A Real-Time TCP Stream Reassembly Mechanism in High-Speed Network 被引量：3

A Real-Time TCP Stream Reassembly Mechanism in High-Speed Network

下载PDF

导出

摘要 With the continual growth of the variety and complexity of network crime means, the traditional packet feature matching cannot detect all kinds of intrusion behaviors completely. It is urgent to reassemble network stream to perform packet processing at a semantic level above the network layer. This paper presents an efficient TCP stream reassembly mechanism for real-time processing of high-speed network traffic. By analyzing the characteristics of network stream in high-speed network and TCP connection establishment process, several polices for designing the reassembly mechanism are built. Then, the reassembly implementation is elaborated in accordance with the policies. Finally, the reassembly mechanism is compared with the traditional reassembly mechanism by the network traffic captured in a typical gigabit gateway. Experiment results illustrate that the reassembly mechanism is efficient and can satisfy the real-time property requirement of traffic analysis system in high-speed network. With the continual growth of the variety and complexity of network crime means, the traditional packet feature matching cannot detect all kinds of intrusion behaviors completely. It is urgent to reassemble network stream to perform packet processing at a semantic level above the network layer. This paper presents an efficient TCP stream reassembly mechanism for real-time processing of high-speed network traffic. By analyzing the characteristics of network stream in high-speed network and TCP connection establishment process, several polices for designing the reassembly mechanism are built. Then, the reassembly implementation is elaborated in accordance with the policies. Finally, the reassembly mechanism is compared with the traditional reassembly mechanism by the network traffic captured in a typical gigabit gateway. Experiment results illustrate that the reassembly mechanism is efficient and can satisfy the real-time property requirement of traffic analysis system in high-speed network.

作者熊兵陈晓苏陈宁

机构地区 School of Computer Science and Technology

出处《Journal of Southwest Jiaotong University(English Edition)》 2009年第3期185-191,共7页 西南交通大学学报（英文版）

基金 National High-Tech Research and Development Program of China (863 Program) (No.2007AA01Z309)

关键词 TCP stream reassembly High-speed network Real-time property Reassembly policy TCP stream reassembly High-speed network Real-time property Reassembly policy

分类号 TN915.05 [电子电信—通信与信息系统]

引文网络
相关文献

参考文献1

1杨宏宇,谢丽霞,赵晓玲.入侵检测系统中应用层协议的并行重组[J].计算机工程,2005,31(23):141-142. 被引量：1

二级参考文献7

1NorthcuttS.网络入侵检测分析员手册[M].北京：人民邮电出版社,2000..
2TaylorED 王虎邓宏涛刘志刚译.TCP/IP使用详解[M].北京:机械工业出版社,1999..
3BuyyaR.高性能集群计算:编程与应用(第2卷)[M].北京:电子工业出版社,2001..
4Anderson D, Frivold T, Valdes A. Next-generation Intrusion-Detection Expert System (NIDES): A Summary[R]. SRL- CSL-95-07, SRI International, Menlo Park, CA, 1995.
5Handley M, Kreibich C, Paxson V. Network Intrusion Detection:Evasion, Traffic Normalization, and End-to-End Protocol Semantics [C]. In: Proceedings of the 10^th USENIX Security Symposium,Washington D C, 2001-08:115-131.
6Zhao Xiaoling, Sun Jizhou. A Parallel Scheme for IDS [C]. In:Proceedings of the Second International Conference on Machine Learning and Cybernetics (ICMLC), 2003-05:2379- 2383.
7蒋建春,马恒太,任党恩,卿斯汉.网络安全入侵检测:研究综述[J].软件学报,2000,11(11):1460-1466. 被引量：369

同被引文献26

1杨宏宇,赵晓玲.应用层并行重组在NIDS中的设计与实现[J].吉林大学学报（理学版）,2006,44(4):575-582. 被引量：4
2邓子宽,范明钰,王光卫,朱大勇.Snort入侵检测系统中TCP流重组的研究[J].信息安全与通信保密,2007,29(2):65-67. 被引量：6
3Ethan Blanton, Mark Allman. On making TCP more robust to packet reordering[ J ]. ACM, 2002,32(1) : 20 - 30.
4Charles M Kozierok.TCP/IP指南,卷1:底层核心协议[M].北京:人民邮电出版社,2008:511-587.
5Richard ,TCP/IP详解卷1:协议[M].北京:机械工业出版社,2000:17-18.
6Ptacek T, Newsham T. Insertion, evasion, and deni- al of service., eluding network intrusion detection [R]//Secure Networks Inc. [s. I. ]:[s. n. ], 1998.
7Dharmapurikar S, Paxson V. Robust TCP stream re- assembly in the presence of adversaries [C] ff Balti- more,America, Proceedings of the 14th USENIX Se- curity Symposium. Baltimore, America: USENIX Symposium, 2005.
8Necker M, Contis D, Schimmel D. TCP-Stream re- assembly and state tracking in hardware [C]//10th Annual IEEE Symposium on Field-Programmable Custom Computing Machines (FCCM' 02), Calior-nia America : FCCM' 02, 2002.
9Ruan Y, Yang W B, Chen M Y, etal,Robust TCP reassembly with a Hardware-Based solution for back- bone traffic [C] // Proeeedings of the 2010 IEEE Fifth International Conference on Networking, Architec- ture, and Storage, p. 439-447, July 15-17. Maeau China; IEEE, 2010.
10赵晓玲,孙济洲.应用层协议并行重组算法的设计与实现[D].天津:天津大学,2004.

