認識網路安全與異常偵測 中央大學 電算中心 楊素秋 96年 11月 13日
Download
Report
Transcript 認識網路安全與異常偵測 中央大學 電算中心 楊素秋 96年 11月 13日
認識網路安全與異常偵測
中央大學 電算中心 楊素秋
96年 11月 13日
報告大綱
1. 網路安全問題
Viruses, Worms, Dos attack
2.網路安全因應對策
Customer-based countermeasures
ISP-based countermeasures
3. Detection & Notification System
End-based, LAN-based, WAN-based (ISP)
4. 結語
©2007 Susan Yang, Computer Center, National Central University.
1. 網路安全問題
網路安全的挑戰
Viruses
• Large amount of program replication
Mail virus
–
–
–
–
–
Attached in email
Infect system by enduring user clicking the attached
Resend large amount of mail virus
Self-propagating programs, …
Spread through toxic web page browsing
©2007 Susan Yang, Computer Center, National Central University.
1.網路安全問題(cont.)
Worms
• Self-propagating programs spread over Internet
• Spread by scanning the network for vulnerable machines
& infecting them
Evolution of network worms
• Spread through system vulnerability
– CoRed (Jul 2001)
• Spread through system vulnerability & tftpd
– Nimda, Nachi (Sep 2001)
• Spread through system vulnerability & mail virus
– SoBig ( Aug 2003), MyDoom(jan 2004),Bagle (2004)
• Spread through system vulnerability & Toxic web-pages
– Stanty (Dec 2004)
©2007 Susan Yang, Computer Center, National Central University.
©2007 Susan Yang, Computer Center, National Central University.
©2007 Susan Yang, Computer Center, National Central University.
1.網路安全問題(cont.)
BotNet
• Zombie army
– Distributed through Irc (network chat room)
» 6667/tcp
Dos attack
• Slam well known web server (MicroSofts, Google, …)
• Flooding-based DDoS attack
– Significant performance decline of network link
Identification thief
• Spyware, Phishing (banks, ebay, paypal, …
©2007 Susan Yang, Computer Center, National Central University.
1.網路安全問題(cont.)
Technical Hackers
• Show their skill
Technical Hackers + Criminal gang
• Enormous profits
The weak link in Internet Security
A significant population of Internet users are not
adequately secure their desktops
©2007 Susan Yang, Computer Center, National Central University.
2.網路安全因應對策
Where security countermeasures could be
invoked
Customer-based countermeasures
ISP-based countermeasures**
• ISP core/edge/access routers
©2007 Susan Yang, Computer Center, National Central University.
2.網路安全因應對策(cont.)
Customer-based countermeasures
Anti-virus software
Firewall, IDS
OS Vender s/w patch
• Windows Update
• Linux Up2date
S/W Vender’s Security Improvements
Desktop Vulnerability Checking
Firewall == Secure ?? (Incorrect)
©2007 Susan Yang, Computer Center, National Central University.
2.網路安全因應對策(cont.)
Why ISP’s are uniquely positioned to help
John E.H. Clark (Feb 2003)
Traffic gateway
• All traffic bw. Internet & the customer’s desktop passes
through ISP’s access
Skilled network managers
Well organized network user information
High efficiency, wide range protection
©2007 Susan Yang, Computer Center, National Central University.
2.網路安全因應對策(cont.)
ISP-based countermeasures
a) Measuring & monitoring traffic
• to/from customer
b) Bi-direction IPS at ISP access
• 50% ~ 60% of junk attack traffic
c) Ingress address filtering at ISP access
• In-line with the traffic being monitored
d) User’s awareness & training effort
©2007 Susan Yang, Computer Center, National Central University.
3. Detection & Notification System
Signature Detection
Packet payload
anomaly detection
Packet-based
• Tcpdump (snooped over subnetworks)
Flow-based
• Netfow (exported by router / switch)
©2007 Susan Yang, Computer Center, National Central University.
3. Detection & Notification System(cont.)
Our works
遭感染 /誤用的主機系統
• 持續,頻繁地建立網路連接到單一或多部主機,源自遭感染
主機的超量傳訊特徵
– flow連接 驟增
– 封包量驟增
– 超量訊務持續時段明顯拉長
本研究擷取節點router Netflow 轉送紀錄
• 實做Flooding Detection System, FDS
©2007 Susan Yang, Computer Center, National Central University.
