期刊文献+

高速网络超连接主机检测中的流抽样算法研究 被引量:13

On Flow Sampling for Identifying Super-Connection Hosts in High Speed Networks
下载PDF
导出
摘要 检测超连接主机是网络安全中的重要问题.而流抽样是高速网络环境下解决该问题的基础.现有解决方案使用基于哈希流抽样算法,其基本假设是存在均匀随机哈希函数.但是已有研究并没有评价此假设的合理性.该文通过技术分析和实验测试得出结论:在2.5Gbps以上高速网络中,以上假设在线性流ID序列情况下并不合理.随后,该文基于Bloom filter数据结构提出一种新的流抽样算法.算法分析表明:新算法具有10Gbps线速处理能力和较小的空间复杂度.最后,该文基于实际互联网数据进行实验评价,结果显示:新算法能够实现独立于流ID的等概率随机抽样. Detecting super-connection hosts is an important issue in network security and flow sampling is the key to solve this problem in high speed networks. The existing solutions use hash-based flow sampling algorithm, which assumes that the uniform random hash functions are available. However, this assumption can not be justified. By technical analysis and experiment tests, this paper concludes that the assumption is not true for linear flow IDs in high speed networks (above 2.5Gbps).A new flow sampling algorithm is presented subsequently, which exploits the Bloom Filter data structure. An analysis demonstrates that the new algorithm can support the 10Gbps line-speed processing with low space complexity. Experiments are also conducted based on real network traces. Results show that the proposed algorithm can achieve equal probability flow sampling independent of flow ID distribution.
出处 《电子学报》 EI CAS CSCD 北大核心 2008年第4期809-818,共10页 Acta Electronica Sinica
基金 国家自然科学基金(No.90604019 60502037) 国家973重点基础研究发展规划(No.2003CB314806) 国家863高技术研究发展计划(No.2006AA01Z235)
关键词 网络安全 超连接主机 流抽样 哈希函数 BLOOM FILTER network security super-connection host flow sampling hash functions Bloom filter
  • 相关文献

参考文献26

  • 1Paxson V Bro.A system for detecting network intrders in real-time[J].In Computer Networks,1999,31(23-24):2435 -2463.
  • 2Roesch M.Snort-lightweight intrusion detection for networks[A].In Proceedings of the 13th USENIX Systems Administration Conference[C].Washington:USENIX,1999.229-238.
  • 3Pionka D.FlowScan:a network traffic flow reporting and visualization tool[A].In Proceedings of the 14th USENIX conference on System administration[C].New Orleans:USENIX,2000.305-318.
  • 4Keys K,Moore D,Koga R,et al.The architecture of Coral-Reef:an internet Waffle monitoring software suite[OL].http://www.caida.org/publications/papers/2001/CoralArch/coral-reef.pdf,2001.
  • 5Levchenko K,Pamri R,Varghese G.On the difficulty of scab ably detecting network attacks[A].In Proceedings of the 11th ACM Conferernce on Computer and Conmmunications security (CCS'04)[C].New York:ACM,2004.12-20.
  • 6Kompella R R,Singh S,Varghese G.On sealable attack detection in the network[A].In Proceedings of the 4th ACM SIG-COMM Conference on Internet Measurement[C].New York:ACM,2004.187-200.
  • 7Venkataraman S,Song D,Gibbons P,Blum A.New streaming algorithms for fast detection of Superspreaders[A].In Proceedings of the 12th Annual Network and Distributed System Security Symposium[C].San Diego:The Internet Society,2005.120-137.
  • 8Keys K,Moore D,Estan C.A robust system for accurate real-time summaries of internet traffic[A].In Proceedings of the 2005 ACM SIGMETRICS international conference[C].New York:ACM,2005.85-96.
  • 9Zhao Q,Xu J,Kumar A.Detection of super sources and destinations in high-speed networks:algorithms,analysis and evaluation[J].IEEE Journal on Selected Areas in Conmmnications,2006,24(10):1840-1852.
  • 10Wang H,Zhang D,Shin K G.Detecting SYN flooding attacks[A].In Proceeding of IEEE INFOCOM'02[C].New York:IEEE,2002.1530-1539.

同被引文献83

引证文献13

二级引证文献67

相关作者

内容加载中请稍等...

相关机构

内容加载中请稍等...

相关主题

内容加载中请稍等...

浏览历史

内容加载中请稍等...
;
使用帮助 返回顶部