共查询到19条相似文献,搜索用时 509 毫秒
1.
深度包检测技术(DPI)已成为网络信息安全的研究重点。基于硬件实现模式匹配的DPI技术凭借其更强的处理能力受到广泛关注。本文提出一种基于TCAM模式匹配的方法实现DPI,规则表项按字节分别存储在TCAM(三态内容寻址存储器)中,输入字符按不同字节与TCAM中内容进行匹配,提高了DPI中模式匹配的处理速度。针对该技术功耗大的缺点,提出BF(Bloom Filter)和TCAM相结合的两级模式匹配技术,BF可将较少可疑包转发给TCAM处理模块,从而降低了系统功耗,大大提高了系统处理速度。 相似文献
2.
该文基于布鲁姆过滤器算法和三态内容寻址存储器(Ternary Content Addressable Memory, TCAM)技术提出一种高效范围匹配方法,解决了目前TCAM范围匹配方案存在的存储利用率低、功耗大的问题。设计基于最长共同前缀的分段匹配算法(Segmented Match on Longest Common Prefix, SMLCP)将范围匹配拆分为前缀匹配和特征区间比对两步,TCAM空间利用率达到100%。根据SMLCP算法设计了BF-TCAM模型,使用布鲁姆过滤器对关键字过滤,屏蔽无关项参与比较,大幅降低功耗。使用流水线缩短关键路径长度,使查找操作在一个时钟周期内完成。研究结果表明,所提方法实现了零范围扩张,工作功耗较传统TCAM降低50%以上。 相似文献
3.
基于传统的布鲁姆过滤器在异常流量检测方面存在的不足,提出了动态布鲁姆过滤器的异常流量检测的结构,在检测率和误码率上都有所提高,从而更有效的预防了DDOS攻击. 相似文献
4.
分析了现有多维布鲁姆过滤器查询算法的工作原理和特点,针对大数据处理特点提出了一种基于双射函数的高精度多维计数布鲁姆过滤器(AMD-CBF)查询算法.AMD-CBF中元素表示和查找分两步进行,第1步将元素各属性哈希映射到各自对应的高精度计数布鲁姆过滤器(A-CBF)中;第2步将元素的所有属性通过双射函数转换为一个值来表示元素整体信息,然后将这个值哈希映射到联合计数布鲁姆过滤器中(C-CBF),完成元素整体的表示和查询确认.理论分析和仿真实验结果表明,AMD-CBF能够支持多维集合元素的高效表示和查询及删除,相比同类研究查询假阳性降低明显,查询精度大幅度提高. 相似文献
5.
针对流量测量中IP长流的检测问题,该文设计了计数布鲁姆过滤器(Count Bloom Filter, CBF)与超时布鲁姆过滤器(Timeout Bloom Filter, TBF)结合的长流检测机制。该机制动态调整布鲁姆过滤器中的超时时间,及时清理结束流,解决空间拥塞问题,从而可以适用于无结束标志IP长流检测。依据算法整体错误率与超时时间的分析,根据链路流到达强度与布鲁姆过滤器向量空间长度自适应动态调整超时时间,使得算法整体错误率保持最低。该算法的性能利用真实网络流量数据进行验证,结果表明,与现有算法相比,该算法的测量准确性更高。 相似文献
6.
7.
8.
9.
10.
为提高命名数据网络(Name Data Networking, NDN)路由过程中内容名字查找的效率,该文提出一种基于深度布隆过滤器的3级名字查找方法。该方法使用长短记忆神经网络(Long Short Term Memory, LSTM)与标准布隆过滤器相结合的方法优化名字查找过程;采用3级结构优化内容名字在内容存储器(Content Store, CS)、待定请求表(Pending Interest Table, PIT)中的精确查找过程,提高查找精度并降低内存消耗。从理论上分析了3级名字查找方法的假阳性率,并通过实验验证了该方法能够有效节省内存、降低查找过程的假阳性。 相似文献
11.
Compressed Bloom filters 总被引:3,自引:0,他引:3
A Bloom filter is a simple space-efficient randomized data structure for representing a set in order to support membership queries. Although Bloom filters allow false positives, for many applications the space savings outweigh this drawback when the probability of an error is sufficiently low. We introduce compressed Bloom filters, which improve performance when the Bloom filter is passed as a message, and its transmission size is a limiting factor. For example, Bloom filters have been suggested as a means for sharing Web cache information. In this setting, proxies do not share the exact contents of their caches, but instead periodically broadcast Bloom filters representing their caches. By using compressed Bloom filters, proxies can reduce the number of bits broadcast, the false positive probability, and/or the amount of computation per lookup. The cost is the processing time for compression and decompression, which can use simple arithmetic coding, and more memory use at the proxies, which utilize the larger uncompressed form of the Bloom filter. 相似文献
12.
Distributed Denial of Service (DDoS) attacks are a serious threat to Internet security. A lot of research effort focuses on having detection and prevention methods on the victim server side or source side. The Bloom filter is a space-efficient data structure used to support pattern matching problems. The filter is utilised in network applications for deep packet inspection of headers and contents and also looks for predefined strings to detect irregularities. In intrusion detection systems, the accuracy of pattern matching algorithms is crucial for dependable detection of matching pairs, and its complexity usually poses a critical performance bottleneck. In this paper, we will propose a novel Dual Counting Bloom Filter (DCBF) data structure to decrease false detection of matching packets applicable for the \(\textit{SACK}^2\) algorithm. A theoretical evaluation will determine the false rate probability of detection and requirements for increased memory. The proposed approach significantly reduces the false rate compared to previously published results. The results indicate that the increased complexity of the DCBF does not affect efficient implementation of hardware for embedded systems that are resource constrained. The experimental evaluation was performed using extensive simulations based on real Internet traces of a wide area network link, and it was subsequently proved that DCBF significantly reduces the false rate. 相似文献
13.
