research-article

RasterZip: compressing network monitoring data with support for partial decompression

Authors:

Francesco Fusco,

Michail Vlachos,

Xenofontas DimitropoulosAuthors Info & Claims

IMC '12: Proceedings of the 2012 Internet Measurement Conference

Pages 51 - 64

https://doi.org/10.1145/2398776.2398783

Published: 14 November 2012 Publication History

Abstract

Network traffic archival solutions are fundamental for a number of emerging applications that require: a) efficient storage of high-speed streams of traffic records and b) support for interactive exploration of massive datasets. Compression is a fundamental building block for any traffic archival solution. However, present solutions are tied to general-purpose compressors, which do not exploit patterns of network traffic data and require to decompress a lot of redundant data for high selectivity queries. In this work we introduce RasterZIP, a novel domain-specific compressor designed for network traffic monitoring data. RasterZIP uses an optimized lossless encoding that exploits patterns of traffic data, like the fact that IP addresses tend to share a common prefix. RasterZIP also introduces a novel decompression scheme that accelerates highly selective queries targeting a small portion of the dataset. With our solution we can achieve high-speed on-the-fly compression of more than half a million traffic records per second. We compare RasterZIP with the fastest Lempel-Ziv-based compressor and show that our solution improves the state-of-the-art both in terms of compression ratios and query response times without introducing penalty in any other performance metric.

Supplementary Material

PDF File (42.pdf)

Summary Review Documentation for "RasterZip: Compressing Network Monitoring Data with Support for Partial Decompression", Authors: F. Fusco, M. Vlachos and X. Dimitropoulos

Download
75.52 KB

References

[1]

StealthWatch FlowCollector. http://www.lancope.com/products/stealthwatch-flowcollector/.

[2]

D. Abadi, S. Madden, and M. Ferreira. Integrating Compression and Execution in Column-Oriented Database Systems. In Proc. 32nd ACM SIGMOD Int. Conf. on Management of Data, pages 671--682, 2006.

Digital Library

[3]

E. W. Bethel, S. Campbell, E. Dart, K. Stockinger, and K. Wu. Accelerating Network Traffic Analysis Using Query-Driven Visualization. In Proc. of IEEE Symposium on Visual Analytics Science and Technology, pages 115--122, 2006.

[4]

CAIDA. Targeted serendipity: the search for storage. http://blog.caida.org/best_available_data/2012/04/04/, 2012.

[5]

S. D. S. Center. Sdsc project storage pricing options. http://project.sdsc.edu/pricing.php.

[6]

X. Chen, M. Li, B. Ma, and J. Tromp. DNACompress: fast and effective DNA sequence compression. Bioinformatics, 18(12):1696--1698, 2002.

[7]

B. Claise. RFC 3954: Cisco Systems NetFlow Services Export Version 9, 2004.

[8]

M. Datar, N. Immorlica, P. Indyk, and V. S. Mirrokni.Locality-Sensitive Hashing Scheme Based on p-Stable Distributions. In Proc. of the 20th Annual Symposium on Computational Geometry, pages 253--262, 2004.

Digital Library

[9]

L. Deri, V. Lorenzetti, and S. Mortimer. Collection and Exploration of Large Data Monitoring Sets Using Bitmap Databases. In Proc. of the 2nd Int. Workshop on Traffic Monitoring and Analysis, TMA'10, pages 73--86, 2010.

Digital Library

[10]

N. Duffield, C. Lund, and M. Thorup. Charging from Sampled Network Usage. In Proc. of the 1st ACM SIGCOMM Workshop on Internet Measurement (IMW), pages 245--256, 2001.

Digital Library

[11]

A. Feldmann, A. Greenberg, C. Lund, N. Reingold, J. Rexford, and F. True. Deriving Traffic Demands for Operational IP Networks: Methodology and Experience. IEEE/ACM Transactions on Networking (ToN), 9:265--280, 2001.

Digital Library

[12]

A. Friedl and S. Ubik. Perfmon and Servmon: Monitoring Operational Status and Resources of Distributed Computing Systems. Technical Report 10, CESNET, Prague, Czech Republic, 2008.

[13]

F. Fusco, X. Dimitropoulos, M. Vlachos, and L. Deri. pcapindex: an index for network packet traces with legacy compatibility. SIGCOMM Comput. Commun. Rev., 42(1):47--53.

Digital Library

[14]

F. Fusco, M. Vlachos, and M. P. Stoecklin. Real-time creation of bitmap indexes on streaming network data. The VLDB Journal, 21(3):287--307, June 2012.

Digital Library

[15]

C. Gates, M. Collins, M. Duggan, A. Kompanek, and M. Thomas. More Netflow Tools for Performance and Security. In Proc. of the Conf. on Large Installation Systems Administration, pages 121--132, 2004.

