Distributed network traffic retrieval method and device

Abstract

The invention belongs to the technical field of real-time capture, storage and retrieval of network traffic, and particularly relates to a distributed network traffic retrieval method and device. The method comprises: acquiring data; recombining a session and extracting metadata; writing the session into a disk; and performing a distributed retrieval algorithm DSearch and data storage. The invention provides a distributed index establishment algorithm DIndex and a distributed retrieval algorithm DSearch, which can support distributed real-time high-speed network full-traffic storage, indexing and retrieval services, and satisfy the use requirements of users for high bandwidth and multiple branches.

Description

technical field

[0001] The invention belongs to the technical field of real-time capture, storage and retrieval of network traffic, and in particular relates to a distributed network traffic retrieval method and device. Background technique

[0002] In recent years, with the rapid development of the Internet, network bandwidth has increased dramatically, and the development of the Internet has brought more challenges to network security. Similar to surveillance cameras and surveillance video storage, query, and forensics equipment, real-time monitoring, storage analysis, and source traceability of network traffic have become a key method to ensure network security. In this way, network administrators can retrospectively analyze the abnormal network behavior and application communication data that have occurred, which is widely used in financial transactions, network forensics, network security and other fields.

[0003] For the field of real-time network traffic storage and...

Images