路由器級(jí)分布式網(wǎng)絡(luò)拓?fù)浒l(fā)現(xiàn)技術(shù)研究
發(fā)布時(shí)間:2018-08-28 17:05
【摘要】:分布式網(wǎng)絡(luò)拓?fù)浒l(fā)現(xiàn)是進(jìn)行非授權(quán)目標(biāo)網(wǎng)絡(luò)路由器級(jí)拓?fù)浒l(fā)現(xiàn)的主要方式之一,在網(wǎng)絡(luò)拓?fù)浒l(fā)現(xiàn)研究領(lǐng)域扮演了十分重要的角色。相對(duì)于單點(diǎn)式網(wǎng)絡(luò)拓?fù)浒l(fā)現(xiàn),分布式網(wǎng)絡(luò)拓?fù)浒l(fā)現(xiàn)能夠獲取更豐富的路由接口和鏈接信息,擴(kuò)大網(wǎng)絡(luò)拓?fù)浒l(fā)現(xiàn)范圍。另一方面,分布式網(wǎng)絡(luò)拓?fù)浒l(fā)現(xiàn)會(huì)產(chǎn)生更多的探測(cè)冗余,導(dǎo)致拓?fù)浒l(fā)現(xiàn)效率低下,且易被目標(biāo)網(wǎng)絡(luò)安全設(shè)備誤判為DDo S攻擊。因此,在盡可能擴(kuò)大拓?fù)浒l(fā)現(xiàn)范圍的同時(shí)降低探測(cè)冗余成為了路由器級(jí)分布式網(wǎng)絡(luò)拓?fù)浒l(fā)現(xiàn)的重要問題。分布式網(wǎng)絡(luò)拓?fù)浒l(fā)現(xiàn)技術(shù)主要由探測(cè)目的點(diǎn)選取、探測(cè)源選取和探測(cè)策略組成,本文遵循從方法評(píng)價(jià)到方法設(shè)計(jì)的思路,基于路由器級(jí)分布式網(wǎng)絡(luò)拓?fù)浒l(fā)現(xiàn)的效能因素建立了拓?fù)浒l(fā)現(xiàn)評(píng)價(jià)指標(biāo),研究了探測(cè)目的點(diǎn)、探測(cè)源和探測(cè)策略對(duì)網(wǎng)絡(luò)拓?fù)浒l(fā)現(xiàn)效能的影響,給出了分布式網(wǎng)絡(luò)拓?fù)浒l(fā)現(xiàn)方案,為路由器級(jí)分布式網(wǎng)絡(luò)拓?fù)浒l(fā)現(xiàn)實(shí)施提供了必要的理論參考。本文主要工作如下:(1)基于路由器級(jí)分布式網(wǎng)絡(luò)拓?fù)浒l(fā)現(xiàn)的完整性與高效性,建立了六個(gè)評(píng)價(jià)指標(biāo),制定了測(cè)試與評(píng)價(jià)方法,為拓?fù)浒l(fā)現(xiàn)技術(shù)評(píng)價(jià)提供了依據(jù)。(2)設(shè)計(jì)了基于樁網(wǎng)絡(luò)發(fā)現(xiàn)的探測(cè)目的點(diǎn)選取法。該方法通過少量預(yù)先探測(cè)發(fā)現(xiàn)目標(biāo)網(wǎng)絡(luò)中所有樁網(wǎng)絡(luò),采用隨機(jī)抽樣方法進(jìn)行探測(cè)目的點(diǎn)選取。之后,從理論上證明了所選取的探測(cè)目的點(diǎn)集合為最小完備探測(cè)目的點(diǎn)集合。仿真實(shí)驗(yàn)結(jié)果表明,用該方法選出的探測(cè)目的點(diǎn)在不超過目標(biāo)網(wǎng)絡(luò)中地址總數(shù)0.65%的情況下,即可將路由接口完整度和路由鏈接發(fā)現(xiàn)完整度分別提高至97%和91%以上,比現(xiàn)有方法平均提高了約16%和20%。(3)提出了最大綜合散列度探測(cè)源選取法。定義了綜合散列度來量化探測(cè)源間邏輯距離,仿真實(shí)驗(yàn)結(jié)果說明了綜合散列度越大的探測(cè)源組合所發(fā)現(xiàn)的拓?fù)浞秶綇V;對(duì)混合遺傳模擬退火算法進(jìn)行了特殊定制,以篩選出綜合散列度最大的探測(cè)源組合。仿真實(shí)驗(yàn)結(jié)果表明,相較于其他方法,最大綜合散列度探測(cè)源選取法可將路由接口和路由鏈接發(fā)現(xiàn)總值平均提高約12%和18%。(4)設(shè)計(jì)了基于回轉(zhuǎn)探測(cè)的漸進(jìn)式拓?fù)涮綔y(cè)策略。在優(yōu)化Doubletree算法停止集的基礎(chǔ)上,提出了Countree算法,并設(shè)計(jì)了基于探測(cè)源分組的回轉(zhuǎn)探測(cè)模式來實(shí)施Countree探測(cè)。仿真實(shí)驗(yàn)結(jié)果說明了該策略可以有效解決Doubletree算法的拓?fù)溥z漏問題,相比全探測(cè),將探測(cè)冗余率減少了60%以上,同時(shí)將路由接口完整度與路由鏈接發(fā)現(xiàn)完整度均提高到90%以上。在探測(cè)冗余率平均低于18%的情況下,相比Doubletree算法,該策略將路由接口和路由鏈接發(fā)現(xiàn)完整度均提高了20%以上,探測(cè)源間通信次數(shù)降低了約50%,探測(cè)源間通信總量減少了約80%。(5)提出了DSP網(wǎng)絡(luò)拓?fù)浒l(fā)現(xiàn)方案。將路由器級(jí)分布式網(wǎng)絡(luò)拓?fù)浒l(fā)現(xiàn)劃分為三個(gè)階段,即探測(cè)目的點(diǎn)集合選取階段、探測(cè)源集合選取階段以及拓?fù)涮綔y(cè)實(shí)施階段,并分別配置基于樁網(wǎng)絡(luò)發(fā)現(xiàn)的探測(cè)目的點(diǎn)選取法、最大綜合散列度探測(cè)源選取法和基于回轉(zhuǎn)探測(cè)的漸進(jìn)式拓?fù)涮綔y(cè)策略。仿真實(shí)驗(yàn)結(jié)果表明,本方案與現(xiàn)有方案相比,在網(wǎng)絡(luò)拓?fù)浒l(fā)現(xiàn)的完整性與高效性上均有顯著提升,具有更高的效能。
