基于参数测量的三级网可靠性分析系统的设计与实现
|
摘要
随着信息技术的快速发展,网络的业务应用和规模快速增长。目前,政府、企业及校园都纷纷建立了大型局域网,其中许多网络都具有三层分级拓扑结构,简称三级网。网络运行状况及关键业务的服务质量已经成为三级网管理与维护必须要考虑的重要因素,网络关键链路性能瓶颈和整体网络的可靠性问题亟待解决。通过对网络流量与性能参数的分析来评价网络性能已经成为网络可靠性研究的重要手段。
本文在对现有的网络测量技术、网络性能需求分析进行研究的基础上,结合目标网络特点,设计并实现了一个基于参数测量的三级网可靠性分析系统,并对可靠性分析策略进行了研究。
首先,根据三级网的网络拓扑和网络行为特点构建了合理的可靠性监控体系。系统采用集中式控制、分布式测量的体系结构,运用监测服务器逻辑分层的方法和区域代理监测技术,通过在核心层设置顶级监测服务器和在关键网络节点设置区域代理监测服务器对全网的可靠性进行监测,提高了系统的监测效率并减轻了网络流量负载。
其次,研究了基于流量特征的网络性能分析技术,在分析现有网络性能评价指标体系在三级网性能评价中的不足的基础上,通过对基于流量特征的网络性能分析技术的研究,设计与实现了基于参数测量的三级网可靠性分析系统。系统采用SNMP RMON和WinPcap数据包捕获技术被动地测量网络流量,在得到原始数据的基础上,实现了网络设备信息显示、网络流量监控、异常流量预测与报警、应用业务统计及各种关键性能指标的TOP N统计等功能。
最后,针对现有网络性能监测系统的不足,结合流量采集方法,设计了基于宏观流量分析与微观流量特征/行为分析相结合的可靠性分析策略。通过对三级网宏观流量规律的研究,发现目标网络流量具有短时间随机的趋势性和长时间规律的周期性特点;根据这种特点,采用时间序列分析方法对宏观流量进行了预测和3σ报警;通过对WinPcap捕获的数据包的处理与分析,运用Fisher方法,从微观流量特征/行为的角度对可靠性参数指标进行分析与计算,得到可靠性分析结果。该策略的运用可以有效避免单纯使用单一策略分析三级网性能的不足,提高了可靠性分析的系统性、全面性和准确性。
实验表明,所设计的系统能较好的分析网络可靠程度,及时了解网络的负载状况、快速发现网络性能瓶颈,并能根据分析结果找到可靠度下降的原因。
With the rapid development of information technology, the business application and the scale of network grow rapidly. Large local area networks so far have been established in governments, enterprises and campuses one after another, most of which have hierarchical structure of three layers, so such network is called the three-layer network for short. Operation status of network and service quality of key business must be considered as important factors for management and maintenance of the three-layer network. The bottleneck of the key link performance and reliability issue of the whole network must be resolved. Evaluating the network performance by analysising network traffic and performance parameters has become an important means of network reliability research.
Based on study of existing methods of network measurement and requirement analysis on network performance, combined with characteristics of the target network, a three-layer network reliability analysis system based on parameters measurement is designed and implemented, the strategy of reliability analysis is also studied.
Firstly, according to the network topology and network behavior characteristics of the three-layer network, a reasonable reliability monitoring system is built. A monitoring architecture which is centralized control and distributed measurement is implemented in this system. Applying the measure of server logical layering and the technology of regional agency monitoring, the whole network is monitored by setting up top monitoring server in the core layer and regional agency monitors in the key nodes of the network, which improves the efficiency of monitoring and reduces the network traffic load.
Secondly, performance analysis based on flow characteristics of network is studied. Based on the study on drawbacks of existing network performance evaluation systems in evaluating the performance of the three-layer network, a three-layer network reliability analysis system based on parameters measurement is designed and implemented through investigation on network performance analysis based upon flow characteristics. SNMP RMON and packet capture technology of WinPcap are implemented to measure network traffic passively. As original data is received and processed, network equipment information display, network traffic monitoring, abnormal traffic prediction and alarm, application business statistics, TOP N statistics of a variety of key performance indexes and other functions are achieved.
