Computer Science Theses and Dissertations
Permanent URI for this collection
This collection contains some of the theses and dissertations produced by students in the University of Oregon Computer Science Graduate Program. Paper copies of these and other dissertations and theses are available through the UO Libraries.
Browse
Recent Submissions
Now showing 1 - 20 of 135
Item Open Access Traffic Structure-Aware Network Telemetry Systems: Foundations, Designs, and Applications(University of Oregon, 2024-08-07) Misa, Chris; Durairajan, RamakrishnanReal-time traffic monitoring is a mission-critical capability for engineers and administrators tasked with managing modern computer networks. To cope with the challenges of extremely large traffic volumes, the emergence of programmable switch hardware promises the possibility of traffic monitoring systems with high packet processing efficiency, low energy and capital costs, and the ability to produce detailed results for a wide range of tasks. However, the high efficiency of programmable switch hardware necessitates a constrained programming model with access to only a small amount of high-speed memory, a limited number of primitive operations per packet, and tens of seconds of network downtime each time the program is changed. Despite significant research effort on developing efficient traffic monitoring systems within these constraints, current approaches are critically limited in light of real-world traffic structure and task requirements. To address these limitations and to pave the way for principled approaches in future research, we leverage the observation that real-world network traffic is not generated uniformly at random, but exhibits complex statistical structure resulting from human and machine communications. By developing characterizations of this structure, we propose a novel refocusing of state-of-the-art towards investigation of structure-aware telemetry systems to improve the efficiency and practicality of real-world traffic monitoring tasks. In particular, we develop novel contributions in characterizing traffic structure, designing algorithms for traffic monitoring capabilities on programmable switch hardware, and leveraging these capabilities for practical real-world traffic monitoring tasks. This dissertation includes previously published co-authored material as well as previously unpublished co-authored material.Item Open Access High Performance Computing Methods for Earthquake Cycle Simulations(University of Oregon, 2024-08-07) Chen, Yimin; Erickson, BrittanyEarthquakes often occur on complex faults of multiscale physical features, with different time scales between seismic slips and interseismic periods for multiple events. Single event, dynamic rupture simulations have been extensively studied to explore earthquake behaviors on complex faults, however, these simulations are limited by artificial prestress conditions and earthquake nucleations. Over the past decade, significant progress has been made in studying and modeling multiple cycles of earthquakes through collaborations in code comparison and verification. Numerical simulations for such earthquakes lead to large-scale linear systems that are difficult to solve using traditional methods in this field of study. These challenges include increased computation and memory demands. In addition, numerical stability for simulations over multiple earthquake cycles requires new numerical methods. Developments in High performance computing (HPC) provide tools to tackle some of these challenges. HPC is nothing new in geophysics since it has been applied in earthquake-related research including seismic imaging and dynamic rupture simulations for decades in both research and industry. However, there’s little work in applying HPC to earthquake cycle modeling. This dissertation presents a novel approach to apply the latest advancements in HPC and numerical methods to solve computational challenges in earthquake cycle simulations.Item Open Access On the Spatial and Temporal Safety of Multi-Language Applications(University of Oregon, 2024-08-07) Mergendahl, Samuel; Fickas, StephenWhile the introduction of memory-safe programming languages into embedded, Cyber-Physical Systems (CPS) offers an opportunity to eliminate many system vulnerabilities, a pragmatic adoption of memory-safe programming languages often necessitates incremental deployment due to practical development constraints, such as the size of many legacy code bases. This incremental deployment of memory safety leads to a new type of system configuration, called Multi-Language Applications (MLA), where memory-safe and memory-unsafe programming languages are co-resident on the system. Unfortunately, the spatial and temporal safety of Multi-Language Applications (MLA) remains understudied which contradicts the strict confidentiality, integrity, and availability constraints of embedded, Cyber-Physical Systems (CPS). Therefore, this dissertation investigates the new paradigm of MLA, in which this report enumerates novel spatial and temporal safety violations that can arise in this setting, and proposes a series of defense methodologies to ensure spatial and temporal isolation between potentially compromised components. Namely, because the memory-unsafe languages in an MLA offer an entry point for an attacker, the system must adopt cyber-resilience to prevent an attacker from spreading throughout the system and causing a critical system failure. In particular, this report first introduces a new type of code-reuse attack that specifically appears in Multi-Language Applications (MLA), called Cross- Language