期刊文献+

基于LRU和SCBF的大象流提取及其在DDoS防御中的应用 被引量:14

An Algorithm Based on LRU and SCBF for Elephant Flows Identification and Its Application in DDoS Defense
下载PDF
导出
摘要 大象流的及时、准确提取对防御大规模网络安全事件具有重要意义.针对独立的LRU和SCBF提取大象流存在的不足,提出了基于LRU和SCBF的大象流提取方法——LRU_SCBF算法.该算法使用LRU列表和SCBF数组二级存储结构,将到达的老鼠流存入SCBF中,达到一定门限则提取到LRU中,LRU满时按最近最久未用策略淘汰老鼠流到SCBF中,循环实现大象流和老鼠流的分别聚集.理论分析和模拟实验表明:LRU_SCBF算法占用空间小,误报和漏报低,能实现高速网络环境下大象流的及时准确提取.应用于DDoS攻击防御中,能够实现DDoS攻击的及时检测和追踪. It is valuable for defending large-scale network security incidents to identify elephant flows in time and accurately. Aiming at the disadvantages of single use of LRU and SCBF in identifying elephant flows, an elephant flow identification algorithm based on LRU and SCBF, LRU_SCBF, is proposed. The LRU_SCBF uses two-level structure which is LRU list and SCBF array. The arrival mice flow is stored into the SCBF at first. Then it is extracted to the LRU when its count is greater than a certain threshold. If the LRU is full, the mice flow is out from LRU according to the LRU strategy and put into the SCBF, and so on. The elephant flows and mice flows are stored separately. Theoretical analysis and simulated experiment show that the storage complexity is low, and the false positive rate and the false negative are both low in LRU_SCBF. It makes the extraction of elephant flows accurate and timely in high-speed network. Applying this in DDoS defense, we realize the detection and traceback against DDoS attacks in time.
出处 《计算机研究与发展》 EI CSCD 北大核心 2011年第8期1517-1523,共7页 Journal of Computer Research and Development
基金 国家"八六三"高技术研究发展计划基金项目(2009AA01Z420) 广东省高等学校高层次人才项目
关键词 流量测量 大象流 最近最久未使用 空间编码bloom过滤器 分布式拒绝服务防御 traffic measurement elephant flow least recently used (LRU) space code bloom filters(SCBF) DDoS defense
  • 相关文献

参考文献18

  • 1Estan C, Varghesc G. New directions in traffic measurement and accounting:Focusing on elephants, ignoring the mice [J]. ACM Trans on Computer Systems, 2003, 21(3):270- 313.
  • 2王宏,龚正虎.Hits和Holds:识别大象流的两种算法[J].软件学报,2010,21(6):1391-1403. 被引量:13
  • 3Mori T, Uchida M, Kawahara R. Identifying elephant flows through periodically sampled packets [C] //Proc of ACMSIGCOMM2004. New York: ACM, 2004:115-120.
  • 4Duffield N, Lund C, Thorup M. Charging from sampled network usage[C] //Proc of ACM SIGCOMM Workshop Internet Measurement. NewYork:ACM, 2001:245-256.
  • 5Shaikh A, Rexford j, Shin K G. Load-sensitive routing ot long-lived IP flows [C] //Proc of ACM SIGCOMM99. New York: ACM, 1999:215-226.
  • 6Kodialam M, Lakshman T V, Mohanty S. Runs based traffic estimator (RATE): A simple, memory efficient scheme for per-flow rate estimation [C]//Proc of INFOCOM 2004. Los Alamltos, CA:IEEE Computer Society, 2004:1808-1818.
  • 7Hao F, Kodialam M, Lakshman T V, et al. Fast, memory ef/icient trallic estimation by coincidence counting [C] //Proc of INFOCOM 2004. Los AIamitos, CA: IEEE Computer Society, 2004:2080-2090.
  • 8王丹,谢高岗,杨建华,张广兴,李振宇.一种改进的自适应流量采样方法[J].计算机研究与发展,2007,44(8):1339-1347. 被引量:7
  • 9周明中,龚俭,丁伟,程光.基于MGCBF算法的长流信息统计[J].东南大学学报(自然科学版),2006,36(3):472-476. 被引量:5
  • 10吴桦,龚俭,杨望.一种基于双重Counter Bloom Filter的长流识别算法[J].软件学报,2010,21(5):1115-1126. 被引量:25

二级参考文献69

共引文献65

同被引文献163

引证文献14

二级引证文献66

相关作者

内容加载中请稍等...

相关机构

内容加载中请稍等...

相关主题

内容加载中请稍等...

浏览历史

内容加载中请稍等...
;
使用帮助 返回顶部