基于匿名化流表的网络数据分组实时匿名方法

韩春静; 葛敬国; 谢高岗; 李亮雄; 李佟; 刘韵洁

doi:10.11959/j.issn.1000-436x.2016214

您当前的位置：

首页 >

文章列表页 >

基于匿名化流表的网络数据分组实时匿名方法

学术论文 | 更新时间：2024-06-05

- 基于匿名化流表的网络数据分组实时匿名方法
- Online trace anonymization based on anonymous flow table
- 通信学报 2016年37卷第11期页码：11-22
- 作者机构：
  
  1. 中国科学院计算技术研究所，北京 100190
  2. 中国科学院大学，北京100049
  3. 中国科学院信息工程研究所，北京 100093
- 作者简介：
  
  [ "韩春静（1978-），女，河南郑州人，中国科学院博士生，中国科学院高级工程师、硕士生导师，主要研究方向为网络测量与行为分析、网络信息流识别与处理等。" ]
  [ "葛敬国（1973-），男，安徽肥东人，博士，中国科学院研究员、博士生导师，主要研究方向为网络体系结构与安全防护、网络测量与行为分析。" ]
  [ "谢高岗（1974-），男，浙江东阳人，博士，中国科学院研究员、博士生导师，主要研究方向为软件定义网络、网络功能虚拟化、互联网体系结构、网络测量分析。" ]
  [ "李亮雄（1986-），男，甘肃会宁人，中国科学院工程师，主要研究方向为网络测量分析。" ]
  [ "李佟（1978-），男，辽宁盘锦人，中国科学院高级工程师、硕士生导师，主要研究方向为网络和计算机体系结构、网络测量与行为分析。" ]
  [ "刘韵洁（1943-），男，山东烟台人，中国科学院院士，中国科学院教授、博士生导师，主要研究方向为未来网络架构及关键技术、网络融合与演进。" ]
- 基金信息：
  
  中国科学院先导专项基金资助项目(XDA06010306);国家自然科学青年基金资助项目(F020802);国家重点基础研究发展计划（“973”计划）基金资助项目(2012CB315803);国家高技术研究发展计划（“863”计划）基金资助项目(2013AA013501)
- DOI：10.11959/j.issn.1000-436x.2016214
  中图分类号： TP391
- 网络出版日期：2016-11，
  
  纸质出版日期：2016-11-25
- 稿件说明：
移动端阅览
韩春静, 葛敬国, 谢高岗, 等. 基于匿名化流表的网络数据分组实时匿名方法[J]. 通信学报, 2016,37(11):11-22.

Chun-jing HAN, Jing-guo GE, Gao-gang XIE, et al. Online trace anonymization based on anonymous flow table[J]. Journal on communications, 2016, 37(11): 11-22.
韩春静, 葛敬国, 谢高岗, 等. 基于匿名化流表的网络数据分组实时匿名方法[J]. 通信学报, 2016,37(11):11-22. DOI： 10.11959/j.issn.1000-436x.2016214.

Chun-jing HAN, Jing-guo GE, Gao-gang XIE, et al. Online trace anonymization based on anonymous flow table[J]. Journal on communications, 2016, 37(11): 11-22. DOI： 10.11959/j.issn.1000-436x.2016214.

摘要

提出了基于匿名化流表的网络数据分组实时匿名方法（Fad-Pan

online trace anonymization based on the anonymous flow table），主要研究Fad-Pan算法以及研发基于DPDK的Fad-Pan原型系统。实验结果表明，Fad-Pan算法比已有的方法在匿名化速度上提高了20倍以上，单个普通服务器可以实时处理万兆链路的IPv4和IPv6流量数据。

Abstract

A real-time network packet anonymous method named Fad-Pan (online trace anonymization based on the anonymous flow table) was proposed. The Fad-Pan algorithm was studied and an online trace anonymization prototype system based on DPDK library was developed. The experimental results prove that the Fad-Pan algorithm is faster more than 20 times than the existing method

and a single server can handle the real-time IPv4 and IPv6 traffic of the 10 Gbit/s link used by the Fad-Pan.

