CAJ | 학술논문

网络安全应急响应在网络分析和追踪时需要应急采集，即捕获特定IP、端口、协议的原始分组。基于高速网络分组捕获工具PF_RING DNA，利用多核多线程并发采集与规则匹配的网络分组，并分配共享缓冲区提高分组的磁盘存储性能，同时通过对采集规则设置不同的状态，实现动态添加采集规则和人为干预采集过程。实验结果表明，在双万兆网卡的环境下，应急采集系统可以捕获并处理19.98 bit/s(3.5 Mpacket/s)的网络流量，最大应急采集速率为1297 Mbit/s（204.9 kpacket/s）。
망락안전응급향응재망락분석화추종시수요응급채집，즉포획특정IP、단구、협의적원시분조。기우고속망락분조포획공구PF_RING DNA，이용다핵다선정병발채집여규칙필배적망락분조，병분배공향완충구제고분조적자반존저성능，동시통과대채집규칙설치불동적상태，실현동태첨가채집규칙화인위간예채집과정。실험결과표명，재쌍만조망잡적배경하，응급채집계통가이포획병처리19.98 bit/s(3.5 Mpacket/s)적망락류량，최대응급채집속솔위1297 Mbit/s（204.9 kpacket/s）。
In the network analysis and tracking, network security emergency response needs a emsrgency sensor that captures saw packets of specific IP, port, protocol. Base on the high-speed packet capture tool PF_RING DNA, it uses mutil-thread to capture network packets that match sensor rules, and allocates the shared buffer to improve the perform-ance of the disk storage of packets, at the same time through setting different states for the packet sensor rule, impliments adding sensor rules and human intervention dynamically. The experimental results show that in the dual 10 Gigabit NICs environment, emergency sensor can capture and handle network traffic of 19.98 Gbit/s(3.5 Mpacket/s), and the maximum rate of emergency sensor is 1 297 Mbit/s(204.9 kpacket/s).