A single-packet traceability method based on the importance assessment of trace traces

An important and traceable technology, applied in digital transmission systems, data exchange networks, electrical components, etc., can solve the problems of reducing traceability storage costs, reducing traceability accuracy, and severe traceability storage

Active Publication Date: 2018-10-02
NORTHEASTERN UNIV
View PDF5 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

Although researchers have used some compression tools with high space usage (such as Bloom filter) or packet marking technology to store trace traces, thereby reducing the storage overhead of traceability, these technologies only reduce the unit storage of trace traces. The capacity does not change the proportional relationship between storage and packet forwarding, so the problem of traceable storage is still severe
[0006] 2) They usually use a centralized method to manage traces, so that the traceability router can only serially process the arriving data packets
For example, a router usually only needs to perform IP packet decapsulation and encapsulation operations, but the traceability router also needs to perform operations such as packet recording and packet marking in addition to the two operations. In the NE5000E router, the average processing time of IP packets is about 0.06ns. When After it is upgraded to a traceable router, the IP packet processing time will definitely exceed 0.06ns, resulting in a decrease in network transmission performance
[0007] 3) They did not distinguish the importance of different traces on the same traceability router, and tried to treat all traces through indiscriminate management, resulting in a limited number of storage resources on the router, most of which may be allocated to users. To establish the traces of the normal path, but the traces of the attack path can only overlap each other due to insufficient resources, which destroys the unique identification of the traces and reduces the traceability accuracy
For example, before recording attack traces, traceability routers are often busy with establishing normal traces for a long period of time, which consumes a lot of storage resources and results in inefficient resource utilization

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • A single-packet traceability method based on the importance assessment of trace traces
  • A single-packet traceability method based on the importance assessment of trace traces
  • A single-packet traceability method based on the importance assessment of trace traces

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0063] Embodiment 1 of the present invention: a single-package traceability method based on the importance assessment of trace traces, such as Figure 1 ~ Figure 3 shown, including the following steps:

[0064] S1. Divide the storage space of the traceability router into two types: GHOST and REAL. Among them, the storage time of tracking traces in REAL is longer than that in GHOST;

[0065] S2. When the IP packet propagates in the network, the traceability router establishes the tracking trace of the IP packet, and at the same time calculates the moving average prediction value S of the importance of the trace trace corresponding to the IP packet; if S is greater than the threshold value, the tracking trace of the IP packet The trace is raised from GHOST to REAL; if S is less than the threshold, the trace of the IP packet will be lowered from REAL to GHOST; when the memory of the traceability router is insufficient, select the trace corresponding to the minimum value of S in G...

Embodiment 2

[0089] Embodiment 2: A single package traceability method based on the importance assessment of trace traces, comprising the following steps:

[0090] S1. Divide the storage space of the traceability router into two types: GHOST and REAL. Among them, the storage time of tracking traces in REAL is longer than that in GHOST;

[0091]S2. When the IP packet propagates in the network, the traceability router establishes the tracking trace of the IP packet, and at the same time calculates the moving average prediction value S of the importance of the trace trace corresponding to the IP packet; if S is greater than the threshold value, the tracking trace of the IP packet The trace is raised from GHOST to REAL; if S is less than the threshold, the trace of the IP packet will be lowered from REAL to GHOST; when the memory of the traceability router is insufficient, select the trace corresponding to the minimum value of S in GHOST to delete;

[0092] S3. After a network attack occurs, t...

Embodiment 3

[0097] Embodiment 3: a single package traceability method based on the evaluation of the importance of trace traces, comprising the following steps:

[0098] S1. Divide the storage space of the traceability router into two types: GHOST and REAL. Among them, the storage time of tracking traces in REAL is longer than that in GHOST;

[0099] S2. When the IP packet propagates in the network, the traceability router establishes the tracking trace of the IP packet, and at the same time calculates the moving average prediction value S of the importance of the trace trace corresponding to the IP packet; if S is greater than the threshold value, the tracking trace of the IP packet The trace is raised from GHOST to REAL; if S is less than the threshold, the trace of the IP packet will be lowered from REAL to GHOST; when the source tracing router has insufficient memory, select the trace corresponding to the minimum value of S in GHOST to delete; The router uses an irregular pipeline to ...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses a single-package traceability method based on the evaluation of the importance of trace traces, which includes the following steps: S1, dividing the storage space of trace routers into two types: GHOST and REAL, wherein the storage time of trace traces in REAL is longer than that of GHOST; S2. When the IP packet propagates in the network, the traceability router establishes the tracking trace of the IP packet, and at the same time calculates the moving average prediction value S of the importance of the trace trace corresponding to the IP packet; if S is greater than the threshold value, the tracking trace of the IP packet The trace is raised from GHOST to REAL; if S is less than the threshold, the trace of the IP packet will be lowered from REAL to GHOST; when the memory of the traceability router is insufficient, select the trace corresponding to the minimum value of S in GHOST to delete; S3, a network After the attack, the victim sends a trace request, and the trace manager reconstructs the attack path based on the trace trace. The invention adopts two ways of delay and time to manage the attack traces and normal traces, which improves the storage utilization rate and reduces the problem of traceability accuracy caused by insufficient resources.

Description

technical field [0001] The invention relates to a single packet traceability method based on the importance evaluation of trace traces, and belongs to the technical field of anonymous packet traceability in IP networks. Background technique [0002] Denial-of-Service (DoS for short) attacks have occurred at the beginning of the rise of the Internet, and in just a few years it has rapidly become the most important security threat hindering the development of the Internet. In recent years, with the continuous upgrading of hacking techniques, DoS attacks are undergoing a revolution. In 2013, Radware, the world's top provider of network security and management solutions, pointed out in a report that DoS attacks are gradually evolving into an advanced persistent penetration attack, and the most fundamental reason for this change is "hybrid denial of service attacks (i.e. MDos)" appears. Different from traditional DoS attacks, MDoS is an intelligent attack. Its "intelligence" is...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Patents(China)
IPC IPC(8): H04L29/06H04L12/741H04L12/723H04L45/50H04L45/74
CPCH04L45/50H04L45/74H04L63/1458H04L2463/143H04L2463/146
Inventor 鲁宁韩潇潇
Owner NORTHEASTERN UNIV
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap