摘要
大象流的及时、准确提取对防御大规模网络安全事件具有重要意义.针对独立的LRU和SCBF提取大象流存在的不足,提出了基于LRU和SCBF的大象流提取方法——LRU_SCBF算法.该算法使用LRU列表和SCBF数组二级存储结构,将到达的老鼠流存入SCBF中,达到一定门限则提取到LRU中,LRU满时按最近最久未用策略淘汰老鼠流到SCBF中,循环实现大象流和老鼠流的分别聚集.理论分析和模拟实验表明:LRU_SCBF算法占用空间小,误报和漏报低,能实现高速网络环境下大象流的及时准确提取.应用于DDoS攻击防御中,能够实现DDoS攻击的及时检测和追踪.
It is valuable for defending large-scale network security incidents to identify elephant flows in time and accurately. Aiming at the disadvantages of single use of LRU and SCBF in identifying elephant flows, an elephant flow identification algorithm based on LRU and SCBF, LRU_SCBF, is proposed. The LRU_SCBF uses two-level structure which is LRU list and SCBF array. The arrival mice flow is stored into the SCBF at first. Then it is extracted to the LRU when its count is greater than a certain threshold. If the LRU is full, the mice flow is out from LRU according to the LRU strategy and put into the SCBF, and so on. The elephant flows and mice flows are stored separately. Theoretical analysis and simulated experiment show that the storage complexity is low, and the false positive rate and the false negative are both low in LRU_SCBF. It makes the extraction of elephant flows accurate and timely in high-speed network. Applying this in DDoS defense, we realize the detection and traceback against DDoS attacks in time.
出处
《计算机研究与发展》
EI
CSCD
北大核心
2011年第8期1517-1523,共7页
Journal of Computer Research and Development
基金
国家"八六三"高技术研究发展计划基金项目(2009AA01Z420)
广东省高等学校高层次人才项目