共查询到20条相似文献,搜索用时 187 毫秒
1.
基于Grid Of Tries的无冲突多维IP分类算法 总被引:1,自引:0,他引:1
快速IP分类算法是提高网络设备性能的关键,无冲突规则集则是正确进行IP报文分类的前提和保证、本文首先形式化描述了IP分类算法和规则冲突问题,介绍了常用的IP分类算法及冲突解决策略,并提出了一种基于Grid Of Tries的无冲突多维IP分类算法,解决了规则集中存在冲突的问题,最后对该算法进行了性能分析和展望。 相似文献
2.
为了有效地实现防火墙及QoS路由等功能,路由器等网络元素必须能高速地对分组分类.对一维分组分类,已有很多成熟方案,而多维算法由于实现复杂,还没有有效的分类算法.本文对无过滤规则无冲突的数据库进行了研究,提出了基于元组空间多维分组分类算法:元组空间矢量位映射算法.对多维和二维分类在最不利情况下分别进行了性能分析,指出与已有的方案相比,在存贮空间、查找时间等性能上,本文提出的算法是效率最佳的.本文的算法不仅可以由软件实现,也很容易由硬件实现. 相似文献
3.
针对传统证据冲突衡量标准存在的不足及高冲突下Dempster证据组合规则失效的问题,通过pignistic变换,定义了新的证据冲突衡量标准,基于此,提出了一种新的D-S改进算法.该方法依据少数服从多数的决策思想,引入了描述证据重要度的权重系数,对证据进行预处理,再采用Dempster规则进行组合.通过仿真算例分析,并与其它改进方法进行对比,验证了新算法在处理证据冲突方面的性能显著改进,加快了收敛速度,同时降低了决策风险. 相似文献
4.
5.
6.
7.
报文过滤策略是基于报文头部及相关信息对其进行分类的规则集合,报文分类是提供网络服务如路由、QoS、安全等的关键技术.策略中的冲突会导致不一致的系统行为.提出了一种具有精确语义的过滤策略语言,并给出了该语言到Horn程序的转换规则,从而可以利用逻辑推理技术检测和解析冲突.理论分析和原型实现验证了该方法的有效性. 相似文献
8.
高冲突证据下的目标识别方法研究一直是热点和难点问题。比例冲突再分配规则正是处理高冲突证据的一种有效方法。介绍并分析了比例冲突再分配系列规则,并通过具体的例子对不同方法进行了仿真验证,说明了比例冲突再分配规则能很好地处理目标识别问题中的高冲突证据。 相似文献
9.
D—S证据理论在多源数据融合中的应用及改进 总被引:2,自引:0,他引:2
在不确定性处理算法中,D-S证据理论具有较好的应用效果.阐述了D-S证据理论及其在多传感器数据融合中的应用.从改进合成规则和证据源数据两方面对当前的一些改进方法进行了分析比较.提出一种基于冲突强度的证据合成规则,并在Murphy证据平均合成规则的基础上提出一种基于证据间相似系数的证据合成规则,通过实例对这几种方法进行了比较,证明了基于相似系数证据合成规则的有效性. 相似文献
10.
异常证据及其检测算法研究 总被引:2,自引:2,他引:0
分析了异常证据的概念及其分类,提出了基于证据距离和证据冲突程度的异常证据检测算法.该算法讨论了异常证据检测算法中的距离和冲突程度两个重要参数,具有计算量小、简便实用等优势.实例表明算法有效可行. 相似文献
11.
This paper explores the use of Multi-Terminal Interval Decision Diagrams (MTIDDs) as the central structure of a firewall packet filtering mechanism. This is done by first relating the packet filtering problem to predicate logic, then implementing a prototype which is used in an empirical evaluation. The main benefits of the MTIDD structure are that it provides access to Boolean algebra over filters, efficient classification time, and a compact representation. Results from the empirical evaluation shows that MTIDDs are scalable in terms of memory usage: a 50,000 rule filter requires only 3MB of memory, and efficient for packet classification: it is able to handle more rules than the schemes it was compared to without causing a degradation in performance. 相似文献
12.
13.
Scalable packet classification 总被引:1,自引:0,他引:1
Packet classification is important for applications such as firewalls, intrusion detection, and differentiated services. Existing algorithms for packet classification reported in the literature scale poorly in either time or space as filter databases grow in size. Hardware solutions such as TCAMs do not scale to large classifiers. However, even for large classifiers (say, 100 000 rules), any packet is likely to match a few (say, 10) rules. This paper seeks to exploit this observation to produce a scalable packet classification scheme called Aggregated Bit Vector (ABV). It takes the bit vector search algorithm (BV) described in Lakshman and Stidialis, 1998 (which takes linear time) and adds two new ideas, recursive aggregation of bit maps and filter rearrangement, to create ABV (which can take logarithmic time for many databases). We show that ABV outperforms BV by an order of magnitude using simulations on both industrial firewall databases and synthetically generated databases. 相似文献
14.
