基于指纹特征哈希函数及冲突处理研究
发布时间:2018-08-16 09:58
【摘要】:随着互联网的飞速发展,以及云技术和大数据在这几年被越来越多的大公司所关注,人们开始享受这些新兴技术带来的便捷的同时也遭受着无孔不入的网络入侵行为。网络安全已经成为关乎你我彼此切身利益的重要课题。Snort凭借着其C语言特性,轻量级,开源等特性,被越来越多的人所使用。如何更好的组织Snort指纹规则库,是开发者所关注的焦点。而如何更快的发现网络入侵行为,则是用户所关心的问题。尤其是应用于终端,其数据包的匹配速度决定了其性能优劣,成为了其成败的关键。由于本框架是基于硬件实现的,所以对匹配速率以及存储空间提出了更高的要求,本文的工作重点为在不影响匹配速率以及命中率的情况下如何获取更低的冲突率。针对该问题,本文的工作主要如下:本框架对冲突率以及哈希表的空间大小有着极其严格的要求,并且所需映射的数据集是动态的,加之考虑到原有哈希函数的不足,本文设计出一种新的哈希函数。针对不同的数据集,该函数会以数字统计法对数据进行预处理,同时该哈希函数映射后的空间也将保持在较小空间。从经典哈希函数获得启发,该函数在设计的过程中充分考虑到稳定性问题,是一个好的哈希函数。本框架原有的冲突处理是针对特定的数据集,虽然获得了较低的冲突率,但却是在牺牲数据包的命中率的前提下达成的,而且其方法本身采用的是一种试探性的方法,稳定性较差。本文从冲突的本质出发,考虑如何从根源上杜绝冲突的产生,从而设计出了一个新的冲突处理方法。同时该方法采用二级哈希的结构,降低了DFA与指纹特征之间的耦合度,从而进一步降低冲突率。最后实验结果证明,在不影响命中率的情况下,新的哈希函数以及冲突处理方法可以将冲突率降低到1.72‰。
[Abstract]:With the rapid development of the Internet, cloud technology and big data have attracted more and more attention in recent years, people begin to enjoy the convenience brought by these new technologies, but also suffer from all-pervasive network intrusion behavior. Network security has become an important issue related to our mutual interests. Snort has been used by more and more people by virtue of its C language features, lightweight, open source and so on. How to better organize Snort fingerprint rule base is the focus of developers. However, how to find network intrusion more quickly is the concern of users. Especially in the terminal, the matching speed of its data packet determines its performance and becomes the key to its success or failure. Since the framework is based on hardware implementation, the matching rate and storage space are required to be higher. The focus of this paper is how to obtain lower collision rate without affecting the matching rate and hit rate. To solve this problem, the main work of this paper is as follows: this framework has very strict requirements for collision rate and space size of hash table, and the data set of the required mapping is dynamic, and considering the shortcomings of the original hash function, In this paper, a new hash function is designed. For different data sets, the function preprocesses the data by digital statistics, and the space mapped by the hash function will be kept in a smaller space. Inspired by the classical hash function, this function is a good hash function, which fully considers the stability problem in the design process. The original conflict treatment of this framework is aimed at a specific data set. Although it obtains a low collision rate, it is achieved at the expense of the hit rate of the packet, and the method itself adopts a tentative method. The stability is poor. Starting from the essence of conflict, this paper considers how to eliminate the conflict from its origin, and designs a new method to deal with the conflict. At the same time, the two-level hash structure is used to reduce the coupling degree between DFA and fingerprint features, thus further reducing the collision rate. The experimental results show that the collision rate can be reduced to 1.72 鈥,
本文编号:2185642
[Abstract]:With the rapid development of the Internet, cloud technology and big data have attracted more and more attention in recent years, people begin to enjoy the convenience brought by these new technologies, but also suffer from all-pervasive network intrusion behavior. Network security has become an important issue related to our mutual interests. Snort has been used by more and more people by virtue of its C language features, lightweight, open source and so on. How to better organize Snort fingerprint rule base is the focus of developers. However, how to find network intrusion more quickly is the concern of users. Especially in the terminal, the matching speed of its data packet determines its performance and becomes the key to its success or failure. Since the framework is based on hardware implementation, the matching rate and storage space are required to be higher. The focus of this paper is how to obtain lower collision rate without affecting the matching rate and hit rate. To solve this problem, the main work of this paper is as follows: this framework has very strict requirements for collision rate and space size of hash table, and the data set of the required mapping is dynamic, and considering the shortcomings of the original hash function, In this paper, a new hash function is designed. For different data sets, the function preprocesses the data by digital statistics, and the space mapped by the hash function will be kept in a smaller space. Inspired by the classical hash function, this function is a good hash function, which fully considers the stability problem in the design process. The original conflict treatment of this framework is aimed at a specific data set. Although it obtains a low collision rate, it is achieved at the expense of the hit rate of the packet, and the method itself adopts a tentative method. The stability is poor. Starting from the essence of conflict, this paper considers how to eliminate the conflict from its origin, and designs a new method to deal with the conflict. At the same time, the two-level hash structure is used to reduce the coupling degree between DFA and fingerprint features, thus further reducing the collision rate. The experimental results show that the collision rate can be reduced to 1.72 鈥,
本文编号:2185642
本文链接:https://www.wllwen.com/guanlilunwen/ydhl/2185642.html