关键词

Keywords

references

JAIN S , KUMAR A , MANDAL S , et al . B4: experience with a glob-ally-deployed software defined WAN [J ] . ACM SIGCOMM Computer Communication Review , 2013 , 43 ( 4 ): 3 - 14 .

MCKEOWN N , ANDERSON T , BALAKRISHNAN H , et al . Open-flow: enabling innovation in campus networks [J ] . ACM SIGCOMM Computer Communication Review , 2008 , 38 ( 2 ): 69 - 74 .

ZHANG L , ESTRIN D , BURKE J , et al . Named data networking (NDN) project [J ] . Relatório Técnico NDN-0001, Xerox Palo Alto Re-search Center-PARC , 2010 .

HAN D , ANAND A , DOGAR F R , et al . XIA: efficient support for evolvable internetworking [C ] // Presented as part of the 9th USENIX Symposium on Networked Systems Design and Implementation (NSDI 12) . 2012 : 309 - 322 .

PANG R , ALLMAN M , PAXSON V , et al . The devil and packet trace anonymization [J ] . ACM SIGCOMM Computer Communication Re-view , 2006 , 36 ( 1 ): 29 - 38 .

FUENTES F , KAR D C . Ethereal vs tcpdump: a comparative study on packet sniffing tools for educational purpose [J ] . Journal of Computing Sciences in Colleges , 2005 , 20 ( 4 ): 169 - 176 .

LI Y , SLAGELL A , LUO K , et al . Canine: a combined conversion and anonymization tool for processing netflows for security [C ] // International Conference on Telecommunication Systems Modeling and Analysis . 2005 : 21 .

PANG R , ALLMAN M , PAXSON V , et al . The devil and packet trace anonymization [J ] . ACM SIGCOMM Computer Communication Re-view , 2006 , 36 ( 1 ): 29 - 38 .

SLAGELL A J , LAKKARAJU K , LUO K . FLAIM: a multi-level anonymization framework for computer and network logs [C ] // LISA . 2006 , 6 : 3 - 8 .

FARAH T , TRAJKOVIC L . Anonym: a tool for anonymization of the Internet traffic [C ] // IEEE International Conference on Cybernetics (CYBCONF). IEEE , 2013 : 261 - 266 .

LIN Y D , LIN P C , WANG S H , et al . Pcaplib: a system of extracting, classifying, and anonymizing real packet traces [J ] . IEEE Systems Journal , 2016 , 10 ( 2 ): 520 - 531 .

PAUL R R , VALGENTI V C , KIM M S . Real-time net shuffle: graph distortion for on-line anonymization [C ] // The 2011 19th IEEE Interna-tional Conference on Network Protocols. IEEE Computer Society , 2011 : 133 - 134 .

DINKAR K P , JAIN S A . Security and privacy preserving policy in mobile crowd sensing [J ] . International Journal of Engineering Science , 2016 , 5206 .

BLANTON E . Tcpurify: TCP packet sniffer [EB/OL ] . (2002-9). http://irg.cs.ohiou.edu/eblanton/tcpurify http://irg.cs.ohiou.edu/eblanton/tcpurify .

BELLARE M . Practice-oriented provable-security [J ] . Lecture Notes in Computer Science , 1998 , 156 ( 11 ): 221 - 231 .

FAN J , XU J , AMMAR M H , et al . Prefix-preserving IP address ano-nymization: measurement-based security evaluation and a new cryp-tography-based scheme [J ] . Computer Networks , 2004 , 46 ( 2 ): 253 - 72 .

DAEMEN J , RIJMEN V . AES proposal: Rijndael [S ] . US: NIST , 2003 .