Attacks (CLA). CLA takes advantage of conflicting assumptions between languages to maneuver around deployed defenses. Correspondingly, this report suggests two techniques to prevent CLA. First, a system should provide language-aware memory allocation and second, adopt a newly proposed language construct, called Pseudo-Pointers, to provide spatial isolation between the languages in the MLA. However, even with the temporal safety benefits gained from the thread isolation of Pseudo-Pointers, this report further demonstrates that the system must account for advanced Denial-of-Service (DoS) attacks, called Manipulative Interference Attacks (MIA), in which a compromised component manipulates another component into delaying a third, victim component. Additionally, an advanced form of MIA can arise, called Thundering Herd Attacks (THA), that specifically targets kernel mechanisms which exist to ostensibly enable temporal isolation as a means to inadvertently delay other high-priority threads in the system; consequently, the required temporal isolation mechanisms themselves act as an attack vector. Finally, in order to overcome this system coordination dilemma, this report proposes an analysis framework to automatically identify instances of MIA in a configured system. Specifically, the analysis uses a hybrid approach that first leverages static analysis to identify software components with influenceable execution times, and second, automatically generates a formal, system-wide model to determine which compromised protection domains can manipulate the influenceable components and trigger Manipulative Interference Attacks (MIA). This dissertation includes previously published and unpublished co-authored material.Item Open Access ONLINE PERFORMANCE OBSERVATION FOR HPC APPLICATIONS(University of Oregon, 2024-08-07) Yokelson, Dewi; Malony, AllenThe exascale computing era is providing faster and more powerful systems for advanced HPC applications. However, it is increasingly challenging for programmers to utilize the range of hardware resources that make up these platforms to their fullest extent. Enabling larger, faster, and more diversified simulations requires performance monitoring tools that can integrate seamlessly with applications and operate efficiently in all desired configurations. In addition to critical computational bottlenecks, data movement and I/O performance issues are also important to monitor as data can quickly grow to terabytes and beyond. Thus, a major challenge in high-performance computing is maximizing the performance of many diverse simulations on expensive, energy consuming, and heterogeneous hardware. Furthermore, the landscape of scientific simulations is changing to include increasingly diverse and complex systems, such as coupled applications and workflows. This creates additional considerations in the performance analysis space, where dependencies and task scheduling can play a larger role. This dissertation presents an approach to addressing these issues, wherein we enable performance observability during runtime for different applications and workflows running on heterogeneous architectures. The framework we have created to support this valuable functionality is called Service-based Observability, Monitoring, and Analytics (SOMA). We show how it addresses diverse application and workflow needs across systems, while supporting many useful performance monitoring capabilities with reasonable overhead.Item Open Access Enhancing Multilingual Information Extraction Towards Global Linguistic Inclusivity(University of Oregon, 2024-08-07) Nguyen, Van Minh; Nguyen, Thien HuuIn our interconnected world, the diversity of around 7,000 languages presents challenges and opportunities for bridging language barriers. Multilingual information extraction (Multilingual IE) is crucial in natural language processing (NLP) for extracting information from texts across languages, facilitating global understanding and information equity. Despite advancements, the focus on high-resource languages has marginalized speakers of less-represented languages. Multilingual IE seeks to correct this by embracing linguistic diversity and inclusivity. This dissertation enhances Multilingual IE to address challenges of linguistic diversity, data scarcity, and model generalization, aiming to make IE technologies more accessible. It focuses on developing sophisticated algorithms for tasks like event trigger detection, event argument extraction, entity mention recognition, and relation extraction. The goal is to create a system capable of accurate information extraction across diverse languages, supporting global communication and cultural preservation. Furthermore, the importance of IE in the era of large language models (LLMs) remains significant. While LLMs have broadened NLP's capabilities, the precise, context-specific information provided by IE is essential, especially in retrieval-augmented generation (RAG) settings. This underscores IE's ongoing relevance, ensuring LLMs retrieve accurate, relevant information and highlighting IE's critical role in advancing NLP.Item Open Access Automatic Code Rewriting for Performance Portability(University of Oregon, 2024-08-07) Johnson, Alister; Malony, AllenRewriting code for cleanliness, API changes, and new programming models is a common, yet time-consuming task. This is important for HPC applications that desire performance portability in particular, since these applications are usually very long lived and wish to run on many architectures, so they need to be written such that they can make good use of all the available hardware