基于网络的高性能应用协议解析算法研究

项目名称： 基于网络的高性能应用协议解析算法研究

项目编号： No.61472184

项目类型： 面上项目

立项/批准年度： 2015

项目学科： 自动化技术、计算机技术

项目作者： 刘向阳

作者单位： 南京大学

项目金额： 84万元

中文摘要： 应用协议高速解析是许多网络安全和网络监测的基础,例如基于网络的入侵防御系统。本项目将研究设计应用协议高速解析算法。首先将研究并设计一种能够准确定义应用协议及抽取域的文法，在此基础上研究文法的简化，以及在无栈情况下对递归结构进行解析的算法，对网络数据流的有选择性和近似性解析。为了实现协议的高速解析，将根据不同的软硬件平台，在支持增量式数据包处理的基础上分别研究模拟计数自动机和编译计数自动机的高速实现方法。增量式数据包处理方法克服了缓冲式数据包处理带来的大量动态内存分配以及在不良环境下造成数据包拥塞的风险。针对网络中存在多种应用协议数据流的问题，将研究一种将应用协议识别与解析相结合的机制，对数据流进行一次读取的情况下实现对数据流的识别和解析。项目将采用理论分析、仿真实验以及真实实验相结合的方法对所提算法和机制进行评价。本项目的研究会为将来的网络安全系统和网络监测系统奠定坚实的理论和实践基础。

中文关键词： 网络安全；入侵防御系统；高速网络算法；应用协议解析

英文摘要： High-Speed application protocol parsing is the foundation of many security and networking services such as network based intrusion prevention systems. This project aims to design a fully automated high-speed application protocol parser. First, we plan to design a grammar language that can accurately describe application protocols and the fields that need to be extracted. Second, we plan to investigate grammar simplification and recursive structure parsing without the use of stacks. Avoiding the use of stacks is to defend against Denial-of-Service (DoS) attacks. We aim to achieve the selective and approximate parser for the network data stream. In order to achieve the high-speed protocol parsing on different platforms, we will respectively study the high-speed implementation of simulated counting automata and compiled counting automata to support incremental packet processing, which overcomes the excessive memory usage required by buffered packet processing, and the risk of the packet congestion in adverse environments. To identify and parse multiple application flows simultaneously, we aim to design algorithms that can unify application protocol recognition and parsing. In this project, we will evaluate the proposed algorithms and mechanisms via theoretical analysis, software simulations, and real experiments. The proposed research will serve as the foundation for future network based intrusion prevention systems and fine-gained network monitoring.

英文关键词： network security;intrusion prevention systems;high-speed network algorithms;application protocol parsing