3. Detection & Notification System(cont.)
Service Port
Port
Scanning
Source
(1)
Victim
(2)
Victim
Victim
(3)
(4)
Victim
Vulnerable
Port
©2007 Susan Yang, Computer Center, National Central University.
3. Detection & Notification System(cont.)
PortScan訊務特徵
源端主機要求建立的多個PortScan flows,集中在特
殊的弱點
由目的主機回應給源端主機的port number卻分散
於大範圍的1024 ~ 65535.
©2007 Susan Yang, Computer Center, National Central University.
3. Detection & Notification System(cont.)
選擇3項NetFlow辨識特徵
(1)source IP 位址 (src_IP)
(2)destina- tion應用埠(dst_port)
(3)小TCP封包
使Feature-based訊務累計程式
僅加總超速傳送 SYN|FIN TCP handshaking 封包往
大量連網主機特殊弱點ports的source 主機, 突顯
Portscan問題主機
©2007 Susan Yang, Computer Center, National Central University.
3. Detection & Notification System(cont.)
SMTP Flooding (Spam) 訊務特徵
類似Portscan傳訊特徵
spam源端主機
• 持續傳送超量SMTP (Simple Mail Transfer Ptorocol)訊務
往多部主機
• 主機outbound的連接數突然暴增
• 超量SMTP傳送時段也呈明顯拉長
©2007 Susan Yang, Computer Center, National Central University.
3. Detection & Notification System(cont.)
Packet Flooding 訊務特徵
產出鉅量的UDP/ICMP Flooding封包
• 阻斷選定主機的對外服務
• 壅塞沿徑routing網段
選擇source (src_IP) 為virtual flow
• 累計程式僅統計source IP 傳送的
– 超大量UDP / ICMP Packet/ Byte/ Flow訊務
• 偵測與自動通告DDoS攻擊
©2007 Susan Yang, Computer Center, National Central University.
3. Detection & Notification System(cont.)
Flooding 異常訊務偵測系統
Feature-based訊務累計/排序程式
• 加總每一source IP主機送往各destination port的flow
數,packet數, byte數,與mean packet size訊務變量,
Multi-thresholds異常偵測程式
• 累計各時段source主機建立的
– flow [sourcei],packet [sourcei],
– byte[sourcei], pkt_size[sourcei]
• 加總其發送超量TCP封包的持續時段duration[sourcei]
• 與估定臨界質比對,篩選得PortScan sources.
©2007 Susan Yang, Computer Center, National Central University.
©2007 Susan Yang, Computer Center, National Central University.
©2007 Susan Yang, Computer Center, National Central University.
©2007 Susan Yang, Computer Center, National Central University.
©2007 Susan Yang, Computer Center, National Central University.
3. Detection & Notification System(cont.)
Flooding 異常訊務的自動通告
萃取 ip_routing table
• Router ipRoute SNMP MIB
建置與啟動RWhois IP管理資料查詢系統
讀取異常訊務數據
&
自動通告
©2007 Susan Yang, Computer Center, National Central University.
3. Detection & Notification System(cont.)
Flooding 異常訊務的自動通告(cont.)
擷取骨幹router的數萬筆routing
• snmpwalk ipRouteMask (1.3.6.1.4.21.2.1.11)
• snmpwalk ipRouteNextHop (1.3.6.1.4. 21.2.1.7)
萃取/重建龐大 ip_routing 紀錄
構建符合RWhois network schema資料庫
• 結合NextHop 紀錄與管理聯絡資訊
– 連線學校 IP管理資訊查詢
– http://susan.tyc.edu.tw/~yang/rwhois.php?ip=140.115.1.12
©2007 Susan Yang, Computer Center, National Central University.
©2007 Susan Yang, Computer Center, National Central University.
4. 結語
Flooding異常訊務偵測系統(FDS)
aggregate router NetFlow轉送紀錄
自動偵測PortScan, Spam與 packet flooding攻擊訊務
透過 Rwhoisd IP 管理資訊的查詢
• 自動將具體的異常訊務通告該網路用戶
• 促使其補強系統安全,阻截flooding攻擊
©2007 Susan Yang, Computer Center, National Central University.