15.
We show that determining the minimum number of resolve filters that need to be added to a set of two-dimensional (2-D) prefix filters so that the filter set can implement a given policy using the first-matching-rule-in-table tie breaker is NP-hard. Additionally, we develop a fast O(nlogn+s) time, where n is the number of filters and s is the number of conflicts, plane-sweep algorithm to detect and report all pairs of conflicting 2-D prefix filters. The space complexity of our algorithm is O(n). On our test set of 15 2-D filter sets, our algorithm runs between 4 and 17 times as fast as the 2-D trie algorithm of A. Hari et al. (2000) and uses between 1/4th and 1/8th the memory used by the algorithm of Hari et al. On the same test set, our algorithm is between 4 and 27 times as fast as the bit-vector algorithm of Baboescu and Varghese (2002) and uses between 1/205 and 1/6 as much memory. We introduce the notion of an essential resolve filter and develop an efficient algorithm to determine the essential resolve filters of a prefix filter set. 相似文献
16.
17.
包分类算法的性能直接影响数据包的收发速度,决定了网络的时延和吞吐量。防火墙中使用分类算法进行过滤规则的匹配查找,能有效降低规则匹配搜索时间,极大地提升防火墙的性能。递归流分类(RFC,Recursive Flow Classification)算法查找速度快,但预处理时间长,存储开销大。现在RFC算法的基础上,结合哈希树算法对数据包各字段分开处理。将两种算法结合,综合考虑了空间和时间性能,不仅减少了存储开销,而且能保持相对快的查找速度。 相似文献
18.
Performance Improvement of Two-Dimensional Packet Classification by Filter Rephrasing 总被引:1,自引:0,他引:1
Pi-Chung Wang Chun-Liang Lee Chia-Tai Chan Hung-Yi Chang 《Networking, IEEE/ACM Transactions on》2007,15(4):906-917
Packet classification categorizes incoming packets into multiple forwarding classes in a router based on predefined filters. It is important in fulfilling the requirements of differentiated services. To achieve fast packet classification, a new approach, namely ldquofilter rephrasing,rdquo is proposed to encode the original filters by exploiting the hierarchical property of the filters. Filter rephrasing could dramatically reduce the search and storage complexity incurred in packet classification. We incorporate a well-known scheme-rectangle search-with filter rephrasing to improve the lookup speed by at least a factor of 2 and decreases 70% of the storage expenses. As compared with other existing schemes, the proposed scheme exhibits a better balance between speed, storage, and computation complexity. Consequently, the scalable effect of filter rephrasing is suitable for backbone routers with a great number of filters. 相似文献
19.
对网络包的截获技术是防火墙技术的一部分,很多场合都采用的是这种技术,具有较大的商业价值。介绍了现有的一些网络包截获技术,包括SPI技术、NDIS技术。并且对现在应用最广泛的内核过滤技术进行了研究与实现,经测试表明,与传统的那些技术相比,这种技术确实可以取得比其它技术更有效率,更稳定。 相似文献
20.
《Selected Areas in Communications, IEEE Journal on》2006,24(10):1805-1816
New network applications like intrusion detection systems and packet-level accounting require multimatch packet classification, where all matching filters need to be reported. Ternary content addressable memories (TCAMs) have been adopted to solve the multimatch classification problem due to their ability to perform fast parallel matching. However, TCAMs are expensive and consume large amounts of power. None of the previously published multimatch classification schemes are both memory and power efficient. In this paper, we develop a novel scheme that meets both requirements by using a new set splitting algorithm (SSA). The main idea behind SSA is that it splits filters into multiple groups and performs separate TCAM lookups into these groups. It guarantees the removal of at least 1/2 the intersections when a filter set is split into two sets, thus resulting in low TCAM memory usage. SSA also accesses filters in the TCAM only once per packet, leading to low-power consumption. We compare SSA with two best known schemes: multimatch using discriminators (MUD) (Lakshminarayanan and Rangarajan, 2005) and geometric intersection-based solutions (Yu and Katz, 2004). Simulation results based on the SNORT filter sets show that SSA uses approximately the same amount of TCAM memory as MUD, but yields a 75%–95% reduction in power consumption. Compared with geometric intersection-based solutions, SSA uses 90% less TCAM memory and power at the cost of one additional TCAM lookup per packet. We also show that SSA can be combined with SRAM/TCAM hybrid approaches to further reduce energy consumption. 相似文献