高速网络环境下DPI系统的防噪技术研究

发布时间：2018-06-28 01:23

本文选题：防噪技术 + 局部过载　；参考：《北京邮电大学》2014年硕士论文

【摘要】：以互联网为代表的信息革命极大地改变了人们的生产生活方式,成为推动经济发展和社会进步的重要因素。但与此同时,互联网安全问题日益严重,不良信息隐藏在正常信息下暗流涌动,个人信息泄露、网银失窃等安全事件频繁发生。深度包检测技术在阻止有害信息传播、预防信息泄露等方面发挥了重要作用,被广泛地应用于网络入侵检测和防护中。然而,随着网络带宽的增长和特征库的膨胀,现有的深度包检测系统出现性能瓶颈。研究表明,深度包检测系统的资源与时间主要耗费在模式匹配上,而广域网中有大量数据包不需要进行模式匹配,对深度包检测系统来说属于噪声,减少噪声可以提高系统性能和检测效果。因此,本文主要研究深度包检测系统的防噪技术。本文以基于多核并行处理架构的深度包检测系统为研究对象,研究了深度包检测系统噪声流量的分类问题,根据TCP/IP协议模型将噪声流量分为三类：网络层噪声、传输层噪声和应用层噪声,并分析了它们对深度包检测系统的危害。网络层噪声影响系统的流量分发阶段,引发局部过载问题,传输层噪声对流量还原阶段的连接管理有严重地破坏作用,造成连接爆炸问题,应用层噪声对深度包检测系统的影响较小。根据危害的大小,本文对网络层噪声和传输层噪声的防范技术进行了深入地研究,针对网络层噪声提出了一种基于过滤的自反馈流量分发策略,针对传输层噪声设计了三级连接表,并提出了一种新的混合连接管理策略。最后对防噪方案进行测试,测试结果表明：本文所提方法能够有效地过滤网络层和传输层噪声流量,增强了系统的健壮性,系统性能也有所提升。
[Abstract]:The information revolution represented by the Internet has greatly changed people's way of production and life and become an important factor to promote economic development and social progress. But at the same time, the Internet security problem is becoming more and more serious, bad information hidden under the normal information flow, personal information leakage, network theft and other security incidents occur frequently. Depth packet detection plays an important role in preventing harmful information from spreading and information leakage. It is widely used in network intrusion detection and protection. However, with the increase of network bandwidth and the expansion of signature library, the existing depth packet detection system has a performance bottleneck. The research shows that the resources and time of the depth packet detection system are mainly consumed in pattern matching, and a large number of data packets in WAN do not need pattern matching, which is noise to the depth packet detection system. Noise reduction can improve system performance and detection effect. Therefore, this paper mainly studies the noise control technology of depth packet detection system. In this paper, the noise flow classification problem of the depth packet detection system based on the multi-core parallel processing architecture is studied. According to the TCP / IP protocol model, the noise flow is divided into three categories: network layer noise. Transmission layer noise and application layer noise are analyzed and their harm to depth packet detection system is analyzed. The network layer noise affects the flow distribution phase of the system, causing the problem of local overload. The transmission layer noise has a serious damage to the connection management in the traffic reduction stage, resulting in the connection explosion problem. Application layer noise has little effect on depth packet detection system. According to the magnitude of the harm, this paper makes a deep research on the prevention technology of network layer noise and transmission layer noise, and puts forward a self-feedback flow distribution strategy based on filtering for network layer noise. A three-level join table is designed for transport layer noise, and a new hybrid join management strategy is proposed. Finally, the noise control scheme is tested. The test results show that the proposed method can effectively filter the network layer and transport layer noise flow, enhance the robustness of the system, and improve the performance of the system.
【学位授予单位】：北京邮电大学
【学位级别】：硕士
【学位授予年份】：2014
【分类号】：TP393.08

【参考文献】