| The repaid development of computer network provides greatly convenience to people, while it also gives many problems of information security. Content filtering technology filters effectively all packets going to or coming from the network security device, but the message format must be known exactly. Different user has different requirement of application and constructs different protocol for the transmission of business data, so a lot of protocols are using in Internet and Intranet nowadays. Based on protocol analysis and pattern matching, network security devices for content filtering scan the entire content of the packet, providing the means to filter harmful packets out of the network, but it lacks flexibility in capability of packet inspection and does not meet the requirement of the rapidly increasing amount of applications.In order to improve the developing efficiency of the program for deep packet inspection, this thesis presents the notion of protocol enhancement for content filtering. It is that a text is used for description of the format of a protocol packet with a user defined language, and the content filtering system parses the text on running, deeply inspects any field in network packet with security policy configured by users.The main work and contributions of this thesis are as follows.(1) Through the deep analysis of many protocols format in TCP/IP, we proposed a protocol packet format organization model, PFM. In the model, we give several attributes of protocol format, types of protocol fields and the relationship between those fields, and we draw three conclusions that the relationship is same ordinal, the start bit of a field in packet is confirmable and the length of a field is a unique value. The PFM is the theory foundation of the protocol format description.(2) After studying the form of Snort rule, we proposed a protocol description language of content filtering, CF-PDL, and explain its accidence and grammar in detail. Several examples of CF-PDL protocol description are given.(3) Based on the common software architecture of content filtering system, we present a protocol enhancement software framework for content filtering, PEF, explain detailedly its functional modules and the approach for protocol enhancement.(4) The kernel technology of protocol enhancement are implemented, including the configuration of security policy for protocol, the parse of protocol description text and so on. The method of finite auto machine for parsing the text and the list of the information of protocol fields are explained especially.The work of this thesis validates sufficiently the feasibility of protocol enhancement capability of content filtering system which would improve the efficiency development of system software of content filtering. There is great value for theoretical sense and it is a very useful explore in enhancement of protocol inspection adaptability of network security devices. |
PDF Full Text Request