4. 結語(cont.)
據幾年來的使用經驗
網路匯集點的異常偵測系統能偵測多變的
• portscan 訊務 (不斷翻新的弱點 ports)
• Spam
• packet flooding事件
具體的flooding 訊務數據
• 能協助網管人員掌握異常源端主機
• 聯絡用戶並分析其主機 flooding現象
©2007 Susan Yang, Computer Center, National Central University.
Thank You!
©2007 Susan Yang, Computer Center, National Central University.
桃園區網 abuse通告分布
中央大學 電子計算機中心
楊素秋([email protected])
報告大綱
1. abuse complaint 自動轉通告
2. abuse年度統計
3. abuse分類統計
4. P2P traffic target system
• http://163.25.255.22/~yang/index_abuse_emule.php
• http://163.25.255.22/~yang/index_abuse_emule_port
.php
5.總結
©2007 Susan Yang, Computer Center, National Central University.
1.Abuse complain 自動轉通告
Abuse complaint 轉通告系統
定時接收 abuse complaint mail file
• [email protected] (/var/mail/abuse)
切割/分類 abuse 通告信
•
•
•
•
PortScan/Password crack (安全弱點掃描)
Spam (廣告/色情信)
Infringement (侵犯智慧財產權)
Phishing (網路詐騙)
轉通知負責人員,並儲存資料庫記錄.
©2007 Susan Yang, Computer Center, National Central University.
1.Abuse complain 自動轉通告(cont.)
系統處理程序如下:
• 讀取 [email protected] mail file, 切割/儲存 各單封信件
• 執行 dbacl(digramic Bayesian text classifier): 分類各單封信件
abuse type (spam, infringe, portscan, phish).
• 掃描 target IP 位址,並將 IP, abuse 類別存檔
• 以 IP 為key,連接 Rwhois Server, 查詢管理員 emai.,並將原信件寄
發對應的管理員.
©2007 Susan Yang, Computer Center, National Central University.
1.Abuse complain 自動轉通告(cont.)
系統成效:
節省一名處理abuse通告的網路管理人力.
能即時地處理轉通告,不會因假期延誤通告.
資料庫建檔
•
提供on-demand abuse資料查詢網頁.
©2007 Susan Yang, Computer Center, National Central University.
桃園區網 Abuse 通告
自動轉寄系統
1. 讀取 [email protected] mail
file, 切割/儲存 各單封信件
/var/mail/abuse
2. 分類 各單封信件
(spam, infringe,portscan,phish)
3. 掃描 target IP 位址,
並將 IP, abuse 類別存檔
輸出到區網
單月abuse 網
頁
4. 以 IP 為key,連接 Rwhois
Server, 查詢管理員 email
5.
讀取 IP, abuse 類別, 寄發
target 單封通告信件
桃園區網
Rwhois Server
結 束
©2007 Susan Yang, Computer Center, National Central University.
2. abuse年度統計
93年(2004)
94年(2005)
95年(2006)
96年(2007)
©2007 Susan Yang, Computer Center, National Central University.
桃園區網Abuse 檢舉信件分布圖(year-2004)
250
Messages
200
Port Scan
150
Spam/Relay
100
50
Infrigement
0
1月
2月
3月
4月
5月
6月
7月
8月
9月
10月 11月 12月 Fraud/Phish
Month
©2007 Susan Yang, Computer Center, National Central University.
桃園區網Abuse 檢舉信件分布圖(year-2005)
100
Messages
80
Port Scan
60
Spam/Relay
40
Infrigement
20
Fraud/Phish
0
1月
2月
3月
4月
5月
6月
7月
8月
9月
10月
11月
12月
Month
©2007 Susan Yang, Computer Center, National Central University.
桃園區網Abuse 檢舉信件分布圖(year-2006)
140
Messages
120
Port Scan
100
Spam/Relay
80
60
Infrigement
40
Fraud/Phish
20
0
1月
2月
3月
4月
5月
6月
7月
Month
8月
9月
10月
11月
©2007 Susan Yang, Computer Center, National Central University.
12月
桃園區網Abuse 檢舉信件分布圖(year-2007)
Messages
100
80
Port Scan
60
Spam/Relay
40
Infrigement
20
Fraud/Phish
0
12月
1月
2月
3月
4月
5月
6月
Month
7月
8月
9月
10月
©2007 Susan Yang, Computer Center, National Central University.
