| With the development of computer network and expansion of information application, computer network application becoming important increasingly. Massive date information must be transported through the network in organizations such as enterprise, company and government, so, how to ensure transport date information safely becoming the main research subject in information security field at home and broad now.Most of internet security products are hardware gateway products, but these hardware products can only keep the latent network intrusion out of external network in some extent. However, according to authoritative statistics, most of latent network intrusion come from enterprise, company and government internal network at present, it is impossible for these hardware security products to defend network intrusion and keep the thief from secret date.As enterprise, company and government internal network clients application are Windows operation system, so, to research and design information software products in Windows operation system is so urgent, such as distribute firewall, virtual private network client software, intrusion detect system, virtual local area software and specific network date flow encryption and decryption software products. To research and design these security software products in Windows operation system involve handling network packets and packets classification operation, but most of capturing network packets technologies in Windows operation system are limited to user-mode at present, while at kernel-mode operation technology is the main research subject in network packets handling research field in Windows operation system, moreover, the research of network flow was confined to backbone router application, while the research of network flow classification in Windows operation system is so deficient, and in the latter research we can design special network flow date encryption and decryption products.The research and application of work flow classification model in Widows application system is based on Multi-Agent technology in this paper, other object based programming technology, such as Message mechanism and Event mechanism are applied in Multi-Agent communication and cooperation.We introduced three nodes binary hash search by referring binary search and hash search theory, application it in both packets capturing and classifying driver program to classify single packet precisely. As for multi packets classification of specific network flow, based on specific software process action random distribution statistics control policy is to be applied, not single packet processing. To capturing network flow thoroughly, Intermediate NDIS Drivers technology is to be applied in this paper. |
PDF Full Text Request