基于NDIS中間層驅(qū)動網(wǎng)絡(luò)監(jiān)測系統(tǒng)的研究與設(shè)計
發(fā)布時間:2018-10-23 20:13
【摘要】:隨著計算機網(wǎng)絡(luò)的普及和發(fā)展,網(wǎng)絡(luò)技術(shù)越來越成熟,網(wǎng)絡(luò)已經(jīng)成為日常生活不可或缺的一部分。因此,網(wǎng)絡(luò)安全監(jiān)控與管理就顯得特別重要。為了確保網(wǎng)絡(luò)的安全與可靠,尤其是在超大流量網(wǎng)絡(luò)環(huán)境下,提高網(wǎng)絡(luò)監(jiān)控與管理的效率和準(zhǔn)確性,具有十分重要的意義。 在網(wǎng)絡(luò)規(guī)模日益擴大、數(shù)據(jù)流量不斷增加的情況下,基于應(yīng)用層的封包截獲與分析常常會出現(xiàn)丟包漏包的現(xiàn)象,而且不能與64位操作系統(tǒng)兼容,因此無法滿足網(wǎng)絡(luò)安全管理與監(jiān)控的要求。 本文研究并設(shè)計出一種基于NDIS中間層驅(qū)動的網(wǎng)絡(luò)監(jiān)測系統(tǒng),該系統(tǒng)在Windows平臺下,采用基于鏈路層的封包截獲方法,,對中間層驅(qū)動框架Passthru進行擴展,來抓取數(shù)據(jù)包。在Windows內(nèi)核層利用共享內(nèi)存的方法,和本文設(shè)計的數(shù)據(jù)結(jié)構(gòu)將數(shù)據(jù)包批量傳輸?shù)綉?yīng)用層進行處理,以減少數(shù)據(jù)的拷貝次數(shù)和傳輸時間,從而提高數(shù)據(jù)包抓取的效率;應(yīng)用層利用多核多線程技術(shù)和MongoDB數(shù)據(jù)庫進行數(shù)據(jù)的高速存儲,有效減少了數(shù)據(jù)包分析過程中的丟包率。另外,本文還設(shè)計了HTTP數(shù)據(jù)包重組算法,將網(wǎng)絡(luò)分包進行重組與分析,通過還原數(shù)據(jù)包的完整信息,來增加網(wǎng)絡(luò)監(jiān)控系統(tǒng)的監(jiān)管范圍。 為了驗證本文所設(shè)計的系統(tǒng)和算法的有效性,本文通過自行組建的具有一定規(guī)模的網(wǎng)絡(luò)進行了測試,實驗結(jié)果表明:本文所設(shè)計的系統(tǒng)較傳統(tǒng)的網(wǎng)絡(luò)封包截獲與分析系統(tǒng),在效率上有了較明顯的提高,與此同時,系統(tǒng)也提高了數(shù)據(jù)包重組的準(zhǔn)確度。
[Abstract]:With the popularization and development of computer network, network technology is more and more mature, network has become an indispensable part of daily life. Therefore, network security monitoring and management is particularly important. In order to ensure the security and reliability of the network, especially in the environment of large traffic network, it is of great significance to improve the efficiency and accuracy of network monitoring and management. With the increasing scale of network and increasing data flow, packet interception and analysis based on application layer often occur the phenomenon of packet missing, and it can not be compatible with 64-bit operating system. Therefore, it can not meet the requirements of network security management and monitoring. This paper studies and designs a kind of network monitoring system based on NDIS intermediate layer driver. Under the Windows platform, the system uses the method of packet interception based on link layer to extend the middle layer driver frame Passthru to capture data packets. The method of using shared memory in the Windows kernel layer and the data structure designed in this paper can transfer the data packets in batches to the application layer for processing, in order to reduce the number of copies of data and the transmission time, thus improving the efficiency of packet capture. The application layer uses multi-core multi-thread technology and MongoDB database to store data at high speed, which effectively reduces the packet loss rate in the process of packet analysis. In addition, this paper also designs the HTTP packet recombination algorithm, reorganizes and analyzes the network subcontract, and increases the supervision scope of the network monitoring system by restoring the complete information of the data packet. In order to verify the validity of the system and algorithm designed in this paper, the system is tested by the self-built network with a certain scale. The experimental results show that the system designed in this paper is more effective than the traditional network packet interception and analysis system. At the same time, the system also improves the accuracy of packet recombination.
