Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Restoring method for source string of enhanced multiple Hash in use for system of intrusion detection

An intrusion detection system and hashing technology, which is applied in transmission systems, digital transmission systems, electrical components, etc., can solve the problem of high computational complexity, difficulty in restoring original string information by multi-hashing methods, and non-reversible hash algorithm Good and other problems, to achieve the effect of small alarm error, high restoration accuracy, and timely response

Inactive Publication Date: 2007-12-12
SOUTHEAST UNIV
View PDF4 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0004] At the same time, there are also problems with the complexity of the hash function, but if the reversibility of the selected hash algorithm is not good, it will make it difficult for the multi-hash method to restore the information of the original string in the hash array space, or the calculated complexity too high

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Restoring method for source string of enhanced multiple Hash in use for system of intrusion detection
  • Restoring method for source string of enhanced multiple Hash in use for system of intrusion detection

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0032] An enhanced multi-hash source string restoration method for intrusion detection systems for detecting computer network monitoring and analysis:

[0033] 1. After the original message is detected by the anomaly detector, the original message is divided into a normal message and an abnormal message, the normal message is output, and the IP address of the abnormal message is used as the input for information restoration;

[0034] 2. The IP address information of the abnormal message is mapped by the hash function mapper to one of the two multi-hash method structures. If the IP address is abcd and a, b, c, and d all represent values ​​between 0 and 255, then The hash function that takes the high 16 bits of the IP address is called the first hash function, denoted as H h (a.b); The hash function taking the middle 16 bits is called the second hash function, denoted as H m (b.c); The hash function that takes the lowest 16 bits is called the third hash function, denoted as H l (c.d...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

After being tested, original messages are divided into normal and abnormal messages. Normal messages are output, and IP addresses of abnormal messages are as inputs. Information of IP addresses of abnormal messages is mapped to one of two structures of multiple Hash method. Information reduction module sends result to annunciator. The procedure includes steps: (1), sorting to find out positions of ten largest numbers; (2) arranging a table of each position of Hash function and number of counter in memory; (3) comparing two tables of Hash function; if not found or in larger difference, then returning a.b.0.0 / 16; if found, then looking up position, where there are same superposition value in the said two tables; if not found, then returning a.b.c.0 / 24; otherwise, returning a.b.c.d; repeating; resetting processed memory set, result sent to annunciator, and waiting for switching; annunciator executes operation. Advantages are: saving resources of memory and computation.

Description

Technical field [0001] The invention relates to a method for detecting computer network monitoring and analysis, in particular to an enhanced multi-hash source string restoration method for an intrusion detection system. Background technique [0002] As early as 1970, Bloom proposed a filter method based on multi-hash function mapping to compress the parameter space and realize fast parameter search and judgment. Its original purpose was spell checking. Later, this method has been widely used in other fields of computer, such as string matching [2], distributed collaboration [3], database field [4, 5], routing lookup [6], etc. Because string comparison is used in many places in the network, Bloom Filter (multi-hash method) has become a popular tool in network research recently. In network sampling [7], sampling restoration [8], flow distribution estimation [9] It has a wide range of applications. [0003] However, the assumptions of the multi-hash method for the hash function are...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Patents(China)
IPC IPC(8): H04L12/24H04L12/26
Inventor 龚俭彭艳兵
Owner SOUTHEAST UNIV
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com