Finally, as current network performance monitoring systems have drawbacks, combined with the methods of monitoring flow, a reliability analysis strategy based on the combine of macro-flow analysis and micro-flow characteristics/behavior analysis is designed. Through the study on the macro-flow laws of the three-layer network, it can be found that the target network traffic holds short-term stochastic trend and cyclical nature of a long time. According to those characteristics, the time series analysis method to predicting and alarming in 3σmethod for macro-flow is used. By processing and analysing the flow packets by WinPcap, a reliability analysis method named Fisher is put forward and reliability parameters are analysed and calculated from the view of the micro-flow characteristics/behavior. By the application of such strategy the drawbacks of using only one strategy to analyse the performance of the three-layer network can be avoided, and the reliability analysis be more systematic, comprehensive and accurate.
The experimental results show that the proposed system can analyse the reliability of the network more effectively, keep abreast of the network load conditions, rapidly discover the bottleneck of network performance and find out the reasons of the decline of reliability according to the analysis results.
本文在对现有的网络测量技术、网络性能需求分析进行研究的基础上,结合目标网络特点,设计并实现了一个基于参数测量的三级网可靠性分析系统,并对可靠性分析策略进行了研究。
首先,根据三级网的网络拓扑和网络行为特点构建了合理的可靠性监控体系。系统采用集中式控制、分布式测量的体系结构,运用监测服务器逻辑分层的方法和区域代理监测技术,通过在核心层设置顶级监测服务器和在关键网络节点设置区域代理监测服务器对全网的可靠性进行监测,提高了系统的监测效率并减轻了网络流量负载。
其次,研究了基于流量特征的网络性能分析技术,在分析现有网络性能评价指标体系在三级网性能评价中的不足的基础上,通过对基于流量特征的网络性能分析技术的研究,设计与实现了基于参数测量的三级网可靠性分析系统。系统采用SNMP RMON和WinPcap数据包捕获技术被动地测量网络流量,在得到原始数据的基础上,实现了网络设备信息显示、网络流量监控、异常流量预测与报警、应用业务统计及各种关键性能指标的TOP N统计等功能。
最后,针对现有网络性能监测系统的不足,结合流量采集方法,设计了基于宏观流量分析与微观流量特征/行为分析相结合的可靠性分析策略。通过对三级网宏观流量规律的研究,发现目标网络流量具有短时间随机的趋势性和长时间规律的周期性特点;根据这种特点,采用时间序列分析方法对宏观流量进行了预测和3σ报警;通过对WinPcap捕获的数据包的处理与分析,运用Fisher方法,从微观流量特征/行为的角度对可靠性参数指标进行分析与计算,得到可靠性分析结果。该策略的运用可以有效避免单纯使用单一策略分析三级网性能的不足,提高了可靠性分析的系统性、全面性和准确性。
实验表明,所设计的系统能较好的分析网络可靠程度,及时了解网络的负载状况、快速发现网络性能瓶颈,并能根据分析结果找到可靠度下降的原因。
With the rapid development of information technology, the business application and the scale of network grow rapidly. Large local area networks so far have been established in governments, enterprises and campuses one after another, most of which have hierarchical structure of three layers, so such network is called the three-layer network for short. Operation status of network and service quality of key business must be considered as important factors for management and maintenance of the three-layer network. The bottleneck of the key link performance and reliability issue of the whole network must be resolved. Evaluating the network performance by analysising network traffic and performance parameters has become an important means of network reliability research.
Based on study of existing methods of network measurement and requirement analysis on network performance, combined with characteristics of the target network, a three-layer network reliability analysis system based on parameters measurement is designed and implemented, the strategy of reliability analysis is also studied.
