摘要
在网络行为管理系统中,当数据包以TCP流方式在网络上传输时,传统的基于数据包的模式匹配算法已无法满足需要.对此提出了一种高效的TCP会话数据流重组算法,详细论述了多连接管理、重复报文处理以及无序报文处理等重组过程中出现问题的解决方法,并利用此算法实现了FTP协议数据包的截获与分析.通过与Libnids库相比较,试验结果表明,该算法更具效率和稳定性.
The traditional algorithms for packets-based pattern matching are unable to meet the needs of the network behavior management system if data packets flow through the network in TCP streams. After presenting an efficient algorithm for restructuring TCP session streams,this paper discusses detailedly solution to the problems appeared in multiple connection management,repeatable message processing,out-of order message processing and etc. Finally,we implement the interception and analysis of data packets complying to the FTP protocol by means of the algorithm. Comparing with the Libnids library,the experimental results demonstrates that our algorithm is more efficient and stable.
出处
《微电子学与计算机》
CSCD
北大核心
2010年第7期129-132,共4页
Microelectronics & Computer
基金
国家科技部科技服务企业项目(2009GJC10043)
关键词
网络行为管理
TCP协议
报文重组
FTP
network behavior management
TCP protocol
segments reorganization
FTP