【學(xué)位授予單位】:天津理工大學(xué)
【學(xué)位級別】:碩士
【學(xué)位授予年份】:2014
【分類號】:TP393.08
本文編號:2290342
[Abstract]:With the popularization and development of computer network, network technology is more and more mature, network has become an indispensable part of daily life. Therefore, network security monitoring and management is particularly important. In order to ensure the security and reliability of the network, especially in the environment of large traffic network, it is of great significance to improve the efficiency and accuracy of network monitoring and management. With the increasing scale of network and increasing data flow, packet interception and analysis based on application layer often occur the phenomenon of packet missing, and it can not be compatible with 64-bit operating system. Therefore, it can not meet the requirements of network security management and monitoring. This paper studies and designs a kind of network monitoring system based on NDIS intermediate layer driver. Under the Windows platform, the system uses the method of packet interception based on link layer to extend the middle layer driver frame Passthru to capture data packets. The method of using shared memory in the Windows kernel layer and the data structure designed in this paper can transfer the data packets in batches to the application layer for processing, in order to reduce the number of copies of data and the transmission time, thus improving the efficiency of packet capture. The application layer uses multi-core multi-thread technology and MongoDB database to store data at high speed, which effectively reduces the packet loss rate in the process of packet analysis. In addition, this paper also designs the HTTP packet recombination algorithm, reorganizes and analyzes the network subcontract, and increases the supervision scope of the network monitoring system by restoring the complete information of the data packet. In order to verify the validity of the system and algorithm designed in this paper, the system is tested by the self-built network with a certain scale. The experimental results show that the system designed in this paper is more effective than the traditional network packet interception and analysis system. At the same time, the system also improves the accuracy of packet recombination.
【學(xué)位授予單位】:天津理工大學(xué)
【學(xué)位級別】:碩士
【學(xué)位授予年份】:2014
【分類號】:TP393.08
【參考文獻】
相關(guān)期刊論文 前10條
1 高升;陳興蜀;王文賢;郭東軍;;基于NDIS的數(shù)據(jù)包安全傳輸模型[J];電子科技大學(xué)學(xué)報;2007年S3期
2 高光勇;;網(wǎng)絡(luò)封包截獲技術(shù)及一種簡易防火墻的研究[J];福建電腦;2007年09期
3 陳知新;張智勇;施游;;一種基于NDIS中間層驅(qū)動的園區(qū)網(wǎng)流量控制方案[J];湖南師范大學(xué)自然科學(xué)學(xué)報;2010年01期
4 郭興陽,高峰,唐朝京;一種NDIS中間層數(shù)據(jù)包過濾方法[J];計算機工程;2004年17期
5 楊智君;馬駿驍;田地;周斌;;基于NDIS的IP安全協(xié)議的研究與實現(xiàn)[J];計算機工程;2007年22期
6 楊志程;舒輝;董衛(wèi)宇;;基于NDIS隱蔽通信技術(shù)的木馬病毒分析[J];計算機工程;2008年10期
7 李曉鶯,曾啟銘;NDIS網(wǎng)絡(luò)驅(qū)動程序的研究與實現(xiàn)[J];計算機應(yīng)用;2002年04期
8 劉炎,馮穗力,葉梧,徐宇強;WDM/NDIS網(wǎng)絡(luò)驅(qū)動程序?qū)崿F(xiàn)方法的研究[J];計算機應(yīng)用研究;2001年08期
9 高澤勝,陶宏才;基于NDIS-HOOK與SPI的個人防火墻研究與設(shè)計[J];計算機應(yīng)用研究;2004年11期
10 侯功華;趙遠(yuǎn)東;;基于NDIS中間層的包過濾的研究與設(shè)計[J];微計算機信息;2006年36期
本文編號:2290342
本文鏈接:http://sikaile.net/guanlilunwen/ydhl/2290342.html
最近更新
教材專著
