首页 | 本学科首页   官方微博 | 高级检索  
     

状态封包检测中的连接管理和调度策略-LASF
引用本文:张艳军,张志斌,郭莉,方滨兴.状态封包检测中的连接管理和调度策略-LASF[J].计算机工程与应用,2007,43(28):111-114.
作者姓名:张艳军  张志斌  郭莉  方滨兴
作者单位:中国科学院,计算技术研究所,信息智能与信息安全研究中心,北京,100080;中国科学院,研究生院,北京,100039;中国科学院,计算技术研究所,信息智能与信息安全研究中心,北京,100080
基金项目:国家高技术研究发展计划(863计划)
摘    要:网络带宽的增长和频繁的网络攻击给状态封包检测等网络安全系统的性能带来了很大挑战。通过分析TCP连接建立延迟时间分布特性和连接逗留时间分布特性,设计了一个两级连接状态表,很好地解决了检测系统中的连接状态表急剧增长问题。然后,基于经典排队论和高速骨干网的TCP连接特性提出了一个流调度策略LASF(Least Attained Sojourn First)。通过实验证明,该策略能够在系统负载过重时显著提高系统的连接吞吐率等性能。
关 键 词:状态封包检测  调度  连接状态表  逗留时间最小优先
文章编号:1002-8331(2007)28-0111-04
修稿时间:2007-05

LASF:flow management and scheduling policy in stateful packet inspection systems
ZHANG Yan-jun,ZHANG Zhi-bin,GUO Li,FANG Bin-xing.LASF:flow management and scheduling policy in stateful packet inspection systems[J].Computer Engineering and Applications,2007,43(28):111-114.
Authors:ZHANG Yan-jun  ZHANG Zhi-bin  GUO Li  FANG Bin-xing
Affiliation:1.Research Center of Information Intelligent and Information Security, Institute of Computing Technology, CAS, Beijing 100080, China ;2.Graduate University of Chinese Academy of Science,Beijing 100039,China
Abstract:Current increase in network bandwidth and frequently network attack raise an aggressive challenge in network security systems based stateful packet inspection.In this paper,we start by an analysis of TCP connection setup time and sojourn time distribution of network traffic.Based on this analysis,we design a two level session table in order to avoid session table explosion.Then we propose a connection scheduling policy in stateful packet inspection systems called LASF(Least Attained Sojourn First),which based on classical queuing theory and TCP connection characteristic in high speed network.It shows that this policy can improve flow throughput especially when system is overloaded.
Keywords:stateful packet inspection  scheduling  session table  Least Attained Sojourn First(LASF)
本文献已被 CNKI 维普 万方数据 等数据库收录!
点击此处可从《计算机工程与应用》浏览原始摘要信息
点击此处可从《计算机工程与应用》下载全文
设为首页 | 免责声明 | 关于勤云 | 加入收藏

Copyright©北京勤云科技发展有限公司  京ICP备09084417号