Security of HyperLogLog (HLL) Cardinality Estimation: Vulnerabilities and Protection

by   Pedro Reviriego, et al.

Count distinct or cardinality estimates are widely used in network monitoring for security. They can be used, for example, to detect the malware spread, network scans, or a denial of service attack. There are many algorithms to estimate cardinality. Among those, HyperLogLog (HLL) has been one of the most widely adopted. HLL is simple, provides good cardinality estimates over a wide range of values, requires a small amount of memory, and allows merging of estimates from different sources. However, as HLL is increasingly used to detect attacks, it can itself become the target of attackers that want to avoid being detected. To the best of our knowledge, the security of HLL has not been studied before. In this letter, we take an initial step in its study by first exposing a vulnerability of HLL that allows an attacker to manipulate its estimate. This shows the importance of designing secure HLL implementations. In the second part of the letter, we propose an efficient protection technique to detect and avoid the HLL manipulation. The results presented strongly suggest that the security of HLL should be further studied given that it is widely adopted in many networking and computing applications.


page 1

page 2

page 3

page 4


HyperLogLog (HLL) Security: Inflating Cardinality Estimates

Counting the number of distinct elements on a set is needed in many appl...

Security Orchestration, Automation, and Response Engine for Deployment of Behavioural Honeypots

Cyber Security is a critical topic for organizations with IT/OT networks...

Adaptive MTD Security using Markov Game Modeling

Large scale cloud networks consist of distributed networking and computi...

Eradicating Attacks on the Internal Network with Internal Network Policy

In this paper we present three attacks on private internal networks behi...

Visual Measurement Integrity Monitoring for UAV Localization

Unmanned aerial vehicles (UAVs) have increasingly been adopted for safet...

Is Data Clustering in Adversarial Settings Secure?

Clustering algorithms have been increasingly adopted in security applica...

Please sign up or login with your details

Forgot password? Click here to reset