引证文献3

1赵启升,李存华.一种高效的TCP会话数据流重组算法及应用[J].微电子学与计算机,2010,27(7):129-132. 被引量：5
2刘德旬,刘晓洁.一种基于流式模式匹配的分片攻击检测方法[J].四川大学学报（自然科学版）,2012,49(5):1024-1030. 被引量：2
3赵勇,陈亮,晁萍瑶.安全存储系统中TCP流还原加速策略研究[J].西安工程大学学报,2018,32(1):121-125. 被引量：3

二级引证文献10

1钱来,王伟.一种基于IDOA-RBF神经网络的正常流量过滤方法[J].电子测量技术,2023,46(13):132-138.
2唐彰国,钟明全,李焕洲,张健.基于数据流的启发式文件传输识别系统设计[J].计算机工程与设计,2011,32(9):2929-2933. 被引量：4
3张晓初,杨瑞君,吴伟航,胡申明,陈冰.互联网流量采集分析系统设计与实现[J].计算机工程,2012,38(3):82-84. 被引量：3
4夏天一,刘嘉勇.基于数据流特征的TCP重组技术研究[J].信息安全与通信保密,2014,12(11):134-136. 被引量：3
5董超,周刚,刘玉娇,张德江.基于改进的Adaboost算法在网络入侵检测中的应用[J].四川大学学报（自然科学版）,2015,52(6):1225-1229. 被引量：16
6刘贤熜,宋斌.基于Hadoop的海量数据TCP报文重组技术[J].计算机工程,2016,42(10):113-117. 被引量：5
7陈伟,吴辉群,汤乐民,王伟.一种认知功能的入侵防御系统[J].河南科技大学学报（自然科学版）,2017,38(3):49-53. 被引量：2
8赵勇,陈亮,晁萍瑶.安全存储系统中TCP流还原加速策略研究[J].西安工程大学学报,2018,32(1):121-125. 被引量：3
9刘引涛,刘楠.基于ARM与4G网络的视频监控设计与实现[J].电子设计工程,2019,27(3):146-149. 被引量：6
10俞祥基,蒲俊良,周川,张隆春,唐林,陈巧灵.利用区间管理算法实现的TCP流重组技术[J].通信技术,2022,55(12):1650-1658.

1刘志强,王丽芳,蒋泽军.存储设备热区域块重组机制[J].计算机仿真,2010,27(1):351-354. 被引量：1
2袁靖,袁丹,彭道刚,张浩.基于自动重组机制的多目标粒子群优化算法研究[J].广东电力,2014,27(10):32-37.
3宋玲玲,蒋泽军,王丽芳,刘志强.存储设备块重组机制仿真研究[J].微处理机,2011,32(6):80-83.
4扈兆明,苏志胜,赵晓宇,马严.IPv6分片重组在入侵检测系统中的实现[J].现代电信科技,2005(4):45-49. 被引量：5
5王旭,叶震,夏竹青.一个高效的包处理入侵检测模型[J].计算机应用与软件,2010,27(11):276-278.
6陈晶晶,李晓记,郑霖.6LoWPAN的Enhanced Route-over的分片和重组机制[J].无线电工程,2015,45(10):1-6. 被引量：1
7JIANG Wei,TIAN Zhihong,CAI Chao,GONG Bei.Bottleneck Analysis for Data Acquisition in High-Speed Network Traffic Monitoring[J].China Communications,2014,11(1):110-118. 被引量：2
8韩庆普,金仁成,杨景明,王震,王天娆.基于IPv6的WSN边界路由器设计[J].现代电子技术,2013,36(19):24-28. 被引量：2
9周奇峰,陈峰震.基于能量高效的传感器网络代码重组机制研究[J].福建电脑,2014,30(3):77-80.
10陈晓晔.浅谈我国企业兼并重组中存在的财务问题[J].商情,2014(3):161-161. 被引量：1

Journal of Southwest Jiaotong University(English Edition)

2009年第3期

浏览历史

内容加载中请稍等...