Full metadata record
DC FieldValueLanguage
dc.contributor.author沙荷西en_US
dc.contributor.authorSagastume Jacobo, Jose Miguelen_US
dc.contributor.author林盈達en_US
dc.contributor.authorLin, Ying-Daren_US
dc.date.accessioned2014-12-12T01:54:41Z-
dc.date.available2014-12-12T01:54:41Z-
dc.date.issued2012en_US
dc.identifier.urihttp://140.113.39.130/cdrfb3/record/nctu/#GT079903502en_US
dc.identifier.urihttp://hdl.handle.net/11536/48979-
dc.description.abstract對於網絡安全產品的測試,真實流量的錄製和重播是很重要的。然而,在相同的測試情境中,重播流量應能有效地重製在實際流量中由待測物所引發的事件。這個研究提出方法來計算封包或連線事件的事件重製率和重播工具的有效性。在這項研究中使用了SocketReplay及Tcpreplay。結果表明,流量內容和重播策略和待測物的通過規則,可以顯著地影響事件的重播率和重播工具的有效性。例如,流量中含有很多不完整的連接,或重播策略是以連線為基準,而不是時間戳記為基準,將會大大地減低事件的重播率和的重播工具的有效性。結果,雖然SocketReplay 可以準確地建立正確的TCP對話,可是SocketReplay 的事件重播率只達到38.74% 的TCP 流量,導致對封包傳遞和阻止事件的有效性分別為99.97% 和0.00%,而CIDR模式的Tcpreplay的事件重播率達到了99.99% 的TCP 流量,導致對封包傳遞和阻止事件的有效性分別為99.73% 和75.64%。此處,錄製的的流量有很多不完整的連接且事件的觸發是基於啟發式或識別的規則。適當重播工具的選擇及重播政策的選定,應取決於所我們錄製的流量內容,以避免事件重製率與重播工具的有效性出現顯著的下跌。zh_TW
dc.description.abstractCapturing and replaying real flows are important for testing network security products. However, under the same testing scenario, replayed traffic should effectively reproduce the events triggered by DUTs as the live traffic. This work presents methods to calculate the event reproduction ratio and the effectiveness of replay tools, based on packet events and connection events. The stateful SocketReplay and the stateless Tcpreplay were applied in this study. Results indicated that the traffic contents, the replay policies, and DUT filtering rules can significantly affect the event reproduction ratio and the effectiveness of replay tools. For example, traffic with a lot portion of incomplete connections and replay policies based on connections, rather than timestamp, can considerably impair the event reproduction ratio and the effectiveness of replayers. The results show that SocketReplay, which can accurately establish the correct TCP session, can only replay 38.74% TCP traffic, resulting in 99.97% and 0.00% of effectiveness of passing and blocking event ratio, respectively, while Tcpreplay with CIDR mode can replay 99.99% TCP traffic, resulting in 99.73% and 75.64% of effectiveness of passing and blocking event ratio, respectively, when captured traffic have many incomplete connection and events are triggered by heuristic based rules and signature based rules. The choice of a proper replayer and its replay policies should depend on the traffic contents we captured to avoid a significant drop of event reproduction ratio and the effectiveness of replayers.en_US
dc.language.isoen_USen_US
dc.subject網路測試zh_TW
dc.subject流量重播zh_TW
dc.subject事件重製率zh_TW
dc.subject有效性zh_TW
dc.subjectnetwork testingen_US
dc.subjecttraffic replayen_US
dc.subjectevent reproduction ratioen_US
dc.subjecteffectivenessen_US
dc.title網路流量重播效果之評估zh_TW
dc.titleEffectiveness in Replaying Real Traffic: An Evaluationen_US
dc.typeThesisen_US
dc.contributor.department電機資訊國際學位學程zh_TW
Appears in Collections:Thesis


Files in This Item:

  1. 350201.pdf
  2. 350201.pdf
  3. 350201.pdf

If it is a zip file, please download the file and unzip it, then open index.html in a browser to view the full text content.