Improvement Of The Algorithm For Detecting Superpoints Using VBF

The application of the Internet is more and more extensive,but network attacks are also becoming increasingly serious,such as distributed denial of service attacks and worm attacks.Therefore,it is an important and challenging task for network administrators to identify real-time network attacks.An infected host may send a large number of connection requests to different destination hosts in a short period of time.Such infected hosts are called superpoints.Detection of superpoints can be applied to traffic engineering and anomaly detection.This paper summarizes several basic algorithms for detecting superpoints.In particular,we analyze the performance of VBF and improve the algorithm for detecting superpoints based on VBF.Three improved algorithms are proposed in this paper.The first one adds IP mangling technology to VBF,promoting the accuracy of the algorithm.The second one improves the hash functions in VBF,reducing the computation complexity of the hash functions.The third one changes the filter function in VBF,reducing the space complexity of the algorithm.The three improved algorithms all contain two main modules:the online updating module and the offline processing module.IP mangling technology is added to the online updating module to make the IP distribution uniform and reduce hash conflicts.The three algorithms use different two-dimensional bit arrays to record the passing flows.In the offline processing stage,the updated two-dimensional array is used to extract the bit string with the source host information.The IP address information is restored by combining the overlapping bits,and the restored source IP is reversibly transformed by IP mangling technology.In this paper,we derive the noise value 8 generated from the restoration process.Therefore,the noise can be removed when the host cardinality is estimated.Finally,the estimated value is obtained,and the host whose estimated value is greater than the threshold is identified as a superpoint.In this paper,we use the real network traces collected in different regions in experiments.The experimental results show that the proposed algorithms can detect superpoints accurately and does not need a lot of storage space.The computation complexity of processing each packet is also low.