基于特征库识别的流量监控系统的设计与实现

发布时间：2018-05-04 14:17

本文选题：流量识别 + 流量控制　；参考：《山东大学》2014年硕士论文

【摘要】：随着互联网技术的高速发展,网络应用日趋丰富,网络流量呈现爆炸式增长,流量种类也越来越复杂,随之而来的是层出不穷的各种网络问题,例如P2P下载类应用消耗大量带宽,造成网络拥塞,影响其他用户的网络体验。这些问题不利于网络监管者提供优质平等的网络服务。而能正确地识别辨析出各类网络流量,并对流量进行有效控制是管理网络的基础。对此,本文设计并实现了一种基于特征库识别的流量监控系统。通过该系统,网络监管者可以实时监测流量,并能根据需要对网络流量进行有效的控制。首先本文研究了当前广泛使用的四种流量识别技术。它们分别为：基于端口的流量识别技术、基于负载特征的流量识别技术、基于应用层网关的流量识别技术以及基于流量统计特征的识别技术。这四种技术各有优缺点,分别针对某类流量有着较好的识别性能,但是单一使用某种识别技术已经无法满足精确识别日趋丰富复杂的网络应用的需求。因此本文借鉴参考前文所述的四种识别思想,对其综合利用设计出了一种基于特征库的流量识别技术。特征库是一系列识别规则的合集,为流量识别提供匹配模板。特征库流量识别技术即是指一种依靠特征库中的规则来识别流量的技术。本文以实际应用举例,分别详细介绍了特征库中三种不同类型规则的设计思路与规则构成：单包规则、双通道规则、统计规则。随后详细描述了特征库流量识别技术通过AC算法匹配特征库规则,精准识别网络流量的具体识别流程。然后本文以特征库流量识别技术为核心,设计了一个完整的流量监控系统。它包括特征库流量识别模块,流量预处理模块,DB模块,前台管理模块,输出显示模块,流量控制模块等六大功能单元。用户可以通过该系统方便地实时查询流量识别结果,以及流量统计识别信息,及时掌握网络运行状态,并且可以通过下发策略阻断或者放行某应用,从而有效地管理控制网络流量。最后本文针对不同的实际应用环境,设计了两种系统部署方式：直路串联部署方式与旁路并联部署方式。并且按照直路串联部署方式实际部署流量监控系统用于测试验证。测试结果证明本文设计的基于特征库识别的流量监控系统有着良好的流量识别性能与流量控制性能。
[Abstract]:With the rapid development of Internet technology, network applications are becoming more and more abundant, network traffic is increasing explosively, traffic types are becoming more and more complex, followed by various network problems. For example, P2P download applications consume a lot of bandwidth, causing network congestion and affecting other users' network experience. These problems are not conducive to network regulators to provide quality and equal network services. The basis of network management is to identify and analyze all kinds of network traffic correctly and to control the traffic effectively. Therefore, this paper designs and implements a flow monitoring system based on signature database identification. Through this system, the network supervisor can monitor the traffic in real time and control the network traffic according to the need. Firstly, four widely used traffic identification techniques are studied in this paper. They are: traffic identification technology based on port, traffic identification technology based on load feature, traffic identification technology based on application layer gateway and identification technology based on traffic statistics. Each of the four technologies has its own advantages and disadvantages, and it has better identification performance for certain traffic, but the single use of some identification technology can no longer meet the needs of accurate identification of increasingly complex network applications. Therefore, this paper uses the four recognition ideas mentioned above for reference, and designs a new flow recognition technology based on the feature library for its comprehensive utilization. The feature library is a set of recognition rules that provide matching templates for traffic identification. The characteristic database flow identification technology is a kind of technology which relies on the rules in the signature bank to identify the flow. This paper introduces in detail the design ideas and rules constitution of three different types of rules in the feature library: single package rule, double channel rule and statistical rule. Then it describes in detail the specific identification flow of network traffic recognition using AC algorithm to match the feature library rules. Then, a complete flow monitoring system is designed based on the characteristic database flow identification technology. It includes six functional units, such as characteristic database flow identification module, traffic preprocessing module, foreground management module, output display module, flow control module, and so on. Through the system, users can conveniently query the result of traffic identification in real time, as well as traffic statistics identification information, grasp the running state of the network in time, and can block or release an application by sending down policies. In order to effectively manage and control the network flow. Finally, this paper designs two kinds of system deployment modes: direct series deployment and bypass parallel deployment. And the actual deployment of the flow monitoring system is used for testing and verification according to the direct series deployment mode. The test results show that the flow monitoring system designed in this paper has good traffic identification performance and flow control performance.
【学位授予单位】：山东大学
【学位级别】：硕士
【学位授予年份】：2014
【分类号】：TP393.06

【参考文献】