基于自动机的TCP流识别算法

doi:10.3969/j.issn.0372-2112.2017.06.017

电子学报 ›› 2017, Vol. 45 ›› Issue (6): 1396-1402.DOI: 10.3969/j.issn.0372-2112.2017.06.017

基于自动机的TCP流识别算法

张孝国^1,2, 丁伟¹

1. 东南大学计算机科学与工程学院, 江苏南京 211189;
2. 河南科技大学信息工程学院, 河南洛阳 471023

收稿日期:2015-10-12 修回日期:2016-04-07 出版日期:2017-06-25
- 作者简介:
- 张孝国 男,1980年3月出生于河南省平顶山市,讲师,博士研究生,主要研究方向:网络测量,网络行为学等.E-mail:xgzhang@njnet.edu.cn;丁伟女,1962年5月出生于江苏省南京市,工学博士.现为东南大学教授,博士生导师.主要研究方向:网络系统结构,网络测量,网络安全,网络行为学等.E-mail:wding@njnet.edu.cn
- 基金资助:
- 国家重点基础研究发展规划 (973计划）项目 (No.2009CB320505）; 国家科技攻关计划基金资助项目 (No.2008BAH37B04）

TCP Flow Identifying Algorithm Based on Finite State Automaton

ZHANG Xiao-guo^1,2, DING Wei¹

1. School of Computer Science and Engineering, Southeast University, Nanjing, Jiangsu 211189, China;
2. Information Engineering School, Henan University of Science and Technology, Luoyang, Henan 471023, China

Received:2015-10-12 Revised:2016-04-07 Online:2017-06-25 Published:2017-06-25

摘要/Abstract

摘要：

为提升网络流识别性能，本文提出了一种TCP流识别算法.该算法基于传输控制协议（Transmission Control Protocol，TCP）下网络通信双方的交互过程构建双向流自动机，由该自动机根据TCP协议规则和网络流当前状态判断TCP流终止，同时以基于规则的过滤机制和超时策略为辅助措施，快速识别单包流和异常中断流.该算法内存开销、计算和内存总开销均低于经典算法固定超时策略（Fixed Timeout strategy，FT）和同类代表性算法两层自适应超时策略（Two-level Self-Adaptive Timeout，TSAT），同时该算法精度高于TSAT，且仅比默认精度标准略有下降.该算法基于协议规则识别TCP流，既保证了流的准确性，又节省了流的超时等待时间，而且算法尤其适合中流、小流和不规则TCP流比重较大的情况，使得识别系统在面临DDoS攻击、蠕虫爆发等网络异常时仍能正常运行.

关键词: 流识别, TCP, 自动机, 属性识别度, 流超时

Abstract:

In order to improve flow-identifying performance,a flow-identifying algorithm for TCP (Transmission Control Protocol) traffic was proposed.This algorithm constructs bidirectional-flow finite state automaton based on TCP communication process and judges flow-termination according to TCP protocol rules and flow states by this automaton.Meanwhile,the algorithm adds filtering mechanism and timeout strategy to identify single-packet flows and abnormal interrupt flows.This algorithm is lower in memory overhead,the total overhead of memory and computing resources than the classic algorithm FT (Fixed Timeout strategy) and the similar representative algorithm TSAT (Two-level Self-Adaptive Timeout).Furthermore,this algorithm is higher than TSAT in accuracy and only loses little accuracy compared to the default accuracy standard.Our algorithm identifies TCP flows based on protocol rules,so it can obtain high identifying accuracy and can save extra flow keeping-time.And our algorithm is especially suitable for situations when the proportion of small flows,medium flows or irregular flows is larger,so it can ensure flow-identifying system to work normally when network anomalies occur,such as worm infection,DDoS attack,and so on.

Key words: flow identifying, TCP, finite state automaton, attribute recognition degree, flow timeout

中图分类号:

TP393

张孝国, 丁伟. 基于自动机的TCP流识别算法[J]. 电子学报, 2017, 45(6): 1396-1402.

ZHANG Xiao-guo, DING Wei. TCP Flow Identifying Algorithm Based on Finite State Automaton[J]. Acta Electronica Sinica, 2017, 45(6): 1396-1402.

