Monitoring is an issue of primary concern in current and next-generation network systems. The objective of sensor networks is to monitor their surroundings for a variety of important applications, such as traffic control, atmospheric conditions, and troop movements, among others. Monitoring in data networks is critical not only for accounting and for management, but also for detecting anomalies and attacks. Such monitoring applications are inherently continuous and distributed and usually introduce a significant communication overhead.
Having a number of distributed elements (sensors, computers, router line cards) in a network that are capable of measuring or counting certain local parameters of interest either by regular checking or by some interrupt method, the task is to monitor an aggregated value (average or sum) at a dedicated central element in the network. Especially to notice when the aggregated value crosses some predefined threshold.
In high-end routers, traffic is usually distributed among independent routing components (line cards, forwarding processors), while there is a need to measure or monitor aggregated traffic too. Routers usually use the same resources for monitoring and accounting and for traffic control and management, from which (usually) the latters have higher priority, and resources used for accounting or monitoring—including the current problem of monitoring of traffic aggregates—should be minimalized.
The problem mentioned above is a special case of a broader field called distributed monitoring problems. A survey of recent developments in this general field have been written by Graham Cormode in “The continuous distributed monitoring model,” ACM SIGMOD Record, vol. 42, no. 1, pp. 5-14, 2013. In “Communication-Efficient Distributed Monitoring of Thresholded Counts” by R. Keralapura, G. Cormode and J. Ramamirtham, Proceedings of the 2006 ACM SIGMOD international conference on Management of data, pp. 289-300, 2006, the problem of thresholded counts is addressed by setting local thresholds at each monitoring node and initiating communication only when the locally observed data exceeds these local thresholds. Changing the precision of monitoring in the distributed network requires sending at the same time a message to each monitoring node to change the local thresholds. This can cause network performance degradation at the central coordinator node. Furthermore, the monitoring accuracy can only be changed in relative big exponential steps. Therefore the described methods are not able to handle efficiently dynamic global threshold and required error changes during operation.