Firstly, according to the network topology and network behavior characteristics of the three-layer network, a reasonable reliability monitoring system is built. A monitoring architecture which is centralized control and distributed measurement is implemented in this system. Applying the measure of server logical layering and the technology of regional agency monitoring, the whole network is monitored by setting up top monitoring server in the core layer and regional agency monitors in the key nodes of the network, which improves the efficiency of monitoring and reduces the network traffic load.
Secondly, performance analysis based on flow characteristics of network is studied. Based on the study on drawbacks of existing network performance evaluation systems in evaluating the performance of the three-layer network, a three-layer network reliability analysis system based on parameters measurement is designed and implemented through investigation on network performance analysis based upon flow characteristics. SNMP RMON and packet capture technology of WinPcap are implemented to measure network traffic passively. As original data is received and processed, network equipment information display, network traffic monitoring, abnormal traffic prediction and alarm, application business statistics, TOP N statistics of a variety of key performance indexes and other functions are achieved.
Finally, as current network performance monitoring systems have drawbacks, combined with the methods of monitoring flow, a reliability analysis strategy based on the combine of macro-flow analysis and micro-flow characteristics/behavior analysis is designed. Through the study on the macro-flow laws of the three-layer network, it can be found that the target network traffic holds short-term stochastic trend and cyclical nature of a long time. According to those characteristics, the time series analysis method to predicting and alarming in 3σmethod for macro-flow is used. By processing and analysing the flow packets by WinPcap, a reliability analysis method named Fisher is put forward and reliability parameters are analysed and calculated from the view of the micro-flow characteristics/behavior. By the application of such strategy the drawbacks of using only one strategy to analyse the performance of the three-layer network can be avoided, and the reliability analysis be more systematic, comprehensive and accurate.
The experimental results show that the proposed system can analyse the reliability of the network more effectively, keep abreast of the network load conditions, rapidly discover the bottleneck of network performance and find out the reasons of the decline of reliability according to the analysis results.
引文
[1]第25次中国互联网络发展状况统计报告.http://www.cnnic.net.cn/in ndex/0E/ 00/11/2010.1
[2] (美)萨伯拉曼尼安.网络管理.清华大学出版社,2003:164-266
[3] Vern P., Jamshid M., Andrew A., Matt M.. An Architecture for Large-Scale Inter- net Measurement. IEEE Communications, 1998, 36(8): 1-9
[4] Frank H., Frisch I.. Analysis and Design of Survivable Network. IEEE Trans. On Communication Technology, 1970, 18(5): 55-60