11月
3.Abuse分類統計
智財權(Infringement)
廣告信 (Spam)
PortScan
Phishing
©2007 Susan Yang, Computer Center, National Central University.
Month
©2007 Susan Yang, Computer Center, National Central University.
96
96
M
ar-
Jan
-
5
-95
No
v-9
Se
p
95
-95
Ju
l-
M
ay
95
95
M
ar-
Jan
-
4
-94
No
v-9
Se
p
94
-94
Ju
l-
M
ay
94
94
M
ar-
Jan
-
3
-93
No
v-9
Se
p
93
-93
Ju
l-
M
ay
93
93
M
ar-
Jan
_
Infrinement
違反智財權Abuse頻次分布 (2004-2007)
180
160
140
120
100
80
60
40
20
0
Jan
_9
3
Ma
r-9
3
Ma
y- 9
3
Jul
-93
Se
p-9
3
No
v-9
3
Jan
-9 4
Ma
r-9
4
Ma
y- 9
4
Jul
-94
Se
p-9
4
No
v-9
4
Jan
-9 5
Ma
r-9
5
Ma
y- 9
5
Jul
-95
Se
p-9
5
No
v-9
5
Jan
-9 6
Ma
r-9
6
Spam
廣告信Abuse頻次分布 (2004-2007)
250
200
150
100
50
0
Month
©2007 Susan Yang, Computer Center, National Central University.
Jan
_9
3
Ma
r-9
3
Ma
y- 9
3
Jul
-93
Se
p-9
3
No
v-9
3
Jan
-9 4
Ma
r-9
4
Ma
y- 9
4
Jul
-94
Se
p-9
4
No
v-9
4
Jan
-9 5
Ma
r-9
5
Ma
y- 9
5
Jul
-95
Se
p-9
5
No
v-9
5
Jan
-9 6
Ma
r-9
6
PortScan
PortScan Abuse頻次分布 (2004-2007)
45
40
35
30
25
20
15
10
5
0
Month
©2007 Susan Yang, Computer Center, National Central University.
Jan
_9
3
Ma
r-9
3
Ma
y- 9
3
Jul
-93
Se
p-9
3
No
v-9
3
Jan
-9 4
Ma
r-9
4
Ma
y- 9
4
Jul
-94
Se
p-9
4
No
v-9
4
Jan
-9 5
Ma
r-9
5
Ma
y- 9
5
Jul
-95
Se
p-9
5
No
v-9
5
Jan
-9 6
Ma
r-9
6
Phishing
Phishing Abuse頻次分布 (2004-2007)
163.30.*.*
25
20
15
10
5
0
Month
©2007 Susan Yang, Computer Center, National Central University.
4. Abuse 歷史紀錄查詢
URL
http://ayang.tyc.edu.tw/Tyc_Abuse/Tanet/summ_notify.php
單月統計 abuse complaint 分類
選擇 年度,月份
• 96-01
• 95-12
©2007 Susan Yang, Computer Center, National Central University.
©2007 Susan Yang, Computer Center, National Central University.
©2007 Susan Yang, Computer Center, National Central University.
©2007 Susan Yang, Computer Center, National Central University.
5. P2P traffic target system
Feature of P2Pmtraffic
Packet size (large packet)
Connections (many to many)
Duration (last longer)
Traffic volume (large amount)
URLs of Tyc P2P traffic statistic
http://163.25.255.22/~yang/index_abuse_emule.php
http://163.25.255.22/~yang/index_abuse_emule_port.php
©2007 Susan Yang, Computer Center, National Central University.
©2007 Susan Yang, Computer Center, National Central University.
©2007 Susan Yang, Computer Center, National Central University.
6.總結
日趨完整的網路安全防禦
Technique
• 區網 : Flood Detection system
• 校園網 : firewall, IDS
• 使用者端 : firewall, antivirus package
Education end user
• Protect PC from being exploited as stepping stone
Security policy
• Management Support
©2007 Susan Yang, Computer Center, National Central University.
5.總結(cont.)
Putting an end to the dark side of network
Increase awareness
• Education users
Implement organization policies
Use Technology to protect against these threats
• Flooding Detection system
©2007 Susan Yang, Computer Center, National Central University.
