簡易檢索 / 詳目顯示

回結果列表
研究生: 吳培銘
Wu, Pei-Ming
論文名稱: 基於 Net-DPIS 之效能改良:設計與實作一網路流量分類之快取機制
Design and Implementation of a Network Traffic Classification Caching Mechanism based on Net-DPIS
指導教授: 楊竹星
Yang, Chu-Sing
學位類別: 碩士
Master
系所名稱: 電機資訊學院 - 電腦與通信工程研究所
Institute of Computer & Communication Engineering
論文出版年: 2015
畢業學年度: 103
語文別: 中文
論文頁數: 44
中文關鍵詞: 流量分類深層封包檢視多模式比對網路快取
外文關鍵詞: Network Traffic Classification, Deep Packet Inspection, Multiple Pattern Matching, Network Caching
相關次數: 點閱:113下載:1
分享至:
查詢本校圖書館目錄 查詢臺灣博碩士論文知識加值系統 勘誤回報

    •   隨著網路愈來愈發達,加上近年來行動以及手持裝置的盛起,應用程式更是爆炸性的成長,例如:線上遊戲、線上交易、社群網站、即時通訊、網路電視、影音串流等等,現代人的生活與網路的關係可以說是息息相關。
      要分析如此大量的流量以及分辨服務的種類,在以往通常是以封包表頭(Packet Header)之中所使用的通訊連接埠號(Port)作為判斷標準,各種應用層的服務以約定俗成的方式來預設對外連結所聆聽的埠號。隨著應用程式種類越來越多,透過埠號所判斷出結果的準確度卻是越來越低。為了提高準確度,有不同的研究提出了利用封包的內容做為判斷的基準,來達到高準確度的檢測,如開放原始碼的 L7-Filter、Snort 以及 Net-DPIS。
      L7-Filter與Snort都是以正規表示式做為封包內容比對的方式,以達到高彈性度的規則設定,不同之處在於L7-Filter是執行在核心空間 (Kernel Space),相較於執行在使用者空間(User Space) 的 Snort有更高的處理效率。Net-DPIS是基於L7-Filter,將比對的部分以多模式比對 (Multiple Pattern Matching) 的方式來實現,用以改善正規表示式的缺點,提高規則比對的效率。
      儘管Net-DPIS已有相當不錯的比對效率,在面對日趨增加的網路流量仍是有不足之處,本研究擬針對Net-Filter之效能部分進行分析以及改進,利用快取(Cache)機制將比對之結果存入快取,預期得到一個減少比對次數以增加封包處理量的結果。

    With the growth of network traffic and the amount of network application, the way of quickly classifying network traffic becomes more and more important. In the pass, the way of network traffic classification is usually using the detection of port number in the packet header. However, the port number based detection has less and less accuracy.

    To increase the accuracy of network traffic classification, we need to inspect the packet to see what is actually in the packet payload. Some of the open source application, for example Net-DPIS, use this method, Deep Packet Inspection, to classify the network traffic. Though the Net-DPIS has enough processing rate, it still face to the problem of growing network traffic.

    This research analyze and provide a way to increase the processing rate of Net-DPIS. Using the cache mechanism to store the result of pattern matching into cache table, we can decrease the number of pattern matching as expected, and then increase the processing rate of network packet.

    摘要 I Abstract II 誌謝 VI 目錄 VII 表目錄 IX 圖目錄 X 1. 緒論 1 1.1. 研究背景 1 1.2. 研究動機與目的 1 1.3. 論文架構 2 2. 背景知識與相關研究 3 2.1. 封包擷取技術 3 2.2. 封包分類技術 5 2.2.1. 基於通訊埠號之分辨技術 5 2.2.2. 基於特徵模式(Pattern)之分辨技術 5 2.3. 多模式比對演算法 (Pattern Matching Algorithm) 6 2.3.1. WM 演算法 6 2.3.2. WMT演算法 7 2.4. 快取機制及演算法 8 2.4.1. LRU 8 2.4.2. CLOCK 9 2.5. 樹狀資料結構 9 3. 系統設計與實作 11 3.1. Net-DPIS 11 3.2. 效能缺失 13 3.3. 建立快取機制 14 3.4. 快取演算法 15 3.5. 快取表資料結構 18 4. 實驗與數據量測 24 4.1. 實驗測試數據 24 4.2. 快取演算法模擬 24 4.3. 封包處理效能 29 4.4. 封包遺失率 32 4.5. 總結 41 5. 結論與未來展望 42 參考文獻 43