Digital Library

[16]

P. Giura and N. Memon. Netstore: an efficient storage infrastructure for network forensics and monitoring. In Proc. of the 13th Int. Conf. on Recent advances in intrusion detection, RAID'10, pages 277--296, 2010.

Digital Library

[17]

P. Haag. NFDump. http://nfdump.sourceforge.net/.

[18]

R. Hofstede, A. Sperotto, T. Fioreze, and A. Pras. The network data handling war: MySQL vs. NfDump. In Proc. of the 16th EUNICE/IFIP Conf. on Networked services and applications: engineering, control and management, EUNICE'10, pages 167--176, 2010.

Digital Library

[19]

S. B. Joshi. Apache hadoop performance-tuning methodologies and best practices. In Proc. of the 3rd joint WOSP/SIPEW Int. Conf. on Performance Engineering, ICPE'12, pages 241--242, 2012.

Digital Library

[20]

A. Lakhina, M. Crovella, and C. Diot. Mining Anomalies Using Traffic Feature Distributions. In Proc. ACM SIGCOMM Conf. on Applications, Technologies, Architectures, and Protocols for Computer Communications, pages 217--228, 2005.

Digital Library

[21]

T. W. Lam, W.-K. Sung, S.-L. Tam, C.-K. Wong, and S.-M. Yiu. Compressed indexing and local alignment of DNA. Bioinformatics, 24(6):791--797, 2008.

Digital Library

[22]

S. Romig, M. Fullmer, and R. Luman. The OSU Flow-tools Package and Cisco NetFlow Logs. In Proc. Conference on Large Installation Systems Administration (LISA), pages 291--303, 2000.

Digital Library

[23]

D. Salomon. Data Compression: The Complete Reference. Springer-Verlag, 2nd edition, 2000.

Digital Library

[24]

B. D. Vo and G. S. Manku. RadixZip: Linear Time Compression of Token Streams. In Proc. Int. Conf. on Very Large Data Bases, pages 1162--1172, 2007.

Digital Library

[25]

A. Wagner. Entropy-Based Worm Detection for Fast IP Networks. PhD thesis, ETH Zurich, 2008.

[26]

H. Yan, S. Ding, and T. Suel. Compressing term positions in web indexes. In Proc. of the 32nd ACM SIGIR Conf. on Research and development in information retrieval, SIGIR'09, pages 147--154, 2009.

Digital Library

[27]

L. Yang, R. P. Dick, H. Lekatsas, and S. Chakradhar. Online memory compression for embedded systems. ACM Trans. Embed. Comput. Syst., 9:27:1--27:30, 2010.

Digital Library

[28]

J. Ziv and A. Lempel. A Universal Algorithm for Sequential Data Compression. IEEE Transactions on Information Theory, 23(3):337--343, 1977.

Digital Library

Cited By

Liu PChen SZhao B(2023)Hardware-Based Algorithm Acceleration towards Efficient Network Traffic Storage Systems2023 21st International Conference on Optical Communications and Networks (ICOCN)10.1109/ICOCN59242.2023.10236164(1-3)Online publication date: 31-Jul-2023
https://doi.org/10.1109/ICOCN59242.2023.10236164
Xu KXu K(2021)Background of Network Behavior AnalysisNetwork Behavior Analysis10.1007/978-981-16-8325-1_2(7-19)Online publication date: 16-Dec-2021
https://doi.org/10.1007/978-981-16-8325-1_2
Piskozub MSpolaor RMartinovic I(2020)CompactFlow: A Hybrid Binary Format for Network Flow DataInformation Security Theory and Practice10.1007/978-3-030-41702-4_12(185-201)Online publication date: 2-Mar-2020
https://doi.org/10.1007/978-3-030-41702-4_12
Show More Cited By

Index Terms

RasterZip: compressing network monitoring data with support for partial decompression
1. Information systems
  1. Data management systems
    1. Data structures
      1. Data layout
        Data compression

Recommendations

LOCO-I: a low complexity, context-based, lossless image compression algorithm
DCC '96: Proceedings of the Conference on Data Compression

LOCO-I (low complexity lossless compression for images) is a novel lossless compression algorithm for continuous-tone images which combines the simplicity of Huffman coding with the compression potential of context models, thus "enjoying the best of ...
Wavelet transform and bit-plane encoding
ICIP '95: Proceedings of the 1995 International Conference on Image Processing (Vol. 1)-Volume 1 - Volume 1

In this work a new approach for wavelet transform (WT) based image compression is presented. Employing a simple region representation coding scheme previously used with bi-level facsimile pictures, the wavelet transform coefficients are first quantized ...
Second compression for pixelated images under edge-based compression algorithms: JPEG-LS as an example

This paper details the examination of a particular case of data compression, where the compression algorithm removes the redundancy from data, which occurs when edge-based compression algorithms compress (previously compressed) pixelated images. The newly ...

