高速网络实时信息流监控系统

【作者】 李笠；

【导师】 张怀宁；

【作者基本信息】 昆明理工大学 ， 计算机应用技术， 2002， 硕士

【摘要】 随着INTERNET的快速发展，计算机网络犯罪的增多已经威胁到国家和政府的安全。如何在不涉及个人隐私的情况下对网络信息流进行安全监控，是各国政府现在重点研究的课题之一。本文就是针对网络信息流分析和监控的实时、高效的原则，详细讨论了一个高速网络信息流分析与监控系统。本文将整个系统分为两个大的模块：网络流量监控和网络信息分析。在网络流量监控技术上，本文介绍和对比了SNMP协议和Cisco NetFlow技术，并利用NetFlow技术实现了广域网数据流量的分析和处理。在网络信息分析和处理技术上，本文又将此模块分为两个部分：首先是简述了数据包截获技术和集群技术，其中对网络底层信息监听过滤技术作了详细阐述。另外为了提高系统效率，只将用户关心的应用数据过滤截获，本文还特别介绍和分析了基于BPF模型的网络信息过滤机制。针对高速网信息流量大的特点，系统在一个Linux集群-LVS上实现了数据包处理的分布性；最后，本文对网络数据还原的三个层面：IP层、TCP层和应用层作了还原分析，特别对应用层的协议还原作了详细分析，并实现了其中简单高层协议的数据还原。系统相对于国内同类系统而言，具有在数据处理能力和可扩充性方面的优势。更多还原

【Abstract】 Along with the fast development of INTERNET, computer network crime has threatened the safety of country and government. How to monitoring the network information flow under the condition that does not be concerned with personal conceal for security, is one of key research of countries and government in current. Presented in this paper is the comprehensive and detail information about a real-time and efficient high speed network analysis and supervisory system. The main idea is to divide the system into two parts: the network flux monitoring and network flow analysis. This paper introduce and compare SNMP agreement and Cisco NetFlow technology on the network flux monitoring technology , and have realized the analysis and handling the data flow of wide area network using NetFlow technology. On the network flow analysis and processing technology, this paper divide this module into two parts again: First, it summarized the data capture technical and cluster technology. It also discussed the filter technology under the network bottom in detail. Other for raising systematic efficiency, filtering the application data of captured which user solicitude, this paper introduced and analyses the network data filter mechanism based on BPF model especially. According to the characteristic of high speed network, it also have realized the distribution of data handling with a Linux Cluster - LVS; In final, the paper analysis the 3 layer of network data restore: IP layer, TCP layer and application layer. Especially it made detailed analysis for application protocol restore. It also realized the data restore of simple high layer protocol. Compared with products of domestic, this system has the advantage of capabilities ofdata-processing and scalability.更多还原