| In recent years, with the growing demands of users for information, and the rapid development of Internet based on the TCP/IP technology, the structure and application of networks as well as their services are constantly updated. On the one hand, the network structure gradually shifts from the traditional mode of C/S (Client/Server) to the P2P (Peer to Peer) mode, together with the increase in the network applications, lead to an extreme short in the bandwidth resources. On the other hand, the emerging network applications and services, produce more security risks beside the convenience. And the use the new protocols and applications of networks, may also bring about more complexity, which enhances the management difficulties.In concern with the trends, not only the network protocols for non-core applications should be banned or under control so as to ensure the normal operation of the most of the conventional protocol, which can make more abundant the utilization of network resources and bandwidth. But also the identification of the malicious data streames or the illegal streames should be made and their separation from data transfering through the network must be completed for transfering the network data safely Thus quick identifying the application layer protocol is the only way to solve both of the problems. In this paper, the technology solution is put forward under such a background, which is also the important and hot topic in network and information security technology.Firstly, the identification methods for the typical application layer protocol are discussed, the protocols fall into two parts, the common application layer protocols and the file-sharing-type P2P protocols; Secondly, in order to greatly enhance the matching efficiency of the system, a new algorithm for matching the string of the recognition system has been optimized, and a feasible solution is proposed for the accurate identification and managing the application layer protocol; Finally, based on the Linux emulator, the system for identification of application layer protocol is designed in this thesis.The paper is divided into six chapters, Chapter I is the introduction, which introduces the research background, research significance, the main work of this paper and the content structure; Chapter II makes a detailed presentation including model structure, problems, strengths and differences on the key technology of the application layer protocol; Chapter III carries out a detailed study and summarize of the typical method to identify the application layer protocol; Chapter IV discusses the regular expression rules and conversion state,and propose a corresponding algorithm to improve the application layer to identify matching engine efficiency; Chapter V designs a software protocol identification system based on the Linux emulator, details works and workflow in four of the system identification matching module (workflow management module,pattern characteristic of the protocol module, rule matching module and the packet matching module).And;hrough the three tests it gives the corresponding software system test results;The final chapter is the outlook for improvement and issues for future research topics. |
PDF Full Text Request