网络TCP数据流重组技术研究

在网络安全研究领域,数据流重组是一项关键技术,它广泛应用于入侵检测、网络测量、防火墙设计、网络监控管理系统等方面.TCP协议是建立高可靠性数据传输的基础,TCP会话重组也是数据流重组研究的重点.为适应当前高速大流量网络的安全需求,必须利用更加高效的TCP会话数据流重组技术来克服传统基于数据包模式匹配技术的缺陷.     

一种高效的TCP会话数据流重组算法及应用

在网络行为管理系统中,当数据包以TCP流方式在网络上传输时,传统的基于数据包的模式匹配算法已无法满足需要.对此提出了一种高效的TCP会话数据流重组算法,详细论述了多连接管理、重复报文处理以及无序报文处理等重组过程中出现问题的解决方法,并利用此算法实现了FTP协议数据包的截获与分析.通过与Libnids库相比较,试验结果表明,该算法更具效率和稳定性.     

TCP稳态流中慢启动序列对吞吐量性能的影响

在计算TCP稳态数据流吞吐量时一般都忽略了由于分组丢失而形成的各个慢启动阶段。在考虑TCP稳态数据流中慢启动序列的情况下,对Padhye的经典TCP稳态数据流模型进行了扩展。通过将Padhye的模型与扩展后的模型作比较,证明了在使用Padhye的模型作为多媒体流量控制模型时忽略超时后慢启动阶段的可行性和正确性。     

一种改进的TCP稳态流吞吐量模型及其性能分析

根据对Internet上TCP稳态数据流的实测分析,在Padhye模型的基础上,本文提出了一种改进的TCP稳态数据流模型。该模型不仅考虑了三次重复应答和超时事件对TCU稳态流吞吐量的影响,而且还充分考虑了超时后慢启动过程的影响。文中给出了改进模型与实测结果的分析比较,表明改进的模型能更好地预测实际TCP数据流的吞吐量性能。最后,本文还分析了模型的几个主要参数对TCP吞吐量性能的影响。     

基于HASH表和SYN计算的TCP包重组方法

本文提出一种基于HASH表和SYN计算的TCP会话重组方法,它利用 HASH表快速定位的特征和TCP包头中的SYN号进行多连接TCP会话重组,可解决IP数据包非按序到达和 TCP数据包重传问题。     

一种光传送网中包重组电路的设计与实现

在光传送网交换中,为了解决将切割的离散数据流重新组成连续的数据流传输的问题,设计了一种包重组电路。采用自顶而下的设计方法实现数据重组过程,根据重组数据包请求完成包数据重组,解决了重组过程中剩余字节的问题。采用硬件描述语言实现该电路,同时进行了功能仿真和逻辑综合。仿真结果表明,该电路满足设计要求,能够实现数据包重组。     

流量/拥塞控制技术研究

流量/拥塞控制的基本目的是以分布处理的方式有效地控制结点间的数据流,从而避免网络中出现拥塞。拥塞控制相应的控制策略称为拥塞控制算法(协议)。简述了Internet上基于TCP/IP的拥塞控制机制,分析和比较了TCP/IP上具体实现算法的稳定性,讨论了TCP/IP拥塞控制所面临的问题。     

利用区间管理算法实现的TCP流重组技术

流量分片重组技术作为获取网络流量的基础技术之一,在网络空间的复杂情况下,一直都有各种各样的局限性。针对大流量高并发场景的传输控制协议（Transport Control Protocol,TCP）流量重组需求,详细调研了主流的分片重组技术的优缺点,拓展了适用于数据报文的区间管理算法,对TCP流重组流程进行优化,解决了目前在大流量高并发场景下,TCP流重组效率低、重组完整度不足的问题。     

Snort入侵检测系统中TCP流重组的研究

文章通过分析Snort入侵检测系统的源代码,剖析了snort入侵检测系统的TCP流重组的原理及实现,给出了相关数据结构和算法流程,介绍了针对流重组模块的攻击及Snort对此的防御策略,最后指出现有TCP流重组技术几点不足及若干新的研究方向。     

