, 2006.
  19. F. Reiss and J. M. Hellerstein. Declarative Network Moni- toring with an Underprovisioned Query Processor. In ICDE, 2006.
  20. M. Roesch. Snort-Lightweight Intrusion Detection for Net- works. In USENIX LISA, 1999.
  21. D. Rotem, K. Stockinger, and K. Wu. Optimizing Candidate Check Costs for Bitmap Indices. In CIKM, 2005.
  22. M. A. Shah, J. M. Hellerstein, and E. Brewer. Highly Avail- able, Fault-Tolerant, Parallel Dataflows. In SIGMOD, 2004.
  23. A. Shoshani, L. Bernardo, H. Nordberg, D. Rotem, and A. Sim. Multidimensional Indexing and Query Coordination for Tertiary Storage Management. In SSDBM, July 1999.
  24. M. Siekkinen, E. W. Biersack, V. Goebel, T. Plagemann, and G. Urvoy-Keller. InTraBase: Integrated Traffic Analysis Based on a Database Management System. In Workshop on End-to-End Monitoring Techniques and Services, May 2005.
  25. K. Stockinger and K.Wu et al. Network Traffic Analysis With Query Driven Visualization -SC 2005 HPC Analytics Re- sults. In Super Computing, 2005.
  26. M. Sullivan and A. Heybey. Tribeca: A system for Managing Large Databases of Network Traffic. In USENIX, 1998.
  27. K. Wu, E. Otoo, and A. Shoshani. A Performance Compari- son of Bitmap Indices. In CIKM, 2001.
  28. K. Wu, E. Otoo, and A. Shoshani. On the Performance of Bitmap Indices for High Cardinality Attributes. In VLDB, 2004.
  29. K. Wu, E. J. Otoo, and A. Shoshani. An Efficient Com- pression Scheme For Bitmap Indices. ACM Transactions on Database Systems, 31:1-38, 2006.

Related papers

Efficient Analysis of Live and Historical Streaming Data and its Application to Cybersecurity
Kesheng Wu

This paper describes our experiences building a coherent framework for ef- ficient simultaneous querying of live and archived stream data. This work was motivated by the need to analyze the network traffic patterns of research labora- tories funded by the U.S. Department of Energy. We review the requirements of such a system and implement a prototype based on the TelegraphCQ streaming query processor and the FastBit bitmap index. The combined system uses Tele- graphCQ to analyze streams of traffic information and FastBit to correlate current behaviors with historical trends. We present a detailed performance analysis of our system based on a complex query workload and real network traffic collected at Lawrence Berkeley National Laboratory (Berkeley Lab). Our experiments identify key performance bottlenecks for stream query processing systems that incorporate historical data. We also identify strategies for mitigating these bottlenecks. With these strategies in place, we demonstrate ...

View PDFchevron_right
TIFA: Enabling Real-Time Querying and Storage of Massive Stream Data
zhen chen

With the proliferation of network applications and user groups, the network stream data scale are getting larger and larger. To manage and analyze the massive data to get better service for end users (a.k.a. network optimization) or understanding of impacts of new network applications are attracting many researchers. This paper focuses on the storage and real-time retrieval of network traffic for analysis. We address this problem by integrating Time Machine and FastBit as a real-time querying and storage of massive stream data system, named TIFA. TIFA is designed for operation in Gbps network, accompanied with UTM as a module or an independent device. It leverages multiple large volume storage, and can achieve Ten TB level in volume. It has been proved useful in the performance of querying and storage of massive stream data in the experiments.

View PDFchevron_right
DBStream: An online aggregation, filtering and processing system for network traffic monitoring
Arian Bar

2014 International Wireless Communications and Mobile Computing Conference (IWCMC), 2014

Network traffic monitoring systems generate high volumes of heterogeneous data streams which have to be processed and analyzed with different time constraints for daily network management operations. Some monitoring applications such as anomaly detection, performance tracking and alerting require fast processing of specific incoming real-time data. Other applications like fault diagnosis and trend analysis need to process historical data and perform deep analysis on generally heterogeneous sources of data. The Data Stream Warehousing (DSW) paradigm provides the means to handle both types of monitoring applications within a single system, providing fast and rich data analysis capabilities as well as data persistence. In this paper, we introduce DBStream, a novel online traffic monitoring system based on the DSW paradigm, which allows fast and flexible analysis across multiple heterogeneous data sources. DBStream provides a novel stream processing language for implementing data processing modules, as well as aggregation, filtering, and storage capabilities for further data analysis. We show multiple traffic monitoring applications running on DBStream, processing real traffic from operational ISPs.

View PDFchevron_right
High Speed Traffic Archiving System for Flow Granularity Storage and Querying
zhen chen

The 21st International Conference on Computer Communications and Networks (ICCCN 2012)

Archiving Internet traffic is an essential function for retrospective network event analysis. The state-of-the-art approach for network monitoring and analysis is to store and analyze the statistics of network flows. However this approach loses much valuable information inside Internet traffic. With the advancement of commodity hardware, especially the volume of storage device and the speed of interconnect technologies used in network adapter card, now it is practical to capture 10Gbps real-time network traffic with a commodity computer. In this context, this paper presents the design and implementation of a novel system for archiving and querying network flows. This paper propose a bitmap indexing and storage mechanism with flow granularity, and the bitmap index database is utilized to store index information. Based on real network traces, we demonstrate that the system has a higher performance in storing and querying with respect to both time and space metrics compared with traditional methods.

View PDFchevron_right
Using Data Stream Management Systems for Traffic Analysis
Vera Goebel

Many traffic analysis tasks are solved with tools that are developed in an ad-hoc, incremental, and cumbersome way instead of seeking systematic solutions that are easy to reuse and understand. The huge amount of data that has to be managed and analyzed together with the fact that many different analysis tasks are performed over a small set of different network trace formats, motivates us to study whether Data Stream Management Systems (DSMSs) might be useful to develop traffic analysis tools. We have performed an experimental study to analyze the advantages and limitations of using DSMS in practice. We study how simple and complex analysis tasks can be solved with TelegraphCQ, a public domain DSMS, and present a preliminary performance analysis.

View PDFchevron_right
580 California St., Suite 400
San Francisco, CA, 94104
© 2025 Academia. All rights reserved