The Research Of Application Firewall Performance Evaluation And Optimization Model Based On Queuing Theory

With the rapid development of computer networks and the popularity of Internet technology,the Internet and people's lives more and more closely linked.People's life,entertainment,work,shopping and other activities increasingly inseparable from the Internet.The rapid development of Internet technology is not only,WEB attack means are also rapidly changing,the number of WEB attacks is increasing.Xi Jinping,general secretary of the Forum on Network Security and information technology in April 19,2016 focused on the absence of network security there is no national security.The number of Internet users in China has increased to 731 million.Application firewall as an important network security equipment to protect the trusted network users often set up between a trusted intranet and extranet,application firewall analysis of all network traffic through it so as to ensure the reliable security of the network,if the Web application firewall performance is too low,may lead to communication between the internal and external network paralysis.Therefore,how to reasonably evaluate and optimize the performance of Web application firewall is very important.This paper analyzes the performance of Application firewall from two points.First,in order to evaluate the performance of Application firewall establish a mathematical model.The commonly used analysis methods include practical value,the use of computer programming simulation and the establishment of mathematical models for analysis.Mathematical modeling analysis is more convenient,once the model has been built and derived the corresponding formula,can quickly calculate the corresponding performance indicators.Therefore,this paper constructs a two phase,multi-protocol and multi-application parallel Application firewall model based on queuing theory.In the first stage,we mainly analyze the network layer and the transport layer.The second stage for the upper analysis,the model for multi-protocol and multi-application are analyzed.In this model,FTP,DNS and HTTP are taken as examples.Then,through the formula,the optimal allocation scheme of resources is deduced under the condition of limited resources.Finally,the results are verified by discrete simulation experiments.Secondly,this paper optimizes the URL rule matching method of Application firewall.Based on the existing algorithm of bloom filter and dictionary tree,this paper optimizes the bloom filter which is used to adapt it to the requirements of Application firewall system.Two optimization of the bloom filter in the algorithm.First,the bloom filter has its own limitations,there will be a false positive probability,this article to add check bits to greatly reduce the probability of false detection.Second,because of adding check bits,it may lead to the bloom filter space occupancy rate becomes larger.Therefore,combined with check bits and VLCBF algorithm,this article proposes a VLCBF_V algorithm.This algorithm can effectively improve the performance of Application firewalls in terms of time efficiency,spatial utilization and matching precision.