数据流的活动队列管理算法:MBLUE

MBLUE(Modified BLUE)是一种面向数据流的活动队列管理算法.它不是使用平均队列长度指示缓冲区拥塞状态,而是使用数据报丢弃的频率和队列空闲程度来管理网络拥塞.探测瓶颈连接早期的拥塞信息,通过数据报的丢弃和标记避免拥塞.它只维护一个先进先出队列,以较少的数据流状态信息,在不同流之间公平的分配网络带宽.能够适应瞬时的猝发流,能合理控制非TCP数据流,又能够保持较短的平均队列长度,从而控制、减轻网络拥塞.通过TCP/IP网络的模拟,证实算法在公平的分配网络带宽和降低数据报的丢失率上具有较好的鲁棒性.     

基于Libnids库的Internet网络协议还原系统研究

近年来,互联网的规模呈现爆炸性增长,骨干网通信带宽达到了千兆甚至万兆,因此保护互联网的安全变得越来越重要。网络安全领域的各种产品如防火墙、入侵检测系统都是基于对网络数据的分析和预测而开发的,而截获和还原数据的协议还原技术成为设计这些网络安全产品的基石。文章研究并实现了基于Libnids库的Internet网络协议还原系统,该系统利用旁路数据链路帧的方式捕获数据包,借鉴Linux内核的实现方法进行IP分片组装和TCP流重组,有效实现了网络信息内容监控。该系统可以根据需要加入扩展模块,可根据需要还原多种应用层数据。     

基于UDP的大数据包可靠传输

为了很好地满足战术训练模拟器对网络数据实时性和可靠性的要求,提出AUDP(Augme nted UDP)模型。该模型在程序的应用层,通过增加用于可靠传输的协议头,采用智能重发 机制、大数据包智能分包重组机制、多线程数据处理机制,实现了数据高效可靠地传输。同 时,从原理和实验数据详细比较了AUDP与TCP和普通UDP方法之间的差别,分析了各自的优缺 点。实验数据表明,传输小于50 kbyte时,AUDP的效率要高于TCP约20%;而在一次性传输的 数据大于3 Mbyte时,TCP的效率要高。结果说明AUDP比较适合战术训练模拟器网络通信需要 。     

Identifying online traffic based on property of TCP flow

Classification of network traffic using port-based or payload-based analysis is becoming increasingly difficult when many applications use dynamic port numbers, masquerading techniques, and encryption to avoid detection. In this article, an approach is presented for online traffic classification relying on the observation of the first n packets of a transmission control protocol (TCP) connection. Its key idea is to utilize the properties of the observed first ten packets of a TCP connection and Bayesian network method to build a classifier. This classifier can classify TCP flows dynamically as packets pass through it by deciding whether a TCP flow belongs to a given application. The experimental results show that the proposed approach performs well in online Internet traffic classification and that it is superior to naive Bayesian method.     

Towards end-host-based identification of competing protocols against TCP in a bottleneck link

Classical Transmission Control Protocol (TCP) designs have never considered the identity of the competing transport protocol as useful information to TCP sources in congestion control mechanisms. When competing against a TCP flow on a bottleneck link, a User Datagram Protocol (UDP) flow can unfairly occupy the entire link bandwidth and suffocate all TCP flows on the link. If it were possible for a TCP source to know the type of transport protocol that deprives it of link access, perhaps it would be better for the TCP source to react in a way which prevents total starvation. In this paper, we use coefficient of variation and power spectral density of throughput traces to identify the presence of UDP transport protocols that compete against TCP flows on bottleneck links. Our results show clear traits that differentiate the presence of competing UDP flows from TCP flows independent of round-trip times variations. Signatures that we identified include an increase in coefficient of variation whenever a competing UDP flow joins the bottleneck link for the first time, noisy spectral density representation of a TCP flow when competing against a UDP flow in the bottleneck link, and a dominant frequency with outstanding power in the presence of TCP competition only. In addition, the results show that signatures for congestion caused by competing UDP flows are different from signatures due to congestion caused by competing TCP flows regardless of their round-trip times. The results in this paper present the first steps towards development of more ’intelligent’ congestion control algorithms with added capability of knowing the identity of aggressor protocols against TCP, and subsequently using this additional information for rate control.     

