發(fā)布時(shí)間：2018-04-14 02:38

  本文選題：防火墻規(guī)則集 + 判定樹(shù)模型　； 參考：《哈爾濱工程大學(xué)》2014年碩士論文

【摘要】：二十一世紀(jì)是信息技術(shù)高速發(fā)展的時(shí)代,隨著移動(dòng)互聯(lián)網(wǎng)的高速崛起,隨時(shí)隨地的信息交流成為人們?nèi)粘Ｉ钪胁豢扇鄙俚囊徊糠�。伴隨著信息技術(shù)高速發(fā)展的網(wǎng)絡(luò)信息安全問(wèn)題,也逐漸被人們所重視。作為網(wǎng)絡(luò)信息安全研究中重要的一部分,防火墻技術(shù)也日益被人們所重視。本文主要針對(duì)防火墻配置規(guī)則集進(jìn)行研究,分別從防火墻有效規(guī)則集的分解算法和防火墻規(guī)則集的動(dòng)態(tài)優(yōu)化算法兩個(gè)方向,展開(kāi)了防火墻配置規(guī)則集的相關(guān)研究。針對(duì)防火墻有效規(guī)則集的分解算法,本文首先提出了一種防火墻規(guī)則集的優(yōu)化原則,針對(duì)防火墻規(guī)則的五種問(wèn)題提出了相關(guān)的優(yōu)化原則。然后提出了一種基于判定樹(shù)的規(guī)則分類算法,在本算法中構(gòu)造了判定樹(shù)模型,對(duì)原有防火墻規(guī)則集中的規(guī)則進(jìn)行分類,在對(duì)規(guī)則進(jìn)行分類的同時(shí),使用判定樹(shù)模型并不會(huì)改變?cè)腥哂嘁?guī)則之間的優(yōu)先級(jí)。接著提出了一種基于掩碼拆分的規(guī)則分解算法,在本算法中根據(jù)IP地址的特點(diǎn),提出了一種掩碼拆分算法,用于分解原有的IP地址,同時(shí)根據(jù)防火墻規(guī)則集的優(yōu)化原則,消除其中的無(wú)效規(guī)則,得到一個(gè)有效規(guī)則集。最后詳細(xì)分析了判定樹(shù)在本算法中的重要作用,并通過(guò)對(duì)比實(shí)驗(yàn)描述了判定樹(shù)模型可以提高掩碼拆分算法的時(shí)間復(fù)雜度。針對(duì)防火墻規(guī)則集的動(dòng)態(tài)優(yōu)化算法,防火墻規(guī)則的優(yōu)先級(jí)是本算法的研究重點(diǎn)。本文首先分析了現(xiàn)有動(dòng)態(tài)優(yōu)化中使用的統(tǒng)計(jì)分析算法,然后提出了一種改進(jìn)的統(tǒng)計(jì)分析算法,經(jīng)過(guò)分析發(fā)現(xiàn)統(tǒng)計(jì)分析算法自身存在的一些不足,最終提出了一種基于堆結(jié)構(gòu)的防火墻規(guī)則集動(dòng)態(tài)優(yōu)化算法。在基于堆結(jié)構(gòu)的動(dòng)態(tài)優(yōu)化算法中,本文構(gòu)造了一個(gè)改進(jìn)的堆模型,用于存放防火墻規(guī)則集,同時(shí)根據(jù)改進(jìn)的堆模型提出了一種動(dòng)態(tài)調(diào)整算法,使得本算法能夠完成對(duì)于防火墻規(guī)則集的動(dòng)態(tài)調(diào)整功能。在本算法的實(shí)驗(yàn)部分,分別分析了原有統(tǒng)計(jì)分析算法、改進(jìn)后的統(tǒng)計(jì)分析算法和基于堆結(jié)構(gòu)的動(dòng)態(tài)優(yōu)化算法的規(guī)則匹配效率,得出了基于堆結(jié)構(gòu)的動(dòng)態(tài)優(yōu)化算法在規(guī)則匹配效率上優(yōu)于原先兩種算法的結(jié)論。
[Abstract]:The 21 century is the era of rapid development of information technology. With the rapid rise of mobile Internet, information exchange at any time and anywhere has become an indispensable part of people's daily life.With the rapid development of information technology, network information security has been paid more and more attention.As an important part of network information security research, firewall technology has been paid more and more attention.In this paper, the firewall configuration rule set is mainly studied. From the decomposition algorithm of firewall effective rule set and the dynamic optimization algorithm of firewall rule set, the related research of firewall configuration rule set is carried out.Aiming at the decomposition algorithm of firewall effective rule set, this paper first puts forward an optimization principle of firewall rule set, and puts forward related optimization principles aiming at five problems of firewall rule.Then, a rule classification algorithm based on decision tree is proposed. In this algorithm, a decision tree model is constructed to classify the rules in the original firewall rule set, and at the same time, the rules are classified.Using the decision tree model does not change the priority between the original redundancy rules.Then a rule decomposition algorithm based on mask splitting is proposed. In this algorithm, according to the characteristics of IP address, a mask splitting algorithm is proposed, which is used to decompose the original IP address, and at the same time, according to the optimization principle of firewall rule set.Eliminate invalid rules and get a valid rule set.Finally, the important role of decision tree in this algorithm is analyzed in detail, and the time complexity of the mask splitting algorithm is improved by comparing the decision tree model.For the dynamic optimization algorithm of firewall rule set, the priority of firewall rule is the focus of this algorithm.This paper first analyzes the existing statistical analysis algorithms used in dynamic optimization, and then proposes an improved statistical analysis algorithm.Finally, a dynamic optimization algorithm of firewall rule set based on heap structure is proposed.In the dynamic optimization algorithm based on heap structure, an improved heap model is constructed to store the firewall rule set, and a dynamic adjustment algorithm is proposed according to the improved heap model.This algorithm can accomplish the dynamic adjustment function for firewall rule set.In the experimental part of this algorithm, the rule matching efficiency of the original statistical analysis algorithm, the improved statistical analysis algorithm and the dynamic optimization algorithm based on heap structure are analyzed respectively.It is concluded that the dynamic optimization algorithm based on heap structure is superior to the former two algorithms in rule matching efficiency.
【學(xué)位授予單位】：哈爾濱工程大學(xué)
【學(xué)位級(jí)別】：碩士
【學(xué)位授予年份】：2014
【分類號(hào)】：TP393.08