5.總結(cont.)
進行中的工作
網路安全文件的彙整與分享
網路管理工具與說明文件的彙整
Content-based 網路入侵偵測系統
• Mining
• Detection
©2007 Susan Yang, Computer Center, National Central University.
台聯大出國線路效能評估
中央大學電算中心 楊素秋
2007年 10月 8日
報告大綱
1.研究動機
2.主要連外 Trunk 流量的變化
3.國外網站檔案擷取延遲的變化
4.結語
©2007 Susan Yang, Computer Center, National Central University.
1.研究動機
台聯大出國線路
Cost
• 2 million per year
Performance
• Trunk Traffic Statistics (MRTG圖)
• Ping (RTT値)
– 部分 firewall 不允許 ping traffic
• User Sensitive Traffic Statistics
– Delay for fetching png or pdf file
» Cisco, hp, 3com, ubuntu*
©2007 Susan Yang, Computer Center, National Central University.
2. 主要連外 Trunk 流量
校園core router7609接台聯大出國線路流量
http://cygnus.cc.ncu.edu.tw/mrtg/7609/r7609_63.html
中央大學到桃園區網流量
http://cygnus.cc.ncu.edu.tw/mrtg/m160/m160_65.html
桃園區網到TANET骨幹流量
http://mrtg.moe.edu.tw/backbone/ncu_cht.html
©2007 Susan Yang, Computer Center, National Central University.
校園core router接台聯大線路流量
©2007 Susan Yang, Computer Center, National Central University.
中央大學到桃園區網流量
©2007 Susan Yang, Computer Center, National Central University.
桃園區網到TANET骨幹流量
©2007 Susan Yang, Computer Center, National Central University.
2. 主要連外 Trunk 流量(cont.)
TANET出國流量變化
http://mrtg.moe.edu.tw/internet/internet-posstm16.html
台聯大出國流量變化
http://mrtg.ntcu.net/ntcu6509/211.76.255.1_po8_1.html
©2007 Susan Yang, Computer Center, National Central University.
TANET出國流量變化
©2007 Susan Yang, Computer Center, National Central University.
台聯大出國流量變化
©2007 Susan Yang, Computer Center, National Central University.
3.國外網站檔案擷取延遲
效能比較網頁:
http://bunny.tyc.edu.tw/Ncu/browse.jsp
• NCU_Llink Collector
– 140.115.11.131
• TYC_Link
– 163.25.254.7
©2007 Susan Yang, Computer Center, National Central University.
3.國外網站檔案擷取延遲(cont.)
2007-Aug & 2007-Sep
8/17~8/31, 9/1~9/30
2007-Oct
10/3 (NCTU_DORM斷線)
10/9 (NCTU_DORM復線)
10/15 (TWGATE 修正routing path)
10/16 ~ 10/31
©2007 Susan Yang, Computer Center, National Central University.
©2007 Susan Yang, Computer Center, National Central University.
©2007 Susan Yang, Computer Center, National Central University.
©2007 Susan Yang, Computer Center, National Central University.
©2007 Susan Yang, Computer Center, National Central University.
©2007 Susan Yang, Computer Center, National Central University.
4. 子程式功能
delay2.java
get()
main()
wget_stat.sh
crontab
Call delay2 routinely
©2007 Susan Yang, Computer Center, National Central University.
public void get(String theUrl, String filename) throws IOException {
theUrl_name = theUrl;
try {
URL gotoUrl = new URL(theUrl);
InputStreamReader isr = new InputStreamReader(gotoUrl.openStream());
BufferedReader in = new BufferedReader(isr);
StringBuffer sb = new StringBuffer();
String inputLine;
boolean isFirst = true;
//grab the contents at the URL
while ((inputLine = in.readLine()) != null){
sb.append(inputLine+"\r\n");
}
//write it locally
createAFile(filename, sb.toString());
}
catch (MalformedURLException mue) {
mue.printStackTrace();
}
catch (IOException ioe) {
throw ioe;
}
}
©2007 Susan Yang, Computer Center, National Central University.