[5] Sawionek B., Wojciechowski J., Arabas J.. Synthesis of reliable networks in the presence of line failures. Circuits and Systems, 2000. Proceedings. ISCAS 2000 Geneva. The 2000 IEEE International Symposium on, 2000, 1(4): 649-653
[6] Aggarwal K. K., Chopra Y. C., Bajwaj S.. Capacity consideration in reliability analyis of communication systems. IEEE Trans Reliability, 1982, 31(2): 177-188
[7]潘勇.通信网可靠性指标研究.电子产品可靠性与环境试验,2006,24(1):1-5
[8] Kyandoghere K.. Survivability Performance Analysis of Rerouting Strategies in an ATM/VP DCS Survivable Mesh Network. Computer Communication Review, 1998, 28(5): 22-30
[9] Behr A., Camarinopoulos L., Pampoukis G.. Domination of K-out-of-n system. IEEE Transactions on Reliability, 1995, 44(4): 705-708
[10]网络可用性工具NAP.http://www.cctech.com.cn/product_isograph_nap.asp/
[11]中国可靠性网.RelEngTech可靠性综合评价软件平台http://www.kekaoxing.com/soft/softintr/200809/buaa-RelEngTech.html/
[12]北京航空航天大学可靠性系统工程研究室.http://rms.buaa.edu.cn/html/kexuey anjiu/yanjiufangxiang/20061219/137.html/
[13]杜飞龙.面向SOHU的智能路由器:华为3Com发布Quidway AR 18系列路由器.微电脑世界,2004(7):13-15
[14] Will E. L., Murad S. T., Walter W., Daniel V. W.. On the self-similar nature of Ethernet traffic. 1994(2): 1-15
[15] Duffield N.G., Lund C., Thorup M.. Estimating flow distributions from sampled flow statistics. IEEE/ACM Transactions on Networking, 2005(13): 325-336
[16]中国招标采购导航网.信息网前沿技术研究:通信网络动态仿真:新产品新技术. http://www.chinainfoseek.com.cn/info_class/pro_tec_new/view.php?protec242
[17]张宏莉,方滨兴,有铭曾,姜誉,詹春艳,张树峰. Internet测量与分析综述.软件学报,2003(1):111-115
[18] Holt, Alan. Network Performance Analysis. Hardcover, 2008
[19]“网络测试”中科院计算技术研究.http://www.ict.ac.cn/kexuelindex.htm
[20] Wolski R., Spring N., Hayes J.. The Network Weather Service: A Distributed Resource Performance Forecasting Service for Metacomputing. Journal of Future Generation Computing Systems, Oct. 1999, 15(5-6): 757-768
[21] Hanemann A, Boote J. W., Boyd E. L.. PerfSONAR: A Service Oriented Architecture for Multi-Domain Network Monitoring. Proceedings of the Third International Conference on Service Oriented Computing(ACM SIGSOFT and SIGWEB), Springer Verlag, LNCS 3826, Amsterdam, The Netherlands, 2005: 241-254
[22]王达光,甘井中.端到端网络测量系统设计与应用.中国教育网络,2007(10):66-70
[23]陈鸣,李兵,杨扬,沙昆.分布式网络性能监测系统.电信科学,2003,19(5):35-40
[24] Sarasamma S., Zhu Q., Huff J.. Hierarchical kohonenen net for anomaly detection in network security, IEEE Transactions on Systems, Man and Cybernetics-PART B: Cybernetics, 2005, 35(2): 302-312
[25] SNMP MONITORING: RMON MIB. http://www.et.put.poznan.pl/snmp/monitor -ing/mormon0.html
[26] Paxson V., Almes G., Mahdavi J., etc. Framework for IP Performance Metrics. http://www.faqs.org/rfcs/rfc2330.html,1998-05
[27] Holt, Alan. Network Performance Analysis. Hardcover,2008
[28]杨雅辉,李小东.IP网络性能指标体系的研究.通信学报,2002,23(11): 1-7
[29] Papagiannaki K., Taft N., Zhang Z. L.. Long-term forecasting of Internet backbone traffic: Observations and initial models. Proceedings of the INFOCOM, London, UK, 2003: 753-764
[30] W. Richard Stevens. TCP/IP Illustrated, Volume 1: The Protocols. Addison Wesley, 1994
[31] Thottan M., Ji C., Anomaly detection in ip networks. IEEE Transaction on Signal Processing, 2008(08): 5108-5112
