Research And Implementation On Key Technology In High-speed Network Monitoring System

With the development of computer network, network security has become increasingly prominent, and network intrusion has become more and more serious. There are no effective means to locate and confirm the intrusion events that have happened, and it is difficult to block network attacks and form powerful determent for network attacker. In this circumstance, information systems for government and national defense have an urgent demand for monitoring of network security. Current network monitoring system is deficient in high-speed packets capture and magnanimous data storage, so there is an urgent demand for new High-speed Network Monitoring System(HNMS) to monitor the high-speed network.High-speed packets capture and magnanimous data storage are the core problems of network security monitoring technology, it is the base for analysis, warning and counterattack of network intrusion. The thesis focuses on two core problems in HNMS: high-speed packets capture and magnanimous data storage, and this article does the work mainly concentrates in:Firstly, a sub-system for capture and storage of high-speed packets according to high speed network characteristic is designed and implemented, the system effectively improves single PC's packets capture ability by means of zero copy, and it applies a load balance algorithm based on detachment field, the algorithm can ensure the integrality of TCP stream well on the premise of load balance, and thus can advoid the false negative of intrusion detection system, and has carried on the design to the document increase subsystem and the database loading system, finally has carried on the plan design to the time synchronization question.Secondly, In view of the magnanimous data storage characteristic, has carried on the design and the optimization using the Oracle data bank technology to this system database. By optimizing the database for improved performance, enhanced query and analysis speed.The final contribution of the thesis is the performance test of packets capture, data loading, analysis query performance, results show that length of packet is the main factor of packets capture. The system adopts batch loading of SQLLDR which is provided by Oracle client to improve the speed of data loading, by optimizing storage after the database system, the larger of the query and analysis speed.The system has the advantage of efficient robust and scalability.