NATARAJAN S , WOLF T . Network-level privacy for hosted cloud services [C ] // 2014 International Conference and Workshop on the Network of the Future (NOF), IEEE , 2014 : 1 - 8 .

LI S , DOH I , CHAE K . An anonymous IP-based privacy protection routing mechanism for CDN [C ] // 2016 International Conference on Information Networking (ICOIN) . 2016 : 75 - 80 .

RAMASWAMY R , WOLF T . High-speed prefix-preserving IP address anonymization for passive measurement systems [J ] . IEEE/ACM Transactions on Networking , 2007 , 15 ( 1 ): 26 - 39 .

史冰，吴连国，丁伟 . IP 地址前缀保留匿名化算法的改进 [J ] . 微电子学与计算机 , 2007 , 24 ( 10 ): 167 - 170 .

SHI B , WU L G , DING W . Improvement of prefix-preserving IP address anonymization algorithm [J ] . Microelectronics ＆ Computer , 2007 , 24 ( 10 ): 167 - 170 .

JENKINS J R J . Isaac [C ] // Fast Software Encryption. Springer Berlin Heidelberg , 1996 : 41 - 49 .

ZHANG P , HUANG X , LUO M , et al . Fast restorable prefix- preserv-ing IP address anonymization for IPv4/IPv6 [J ] . The Journal of China Universities of Posts and Telecommunications , 2010 , 17 : 93 - 98 .

CAO K , LI Y , YANG H , et al . Poster: an online prefix-preserving IP address anonymization algorithm for passive measurement sys-tems [C ] // International Conference on Security and Privacy in Com-munication Systems. Springer International Publishing , 2015 : 581 - 584 .

AHUJA R K , MAGNANTI T L , ORLIN J B . Network flows [R ] . School of Management Cambridge, MA , 1988 .

THOMPSON K , MILLER G J , WILDER R . Wide-area Internet traffic patterns and characteristics [J ] . Network , 1997 , 11 ( 6 ): 10 - 23 .

张广兴，张大方，谢高岗，等． Internet 城域出口链路流量测量与特征分析 [J ] . 电子学报 , 2007 , 35 ( 11 ): 2092 - 2097 .

ZHANG G X , ZHANG D F , XIE G G , et al . Internet traffic measure-ment and characteristic analysis on output link of metro area net-work [J ] . Acta Electronica Sinica , 2007 , 35 ( 11 ): 2092 - 2097 .

BAKSHI R , CUDRE M P , WYLOT M . A comparison of different data structures to store RDF data [R ] . 2013 .

GOGLIN S D , CORNETT L . Flexible and extensible receive side scaling: U.S. Patent 7,584,286 [P ] . 2009 - 9 - 1 .

WOO S , PARK K . Scalable TCP session monitoring with symmetric receive-side scaling [R ] . Korea: KAIST , 2012 .

VIEGA J , MESSIER M , CHANDRA P , . Network security with openssl:cryptography for secure communications [M ] . O'Reilly Media, Inc , 2002 .

KROYETZ T , ROGAWAY P . The software performance of authenti-cated-encryption modes [C ] // Fast Software Encryption. Springer Berlin Heidelberg , 2011 : 306 - 327 .

ALMEIDA V , BESTTAYROS A , CROYELLA M , et al . Characterizing reference locality in the WWW [C ] // Fourth International Conference on. Parallel and Distributed Information Systems. IEEE , 1996 : 92 - 103 .

葛敬国，唐海娜，鄂跃鹏，等．海云创新试验环境管控与服务系统总体设计 [J ] . 网络新媒体技术 , 2012 , 1 ( 6 ): 45 - 51 .

GE J G , TANG H N , E Y P , et al . The overall design of resource con-trol and service system in the sea-cloud innovative and experimental environment [J ] . Journal of Network New Media , 2012 , 1 ( 6 ): 45 - 51 .

浏览量

812

下载量

CSCD

文章被引用时，请邮件提醒。

提交

工具集

关联资源

暂无数据