【摘要】：隨著計(jì)算機(jī)網(wǎng)絡(luò)的普及和發(fā)展，網(wǎng)絡(luò)技術(shù)越來越成熟，網(wǎng)絡(luò)已經(jīng)成為日常生活不可或缺的一部分。因此，網(wǎng)絡(luò)安全監(jiān)控與管理就顯得特別重要。為了確保網(wǎng)絡(luò)的安全與可靠，尤其是在超大流量網(wǎng)絡(luò)環(huán)境下，提高網(wǎng)絡(luò)監(jiān)控與管理的效率和準(zhǔn)確性，具有十分重要的意義。 在網(wǎng)絡(luò)規(guī)模日益擴(kuò)大、數(shù)據(jù)流量不斷增加的情況下，基于應(yīng)用層的封包截獲與分析常常會(huì)出現(xiàn)丟包漏包的現(xiàn)象，而且不能與64位操作系統(tǒng)兼容，因此無法滿足網(wǎng)絡(luò)安全管理與監(jiān)控的要求。 本文研究并設(shè)計(jì)出一種基于NDIS中間層驅(qū)動(dòng)的網(wǎng)絡(luò)監(jiān)測(cè)系統(tǒng)，該系統(tǒng)在Windows平臺(tái)下，采用基于鏈路層的封包截獲方法，，對(duì)中間層驅(qū)動(dòng)框架Passthru進(jìn)行擴(kuò)展，來抓取數(shù)據(jù)包。在Windows內(nèi)核層利用共享內(nèi)存的方法，和本文設(shè)計(jì)的數(shù)據(jù)結(jié)構(gòu)將數(shù)據(jù)包批量傳輸?shù)綉?yīng)用層進(jìn)行處理，以減少數(shù)據(jù)的拷貝次數(shù)和傳輸時(shí)間，從而提高數(shù)據(jù)包抓取的效率；應(yīng)用層利用多核多線程技術(shù)和MongoDB數(shù)據(jù)庫(kù)進(jìn)行數(shù)據(jù)的高速存儲(chǔ)，有效減少了數(shù)據(jù)包分析過程中的丟包率。另外，本文還設(shè)計(jì)了HTTP數(shù)據(jù)包重組算法，將網(wǎng)絡(luò)分包進(jìn)行重組與分析，通過還原數(shù)據(jù)包的完整信息，來增加網(wǎng)絡(luò)監(jiān)控系統(tǒng)的監(jiān)管范圍。 為了驗(yàn)證本文所設(shè)計(jì)的系統(tǒng)和算法的有效性，本文通過自行組建的具有一定規(guī)模的網(wǎng)絡(luò)進(jìn)行了測(cè)試，實(shí)驗(yàn)結(jié)果表明：本文所設(shè)計(jì)的系統(tǒng)較傳統(tǒng)的網(wǎng)絡(luò)封包截獲與分析系統(tǒng)，在效率上有了較明顯的提高，與此同時(shí)，系統(tǒng)也提高了數(shù)據(jù)包重組的準(zhǔn)確度。
[Abstract]:With the popularization and development of computer network, network technology is more and more mature, network has become an indispensable part of daily life. Therefore, network security monitoring and management is particularly important. In order to ensure the security and reliability of the network, especially in the environment of large traffic network, it is of great significance to improve the efficiency and accuracy of network monitoring and management. With the increasing scale of network and increasing data flow, packet interception and analysis based on application layer often occur the phenomenon of packet missing, and it can not be compatible with 64-bit operating system. Therefore, it can not meet the requirements of network security management and monitoring. This paper studies and designs a kind of network monitoring system based on NDIS intermediate layer driver. Under the Windows platform, the system uses the method of packet interception based on link layer to extend the middle layer driver frame Passthru to capture data packets. The method of using shared memory in the Windows kernel layer and the data structure designed in this paper can transfer the data packets in batches to the application layer for processing, in order to reduce the number of copies of data and the transmission time, thus improving the efficiency of packet capture. The application layer uses multi-core multi-thread technology and MongoDB database to store data at high speed, which effectively reduces the packet loss rate in the process of packet analysis. In addition, this paper also designs the HTTP packet recombination algorithm, reorganizes and analyzes the network subcontract, and increases the supervision scope of the network monitoring system by restoring the complete information of the data packet. In order to verify the validity of the system and algorithm designed in this paper, the system is tested by the self-built network with a certain scale. The experimental results show that the system designed in this paper is more effective than the traditional network packet interception and analysis system. At the same time, the system also improves the accuracy of packet recombination.
【學(xué)位授予單位】：天津理工大學(xué)
【學(xué)位級(jí)別】：碩士
【學(xué)位授予年份】：2014
【分類號(hào)】：TP393.08

【參考文獻(xiàn)】

相關(guān)期刊論文 前10條

1 高升;陳興蜀;王文賢;郭東軍;;基于NDIS的數(shù)據(jù)包安全傳輸模型[J];電子科技大學(xué)學(xué)報(bào);2007年S3期

2 高光勇;;網(wǎng)絡(luò)封包截獲技術(shù)及一種簡(jiǎn)易防火墻的研究[J];福建電腦;2007年09期

3 陳知新;張智勇;施游;;一種基于NDIS中間層驅(qū)動(dòng)的園區(qū)網(wǎng)流量控制方案[J];湖南師范大學(xué)自然科學(xué)學(xué)報(bào);2010年01期

4 郭興陽(yáng),高峰,唐朝京;一種NDIS中間層數(shù)據(jù)包過濾方法[J];計(jì)算機(jī)工程;2004年17期

5 楊智君;馬駿驍;田地;周斌;;基于NDIS的IP安全協(xié)議的研究與實(shí)現(xiàn)[J];計(jì)算機(jī)工程;2007年22期

6 楊志程;舒輝;董衛(wèi)宇;;基于NDIS隱蔽通信技術(shù)的木馬病毒分析[J];計(jì)算機(jī)工程;2008年10期

7 李曉鶯,曾啟銘;NDIS網(wǎng)絡(luò)驅(qū)動(dòng)程序的研究與實(shí)現(xiàn)[J];計(jì)算機(jī)應(yīng)用;2002年04期

8 劉炎,馮穗力,葉梧,徐宇強(qiáng);WDM/NDIS網(wǎng)絡(luò)驅(qū)動(dòng)程序?qū)崿F(xiàn)方法的研究[J];計(jì)算機(jī)應(yīng)用研究;2001年08期

9 高澤勝,陶宏才;基于NDIS-HOOK與SPI的個(gè)人防火墻研究與設(shè)計(jì)[J];計(jì)算機(jī)應(yīng)用研究;2004年11期

10 侯功華;趙遠(yuǎn)東;;基于NDIS中間層的包過濾的研究與設(shè)計(jì)[J];微計(jì)算機(jī)信息;2006年36期

本文編號(hào)：2290342