参考文献

[1] CLAFFY K C,BRAUN H W,et al.A parameterizable methodology for internet traffic flow profiling[J].IEEE Journal on Selected Areas in Communications,1995,13(8):1481-1494.
[2] RYU B,CHENEY D,et al.Internet flow characterization:adaptive timeout strategy and statistical modeling[A].Proceedings of PAM 2001 Workshop[C].Amsterdam,Netherlands:RIPE NCC,2001.95-105.
[3] WANG J F,LI L,et al.A probability-guaranteed adaptive timeout algorithm for high-speed network flow detection[J].Computer Networks,2005,48(2):215-233.
[4] 周明中,龚俭,等.网络流超时策略研究[J].通信学报,2005,26(4):88-93. ZHOU Ming-zhong,GONG Jian,et al.Study of network flow timeout strategy[J].Journal on Communications,2005,26(4):88-93.(in Chinese)
[5] 周明中,龚俭,等.高速网络中基于流速测度的动态超时策略[J].软件学报,2006,17(10):2141-2151. ZHOU Ming-zhong,GONG Jian,et al.High-speed network flows' dynamical timeout strategy based on flow rate metrics[J].Journal of Software,2006,17(10):2141-2151.(in Chinese)
[6] Cisco.NetFlow Services Solutions Guide[M/OL].http://www.cisco.com/en/US/docs/ios/solutions_docs/netflow/nfwhite.pdf,2007-01-22.
[7] RODRIGUEZ J M,ESPANOL V C,et al.Empirical analysis of traffic to establish a profiled flow termination timeout[A].Proceedings of International Wireless Communications and Mobile Computing Conference[C].Cagliari,Italy:IEEE Computer Society,2013.1156-1161.
[8] CAI J,ZHANG Z B,et al.An adaptive timeout strategy for UDP flows using SVMs[A].Proceedings of Parallel and Distributed Computing,Applications and Technologies[C].Wuhan,China:IEEE Computer Society,2010.118-127.
[9] 赵小欢,夏靖波,等.高速网络UDP流超时策略研究[J].合肥工业大学学报(自然科学版),2013,36(2):176-180. ZHAO Xiao-huan,XIA Jing-bo,et al.Research on UDP flow timeout strategy in high-speed network[J].Journal of Hefei University of Technology (Natural Science),2013,36(2):176-180.(in Chinese)
[10] LEE D,CARPENTER B E,et al.Observations of UDP to TCP ratio and port numbers[A].Proceedings of International Conference on Internet Monitoring and Protection[C].Barcelona,Spain:IEEE Computer Society,2010.99-104.
[11] ZHANG X G,DING W.Comparative research on internet flows characteristics[A].Proceedings of International Conference on Networking and Distributed Computing[C].Hangzhou,China:IEEE Computer Society,2012.114-118.
[12] Jiangsu Key Laboratory of Computer Networking Technology.IP Trace Distribution System[DB/OL].http://iptas.edu.cn/src/system.php,2011-10-01.

[1]	赵耿, 马英杰, 陈磊, 董有恒, 侯艳丽. 基于扰动时空混沌系统的动态S盒设计[J]. 电子学报, 2022, 50(8): 2037-2042.
[2]	王亚良, 倪晨迪, 金寿松. 基于多邻居结构的自适应元胞差分算法[J]. 电子学报, 2021, 49(3): 578-585.
[3]	高俊涛, 王梅, 徐光会, 刘聪. 正则语言推断综述[J]. 电子学报, 2021, 49(12): 2479-2489.
[4]	邓飞飞, 解光军, 王晓旸, 程心, 张永强. 量子元胞自动机共面五输入择多门结构的分析与设计[J]. 电子学报, 2020, 48(5): 861-869.
[5]	王娟, 夏羽. TCP SkyLine:数据中心网络高吞吐率传输[J]. 电子学报, 2020, 48(12): 2425-2433.
[6]	黄俊君, 关杰. 基于元胞自动机的S盒的性质与神经网络实现研究[J]. 电子学报, 2020, 48(12): 2462-2468.
[7]	孙朋朋, 董云卫. 二维全向无线充电信息物理融合系统建模与优化方法[J]. 电子学报, 2019, 47(3): 568-575.
[8]	李俊文, 夏银水. 基于QCA的五输入Majority门设计及应用[J]. 电子学报, 2019, 47(2): 404-409.
[9]	朱维军, 郭渊博, 黄伯虎. 动态异构冗余结构的拟态防御自动机模型[J]. 电子学报, 2019, 47(10): 2025-2031.
[10]	孙梦博, 吕洪君, 张永强, 解光军. 量子元胞自动机全加器的性能分析与设计[J]. 电子学报, 2018, 46(7): 1774-1780.
[11]	范艳焕, 李永明. 模糊线性时序逻辑的可实现性[J]. 电子学报, 2018, 46(2): 341-346.
[12]	房丙午, 黄志球, 王勇, 李勇. 状态不可观测的信息物理融合系统运行时验证[J]. 电子学报, 2018, 46(12): 2824-2831.
[13]	权伟, 崔恩放, 张宏科. 多源协作的传输控制机制[J]. 电子学报, 2018, 46(10): 2527-2533.
[14]	杜化鲲, 吕洪君, 黄程, 张永强, 解光军. 基于QCA的双边沿JK触发器的实现[J]. 电子学报, 2017, 45(8): 2044-2048.
[15]	朱维军, 周清雷, 李永亮. 以DNA为载体的线性时序逻辑模型检测[J]. 电子学报, 2016, 44(6): 1265-1271.

基于自动机的TCP流识别算法

TCP Flow Identifying Algorithm Based on Finite State Automaton

PDF

可视化

摘要/Abstract

引用本文

使用本文

参考文献

相关文章 15

编辑推荐

Metrics