[Abstract]:Distributed network topology discovery is one of the main approaches to route-level topology discovery in unauthorized target networks and plays an important role in the field of network topology discovery. On the other hand, distributed network topology discovery can produce more detection redundancy, which leads to inefficient topology discovery and is easily misjudged as a DDo S attack by the target network security device. Problem. Distributed network topology discovery technology mainly consists of detection destination selection, detection source selection and detection strategy. Following the idea from method evaluation to method design, this paper establishes the evaluation index of topology discovery based on the efficiency factor of router-level distributed network topology discovery, and studies the detection destination, detection source and detection. The main work of this paper is as follows: (1) Based on the completeness and efficiency of router-level distributed network topology discovery, six evaluation indexes are established and formulated. Testing and evaluation methods are given, which provide a basis for the evaluation of topology discovery technology. (2) A method of detecting destination selection based on pile network discovery is designed. The simulation results show that the routing interface integrity and routing link discovery integrity can be improved to 97% and 91% respectively under the condition that the total number of addresses in the target network is not more than 0.65%, which is an average increase of 16% compared with the existing methods. And 20%. (3) The method of selecting probes with maximum synthetic hash is proposed. The comprehensive hash is defined to quantify the logical distance between probes. The simulation results show that the larger the comprehensive hash is, the wider the topological range of probes is. The hybrid genetic simulated annealing algorithm is specially customized to select the most comprehensive hash. Simulation results show that compared with other methods, the total value of route interface and route link discovery can be increased by 12% and 18%. (4) A progressive topology detection strategy based on rotation detection is designed. The simulation results show that this strategy can effectively solve the problem of topological omission in Doubletree algorithm. Compared with full detection, the detection redundancy rate is reduced by more than 60%, and the integrity of routing interface and routing link discovery are both reduced. Compared with Doubletree algorithm, this strategy improves the integrity of routing interface and routing link discovery by more than 20%, reduces the number of communication between probing sources by about 50%, and decreases the total amount of communication between probing sources by about 80%. (5) A DSP network topology discovery scheme is proposed. Distributed network topology discovery can be divided into three stages, i.e. detection destination selection stage, detection source selection stage and topology detection implementation stage. Detection destination selection method based on pile network discovery, maximum comprehensive hash detection source selection method and progressive topology detection strategy based on rotation detection are respectively configured. Simulation results show that compared with existing schemes, the proposed scheme can significantly improve the integrity and efficiency of network topology discovery, and has higher efficiency.
