標題: 低儲存空間消耗的錄製真實流量與回復有效狀態的重播真實流量技術
Low-Storage Capture and Loss-Recovery Stateful Replay of Real Flows
作者: 鄭宗寰
Cheng, Tsung-Huan
林盈達
Lin, Ying-Dar
網路工程研究所
關鍵字: 流量重播;流量錄製;真實流量;測試;缺陷;traffic replay;traffic capture;real flows;testing;defects
公開日期: 2008
摘要: 網路產品在真實流量上仍會遇到許多實驗室模擬網路流量測試所無法找到的問題,而這些問題可藉由重播真實流量的測試來找到。由於真實流量由許多真實使用者所產生,在錄製時會快速消耗儲存空間使得錄製時間無法很長,與漏錄影響重播的準確性。在重播時要追蹤流量的有效狀態以應付待測物對流量的反應,並且要能很快的重製事件的發生以便開發者除錯或尋找原因。因此本論文以(N, M, P)錄製機制針對每條連線只錄製連線的前N位元與錄製剩餘P個封包的前M幾位元來節省儲存空間,達到節省87%的儲存空間但保留99.74%的攻擊事件。並且實作實作SocketReplay重播工具以回復漏錄重播追蹤TCP串流使得漏錄對觸發事件的數量成比例的下降而不會驟降,有效狀態的重播使待測物認為流量是真實的,選擇性的重播以漸增方式階段性尋找造成事件的少數流量,達到重製事件僅需從千條的連線中挑出幾十條連線重製攻擊或病毒的事件。
Model-based traffic generated in the laboratory might not trigger some device defects found only by replaying traffic flows. However, capturing real flows might result in high storage cost and capture loss; the latter affects the accuracy of replay. Replaying real flows should be accurate and also stateful enough to adapt to device reaction. It should reproduce a defect efficiently in helping developers to identify the flows triggering the defect. Therefore, this work first presents the (N, M, P) capture scheme to capture N bytes per flow of data and M bytes of P packets after the N bytes. This scheme reduces 87% storage cost while retaining 99.74% of attack traffic. Next we develop a tool named SocketReplay with the mechanisms of loss-recovery, stateful replay, and selective replay to track TCP sequence numbers to identify capture loss, recover these incomplete flows, follow the TCP/IP protocol behavior, and incrementally select flows to replay. Numerical results show that SocketReplay retains the accuracy and statefulness in triggering device defects and could reduce replayed flows from thousands to tens.
URI: http://140.113.39.130/cdrfb3/record/nctu/#GT079656501
http://hdl.handle.net/11536/43460
Appears in Collections:Thesis


Files in This Item:

  1. 650101.pdf