| Specialized network security isolation systems can isolate inside and outside network effectively and can guarantee inside and outside network data with safe transmissions. These systems have extremely important value in preventing illegal intrusions, preventing revelation of private information and safeguarding enterprise and government department internal network securities, and so on. Current specialized network security isolation systems face with some tough problems, for example, how to solve the contradiction between the filter efficiency and the content security as well as how to provide accurate analysis data for security audit. The deep data packet filtration and the security audit are key questions. Solves these problems have the vital significance to improve the filter efficiency of specialized network security isolation systems under the security premise and provide the real credible analysis data for specialized network security isolation systems.This paper discusses the key technologies of specialized network security isolation systems, including the deep packet filtering and stream mergering technology. Emphatically, the rule match and the pattern matching algorithm in deep data packet filtration model and the bidirectional, multi-thread realization method in the stream mergering process are studied. The proposed method and algorithms have been realized in a specific network security isolation system.The paper first introduces the related technologies, and analyzes the specialized network security isolation system merit. Then the architecture of a specialized network security isolation system and its compositions and the main functions are presented.Next, we conduct thorough research about the key technologies of specialized network security isolation systems - deep data packet filtering. With analyzing the current data packet filtration technologies, we propose a kind of new synthesis model of deep packet filtering based on the protocol analysis, the triple-hash rule match algorithm and the Improved Quick Search pattern matching algorithm. Formal analysis and performance testing on the above algorithms indicate that, comparing with the traditional packet filtering technologies, the new model and the algorithms have higher throughput, and can satisfy the performance requirements of specialized network security isolation systems better.The paper has also investigated another key technology of the specialized network security isolation systems - stream mergering technology. Its realization principles, the realization steps are discussed, with emphasizing on the bidirectional, multi-thread realization method. A method is proposed to solve the concurrent execution efficiency problem. Experiment results have confirmed the correctness of the realization of the stream merger process. Finally, the paper is concluded and the further research work is discussed. |
PDF Full Text Request