【摘要】：流量回放作為在網絡靶場中產生流量的方法之一,有著不可取代的特性。它可以保證回放出的流量有著和真實網絡中的流量一樣的特征,這是其他方法所不具備的。目前,已有的流量回放方法大多是在單位時間內制造出大量的真實流量,從而丟失了回放流量在時間上的真實性。為了在目標網絡中產生與真實流量盡可能相似的網絡流量,包括報文個數、內容、交互順序和交互時間等,本文提出一種基于報文時序的多機互動回放方法。具體工作如下:首先,本文對現有的流量采集方法進行了優(yōu)化,采用了多點采集的思想。通過將真實網絡劃分為多個采集點,在各個采集點同時采集流量。該方法彌補了現有方法遺漏局域網內相互通信的流量的缺陷,提高了采集流量的完整性。此外,本文將零拷貝技術應用到流量采集方式中,提高了網卡捕包效率,減少了因網卡性能導致的丟包問題,從而保證回放出的流量與原始網絡更加相似。其次,本文設計了一種針對多點采集的數據處理方法,包括基于前綴樹的去重方法和基于上下文關系的修復方法。數據去重方法對前綴樹結構進行優(yōu)化使其更適用于數據流的去重操作,修復方法則是通過比較通信雙方發(fā)送報文的序列號和確認號之間的關系進行修復操作。本文分別對這兩種方法進行實驗,實驗結果證明該方法確實可以對流量進行去重和修復操作。然后,本文對現有回放算法進行優(yōu)化,提出一種基于報文時序的多機互動回放算法。將該算法與現有算法進行對比,實驗結果表明,當回放文件為18000個報文時,該算法回放出的流量在報文發(fā)送時間誤差方面是現有算法的1/20,并且本文提出的算法的時間誤差不會因為回放報文數目的增加而增加,現有算法則不具備此特性。此外,本文還在回放帶寬與網絡流速方面對該算法進行了逼真性實驗,129秒的回放時間內有4個數據點出現了誤差,準確率為97%,說明該算法產生的流量與原始流量非常相似。最后,基于上述的理論研究設計并實現了一個網絡流量回放的原型系統(tǒng)。通過對原型系統(tǒng)進行測試發(fā)現,該系統(tǒng)可以在占用少量機器資源的基礎上根據用戶配置進行流量采集和數據處理,然后根據輸入的流量文件在目標網絡中回放出與原始網絡極其相似的流量,產生與現實網絡相似的網絡環(huán)境,供實驗人員進行實驗和研究。
[Abstract]:As one of the methods to generate traffic in the network shooting range, traffic playback has irreplaceable characteristics. It can ensure that the outgoing traffic has the same characteristics as the traffic in the real network, which is not available in other methods. At present, most of the existing traffic playback methods produce a large number of real traffic per unit time, thus losing the authenticity of the playback traffic in time. In order to generate the network traffic as similar to the real traffic in the target network as much as possible, including the number of messages, content, interaction sequence and interaction time, a multi-computer interactive playback method based on message timing is proposed in this paper. The specific work is as follows: firstly, the existing traffic acquisition methods are optimized, and the idea of multi-point acquisition is adopted. By dividing the real network into multiple acquisition points, the traffic is collected at each acquisition point at the same time. This method makes up for the defect that the existing method omits the traffic that communicates with each other in the local area network (LAN), and improves the integrity of the collected traffic. In addition, the zero copy technology is applied to the traffic acquisition mode, which improves the packet trapping efficiency of the network card and reduces the packet loss problem caused by the performance of the network card, so as to ensure that the outgoing traffic is more similar to the original network. Secondly, this paper designs a data processing method for multi-point acquisition, including the weight removal method based on prefix tree and the repair method based on context relation. The data de-weight method optimizes the prefix tree structure to make it more suitable for the data stream reload operation, and the repair method is to repair the relationship between the serial number and the confirmation number of the message sent by both sides of the communication by comparing the relationship between the serial number and the confirmation number of the message sent by the two sides of the communication. In this paper, the two methods are tested, and the experimental results show that the method can indeed remove the flow and repair the flow. Then, this paper optimizes the existing playback algorithms and proposes a multi-computer interactive playback algorithm based on message timing. Compared with the existing algorithms, the experimental results show that when the playback files are 18000 packets, the traffic returned by the algorithm is 1 鈮，

本文編號：2479084