Super Host Identification And Network Host Trust Evaluation Based On Memory Efficient Sketch

The rapid development of the Internet not only brings convenience to people,but also brings many security threats and challenges.Network traffic measurement can accurately analyze the security of the network by collecting and analyzing the statistical characteristics of network traffic.Host cardinality estimation is an important task in network traffic measurement,which can be used to identify super hosts.Super host refers to a host that exhibits anomalies in host cardinality.For example,a super spreader(super receiver)has a high destination cardinality(source cardinality)and a super changer has abnormal cardinality changes in adjacent measurement periods.Therefore,accurate host cardinality estimation can measure the trust degree of the network and help build a trusted network.If the host cardinality is abnormal,it indicates that the trust degree of the host is low.Sketch is a hash-based probabilistic data structure,which can accurately estimate the host cardinality when consuming less memory resources.It is widely used in super host identification.Sketch can not only consume less memory resources,but also provide more accurate host cardinality estimation.However,the expanding network scale and increasing link rate lead to the problems of efficiency and accuracy in Sketch-based super host identification.For example,the unbalanced distribution of host cardinality in the real network environment leads to a serious waste of memory usage in Sketch,and the storage of massive network traffic data makes the super host tracing inefficient.In order to solve the above problems,this thesis proposes a novel memory efficient and reversible sketch,called Extended Sketch+.This Sketch uses extensible counters to record the host cardinality,ensuring that the counters with small size are used to monitor low-cardinality hosts.When monitoring high-cardinality hosts,dynamic counters that can expand the upper bound of cardinality estimation are used.Therefore,Extended Sketch+ can provide both high memory efficiency and accurate host cardinality estimation.In addition,Extended Sketch+also supports the merge operation,allowing distributed deployment of measurement nodes to achieve super host identification in a large-scale network.Based on Extended Sketch+,this thesis proposes an accurate and fast super host identification method,and Extended Sketch+ can quickly trace the source of super host.Based on the above work,this thesis also proposes a network host trust evaluation method based on Extended Sketch+,which realizes the accurate evaluation of host trust degree.This thesis tests and evaluates the performance of the proposed schemes on the real network traffic data sets.The experimental results show that Extended Sketch+ is superior to the existing related work in accuracy and efficiency.The network host trust evaluation based on Extended Sketch+ can provide accurate host trust evaluation.