基于宣告式网络的网络溯源系统的设计与实现

计算机科学 ›› 2014, Vol. 41 ›› Issue (4): 163-167.

基于宣告式网络的网络溯源系统的设计与实现

高翔,王晓,王敏

西北工业大学计算机学院西安710072;西北工业大学计算机学院西安710072;空军工程大学电讯工程学院西安710077

出版日期:2018-11-14 发布日期:2018-11-14
基金资助:
本文受国家科技支撑计划(2012BAB15B01)资助

Design and Implementation of Network Provenance System Based on Declarative Networking

GAO Xiang,WANG Xiao and WANG Min

Online:2018-11-14 Published:2018-11-14

摘要/Abstract

摘要： 网络的举证分析、错误诊断在网络管理和安全方面正发挥着越来越重要的作用。这就要求网络管理系统具有网络溯源的功能。网络溯源可以用于跟踪信息在网络上流传的轨迹,确定信息数据来源。提出了一个网络溯源系统(NPS)框架的设计与实现,该框架可以支持在大规模的分布式环境中获得网络溯源,采用了新近提出的宣告式网络技术来有效地维护和查询分布式网络溯源。该框架采用基于引用的方式来传递溯源信息,采用有向无环图来表示溯源信息,在分布式网络中实现了高效的网络溯源。在ns-3构建的模拟网络中进行了仿真实验,实验结果表明该网络溯源系统框架可以有效地支持一个大规模分布式网络的溯源计算,与传统方法相比显著地减少了带宽的开销。

关键词: 网络溯源,宣告式网络技术,分布式查询处理,查询优化

Abstract: Network forensic analysis and fault diagnosis are becoming increasingly important in network management and network security domain．This requires network management system has the ability to query network metadata．For instance,network provenance can be used in tracking the path of dataflow through the network to obtain the source of data．This paper presented the design and implementation of a network provenance system (NPS) framework.The framework is used to support the full range of functionality required for enabling forensics in distributed systems．We adopted the declarative networking technique in the networking domain to maintain and query distributed network provenance．The framework adopts a reference-based approach to transfer provenance information and a cyclic graph to represent the provenance information,implementing efficient network provenance in distributed network.Simulation experiments were conducted in simulated network.The experiment results indicate that our network provenance system can support provenance process in a large-scale distributed network and significantly reduce bandwidth cost compared to traditional approach.

Key words: Network provenance,Declarative networking,Distributed query processing,Query optimization

高翔,王晓,王敏. 基于宣告式网络的网络溯源系统的设计与实现[J]. 计算机科学, 2014, 41(4): 163-167. https://doi.org/

GAO Xiang,WANG Xiao and WANG Min. Design and Implementation of Network Provenance System Based on Declarative Networking[J]. Computer Science, 2014, 41(4): 163-167. https://doi.org/

参考文献

[1] Buneman P,Khanna S,Wang C T．Why and where:A characteri-zation of data provenance[C]∥Proceedings of the International Conference on Database Theory (ICDT)．2001
[2] Callahan S,Freire J,Santos E,et al．VisTrails:Visualizationmeets data management[C]∥Proceedings of ACM SIGMOD International Conference on Management of Data (SIGMOD)．2006
[3] Liu M,Taylor N E,Zhou W,et al.Recursive Computation of Regions and Connectivity in Networks[C]∥ICDE．2009
[4] Zhou W,Sherr M,Tao T,et al.Efficient querying and maintenance of network provenance at internet-scale[C]∥SIGMOD．2010
[5] Karvounarakis G,GIves Z,Tannen V．Querying data provenance[C]∥SIGMOD’10Proceedings of the 2010International Conference on Management of Data．2010:951-962
[6] Green T J,Karvounarakis G,Taylor N E,et al.ORCHESTRA:Facilitating collaborative data sharing[C]∥Proceedings of ACM SIGMOD International Conference on Management of Data (SIGMOD)．2007
[7] Cohen-Boulakia S,Biton O,Cohen S,et al.Addressing the prove-nance challenge using zoom [J]．Concurrency and Computation:Practice and Experience,2008,20:497-450
[8] Ikeda R,Park H,Widom J．Provenance for generalized map and reduce workflows[C]∥Proceedings of Biennial Conference on Innovative Data System Research (CIDR)．2011
[9] System W,Altintas I,Barney O,et al.Provenance collectionsupport in the kepler scientific workflow system[C]∥Procee-dings of the International Provenance and Annotation Workshop (IPAW)．2006
[10] Hasan R,Sion R,Winslett M．Preventing history forgery with secure provenance[J].ACM Transactions on Storage (TOS),2009,5(4):1-43
[11] Green T J,Karvounarakis G,Tannen V．Provenance semirings[C]∥Proceedings of the ACM Symposium on Principles of Database Systems(PODS)．2007
[12] Network Simulator 3.http://www.nsnam.org/
[13] Liu X,Guo Z,Wang X,et al.D3S:Debugging Deployed Distributed Systems[C]∥NSDI．2008
[14] RapidNet.http://netdb.cis.upenn.edu/rapidnet/
[15] Loo B T,Condie T,Garofalakis M,et al．Declarative Networking[C]∥CACM．2009
[16] 万亚平,冯丹,欧阳利军,等.一种适用于P2P存储系统的自反馈故障检测算法[J].计算机科学,2010,7(2):48-52

Metrics

Viewed

Full text

Abstract

Cited

Shared

Discussed