摘要
随着互联网的高速发展,网络应用层出不穷,多种多样,但是由于互联网的交互与开放性使得网络应用良莠不齐,又由于政府、运营商、企业等组织的需要,并让网络管理人员能够及时了解并且控制网络的运行状态,保护网络正常运行,网络应用识别以及识别系统的研究迫在眉睫,成为一个十分重要的课题,这也对网络运营、管理以及控制具有重要意义。
本论文致力于研究网络应用的识别以及系统的研究与实现,主要研究的内容包括三个部分,常见网络应用类型介绍和网络应用识别方法总结、Skype应用的分析以及识别,网络应用识别系统的研究与设计,基于递归哈希的多模式匹配算法的研究与实现。
本文首先介绍了五种常见的网络应用,同时结合这五种网络应用的识别特征给出网络应用识别技术的几种方法,并以Skype应用为例对其加以分析与识别。其次本文着重介绍了网络应用识别系统,随着网络应用数量的不断增加,现有网络应用识别系统中的特征规则数量不断膨胀,进入系统的数据报文需要顺序匹配每一条特征规则,导致系统效率低下。在此基础上,我们研究并改进了现有网络应用识别系统,设计并提出一种规则初始化的树形分类结构的系统。最后针对系统中固定位置固定关键字的识别算法,在原有顺序匹配的基础上,本文创新提出一个基于递归哈希的多模式匹配算法,通过实验测试证明,随着规则数目的增加或者输入数据报文数目的增加,改进后的算法所需匹配时间大幅度缩短,且与原有算法相比,性能得到提高。
With the rapid development of the Internet, a variety of network applications appeared in our daily life including good and bad applications, due to the needs of the government, carriers, enterprises and other organizations. In order to allow network managers to keep controlling the status of the network and protect network uptime, network application identification and recognition system become a very important issue, which also has an important significance for network management and control.
This thesis aims to the research and implementation of network application identification system, the main contents of the study consists of three parts, network application identification methods based on DPI; research and implementation of network application identification system; I-HASH multiple various position pattern matching algorithm in Internet application identification.
This paper first introduces five common network applications, then we introduced the identification method combined with those five network application, given the several methods of network applications identification technology. Furthermore, this article focuses on the network application identification system, with the increasing number of network applications, the number of the characteristics' rules in the existing network application identification system is expanding, resulting in system efficiency is low. On this basis, we have studied and improved identification system of the existing network applications, design and proposed a rule tree classification structure of the system initialization. The efficiency of multiple pattern matching is important to our network application identification system, for the fixed pattern fixed keyword in the rules, on the basis of the original sequence matching, this paper proposed a recursive hash multi-pattern matching algorithm. Experiments showed that with increase of the number of rules and packets, the time of the improved algorithm increases slowly, and greatly improved performance compared to the original algorithm.
引文
[1]罗浩,吴志刚,云晓春等.网络业务流识别系统及其识别方法[P].发明:200910091792,2010/02/10.
[2]互联网资源http://www.cnpaf.net/Class/OtherAnalysis/200810/23078.html 2008-10-23
[3]W.Richard Stevens(美)著范建华、胥光辉、张涛等译谢希仁校《TCP/IP详解卷1:协议》 机械工业出版社
[4]高琴,谭琳,胡谷雨.一个网络流量检测系统的设计与实现.现代电子技术2005(4)33-36.
[5]刘芳.网络流量监测与控制.北京邮电大学出版社.20099-10
[6]刘鹏.网络用户行为分析的若干问题研究[D].北京邮电大学,2010.
[7]张立明.IP网络业务行为分析[D].北京邮电大学,2008.
[8]蔡文郁,金心宇.基于Linux的网络流量控制机制.江南大学学报.2006-08
[9]蒋序平,陈鸣,赵金网络测量系统研究中亟待解决的若干问题电信科学200362-66.
[10]罗永刚.大型网络棋牌游戏服务器端设计与实现[D].山东大学硕士论文:山东大学,2011.
[11]庞双玉,陈常胜.基于飞信(Fetion)技术的企业即时通讯平台[J].科技展望,2010,(6):9-10.
[12]陈岚.Iptables规则集优化的设计与实现[D].武汉科技大学硕士论文:武汉科技大学,2008.
[13]井艳芳,孟晓景.Linux内核防火墙的研究与程序设计[J].《安徽理工大学学报(自然科学版)》,2004,(09).
