| The Internet is a essential tool for people to produce and live in the infromation age. However, with the popularity of the Internet, a large number of illegal information flooding the network, hade a serious impact on our society and some agencies. In the macroscopic view, a number of hostile forces use the Internet to spread rumors in an attempt to undermine the social harmony and stability, if we do not detect and stop these rumors promptly, they will not only hinder the development of our country’s economic, but may also become a predisposing factor to cause social unrest.In the microcosmic view, on the one hand, the illegal network information doped violence, pornography, and other information will affect the healthy growth of youngsters; on the other hand, for some institutions of strong confidentiality, there may exist some possibilities of internal users leak institution secrets via the Internet. Therefore, the implementation of the Internet information audit and supervision is imperative. Meanwhile, the related technology has also become a hot research field of network security.In this paper, the key technologies of network information audit are researched. and on the basis of the related research, a network information audit system is realized. The main work of this paper can be summarized as follows:1. Three sets of data packet capture program, respectively based on the Libpcap, Libpcap-mmap (the Libpcap of the memory mapping improved version) and the PF_RING, are developed. To test the packet capture rate of these programs, the author let them run in the same hardware environment, and the experimental results were compared.2. Parallel data reorganization system based on multi-core processors is designed. And we tested the influence of CPU affinity setting.3. To select an appropriate hash function algorithm for TCP connection nods locate algorithm, this article compared and analyzed the performance of XOR_SHIFT, CRC32, and IPSX hash functions from three indexes of random measure, collision rate and calculation time. The data source this article used is collected from the backbone network.4. A TCP segments reorganization algorithm is designed in this paper. The algorithm specialized the processing procedure of various TCP segmentsis. Then we tested and compared the performance of our algorithm with Libnids.5. Fetion protocal is studied through the analysis of network packets be captured in real time. The format of M method which is used to send and receive fetion instant text messages is summarized. On this basis, the article realized the fetion instant text messages audit system. This research made up for the deficiencies of the existed real-time chat audit research.6. A network information audit system is realized based on Linux OS, using C language. It can audit the information of HTTP application, SMTP and POP3applications, and also the Fetion instant text message content. |
PDF Full Text Request