Journal of Frontiers of Computer Science and Technology ›› 2014, Vol. 8 ›› Issue (1): 1-17.DOI: 10.3778/j.issn.1673-9418.1306030

Previous Articles     Next Articles

Network Flow Field: Theory and Method

XUE Yibo1,2+, WANG Dawei3, ZHANG Luoshi4   

  1. 1. Research Institute of Information Technology, Tsinghua University, Beijing 100084, China
    2. Tsinghua National Laboratory for Information Science and Technology, Tsinghua University, Beijing 100084, China
    3. National Computer Network Emergency Response Technical Team/Coordination Center of China, Beijing 100029, China
    4. School of Computer Science and Technology, Harbin University of Science and Technology, Harbin 150080, China
  • Online:2014-01-01 Published:2014-01-03

网络流场:理论和方法

薛一波1,2+,王大伟3,张洛什4   

  1. 1. 清华大学 信息技术研究院,北京 100084
    2. 清华大学 信息科学技术国家实验室(筹),北京 100084
    3. 国家计算机网络应急技术处理协调中心,北京 100029
    4. 哈尔滨理工大学 计算机科学与技术学院,哈尔滨 150080

Abstract: Along with the rapid development of Internet, the Internet service providers (ISPs) and network management departments are urgent to analyze the operating state of Internet, in order to guarantee the usability, stability and security of Internet. However, due to the rapidly growing user number, the ever increasing Internet bandwidth, the continuous change of traffic characteristics and the more and more complexity of the new emerging applications, it is facing with more and more challenges for network analysis. Therefore, in order to solve these issues, this paper proposes a novel analysis theory and method, named as network flow field. Network flow field not only concerns the “solid” metrics such as network packets and flows, but also pays more attention to the distribution and trend of network traffic, so it can reveal the traffic distribution and the relationship among network hosts, thus can reflect the social attributes of Internet. Based on the qualitative and quantitative analysis, network flow field theory and method can analyze the network deeply by using a new kind of view, it can not only obtain the basic statistical information of network traffic, bus also dig out its secret and implication information, such as timing relationship, state transition relationship, private network topology, key paths and key nodes, etc. The experimental results show that network flow field theory and method can achieve a good performance. Therefore, network flow field theory can provide the efficient framework and model for network traffic analysis, so as to guide the further research of network management, analysis and measurement field.

Key words: network flow field, node, communication behaviors, flow cluster, flow association

摘要: 随着互联网的迅猛发展,网络运营部门和网络管理部门迫切需要分析网络的运行状况,以保证网络的可用性、稳定性和安全性。然而,目前对网络运行状况的分析难度正逐渐增大,用户数量的快速增长,网络带宽的不断增加,网络流量的频繁变化以及新应用日趋复杂等,均给网络流量分析带来了巨大的挑战。因此,为了解决目前网络分析技术面临的难题和挑战,提出了一种网络流量分析的新型方法——网络流场理论和方法。网络流场不仅关注如数据包及网络流等“硬性”指标,而且更关注网络中的流量分布和发展趋势,因此能反映出网络流的分布以及节点之间的关系,从而反映网络的社会属性。网络流场以全新的视角对网络进行剖析,并进行定性和定量的分析,不仅能分析网络流量的基本信息,而且可以挖掘网络中的隐含信息,如时序关系、状态转换关系、私有网络拓扑、关键节点和关键路径等。实验结果表明,网络流场可以取得很好的分析效果,网络流场理论既可以有效地为现有的网络管理及网络分析提供更高层次的研究架构和研究模型,指导网络管理、分析、测量及安全保障等领域的研究和实践,又有利于网络的发展和技术的进步。

关键词: 网络流场, 节点, 通信行为, 流簇, 流关联