摘要
高速网络环境中,实时、准确地提取大流量对于网络安全和网络管理具有重要意义。该文针对传统的流量测量方法受计算资源和存储资源的限制,提出了一种基于多维计数型布鲁姆过滤器(Multi-Dimensional Counting Bloom Fliter,MDCBF)的大流检测机制。它将1维的计数型布鲁姆过滤器(Counting Bloom Fliter,CBF)结构,扩展到支持多维业务流表示、查询和统计计数的MDCBF结构。基于"Apriori原理",通过对MDCBF实施重正化,实现了用户自定义的大流检测。并能自适应地配置CBF参数,允许测量误差控制在预定义的范围内。基于计算机产生的模拟数据和实际互联网数据进行了仿真实验,结果显示:该方法既能获得较小的测量误差,又能获得较高的空间利用率。
In high-speed network,identifying heavy hitters precisely in time serves as great significance for both network security and network management.In order to circumvent the deficiency of the limitted computing and storage abilities in traditional traffic measurement,a novel mechanism called identifying heavy hitters based on Multi-Dimensional Counting Bloom Filter(MDCBF) is proposed.Extending the standard structure of Counting Bloom Filter(CBF) to multi-dimensional one,the mechanism can not only represent,query and count traffic flows,but also sustain real time multi-granularity measurement.Based on Apriori principle,it can realize the identification of heavy hitters through implementing renormalization of MDCBF.Experiments are conducted based on the data either randomly produced by computer or sampled from the real network trace.Results demonstrate that the proposed mechanism can achieve finer space saving without sacrificing accuracy.
出处
《电子与信息学报》
EI
CSCD
北大核心
2010年第7期1608-1613,共6页
Journal of Electronics & Information Technology
基金
国家863计划项目(2007AA01z2a1)
国家973规划项目(2007CB307102)资助课题