BC-Sketch: A Simple Reversible Sketch for Detecting Network Anomalies

As 5G/IoT networks constantly growing and evolving, proliferated network traffic bring an unprecedented challenge to detecting and identifying flow anomalies, such as heavy hitters, heavy changes and superspreaders. Many flow data analytics have been proposed to tackle the problem. Sketch-based approaches are the most commonly used flow analytics service, in which a compressed data structure is used to keep a summary of the original data and estimate traffic statistics such as flow size for all traffic flows. However, those approaches either induce information losses due to sampling or incur computational and space overheads for key recovery. In this paper, we propose a new lightweight traffic analytics service, called BC-sketch, for faster and more accurate detection of heavy keys using very small number of counters. BC-sketch provides reversible sketch using an extensible data structure designed to accommodate different sketch-based solutions. BC-sketch can be efficiently provisioned as a traffic analytics service in resource constrained IoT devices, or integrated to various virtual network environments as a virtual service to detect heavy hitter, superspreader and heavy change. To demonstrate its effectiveness, we use BC-sketch to detect heavy hitters, superspreaders, and heavy changes. Both theoretical analysis and experimental evaluations show that BC-sketch can provide higher precision for identifying those traffic anomalies with low memory and computational overheads.