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences

IMC '12: Proceedings of the 2012 Internet Measurement Conference

November 2012

572 pages

ISBN:9781450317054

DOI:10.1145/2398776

General Chairs:
John Byers
Boston University
,
Jim Kurose
University of Massachusetts Amherst
,
Program Chairs:
Ratul Mahajan
Microsoft Research
,
Alex C. Snoeren
UC San Diego

Copyright © 2012 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

SIGMETRICS: ACM Special Interest Group on Measurement and Evaluation
SIGCOMM: ACM Special Interest Group on Data Communication
USENIX Assoc: USENIX Assoc

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 14 November 2012

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Conference

IMC '12

Sponsor:

SIGMETRICS
SIGCOMM
USENIX Assoc

IMC '12: Internet Measurement Conference

November 14 - 16, 2012

Massachusetts, Boston, USA

Acceptance Rates

Overall Acceptance Rate 277 of 1,083 submissions, 26%

Upcoming Conference

IMC '24

Sponsor:
sigcomm
sigcomm

ACM Internet Measurement Conference

November 4 - 6, 2024

Madrid , AA , Spain

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

10
Total Citations
View Citations
215
Total Downloads

Downloads (Last 12 months)11
Downloads (Last 6 weeks)2

Reflects downloads up to 16 Oct 2024

Other Metrics

View Author Metrics

Citations

Cited By

Liu PChen SZhao B(2023)Hardware-Based Algorithm Acceleration towards Efficient Network Traffic Storage Systems2023 21st International Conference on Optical Communications and Networks (ICOCN)10.1109/ICOCN59242.2023.10236164(1-3)Online publication date: 31-Jul-2023
https://doi.org/10.1109/ICOCN59242.2023.10236164
Xu KXu K(2021)Background of Network Behavior AnalysisNetwork Behavior Analysis10.1007/978-981-16-8325-1_2(7-19)Online publication date: 16-Dec-2021
https://doi.org/10.1007/978-981-16-8325-1_2
Piskozub MSpolaor RMartinovic I(2020)CompactFlow: A Hybrid Binary Format for Network Flow DataInformation Security Theory and Practice10.1007/978-3-030-41702-4_12(185-201)Online publication date: 2-Mar-2020
https://doi.org/10.1007/978-3-030-41702-4_12
Harvan MKimoto SLocher TPignolet YSchneider J(2017)Processing Encrypted and Compressed Time Series Data2017 IEEE 37th International Conference on Distributed Computing Systems (ICDCS)10.1109/ICDCS.2017.114(1053-1062)Online publication date: Jun-2017
https://doi.org/10.1109/ICDCS.2017.114
Vallentin MPaxson VSommer RArgyraki KIsaacs R(2016)VASTProceedings of the 13th Usenix Conference on Networked Systems Design and Implementation10.5555/2930611.2930634(345-362)Online publication date: 16-Mar-2016
https://dl.acm.org/doi/10.5555/2930611.2930634
Uceda VRodriguez MRamos JGarcia-Dorado JAracil J(2016)Selective Capping of Packet Payloads at Multi-Gb/s RatesIEEE Journal on Selected Areas in Communications10.1109/JSAC.2016.255919834:6(1807-1818)Online publication date: Jun-2016
https://doi.org/10.1109/JSAC.2016.2559198
Uceda VRodríguez MRamos JGarcía-Dorado JAracil J(2015)Selective Capping of Packet Payloads for Network Analysis and ManagementTraffic Monitoring and Analysis10.1007/978-3-319-17172-2_1(3-16)Online publication date: 17-Apr-2015
https://doi.org/10.1007/978-3-319-17172-2_1
Ma GGuo ZLi XChen ZCao JJiang YGuo X(2014)BreadZip: a combination of network traffic data and bitmap index encoding algorithm2014 IEEE International Conference on Systems, Man, and Cybernetics (SMC)10.1109/SMC.2014.6974426(3235-3240)Online publication date: Oct-2014
https://doi.org/10.1109/SMC.2014.6974426
Hofstede RCeleda PTrammell BDrago ISadre RSperotto APras A(2014)Flow Monitoring Explained: From Packet Capture to Data Analysis With NetFlow and IPFIXIEEE Communications Surveys & Tutorials10.1109/COMST.2014.232189816:4(2037-2064)Online publication date: Dec-2015
https://doi.org/10.1109/COMST.2014.2321898
Wei XLuo XLi Q(2013)Improving the Compression Efficiency for News Web Service Using Semantic Relations Among WebpagesInternational Journal of Cognitive Informatics and Natural Intelligence10.4018/ijcini.20130401047:2(49-64)Online publication date: Apr-2013
https://doi.org/10.4018/ijcini.2013040104

View Options

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Table of Contents