【學(xué)位授予單位】:解放軍信息工程大學(xué)
【學(xué)位級(jí)別】:碩士
【學(xué)位授予年份】:2014
【分類號(hào)】:TN915.05
本文編號(hào):2210022
[Abstract]:Distributed network topology discovery is one of the main approaches to route-level topology discovery in unauthorized target networks and plays an important role in the field of network topology discovery. On the other hand, distributed network topology discovery can produce more detection redundancy, which leads to inefficient topology discovery and is easily misjudged as a DDo S attack by the target network security device. Problem. Distributed network topology discovery technology mainly consists of detection destination selection, detection source selection and detection strategy. Following the idea from method evaluation to method design, this paper establishes the evaluation index of topology discovery based on the efficiency factor of router-level distributed network topology discovery, and studies the detection destination, detection source and detection. The main work of this paper is as follows: (1) Based on the completeness and efficiency of router-level distributed network topology discovery, six evaluation indexes are established and formulated. Testing and evaluation methods are given, which provide a basis for the evaluation of topology discovery technology. (2) A method of detecting destination selection based on pile network discovery is designed. The simulation results show that the routing interface integrity and routing link discovery integrity can be improved to 97% and 91% respectively under the condition that the total number of addresses in the target network is not more than 0.65%, which is an average increase of 16% compared with the existing methods. And 20%. (3) The method of selecting probes with maximum synthetic hash is proposed. The comprehensive hash is defined to quantify the logical distance between probes. The simulation results show that the larger the comprehensive hash is, the wider the topological range of probes is. The hybrid genetic simulated annealing algorithm is specially customized to select the most comprehensive hash. Simulation results show that compared with other methods, the total value of route interface and route link discovery can be increased by 12% and 18%. (4) A progressive topology detection strategy based on rotation detection is designed. The simulation results show that this strategy can effectively solve the problem of topological omission in Doubletree algorithm. Compared with full detection, the detection redundancy rate is reduced by more than 60%, and the integrity of routing interface and routing link discovery are both reduced. Compared with Doubletree algorithm, this strategy improves the integrity of routing interface and routing link discovery by more than 20%, reduces the number of communication between probing sources by about 50%, and decreases the total amount of communication between probing sources by about 80%. (5) A DSP network topology discovery scheme is proposed. Distributed network topology discovery can be divided into three stages, i.e. detection destination selection stage, detection source selection stage and topology detection implementation stage. Detection destination selection method based on pile network discovery, maximum comprehensive hash detection source selection method and progressive topology detection strategy based on rotation detection are respectively configured. Simulation results show that compared with existing schemes, the proposed scheme can significantly improve the integrity and efficiency of network topology discovery, and has higher efficiency.
【學(xué)位授予單位】:解放軍信息工程大學(xué)
【學(xué)位級(jí)別】:碩士
【學(xué)位授予年份】:2014
【分類號(hào)】:TN915.05
【參考文獻(xiàn)】
相關(guān)期刊論文 前4條
1 喬宏;張大方;曾彬;李明偉;韓健;;基于改進(jìn)DoubleTree算法的網(wǎng)絡(luò)拓?fù)浒l(fā)現(xiàn)方法[J];計(jì)算機(jī)工程與科學(xué);2010年04期
2 莊鎖法;龔儉;;網(wǎng)絡(luò)拓?fù)浒l(fā)現(xiàn)綜述[J];計(jì)算機(jī)技術(shù)與發(fā)展;2007年10期
3 姜譽(yù);何松;;Internet路由器級(jí)拓?fù)錅y(cè)量中目標(biāo)選擇方法研究[J];通信學(xué)報(bào);2006年02期
4 張宏莉,方濱興,胡銘曾,姜譽(yù),詹春艷,張樹峰;Internet測(cè)量與分析綜述[J];軟件學(xué)報(bào);2003年01期
,本文編號(hào):2210022
本文鏈接:http://sikaile.net/kejilunwen/wltx/2210022.html
最近更新
教材專著
