An Improved GIDS Packet Classification Algorithm Using the Characteristic of the Traffic

NING Zhuo; SUN Zhi-xin; GONG Jian; ZHANG Wei-wei

doi:10.3969/j.issn.0372-2112.2012.03.020

您当前的位置：

首页 >

文章列表页 >

An Improved GIDS Packet Classification Algorithm Using the Characteristic of the Traffic

更新时间：2025-07-16

- An Improved GIDS Packet Classification Algorithm Using the Characteristic of the Traffic
- Acta Electronica Sinica Vol. 40, Issue 3, Pages: 530-537(2012)
- 作者机构：
  
  1. 南京邮电大学宽带无线通信与传感网技术教育部重点实验室,江苏,南京,210003
  2. 南京大学计算机软件新技术国家重点实验室,江苏,南京,210093
  3. 东南大学计算机科学与工程学院,江苏,南京,210096
  4. 南京邮电大学宽带无线通信与传感网技术教育部重点实验室江苏南京,210003
  5. 南京大学计算机软件新技术国家重点实验室江苏南京,210093
  6. 东南大学计算机科学与工程学院江苏南京,210096
- 作者简介：
- 基金信息：
- DOI：10.3969/j.issn.0372-2112.2012.03.020
  CLC： TP393.08
- Published：2012
- 稿件说明：
移动端阅览
NING Zhuo, SUN Zhi-xin, GONG Jian, et al. An Improved GIDS Packet Classification Algorithm Using the Characteristic of the Traffic[J]. Acta Electronica Sinica, 2012, 40(3): 530-537.
DOI：

NING Zhuo, SUN Zhi-xin, GONG Jian, et al. An Improved GIDS Packet Classification Algorithm Using the Characteristic of the Traffic[J]. Acta Electronica Sinica, 2012, 40(3): 530-537. DOI： 10.3969/j.issn.0372-2112.2012.03.020.

摘要

本文结合流量的动态特征和入侵检测系统规则库的静态特征生成高性能报文分类树

提出了一个新的面向骨干网高速入侵检测的报文分类算法FlowCopySearch(FCS).改进在于:①从流量的新角度提出了最优分类树定义并引入分类域熵衡量每个分类域对于流量的分类能力;②将传统分类算法中每个报文都必须频繁执行的内存拷贝操作简化为每个流只执行一次内存拷贝操作

克服了报文分类算法的瓶颈.实验结果表明FCS更适用于骨干网大流量trace的报文分类

较之两种经典分类算法

分类速度提高了10.1%~45.1%

同时存储消耗降低了11.1%~36.6%.

Abstract

A classification algorithm FlowCopySearch (FCS) is developed that systematically profiles static intrusion signatures and network traffic to generate a high performance and memory-efficient packet classification tree.The improvements are two folds.Firstly

the best classification tree is formally defined and packet feature entropy is proposed to measure how well a packet field can partition the traffic.Secondly

FCS copies a rule set for a flow instead of traditionally copying the rule set for every packet in the flow

so the classifying speed is increased considerably.The experiment results show that in backbone trace FCS is preferred.Compared to the other two classical algorithms

FCS can not only speed up classification by as much as 10.1%~45.1% in speed

but also save memory consumption of 11.1%~36.6% at the same time.

关键词

Keywords

references

Views

下载量

CSCD

Alert me when the article has been cited

提交

Tools

Publicity Resources

A Method for Continuous Detection and Classification of Malicious Network Traffic Based on Double-Layer Model and Distribution of Indexes

Genetic Algorithms in Intrusion Detection Based on Network Anomaly

Rollbackable Automated Intrusion Response System

Detecting Masquerades in Intrusion Detection Based on Deterministic Annealing

Related Author

LU Hao-tian

DONG Yu-ning

QUAN Yu-xuan

ZHANG Feng-bin

YANG Yong-tian

JIANG Zi-yang

ZHANG Jian

GONG Jian

Related Institution

College of Telecommunications and Information Engineering, Nanjing University of Posts and Telecommunications

College of Computer Science and Technology, Harbin Engineering University

Computer and Control College,Harbin University of Science and Technology

College of Computer Science and TechnologyHarbin Engineering UniversityHarbinHeilongjiang 150001China

Computer and Control CollegeHarbin University of Science and TechnologyHarbinHeilongjiang 150080China

⁰