A Real-Time TCP Stream Reassembly Mechanism in High-Speed Network

With the continual growth of the variety and complexity of network crime means,the traditional packet feature matching cannot detect all kinds of intrusion behaviors completely. It is urgent to reassemble network stream to perform packet processing at a semantic level above the network layer. This paper presents an efficient TCP stream reassembly mechanism for real-time processing of high-speed network traffic. By analyzing the characteristics of network stream in high-speed network and TCP connection establishment process,several polices for designing the reassembly mechanism are built. Then,the reassembly implementation is elaborated in accordance with the policies. Finally,the reassembly mechanism is compared with the traditional reassembly mechanism by the network traffic captured in a typical gigabit gateway. Experiment results illustrate that the reassembly mechanism is efficient and can satisfy the real-time property requirement of traffic analysis system in high-speed network.