| 自然着色聚类过程中的网络安全事件计算 |
| |
| 引用本文: | 孙美凤,彭艳兵,龚俭,杨望.自然着色聚类过程中的网络安全事件计算[J].计算机学报,2007,30(10):1787-1797. |
| |
| 作者姓名: | 孙美凤 彭艳兵 龚俭 杨望 |
| |
| 作者单位: | 东南大学计算机科学与工程学院江苏省计算机网络技术重点实验室,烽火通信科技有限公司,东南大学计算机科学与工程学院江苏省计算机网络技术重点实验室,东南大学计算机科学与工程学院江苏省计算机网络技术重点实验室 南京210096,扬州大学信息工程学院计算机系江苏扬州225009,南京210001,南京210096,南京210096 |
| |
| 基金项目: | 国家重点基础研究发展计划(973计划) |
| |
| 摘 要: | 自然着色过程利用有部分重叠的短比特串映射,使两个Hash函数间带有相同的颜色,为判定两个Hash串是否同源提供了重要依据.在商集映射的视角下分析了多个不同的聚类函数间的差异和着色关系,结果表明聚类函数间的内部平衡性结合自然着色过程可以得到源串部分比特串的聚类特性,同时TCP宏观平衡性仍然保持不变.实验表明,利用这个特性可以从多个具有着色关系的短比特串映射的Hash存储空间得到如蠕虫爆发、DDoS之类的TCP宏观异常中发起者、受害者的聚类信息.因此自然着色过程大大扩展了TCP宏观平衡性的应用领域,为网络安全检测、监测和安全事件分布评估提供了有力的支持.
|
| 关 键 词: | Hash聚类 商集映射 自然着色 TCP宏观平衡性 安全事件分布计算 聚类特性 过程 网络 安全事件 计算 Process Reconstruction Information Colored Natural Event Security Networking 支持 评估 分布 监测 安全检测 应用 扩展 |
| 修稿时间: | 2007-05-05 |
The Calculation of Networking Security Event in the Natural Colored Information Reconstruction Process |
| |
| SUN Mei-Feng,PENG Yan-Bing,GONG Jian,YANG Wang.The Calculation of Networking Security Event in the Natural Colored Information Reconstruction Process[J].Chinese Journal of Computers,2007,30(10):1787-1797. |
| |
| Authors: | SUN Mei-Feng PENG Yan-Bing GONG Jian YANG Wang |
| |
| Affiliation: | 1.Key Laboratory of Networking of Jiangsu Province, School of Computer Science and Engineering, Southeast University, Nanjing 210096;2.Fiberhome Telecommunication Tech Co. Ltd, Nanjing 210001;3.Department of Computer Science and Engineering, Technology Institute, Yangzhou University, Yangzhou, Jiangshu 225009 |
| |
| Abstract: | The natural coloring process builds the coloring relationship among different hash functions by the overlapped Short Bit String Mappings,which can be used to determine whether two hash strings are from the same original string.The aggregation relationship and coloring relationship are analyzed from the view point of Quotient set mapping,it suggests that combined with inner balance of Hash functions,the natural coloring process can disclose more bits of original string in the multi Hash aggregation,in the meanwhile the quantity balance of TCP packets is kept.This character of the natural coloring process can be used to detect the IP address(es) and/or port information of victims and/or attackers of TCP macroscopical abnormal behavior such as DDoS,internet worm etc.,the conclusion is validated by the results of two experiments in the real traces.So the natural coloring process extends the application field of quantity balance of TCP packets greatly in networking security event distribution calculation/monitoring fields. |
| |
| Keywords: | Hash aggregation quotient set mapping natural coloring macroscopical TCP quantity balance security event distribution computing |
| 本文献已被 CNKI 维普 万方数据 等数据库收录! |
|
