压缩域快速视频拷贝检测算法

为了在大规模数据下有效提升拷贝检测速度,提出了一种压缩域视频拷贝检测算法,采用2级匹配框架,利用压缩域上DCT系数顺序度量特征进行相似度匹配,显著减少了查询视频解码操作;并为DCT系数顺序度量特征建立倒排索引,以加快第一级匹配的速度.实验结果表明,与已有的算法相比,所提出算法在保持相当的检测精度条件的同时,大幅提升了检测速度.     

基于随机森林的无线通信网络入侵检测方法

由于传统网络入侵检测方法依赖特征知识库对恶意流量数据进行智能判别,导致检测结果的精度较低,本研究提出基于随机森林的无线通信网络入侵检测方法。根据入侵位置划分无线通信网络的入侵方式,提取并处理不同入侵方式下的无线通信网络流量数据,基于随机森林算法对提取数据中的恶意流量与正常流量进行分类,以此完成无线通信网络入侵检测。实验结果表明,文章设计的方法检测不同类型的无线通信网络入侵行为时误检率为2.83%,证实了该方法的有效性与精确性。     

高速入侵检测系统

本文提出了多个关键技术从各个方面解决传统入侵检测速度瓶颈的问题，包括：零拷贝报文捕获、基于状态的协议分析、以及规则树结合高速算法插件匹配等技术。其中规则树结合高速算法插件的匹配技术在国内外属首次提出。     

云计算环境下混合多样木马群检测技术仿真

提出基于粒子辨别树联合算法的云计算环境下混合多样木马群检测方法.对云计算环境下的木马进行有效的分类处理,根据分类结果构建关联粒子入侵辨别树,利用攻击特征更新理论和更新后密度分布理论完成云计算环境下混合多样木马群的检测.实验结果表明,利用该算法进行云计算环境下混合多样木马群检测,能够有效提高检测效率,降低漏检率.     

基于循环神经网络的无线网络入侵检测分类模型构建与优化研究

为提高无线网络入侵检测模型的综合性能,该文将循环神经网络(RNN)算法用于构建无线网络入侵检测分类模型。针对无线网络入侵检测训练数据样本分布不均衡导致分类模型出现过拟合的问题,在对原始数据进行清洗、转换、特征选择等预处理基础上,提出基于窗口的实例选择算法精简训练数据集。对攻击分类模型的网络结构、激活函数和可复用性进行综合优化实验,得到最终优化模型,分类准确率达到98.6699%,综合优化后的运行时间为9.13 s。与其他机器学习算法结果比较,该优化方法在分类准确率和执行效率两个方面取得了很好的效果,综合性能优于传统的入侵检测分类模型。     

基于多核最大均值差异迁移学习的WLAN室内入侵检测方法

无线局域网(WLAN)室内入侵检测技术是目前智能检测领域的研究热点之一,而传统基于数据库构建的入侵检测技术没有考虑复杂室内环境中WLAN信号的时变性,从而导致WLAN室内入侵检测系统的鲁棒性较差。为了解决这一问题,该文提出一种基于多核最大均值差异(MKMMD)迁移学习的WLAN室内入侵检测方法。该方法首先利用离线有标记和在线伪标记的接收信号强度(RSS)特征来分别构建源域和目标域;其次,通过构造最优迁移矩阵以最小化源域和目标域RSS特征混合分布之间的MKMMD;再次,利用迁移后的源域RSS特征与对应标签来训练分类器,并将其用于对迁移后的目标域RSS特征进行分类以得到目标域标签集;最后,迭代更新目标域标签集直至算法收敛,进而实现对目标环境的入侵检测。实验结果表明,该文所提方法在保证较高检测精度的同时,能够有效克服信号时变性对检测性能的影响。     

基于端口互动模式的入侵检测模型

针对链路层的海量高速数据流、信息易被伪装、较小异常流量占比等特征,提出了一种基于端口互动模式量化模型的入侵检测模型。为提高入侵检测模型的精度和效率,提出了一种从初始流量中获取流量特征的新方法,并重点探讨如何以流量到达时间分布作为一维特征。使用相空间重构、可视化等方法证明了模型的有效性,并进一步根据长会话和短会话各自的特征设计了基于卷积层和长短时记忆层的改进神经网络,用以挖掘正常和异常流量端口互动模式之间的差异。在此基础上,设计了多模型评分机制下的改进入侵检测算法,对模型空间内的会话进行流量分类。所提出的量化模型和改进算法在提高计算效率的同时,能够有效避免伪装身份信息的情况,降低神经网络训练成本,提升小样本异常检测精度。     

