一种网络分组内容线速动态检测方法  被引量:2

A Method of On-Line Dynamic Inspection for Network Packet Contents

在线阅读下载全文

作  者:徐克付[1] 齐德昱[1] 钱正平[1] 向军[1] 郑伟平[1] 

机构地区:[1]华南理工大学计算机系统结构研究所,广东广州510640

出  处:《华南理工大学学报(自然科学版)》2008年第9期15-19,共5页Journal of South China University of Technology(Natural Science Edition)

基  金:中国博士后科学基金资助项目(2005037582);粤港关键领域重点突破项目(2005A10307007)

摘  要:针对高速网络内容检测中多模式匹配算法性能差和模式集不断动态变化的问题,提出了一种松散耦合的双通道线速动态内容检测方法.该方法包含快速通道和慢速通道两部分,快速通道利用可动态查询的并行Counting Bloom filter引擎过滤网络分组,过滤出的嫌疑分组送慢速通道利用高效动态模式匹配算法一步准确鉴别和分析,从而避免对正常分组的阻碍,达到线速检测.基于程序局部性原理,采用额定长度前缀的方法实现了对长模式的可扩展性.分析与模拟试验表明,该检测方法具有较高的吞吐性能,可以实现线速动态内容检测,同时减少了硬件资源开销,提高了可扩展性.In the high-speed inspection of network contents, the multi-pattern matching algorithm is inefficient and the pattern set continuously changes. In order to solve these problems, an on-line dynamic inspection method with two loosely-coupled pipelines is proposed. This method consists of a fast pipeline and a slow one. In the fast pipeline, parallel Counting Bloom filter engines which can perform fast dynamic query are adopted to filter the network packet, while in the slow one, a high-performance dynamic pattern matching algorithm is adopted to distinguish the suspicious packet coming from the fast pipeline. Thus, the block to normal packets can be removed and the on-line inspection can be achieved. Moreover, according to the locality principle of programs, a length threshold is set to implement the scalability for long rules. Analytical and simulated results indicate that the proposed inspection method with high throughput meets the requirements of on-line dynamic inspection of network packet contents well with low hardware consumption and high scalability.

关 键 词:BLOOM FILTER 计算机网络 深度分组检测 动态模式匹配 

分 类 号:TP393[自动化与计算机技术—计算机应用技术]

 

参考文献:

正在载入数据...

 

二级参考文献:

正在载入数据...

 

耦合文献:

正在载入数据...

 

引证文献:

正在载入数据...

 

二级引证文献:

正在载入数据...

 

同被引文献:

正在载入数据...

 

相关期刊文献:

正在载入数据...

相关的主题
相关的作者对象
相关的机构对象