[32] Casado M., Garfinkel T., Cui W.. Opportunistic Mesaurement: Extracting Insight from Spurious Traffic. In: Proc of HOTNETS 2005, San Diego, CA, January 2005: 27-39
[33] Barford P., Plonka D.. Characteristics of network traffic flow anomalies. Proceedings of the 1st ACM SIGCOMM Workshop on Internet Measurement, San Francisco, 2001: 69-73
[34] Lakhina A., Crovella M., Diot C.. Characterization of Network Wide Anomalies in Traffic Flows. Internet Measurement Conference, 2004
[35] Lakhina A., Crovella M., Diot C.. Mining Anomalies Using Traffic Feature Distr- ibutions. In ACM SIGCOMM, Philadelphia, August 2005
[36] Cormode G., Muthukrishnan S.. What’s new: finding significant differences in network data streams. IEEE/ACM Transactions on Networking, 2005, 13(6):1219-1232
[37] Sommers J., Barford P., Willinger W.. A Visualization Tool for Mining Internet Measurements. In: Proc of Passive and Active Measurement Conference, March 2006: 601-610
[38] Konstantina Papagiannaki, Rene Cruz, Christophe Diot. Network performance monitoring at small time scales. Internet Measurement Conference Proceedings of the 3rd ACM sigcomm conference on Internet measurement, 2003: 295-300
[39] Vern Paxson, Andrew Adams, Matt M.. Experiences with NIMI In proceedings of Passive and Active Measurement, 2000
[40] Kc Claffy, Sean Mc Creary. Internet Measurement and data analysis: passive and active measurement. http://www.caida.org/outreach/1999
[41] Vern Paxson, Jamshid Mahdavi, Andrew Adama, et al. An Architecture for Large -Scale Internet Measurement. IEEE Communications, 1998, 36(8): 48-54
[42] Sharad Jaiswal, Gianluca Iannaccone, Jim Kurose. Formal Analysis of Passive Measurement Inference Techniques. In: Proc of Infocom06. Barcelona: IEEE, 2006: 407-418
[43] IPPM, The Internet Engineering Task Force, http://www.ietf.org
[44] K. McCloghrie, M. Rose. RFC1213: Management information base for network management of TCP/IP-based internets: MIB-II. Network Working Group, March 1991
[45]杨建华,谢高岗,李忠诚.基于Linux内核的流量分析方法.计算机工程, 2006,32 (08):67-69
[46] Cisco Systems. Cisco Netflow Introduction[EB/OL]. http://www.cisco.com/warp /public/732/Tech/nmp/netflow/index.shtml,2005
[47]武孟军,任相臣.Visual C++开发基于SNMP的网络管理软件(第二版).人民邮电出版社,2009
[48] Case J., et al. Introduction and Applicability Statements for Internet Standard Management Framework. RFC 3410, December 2002
[49] Harrington D., et al. An Architecture for Describing Simple Network Management Protocol(SNMP)Management Frameworks. RFC 3411, December 2002
[50] Tech Web技术社区,网络监听技术概览.http://tech.techweb.com.cn/thread1-528-1 -1.html,2007.03.04
[51] WinPcap网站.http://www.winpcap.org/default.htm,2008.01
[52]程光,龚剑,丁伟.基于抽样测量的高速网络实时异常检测模型.软件学报,2003, 14(3):594-599
[53] Chomsiri, Thawatchai. Sniffing Packets on LAN without ARP Spoofing. Covergence and Hybrid Information Technology, ICCIT, 2008 Third International Conference, 2008: 472-477
[54] Zhang Jiang, Moore, Andrew. Traffic Trace Artifacts due to Monitoring Via Port Mirroring. End-to-End Monitoring Techniques and Services, 2007 Workshop on:Munich, Germany, 2007: 1-8
[55]杨叔子,吴雅,轩建平等.时间序列分析的工程应用(第二版).华中科技大学出版社,2007
