Research On Key Technologies Of Network Topology Discovery Based On Network Traffic Analysis

Network topology discovery is one of the important basic tasks of network management and security assessment.The integrity and accuracy of the network topology is a guarantee of availability.Anonymous router identification is a key and difficult point in network topology discovery technology.This paper mainly studies the identification of anonymous routers and active and passive network topology detection method.For the problem of anonymous router identification,this paper analyzes the impact of anonymous routers on the network topology,firstly pre-processes the detected data,performs alias resolution on the nodes,and clusters the anonymous links according to the same starting node.And classify the clustering result into a single-hop anonymous link set and a multi-hop anonymous link set;use graphbased statistical analysis to merge anonymous nodes in a single-hop anonymous link;merge the abnormal state anonymous router according to the link characteristics.Then,the multi-hop anonymous link is clustered in multiple ways to serve tomography,and finally the constraint equation is established,and the relative position of the anonymous router is located to realize the identification of the anonymous router.This method greatly reduces spurious nodes and spurious links in the network topology,and improves the authenticity and reliability of the network topology.Compared with the current main network topology detection technology,this paper proposes a method of network topology detection based on the combination of both active and passive topology detection methods named TDPMandCS.The passive module of the method constructs the adjacency matrix of the network device node by using the TTL data packet acquired by the internal monitoring node of the network,and uses the data obtained by the network exit monitoring node to provide the target node candidate set for active detection;the active module is based on the passive module.All the undetected IPs are further filtered to obtain a probe candidate set,and the two candidate sets are actively detected to obtain a link set and represented by an adjacency matrix.Finally,the adjacency matrix generated by the active and passive modules is combined to obtain a complete network topology.Based on the work above,the GIS-based TDPMandCS active-passive network topology discovery and display system is designed and implemented,and the detected network topology is presented to the user more intuitively.