    [1] Liao, M.-Y., Luo, M.-Y., Yang, C.-S., Chen, C.-H., Wu, P.-C., Chen, Y.-C., "Design and evaluation of deep packet inspection system: A case study," Networks, IET, Volume 1, Issue 1, pp. 2-9, 2012
    [2] Regular Expression. [Online]. http://www.regular-expressions.info/
    [3] Snort. [Online]. https://www.snort.org/
    [4] Wireshark. [Online]. https://www.wireshark.org/
    [5] K. Wehrle, F. Pählke, H. Ritter, D. Müller, and M. Bechler, The Linux Networking Architecture: Design and Implementation of Network Protocols in the Linux Kernel., 2004.
    [6] L7-filter. [Online]. http://l7-filter.sourceforge.net/
    [7] A. V. Aho and M. J. Corasick, "Efficient srting matching: an aid to bibliographic search," Communications of the ACM, vol. 18, no. 6, pp. 333-340, 1975
    [8] S. Wu and U. Manber. "A fast algorithm for multi-pattern searching." Technical Report TR-94-17, Department of Computer Science, University of Arizona, 1994
    [9] 吳寶欽(2006),「適合在網路處理器上使用之多模式比對演算法」,國立中山大學資訊工程學系碩士論文
    [10] R. S. Boyer, and J.S. Moore, "A fast string searching algorithm," Communications of the ACM, Vol. 20, No. 10, pp.761-772, 1977
    [11] O'Neil, Elizabeth J.; O'Neil, Patrick E.; Weikum, Gerhard (1993). "The LRU-K Page Replacement Algorithm for Database Disk Buffering". Proceedings of the 1993 ACM SIGMOD International Conference on Management of Data. SIGMOD '93 (New York, NY, USA: ACM): 297–306. doi:10.1145/170035.170081. ISBN 0-89791-592-5.
    [12] Andrew S. Tanenbaum. Modern Operating Systems (Second Edition). pp. 218 (4.4.5). 2001.
    [13] Rudolf Bayer (1972). "Symmetric binary B-Trees: Data structure and maintenance algorithms". Acta Informatica 1 (4): 290–306. doi:10.1007/BF00289509.
    [14] TCPDUMP & LIBPCAP. [Online]. http://www.tcpdump.org/
    [15] Scapy. [Online]. http://www.secdev.org/projects/scapy/
    [16] Shafranovich, Y. (October 2005). "Common Format and MIME Type for CSV Files". Network Working Group (RFC 4180): 1.
    [17] Intel, “Using the RDTSC Instruction for Performance Monitoring“, http://www.ccsl.carleton.ca/~jamuir/rdtscpm1.pdf
    [18] Tcpreplay. [Online]. http://tcpreplay.synfin.net/
    [19] 徐于三(2008),「隨機變換通訊埠的網路流量分析與影響評估」,國立中山大學資訊工程學系碩士論文
    [20] C.-H. Chen, “The Design and Implementation of Protocol Classifier Based on Linux Netfilter,” in Master’s thesis, National Sun Yat-Sen University, 2006
    [21] Y.-W. Chen, “Performance Analysis and Improvement of Classifier Based on Linux Netfilter,” in Master’s thesis, National Cheng Kung University, 2011
    [22] Z.-K. Mo, “A Novel Network Intrusion Detection System In Cloud Computing,” in Master’s thesis, National Cheng Kung University, 2014
    [23] Y. Qi, L. Xu, B. Yang, Y. Xue, and J. Li, "Packet Classification Algorithms: From Theory to Practice," in INFOCOM 2009, IEEE, pp.648-656, 2009.

    下載圖示 校內:2021-09-01公開
    校外:2021-09-01公開
    QR CODE