with minimal code changes. Furthermore, it is unknown what future supercomputer hardware and programming models will be, so they need to be written in such a way that they are ``future proof'' and will only need minimal rewrites in the future. Localized or syntax-based changes are often mechanical and can be automated with text-based rewriting tools, like sed.However, non-localized or semantic-based changes require specialized tools that usually come with complex, hard-coded rules that require expertise in compilers. This means techniques for source rewriting are either too simple for complex tasks or too complex to be customized by non-expert users; in either case, developers are often forced to manually update their code instead. This work describes a new approach to code rewriting which exposes complex and semantic-driven rewrite capabilities to users in a simple and natural way.Rewrite rules are expressed as a pair of parameterized ``before-and-after'' source code snippets, one to describe what to match and one to describe what the replacement looks like. Through this novel and user-friendly interface, programmers can automate and customize complex code changes which require a deep understanding of the language without any knowledge of compiler internals. This dissertation includes previously published and unpublished co-authored material.Item Open Access SWAN: A Framework to Bootstrap Trust in Network Data Science(University of Oregon, 2024-08-07) Elfandi, Abduarraheem; Durairajan, RamakrishnanTwo significant challenges must be overcome before machine learning models can be deployed in an operational setting: the ability to achieve trust within and across enclaves which includes addressing data privacy concerns. In this thesis, we propose SWAN, a framework to tackle these challenges by allowing data to be labeled at scale, achieving trust within an enclave by providing insight into black-box machine learning models through a hybrid explainability technique which is done by utilizing the combination of global and local interpretability techniques. Furthermore, the framework allows for collaboration across enclaves while maintaining data privacy requirements. This thesis includes unpublished co-authored material by Ramakrishnan Durairajan and Walter Willinger.Item Open Access MCBench: A Multi-Cloud Benchmarking System(University of Oregon, 2024-08-07) Alabduljalil, Abdulaziz; Durairajan, RamIn today’s climate, there is a trend of enterprises moving their systems and applications to the cloud, with systems working within multiple cloud providers. However, as the trend continues, there remains a lack of a benchmarking systemto adapt benchmark applications to multi-cloud paths. We introduce MCBench, a benchmarking system able to seamlessly work with any application which uses microservices to containerize for easier usability. We also study the performance of different applications in inter-region and intra-region multi-cloud paths, measuring latency and throughput. We show MCBench’s performance is consistent whether running a single or many sequentially run applications, and is affected slightly by cross-traffic.Item Open Access Optical Topology Programming: Foundations, Measurements, and Applications(University of Oregon, 2024-08-07) Hall, Matthew; Durairajan, RamakrishnanThis thesis advances the state-of-the-art in network management by challenging the prevailing notion that the joint optimization of optical and packet layers is currently impractical. It does so through two key contributions: (1) establishing the theoretical and empirical foundations for programming the optical topology, henceforth referred to as optical topology programming; and (2) demonstrating the advantages of optical topology programming in enhancing network security (e.g., combating network reconnaissance, volumetric DDoS) and network management (e.g., scaling traffic engineering) applications. We evaluate the performance of optical topology programming for these applications with a custom-built discrete event simulator. We demonstrate the ability of optical topology programming to improve scalability in traffic engineering systems, completely removing all instances of throughput loss for a diverse set of link failure and flash crowd events. We show that it is also capable of subverting attempts at network reconnaissance by dynamically changing the set of active network links and finding hundreds of alternative topology configurations that maintain traffic performance in seconds. Finally, we show that optical topology programming can improve defense capabilities against large-scale link flood attacks, reducing the number of successful link flood attacks from 134 to 9 (94%). This dissertation includes previously published and unpublished coauthored material.Item Open Access Reflections of Closures(University of Oregon, 2024-03-25) Sullivan, Zachary; Ariola, ZenaThe idea that programs are data forms the bedrock of functional programming languages, but it is also found in object-oriented languages and recent iterations of systems languages. Since passing and returning programs as data is incompatible with the architecture of modern machines, implementations of such a feature gives rise to closures, which package code with the environment that it needs to run. The first implementations of these objects are as part of the runtime system of an abstract machine. However, to be able to optimize these structures, compiler writers often choose instead to embed this structure in their code when compiling to lower-level languages in a transformation called closure conversion. While this