摘要
网络审计系统广泛应用于园区网络,实现园区网络内的身份认证、访问控制、日志记录以及流量计费等功能.随着网络应用的广泛和深入,网络行为监控已经成为一种必要的管理手段.为此提供了一种基于IP加密技术的网络审计系统模型,可用于完成上述管理功能,并提供一种分析统计网络性能的有效手段.所谓的IP加密是将用于判断用户数据包合法性的必要信息封装在一个自定义的IP包头中.这样,当网络流量日志采集服务器接收到这种数据包时,既可以判断出该数据包的所属用户,又可以判断该数据包是否为合法数据包;此外,将其他信息添加到自定义包头的相应字段后,还可以实现对特定区域网络流量的监控.
The Network Auditing System usually used to implement the user authentication,access control,log recording and other functions such as flow charge in a large network.The supervisory control of the user behavior in the network has already become a necessary management means when the network is more and more important.This paper describes a network auditing system based on IP encryption,which can be used to achieve above-mentioned functions,and offer a simple method to analyze the performance of the network.The so-called IP encryption is to encapsulate some essential message into a self-defined IP-header.When the special packets are routed to the gateway,it can be judged if they are valid and who is their owner.Adding more information in the section of the self-defined IP-header,the flow of the selected network can be routed to the monitoring station to be supervised.
出处
《大连理工大学学报》
EI
CAS
CSCD
北大核心
2005年第z1期59-61,共3页
Journal of Dalian University of Technology