The Research And Design Of Network Access Control System Based On The Flow Analysis

With the unceasing enhancement of informationization degree, enterprises and other organizations rapidly expanding scale of the network, and in these Ethernet platforms, various large-scale network applications has continued, rapid growth of network traffic. The increasingly complex network environment, the management of existing technology and equipment exposed low efficiency, insufficient handling capacity of the issues. In the face of large-scale network terminal network environment unable to see the real situation and can not carry out effective control and management.Based on the above background, the paper hopes to research and design a new access control mechanism to meet the needs of network management aiming at a huge number of terminals, large-scale network applications in complex Ethernet environment. The basic idea is to monitor the network for each terminal network flows through this assessment of access to distribution networks, network management accurate and rapid reaction to make up for the network management difficulties of large scale networks.In this paper, based on the strategy of network management mechanism, in order to design and develop a network access control system based on the flow analysis by combining the distributed flow monitoring technology with the network access control technology based on labels. Acquisition flow used in this paper for each terminal Distributed flow monitoring technology, using IP header tags with the Linux kernel NetFilter achieve a combination of access control. The entire system architecture uses MVC model to facilitate the development of software engineering. In this paper, a smart client technology and platforms - plug-in technology designed to combine, intelligent plug-in expansion through increased system, has a good scalability and easy to reduce the traditional C / S structure of the security maintenance costs.In this paper, the system allocates access control authorities through analyzing flow conditions of each terminal in the network, it's timely and accurate.It can reduce the possibility of network failure in a large-scale network. Thereby it can improve network performance.This paper first analyzed the current network problems and the existing management deficiencies, and introduced the relevant technologies which this paper relates to. Then it focused on the system's architecture, the hierarchical model structure and the functional modules of the design and implementation. This paper studies the design of modules including smart client modules, network traffic monitoring module and NetFilter Packet filtering module.Finally, the paper summarizes the characteristics, application prospect, and the inadequacy of the system, then specifies the right direction for the next phase of research.