| Along with the rapid development and spread of the Internet technology, Internet is increasingly larger, and then network security issues appear more frequently. Protocol identification and restoring is the basic of network security such as Internet network traffic statistics and keywords detection. It is not only the right way to purify Internet and make more efficient use of network bandwidth, but also one of the hot topics of network security technologies.In this paper, a protocol identification method based on the classification and regular expression is put forward. Then the design of the protocol classification and restoring system is implemented, and the efficiency of this system is also improved, which meets the demands of practical applications. The main content includes:Firstly, the paper introduces common application layer protocol in detail. By comparing the three kinds of protocol identification technologies and analyzing their advantages ands drawbacks, the improved methodology of protocol identification addressed in this paper is feasible. The principle of TCP flows reassembling and its key problems are also analyzed. Meanwhile, the open source software libnids and the efficiency are improved to implement the system.Seecondly, in accordance with these issues, the improved methodology of protocol identification is designed. And then restore the attachments in E-mail. Additionally, to be more specific, the system implementation is achieved after the design of each block:distributed deployment, data packages capturing, identification of application layer protocols, protocol analyzing and the system management block.Last but not the least, the designed system is tested and verified in the real network environment, the function and the performance tests show that the accuracy and efficiency of the improved methodology of protocol identification is relatively ideal and of certain theoretical and research value. |
PDF Full Text Request