ISCAS OpenIR  > 中科院软件所  > 中科院软件所
作者: 王绍恒
答辩日期: 2004
专业: 计算机软件与理论
授予单位: 中国科学院软件研究所
授予地点: 中国科学院软件研究所
学位: 博士
关键词: 事件检测 ; 生流控 ; 文件系统 ; 时间约束
其他题名: Research and Application of Event Detecting Methods based on Dynamic Rules
摘要: 目前文件系统的安全性检测已成为入侵检测系统的重要组成部分,而对文件系统的吐能监控也产生很多研究成果。虽然它们同为文件系统监控的重要组成部分,但长期以来各自为阵,缺乏一种方便灵活的机制高效地把它们集成到文件系统监控的统一框架下;更进一步,随着网络技术的不断发展进步,以网络为中心的分布式系统日益成为信息社会的关键性基础设施。研究分布式环境一下高效易用的文件系统监控技术,为分布式应用提供可靠的文件存储、安全的文件共享,具有重要的现实意义。本文针对分布式系统监控的需求,以在多种平台上被广泛实现的网络文件系统(Network File System,NFS)为监控对象,提出基于动态规则的事件检测框架,给出一种通用的动态规则描述语言(Dynamic Rule Description Language, DRDL)及其规则分析器和编译器;并在此基础上研究了带时间约束事件的检测算法;最后设计实现了网络文件系统监控的原型系统,并通过实验分析对其进行了性能评估。基于动态规则的事件检测框架事实上是一种事件过滤机制,它通过高效的事件检测算法,按用户自定义的动态规则匹配高层事件,避免用户被分布式系统中大量的底层监控事件信息所“淹没”:利用动态规则所反映的先验经验,可以从一些看似无关的底层事件中检测到对应用系统性能影响重大的事件。通用的动态规则描述语言DRDL能描述事件的时间约束,支持高层事件定义的动态改变;它采用类似于C语言的语法以便于用户学习;通过DRDL中内置的“遍历目录”事件,可以灵活定义规则,将文件系统的安全性检测与性能监控统一到事件监控框架下。带时间约束事件的编译算法以RTL(Real Time Logic)事件模型为基础,将带时间约束事件的检测转化为在带权值的有向图(此即受限图)中寻找负圈的问题,它通过化简受限图得到最小有效约束集;运行时事件检测算法在最小有效约束集上检查事件的时间约束,不但有较好的执行效率,而且能尽早地发现违反时间约束的事件。为了检验本文提出的基于动态规则的事件检测方法的实际效果,我们结合开放源码的Lintlx操作系统实现了网络文件系统监控的原型系统;原型系统的实验分析说明基于动态规则的事件检测方法对于分布式文件系统监控是有效的。本文的研究成果为文件系统监控、分布式系统监控工具的研发,提供了一种技术参考。
英文摘要: The file system security monitoring has been essential to IDS (Intrusion Detection System) in recent years. On the other hand, the research of monitoring system to measure file system performance also has been plentiful and substantial. Although they both are vital important parts of file system monitoring, each of them has been functioning in its own way for a long time, and there is no convenient coordinating mechanism to integrate them into the file system monitoring framework efficiently. In addition, with emergence and popularization of the high speed network and Internet, distributed system dedicated to network applications has increasingly been the key infrastructure of any information society. The research of distributed file system monitoring technique, which provides reliable file storing and safe file sharing, is practical and principal. According to the requirement of monitoring system for distributed system and aiming at monitoring the NFS (Network File System), which has been widely implemented under most platforms, an event monitoring framework based on dynamic rules is presented, and the specification, analyzing and compiling of a general DRDL (Dynamic Rules Description Language) are also discussed in this thesis. After all these ground work, an efficient detecting algorithm for timing constraints events has been studied and a NFS monitoring prototype system, whose performance is evaluated through several experiments, has been designed and implemented finally. The event detecting framework based on dynamic rules implements an event filtering mechanism, which matches high level events according to the user-defined dynamic rules by efficient event detecting algorithms, prevents the user from inundating by low level monitoring event information in the distributed system. With the help of transcendent experience reflected by the dynamic rules, the vital important events which influence application performance largely can be detected from seemingly unrelated low level events. DRDL can be used to describe timing constraints event and supports dynamic change of high level event definition. Since its syntax is similar to C language, users can master it easily. By iterating directory event embedded in DRDL file system security monitoring and performance monitoring can be integrated into the event monitoring framework. Based on the timing constraints event model of RTL (Real Time Logic), the compiling algorithms for timing constraints event transfonn the problem of how to detect timing constraints event to the problem of how to find negative cycle in weighted directed graph, which is named as constraints graph. By simplifying constraints graph, the efficient detecting algorithms for timing constraints event have been developed, which not only has good time complexity but also can find events that violate timing constraints as early as possible. In order to verify the event detecting methods based on dynamic rules and to check its efficiency in application, experiment schemes are designed and performed on the implemented prototype system in Linux environment. Data structure and interface of key modules in prototype system are presented. The results from the experiments show that the expected performance is achieved and confirm the validity when the event detecting methods based on dynamic rules are applied to the complex timing constraints monitoring in distributed environment. Investigation presented in this thesis can provide the future development of the file system monitoring tools and distributed system monitoring tools with good reference.
语种: 中文
内容类型: 学位论文
Appears in Collections:中科院软件所

Files in This Item:
File Name/ File Size Content Type Version Access License
LW014094.pdf(3078KB)----限制开放-- 联系获取全文

Recommended Citation:
王绍恒. 基于动态规则的事件检测方法研究和应用[D]. 中国科学院软件研究所. 中国科学院软件研究所. 2004-01-01.
Recommend this item
Sava as my favorate item
Show this item's statistics
Export Endnote File
Google Scholar
Similar articles in Google Scholar
[王绍恒]'s Articles
CSDL cross search
Similar articles in CSDL Cross Search
[王绍恒]‘s Articles
Related Copyright Policies
Social Bookmarking
Add to CiteULike Add to Connotea Add to Add to Digg Add to Reddit
所有评论 (0)
内 容:
Email:  *
验证码:   刷新
标 题:
内 容:
Email:  *
验证码:   刷新

Items in IR are protected by copyright, with all rights reserved, unless otherwise indicated.



Valid XHTML 1.0!
Copyright © 2007-2017  中国科学院软件研究所 - Feedback
Powered by CSpace