一种端到端的加密流量多分类粗粒度融合算法

网络流量分类在网络安全领域发挥着重要作用,广泛应用于网络异常行为检测、网络入侵检测等研究及应用领域。随着网络加密技术的广泛使用,基于表征学习的深度学习方法由于其自动提取特征的特性,在加密流量分类领域取得了不错的性能表现。在表征学习的基础上,针对加密流量分类,提出了一种端到端的多分类粗粒度融合算法。在ISCX VPN-nonVPN数据集上的实验结果表明,所提算法与同类算法相比有更好的流量分类性能表现以及更快的收敛速度。     

一种网间异常流量诊断处置方案

针对中国移动部分IDC客户违规转租带宽、发展第三方家宽、内容资源调度策略不合理而造成大量回源流量从CMNET骨干网出口疏通的网间异常流量行为,提出一种基于深度报文检测技术(DPI)技术的诊断处置方案。方案已成功应用于移动某省公司的IDC客户异常流量的诊断处置, IDC业务CMNET骨干网出口网间流量下降71.42%、减少经济损失,出口质量显著提高,异常流量行为显著减少、风险得以有效防控。     

云计算环境下虚拟机在线迁移优化

在线迁移在云计算平台下已广泛使用,虚拟机内存迁移主要采用的是预拷贝算法.传统预拷贝算法在迭代过程中会将脏页反复重传导致迁移时间较长,针对这一问题文章提出了在拷贝过程中增加脏页预测算法和内存压缩算法相结合的方法.脏页预测算法是采用统计方法,依据内存页历史操作情况对改动频繁的内存页进行标记,根据标记决定是否在最后一轮内存迁移中传输,为了减少迁移传输量,先通过内存压缩算法将其压缩,然后再传输.实验结果表明,改进后的方法有效地降低了停机时间和迁移时间,提高了迁移效率,达到了更快迁移的目的.     

基于计数布鲁姆过滤器的快速多维包分类算法

本文从数据包匹配规则的聚集特性出发,将计数布鲁姆过滤器和哈希表相结合,设计并实现了一种高效的多维包分类算法CBHT(Counting Bloom filter and Hash Table).基于包匹配规则的聚集特性,对于五维包分类问题,CBHT算法首先利用计数布鲁姆过滤器的过滤功能结合单域匹配获得与前两维匹配的小规模规则集,而后在此有限规则集中对后三维进行匹配.利用计数布鲁姆过滤器提高了包匹配速度并有效支持规则库的动态更新.实验结果表明CBHT算法比现有的B2PC算法节省60%的硬件资源,包匹配访问内存次数平均低于B2PC算法22.8%.     

Algorithms for packet classification

The process of categorizing packets into “flows” in an Internet router is called packet classification. All packets belonging to the same flow obey a predefined rule and are processed in a similar manner by the router. For example, all packets with the same source and destination IP addresses may be defined to form a flow. Packet classification is needed for non-best-effort services, such as firewalls and quality of service; services that require the capability to distinguish and isolate traffic in different flows for suitable processing. In general, packet classification on multiple fields is a difficult problem. Hence, researchers have proposed a variety of algorithms which, broadly speaking, can be categorized as basic search algorithms, geometric algorithms, heuristic algorithms, or hardware-specific search algorithms. In this tutorial we describe algorithms that are representative of each category, and discuss which type of algorithm might be suitable for different applications     

基于最短划分距离的网络流量决策树分类方法

对不同类别的应用数据流,根据其在最初若干分组中进行握手和参数协商的差异性,通过通信模式、载荷长度以及信息熵等特征,采用基于最短划分距离的方法构建决策树模型,对其进行流量分类。经过在4个不同类型的真实网络数据集上的离线分类实验,以及在校园网环境中的在线流量分类实验。结果表明该模型对8种常见协议的网络流量,分析其前4到6个分组的特征,能够在分类准确性和系统开销上取得较好的效果。与其他机器学习算法相比,该模型构建的决策树规模较小,分类时间较短,适合于实时流量分类问题。     

移动高速数据包通信的模糊快速小区选择

在高速下行数据包接入(HSDPA)系统中,软切换会给下行链路带来严重干扰,降低链路容量.3GPP相关文档提出通过快速小区选择(FCS)来解决上述问题,其中用户设备(UE)以导频信号强度作为选择通信小区的唯一依据.为平衡小区间业务量,本文结合导频信号强度、小区呼叫到达率和基站可用功率,提出了模糊快速选择小区的算法(FFCS).分析和仿真结果表明采用FFCS技术能有效提高业务量相对繁重小区的容量.     

