导读:本文包含了高速报文捕获论文开题报告文献综述、选题提纲参考文献及外文文献翻译,主要关键词:报文,分布式,拒绝服务,机制,论文,网络,DMA_ring。
高速报文捕获论文文献综述
黎忠文,吴成宾,许晓晨[1](2014)在《基于Linux高速报文捕获平台的DDoS入侵检测系统的研究》一文中研究指出如何在高速网络环境下实现线速的报文捕获以及上层的安全应用,一直是研究的热点。前期用内存映射和零拷贝等方法实现了基于千兆网卡的高速报文捕获平台NACP,在此基础上,通过使用IP地址的分布与系统资源的使用情况等作为检测参数,在snort工具上实现了防DDoS攻击的入侵检测系统。在NACP上的实验表明,改进的DDoS入侵检测工具snort与高速报文捕获平台兼容性良好,发生DDoS时能迅速检测到并且做出恰当的回应。由于使用了高速报文捕获平台,DDoS检测占用系统资源明显减少,很大程度上提高了系统的效率,系统可以在入侵检测的同时处理其他的事务。(本文来源于《计算机科学》期刊2014年04期)
尹懿琦[2](2012)在《高速网络下BT报文捕获分析系统的研究与实现》一文中研究指出With the rapid development and popularity of the network technology, the network of life has already infiltrated into every aspect of our life, and has become the largest platform of exchanging information in today's society. Internet information which came from passive acceptance model, now is developing into a resource sharing era in which content supply source has become back to the users. The demand for content sharing of Internet users has been increased gradually.Corresponding generated one problem is that many BT downloading softwares have been widely used, devouring the network bandwidth unlimitedly. In order to provide better service, Network Operators could not limit in force on its use, and can only take a few strategies to ease it. Among them, the better choice is to deployment network caching systems around the marginal ISP network, in order to cache the user requesting files, and then redirect the request of downloading files from the users which are captured by caching system, to the local network, so as to achieve the purposes of remitting the inter-domain bandwidth pressure, and improving the overall quality of service.The cache services are built on the basis of accurately learning of and timely response on the user requests. At the technical level, in order to be able to achieve network cache, the first condition is for network packet capture and parse. But along with the upgrading of the network bandwidth, the traditional packet capture and analysis method is often limited by the performance problems of its own to reach the stringent requirements. And that would be major problems for this paper to study and solve.This paper, in Chapter1, first introduces the application background of the technique for network caching, and analyses the actual demands for a BT packet capture and inspection system in high-speed network, and the further has summed the main research direction and goals of the paper.Chapter2, it has introduced the technology development status of packet capture and inspection, and identifies the performance bottlenecks that limit their ability to handle a large amount of data, based on a detailed analysis of the characteristics of traditional packet capture and inspection means.Chapter3, the paper describes the concepts and features of device polling mechanism, the DMA transfer mechanism, memory mapping mechanism, DPI deep packet parsing technology. And then comes up with resolve means targeted the issues in the second chapter.Chapter4, Design and implementation of packet capture resolution system in more detail. First is the division of the system modules. After that is the execution flow of data packets in the system, and results in the advantages of traditional means. Finally, a brief introduction of key data structures, algorithm design, as