针对目前用于IP路由查找的地址缓存技术和前缀缓存技术的局限性,分析了骨干网路由表前缀重叠特征,提出了一种基于阈值的IP路由缓存方法,该方法结合了地址缓存和前缀缓存技术,无需进行前缀扩展,克服了地址缓存技术缓存空间要求过大、前缀缓存技术无法缓存内部前缀节点的问题,在缓存空间、缓存命中率、缓存公平性以及路由增量更新方面具有优势;仿真实验表明对于路由条目超过260000的路由表,缓存空间大小为30000,选择阈值K=4时97%以上的节点可实现1∶1缓存,其余节点采用地址缓存,缓存失效率小于0.02,可以用小的缓存空间实现高速线速转发.%There is a variety of self-organization phenomena emerging in complex networks. These phenomena bring enlightenment to the method of network vulnerability mining and the technology of network self-propelled immunization. A complete process of immunity resource deployment can be divided into four stages: information gathering, scanning, bug fixing and self-propulsion. The result of empirical analysis on the vulnerability distribution demonstrates that the distribution of vulnerable hosts obey the power law. It implies that blindfold scanning wastes many resources on invulnerable or inexistent hosts and a more effective immunization strategy should take advantage of this high non-uniformity of network vulnerability distribution. Good results can be achieved by static preference scan at the beginning of immunity resource spread. However, the effectiveness can not be persistent throughout the entire immunization process. On this basis, a novel network immunization self-propelled strategy is proposed, which is based on dynamic preference scan. This strategy can identify vulnerable hosts efficiently by a dynamic and adaptive preference scan method, and then fix and immunize these vulnerable hosts. This paper focuses on how to control this dynamic preference scan process. The analysis of modeling and computer simulation show that our strategy can restrain hazard spread efficiently and improve network security.
展开▼