基于DPI和DFI的应用层网络流量监控系统的研究与实现
发布时间:2019-03-09 19:59
【摘要】:随着网络技术的快速发展,信息交流的形式也从原来低带宽要求的文件传输、网页新闻、电子邮件和论坛等升级到网络图片、语音通话及视频会议等大流量业务,网络从文字时代步入到多媒体时代。与此同时,互联网所承载的业务种类和应用数量也在不断增长,因此所需要的带宽与之前相比成指数级增长,使网络带宽资源趋于紧张。此外,,随着电子商务、电子支付、数字货币、网络银行等各类新业务的开发,网络内容安全变得越来越严重。基于网络的各种企业应用迅速增长,企业网络规模随着企业规模的扩大也在不断增加,企业需要对内网和外网进行严格约束。这几个问题是信息化社会迫切需要解决的,就目前来看,解决这些问题的最重要方案之一就是对网络流量进行监控,如何设计高速网络环境下提供应用层监测能力的企业级流量监控系统是本文研究的课题。 本文对流量识别和流量控制等与流量监控相关的重要知识点作了研究和分析之后,设计和实现了一个适合于企业使用的应用层流量监控系统。本文所做的主要工作如下所示: (1)研究并分析了市场上的流量监控设备及当前流量监控技术领域的研究成果,根据当前的网络环境确立了系统设计的定位。 (2)深入研究流量识别中常用的识别技术和流量控制里面比较流行的控制技术。在此基础上设计和实现了应用层流量监控系统的设计目标、系统架构以及各个模块具体的实现,并给出了系统的网络部署方案。 (3)当前用软件方法单独检测无法解决高速网络环境下的实时检测问题,本文通过硬件状态机和软件状态机结合的方式,并采用分图机制,对系统进行加速,从而实现了在高速网络环境下的流量识别模块的实时性要求。研究和实现了基于策略库并可以通过手动和自动的方式对应用层流量进行控制。 (4)对应用层网络流量监控系统从吞吐量、准确度两个性能指标和阻断、限流两个功能指标上进行了仿真实验与结果分析,并指明了未来的研究工作及方向。 本文通过软硬件状态机结合、分图处理、基于策略库等方式实现了高速网络环境下的流量监控系统,本系统的功能和性能都达到了系统指标,但本系统也有很多不足之处,在界面优化、特征提取、流量采集、预处理和流量控制算法等方面都可以做进一步研究。
[Abstract]:With the rapid development of network technology, the form of information exchange has also been upgraded from low-bandwidth file transfer, web news, e-mail and forums to large traffic services such as network pictures, voice calls and video conferencing. The network has stepped into the era of multimedia from the age of characters. At the same time, the types of services and applications carried by the Internet are increasing constantly, so the bandwidth required increases exponentially compared with the previous ones, which makes the network bandwidth resources tense. In addition, with the development of e-commerce, electronic payment, digital currency, network banking and other new services, network content security has become more and more serious. All kinds of enterprise applications based on network are growing rapidly, and the scale of enterprise network is increasing with the expansion of enterprise scale. Enterprises need to strictly restrict the internal and external networks. These problems are urgently needed to be solved in the information society. At present, one of the most important solutions to solve these problems is to monitor the network traffic. How to design an enterprise-class traffic monitoring system which can provide application-layer monitoring ability in high-speed network environment is the subject of this paper. After studying and analyzing the important knowledge points related to traffic monitoring, such as flow identification and flow control, this paper designs and implements an application layer traffic monitoring system which is suitable for enterprise use. The main work of this paper is as follows: (1) Research and analysis of the flow monitoring equipment in the market and the current research results in the field of flow monitoring technology, according to the current network environment, the positioning of the system design is established. (2) deeply study the commonly used identification technology and the popular control technology in flow control. On this basis, the design objectives, system architecture and specific implementation of each module of the application layer traffic monitoring system are designed and realized, and the network deployment scheme of the system is given. (3) at present, it is impossible to solve the problem of real-time detection in high-speed network environment by means of software detection alone. This paper accelerates the system by combining hardware state machine with software state machine and adopting sub-graph mechanism. Thus, the real-time requirement of the traffic identification module in the high-speed network environment is realized. The policy-based library is researched and implemented, and the application layer traffic can be controlled manually and automatically. (4) the simulation experiment and result analysis of the application layer network traffic monitoring system from throughput, accuracy, blocking and current limiting are carried out, and the future research work and direction are pointed out. In this paper, through the combination of hardware and software state machine, sub-graph processing, policy base and other ways to realize the high-speed network environment traffic monitoring system, the function and performance of the system has reached the system target, but this system also has a lot of shortcomings. Further research can be done on interface optimization, feature extraction, flow collection, pretreatment and flow control algorithms.
