Algorithm For Detecting Superpoints Based On OHCBF-Trap Structure

Superpoints are the hosts which connect a large number of different source hosts or destination hosts in a measurement period.Detection of superpoints is significant for network security and management.There are many security events in network,such as DDoS,worm virus,and port scanning which have the similar character of superpoints.For standard Bloom Filters,that simple hash functions are used induces the problem of the large computational overhead and poor uniformity.In this paper,we propose an improved filter OHCBF,which has a low computational overhead for hash functions.Only a basic hash function and several simple operations of the OHCBF are required to implement the functionality of the standard Bloom Filter such that the computational overhead is significantly reduced when performing hash maps.Moreover,we analyze existing algorithms for detecting superpoints and find that they have the problems of requiring large memory consumption and achieving low measurement accuracy.To solve those problems,we propose a new algorithm for detecting superpoints,which is based on OHCBF-Trap structure.In this algorithm,the Snare algorithm is improved and a new data structure Trap is proposed.Besides,OHCBF and Trap are combined to detect superpoints.Since in OHCBF only new flow is allowed to enter the storage structure Trap,the computational overhead of the system is effectively reduced.Meanwhile,the number of stored packets in Snare is replaced by the number of stored flows in the storage structure Trap,eliminating the process of estimating the number of flows by the number of packets,and reducing the computational overhead of the system.Finally,the theoretical analysis of the proposed algorithm for detecting superpoints is carried out.In order to make the experimental data more representative,this paper uses the real network trace collected in different regions to experiments.The experimental results show that the proposed algorithm for detecting superpoints based on OHCBF-Trap structure can detect superpoints accurately.Compared with the experimental results of other algorithms,the proposed algorithm has advantages in terms of memory consumption and the accuracy of detection.