Skip to Main Content
This paper proposes a computational and memory-efficient technique for online unidimensional clustering of individual IP addresses in order to detect high-volume traffic clusters (hierarchical heavy hitters). Our technique is based on a Patricia tree and can cope with today's traffic volume. We test our algorithm by using a traffic trace composed of NetFlow records sent by a few tens of routers of the France telecom IP backbone network. We moreover show how our algorithm can be used for network anomaly detection.