Design And Implementation Of Gateway Virus Firewall

With the rapid development of China's Internet, today, the number of Internet users of China has surpassed 477 million, and China has the largest Internet users in the world. China's Internet penetration rate has reached 34.6% and maintains steady rise. However, the security issues of the Internet have become increasingly prominent. The theft number of computer user name and password is increasing. Virus is mainly through E-mail, WEB browser downloads, FTP downloads and P2P downloads to spread. Because of more scattered distribution and weaker purchasing power of SME users, SME users'security issues seem to have not been enough attention by the majority of security companies and security measures for SME users are numbered. The gateway-based virus firewall this thesis studies will provide SME users with "one stop" safety.The design and implementation of gateway-based virus firewall achieves more flexible protocol extensions and efficient detection of the viruses. This work includes the following aspects:(1) The design of framework for identifying the network protocol. The framework supports multiple protocols and the protocol whose port is dynamically generated, which make users easily identify and extend the protocol. It analyses the adaptability of the framework for a variety of protocol identification technology, and achieves more flexible scalability. This thesis takes the HTTP and FTP protocol for example to download files.(2) The implementation of reassembling network data stream. According to IP fragmentation and TCP transmission principle, it reassembles the exist IP packet fragmentations, and then tracks the various states of TCP protocol, handles TCP packet errors, out of order and retransmission etc., and reassembles TCP data-flow to form document flow for facilitating the file operations.(3) The implementation of maintaining the network connection. It analyses several methods to maintain network connection, and achieves the detection technology of maintaining connection according to TCP protocol keep-alive principle. The gateway will send probing packet to one or both parties for the maintenance of normal communication, so that it can avoid communication breakdown, when the two communication sides haven't interacted for a long time.(4) The design of the cache of file characteristics. It uses Rabin fingerprint algorithm which converts a file to a value of file characteristics and stores the value with the virus scan result which the virus scanning engine made into the cache. Getting the virus scan result from the cache if accessing the file again before the cache is invalid, thus it speeds up detecting the viruses for the file.The testing results showed that compared with HAVP system, this system increases the speed of detection of the viruses, and obtained the desired results.