URL查找是众多网络系统中重要的组成部分,如URL过滤系统、Web缓存等.随着互联网的迅速发展,URL查找面临的主要挑战是实现大规模URL集合下的高速查找,同时保证低存储和低功耗.本文提出了一种基于并行Bloom Filter的URL查找算法,CaBF.该算法高度并行化,提供大规模URL集合下的高速最长前缀匹配,并很好地适应集合中不同数量的URL组件.理论分析和真实网络数据集上的实验表明,该算法相比现有算法可以降低假阳性概率达一个数量级(或者在满足相同假阳性概率的前提下降低存储和硬件逻辑资源消耗).此外,该方法的体系结构很容易映射到FPGA等硬件器件上,提供每秒超过150M次的URL查找速度. 相似文献
14.
拒绝服务(DoS)攻击是目前最难处理的网络难题之一.最近,研究人员针对DoS攻击提出了多种方案,这些方案都各有优缺点.其中,由Savage等人提出的概率包标记方案受到了广泛的重视,也有不少的变种出现.在这一类的标记方案中,路由器以固定的概率选择是否标记一个数据包,这导致受害需要较多的数据包进行攻击路径的重构.本文提出一种自适应的标记策略,经实验验证受害者用较少的数据包即可重构攻击路径,这不仅为受害者及早地响应攻击争取了更多的时间,还限制了攻击者的伪造能力. 相似文献
15.
16.
Mohammad Javad Faghihniya Seyed Mojtaba Hosseini Maryam Tahmasebi 《Wireless Networks》2017,23(6):1863-1874
VANET is an ad hoc network that formed between vehicles. Security in VANET plays vital role. AODV routing protocol is a reactive or on-demand routing protocol which means if there is data to be send then the path will create. AODV is the most commonly used topology based routing protocol for VANET. Using of broadcast packets in the AODV route discovery phase caused it is extremely vulnerable against DOS and DDOS flooding attacks. Flooding attack is type of a denial of service attack that causes loss of network bandwidth and imposes high overhead to the network. The method proposed in this paper called Balanced AODV (B-AODV) because it expects all network node behave normally. If network nodes are out of the normal behavior (too much route request) then they identified as malicious node. B-AODV is designed with following feature: (1) The use of adaptive threshold according to network conditions and nodes behavior (balance index) (2) Not using additional routing packets to detect malicious nodes (3) Perform detection and prevention operations independently on each node (4) Perform detection and prevention operations in real time (5) No need for promiscuous mode. This method for detection and prevention flooding attack uses average and standard deviation. In this method each node is employing balance index for acceptation or rejection RREQ packets. The results of the simulation in NS2 indicates B-AODV is resilience against flooding attack and prevent loss of network bandwidth. Comparing between AODV with B-AODV in normal state (non-attacker) shows B-AODV is exactly match with AODV in network performance, this means that the B-AODV algorithm does not impose any overhead and false positive to AODV. 相似文献
17.
僵尸网络(Botnet)是一种从传统恶意代码形态进化而来的新型攻击方式,为攻击者提供了隐匿、灵活且高效的一对多命令与控制信道(Command and Control channel, CC)机制,可以控制大量僵尸主机实现信息窃取、分布式拒绝服务攻击和垃圾邮件发送等攻击目的。该文提出一种与僵尸网络结构和CC协议无关,不需要分析数据包的特征负载的僵尸网络检测方法。该方法首先使用预过滤规则对捕获的流量进行过滤,去掉与僵尸网络无关的流量;其次对过滤后的流量属性进行统计;接着使用基于X-means聚类的两步聚类算法对CC信道的流量属性进行分析与聚类,从而达到对僵尸网络检测的目的。实验证明,该方法高效准确地把僵尸网络流量与其他正常网络流量区分,达到从实际网络中检测僵尸网络的要求,并且具有较低的误判率。 相似文献
18.
PIM-SM (Protocol Independent Multicast-Sparse Mode) is a main multicast routing protocol in the IPv6 (Internet Protocol version 6). It can use either a shared tree or a shortest path tree to deliver data packets, consequently the multicast IP lookup engine requires, in some cases, two searches to get a correct lookup result according to its multicast forwarding rule, and it may result in a new requirement of doubling the lookup speed of the lookup engine. The ordinary method to satisfy this requirement in TCAM (Ternary Content Addressable Memory) based lookup engines is to exploit parallelism among multiple TCAMs. However, traditional parallel methods always induce more resources and higher design difficulty. We propose in this paper a novel approach to solve this problem. By arranging multicast forwarding table in class sequence in TCAM and making full use of the intrinsic characteristic of the TCAM, our approach can get the right lookup result with just one search and a single TCAM, while keeping the hardware of lookup engine unchanged. Experimental results have shown that the approach make it possible to satisfy forwarding IPv6 multicast packets at the full link rate of 20 Gb/s with just one TCAM with the current TCAM chip. 相似文献