public static void main(String[] args) {
Date date=new Date();
SimpleDateFormat day=new SimpleDateFormat("MMdd");
SimpleDateFormat df=new SimpleDateFormat("MMddHH");
// System.out.println(df.format(date));
String day_file=day.format(date);
String cur_hour=df.format(date);
String filename = "/home/Ncu_Link/" + day_file;
try {
BufferedWriter out = new BufferedWriter(new FileWriter(filename, true));
out.write("\n Hour " + cur_hour);
long elapsedtime = System.currentTimeMillis();
out.write("\n From " + elapsedtime + " msec. || ");
delay2 httpGetter = new delay2();
httpGetter.get(args[0], args[1]);
out.write("\n To " + elapsedtime + " msec. || ");
elapsedtime = System.currentTimeMillis() - elapsedtime;
out.write("\n It takes " + elapsedtime + " msec." + theUrl_name + "\n");
out.close();
}
catch (Exception ex) {
ex.printStackTrace();
}
}
}
©2007 Susan Yang, Computer Center, National Central University.
#!/bin/csh -f
setenv CLASSPATH '.'
set batch_home=/opt/apache-tomcat-6.0.14/webapps/ROOT/Socket
set flist=`/bin/ls $batch_home/lib/*.jar`
foreach name ($flist)
setenv CLASSPATH ${CLASSPATH}:${name}
end
cd $batch_home
java delay2 http://www.cisco.com/cdc_content_elements/images/homepage/
ba_partnerLocato_blue.jpg cisco.jpg
java delay2 http://welcome.hp-ww.com/country/us/en/img/n4_welcome/smb/
primary_smb_msg_730.jpg hp.jpg
java delay2 http://www.3com.com/other/pdfs/solutions/en_US/3com_505403
-001.pdf 3com.pdf
java delay2 http://www.ubuntu.com/themes/ubuntu07/images/ubuntulogo.pn
g ubuntu.png
©2007 Susan Yang, Computer Center, National Central University.
Date 111900 It takes 922 msec.http://www.cisco.com/cdc_content_elements/images/homepage/ba_
partnerLocato_blue.jpg
Date 111900 It takes 1797 msec.http://welcome.hp-ww.com/country/us/en/img/n4_welcome/smb/pr
imary_smb_msg_730.jpg
Date 111900 It takes 19266 msec.http://www.3com.com/other/pdfs/solutions/en_US/3com_505403001.pdf
Date 111900 It takes 1140 msec.http://www.ubuntu.com/themes/ubuntu07/images/ubuntulogo.png
Date 111904 It takes 1079 msec.http://www.cisco.com/cdc_content_elements/images/homepage/ba
_partnerLocato_blue.jpg
Date 111904 It takes 859 msec.http://welcome.hp-ww.com/country/us/en/img/n4_welcome/smb/pri
mary_smb_msg_730.jpg
Date 111904 It takes 12203 msec.http://www.3com.com/other/pdfs/solutions/en_US/3com_505403-001.pdf
Date 111904 It takes 1078 msec.http://www.ubuntu.com/themes/ubuntu07/images/ubuntulogo.png
©2007 Susan Yang, Computer Center, National Central University.
4. 子程式功能 (cont.)
LinkPerf.java
Extract the data recorded per 4 hours period
Aggregate the mean delay (msec)
Output to another file
©2007 Susan Yang, Computer Center, National Central University.
1101[Thu] {welcome.hp-ww.com=774, www.3com.com=13443,
www.cisco.com=800, www.ubuntu.com=1115}<br>
1102[Fri] {welcome.hp-ww.com=847, www.3com.com=12825,
www.cisco.com=815, www.ubuntu.com=1025}<br>
1103[Sat] {welcome.hp-ww.com=1074, www.3com.com=13578,
www.cisco.com=853, www.ubuntu.com=1225}<br>
1104[Sun] {welcome.hp-ww.com=672, www.3com.com=15053,
www.cisco.com=821, www.ubuntu.com=1071}<br>
1105[Mon] {welcome.hp-ww.com=824, www.3com.com=13240,
www.cisco.com=837, www.ubuntu.com=1065}<br>
©2007 Susan Yang, Computer Center, National Central University.
4. 子程式功能 (cont.)
Browse.jsp
Offer user to monitoring the aggregate data
records
Times_both.jsp
Draw the time-series graph according to the
aggregate data records
Call jfreechart libraries
• jfreechart-1.0.6
©2007 Susan Yang, Computer Center, National Central University.
