分散式網路流量偵測系統之IPFIX實現

在現今複雜的網路環境中，單點式的偵測系統，難以偵測發生於全網(Network-wide)下的網路異常行為，若將多個監測點的流量資訊，於網路管理中心分析其關聯性，能夠增加全網下的偵測能力。使用基於速寫演算法(Sketch)之流量監測，管理者可以將感興趣之流量摘要至一個精簡的資料結構中，其所需的資料量小，能夠有效地減少流量資訊傳輸於網路中所占的頻寬。本論文使用封包流(Flow)資訊傳輸標準 IPFIX ，利用其高度的彈性，以速寫演算法(Sketch)為核心，實現全網規模之網路流量變異偵測系統，使其能夠以全網的視野觀看全網下的網路流量，並偵測其流量變異，作為分散式偵測之雛型。在本論文中以真實流量驗證系統之功能性，並探討其效能。

關鍵字

IPFIX ；網路流量監測； Sketch

並列摘要

In a complex network environment, it is difficult to detect network-wide anomalies using single detection and monitoring system. Therefore, network operation center gathers measurement information from distributed monitoring nodes. The purpose is to provide a common experimental platform in order to increase the detection accuracy through better correlation and analysis on the traffic data network-wide. The thesis implements a monitoring system by extending a sketch-based traffic change detection system on NetFPGA with communication capability. Network operator can decide to summarize interested IP traffic flows into a compact sketch data structure for monitors distributed in the networks. These data structures are sent and collected in the centralized server through IPFIX protocol. The prototypes, both of the exporter and collector, are verified and tested by real traffic traces in the network testbed with performance presented.

並列關鍵字

IPFIX ； Network Traffic Measurement ； Sketch

參考文獻

[34] 周子瑜, “電腦網路流量變異偵測系統設計與探討,” 中原大學電機工程研究所, 2010.

[1] A. Lakhina, M. Crovella, and C. Diot, “Diagnosing network-wide traffic anomalies,” ACM SIGCOMM Computer Communication Review, vol. 34, no. 4, p. 219–230, 2004.

[2] M. W. Lucas, Network Flow Analysis. No Starch Press, 2010.

[4] “sFlow.org - making the network visible.” http://www.sflow.org/index.php.

[5] B. Trammell and E. Boschi, “An introduction to IP flow information export (IPFIX),” Communications Magazine, IEEE, vol. 49, no. 4, p. 89–95, 2011.

被引用紀錄

黃柏勳（2013）。應用OpenFlow於網路流量變異偵測之系統實現〔碩士論文，中原大學〕。華藝線上圖書館。https://doi.org/10.6840/cycu201300775

國際替代計量

分散式網路流量偵測系統之IPFIX實現

全文下載

主題瀏覽