网络流量回放系统的设计与实现
发布时间:2019-05-17 12:24
【摘要】:流量回放作为在网络靶场中产生流量的方法之一,有着不可取代的特性。它可以保证回放出的流量有着和真实网络中的流量一样的特征,这是其他方法所不具备的。目前,已有的流量回放方法大多是在单位时间内制造出大量的真实流量,从而丢失了回放流量在时间上的真实性。为了在目标网络中产生与真实流量尽可能相似的网络流量,包括报文个数、内容、交互顺序和交互时间等,本文提出一种基于报文时序的多机互动回放方法。具体工作如下:首先,本文对现有的流量采集方法进行了优化,采用了多点采集的思想。通过将真实网络划分为多个采集点,在各个采集点同时采集流量。该方法弥补了现有方法遗漏局域网内相互通信的流量的缺陷,提高了采集流量的完整性。此外,本文将零拷贝技术应用到流量采集方式中,提高了网卡捕包效率,减少了因网卡性能导致的丢包问题,从而保证回放出的流量与原始网络更加相似。其次,本文设计了一种针对多点采集的数据处理方法,包括基于前缀树的去重方法和基于上下文关系的修复方法。数据去重方法对前缀树结构进行优化使其更适用于数据流的去重操作,修复方法则是通过比较通信双方发送报文的序列号和确认号之间的关系进行修复操作。本文分别对这两种方法进行实验,实验结果证明该方法确实可以对流量进行去重和修复操作。然后,本文对现有回放算法进行优化,提出一种基于报文时序的多机互动回放算法。将该算法与现有算法进行对比,实验结果表明,当回放文件为18000个报文时,该算法回放出的流量在报文发送时间误差方面是现有算法的1/20,并且本文提出的算法的时间误差不会因为回放报文数目的增加而增加,现有算法则不具备此特性。此外,本文还在回放带宽与网络流速方面对该算法进行了逼真性实验,129秒的回放时间内有4个数据点出现了误差,准确率为97%,说明该算法产生的流量与原始流量非常相似。最后,基于上述的理论研究设计并实现了一个网络流量回放的原型系统。通过对原型系统进行测试发现,该系统可以在占用少量机器资源的基础上根据用户配置进行流量采集和数据处理,然后根据输入的流量文件在目标网络中回放出与原始网络极其相似的流量,产生与现实网络相似的网络环境,供实验人员进行实验和研究。
[Abstract]:As one of the methods to generate traffic in the network shooting range, traffic playback has irreplaceable characteristics. It can ensure that the outgoing traffic has the same characteristics as the traffic in the real network, which is not available in other methods. At present, most of the existing traffic playback methods produce a large number of real traffic per unit time, thus losing the authenticity of the playback traffic in time. In order to generate the network traffic as similar to the real traffic in the target network as much as possible, including the number of messages, content, interaction sequence and interaction time, a multi-computer interactive playback method based on message timing is proposed in this paper. The specific work is as follows: firstly, the existing traffic acquisition methods are optimized, and the idea of multi-point acquisition is adopted. By dividing the real network into multiple acquisition points, the traffic is collected at each acquisition point at the same time. This method makes up for the defect that the existing method omits the traffic that communicates with each other in the local area network (LAN), and improves the integrity of the collected traffic. In addition, the zero copy technology is applied to the traffic acquisition mode, which improves the packet trapping efficiency of the network card and reduces the packet loss problem caused by the performance of the network card, so as to ensure that the outgoing traffic is more similar to the original network. Secondly, this paper designs a data processing method for multi-point acquisition, including the weight removal method based on prefix tree and the repair method based on context relation. The data de-weight method optimizes the prefix tree structure to make it more suitable for the data stream reload operation, and the repair method is to repair the relationship between the serial number and the confirmation number of the message sent by both sides of the communication by comparing the relationship between the serial number and the confirmation number of the message sent by the two sides of the communication. In this paper, the two methods are tested, and the experimental results show that the method can indeed remove the flow and repair the flow. Then, this paper optimizes the existing playback algorithms and proposes a multi-computer interactive playback algorithm based on message timing. Compared with the existing algorithms, the experimental results show that when the playback files are 18000 packets, the traffic returned by the algorithm is 1 鈮,
本文编号:2479084
[Abstract]:As one of the methods to generate traffic in the network shooting range, traffic playback has irreplaceable characteristics. It can ensure that the outgoing traffic has the same characteristics as the traffic in the real network, which is not available in other methods. At present, most of the existing traffic playback methods produce a large number of real traffic per unit time, thus losing the authenticity of the playback traffic in time. In order to generate the network traffic as similar to the real traffic in the target network as much as possible, including the number of messages, content, interaction sequence and interaction time, a multi-computer interactive playback method based on message timing is proposed in this paper. The specific work is as follows: firstly, the existing traffic acquisition methods are optimized, and the idea of multi-point acquisition is adopted. By dividing the real network into multiple acquisition points, the traffic is collected at each acquisition point at the same time. This method makes up for the defect that the existing method omits the traffic that communicates with each other in the local area network (LAN), and improves the integrity of the collected traffic. In addition, the zero copy technology is applied to the traffic acquisition mode, which improves the packet trapping efficiency of the network card and reduces the packet loss problem caused by the performance of the network card, so as to ensure that the outgoing traffic is more similar to the original network. Secondly, this paper designs a data processing method for multi-point acquisition, including the weight removal method based on prefix tree and the repair method based on context relation. The data de-weight method optimizes the prefix tree structure to make it more suitable for the data stream reload operation, and the repair method is to repair the relationship between the serial number and the confirmation number of the message sent by both sides of the communication by comparing the relationship between the serial number and the confirmation number of the message sent by the two sides of the communication. In this paper, the two methods are tested, and the experimental results show that the method can indeed remove the flow and repair the flow. Then, this paper optimizes the existing playback algorithms and proposes a multi-computer interactive playback algorithm based on message timing. Compared with the existing algorithms, the experimental results show that when the playback files are 18000 packets, the traffic returned by the algorithm is 1 鈮,
本文编号:2479084
本文链接:https://www.wllwen.com/guanlilunwen/ydhl/2479084.html
