【作者】 王洪波；

【导师】 程时端；

【作者基本信息】 北京邮电大学 ， 计算机应用技术， 2006， 博士

【摘要】 近年来，互联网测量已经成为研究和管理互联网的基础。由于互联网的异质性和高速化特点，目前的网络测量系统在不同程度上缺乏可扩展性，不能适应当前及未来的测量需求。本文重点研究端到端单向时延测量、高速网络中流量测量、网络安全测量中超连接主机检测等方面中的可扩展性问题及其关键算法，以提高网络测量系统的性能。论文的工作主要包括以下几个方面： (1) 互联网测量中端系统时钟的时钟频差和时钟重置会给单向时延测量引入严重的误差，针对此问题，本文提出了一个基于模糊聚类分析的算法来检测并消除这些误差。大量实验表明：与同类算法相比，该算法有更好的准确性和鲁棒性。而且此算法时间复杂度为O(N)。 (2) 目前通用的流量测量解决方案NetFlow在互联网流量迅猛增长的条件下存在可扩展性问题，针对NetFlow中抽样方法的不足，本文提出了一种基于测量缓存区的时间分层分组抽样方法。通过理论分析，证明了抽样估计的无偏性，并推导出估计值相对标准差的理论上界。实验结果表明：该方法在保证测量准确性的同时具有简单性、自适应性及资源可控性等优点。 (3) 为适应高速网络中流量测量的准确性需求，提出了一种基于LRU大流检测算法。它引入了“小流早期丢弃”和“大流预保护”机制以提高准确性。实验结果显示：与已有算法相比，新算法具有更高的测量准确性和实用性。更多还原

【Abstract】 Recently, network measurement has become the key to the management and research of Internet. However, the scalability of the existing network measurement systems has been challenged by the heterogeneity and high-speed trend of Internet. This dissertation discusses the scalability issues and related key algorithms of network measurement systems. It focuses on the scalability problems of three aspects for improving the performance of network measurement systems: end to end one-way delay measurement, traffic measurement on high-speed network, identifying super-connection hosts in network security detection. The main contributions are as follows:(1) The clock skew and resets of the end-systems will result in serious error in one-way delay measurement. A new algorithm based on the Fuzzy clustering analysis is proposed to estimate and remove the clock skew and resets from one-way delay measurement results. Numerical experiments demonstrate that this algorithm is more accurate and robust than existing algorithms. Additionally, the new algorithm has time complexity of O(N).(2) The Netflow scheme commonly used in traffic measurement is not scalable when the traffic increases rapidly or traffic bloom (e.g. DDos) happens. A measurement-buffer-based time-stratified packet sampling method is proposed to overcome Netflow’s shortcomings. Theoretical更多还原