[14]姚晓宇、赵晨Linux内核防火墙Netfilter实现与应用研究[学位论文]计算机工程.2003.3
[15]王一平,韦卫.网络安全框架Netfilter在Linux中的实现[J].计算机工程与设计,2006,27(3),439-442
[16]Michael Rash著陈健译.Linux防火墙.人民邮电出版社.2009.6
[17]陈伟周继军许德武.Snort轻量级入侵检测系统全攻略.北京邮电大学出版社.2009
[18]谢希仁.计算机网络.第五版.电子工业出版社.2009
[19]王振华,王攀等.基于综合统计特征的skype流量分析与识别.南京邮电大学学报.2006(2)
[20]梁萍,帅建梅等.基于判定树的snort规则集优化构造方法.计算机工程.2011年1月
[21]孙敏,古晓明,张志丽.Snort规则链表结构的改进与仿真[J].计算机工程,2009,35(11):120-122.
[22]孟晓景,井艳芳,张瑜等.Linux内核netfilter防火墙原理与设计.山东科技大学学报(自然科学版),2004
[23]丁健.基于Netfilter框架的Linux防火墙技术研究及应用[D].武汉理工大学,2009.
[24]李建辉.误用入侵检测系统中高性能模式匹配部件的设计及实现[D].湖南大学,2007.
[25]陈卫明.基于对IP业务与内容的三维识别及感控技术[J].江苏通信,2010,(02).
[26]高献伟,郑捷文,杨泽明等.智能网络取证系统[J].计算机仿真,2006,23(3):95-98.
[27]马如林,蒋华,张庆霞等.一种哈希表快速查找的改进方法[J].计算机工程与科学,2008,30(9):66-68.
[28]SENS, SPATSCHECKO, WANG D.Accurate, scalable internet work identification of p2p traff ic using application signatures[C].Proceedings of World Wide Web Conference. NY, USA,M ay 2004.
[29]Boyer R S, Moore J S. A Fast String Searching Algorithm[J].Communications of the ACM, 1977,20(10):762-772
[30]A.V. Aho and M.J. Corasick. Efficient String Matching:An aid to Bibliographic Search. Communications of the ACM, vol.18,1975.
[31]Wu Sun. Manber U. A Fast Algorithm for Multi pattern Search ing:[Technical Report]. The University of Arizona:The Com-puter Science Department, May1994
[32]唐谦.入侵检测中模式匹配算法的性能分析[J].计算机工程与应用,2005,(17):136-138.
[33]Hongbin Lu, K. Zheng, B. Liu, X. Zhang and Y. Liu. A Memory-Efficient Parallel String Matching Architecture for High Speed Intrusion Detection. In IEEE Journal on Selected Areas in Communications, Vol.24, No.10. Oct.2006.
[34]Jiawei Han, Jian Pei, Yiwen Yin Mining Frequent Patterns without Candidate Generation Proceedings of the 2000 ACM SIGMOD international conference on Management of data.
[35]Jan van Lunteren. High-Performance Pattern-Matching for Intrusion Detection. In 25th Conference of IEEE INFOCOM, Apr.2006.
[36]Fisk M., Varghese. G. An Analysis of Fast String Matching Applied to Content-based Forwarding and Intrusion Detection. In Techical ReportCS2001-0670 (updated version), University of California-San Diego,2002.
[37]WU S, MANBER U. A fast algorithm for multi-pattern searching. Report TR-94-17, Department of Computer Science, University of Arizona, Tucson, AZ,1994.
[38]Boyer R S, Moore J S. A fast string searching algorithm [J]. Communications of the ACM, 1997,20(10):762.
[39]Kuai Xu, Zhi-Li Zhang, Supratik Battacharrya, Profiling Internet Backbone Traffic:Behavior Models and Applications. In:ACM Sigcomm 2005. Philadelphia, PA. August 2005.
[40]Commentz-Walter R A string matching algorithm fast on the av erage:[Technical Report-. The University of Heidelberg:IBM Heidelberg Scientific Center, Sep.1979
[41]Liu A X, Meiners R, and Torng. TCAM Razor:a systematicapproach towards minimizing packet classifiers in TCAMs[J].Communication of the ACM,2010,18(2):490-500.
[42]Chen Zheng-hu. A TCAM Service Identification Algorithm Based on Access Compression Using Bloom-filter [A]. Journal of Electronics & Information Technology,2011.
[43]LI Lun, LI Dong. A Multi-Pattern Matching Algorithm For the Large-scale URL Keywords [A]. Intelligent Computer And Applications,2011.
[44]LIU Yin, YANG Shi-ping. Fast Packet Classification Algorithm Based on Recursive Flow Classification Algorithm in Multi-fields [A]. Computer Engineering,2008.