論文使用權限 Thesis access permission:校內校外均不公開 not available
開放時間 Available:
校內 Campus:永不公開 not available
校外 Off-campus:永不公開 not available
論文名稱 Title |
基於Linux Netfilter的通訊協定分類器之設計與實作 The Design and Implementation of Protocol Classifier based on Linux Netfilter |
||
系所名稱 Department |
|||
畢業學年期 Year, semester |
語文別 Language |
||
學位類別 Degree |
頁數 Number of pages |
54 |
|
研究生 Author |
|||
指導教授 Advisor |
|||
召集委員 Convenor |
|||
口試委員 Advisory Committee |
|||
口試日期 Date of Exam |
2006-07-29 |
繳交日期 Date of Submission |
2006-09-10 |
關鍵字 Keywords |
應用程式層級特徵、線上分類應用程式流量、流量分析 Linux Netfilter, Traffic Analysis, Application-level Signatures, Online Application Classification |
||
統計 Statistics |
本論文已被瀏覽 5678 次,被下載 0 次 The thesis/dissertation has been browsed 5678 times, has been downloaded 0 times. |
中文摘要 |
隨者網路的普及以及使用者的增加,網路頻寬管理的問題就日漸重要。面對網路頻寬管理的問題,首要的就是先了解目前網路上的流量是屬於何種應用,再來才是根據網路管理的需求,針對各種網路應用來限制或管理頻寬。 以往用來辨識流量屬於何種應用的方法是使用port-based的方式,根據各種網路服務應用所使用的TCP預設埠號(Well-known port)來辨識流量,以HTTP為例,只要是出現在port 80上的流量都歸類為HTTP的流量。早期的網路服務應用使用此方式便足以辨別,但近年來由於Peer-to-Peer應用軟體的興起並且為了躲避以port-based為主的流量管理,都已漸漸改以隨機埠號為主,因此使用port-based的方式來辨識流量早已不敷使用。為了更準確的辨識流量,本研究所實作content-based的方式比對特徵來做為辨識的依據,更進一步的我們也分析了其他的content-based的通訊協定分類器,比較其優缺點及準確性。另外本系統提供了驗證程式,可透過及時的連線測試方式驗證通訊協定分類器的結果。 |
Abstract |
The management of network bandwidth is more important along with the population growth of Internet. For the issue of network bandwidth management the first thing needs to be done is to analyze network traffic belongs to which protocol. And then we can restrict the usage of network bandwidth accroding to the mangement policy. The mean used to identify network traffic in the past is port-based one which based on the well-known default port number of application protocols. For example, the Hyper-Text Transfer Protocol (HTTP) uses port number 80 as his default port, therefor we could classify traffic which appears in port 80 as HTTP traffic. It is not enough for applications in our own day, especilly the Peer-to-Peer application that used random port number as his default port in order to evade the port-based classifiaction. In order to conquer the issue described above we developed a content-based protocol classifier which inspects the payload of packets. We also compared our system with other content-based protocol classifiers. In addition, we also provided a verification tool which verifies the result of protocol classifier by connecting to the host and testing the hehavior of specific application. |
目次 Table of Contents |
第1章緒論 第1.1節研究動機 第1.2節研究目標 第1.3節章節導讀 第2章知識背景及相關研究探討 第2.1節知識背景 第2.2節相關研究探討 第2.3節Netfilter/iptables 第2.4節Content-based Protocol Classifier 第3章系統設計 第3.1節新增的Netfilter Hook – Promiscuous Hook 第3.2節我們所發展Protocol Classifier – OurClassifier 第3.3節匯出比對結果的程式 第3.4節連線測試程式 – Protocol Probe 第4章實驗數據的測量與分析 第4.1節On-Line的測量方式 第4.2節Off-line的測量方式 第5章結論與未來方向 第5.1節結論 第5.2節未來方向 第6章參考文獻 |
參考文獻 References |
[1] BSD, http://www.bsd.org/. [2] Cisco Netflow, http://www.cisco.com/en/US/tech/tk812/tsd_technology_support_protocol_home.html. [3] Ipfwadm System, ftp://ftp.xos.nl/pub/linux/ipfwadm/. [4] IPP2P, http://www.ipp2p.org/. [5] L7-filter, http://l7-filter.sourceforge.net/. [6] Linux, http://www.linux.org/. [7] Linux IP Firewalling Chains, http://people.netfilter.org/~rusty/ipchains/. [8] Netfilter, http://www.netfilter.org/. [9] RFC 3549 - Linux Netlink as an IP Services Protocol, http://www.rfc-archive.org/getrfc.php?rfc=3549. [10] Supported Protocols of L7-filter, http://l7-filter.sourceforge.net/protocols. [11] Tcpdump/Libpcap, http://www.tcpdump.org/. [12] A. Spognardi, A. Lucarelli, and R. Di Pietro, "A Methodology for P2P File-Sharing Traffic Detection", HOT-P2P'05, page(s):51-62, July, 2005. [13] C. S. Yang, P. C. Wu, "A Fast Multi-pattern Matching Algorithm for Network Processor", National Sun Yat-sen University, Department of Computer Science and Engineering, Master Thesis [Unpublished]. [14] K. Wehrle, F. Pahlke, H. Ritter, D. Muller, M. Bechler, " The Linux Networking Architecture: Design and Implementation of Network Protocols in the Linux Kernel", 2004, ISBN:0131777203, Prentice Hall. [15] Robert S. Boyer, J. Strother Moore, "A fast string searching algorithm", Communications of the ACM, page(s):762-772, Oct, 1977. [16] S. McCanne, V. Jacobson, "The BSD Packet Filter:A New Architecture for User-level Packet Capture", 1993 Winter USENIX conference, page(s):259-270, Jan, 1993. [17] S. Sen, O. Spatscheck, D. Wang, "Accurate, Scalable In-Network Identification of P2P Traffic Using Application Signatrues", WWW'04, page(s):512-521, May, 2004. [18] S. Wu, U. Manber, "A Fast Algorithm for Multi-pattern Searching", 1994, Technical Report. [19] T. Karagiannis, A. Broido, N. Brownlee, K. Claffy, M. Faloutsos, "Is P2P dying or just hiding ?", GLOBECOM'04, page(s):1532-1538, Nov, 2004. |
電子全文 Fulltext |
本電子全文僅授權使用者為學術研究之目的,進行個人非營利性質之檢索、閱讀、列印。請遵守中華民國著作權法之相關規定,切勿任意重製、散佈、改作、轉貼、播送,以免觸法。 論文使用權限 Thesis access permission:校內校外均不公開 not available 開放時間 Available: 校內 Campus:永不公開 not available 校外 Off-campus:永不公開 not available 您的 IP(校外) 位址是 3.14.70.203 論文開放下載的時間是 校外不公開 Your IP address is 3.14.70.203 This thesis will be available to you on Indicate off-campus access is not available. |
紙本論文 Printed copies |
紙本論文的公開資訊在102學年度以後相對較為完整。如果需要查詢101學年度以前的紙本論文公開資訊,請聯繫圖資處紙本論文服務櫃台。如有不便之處敬請見諒。 開放時間 available 已公開 available |
QR Code |