【參考文獻(xiàn)】

相關(guān)期刊論文 前10條

1 蘭娟;孫強(qiáng);;一種枚舉生成所有最小-最大堆的算法[J];計(jì)算機(jī)應(yīng)用與軟件;2013年08期

2 李中;李曉;;一種性能優(yōu)化的防火墻規(guī)則匹配算法[J];計(jì)算機(jī)應(yīng)用研究;2013年04期

3 李澤平;;基于決策樹(shù)的防火墻訪問(wèn)控制策略檢測(cè)與優(yōu)化[J];黔南民族師范學(xué)院學(xué)報(bào);2012年03期

4 孫立琴;潘理;;防火墻策略沖突檢測(cè)及沖突策略可視化[J];信息安全與通信保密;2012年05期

5 梁萍;帥建梅;譚小彬;周宇;;基于判定樹(shù)的Snort規(guī)則集優(yōu)化構(gòu)造方法[J];計(jì)算機(jī)工程;2011年02期

6 何祥濱;周聰;;基于哈夫曼樹(shù)的防火墻規(guī)則動(dòng)態(tài)優(yōu)化的研究[J];計(jì)算機(jī)與現(xiàn)代化;2010年08期

7 馬廷斌;徐芬;;判定樹(shù)歸納分類研究[J];科技信息;2009年13期

8 楊奕;楊樹(shù)堂;陳健寧;陸松年;;基于統(tǒng)計(jì)分析與規(guī)則沖突檢測(cè)的防火墻優(yōu)化[J];計(jì)算機(jī)工程;2008年15期

9 呂海濤;梁祖華;;基于防火墻規(guī)則匹配優(yōu)化算法的研究[J];計(jì)算機(jī)安全;2008年03期

10 王衛(wèi)平;陳文惠;朱衛(wèi)未;陳華平;;防火墻規(guī)則配置錯(cuò)誤快速檢測(cè)算法[J];計(jì)算機(jī)工程;2007年11期

相關(guān)博士學(xué)位論文 前1條

1 陳文惠;防火墻系統(tǒng)策略配置研究[D];中國(guó)科學(xué)技術(shù)大學(xué);2007年

相關(guān)碩士學(xué)位論文 前1條

1 王睿;基于興趣度的判定樹(shù)算法快速分類的優(yōu)化[D];電子科技大學(xué);2006年

，

本文編號(hào)：1747379