【学位授予单位】:江西理工大学
【学位级别】:硕士
【学位授予年份】:2014
【分类号】:TP393.06
本文编号:2437803
[Abstract]:With the rapid development of network technology, the form of information exchange has also been upgraded from low-bandwidth file transfer, web news, e-mail and forums to large traffic services such as network pictures, voice calls and video conferencing. The network has stepped into the era of multimedia from the age of characters. At the same time, the types of services and applications carried by the Internet are increasing constantly, so the bandwidth required increases exponentially compared with the previous ones, which makes the network bandwidth resources tense. In addition, with the development of e-commerce, electronic payment, digital currency, network banking and other new services, network content security has become more and more serious. All kinds of enterprise applications based on network are growing rapidly, and the scale of enterprise network is increasing with the expansion of enterprise scale. Enterprises need to strictly restrict the internal and external networks. These problems are urgently needed to be solved in the information society. At present, one of the most important solutions to solve these problems is to monitor the network traffic. How to design an enterprise-class traffic monitoring system which can provide application-layer monitoring ability in high-speed network environment is the subject of this paper. After studying and analyzing the important knowledge points related to traffic monitoring, such as flow identification and flow control, this paper designs and implements an application layer traffic monitoring system which is suitable for enterprise use. The main work of this paper is as follows: (1) Research and analysis of the flow monitoring equipment in the market and the current research results in the field of flow monitoring technology, according to the current network environment, the positioning of the system design is established. (2) deeply study the commonly used identification technology and the popular control technology in flow control. On this basis, the design objectives, system architecture and specific implementation of each module of the application layer traffic monitoring system are designed and realized, and the network deployment scheme of the system is given. (3) at present, it is impossible to solve the problem of real-time detection in high-speed network environment by means of software detection alone. This paper accelerates the system by combining hardware state machine with software state machine and adopting sub-graph mechanism. Thus, the real-time requirement of the traffic identification module in the high-speed network environment is realized. The policy-based library is researched and implemented, and the application layer traffic can be controlled manually and automatically. (4) the simulation experiment and result analysis of the application layer network traffic monitoring system from throughput, accuracy, blocking and current limiting are carried out, and the future research work and direction are pointed out. In this paper, through the combination of hardware and software state machine, sub-graph processing, policy base and other ways to realize the high-speed network environment traffic monitoring system, the function and performance of the system has reached the system target, but this system also has a lot of shortcomings. Further research can be done on interface optimization, feature extraction, flow collection, pretreatment and flow control algorithms.
【学位授予单位】:江西理工大学
【学位级别】:硕士
【学位授予年份】:2014
【分类号】:TP393.06
【参考文献】
相关期刊论文 前10条
1 徐雅斌;李艳平;刘曦子;;一个基于云计算的P2P流量识别系统模型的研究[J];电信科学;2012年10期
2 王海涛;宋丽华;;基于业务等级的自适应带宽分配机制及性能仿真[J];航空电子技术;2010年03期
3 温曙光;谢高岗;;libpcap-MT:一种多线程的通用数据包捕获库[J];计算机研究与发展;2011年05期
4 王杰;刘亚宾;孙珂珂;;一种快速高效的模式匹配算法的应用研究[J];计算机工程与应用;2008年32期
5 陈亮;龚俭;徐选;;应用层协议识别算法综述[J];计算机科学;2007年07期
6 金顺福;吕倩;王朋;李小良;;一种动态带宽分配策略及其性能分析[J];计算机工程;2012年09期
7 姚远;刘鹏;单征;田双鹏;;面向存储的正则表达式匹配算法综述[J];计算机应用;2009年12期
8 李致远;王汝传;;一种基于机器学习的P2P网络流量识别方法[J];计算机研究与发展;2011年12期
9 于明;朱超;;利用半监督近邻传播聚类算法实现P2P流量识别[J];哈尔滨工程大学学报;2013年05期
10 汤昊;李之棠;;基于DPI的P2P流量控制系统的设计与实现[J];信息安全与通信保密;2007年06期
相关博士学位论文 前1条
1 刘舸;基于网络效应的电信运营商IM市场竞争研究[D];北京邮电大学;2009年
本文编号:2437803
本文链接:https://www.wllwen.com/guanlilunwen/ydhl/2437803.html