摘要
引入信息熵对哈希函数的输入值进行随机度测试,实验证明增加异或字段数并划分字段后进行异或运算能提高运算结果的随机测度值。标识字段有很高的位熵值,函数输入值中加入此值能减少负载迁移次数而运算效率与CRC16接近。采用源IP、目的IP、源端口、目的端口、标识字段作为输入值,并划分为8位的比特串进行异或运算,然后再进行取模运算的双哈希算法运算效率较高而且均衡性好,适合于高速网络环境下的入侵检测。
Information entropy is adopted to consider the input of Hash function. The experimental results show that adding exclusiveor segments and partitioning exclusive-or bytes enhance the random measurement of operation results, reduce the movement of load, and the efficiency is closed to CRC 16 algorithm. Resource IP, destination IP, resource port, destination port and flag segments are regarded as input data, which partitioned eight bit strings are made exclusive-or and then modular operations. The algorithm named as double Hash is efficient and well balanced, and very fitful to intrusion detection systems in high-speed networks.
出处
《计算机工程与设计》
CSCD
北大核心
2007年第6期1290-1291,1483,共3页
Computer Engineering and Design
基金
山西省自然科学基金项目(20041047)
关键词
入侵检测
高速网络
负载均衡
哈希算法
异或
intrusion detection
high-speed networks
load balancing
Hash
exclusive-or operation