摘要
针对大流检测、突变流检测和基数估计等的网络流量测量对保障网络安全具有重要意义.但当前相关研究存在实时性不足、测量精度不高等问题.针对上述问题,设计了一种基于多层Sketch(multiple layer sketch, ML Sketch)的网络流量测量模型.首先,该模型采用自主设计的ML Sketch结构,使用分类存储结构提高了流量测量的精度.其次,在SDN(software defined network)环境下利用流量实时回放技术,模拟了流量的动态发生场景.最后,在SDN控制平面实现了对大流、突变流和基数估计类流量的实时动态检测.在UNSW-NB15上的实验结果表明,与传统Sketch结构相比,所设计的ML Sketch结构在F1_Score指标上最高提高4.81%,相关误差最高降低81.12%,验证了该模型的有效性.
Network traffic measurement for large flow detection,mutation flow detection and base estimation is of great significance for ensuring network security.However,the current related research suffers from the problems of insufficient real-time performance and low measurement accuracy.In response to the above issues,this paper designs a network traffic measurement model based on Multiple Layer Sketch(ML Sketch).First,the model adopts an independently designed ML Sketch structure,which uses a categorized storage structure to improve the accuracy of traffic measurement.Second,we simulate the dynamic occurrence scenarios of traffic in SDN(Software Defined Network)environment using real-time traffic playback technology.Finally,real-time dynamic detection of large,mutating and base estimation classes of traffic is realized in the SDN control plane.The experimental results on UNSW-NB15 show that compared with the traditional Sketch structure,the ML Sketch structure designed in this paper improves the F1_Score metric by up to 4.81%and reduces the correlation error by up to 81.12%,verifying the effectiveness of the model in this paper.
作者
杨心怡
池亚平
王志强
Yang Xinyi;Chi Yaping;Wang Zhiqiang(School of Cyberspace Security,Beijing Electronics Science&.Technology Institute,Beijing 100070;Key Laboratory of Netzwork Assessment Technology,Institute of Information Engineering,Chinese Academy of Sciences,Beijing 100093)
出处
《信息安全研究》
CSCD
北大核心
2024年第9期840-848,共9页
Journal of Information Security Research
基金
中央高校基本科研业务费专项资金项目(328202275)。
关键词
网络测量
SDN
SKETCH
流量回放
网络安全
snetwork measurement
SDN(software defined network)
Sketch
traffic replay
network security
