論文使用權限 Thesis access permission:校內校外均不公開 not available
開放時間 Available:
校內 Campus:永不公開 not available
校外 Off-campus:永不公開 not available
博碩士論文 etd-0908104-150816 詳細資訊
Title page for etd-0908104-150816
論文名稱 Title |
利用NetFlow分析大型網路的使用行為及異常流量 Using NetFlow to Analyze Usage and Anomalies in Large Network |
||
系所名稱 Department |
|||
畢業學年期 Year, semester |
語文別 Language |
||
學位類別 Degree |
頁數 Number of pages |
33 |
|
研究生 Author |
|||
指導教授 Advisor |
|||
召集委員 Convenor |
|||
口試委員 Advisory Committee |
|||
口試日期 Date of Exam |
2004-07-19 |
繳交日期 Date of Submission |
2004-09-08 |
關鍵字 Keywords |
網路流量分析 Netflow, Traffic Analyze |
||
統計 Statistics |
本論文已被瀏覽 5684 次,被下載 0 次 The thesis/dissertation has been browsed 5684 times, has been downloaded 0 times. |
中文摘要 |
NetFlow 是網路設備輸出流量資訊的協定,為一廣泛受到支援的業界標準,本研究以NetFlow 資料為基礎,針對大型網路進行研究。第一部份是改進流量分析軟體Flow-tools,使其可以在合理的時間及資源內處理現在及未來龐大的流量資料。第二部份以台灣學術網路為例,分析使用者行為和異常流量,可做為容量規劃、互連協議、使用政策、網路安全,制定時重要的參考。 |
Abstract |
NetFlow is a de facto protocol to export information about IP flow from network device. In this paper, we describe the modification to the famous open source software Flow-tools which let it has the ability to process the large NetFlow data under reasonable time and resource in the first part. In second part, we propose a series network usage and anomalies analysis methods, using TANet as example. These analyses are useful for capacity planning, peering, security, usage policy enacting. |
目次 Table of Contents |
中文摘要..........2 英文摘要..........3 目錄..................4 圖表目錄..........5 1. 緒論..........6 1.1. 研究動機..................................................................................................................6 1.2. NetFlow定義...........................................................................................................7 1.3. NetFlow資料來源...................................................................................................8 1.4. 相關研究..................................................................................................................8 2. 對flow-tools 的改進.............................................................................................................13 2.1. 簡介........................................................................................................................13 2.2. 動機........................................................................................................................15 2.3. 瓶頸分析................................................................................................................16 2.3.1. 資料結構........................................................................................................16 2.3.2. Profiling .........................................................................................................16 2.4. 使用較多的Bucket ...............................................................................................16 2.5. 使用不同的Hash Function ...................................................................................20 2.6. 以Judy Array 取代第二層Hash...........................................................................21 3. 網路應用分析........................................................................................................................23 3.1. 動機........................................................................................................................23 3.2. FTP 協定分析........................................................................................................23 3.3. eDonkey 協定分析................................................................................................25 3.4. BitTorrent 協定分析..............................................................................................26 3.5. Heuristic 演算法....................................................................................................27 3.5.1. 判定依據........................................................................................................27 3.5.2. 驗證方法........................................................................................................ - 4 - 3.5.3. Pseudo Code...................................................................................................28 3.6. 結果比較................................................................................................................29 4. 結論與未來方向....................................................................................................................30 5. 參考文獻32 |
參考文獻 References |
Barford, P. and D. Plonka (2001). Characteristics of network traffic flow anomalies. ACM SIGCOMM Workshop on Internet Measurement Workshop, San Francisco, California, USA. Barford, P. and D. Plonka (2001). Inferring Client Experience From Flow-based Measurements. ACM SIGCOMM Internet Measurement Workshop. Caceres, R., N. G. Duffield, et al. (2000). Measurement and Analysis of IP Network Usage and Behavior. IEEE Communications Magazine. Claffy, K. C. (1994). Internet traffic characterization. Computer Science & Enginnering, University of California, San Diego. Cranor, C. D., E. Gansner, et al. (2001). Characterizing large DNS traces using graphs, ACM SIGCOMM Internet Measurement Workshop. Fritchie, S. L. (2003). A study of Erlang ETS table implementations and performance. ACM SIGPLAN Workshop on Erlang, Uppsala, Sweden, ACM Press. Fullmer, M. and S. Roming (2000). The OSU Flow-tools Package and Cisco NetFlow Logs. LISA. Karagiannis, T., A. Broido, et al. (2004). File-sharing in the Internet: A characterization of P2P traffic in the backbone . Networking. Plonka, D. (2000). FlowScan: A Network Traffic Flow Reporting and Visualization Tool. LISA. Rogers, J. and K. Christensen (2001). A Fluid-Flow Characterization of Internet1 and Internet2 Traffic. IEEE Conference on Local Computer Networks. GPROF: http://www.cs.utah.edu/dept/old/texinfo/as/gprof_toc.html FNV Hash: http://www.isthe.com/chongo/tech/comp/fnv/ NetFlow: http://www.switch.ch/tf-tant/floma/software.html#netflow |
電子全文 Fulltext |
本電子全文僅授權使用者為學術研究之目的,進行個人非營利性質之檢索、閱讀、列印。請遵守中華民國著作權法之相關規定,切勿任意重製、散佈、改作、轉貼、播送,以免觸法。 您的 IP(校外) 位址是 3.17.181.21 論文開放下載的時間是 校外不公開 Your IP address is 3.17.181.21 This thesis will be available to you on Indicate off-campus access is not available. |
紙本論文 Printed copies |
紙本論文的公開資訊在102學年度以後相對較為完整。如果需要查詢101學年度以前的紙本論文公開資訊,請聯繫圖資處紙本論文服務櫃台。如有不便之處敬請見諒。 開放時間 available 已公開 available |
QR Code |
國立中山大學 圖書與資訊處 │ 諮詢服務:2452 論文審查小組 │ 服務信箱 │ 系統開發維運:圖資處知識創新組
Office of Library and Information Services, National Sun Yat-sen University │ Contact Us : 2452 Thesis Format Review Team , Mail │ Development and operations : Knowledge Innovation Division, LIS