Design and Implementation DPI and DFI-based System of Flow Identification and Control
|School||University of Electronic Science and Technology|
|Course||Information and Communication Engineering|
|Keywords||flow identification flow control DPI DFI netfilter|
As network applications are becoming rich and varied, the Internet from the textera into the era of multimedia, the required bandwidth exponential growth, and networkbandwidth resources increasingly tense. Network operators are forced to provide morenetwork broad band volume, but the network environment is not improvedcorrespondingly. In addition, the issues pertaining to leakage of private information isgetting worse. Information security legislation is put onto the agenda. However, allthese need internet flow identification technology. In order to effectively control andmonitor network flow, and improve network environment, traffic policing operators arepaying more attention to flow identification and control technologies.In order to address the issues mentioned above, this thesis aims to studyhigh-performance flow identification and control technology. Based on in-depthanalysis of the existing flow identification and control technologies that combines DPIand DFI, this thesis conducts detailed discussion and research on the flow identificationtechnology and speedier flow control technology. Then this thesis designs a new flowidentification and control technology. This thesis consists of six parts as follows:First, this thesis studies high-performance method of indentifying flow. Usingtechnical analysis protocol combining DPI and DFI, this thesis puts forward differentidentification engine for different protocols, which ensure the completeness andaccuracy of protocol identification. Also the time spent on retrieve in the process offlow identification becomes shorter.Second, high-performance flow control technology is studied. This thesis analyzesthe straight concatenation control technology and bypass control technology, and showsflow control technology in the model of straight concatenation.Third, this thesis researches high performance pattern matching algorithm. And inaccordance with the characteristics of rules in the feature library, this thesis selectsproper and highly efficient string matching algorithm in the process of flowidentification.Fourth, on the basis of research on related technology, this thesis raises design proposal framework of flow identification and control system, designs a systematicframework, network deployment pattern, functions of each module and interactiverelations between modules.Fifth, this thesis designs and implements a flow identification and control system.Design and implements modes of rules in feature library and methods of compiling;Implementation procedures and algorithm for rule matching are detailed; controlmechanism and filter algorithms of flow control module set up on Linux firewallnetfilter are also described; system login and policy configuration function isimplemented and displayed.Sixth, focusing on the function of the system, this thesis conducts tests, analyzesthe test results and the stability of the system and summaries the research results andpoints out the direction for better improve the system performance.