| With advancement of computer technology and wide spread use of computer networks, especially in the prevalence and extensive application of Internet?Intranet and Extranet, the share and intercommunication of information resource is largely extended. However, the security of computer network system increasingly becomes a serious problem. Hacker attack ceaselessly appear in the network. The common security method that can be used for protecting network is safeguard system based on firewalls. Traditional firewalls generally filter data stream according to some beforehand definite filtration rules. But the present-day technique of network attack are more and more advanced and the form is more and more diverse. It is difficult to adapt to unending renewed requirement of network only by some beforehand definite and limited filtration rules. Traditional firewalls have some defects in implementation, such as the difficulty of rule management, lacking in capability of self-studying and self-adjusting, the inflexible change of policy rules and so on.Based on analyzing various defects of traditional firewalls, this paperhas researched an approach of auto-generation and auto-configure filtration rules on firewalls using the combine of expert system and firewall system. It also put forward a model and implementation method of intelligent firewall system. The intelligent firewall achieves taking out network information intelligently and intelligent filtration by the compact combine of expert system and filtration mechanism. It not only can prevent the known hacker from attacking but also can auto-adjust filtration rules in order to prevent the new unlawful accessing and offer fast response to the control decision. We have researched the validity of filtration rules, eliminated the hidden trouble of safe which was caused by people's error scheme, alleviated the burden of administrators. Moreover, the rapid match arithmetic of filtration rules was devised based on hashing and index. Therefore, the throughput and performance of the firewall are enhanced.This paper introduced various technique and principium of the hacker attack firstly, and then discussed the basic elements and structure of expert system and firewalls after analyzing the common network security problem. The theory frame of the intelligent firewall was researched according to the basic mode of building expert system and firewalls, and the implementation model was also put forward in detail.
|
PDF Full Text Request