transformation and closures more generally are well studied with respect to certain types of programming languages, how such a language interacts with different evaluation strategies still remains unstudied in a theoretical setting. Moreover, the current approaches to performing, optimizing, and proving correct this transformation lack the flexibility of other language features. This thesis develops these ideas by presenting closure conversions for missing evaluation strategies, specifying a new implementation approach that allows for the flexible implementation and optimization of closures, and formalizing them in an intermediate language that captures multiple notions of closures and evaluation strategies in one. Our approach follows from first principles meaning that our closures are a reflection of the environment-based abstract machines that birth them. We develop an approach to reasoning about closures that connects their equational properties with the abstract machines on which they run. Thereby, we can prove not only that closure conversion does not change the output of programs, but that closure conversion removes the need for the runtime system to capture closures.Item Open Access Certified and Forensic Defenses against Poisoning and Backdoor Attacks(University of Oregon, 2024-03-25) Hammoudeh, Zayd; Lowd, DanielData poisoning and backdoor attacks manipulate model predictions by inserting malicious instances into the training set. Most existing defenses against poisoning and backdoor attacks are empirical and easily evaded by an adaptive attacker. In addition, existing empirical defenses provide, at best, minimal insights into an attacker's identity, goals, and methods. In contrast, this work proposes two classes of poisoning and backdoor defenses: (1) certified defenses, which provide provable guarantees on their robustness and (2) forensic defenses, which provide actionable, human-interpretable insights into an attack's goals so as to stop the attack via intervention outside the ML system. We focus on certified defenses for regression, where the model predicts a continuous value, and sparse (L0) attacks, where the adversary controls an unknown subset of the training and test features. Our forensic defense identifies the target of poisoning and backdoor attacks while simultaneously mitigating the attack; we validate our forensic defense on a wide range of data modalities, including speech, text, and vision. This dissertation includes previously published and unpublished coauthored material.Item Open Access LEARNING-BASED LANDMARK ESTIMATION OF 3D BODY SCANS(University of Oregon, 2024-03-25) Baruwa, Ahmed; Lowd, DanielThe use of anatomical landmarks spans a diverse set of applications because they are essential for understanding the human body. Several research studies have examined the correlation between body shape variations and human performance. Anatomical landmarks are useful for taking anthropometric measures that can be used to characterize body geometries that relate to human performance. In this thesis, we compare parametric models of the human body that were developed from two machine learning methods - Convolutional Neural Network (CNN) and the Lasso Regression Model, to serve as tools for scalable anthropometric measurement. The models were trained on two publicly available labeled body scan datasets: Civilian American and European Anthropometry Resource (CAESAR) andShape Retrieval Contest (SHREC). The models were used to localize human body landmarks in several poses. This work provides a scalable approach for collecting anthropometric measures.Item Open Access Foundations of LEO Satellite Edge Computing: An Empirical Study Based on the Hypatia Simulator(University of Oregon, 2024-01-09) Dinh, Tien; Jiao, LeiLow Earth Orbit (LEO) satellite networks have gained significant attention in recent years due to their potential to revolutionize global connectivity. SpaceX, Amazon, and Telesat are the most prominent players aiming to provide global internet coverage and high-speed broadband connectivity. Despite significant advancements and ongoing research in the field, there have only been a few studies that managed to construct a comprehensive, scaled simulator for LEO satellite networks. Project Hypatia developed by Amazon stands out as one of the few publications that has effectively accomplished such a task. This thesis builds upon the foundation of Hypatia to explore and provide an insight into the key aspects of LEO Satellite networks. Our research consists of two main components: firstly, addressing fundamental issues such as network topology, routing delay, handover, and service provisioning in LEO Satellite networks, and secondly, deploying code on top of Hypatia to analyze and explore these issues in depth. All in all, this thesis aims to deepen the understanding of LEO satellite networks through the examination of the Hypatia simulator and its implications.Item Open Access Improving Cross-Lingual Transfer Learning for Event Detection(University of Oregon, 2024-01-09) Guzman Nateras, Luis; Nguyen, ThienThe widespread adoption of applications powered by Artificial Intelligence (AI) backbones has unquestionably changed the way we interact with the world around us. Applications such as automated personal assistants, automatic question answering, and machine-based translation systems have become mainstays of modern culture thanks to the recent considerable advances in Natural Language Processing (NLP) research. Nonetheless, with over 7000 spoken languages in the world, there still remain a considerable number of marginalized communities that