| ¡¡ | Chinese Journal of Computers Full Text |
| Title | The Calculation of Networking Security Event in the Natural Colored Information Reconstruction Process |
| Authors | SUN Mei-Feng1),3) PENG Yan-Bing2) GONG Jian1) YANG Wang1) |
| Address | 1)(Key Laboratory of Networking of Jiangsu Province, School of Computer Science and Engineering, Southeast University, Nanjing 210096) 2)(Fiberhome Telecommunication Tech Co. Ltd, Nanjing 210001) 3)(Department of Computer Science and Engineering, Technology Institute, Yangzhou University, Yangzhou, Jiangshu 225009) |
| Year | 2007 |
| Issue | No.10(1787¡ª1797) |
| Abstract & Background | Abstract The natural coloring process builds the coloring relationship among different hash functions by the overlapped Short Bit String Mappings, which can be used to determine whether two hash strings are from the same original string. The aggregation relationship and coloring relationship are analyzed from the view point of Quotient set mapping, it suggests that combined with inner balance of Hash functions, the natural coloring process can disclose more bits of original string in the multi Hash aggregation, in the meanwhile the quantity balance of TCP packets is kept. This character of the natural coloring process can be used to detect the IP address(es) and/or port information of victims and/or attackers of TCP macroscopical abnormal behavior such as DDoS, internet worm etc., the conclusion is validated by the results of two experiments in the real traces. So the natural coloring process extends the application field of quantity balance of TCP packets greatly in networking security event distribution calculation/monitoring fields. keywords Hash aggregation; quotient set mapping; natural coloring; macroscopical TCP quantity balance; security event distribution computing background The project 2003CB314804 studies the dynamic behavior in the backbone network. It is a subproject of the National Basic Research Program (also called 973 Program) 2003CB314800 which focuses on the theory for the new generation architecture of Internet. By the network measuring, the authors are involved in disclosing the theory basement of network behavior and expanding its application in the networking security and behavior monitoring. The measuring and metrics¡¯ definition and application are the major directions of the research group, e.g. Reconstructing the Parameter for Massive Abnormal TCP Connections with Bloom Filter by Gong Jian, Peng Yan-Bing, et. al. published by Chinese Journal of Software, Vol. 17 No. 3; Element Recovery from Counting Bloom Filters¡¯Hash Space by PENG Yan-Bing, GONG Jian, et al. by ACTA ELECTRONICA SINICA., Vol. 34 No. 5; Macroscopical Amounts¡¯ Balance of TCP Packets, Gong Jian, Peng Yan-Bing, et al. published by Chinese Journal of Computers. 2006 Vol. 29 No. 9, special issues in trusted computation. This paper is a theoretical basical analysis of the network packet amount balance of TCP flows, which can determine the abnormal TCP behavior in the high-speeded backbone by acceptable resource. |