随着网络应用的不断丰富和日趋复杂,网络数据包处理必须以连接会话为单位进行语义级的深层次分析.针对高速网络环境下连接管理的性能需求,提出了一种高效鲁棒的并发连接管理方案.首先建立初始连接隔离法ICS(Initialized Connection Separation),将网络恶意行为产生的虚假连接与正常的已建连接分离开来,形成规模可控的初始连接表ICT(Initialized Connection Table)和已建连接表ECT(Established Connection Table).然后通过分析ICT表和ECT表的访问操作特点,应用“移至最前”MTF(Move-To-Front)启发法优化连接表的访问操作.借助实际高速网络流量样本,对本文所提的ICS-MTF连接管理方案进行了性能评估.实验结果表明:ICS-MTF方案在高效性和鲁棒性方面均明显优于传统的连接管理方案. With the increasing use and complexity of network applications, the network packet processing must take the semantic level in the connection session as a unit.Aiming at the performance requirements of connection management in high-speed network environment, an efficient and robust concurrent connection Management scheme: Firstly, Initialized Connection Separation (ICS) is established to separate the false connection caused by the malicious behavior of the network from the normal connection established to form the Initialized Connection Table (ICT) with the scale controllable Build the Connection Table (ECT) .Then we analyze the access operations of ICT tables and ECT tables, and optimize the connection of access tables by using “Move-To-Front” MTF (Move-To-Front) ICS-MTF connection management scheme proposed in this paper is evaluated.Experimental results show that ICS-MTF scheme is obviously superior to the traditional connection management scheme in terms of high efficiency and robustness.