Internet technology has become an important part of our daily lives, meaning that monitoring and identifying abnormal behaviours in network traffic are both crucial for proper operation and cybersecurity countermeasures. Moreover, the proliferation of computer networks has lead to an ever-increasing demand for bandwidth of 100Gbps and more. Thus, the scaling of monitoring and measuring capabilities for collecting accurate statistics has become a challenging issue. The group explained that their work is suitable for anomaly detection for high-speed networking and security applications Professor Yu-Kuen Lai, the lead author on this paper, spoke to us about what he's been working on: “We have developed a filtering scheme to assist superspreader [i.e., a host that infects disproportionally more secondary contacts than other hosts also infected with the same virus] detection in high-speed network traffic. Specifically, we use bitmap sketch data structures to filter out most of the non-superspreader sources from the network traffic with high probability”. It is known that in most of the network devices, the space of fast memory (SRAM) is limited. Therefore, by using this scheme, the memory space required by the measurement module to track the source IP in the network traffic can be reduced while achieving acceptable accuracy. The prototype implementation can process network traffic at a throughput of 27Gbps. Owing to the high speed of internet traffic, tracking all packets and flows to enable complex analysis in real-time is difficult. This is due to limited processing time and memory space. Sketch, an alternative to packet sampling, is a compact data structure capable of shortening substantial numbers of data elements. It relies on probabilistic properties to guarantee the accurate estimation of various attributes of the network traffic. Consequently, it is widely used in high-speed network measurement and monitoring applications. In addition to the superspreader detection application presented in this paper, Sketch algorithms are commonly used for various types of applications, such as distinct flow estimation, heavy hitter identification, traffic change detection, entropy estimation, and so on. Lai also talked to us about the limitations of this method of packet sampling: ‘as discussed in this paper, the sketch-guided filtering works by using a bitmap sketch, which is updated for each incoming packet during an observation period of measurement. When the number of bits set is approaching the number of bits in the bitmap, the filter performance decreases. This scheme is dependent on a predefined threshold parameter and the observation period length. This is a common problem when using a bitmap data structure in this kind of traffic monitoring application. To avoid this problem, we can set the length of an observation period to a small number, or increase the bitmap size, which in turn, increases the memory requirement.’ Sketch-guided filtering can reduce the total memory requirement in the hardware implementation of superspreader detection systems. However, compared to those which use a large amount of memory to count all sources and exact fan-out, it comes at the cost of a slight decrease in detection accuracy and the fan-out estimation. Counting the fan-out of each source in high-speed network traffic is prohibitively expensive in term of processing time and memory space. Most of the previous works of the superspreader detection focused on the detection algorithm and the fan-out estimation accuracy without filtering the sources of low fan-out. The proposed Sketch-guided filtering scheme first eliminates the low fan-out sources, and counts only the fan-out of spreader sources. It can be used in high-speed network systems with a lower memory requirement as compared to previous approaches. Professor Lai hopes that ‘in the short term these results can lead to more ideas and research on how to remove the unnecessary sources efficiently, so that the monitoring process can identify the anomalies accurately. In the long term, we expect that the sketch-guided filtering scheme can be used in real application on network devices for assisting superspreader detection. However, before reaching that stage, more works need to be done to verify the performance of the filter. Furthermore, an intelligent threshold setting, and a method to handle the filter “saturation” problem should be developed.’ The main innovation of the proposed system is to use the sketch-guided filtering mechanism to remove sources with potentially low fanout