一种面向网络安全分析的高速流重组优化方案  被引量：5

作　　者：陈良国 阮树骅 陈兴蜀 罗永刚 CHEN Liangguo;RUAN Shuhua;CHEN Xingshu;LUO Yonggang(College of Cybersecurity,Sichuan University,Chengdu Sichuan 610065,China;Cybersecurity Research Institute,Sichuan University,Chengdu Sichuan 610065,China)

机构地区：[1]四川大学网络空间安全学院,四川成都610065 [2]四川大学网络空间安全研究院,四川成都610065

出　　处：《信息网络安全》2019年第11期82-90,共9页Netinfo Security

基　　金：国家自然科学基金青年科学基金[61802270];中央高校基本科研业务费基础研究项目[SCU2018D018]

摘　　要：在高速网络环境下,网络流量采集和重组是进行网络安全分析的重要前提。文章针对网络安全分析的准确性和实时性要求,提出了一种面向网络安全分析的高速流重组优化方案。首先,在基于Hash结构的流表方案中,设计了多流表并行化机制,并通过在高速网络流的分发策略中引入反馈信息,解决了高速网络流在多个流表间分发的负载均衡问题;其次,为进一步降低流老化检测开销,在流表方案中特别设计了活跃队列,将流记录按最近最少使用顺序排列,避免全流表遍历操作,降低了流老化检测的时间复杂度;最后,文章利用DPDK实现了基于流表优化方案的高速网络流重组系统,并对该流表优化方案的准确性和实时性进行了验证。实验结果表明,在网络带宽为10 Gbps时,丢包率为0.002%,能有效满足高速网络环境下网络安全分析的数据需求。In high-speed network environment, network traffic collection and reassembly is an important prerequisite for network security analysis. To meet the need of the accuracy and realtime requirement of network security analysis, a high-speed network flow reassembly optimization scheme is proposed in this paper. Firstly, a parallel mechanism of multi-flow tables is designed in the Hash-based flow table scheme, the load balancing problem of high-speed network flows distributed among multiple flow tables is solved by introducing feedback information into the distribution strategy of high-speed network flows. Secondly, in order to further reduce the overhead of flow aging detection, an active queue is designed in the flow table scheme. Records are arranged in the order of least recent usage, which could avoid full flow table traversal operation and reduce the time complexity of flow aging detection. Finally, a high-speed network flow reassembly system based on flow table optimization scheme is implemented by DPDK, and the accuracy and real-time performance of the flow table optimization scheme are verified. The experimental results show that when the network bandwidth is 10 Gbps, the packet loss rate is 0.002%, which can effectively meet the data requirements of network security analysis in high-speed network environment.

关 键 词：安全分析 流重组 多流表 活跃队列 负载均衡 

分 类 号：TP309[自动化与计算机技术—计算机系统结构]