| With the rapid growth of Internet applications, the security hidden danger of the network appear continuously, the illegal theft of network resources, the illegal use of network services, denial of service, worms, Trojan horses and even malicious attacks and destruction events are endless. These security problems have caused huge losses to network operators, service providers and users, and it make people profound understanding that there are serious security problems of Internet applications based on IP technology. The Network openness and inherent Vulnerability in the IP network, allowing the attacker to easily make use of the weaknesses of the network launched a variety of attacks. So it is necessary to design a network access monitoring system for user effectively preventing authorized users illegally accessing the unauthorized network resources.This system is developed with C language on Linux and gets packets based on network monitor. This system picks up the URL information from IP packet, and then it matches to the blacklist in database using a fast string matching algorithm. After matching successfully, it will sent a redirection HTTP message to use, and redirected it elsewhere to intercept the user’s access. If they do not match, the system will adopt the method of flow analysis to block access to the site that generate abnormal flow and update the data promptly.Firstly, the thesis analyzes the research background, domestic and international status and other basic information, and then it briefly introduces the technology that the system needs to finish. The feasibility analysis and needs analysis provides the basis for the various functional modules of the design system. Next, the system accords to the design of the functional modules to achieve the function of each module specifically. Finally, testing the system and putting forward the deficiencies. |
PDF Full Text Request