A Real-Time TCP Stream Reassembly Mechanism in High-Speed Network

被引:2
作者
熊兵 [1 ]
陈晓苏 [1 ]
陈宁 [1 ]
机构
[1] School of Computer Science and Technology,Huazhong University of Science and Technology
来源
Journal of Southwest Jiaotong University(English Edition) | 2009年 / 17卷 / 03期
关键词
TCP stream reassembly; High-speed network; Real-time property; Reassembly policy;
D O I
暂无
中图分类号
TN915.05 [通信网设备];
学科分类号
0810 ; 081001 ;
摘要
With the continual growth of the variety and complexity of network crime means,the traditional packet feature matching cannot detect all kinds of intrusion behaviors completely. It is urgent to reassemble network stream to perform packet processing at a semantic level above the network layer. This paper presents an efficient TCP stream reassembly mechanism for real-time processing of high-speed network traffic. By analyzing the characteristics of network stream in high-speed network and TCP connection establishment process,several polices for designing the reassembly mechanism are built. Then,the reassembly implementation is elaborated in accordance with the policies. Finally,the reassembly mechanism is compared with the traditional reassembly mechanism by the network traffic captured in a typical gigabit gateway. Experiment results illustrate that the reassembly mechanism is efficient and can satisfy the real-time property requirement of traffic analysis system in high-speed network.
引用
收藏
页码:185 / 191
页数:7
相关论文
共 11 条
  • [1] A Practical Packet Reordering Mechanism with Flow Granularity for Parallelism Exploiting in Network Processor. Beibei Wu,Yang Xu,Hongbin Lu,Bin Liu. Proceedings of the 19th IEEE International Parallel and Distributed Processing Symposium . 2005
  • [2] Restoration and audit of Internet e-mail based on TCP stream reassembling. Wang Zhimin. 2003 International Conference on Communication Technology. Proceedings . 2003
  • [3] A parallel algorithm for protocol reassembling. Zhao X L,Sun J Z,Liu S S et al. Proc. of IEEE Canadian Conf. on Electrical and Computer Engineering . 2003
  • [4] A general purpose application layer IDS. Liu S S,Sun J Z,Zhao X L, et al. Proc. of IEEE Canadian Conf. on Electrical and Computer Engineering . 2003
  • [5] Design and implementation of application layer parallel reassembling in NIDS. Yang H Y,Zhao X L. Journal of Jilin University (Science Edition) . 2006
  • [6] Parallel reassembling of application layer protocol in IDS. Yang H Y,Xie L X,Zhao X L. Computer Engineering . 2005
  • [7] A Road Map for Digital Forensics Research. Palmer G. . 2001
  • [8] An efficient TCP reassembler mechanism for layer 7-aware network intrusion detection/prevention systems. Hanaoka M,Kono K,Shimamura M, et al. Proc. of12th IEEE Symposium on Computers and Communications . 2007
  • [9] TCP-stream reassembly and state tracking in hardware. Marc N,Didier C,David S. Proc. of the 10th Annual IEEE Symposium on Field-Programmable Custom Com- puting Machines . 2002
  • [10] An efficient scheduling mechanism with flow-based packet reordering in a high- speed network processor. Wu B B,Xu Y,Liu B, et al. Workshop on High Per- formance Switching and Routing . 2005
12