摘 要网络的高度开放性,使得病毒等攻击手段非常容易进行,这些攻击行为或将对用户数据等重要内容造成严重损坏,或将泄露极度机密的文件内容,造成无法估量的损失。不过这些带有攻击任务的数据包会包含一些特定字段,通过解析其中的关键字,就能及时有效地捕捉到此类攻击行为。95150
本课题就致力于开发一款基于WinPcap的网络大数据分析及合法性判断系统,以满足我们对海量数据包合法性判断的技术要求,通过数据库开放给外部用户查看调用攻击行为数据,并在开发完成后,通过不断测试来追求更高的准确性和稳定性,尽其所能保护每一个使用本系统用户的网络安全。
整体上来说,课题研发可分成四个阶段:总体设计,模块功能和数据结构设计,详细功能开发以及最后的系统功能测试。
总体设计阶段将系统的整体架构分成了三部分:输入,处理和输出,输入部分负责数据源,处理部分负责解析数据,输出部分负责最后的数据结果储存和展示。
模块功能设计和数据结构设计阶段作为总体设计和详细开发的过渡阶段,承担了将总体设计具体化到各个子模块模块中去,并设计出适当的数据结构用于维护数据。
详细功能开发阶段,是真正编写代码的阶段,在本阶段中完成对各个子模块功能的实现和对接,同时初步完成对数据结果准确性的校验。
最后的系统功能测试阶段,是系统的收尾阶段。通过连接多台计算机组成局域网,加以交换机端口镜像,将局域网内所有数据拷贝到监测机网卡,并在其他计算上发送攻击指令到局域网中的任意机器上,测试系统是否能对整个局域网网络完成数据监控和合法性分析工作。
关键词:网络安全;大数据分析;数据库;TCP/IP协议
Abstract Attack means such as the height of the network openness, the virus is very easy, these attacks or will cause serious damage to user data, and other important content, or highly confidential files will be revealed, causing immeasurable loss。 But these packets carrying assault missions will contain some specific fields, through analyzing the key word, can capture in a timely and effective manner to such attacks。
This topic has been working on developing a large network data analysis based on WinPcap and legality judgment system, in order to meet our technical requirements for huge amounts of packet legality judgment, through database open to outside users to view call attack behavior data, and after completion of the development, through continuous testing to the pursuit of higher accuracy and stability, and do all it can to protect every use of this system user's network security。
Whole, subject research and development can be pided into four stages: the overall design, module function and data structure design, function development and the system function test in detail。
Overall design stage of the overall architecture of system can be pided into three parts: input, processing and output, the input section is responsible for the data source, data processing part is responsible for parsing, output section is responsible for the final data storage and display the results。
Module function design and data structure design phase as the transition of the overall design and detailed development stage, bear the overall design will be specific to each module in the module, and design the appropriate data structure used to maintain the data。
Detailed functional development phase, it is really write code phase, in this stage of the realization of the function of each module and docking, at the same time completed preliminary to the accuracy of the data in check。
The final system functional test phase is the final stage of the system。 Through the connection of computer local area network (LAN), try to switch port mirror, all data copies in the local area network (LAN) to monitor network card, and on the other computing send attacks on any machine in the instruction to the local area network (LAN), the test system can complete data on the LAN network monitoring and legitimacy of the analysis。 基于WinPcap网络接口的网络大数据分析及合法性判断系统设计:http://www.youerw.com/zidonghua/lunwen_203378.html