The Research On Performance Evaluation And Optimization For WEB Security Gateway

In recent years,with the rapid development of internet technology,the network is full of virus Trojans,information leakage,data tampering and other security risks.WEB security gateway has played an increasingly important role which can realize the security control of the use of network.However,when providing the security for the network communications,WEB security gateway needs to monitor and process the data packets flowing through the gateway in real-time.This will consume a lot of computing that impacts the communication quality of the network.Therefore,it has become a significant research topic that how to effectively improve the performance of WEB security gateway.This paper studies the performance evaluation of WEB security gateway,the cache scheduling of network packets,the management of massive connection stream table and dynamic task scheduling,for the performance improvement of WEB security gateway.Firstly,a performance evaluation model of multi-service station and multi-layer of WEB security gateway based on Erlang distribution is proposed since there is little process flow of performance evaluation models based on queuing WEB security gateway and business models are simple.Comprehensively considering the multi-layer process flow of WEB security gateway and the feature of WEB's various businesses,this model abstracts the WEB security gate into network layer,transport layer and application layer.The three processing processes contain one or more parallel processing queuing systems with service times obeying Erlang distribution.Through the model analysis,we can get the best allocation of WEB security gateway performance which is of great significance to improve the performance of WEB security gateway.The results show that the performance evaluation model of WEB security gateway based on multi-layer queuing can better describe the actual performance of WEB security gateway.Secondly,a cache optimization management algorithm for Web security gateway based on delay prediction is proposed for the current time-out disconnection problem.When the users access the WEB,such problem often occurs due to the delay jitter during the process when the WEB security gateway is handling with complex businesses in application layer.Existing cache management algorithm inherited the cache management way of traditional firewalls doesn't take the complexity of WEB's application data analysis.Based on the historydatas of URL packets transmission delay,the optimization algorithm in this paper establishes a high-frequency URL session delay threshold and makes priority scheduling for cached packets according to delay prediction of current access.Therefore,it can improve the user experience of the WEB security gateway as a whole and reduce the time-out probability due to data cache check when accessing the WEB.The experimental results show that the delay estimation method can reduce the probability of the delay,and restrain the jitter of the session delay,thus improving the processing performance and user experience of the WEB security gateway.Thirdly,an optimization algorithm for network connection flow table based on two-layer hash table is proposed to solve the problem of sharp deterioration in performance when the massive connection flow table of WEB security gateway based on hash structure has some conflicts.Combined with Bloom filter and the multilayer hash table theory,this algorithm uses two hash tables of different sizes and a Bloom filter to create a combinatorial optimization algorithm.The algorithm will effectively control the worst case when the hash conflict chain getting too long and reduce the average searching time of flow table.Both theoretical analysis and experimental verification suggest that this method can lower the probability of the occurrence of the worst cases and control the average time complexity.Finally,a heuristic dynamic task scheduling algorithm with multi-attribute decision-making is proposed since the existing heuristic multi-core dynamic task scheduling algorithm only considers the task scheduling success ratio while neglects the problems of core utilization and the task response time.With the idea of multi-attribute decision-making,this algorithm comprehensively considers the various attribution information such as processing core utilization and the task response time.It can figure out a feasible task scheduling in the acceptable time rage and schedule the most suitable processing core for the task.The tests show that the optimization algorithm nhance the core utilization and balance its utilization too while make sure the task scheduling success ratio.