摘要
基于真实网络流量的互动式回放测试是当前针对防火墙、IPS等串接型安全设备进行测评的最新方法.文中在分析现有基于状态判定的TCP流量互动式回放方法基础之上,引入收发平衡机制,提出了一种基于收发平衡和状态判定相结合的新的TCP流量回放方法.通过在发送TCP数据包前优先进行收发平衡判定将数据包发送出去,提出的方法能够有效减少TCP流量在发送过程中的状态判定开销,提高回放性能.对引入收发平衡机制前后的TCP流量回放方法的差异进行了分析比较.从单个TCP会话特性、并发会话流量特性、网络传输延迟与丢包等角度分析验证了影响引入收发平衡机制后的算法有效性的因素.实际流量实验表明,文中所提方法在回放TCP流量时性能有显著提升,适用于在更大规模的流量环境下对防火墙、IPS等串接型网络安全设备进行测评.
Interactive network traffic replay is the newest method for testing and evaluation ot network devices such as Firewalls, IPSes, routers, switches, etc. Currently state-checking method is used for interactive TCP traffic replay. This paper proposes a new method for interac- tive TCP traffic replay which is based on the balance status between transmitted and received packets. By checking the balance conditions before sending out TCP packets, the method can sig- nificantly reduce the cost of state-checking and enhance the replay performance. The authors made a comparison on the differences of replay methods when introducing the balance mechanism. The efficiency of the method is also investigated and evaluated from aspects of a single TCP session, multi-session traffic, packet losses and latency. Experimental results show that the method outperforms the original state-checking method when replaying actual TCP traffics.
出处
《计算机学报》
EI
CSCD
北大核心
2009年第4期835-846,共12页
Chinese Journal of Computers
基金
国家自然科学基金(60574087)
国家“八六三”高技术研究发展计划项目基金(2007AA01Z464,2007AA01Z475,2007AA01Z480,2008AA01Z415)
教育部博士点基金(20070698107)
陕西省自然科学基金(2006F46)
西安市科技计划(zx06026)资助~~
关键词
网络安全设备测评
流量回放
互动式TCP流量回放
状态判定
收发平衡
testing and evaluation of network security devices
network traffic replay
interactive TCP traffic replay
state based method
balance checking
