Design And Implementation Of Large-scale Interactive Network Service Detection System

In the increasingly popular Internet today,the types of network services tend to di-versify,relying on the host port to provide external services such as HTTP,FTP,IEC-104.As a double-edged sword,network services also hidden attack service risks and hazards.So in order to monitor and statistics on a variety of services in the network,the need for more effective means to detect these nodes and follow-up attack and defense work.Large-scale port scanning technology research has been more mature,but at home and abroad has not yet put forward real-time active service detection tool.The research of this subject is based on the above background and combined with the actual engineering requirements.After analyzing the characteristics of the existing scanning tools,it is found that the semi-connected scanner is efficient,but the connection-based service detection task can not be completed.And because the service status changes rapidly,the existing service detection tool is difficult in a relatively short period of time to complete large-scale detection tasks.Therefore,this paper proposes a large-scale inter-active service detection system to be solved,through the system for service detection,can be achieved based on the semi-connected,the connection state can maintain the scanning mode.Secondly,using the "pattern set detection syntax" proposed in this paper,it can guide the scanner component to make different responses according to the different state of the response packet in the detection process,so as to realize multiple interactive service probing or protocol simulation,The internal hard-coding protocol features this expansion bottleneck.Besides,the control system to achieve the detection task and target address set redundancy and random allocation of functions,in order to improve system robustness.In this paper,the overall architecture of the system is discussed in detail.At the same time,for solving the complicated pain points of the distributed nodes,the internal components are implemented in the container and the Docker Swarm Mode is used to cluster and distributed nodes Reasonable arrangement.Finally,the article run multiple sets of control and stress testing,and the results of the use and evaluation of the system have a positive guiding significance.