Research On Network Measurement And Security Technology Based On Sketch

With the rapid development of network technology,it is particularly important to measure large-scale network traffic information quickly and accurately.However,the complex and dangerous network environment has brought great challenges to network measurement.The Sketch-based network measurement solution has the advantages of fast processing power and low resource overhead when solving some special network security problems,but its own design defects are also vulnerable to targeted attacks.For example,if low-value abnormal traffic information is passed into Sketch,the final traffic statistics data can be easily tampered with after creating a hash conflict.This problem makes it difficult to guarantee the security of network measurement.Therefore,this article is based on Sketch to study network measurement and security technology,and completes the following three tasks:First,we analyzed the hash collision characteristics of Sketch and performed security verification.Aiming at the problem of hash conflict in the hash design of Sketch data structure,this article analyzes the hash conflict characteristics in various network measurement schemes based on Sketch from the perspective of network attackers,and explores ways to attack Sketch,and Take MV-Sketch as an example to set up an experiment to observe the impact of network measurement accuracy and measurement relative error in the case of network attacks,analyze the experimental phenomenon and propose directions for enhancing the security of Sketch.Secondly,we propose a security-oriented network traffic measurement programSec Sketch.This solution is oriented to the network layer.Aiming at the problem that the current mainstream Sketch measurement technology generally lacks security considerations,with the goal of improving the security of network measurement work,the measurement system is divided into two parts,a filter module and a counting module,and the Light GBM algorithm is used to establish The anomaly detection model filters the attack traffic,combines with the zipper method to alleviate hash conflicts,and uses multiple mainstream selection algorithms to reduce measurement errors caused by hash conflicts.Comparative experiments show that Sec Sketch exhibits higher security in an abnormal network traffic environment.Finally,we propose a hash flooding attack detection scheme based on Sketch.Aiming at the extreme traffic distribution of hash flooding attacks in the application layer,this article proposes to apply the Sketch data structure to measure the traffic distribution characteristics of the target traffic passing through different hash functions,and calculate the traffic distribution difference through the Hellinger distance formula,and compare it with The theoretically calculated threshold is compared to determine whether the traffic is abnormal,which solves the problem of rapid detection of hash flooding attacks.Experiments prove that the hash flooding attack detection scheme based on Sketch has a high accuracy rate.