| With the development of the technology,network security problem also becomes more and more important.WEB firewall as a security tool,plays an important role in the network communication.WEB firewall is a safeguard system that analyses the http data deeply.WEB firewall system is a protector of the network security.Meanwhile,it also is easy to become the network communication performance bottlenecks.As a result,the testing of WEB firewall and performance evaluation,and related optimization technology is particularly important.This paper will study the WEB firewall system from the two aspects,the method of the performance evaluation and the technology of the performance optimization.The first point is the performance evaluation of WEB firewall system.About the theory research of performance evaluation,the queuing theory in mathematical theory is usually used.At present,in the research about queuing theory in the WEB firewall system,the WEB firewall system is looked as a whole or the only one layer is simply researched.In fact,WEB firewall is a three layers structure.It consists of IP layer,TCP layer and HTTP layer.Therefore,this paper proposes a layered queuing model for WEB firewall system.In the model,WEB firewall system is subdivided into three layers.The three layers are studied by queuing theory respectively.They are connected by the traffic.Based on this model,the throughput of WEB firewall system and the number of the three layers of reception how to set are studied in the situation that the hardware resources of the firewall limit.At last,the optimal allocation of the resource and the maximum throughput of the system can be got.The second point is about the performance optimization of WEB firewall system.For WEB firewall system performance optimization,this paper also analyzes from two aspects.The first is about dynamic memory management.For traditional memory management,there are many methods,such as bitmaps,leisure table,etc.The present memory pool technology in the leisure table was improved by removing the chain point-handling.However,this paper optimizes the algorithm by being based on the result,and further studying the technology of dynamic memory management,and combining with the locality of the stack better than the queue.It is proved by experiments.Then it is the improvement the hash conflict resolution method in the WEB firewall system.Traditional hash conflict resolution method is the form of a list by inserting the node to the head of the list.It isn't a good method,and doesn't take the advantage of the characteristics of the network traffic.At present,the optimized method is combined with the locality of the network flow on the basis.This paper is based on theimproved method,and uses the idea space for time to improve the improved method by adding buffer pointers.It is proved that the further improved algorithm achieves good optimization on performance by experiments. |
PDF Full Text Request