Research of the traffic characteristics for the real time online traffic classification

Aiming at the hysteretic characteristics of classification problem existed in current internet traffic identification field,this paper investigates the traffic characteristic suitable for the on-line traffic classification,such as quality of service (QoS).By the theoretical analysis and the experimental observation,two characteristics (the ACK-Len ab and ACK-Len ba) were obtained.They are the data volume which first be sent by the communication parties continuously.For these two characteristics only depend on data’s total length of the first few packets on the flow,network traffic can be classified in the early time when the flow arrived.The experiment based on decision tree C4.5 algorithm,with above 97% accuracy.The result indicated that the characteristics proposed can commendably reflect behavior patterns of the network application,although they are simple.     

Packet-level traffic measurements from the Sprint IP backbone

Network traffic measurements provide essential data for networking research and network management. In this article we describe a passive monitoring system designed to capture GPS synchronized packet-level traffic measurements on OC-3, OC-12, and OC-48 links. Our system is deployed in four POP in the Sprint IP backbone. Measurement data is stored on a 10 Tbyte storage area network and analyzed on a computing cluster. We present a set of results to both demonstrate the strength of the system and identify recent changes in Internet traffic characteristics. The results include traffic workload, analyses of TCP flow round-trip times, out-of-sequence packet rates, and packet delay. We also show that some links no longer carry Web traffic as their dominant component to the benefit of file sharing and media streaming. On most links we monitored, TCP flows exhibit low out-of-sequence packet rates, and backbone delays are dominated by the speed of light.     

Early recognition of internet traffic based on signature inspection

The accurate and efficient classification of Internet traffic is the first and key step to accurate traffic management, network security and traffic analysis. The classic ways to identify flows is either inaccu-rate or inefficient, which are not suitable to be applied to real-time online classification. In this paper, we originally presented an early recognition method named Early Recognition Based on Deep Packet Inspec-tion (ERBDPI) based on deep packet inspection, after analyzing the distribution of payload signature be-tween packets of a flow in detail. The basic concept of ERBDPI is classifying flows based on the payload signature of their first some packets, so that we can identify traffic at the beginning of a flow connection. We compared the performance of ERBDPI with that of traditional sampling methods both synthetically and using real-world traffic traces. The result shows that ERBDPI can get a higher classification accuracy with a lower packet sampling rate, which makes it suitable to be applied to accurate real-time classification in high-speed links.     

一种面向连接的快速多维包分类算法

为进一步提高聚合位向量(ABV)算法分类数据包的速度,该文提出一种面向连接的改进ABV(IABV)算法。该算法利用同一连接包分类查找规则相对一致的特点,建立哈希表-规则库两级优化查找结构,首先通过哈希表查找包分类规则,若未命中继续从规则库中查找。利用连接时效性特点设计哈希表冲突处理机制,根据表项最近命中时间判断是否进行覆写更新,避免规则累积导致查找时间增加;其次对ABV算法各维度进行等分处理,为各等分区间建立数组索引,从而快速缩小向量查找范围,加快查找规则库速度;最后,将规则中前缀转化为范围降低辅助查找结构复杂度,以减少内存空间占用量并加快规则查找速度。实验结果表明,将规则中前缀转化为范围后能够有效提升算法性能,相同条件下IABV算法相比ABV算法时间性能有显著提高。     

基于抽样分组长度分布的加密流量应用识别

基于确定性抽样数据分组序列的位置、方向、分组长度和连续性、有序性等流统计特征和典型的分组长度统计签名,并结合带数据分组位置、方向约束和半流关联动作的提升型DPI,提出了一种基于假设检验的加密流量应用识别统计决策模型,包括分组长度统计签名决策模型和DFI决策模型,并给出了相应的分组长度统计签名匹配算法以及基于DPI和DFI混合方法的加密流量应用识别算法。实验结果表明,该方法能够成功捕获加密应用在流坐标空间中独特的统计流量行为,并同时具有极高的加密识别精确率、召回率、总体准确率和极低的加密识别误报率、总体误报率。     

Quality‐of‐Service Mechanisms for Flow‐Based Routers

In this paper, we propose quality of service mechanisms for flow‐based routers which have to handle several million flows at wire speed in high‐speed networks. Traffic management mechanisms are proposed for guaranteed traffic and non‐guaranteed traffic separately, and then the effective harmonization of the two mechanisms is introduced for real networks in which both traffic types are mixed together. A simple non‐work‐conserving fair queuing algorithm is proposed for guaranteed traffic, and an adaptive flow‐based random early drop algorithm is proposed for non‐guaranteed traffic. Based on that basic architecture, we propose a dynamic traffic identification method to dynamically prioritize traffic according to the traffic characteristics of applications. In a high‐speed router system, the dynamic traffic identification method could be a good alternative to deep packet inspection, which requires handling of the IP packet header and payload. Through numerical analysis, simulation, and a real system experiment, we demonstrate the performance of the proposed mechanisms.