[56] Rich Wolski. Forecasting network performance to support dynamic scheduling using the network weather service[DB/OL]. UCSD Technical Report, TR-CS96- 494, http://citeseer.nj.nec.com/wolski98dynamically.html
[57] Mohamed Faten Zhani, Halima Elbiaze, Farouk Kamoun. Analysis and Prediction of Real Network Traffic. Journal of Network, 2009, 4(9): 855-865
[58] Yuanchang Xie, Yunlong Zhang. A Wavelet Network Model for Short-Term Traffic Volume Forecasting. Intelligent Transportation Systems, 2006, 3(10): 141-150
[59] Iarina Marian, Vasile Dadarlat, Bogdan lancu. A comparative study of the statisticall methods suitable for network traffic estimation. Proceedings of the 13th WSEAS international conference on Communications, 2009, 99-104
[60]李裕奇.概率论与数理统计(第三版).国防工业出版社,2009
[61]腾云,肖晓强,李皓平,胡华平.网络可靠性分析系统的设计与实现.微计算机信息, 2008.3:29-31
[62]薛鹏,肖晓强,李皓平,胡华平.基于参数测量的网络可靠性分析系统实现.微计算机信息,2008.3:40-42
[63]李达.基于流量采集与参数测量的网络可靠性分析系统的设计与实现[D].国防科学技术大学,2009
[64]唐启义,冯明光.DPS数据处理系统:实验设计?统计分析及数据挖掘.科学出版社,2007
[65]明日科技.Visual C#开发技术大全.人民邮电出版社,2007
[66]刘奎,付青,张权.SQL Server 2008从入门到精通.化学工业出版社,2009
[67] Su Bing, Yu Haiyang, Lu Jieru, Ma Zhenghua. Traffic Optimization on the Dynamic Switching of ABR for OSPF Networks. International Conference on Information Technology and Computer Science: ITCS 2009: 429-432
[68] Waldbusser S..“Remote Network Monitoring Monitoring Management Information Base.”RFC 1757, February 1995
[2] (美)萨伯拉曼尼安.网络管理.清华大学出版社,2003:164-266
[3] Vern P., Jamshid M., Andrew A., Matt M.. An Architecture for Large-Scale Inter- net Measurement. IEEE Communications, 1998, 36(8): 1-9
[4] Frank H., Frisch I.. Analysis and Design of Survivable Network. IEEE Trans. On Communication Technology, 1970, 18(5): 55-60
[5] Sawionek B., Wojciechowski J., Arabas J.. Synthesis of reliable networks in the presence of line failures. Circuits and Systems, 2000. Proceedings. ISCAS 2000 Geneva. The 2000 IEEE International Symposium on, 2000, 1(4): 649-653
[6] Aggarwal K. K., Chopra Y. C., Bajwaj S.. Capacity consideration in reliability analyis of communication systems. IEEE Trans Reliability, 1982, 31(2): 177-188
[7]潘勇.通信网可靠性指标研究.电子产品可靠性与环境试验,2006,24(1):1-5
[8] Kyandoghere K.. Survivability Performance Analysis of Rerouting Strategies in an ATM/VP DCS Survivable Mesh Network. Computer Communication Review, 1998, 28(5): 22-30
[9] Behr A., Camarinopoulos L., Pampoukis G.. Domination of K-out-of-n system. IEEE Transactions on Reliability, 1995, 44(4): 705-708
[10]网络可用性工具NAP.http://www.cctech.com.cn/product_isograph_nap.asp/
[11]中国可靠性网.RelEngTech可靠性综合评价软件平台http://www.kekaoxing.com/soft/softintr/200809/buaa-RelEngTech.html/
[12]北京航空航天大学可靠性系统工程研究室.http://rms.buaa.edu.cn/html/kexuey anjiu/yanjiufangxiang/20061219/137.html/
[13]杜飞龙.面向SOHU的智能路由器:华为3Com发布Quidway AR 18系列路由器.微电脑世界,2004(7):13-15
[14] Will E. L., Murad S. T., Walter W., Daniel V. W.. On the self-similar nature of Ethernet traffic. 1994(2): 1-15
[15] Duffield N.G., Lund C., Thorup M.. Estimating flow distributions from sampled flow statistics. IEEE/ACM Transactions on Networking, 2005(13): 325-336
[16]中国招标采购导航网.信息网前沿技术研究:通信网络动态仿真:新产品新技术. http://www.chinainfoseek.com.cn/info_class/pro_tec_new/view.php?protec242
