即时通讯软件文件传输审计系统的研究与实现  被引量:3

Research and implementation of files audit system for instant messenger

在线阅读下载全文

作  者:董苹苹[1] 王建新[1] 孙志慧[1] 马宇超[1] 

机构地区:[1]中南大学信息科学与工程学院,湖南长沙410083

出  处:《中南大学学报(自然科学版)》2012年第10期3872-3878,共7页Journal of Central South University:Science and Technology

基  金:国家自然科学基金资助项目(60873265);新世纪优秀人才支持计划项目(NCET-10-0798)

摘  要:已有的网络行为审计软件没有针对即时通讯软件(IM)的文件传输记录模块。通过搭建协议分析环境,根据主流即时通讯软件通信数据明文传输的特点,利用网络捕包工具,并采用逆推方法,对多种即时通讯软件(IM)(QQ,Fetion,MSN和雅虎通等)文件传输协议进行深入分析,设计并实现一个IM文件传输审计系统(FAudit)。FAudit系统基于Libpcap库捕获数据包,提取应用层数据,应用特有的文件重组算法,通过计算网络数据包的ACK和SEQ数,对数据包进行过滤、排序、解压、重组和写入,最后还原出用户传输的文件。测试结果表明:FAudit系统可在不同网络环境特别是网络环境突变、网络状况异常恶劣的情况下,有效地审计各类IM传输的各种类型(DOC,PDF,TXT和视频等)和大小的文件,同时还可解决即时通讯软件版本升级带来的系统升级问题。Since most network behavior audit software cannot record files sent by instant messenger (IM), based on the exoteric communication data between popular instant messenger client softwares, using sniffer tools, the unopened and non-uniform file transmitting protocols of those software were analyzed in converse way. And a new network behavior audit system (FAudit) was presented on the base of analysis on IMs files transmission protocol. As IMs file packets were captured based on Libpcap database, application layer data was extracted, the ACK number and SEQ number were analyzed, and then the packets were recovered from the original file by filtering ordering, decompression, reassembling and writing. The simulation results show that FAudit can audit all formats of files (such as DOC, PDF, TXT and videos) with arbitrary size in different network environments no matter however bad it is. At the same time FAudit can be extended to other kinds of IMs.

关 键 词:即时通 文件传输 协议分析 审计 文件重组算法 SEQ数 

分 类 号:TP393[自动化与计算机技术—计算机应用技术]

 

参考文献:

正在载入数据...

 

二级参考文献:

正在载入数据...

 

耦合文献:

正在载入数据...

 

引证文献:

正在载入数据...

 

二级引证文献:

正在载入数据...

 

同被引文献:

正在载入数据...

 

相关期刊文献:

正在载入数据...

相关的主题
相关的作者对象
相关的机构对象