| Traditional stateful firewall can't provide enough protection against the attack aimed at the application layer. The function of firewall moved from the network layer to the application layer. Deep Packet Inspection technology analyzes the application layer date in the network traffic, in order to enforce secure network communication. At present, Deep Packet Inspection technology is in the phase of improvement and validation. In this paper, the important method of Deep Packet Inspection—Application Layer Protocol Conformance Analysis is studied, in order to pursue for methods to protection network from the attack aimed at the application layer.According to the different application protocol of network traffic, Application Layer Protocol Conformance Analysis technology analyzes the application layer data, identifies whether it is comply with the definition of the application protocol.In this paper, we analyze the general format of application layer messages, study their common features, defines "field" and "field rule", and finally establish the Application Protocol Conformance Rule Model, which models the semantic features of application layer message. The Application Protocol Conformance Rule Model is proactive and secure, which defines a 'White List". Only the application layer messages complying with it can travel on the network.Base on the Model, a general architecture of an application protocol conformance analysis system is designed. Following problems is solved in the system: a new multi-keyword recognition is designed to perform field name matching and a new hybrid NFA/DFA approach to perform simple field value matching.Finally, HTTP Protocol Conformance Analysis System is implemented. It filters the HTTP requests which do not comply with HTTP conformance rule set, thus ensure the security of Web servers. |
PDF Full Text Request