巨量網路資料之互動式安全分析系統

Abstract

現今網路流量已以往無法想像的速度成長；網路犯罪亦隱身在龐大的網路流量中。為協助資安人員快速且有效率地為在網路流量中找出可做為呈堂供證的通聯記錄，我們提出了將網路流量視覺化的互動式查詢系統－NetActy。在本論文中對NetActy的互動性以及視覺化過程進行改進，藉由考慮節點間工作量的平衡以及Data Locailty，目的為了使計算節點執行時間平衡以達到互動程度的回應時間。本論文將工作量分配制定成一個Linear Programming問題，並提出經驗解－Algorithm 1以期在多項式時間內解決；視覺化部分，我們為每個查詢視圖做快取以及利用Multicast技術來加速處理。最後於實驗中，我們衡量Algorithm 1的效能確認其能夠在不違背Data Locality的情況下平衡節點間工作量；此外在視覺化部分所遇到的問題我們亦參考現行作業系統的做法來解決。

As the network volume grows rapidly, network crimes can hide behind the huge network traffic. In order to let IT security people find evidences fastly and effectively from such a huge network traffic, we proposed a interactive, visualable network query system－NetActy. In this thesis, we improve the interactivity and visualization process, by takeing the balance between workload and data locality into consider. We formulate the job assignment problem into a Linear Programming problem and solve it by a heuristic solution－Algorithm 1. In the last, we evaluate the performance of Algorithm 1 and make sure that Algorithm 1 can actually balance the workload without violating data locality. Besides, we solve the problem encountered in visualization part by applying current OS’s solution.