[17]张宏莉,方滨兴,有铭曾,姜誉,詹春艳,张树峰. Internet测量与分析综述.软件学报,2003(1):111-115
[18] Holt, Alan. Network Performance Analysis. Hardcover, 2008
[19]“网络测试”中科院计算技术研究.http://www.ict.ac.cn/kexuelindex.htm
[20] Wolski R., Spring N., Hayes J.. The Network Weather Service: A Distributed Resource Performance Forecasting Service for Metacomputing. Journal of Future Generation Computing Systems, Oct. 1999, 15(5-6): 757-768
[21] Hanemann A, Boote J. W., Boyd E. L.. PerfSONAR: A Service Oriented Architecture for Multi-Domain Network Monitoring. Proceedings of the Third International Conference on Service Oriented Computing(ACM SIGSOFT and SIGWEB), Springer Verlag, LNCS 3826, Amsterdam, The Netherlands, 2005: 241-254
[22]王达光,甘井中.端到端网络测量系统设计与应用.中国教育网络,2007(10):66-70
[23]陈鸣,李兵,杨扬,沙昆.分布式网络性能监测系统.电信科学,2003,19(5):35-40
[24] Sarasamma S., Zhu Q., Huff J.. Hierarchical kohonenen net for anomaly detection in network security, IEEE Transactions on Systems, Man and Cybernetics-PART B: Cybernetics, 2005, 35(2): 302-312
[25] SNMP MONITORING: RMON MIB. http://www.et.put.poznan.pl/snmp/monitor -ing/mormon0.html
[26] Paxson V., Almes G., Mahdavi J., etc. Framework for IP Performance Metrics. http://www.faqs.org/rfcs/rfc2330.html,1998-05
[27] Holt, Alan. Network Performance Analysis. Hardcover,2008
[28]杨雅辉,李小东.IP网络性能指标体系的研究.通信学报,2002,23(11): 1-7
[29] Papagiannaki K., Taft N., Zhang Z. L.. Long-term forecasting of Internet backbone traffic: Observations and initial models. Proceedings of the INFOCOM, London, UK, 2003: 753-764
[30] W. Richard Stevens. TCP/IP Illustrated, Volume 1: The Protocols. Addison Wesley, 1994
[31] Thottan M., Ji C., Anomaly detection in ip networks. IEEE Transaction on Signal Processing, 2008(08): 5108-5112
[32] Casado M., Garfinkel T., Cui W.. Opportunistic Mesaurement: Extracting Insight from Spurious Traffic. In: Proc of HOTNETS 2005, San Diego, CA, January 2005: 27-39
[33] Barford P., Plonka D.. Characteristics of network traffic flow anomalies. Proceedings of the 1st ACM SIGCOMM Workshop on Internet Measurement, San Francisco, 2001: 69-73
[34] Lakhina A., Crovella M., Diot C.. Characterization of Network Wide Anomalies in Traffic Flows. Internet Measurement Conference, 2004
[35] Lakhina A., Crovella M., Diot C.. Mining Anomalies Using Traffic Feature Distr- ibutions. In ACM SIGCOMM, Philadelphia, August 2005
[36] Cormode G., Muthukrishnan S.. What’s new: finding significant differences in network data streams. IEEE/ACM Transactions on Networking, 2005, 13(6):1219-1232
[37] Sommers J., Barford P., Willinger W.. A Visualization Tool for Mining Internet Measurements. In: Proc of Passive and Active Measurement Conference, March 2006: 601-610
[38] Konstantina Papagiannaki, Rene Cruz, Christophe Diot. Network performance monitoring at small time scales. Internet Measurement Conference Proceedings of the 3rd ACM sigcomm conference on Internet measurement, 2003: 295-300
[39] Vern Paxson, Andrew Adams, Matt M.. Experiences with NIMI In proceedings of Passive and Active Measurement, 2000
[40] Kc Claffy, Sean Mc Creary. Internet Measurement and data analysis: passive and active measurement. http://www.caida.org/outreach/1999