are unable to benefit from these technological advancements largely due to the language they speak. Cross-Lingual Learning (CLL) looks to address this issue by transferring the knowledge acquired from a popular, high-resource source language (e.g., English, Chinese, or Spanish) to a less favored, lower-resourced target language (e.g., Urdu or Swahili). This dissertation leverages the Event Detection (ED) sub-task of Information Extraction (IE) as a testbed and presents three novel approaches that improve cross-lingual transfer learning from distinct perspectives: (1) direct knowledge transfer, (2) hybrid knowledge transfer, and (3) few-shot learning.Item Open Access Fine-grained, Content-agnostic Network Traffic Analysis for Malicious Activity Detection(University of Oregon, 2024-01-09) Feng, Yebo; Li, JunThe rapid evolution of malicious activities in network environments necessitates the development of more effective and efficient detection and mitigation techniques. Traditional traffic analysis (TA) approaches have demonstrated limited efficacy and performance in detecting various malicious activities, resulting in a pressing need for more advanced solutions. To fill the gap, this dissertation proposes several new fine-grained network traffic analysis (FGTA) approaches. These approaches focus on (1) detecting previously hard-to-detect malicious activities by deducing fine-grained, detailed application-layer information in privacy-preserving manners, (2) enhancing usability by providing more explainable results and better adaptability to different network environments, and (3) combining network traffic data with endpoint information to provide users with more comprehensive and accurate protections. We begin by conducting a comprehensive survey of existing FGTA approaches. We then propose CJ-Sniffer, a privacy-aware cryptojacking detection system that efficiently detects cryptojacking traffic. CJ-Sniffer is the first approach to distinguishing cryptojacking traffic from user-initiated cryptocurrency mining traffic, allowing for fine-grained traffic discrimination. This level of fine-grained traffic discrimination has proven challenging to accomplish through traditional TA methodologies. Next, we introduce BotFlowMon, a learning-based, content-agnostic approach for detecting online social network (OSN) bot traffic, which has posed a significant challenge for detection using traditional TA strategies. BotFlowMon is an FGTA approach that relies only on content-agnostic flow-level data as input and utilizes novel algorithms and techniques to classify social bot traffic from real OSN user traffic. To enhance the usability of FGTA-based attack detection, we propose a learning-based DDoS detection approach that emphasizes both explainability and adaptability. This approach provides network administrators with insightful explanatory information and adaptable models for new network environments. Finally, we present a reinforcement learning-based defense approach against L7 DDoS attacks, which combines network traffic data with endpoint information to operate. The proposed approach actively monitors and analyzes the victim server and applies different strategies under different conditions to protect the server while minimizing collateral damage to legitimate requests. Our evaluation results demonstrate that the proposed approaches achieve high accuracy and efficiency in detecting and mitigating various malicious activities, while maintaining privacy-preserving features, providing explainable and adaptable results, or providing comprehensive application-layer situational awareness. This dissertation significantly advances the fields of FGTA and malicious activity detection. This dissertation includes published and unpublished co-authored materials.Item Open Access Structure-based Models for Neural Information Extraction(University of Oregon, 2024-01-09) Pouran Ben Veyseh, Amir; Huu Nguyen, ThienInformation Extraction (IE) is one of the important fields in Natural Language Processing. IE models can be exploited to obtain meaningful information from raw text and provide them in a structured format which can be used for downstream applications such as question answering. An IE system consists of several tasks including entity recognition, relation extraction, and event detection, to name a few. Among all recent advanced deep learning models proposed for IE tasks, one of the potential directions to improve performance is to incorporate structural information. Structural information refers to encoding any interactions between different parts of the input text. This information is helpful to overcome long distances between related words or sentences. In this dissertation, we study novel deep learning models that integrate structural information into the representation learning process. In particular, three major categories, i.e., existing structures, inferred structure at the sample level, and inferred structure at dataset levels are studied in this dissertation. We finally showcase the novel application of structure-based models for the less-explored setting of cross-lingual IE. This dissertation includes both previously published and co-authored material.Item Open Access Cryptography, Dependability and Privacy in Decentralized Systems(University of Oregon, 2024-01-09) Hu, Zhangxiang; Wilson, ChristopherDecentralized systems are distributed systems that disperse computation tasks to multiple parties without relying on a trusted central authority. Since any party can be attacked and compromised by malicious adversaries, ensuring security becomes a major concern in decentralized