| Because hackers attack the personal network users with higher and higher frequency and by more and more expert means, the security-protection technology, pointing to PC, has become the focus of research field for current network security. For the time being, the security-protection that points to PC mainly adapts individual firewall system. In the nowadays market, there appears a mass of individual firewall security products. However the simplicity and convenience for users have been taken too much into account, so the technology adapted is of oneness, the result of which is that all the security products has flaw to different extent and cannot meet the users' demands for security completely.It is the development direction of present individual security technology to protect PC with various network security technologies. The individual security defense system mentioned in the article is a complex security-protection system which integrates packet filter technology, intrusion detection technology and content filter technology organically. Single packet filter technology, with its flaws, cannot provide perfect security protection; intrusion detection, as an active defense system, is a crucial supplementary to the packet technology and work as a second line of defense; content filter supplies the gap of the information content protection that two former technologies leave and form the last barrier for security protection.The researching key point in the paper is the design and realization of the packet filter technology in individual security defense system. In this paper, which takes the course of realization of packet filter subsystem as main thread, author analyzed in-depth all kinds of key technologies in packet filter subsystem that is based on personal computer combining the features of windows2000 platform technology. First, author analyzes and compares the advantages and disadvantages of existing packet filter technologies and designed a packet filter model for PC according to leitmotiv of model design. Then author discusses the operating principle of windows2000 protocols stacks in detail and analyzed the running mechanism of driver of NDIS, on the basis of which author also explicates how to intercept data packets grounded on NDfS driver. In the design of packet filter policies, author adapts a formalized definition and betters a little the present policy-matching algorithm. What's more, he analyzes the coherence problem of the policies collection and designs the coherence control algorithm for policies collection. Last, author describes the principles of the packet verification and show the whole process of the verification. In the part of interface technology, author analyzes how to design interface to realize the intrusion detection and feed back the dynamic policies of content filter subsystem.This paper has 7 chapters.Chapter 1, introduction, describes the backgrounds of the research. In this chapter, the author analyzes the present status of the domain. At last the writer summarizes the whole research and the paper hierarchy.Chapter 2 covers the whole system design according the function goal of the packet filtersystem. Meanwhile the author discusses the relationships between packet filter system and the other two subsystems.Chapter 3 describes the packet intercept method in detail for the system after the analysis to network architecture of the MS windows2000 and the comparison between the several popular packet intercept methods. The author make a deep research for the realization of NDIS protocol drivers for MS windows2000.Chapter 4 is dedicated to describe the promotion on the matching algorithm of packet filter polices after the definitions of all the packets filter polices for the system, which based on the research on formulation theory of packet filter polices. And the author creates a control algorithm for the consistency of the packet filter rulers.Chapter 5 is coves the analysis of the storage of the sending packets & received packets and the resolution of th...
|
PDF Full Text Request