well as a detail analysis of the realization of the characteristics of the core module.Chapter5, in a lab environment to build a test platform, designed and implemented the subject system functional testing and performance, testing, and then analysis of experimental data, and finally has verified the paper objectives.In the last chapter, the paper has accomplished the prospect for the application of a BT packet capture and inspection system in high-speed network, combined with current market conditions.(本文来源于《北京邮电大学》期刊2012-12-15)
杜英明[3](2007)在《高速网络环境下基于零拷贝的报文捕获机制研究与实现》一文中研究指出随着Internet链路速率迅速提高,高效网络报文捕获系统开始得到了广泛应用。为提高报文捕获效率,减轻服务器处理的负担,高效网络报文捕获系统常采用零拷贝(Zero-Copy)机制与网络进行通信。零拷贝缓冲管理模块zbm是实现零拷贝工作方式的主要功能部件,它在应用程序与网卡驱动之间维护数据交互工作的正常运行,并负责数据接收和缓冲区释放两项操作的实现。本文的主要工作和创新点包括:(1)详细分析了基于零拷贝的报文捕获的整个过程,并阐述了其核心机制:零拷贝机制和多线程协议分析机制。(2)建立了基于零拷贝的报文捕获过程的性能分析模型,提出了零拷贝接收停顿的概念。基于此,量化分析了影响报文捕获性能的相关参数的关系。(3)实现了基于零拷贝的报文捕获系统。实现测试结果表明,该系统的设计和功能是正确而高效的。(4)针对接收活锁(receive livelock)问题,从报文捕获系统设计的角度出发,提出了一种可以有效缓解接收活锁问题的方法。(5)提出了一种基于多进程机制的报文捕获机制。通过这种机制可以大幅度改善报文捕获系统对于多任务环境的适应性。综上所述,本文针对基于零拷贝机制的报文捕获系统的设计进行了一系列研究,研究成果对于高速网络环境下的报文捕获系统设计具有重要的指导意义。(本文来源于《国防科学技术大学》期刊2007-11-01)
乔思远[4](2007)在《基于DMA_ring的高速网络报文捕获机制的实现及应用》一文中研究指出入侵检测系统是一种软件与硬件结合,通过分析网络或主机上发生的事件来发现其中的安全隐患机制。随着近几年网络攻击的事故频频出现,影响范围越来越广泛,入侵检测系统得到越来越多的重视,成为网络安全方案的重要组成部分。基于网络的入侵检测系统以网络数据作为原始的数据源,实时的分析网络上的通信。与基于主机的入侵检测相比,基于网络的入侵检测系统已经成为入侵检测的主流。但是随着网络带宽飞速发展,流量压力不断增加,传统基于网络的入侵检测系统面临着高速网络环境带来的挑战。网络报文捕获的效率不高是传统基于网络的入侵检测系统所面临的难题。本文试图在现有主流硬件设备的基础上尽可能提高网络报文捕获效率,这方面国际上有许多先进的技术,其核心是缓存,零拷贝和对系统中断的控制,其中比较着名的有NAPI,PF_ring等。本文采用的DMA_ring是一种Linux平台下高效的网络报文捕获技术。A.Biswas总结之前零拷贝技术和半轮询技术的发展,设计出DMA_ring网络报文捕获机制。我们的工作建立在他的工作基础之上。本文所做的主要工作如下:在真实网络环境下实现了DMA_ring,并在此基础上对其在网络入侵检测中的应用进行了研究。DMA_ring分为两个部分。一部分工作在内核空间,将网卡捕获的报文以DMA传输的方式传输到一个环状缓存,然后用户空间通过MMAP调用这个缓存,将其重定向到用户空间,从而实现数据的零拷贝。另一部分工作在用户空间,它可以根据当前报文传输量确定采用中断方式或者轮询方式接收网络报文,在报文流量较小的时候采用中断机制,在大量报文传输的情况下采用轮询机制。这种半轮询机制可以有效地利用系统资源,使现有设备发挥出更好的性能。DMA_ring采用新的算法,对当前报文流量进行比较准确的估计,从而可以避免因为网络流量的不稳定带来的对网络平均流量的错误判断和系统工作模式的频繁切换,提高系统的性能。在A.Biswas工作的基础上,我们在自己的实验环境中实现了这一技术,把它从Redhat8定制内核移植到纯净内核中。这样使它有着更广泛的适用性,一定程度上改善了其可移植性差的缺点。移植性的加强,可以使它更方便的应用于其它版本的Linux系统中,以及嵌入式Linux设备上,为该机制跨平台的研究和进一步的改进奠定了基础。比如,我们可以为内核添加实时中断等新的控制机制,进一步提高报文捕获系统的性能。在上述工作的基础上,我们对系统的性能进行了测试。A.Biswas在其文章中只介绍了使用64比特数据包对该机制进行测试的结果,我们测试了新机制在捕获不同大小不同流量的网络报文时的丢包率,能容忍的最大网络流量以及CPU占用率,并与未采用该机制的网络入侵检测系统进行了对比,然后对结果进行了分析。之后我们尝试将该机制嵌入到标准报文捕捉库Libpcap中,使之不再是一个单独的报文捕获机制,这样当用户空间运行基于Libpcap的网络入侵检测系统(如Snort)时,该机制将被调用,从而成为完整的网络入侵检测系统的一部分。为后续的报文分析等工作,建立基础。通过修改Libpcap的代码,我们成功的使Libpcap与DMA_ring机制建立连接,但由于前期的研究和实现工作耗费了比预期更多的时间,使得后续的从DMA_ring机制收取网络报文和进行IOCTL的工作尚未完成,这有待于进一步的研究和实验。(本文来源于《山东大学》期刊2007-05-07)
高速报文捕获论文开题报告
(1)论文研究背景及目的
此处内容要求:
首先简单简介论文所研究问题的基本概念和背景,再而简单明了地指出论文所要研究解决的具体问题,并提出你的论文准备的观点或解决方法。
写法范例:
With the rapid development and popularity of the network technology, the network of life has already infiltrated into every aspect of our life, and has become the largest platform of exchanging information in today's society. Internet information which came from passive acceptance model, now is developing into a resource sharing era in which content supply source has become back to the users. The demand for content sharing of Internet users has been increased gradually.Corresponding generated one problem is that many BT downloading softwares have been widely used, devouring the network bandwidth