服务质量QoS在A2动态数据传输中的应用

在基于TCP/IP原理的企业网中,所有的数据包都是根据所谓尽力(Best-Effort)的原则传送的,同等对待所有的网络数据流,并不保证某一特殊的数据流会受到特殊的转发待遇。当网络带宽充裕的时候,所有的数据流都得到了较好的处理,当网络拥塞发生的时候,所有的数据流都有可能被丢弃。在实际应用中应该重点保障生产业务流程数据的稳定、高效传输,视频数据的流畅播放,QoS能够更合理地利用有限的带宽资源,实现工作中的要求,为不同的应用需求提供不同等级的服务。     

移动互联网TCP性能精细化评估方法研究

移动网络中数据传输流量与速率与日俱增,如何评估数据业务传输过程中TCP的性能成为运营商研究的重点。主要提出了一种TCP性能评估的方法,该方法除了对于TCP连接过程中的连接时延,数据包重传问题进行了统计以外,还对TCP的实时统计速率进行了相应的算法改进,即符合移动互联网用户数据流量使用规律的统计方法,其最大的特点在于消除静默时间内均化速率造成的不准确性。此外,在移动网络实验环境下对本评估方法进行测试,对比了传统的整体化性能评估方法,精细化的评估方法在牺牲一定内存消耗的条件下,提升了TCP性能统计的精确性。     

The dual flow control problem of TCP over ATM ABR services

In this paper, we investigate the dual control problem—TCP flow control at the TCP layer and ABR flow control at the ATM layer. First, we observe that TCP flow control and ABR flow control cannot co‐operate well. The worst case is that the slow start after packet loss causes high but unused ACR (Allowed Cell Rate) which raises the potential of cell loss and an underflowed switch queue which reduces ABR throughput. We suggest to implement a use‐it‐or‐lose‐it policy for ABR and fast recovery for TCP to avoid these phenomena. Copyright © 1999 John Wiley & Sons, Ltd.     

Cross-Layer design in HSDPA system to reduce the TCP effect

This paper focuses on the interaction between the transport control protocol (TCP) layer and the radio interface in the high-speed downlink packet access (HSDPA) wireless system. In the literature, studies of the interaction between TCP and wireless networks are focused on the evaluation of user bit rate in the case of dedicated channels. In this paper, the interaction between TCP, hybrid automatic repeat request (HARQ), and scheduling techniques (especially, proportional fair scheduling) is conducted. Analytical models to evaluate HSDPA cell capacity, user bit rate, and interaction with TCP layer are presented. Even if as expected the bit rate per flow decreases strongly with the congestion frequency in the wired network, it is shown that the overall capacity achieved by HSDPA is not as affected by the TCP layer. Using this result, a method to reduce the effect of TCP on wireless network without losing much cell capacity is proposed. This method has the advantage of modifying the scheduling algorithm only and of not requiring any change to the TCP protocol.     

DATCP: deadline-aware TCP for the commoditized data centers

Many flows in data centers have deadlines and missing deadlines would hurt application performance such as affecting response quality in Web applications or delaying computing jobs in MapReduce-like systems.However,transmission control protocol(TCP) which is widely used in data centers now cannot provide deadline-aware transmission service.Service differentiation only distinguishes flows with different priority but is unable to guarantee completion time.In this paper,we propose a new protocol named deadline-aware TCP(DATCP) to provide deadline-aware transmission service for the commoditized data centers,which can be used as a flexible method for flow scheduling.DATCP combines flow urgency and importance to calculate precedence.Flow urgency is dynamically adjusted according to the gap between desired rate and actual throughput.Setting importance can avoid starving the important but no-urgent flows.Furthermore,a flow quenching method is presented which allows as many high precedence flows as possible to meet deadlines under heavy network load.By extensive simulations,the performance of DATCP was evaluated.Simulation results show that DATCP can make flows meet deadlines effectively.