网络流量监控系统关键模块的设计与实现
发布时间:2018-08-31 08:30
【摘要】:随着社会生活的不断网络化,网络应用从基于客户端/服务器(C/S)和浏览器/服务器(B/s)结构的传统业务逐渐转向基于对等网络P2P结构的网络应用。大量基于P2P网络结构的P2P流量给互联网环境带来了诸多问题,如网络流量激增造成带宽拥挤和网络信息良莠不齐等。研究管理和控制P2P流量对避免网络拥堵、限制非法流量和净化网络环境等具有非常重要的现实意义。本文围绕网络管理和控制的关键技术问题:网络流量检测技术和模式匹配算法展开深入研究,建立了流量监控系统的协议特征库,并设计实现了流量检测模块和特征库维护模块。本文的主要工作体现在以下几个方面: 1、重点研究了深度包检测DPI、深度流检测DFI和深层解析关联匹配三种流量检测技术。用该三种流量检测技术提取了三十种网络应用(包括QQ、优酷和迅雷等)的协议特征,并建立相应的协议特征库。 2、设计并实现了流量监控系统中的流量检测模块。提出对网络电话VoIP流量采用深层解析关联匹配方法检测。采用AC BM字符串匹配算法将未知流量与协议特征库匹配,实现对未知流量分类。 3、设计并实现了流量监控系统中的特征库维护模块。该模块用于检测并记录网络应用版本是否升级,其检测结果结合现网流量变化为是否刷新特征库提供依据。 4、在协议特征库、流量检测模块和特征库维护模块功能测试成功的基础上进行流量监控系统整体测试,结果表明该流量监控系统具有较高的流量分类准确率和较好的流量控制能力。
[Abstract]:With the continuous networking of social life, network applications have gradually changed from traditional services based on client / server (C / S) and browser / server (B / S) structures to P2P applications based on peer-to-peer networks. A large number of P2P traffic based on P2P network structure has brought many problems to the Internet environment, such as the congestion of bandwidth caused by the surge of network traffic and the intermingling of network information and so on. It is very important to study the management and control of P2P traffic in order to avoid network congestion, limit illegal traffic and purify network environment. This paper focuses on the key technical problems of network management and control: network traffic detection technology and pattern matching algorithm, and establishes the protocol signature database of traffic monitoring system. And designed and implemented the flow detection module and feature database maintenance module. The main work of this paper is as follows: 1. Three flow detection techniques, depth packet detection (DPI,) and deep correlation matching (DFI), are studied in detail. The protocol features of 30 network applications (including QQ, Youku and Thunder) are extracted by these three traffic detection techniques, and the corresponding protocol signature library is established. 2. The flow detection module in the flow monitoring system is designed and implemented. In this paper, the deep analytic association matching method is used to detect the VoIP traffic of network telephone. AC BM string matching algorithm is used to match unknown traffic and protocol signature database. 3. 3. The feature database maintenance module in traffic monitoring system is designed and implemented. The module is used to detect and record whether the network application version is upgraded or not, and its detection results combined with the current network traffic changes to provide a basis for whether to refresh the signature library. On the basis of the successful function testing of the flow detection module and the feature database maintenance module, the overall flow monitoring system is tested. The results show that the flow monitoring system has higher flow classification accuracy and better flow control ability.
【学位授予单位】:西北大学
【学位级别】:硕士
【学位授予年份】:2014
【分类号】:TP393.06
本文编号:2214452
[Abstract]:With the continuous networking of social life, network applications have gradually changed from traditional services based on client / server (C / S) and browser / server (B / S) structures to P2P applications based on peer-to-peer networks. A large number of P2P traffic based on P2P network structure has brought many problems to the Internet environment, such as the congestion of bandwidth caused by the surge of network traffic and the intermingling of network information and so on. It is very important to study the management and control of P2P traffic in order to avoid network congestion, limit illegal traffic and purify network environment. This paper focuses on the key technical problems of network management and control: network traffic detection technology and pattern matching algorithm, and establishes the protocol signature database of traffic monitoring system. And designed and implemented the flow detection module and feature database maintenance module. The main work of this paper is as follows: 1. Three flow detection techniques, depth packet detection (DPI,) and deep correlation matching (DFI), are studied in detail. The protocol features of 30 network applications (including QQ, Youku and Thunder) are extracted by these three traffic detection techniques, and the corresponding protocol signature library is established. 2. The flow detection module in the flow monitoring system is designed and implemented. In this paper, the deep analytic association matching method is used to detect the VoIP traffic of network telephone. AC BM string matching algorithm is used to match unknown traffic and protocol signature database. 3. 3. The feature database maintenance module in traffic monitoring system is designed and implemented. The module is used to detect and record whether the network application version is upgraded or not, and its detection results combined with the current network traffic changes to provide a basis for whether to refresh the signature library. On the basis of the successful function testing of the flow detection module and the feature database maintenance module, the overall flow monitoring system is tested. The results show that the flow monitoring system has higher flow classification accuracy and better flow control ability.
【学位授予单位】:西北大学
【学位级别】:硕士
【学位授予年份】:2014
【分类号】:TP393.06
【参考文献】
相关期刊论文 前10条
1 胡军伟;秦奕青;张伟;;正则表达式在Web信息抽取中的应用[J];北京信息科技大学学报(自然科学版);2011年06期
2 冯军;;在LINUX环境下使用Tcpdump进行数据包捕获与分析[J];电脑知识与技术;2009年30期
3 刘三民;孙知信;;P2P流量识别技术综述[J];计算机科学;2011年10期
4 杨虎;张大方;谢鲲;雷渊明;何施茗;;Netfilter/Iptables框架下基于TCP滑动窗口的串行流量控制算法[J];计算机工程与科学;2009年10期
5 张艺濒;张志斌;赵咏;郭莉;;TCP与UDP网络流量对比分析研究[J];计算机应用研究;2010年06期
6 潘文婵;章韵;;Wireshark在TCP/IP网络协议教学中的应用[J];计算机教育;2010年06期
7 田桂花;董红英;;ADSL技术浅析[J];价值工程;2010年22期
8 韩光辉;曾诚;;BM算法中函数shift的研究[J];计算机应用;2013年08期
9 王超;赵文杰;;IP骨干网络流量控制系统分析及方案部署[J];山东科技大学学报(自然科学版);2009年02期
10 郭朝鑫;;SIP电话的NAT穿越技术研究[J];通信技术;2011年12期
,本文编号:2214452
本文链接:https://www.wllwen.com/guanlilunwen/ydhl/2214452.html
