| Nowadays, the Internet has deep effect on people’s work, study and life. Analyzing network data makes Internet better serve the people’s lives due to the increasingly impact the Internet has toward people. During the analysis of network data, we should begin with data collection, and then organize those data into a special form ready to be analysis. This paper studies the network data collection, analysis techniques, and also achieves following goals.1. In this paper, we use packet capture collecting data and been implemented by libpcap API. In order to enhance the speed of acquisition from networks, this paper use high-speed I/O architecture netmap for collecting data, use netmap implement libpcap interface constitutes netmap-libpcap, then call libpcap interfaces for data acquisition, data collection through experimental verification speed can improved2-3times. 2. Data packets can’t be analyzed directly. Firstly, we need to restore the application packet layer content.-The traditional way to restore the contents has two steps, the first one is restoring the stream and the other one is extracting the contents from the stream. In this paper bypassing the flow reduction steps we propose "Direct Content Restruction" combined with specific needs, and then use this thought in SMTP and HTTP protocol to design and implementation content restruction, and validate the feasibility of them. In this way, it can simplify the design and implementation of processes, and also improve the speed of content restoration.3. After obtaining the data from application layer, we can implement the key information extraction through file format analysis, Chinese word segmentation and keywords extraction.In this paper, by combining the technology of netmap-libpcap, direct content restore and Chinese word segmentation, we design and implement a network data content restore and analysis system, which includes data acquisition subsystem, content restore subsystem, text extraction subsystem and text analysis subsystem. |
PDF Full Text Request