systems. Depending on the model of decentralized systems, different computation tasks leverage cryptography and secure protocols to protect their security and obtain dependable outputs. In this dissertation, we examine prior security solutions and study the inherent difficulties of securely performing computation tasks in decentralized systems by focusing on three complementary components. – We evaluate the performance of cryptographic algorithms in decentralized systems where nodes may have different amounts of computing resources. We provide a benchmark of widely deployed cryptographic algorithms on devices with a different extent of resource constraints, and show what computing capabilities are required for a device to perform expensive cryptographic operations. – We investigate the dependability issue in individual decentralized systems, where parties are not allowed to communicate with each other. We show that even if some parties are compromised or malicious, the entire decentralized system can still converge to a dependable result. – We address the privacy concern in collaborative decentralized systems, where parties need to share information with each other. We show that parties can collaborate with each other and obtain a dependable result without revealing any useful information about their privacy.Item Open Access Low-Resource Event Extraction(University of Oregon, 2024-01-09) Lai, Viet; Nguyen, ThienThe last decade has seen the extraordinary evolution of deep learning in natural language processing leading to the rapid deployment of many natural language processing applications. However, the field of event extraction did not witness a parallel success story due to the inherent challenges associated with its scalability. The task itself is much more complex than other NLP tasks due to the dependency among its subtasks. This interlocking system of tasks requires a full adaptation whenever one attempts to scale to another domain or language, which is too expensive to scale to thousands of domains and languages. This dissertation introduces a holistic method for expanding event extraction to other domains and languages within the limited available tools and resources. First, this study focuses on designing neural network architecture that enables the integration of external syntactic and graph features as well as external knowledge bases to enrich the hidden representations of the events. Second, this study presents network architecture and training methods for efficient learning under minimal supervision. Third, we created brand new multilingual corpora for event relation extraction to facilitate the research of event extraction in low-resource languages. We also introduce a language-agnostic method to tackle multilingual event relation extraction. Our extensive experiment shows the effectiveness of these methods which will significantly speed up the advance of the event extraction field. We anticipate that this research will stimulate the growth of the event detection field in unexplored domains and languages, ultimately leading to the expansion of language technologies into a more extensive range of diaspora.Item Open Access Advancing Clinical Natural Language Processing through Knowledge-Infused Language Models(University of Oregon, 2024-01-09) Lu, Qiuhao; Nguyen, ThienPre-trained Language Models (PLMs) have shown remarkable success in general-domain text tasks, but their application in the clinical domain is constrained by specialized language, terminology, and a lack of in-depth understanding of scientific and medical knowledge. As the adoption of Electronic Health Records (EHRs) and intricate clinical documents continues to grow, the need for domain-adapted PLMs in healthcare research and applications becomes increasingly vital. This research proposes innovative strategies to address these challenges, integrating domain-specific knowledge into PLMs to enhance their efficacy in healthcare. Our approach includes (i) fine-tuning models with knowledge graphs and domain-specific textual data, using graph representation learning and data augmentation techniques, and (ii) directly injecting domain knowledge into PLMs through the use of adapters. By employing these methods, the study aims to improve the performance of clinical language models in tasks such as interpreting EHRs, extracting information from clinical documents, and predicting patient outcomes. The advancements achieved in this work hold the potential to significantly influence the field of clinical Natural Language Processing (NLP) and contribute to improved patient care and healthcare innovation.Item Open Access On the Multi-Fractal Nature of Observed IP Addresses in Measured Internet Traffic(University of Oregon, 2023-07-06) OConnor, Walton; Rejaie, RezaWe examine the presence of multifractal properties in the spatial structure of observed IPv4 addresses in measured Internet traffic. A collection of traffic samples from a variety of network settings are assembled and their spatial structures evaluated for multifractal properties using the method of moments approach. We show that all collected traces have properties consistent with multifractal scaling, but that the scaling behaviors vary by trace. We propose mechanisms which may give rise to these behaviors, and then discuss a number of ways by which our empirical finding concerning the spatial structure of observed IP addresses in measured network traffic can be utilized in practice, including its use in modern dataplane network monitor settings, both as a metric to monitor and as a means to increase hardware utilization efficiency.