论文标题:防火墙深度包检测技术研究
Research on In-depth Packet Detection of Firewall
论文作者 王栋
论文导师 霍红卫,论文学位 硕士,论文专业 计算机软件与理论
论文单位 西安电子科技大学,点击次数 130,论文页数 63页File Size2490k
2005-01-01论文网 http://www.lw23.com/lunwen_127520302/ 深度包检测;入侵防护系统;模式匹配;应用层智能
In-depth packet detection ; Intrusion Prevention System;Pattern matching ; Application intelligence
深度包检测是随着网络安全的发展而提出的,代表了防火墙技术的未来发展方向。 本文在研究深度包检测技术基础之上,提出了一种基于模式匹配的深度包检测模型,并给出应用于该模型的模式匹配算法。首先分析传统包过滤技术、状态检测技术、应用代理技术及其优缺点,讨论新一代智能防火墙技术,并简要介绍应用层智能过滤技术。然后详细阐述数据包过滤技术和流过滤技术,借鉴入侵防护系统主动防御的优点,提出一种基于模式匹配的深度包检测模型,并详细说明模型的框架设计及部件构造。最后在分析基本检测算法的基础上,给出一种基于划分思想和哈希方法新的深度包检测算法。算法时间复杂度为O(m+n)表明该算法是一种适合于深度包检测的线性算法,其中m、n分别为模式和文本串的长度。
In-depth packet detection is brought forward with the development of network security and shows the future of main firewall technology.On the base of studies of main in-depth packet detection technology, a model of in-depth packet detection based on pattern matching is given, and the correlative pattern matching algorithms are suggested. Firstly, the advantage and disadvantage of the three traditional techniques, which are packet filter, state detection and application proxy, are analyzed. Discuss the new intelligent firewall technology and simply introduce the intelligent filter technology. Secondly, describe packet filter and stream filter techniques in detail. Give an in-depth packet detection model based on pattern matching, which uses for reference to active detection trait of Intrusion Prevention System, and analyze the whole frame and structure of components. Finally, a newly pattern matching algorithm is suggested and the idea behind algorithm is partition and uses of hash function after analyzing the basic algorithm. The time space of the new algorithm is O (m + n), here m, n denote the length of string and text respectively. The new linear algorithm is suitable for in-depth packet detection of firewall.
|