[41] Vern Paxson, Jamshid Mahdavi, Andrew Adama, et al. An Architecture for Large -Scale Internet Measurement. IEEE Communications, 1998, 36(8): 48-54
[42] Sharad Jaiswal, Gianluca Iannaccone, Jim Kurose. Formal Analysis of Passive Measurement Inference Techniques. In: Proc of Infocom06. Barcelona: IEEE, 2006: 407-418
[43] IPPM, The Internet Engineering Task Force, http://www.ietf.org
[44] K. McCloghrie, M. Rose. RFC1213: Management information base for network management of TCP/IP-based internets: MIB-II. Network Working Group, March 1991
[45]杨建华,谢高岗,李忠诚.基于Linux内核的流量分析方法.计算机工程, 2006,32 (08):67-69
[46] Cisco Systems. Cisco Netflow Introduction[EB/OL]. http://www.cisco.com/warp /public/732/Tech/nmp/netflow/index.shtml,2005
[47]武孟军,任相臣.Visual C++开发基于SNMP的网络管理软件(第二版).人民邮电出版社,2009
[48] Case J., et al. Introduction and Applicability Statements for Internet Standard Management Framework. RFC 3410, December 2002
[49] Harrington D., et al. An Architecture for Describing Simple Network Management Protocol(SNMP)Management Frameworks. RFC 3411, December 2002
[50] Tech Web技术社区,网络监听技术概览.http://tech.techweb.com.cn/thread1-528-1 -1.html,2007.03.04
[51] WinPcap网站.http://www.winpcap.org/default.htm,2008.01
[52]程光,龚剑,丁伟.基于抽样测量的高速网络实时异常检测模型.软件学报,2003, 14(3):594-599
[53] Chomsiri, Thawatchai. Sniffing Packets on LAN without ARP Spoofing. Covergence and Hybrid Information Technology, ICCIT, 2008 Third International Conference, 2008: 472-477
[54] Zhang Jiang, Moore, Andrew. Traffic Trace Artifacts due to Monitoring Via Port Mirroring. End-to-End Monitoring Techniques and Services, 2007 Workshop on:Munich, Germany, 2007: 1-8
[55]杨叔子,吴雅,轩建平等.时间序列分析的工程应用(第二版).华中科技大学出版社,2007
[56] Rich Wolski. Forecasting network performance to support dynamic scheduling using the network weather service[DB/OL]. UCSD Technical Report, TR-CS96- 494, http://citeseer.nj.nec.com/wolski98dynamically.html
[57] Mohamed Faten Zhani, Halima Elbiaze, Farouk Kamoun. Analysis and Prediction of Real Network Traffic. Journal of Network, 2009, 4(9): 855-865
[58] Yuanchang Xie, Yunlong Zhang. A Wavelet Network Model for Short-Term Traffic Volume Forecasting. Intelligent Transportation Systems, 2006, 3(10): 141-150
[59] Iarina Marian, Vasile Dadarlat, Bogdan lancu. A comparative study of the statisticall methods suitable for network traffic estimation. Proceedings of the 13th WSEAS international conference on Communications, 2009, 99-104
[60]李裕奇.概率论与数理统计(第三版).国防工业出版社,2009
[61]腾云,肖晓强,李皓平,胡华平.网络可靠性分析系统的设计与实现.微计算机信息, 2008.3:29-31
[62]薛鹏,肖晓强,李皓平,胡华平.基于参数测量的网络可靠性分析系统实现.微计算机信息,2008.3:40-42
[63]李达.基于流量采集与参数测量的网络可靠性分析系统的设计与实现[D].国防科学技术大学,2009
[64]唐启义,冯明光.DPS数据处理系统:实验设计?统计分析及数据挖掘.科学出版社,2007
[65]明日科技.Visual C#开发技术大全.人民邮电出版社,2007
[66]刘奎,付青,张权.SQL Server 2008从入门到精通.化学工业出版社,2009
[67] Su Bing, Yu Haiyang, Lu Jieru, Ma Zhenghua. Traffic Optimization on the Dynamic Switching of ABR for OSPF Networks. International Conference on Information Technology and Computer Science: ITCS 2009: 429-432
[68] Waldbusser S..“Remote Network Monitoring Monitoring Management Information Base.”RFC 1757, February 1995