unlimitedly. In order to provide better service, Network Operators could not limit in force on its use, and can only take a few strategies to ease it. Among them, the better choice is to deployment network caching systems around the marginal ISP network, in order to cache the user requesting files, and then redirect the request of downloading files from the users which are captured by caching system, to the local network, so as to achieve the purposes of remitting the inter-domain bandwidth pressure, and improving the overall quality of service.The cache services are built on the basis of accurately learning of and timely response on the user requests. At the technical level, in order to be able to achieve network cache, the first condition is for network packet capture and parse. But along with the upgrading of the network bandwidth, the traditional packet capture and analysis method is often limited by the performance problems of its own to reach the stringent requirements. And that would be major problems for this paper to study and solve.This paper, in Chapter1, first introduces the application background of the technique for network caching, and analyses the actual demands for a BT packet capture and inspection system in high-speed network, and the further has summed the main research direction and goals of the paper.Chapter2, it has introduced the technology development status of packet capture and inspection, and identifies the performance bottlenecks that limit their ability to handle a large amount of data, based on a detailed analysis of the characteristics of traditional packet capture and inspection means.Chapter3, the paper describes the concepts and features of device polling mechanism, the DMA transfer mechanism, memory mapping mechanism, DPI deep packet parsing technology. And then comes up with resolve means targeted the issues in the second chapter.Chapter4, Design and implementation of packet capture resolution system in more detail. First is the division of the system modules. After that is the execution flow of data packets in the system, and results in the advantages of traditional means. Finally, a brief introduction of key data structures, algorithm design, as well as a detail analysis of the realization of the characteristics of the core module.Chapter5, in a lab environment to build a test platform, designed and implemented the subject system functional testing and performance, testing, and then analysis of experimental data, and finally has verified the paper objectives.In the last chapter, the paper has accomplished the prospect for the application of a BT packet capture and inspection system in high-speed network, combined with current market conditions.
(2)本文研究方法
调查法:该方法是有目的、有系统的搜集有关研究对象的具体信息。
观察法:用自己的感官和辅助工具直接观察研究对象从而得到有关信息。
实验法:通过主支变革、控制研究对象来发现与确认事物间的因果关系。
文献研究法:通过调查文献来获得资料,从而全面的、正确的了解掌握研究方法。
实证研究法:依据现有的科学理论和实践的需要提出设计。
定性分析法:对研究对象进行“质”的方面的研究,这个方法需要计算的数据较少。
定量分析法:通过具体的数字,使人们对研究对象的认识进一步精确化。
跨学科研究法:运用多学科的理论、方法和成果从整体上对某一课题进行研究。
功能分析法:这是社会科学用来分析社会现象的一种方法,从某一功能出发研究多个方面的影响。
模拟法:通过创设一个与原型相似的模型来间接研究原型某种特性的一种形容方法。
高速报文捕获论文参考文献
[1].黎忠文,吴成宾,许晓晨.基于Linux高速报文捕获平台的DDoS入侵检测系统的研究[J].计算机科学.2014
[2].尹懿琦.高速网络下BT报文捕获分析系统的研究与实现[D].北京邮电大学.2012
[3].杜英明.高速网络环境下基于零拷贝的报文捕获机制研究与实现[D].国防科学技术大学.2007
[4].乔思远.基于DMA_ring的高速网络报文捕获机制的实现及应用[D].山东大学.2007
论文知识图