<%@ page contentType= "image/png;charset=UTF-8"%>
<%@ page import="java.util.*,java.io.*,java.awt.*,java.text.*" %>
<%@ page import= "org.jfree.chart.JFreeChart"%>
<%@ page import= "org.jfree.chart.ChartRenderingInfo"%>
<%@ page import= "org.jfree.chart.servlet.ServletUtilities"%>
<%@ page import= "org.jfree.chart.entity.StandardEntityCollection"%>
<%@ page import= "org.jfree.chart.servlet.ServletUtilities"%>
<%@ page import= "org.jfree.chart.ChartUtilities"%>
<%@ page import= "javax.servlet.ServletOutputStream"%>
<%@ page import="org.jfree.chart.ChartFactory" %>
<%@ page import="org.jfree.data.xy.*"%>
<%@ page import="org.jfree.data.time.*"%>
<%@ page import="org.jfree.chart.axis.*" %>
<%@ page import="org.jfree.chart.ui.*" %>
<%@ page import="org.jfree.chart.plot.*"%>
<%@ page import="org.jfree.chart.renderer.xy.*"%>
<%@ page import="org.jfree.ui.ApplicationFrame" %>
<%@ page import="org.jfree.ui.RefineryUtilities"%>
<%@ page import="org.jfree.chart.title.*" %>
<%@ page import="org.jfree.chart.servlet.ServletUtilities" %>
<%@ page import="org.jfree.chart.urls.*" %>
<%@ page import="org.jfree.chart.entity.*" %>
<%@ page import="org.jfree.chart.labels.StandardXYToolTipGenerator" %>
<%
TimeSeriesCollection dataset = new TimeSeriesCollection();
TimeSeries series1 = new TimeSeries("NCU -台聯大出國專線");
TimeSeries series2 = new TimeSeries("TYC -TANET出國共用線路");
©2007 Susan Yang, Computer Center, National Central University.
series1.add(new Day(1, 9, 2007), 13312);
series1.add(new Day(2, 9, 2007), 12880);
series2.add(new Day(20, 10, 2007), 25573958);
series2.add(new Day(21, 10, 2007), 25612666);
// ** add the dataset
dataset.addSeries(series1);
dataset.addSeries(series2);
// dataset.setDomainIsPointsInTime(true);
String chartTitle = "Delay of NCU / TYC Trunk (2007-Sep & Oct)";
JFreeChart chart = ChartFactory.createTimeSeriesChart(
chartTitle, "時間time", "Delay (msec)", dataset, true, true, false );
chart.setBackgroundPaint(java.awt.Color.white);
©2007 Susan Yang, Computer Center, National Central University.
// ** plot
XYPlot plot = chart.getXYPlot();
XYItemRenderer renderer = plot.getRenderer();
if (renderer instanceof XYLineAndShapeRenderer) {
XYLineAndShapeRenderer rr = (XYLineAndShapeRenderer) renderer;
// rr.setDefaultShapesVisible(true);
// rr.setDefaultShapesFilled(true);
}
DateAxis axis = (DateAxis) plot.getDomainAxis();
axis.setDateFormatOverride(new SimpleDateFormat("dd"));
chart.setBackgroundPaint(java.awt.Color.white);
OutputStream ostream = response.getOutputStream();
ChartUtilities.writeChartAsPNG(ostream, chart, 700, 400);
ostream.close();
%>
©2007 Susan Yang, Computer Center, National Central University.
©2007 Susan Yang, Computer Center, National Central University.
5.結語
Tyc_Link/Ncu_Link國外連線效能分析
使用 JAVA /JSP 語言
(1)進度緩慢,卻能初體驗JAVA
• population & resources的強大.
(2)雖然JAVA,JSP都K 過,但沒有太多概念.
• ㄧ步ㄧ步驗證使用 Socket, File, regex( pattern, match,
scanner)
• 實做小小的功能,很有趣.
©2007 Susan Yang, Computer Center, National Central University.
5.結語(cont.)
使用 Jfreechart
Time series chart
Bar chart
Pie chart
能動態地, 圖型化地呈現量測數據
©2007 Susan Yang, Computer Center, National Central University.
Thank You!