基于多层Sketch的SDN网络流量测量技术研究  

作　　者：杨心怡 池亚平 王志强 Yang Xinyi;Chi Yaping;Wang Zhiqiang(School of Cyberspace Security,Beijing Electronics Science&.Technology Institute,Beijing 100070;Key Laboratory of Netzwork Assessment Technology,Institute of Information Engineering,Chinese Academy of Sciences,Beijing 100093)

机构地区：[1]北京电子科技学院网络空间安全系,北京100070 [2]中国科学院信息工程研究所中国科学院网络测评技术重点实验室,北京100093

出　　处：《信息安全研究》2024年第9期840-848,共9页Journal of Information Security Research

基　　金：中央高校基本科研业务费专项资金项目(328202275)。

摘　　要：针对大流检测、突变流检测和基数估计等的网络流量测量对保障网络安全具有重要意义.但当前相关研究存在实时性不足、测量精度不高等问题.针对上述问题,设计了一种基于多层Sketch(multiple layer sketch, ML Sketch)的网络流量测量模型.首先,该模型采用自主设计的ML Sketch结构,使用分类存储结构提高了流量测量的精度.其次,在SDN(software defined network)环境下利用流量实时回放技术,模拟了流量的动态发生场景.最后,在SDN控制平面实现了对大流、突变流和基数估计类流量的实时动态检测.在UNSW-NB15上的实验结果表明,与传统Sketch结构相比,所设计的ML Sketch结构在F1_Score指标上最高提高4.81%,相关误差最高降低81.12%,验证了该模型的有效性.Network traffic measurement for large flow detection,mutation flow detection and base estimation is of great significance for ensuring network security.However,the current related research suffers from the problems of insufficient real-time performance and low measurement accuracy.In response to the above issues,this paper designs a network traffic measurement model based on Multiple Layer Sketch(ML Sketch).First,the model adopts an independently designed ML Sketch structure,which uses a categorized storage structure to improve the accuracy of traffic measurement.Second,we simulate the dynamic occurrence scenarios of traffic in SDN(Software Defined Network)environment using real-time traffic playback technology.Finally,real-time dynamic detection of large,mutating and base estimation classes of traffic is realized in the SDN control plane.The experimental results on UNSW-NB15 show that compared with the traditional Sketch structure,the ML Sketch structure designed in this paper improves the F1_Score metric by up to 4.81%and reduces the correlation error by up to 81.12%,verifying the effectiveness of the model in this paper.

关 键 词：网络测量 SDN SKETCH 流量回放 网络安全 

分 类 号：TP399[自动化与计算机技术—计算机应用技术]