| The rapid development of the Internet not only brings convenience to our lives, but also produces a variety of security issues. Protocol identification which is widely used in firewall system is an important part in network security. At present, protocol analyzing mainly concentrate on the research of the port and the content of the data, various identification methods vary greatly which not suitable for a firewall, and the recognition rate also does not meet the requirements. A new protocol identification method is needed.The thesis proposed a new protocol recognition method based on the analysis of data flow and the study of network identification technology. This method solved the problem of low recognition rate and cannot use a variety of protocol identification method in a firewall. The rule selection process had been improved according to the characteristics of firewall and three kinds of rules by RSTFP algorithm. Finally, the firewall based on three kinds of rules had been tested. The main content of the thesis include the following:(1) A new application layer protocol identification method including Content rule, Pattern rule and Behavior rule was proposed. Three rules aimed to improve already protocol identification method described session separately from the characteristics of key words, patterns and behavior characteristics. Recognition rate testing demonstrated the practicality of the three rules.(2) Protocol identification is the key technology of firewall. An improved RSTFP algorithm of firewall rule selection was proposed as to the problem of the use of three kinds of rules in firewall. The algorithm considers rule matching time, frequency and precedence at the same time. The hit rate of the rules and the performance achieve the expected goal through the implementation and testing of the LRU, LFU and RSTFP algorithm.(3) The firewall which based on the three kinds of rule and RSTFP algorithm was verified by experiment and compared with other firewall. The expected goal also had achieved, which show the validity and feasibility of this new protocol recognition rules and its applicability in firewall.The three kinds of protocol identification rule which proposed in the thesis identificated data at the session level. The proposed rules selection RSTFP algorithm effectively solved the problem of low efficiency of rule matching. |
PDF Full Text Request