A system and method for online real-time anonymization of ip flow data

Abstract

The invention provides online real-time anonymization system and method for IP stream data. The system comprises an IP stream data capturing module, an IP stream data anonymization module, an IP stream data storing module and an anonymization IP stream replaying module; the IP stream data capturing module is used for extracting data packet IP address information and data packet head information from received network traffic; the IP stream anonymization module is used for processing the IP address online and on real time by anonymization through anonymization algorithm during capturing the IP stream data; the IP stream data storing module is used for storing the IP stream data subjected to anonymization to a storing device; the anonymization IP stream replaying module is used for specifying source and target MAC addresses of a data packet to be replayed and re-calculating the check bit of an IP stream data packet head during replaying so as to replay the IP stream data subjected to anonymization online and on real time.

Description

technical field [0001] The invention relates to the technical field of flow capture and playback, in particular to an online real-time anonymization system and method for IP flow data. Background technique [0002] Network equipment testing is a key link to ensure the reliability and stability of network equipment. The existing testing technology uses traffic simulation testers such as Smartbits and TestCenter to generate simulated traffic to test network security equipment. This testing technology can no longer meet the requirements Network security equipment can correctly implement security protection functions in a higher-speed and more complex environment. The real traffic playback method is a network test method that captures and stores real network traffic and performs restoration and playback. This method can reproduce the actual network scene and achieve the purpose of investigating the function and performance of the system under test in the actual network environm...

AI Technical Summary

Problems solved by technology

The biggest disadvantage of this method is that the network traffic cannot be restored and played back in real time and the current network scene can not be reproduced during the traffic capture storage process.

The main performance is that for network equipment testing, first of all, the network equipment testing cycle is generally long, and a large amount of disk space is required to store the network traffic after capturing and storing the network traffic; secondly, the network traffic is unprocessed. What cannot be used is mainly to process the IP address in the traffic data packet. It takes a long time to process such a large network traffic; finally, it also takes a long time to restore and playback the network traffic offline. The current network scene cannot be reproduced in real time

For network equipment testing, precious test time is wasted, the test cycle is greatly extended, and real-time network scenarios cannot be used for security testing of network equipment

Images