Intelligent Firewall Core Module

In recent years, with the rapid development of Internet technology, the information process is being deepened constantly, the development of Internet has already got deeply to each corner where we have lived. Network communication can be obtained for the computer information, transmission, dealing with, utilizing and sharing and offering a high-efficient, swift environment and transmission passway, but meanwhile, there are so many hostile attacks that spread on Internet, which have caused serious danger to the computer user and network resource.This paper analyses the shortcomings of the traditional firewall, for the production rules expert system features, select this model for developing the rule learning module for intelligent firewall. Next, we use the network data packets intercepte tools, then distribute the interception of data packets to three data sheets in database by protocol. This paper designs and implements a packet preprcessing module, which can find and analysis network attack actions, which matches the conditions of knowledge base, from a large number of data packets records. Then using the uncertainly reasoning infers the conclusion gradually from the fact data. Learning module analyses the network condition that if it contains the network attacks, restore the source address, port and MAC address, and other relevant information of those attacks, then generate filter rules, add it to the filter list of the firewall.This paper also aims at the characteristic of SYN Flood attack, and realize the network red-list technology. After analysing the intercepted data packets, legal access IP address will be added to the red-list. The realization provides the fact basis to the network administrator for disposing the filter list manually, which wouldn't filter the legal visit.According to the Rule Set Conflict Detection Algorithm based on Policy Tree algorithm, this paper realize the rule optimization module, this module can find anomaly in filter list and record in the log, it also can delete the redundancy rule. Finally, in the actual network environment, testing those modules, the result show that the rule learning module can judge SYN Flood, ICMP Flood, Land and other attacks accurately, while, the rule optimization module also can work defering to the expectation way.