计算机工程与应用 ›› 2007, Vol. 43 ›› Issue (28): 111-114.

• 网络、通信与安全 • 上一篇    下一篇

状态封包检测中的连接管理和调度策略—LASF

张艳军1,2,张志斌1,2,郭 莉1,方滨兴1   

  1. 1.中国科学院 计算技术研究所 信息智能与信息安全研究中心,北京 100080
    2.中国科学院 研究生院,北京 100039
  • 收稿日期:1900-01-01 修回日期:1900-01-01 出版日期:2007-10-01 发布日期:2007-10-01
  • 通讯作者: 张艳军

LASF:flow management and scheduling policy in stateful packet inspection systems

ZHANG Yan-jun1,2,ZHANG Zhi-bin1,2,GUO Li1,FANG Bin-xing1   

  1. 1.Research Center of Information Intelligent and Information Security,Institute of Computing Technology,CAS,Beijing 100080,China
    2.Graduate University of Chinese Academy of Science,Beijing 100039,China
  • Received:1900-01-01 Revised:1900-01-01 Online:2007-10-01 Published:2007-10-01
  • Contact: ZHANG Yan-jun

PDF

摘要: 网络带宽的增长和频繁的网络攻击给状态封包检测等网络安全系统的性能带来了很大挑战。通过分析TCP连接建立延迟时间分布特性和连接逗留时间分布特性,设计了一个两级连接状态表,很好地解决了检测系统中的连接状态表急剧增长问题。然后,基于经典排队论和高速骨干网的TCP连接特性提出了一个流调度策略LASF(Least Attained Sojourn First)。通过实验证明,该策略能够在系统负载过重时显著提高系统的连接吞吐率等性能。

关键词: 状态封包检测, 调度, 连接状态表, 逗留时间最小优先

Abstract: Current increase in network bandwidth and frequently network attack raise an aggressive challenge in network security systems based stateful packet inspection.In this paper,we start by an analysis of TCP connection setup time and sojourn time distribution of network traffic.Based on this analysis,we design a two level session table in order to avoid session table explosion.Then we propose a connection scheduling policy in stateful packet inspection systems called LASF(Least Attained Sojourn First),which based on classical queuing theory and TCP connection characteristic in high speed network.It shows that this policy can improve flow throughput especially when system is overloaded.

Key words: stateful packet inspection, scheduling, session table, Least Attained Sojourn First(LASF)

京ICP备13024262号-1
Copyright © 《计算机工程与应用》编辑部
技术支持:北京玛格泰克科技发展有限公司
总访问量
今日访问
在线人数