某高速网络流量捕获回放系统的设计与实现

发布时间：2018-05-21 05:33

本文选题：流量捕获 + 异步并行存储　；参考：《中国科学院大学（工程管理与信息技术学院）》2014年硕士论文

【摘要】：随着互联网的爆发式发展,网络与信息安全问题日益突出,全面系统的测试是保证网络安全的重要手段。但相对于互联网,网络测试技术的发展明显滞后,传统的测试方法手段单一、模式趋同、场景不够真实,很难综合评估系统的真实能力。针对传统测试方法的不足,本文提出了一种基于真实流量回放的测试方法,并设计了一套2.5G/10G网络流量捕获回放系统,本文主要工作内容如下： (1)分析了当前主流的测试手段,提出了通过回放真实流量模拟实际网络场景、对被测系统进行综合评估的测试方法。 (2)对流量回放测试需求进行了详细分析,并在此基础上设计了一套2.5G/10G网络流量捕获回放系统。 (3)为了实现2.5G/10G网络流量的线速捕获和零丢包存储,提出了一种基于循环队列缓存的异步并行捕获存储方案,并设计了一种文件矩阵存储架构,大大提高了捕获存储的性能。 (4)为了实现10TB级网络数据的快速检索,提出了一种基于哈希定位算法、Bloom Filter过滤和摘要信息索引技术的三级检索方案,有力的提升了检索效率。 (5)针对流量回放的测试需求,提出了线速、可控速率和真实速率三种流量回放方式,并设计了基于流量片段的多样化回放手段。网络流量捕获回放系统的研制将现网真实流量打造成了一种可控制、可标注、可重放的测试流量,弥补了当前测试手段不够真实的缺陷,提升了测试结果的参考价值。另外,网络流量捕获回放系统也可用于网络安全事件的分析与回溯。
[Abstract]:With the explosive development of Internet, the problem of network and information security is becoming more and more prominent. Comprehensive and systematic testing is an important means to ensure network security. However, compared with the Internet, the development of network testing technology is obviously lagging behind, the traditional testing methods are single, the patterns converge, the scene is not real enough, and it is difficult to comprehensively evaluate the real ability of the system. Aiming at the shortcomings of traditional testing methods, this paper proposes a testing method based on real traffic playback, and designs a set of 2.5G/10G network traffic capture and playback system. The main work of this paper is as follows: 1) this paper analyzes the current mainstream testing methods, and puts forward a test method of synthetically evaluating the system under test by simulating the real network scene by playing back the real traffic. 2) the requirement of flow playback test is analyzed in detail, and a set of 2.5G/10G network traffic capture and playback system is designed. In order to realize line speed capture and zero packet loss storage of 2.5G/10G network traffic, an asynchronous parallel capture storage scheme based on cyclic queue cache is proposed, and a file matrix storage architecture is designed, which greatly improves the performance of capture storage. In order to realize the fast retrieval of 10TB network data, a three-level retrieval scheme based on hashing location algorithm, bloom Filter filtering and summary information index, is proposed, which improves the retrieval efficiency. 5) according to the test requirements of flow playback, three flow playback methods, line speed, controllable rate and real rate, are proposed, and a variety of playback methods based on flow segments are designed. The development of network traffic capture and playback system makes the real traffic of the present network a kind of controllable, annotated and replayed test traffic, which makes up for the deficiency of the current testing methods and improves the reference value of the test results. In addition, the network traffic capture and playback system can also be used for network security events analysis and backtracking.
【学位授予单位】：中国科学院大学（工程管理与信息技术学院）
【学位级别】：硕士
【学位授予年份】：2014
【分类号】：TP393.08

【参考文献】