基于NDIS中间层驱动网络监测系统的研究与设计
发布时间:2018-10-23 20:13
【摘要】:随着计算机网络的普及和发展,网络技术越来越成熟,网络已经成为日常生活不可或缺的一部分。因此,网络安全监控与管理就显得特别重要。为了确保网络的安全与可靠,尤其是在超大流量网络环境下,提高网络监控与管理的效率和准确性,具有十分重要的意义。 在网络规模日益扩大、数据流量不断增加的情况下,基于应用层的封包截获与分析常常会出现丢包漏包的现象,而且不能与64位操作系统兼容,因此无法满足网络安全管理与监控的要求。 本文研究并设计出一种基于NDIS中间层驱动的网络监测系统,该系统在Windows平台下,采用基于链路层的封包截获方法,,对中间层驱动框架Passthru进行扩展,来抓取数据包。在Windows内核层利用共享内存的方法,和本文设计的数据结构将数据包批量传输到应用层进行处理,以减少数据的拷贝次数和传输时间,从而提高数据包抓取的效率;应用层利用多核多线程技术和MongoDB数据库进行数据的高速存储,有效减少了数据包分析过程中的丢包率。另外,本文还设计了HTTP数据包重组算法,将网络分包进行重组与分析,通过还原数据包的完整信息,来增加网络监控系统的监管范围。 为了验证本文所设计的系统和算法的有效性,本文通过自行组建的具有一定规模的网络进行了测试,实验结果表明:本文所设计的系统较传统的网络封包截获与分析系统,在效率上有了较明显的提高,与此同时,系统也提高了数据包重组的准确度。
[Abstract]:With the popularization and development of computer network, network technology is more and more mature, network has become an indispensable part of daily life. Therefore, network security monitoring and management is particularly important. In order to ensure the security and reliability of the network, especially in the environment of large traffic network, it is of great significance to improve the efficiency and accuracy of network monitoring and management. With the increasing scale of network and increasing data flow, packet interception and analysis based on application layer often occur the phenomenon of packet missing, and it can not be compatible with 64-bit operating system. Therefore, it can not meet the requirements of network security management and monitoring. This paper studies and designs a kind of network monitoring system based on NDIS intermediate layer driver. Under the Windows platform, the system uses the method of packet interception based on link layer to extend the middle layer driver frame Passthru to capture data packets. The method of using shared memory in the Windows kernel layer and the data structure designed in this paper can transfer the data packets in batches to the application layer for processing, in order to reduce the number of copies of data and the transmission time, thus improving the efficiency of packet capture. The application layer uses multi-core multi-thread technology and MongoDB database to store data at high speed, which effectively reduces the packet loss rate in the process of packet analysis. In addition, this paper also designs the HTTP packet recombination algorithm, reorganizes and analyzes the network subcontract, and increases the supervision scope of the network monitoring system by restoring the complete information of the data packet. In order to verify the validity of the system and algorithm designed in this paper, the system is tested by the self-built network with a certain scale. The experimental results show that the system designed in this paper is more effective than the traditional network packet interception and analysis system. At the same time, the system also improves the accuracy of packet recombination.
【学位授予单位】:天津理工大学
【学位级别】:硕士
【学位授予年份】:2014
【分类号】:TP393.08
本文编号:2290342
[Abstract]:With the popularization and development of computer network, network technology is more and more mature, network has become an indispensable part of daily life. Therefore, network security monitoring and management is particularly important. In order to ensure the security and reliability of the network, especially in the environment of large traffic network, it is of great significance to improve the efficiency and accuracy of network monitoring and management. With the increasing scale of network and increasing data flow, packet interception and analysis based on application layer often occur the phenomenon of packet missing, and it can not be compatible with 64-bit operating system. Therefore, it can not meet the requirements of network security management and monitoring. This paper studies and designs a kind of network monitoring system based on NDIS intermediate layer driver. Under the Windows platform, the system uses the method of packet interception based on link layer to extend the middle layer driver frame Passthru to capture data packets. The method of using shared memory in the Windows kernel layer and the data structure designed in this paper can transfer the data packets in batches to the application layer for processing, in order to reduce the number of copies of data and the transmission time, thus improving the efficiency of packet capture. The application layer uses multi-core multi-thread technology and MongoDB database to store data at high speed, which effectively reduces the packet loss rate in the process of packet analysis. In addition, this paper also designs the HTTP packet recombination algorithm, reorganizes and analyzes the network subcontract, and increases the supervision scope of the network monitoring system by restoring the complete information of the data packet. In order to verify the validity of the system and algorithm designed in this paper, the system is tested by the self-built network with a certain scale. The experimental results show that the system designed in this paper is more effective than the traditional network packet interception and analysis system. At the same time, the system also improves the accuracy of packet recombination.
【学位授予单位】:天津理工大学
【学位级别】:硕士
【学位授予年份】:2014
【分类号】:TP393.08
【参考文献】
相关期刊论文 前10条
1 高升;陈兴蜀;王文贤;郭东军;;基于NDIS的数据包安全传输模型[J];电子科技大学学报;2007年S3期
2 高光勇;;网络封包截获技术及一种简易防火墙的研究[J];福建电脑;2007年09期
3 陈知新;张智勇;施游;;一种基于NDIS中间层驱动的园区网流量控制方案[J];湖南师范大学自然科学学报;2010年01期
4 郭兴阳,高峰,唐朝京;一种NDIS中间层数据包过滤方法[J];计算机工程;2004年17期
5 杨智君;马骏骁;田地;周斌;;基于NDIS的IP安全协议的研究与实现[J];计算机工程;2007年22期
6 杨志程;舒辉;董卫宇;;基于NDIS隐蔽通信技术的木马病毒分析[J];计算机工程;2008年10期
7 李晓莺,曾启铭;NDIS网络驱动程序的研究与实现[J];计算机应用;2002年04期
8 刘炎,冯穗力,叶梧,徐宇强;WDM/NDIS网络驱动程序实现方法的研究[J];计算机应用研究;2001年08期
9 高泽胜,陶宏才;基于NDIS-HOOK与SPI的个人防火墙研究与设计[J];计算机应用研究;2004年11期
10 侯功华;赵远东;;基于NDIS中间层的包过滤的研究与设计[J];微计算机信息;2006年36期
本文编号:2290342
本文链接:https://www.wllwen.com/guanlilunwen/ydhl/2290342.html
