Deep Packet Research And Implementation Of The Detected Host Firewall

With the rapid development of computer technology and the Internet, more and more users are connected to the Internet. Although the network brings the entertainment with people, they also face an increasingly security risk. In recent years, hacker attacks and information leakage emerge incessantly and brought the serious influence and the loss for the Internet user. The host-based firewall is the most widespread safe guard tool for the ordinary Internet users.Firewall products on the market today are mostly gateway firewalls that do not resolve the LAN host security. Most of the host-based firewall products that use a simple packet filter approach can do nothing about the attacks based on application layer of network, such as website Trojans, Web viruses, worms, e-mail virus. The host–based firewall products have poor security and the single function and cannot filter harmful information.To do with the above problem, this thesis designs and implements a deep packet inspection host-based firewall system based on NDIS intermediate driver and SPI packets interception techniques. It can intercept all network packets and overcome the deficiencies of single filtration technology.Secondly, this system can prevent a variety of attacks based on application layer content through adopting deep packet inspection technology, and application layer of network packet content inspection, realizes to the illegal content filtration. The system uses the white list techniques to reduce the number of packets for deep packet inspection, and efficient matching algorithm DBM based on BM to improve packet processing speed. These measures can reduce the network latency effectively.The thesis explains the design of the deep packet inspection system and the implement of all the modules in detail, including master routine, SPI detection modules in user-mode, NDIS IMD detection module in kernel-mode.Moreover,it elaborates the implementation of the packet restructuring and the theory of the proposed algorithm-DBM based on BM and code implementation and experimental analysis of it. The analysis shows that the firewall system has good performance, and can effectively prevent some kinds of network attacks and has some utility.