本文選題：網(wǎng)絡(luò)安全審計(jì) + NDIS　； 參考：《中南大學(xué)》2014年碩士論文

【摘要】：摘要：針對(duì)Internet的攻擊現(xiàn)象越來(lái)越多,特別針對(duì)應(yīng)用層的入侵更是屢見(jiàn)不鮮,網(wǎng)絡(luò)安全審計(jì)系統(tǒng)把防火墻的功能重心從網(wǎng)絡(luò)層發(fā)展到了應(yīng)用層。針對(duì)應(yīng)用層的審計(jì)誕生了深度包檢測(cè)技術(shù),深度包檢測(cè)技術(shù)不僅檢測(cè)數(shù)據(jù)包頭部,而且深入有效載荷,能夠發(fā)現(xiàn)隱藏在其中的特征,較之傳統(tǒng)的網(wǎng)絡(luò)層審計(jì)方法能更精細(xì)地識(shí)別不同的網(wǎng)絡(luò)行為。 正則表達(dá)式具有字符串所不具備的強(qiáng)大和靈活的表達(dá)能力,它能確切地表達(dá)出復(fù)雜的特征,因而深度包檢測(cè)中逐漸使用正則表達(dá)式代替?zhèn)鹘y(tǒng)的KMP、AC、BM等精確字符串匹配算法。DFA和NFA可以實(shí)現(xiàn)正則表達(dá)式匹配,DFA比NFA更適合在網(wǎng)絡(luò)應(yīng)用中使用。規(guī)則特征庫(kù)規(guī)模的擴(kuò)大以及“.*”和“{}”運(yùn)算符的廣泛使用使DFA存在空間爆炸、性能?chē)?yán)重下降的問(wèn)題。 本文詳細(xì)分析了DFA空間爆炸的原因,在對(duì)現(xiàn)有DFA優(yōu)化技術(shù)深入研究和分析的基礎(chǔ)上,提出了HCADFA分組算法。通過(guò)L7-filter最新的所有規(guī)則模擬DFA爆炸情況,相比于mDFA,同一內(nèi)存限制條件下,HCADFA能得到更少的分組；同等數(shù)量分組的條件下,HCADFA存儲(chǔ)性能更好。HCADFA提高了DFA在深度包檢測(cè)中的實(shí)用性。另外,本文給出了一種適用于應(yīng)用層的特征庫(kù)內(nèi)存模型,該模型能壓縮DFA圖存儲(chǔ)的狀態(tài)數(shù)量,減少DFA圖存儲(chǔ)空間。 最后,本文通過(guò)使用HCADFA分組算法作為核心模塊匹配策略,設(shè)計(jì)并實(shí)現(xiàn)了一個(gè)網(wǎng)絡(luò)安全審計(jì)系統(tǒng)ENAuditSys。分析運(yùn)行結(jié)果表明ENAuditSys達(dá)到了預(yù)期目的,在對(duì)網(wǎng)絡(luò)性能影響在可接受范圍內(nèi),能夠?qū)徲?jì)內(nèi)網(wǎng)各機(jī)器的上網(wǎng)行為或異常行為。
[Abstract]:Absrtact: there are more and more attacks against Internet, especially for the intrusion of application layer. Network security audit system develops the function of firewall from network layer to application layer. For the audit of application layer, the depth packet detection technology is born. The depth packet detection technology not only detects the packet head, but also goes deep into the payload, and can discover the hidden features in it. Compared with the traditional network layer audit method, it can identify different network behaviors more carefully. Regular expressions have powerful and flexible expressive capabilities that strings do not. They can express complex features exactly. Therefore, in depth packet detection, regular expressions are gradually used to replace the traditional exact string matching algorithms, such as KMPA / AC / BM. DFA and NFA can be used to realize regular expression matching. DFA is more suitable for network applications than NFA. The expansion of the rule signature library and the widespread use of ". *" and "{}" operators make DFA suffer from space explosion and serious degradation of performance. In this paper, the causes of DFA space explosion are analyzed in detail. Based on the in-depth study and analysis of the existing DFA optimization techniques, a HCADFA grouping algorithm is proposed. Using all the latest rules of L7-filter to simulate DFA explosion, compared with mDFAs, HCADFAs can get fewer packets under the same memory limitation condition, and the storage performance of DFA in the same number of packets is better. HCADFA improves the practicability of DFA in depth packet detection. In addition, this paper presents a signature memory model suitable for application layer. The model can compress the number of states stored in DFA diagrams and reduce the storage space of DFA diagrams. Finally, by using HCADFA packet algorithm as the core module matching strategy, this paper designs and implements a network security audit system, Enadit Sys. The analysis results show that ENAuditSys achieves the expected purpose and can audit the Internet behavior or abnormal behavior of the intranet machines within the acceptable range of the impact on the network performance.
【學(xué)位授予單位】：中南大學(xué)
【學(xué)位級(jí)別】：碩士
【學(xué)位授予年份】：2014
【分類(lèi)號(hào)】：TP393.08

【參考文獻(xiàn)】

相關(guān)期刊論文 前6條

1 呂鎮(zhèn)邦,吳廣茂;計(jì)算機(jī)網(wǎng)絡(luò)安全及安全審計(jì)技術(shù)研究[J];航空計(jì)算技術(shù);1999年04期

2 李承,王偉釗,程立,汪為農(nóng),李家濱;基于防火墻日志的網(wǎng)絡(luò)安全審計(jì)系統(tǒng)研究與實(shí)現(xiàn)[J];計(jì)算機(jī)工程;2002年06期

3 郭興陽(yáng),高峰,唐朝京;一種NDIS中間層數(shù)據(jù)包過(guò)濾方法[J];計(jì)算機(jī)工程;2004年17期

4 胡曉元,史浩山;WinPcap包截獲系統(tǒng)的分析及其應(yīng)用[J];計(jì)算機(jī)工程;2005年02期

5 王偉釗,李承,李家濱;網(wǎng)絡(luò)安全審計(jì)系統(tǒng)的實(shí)現(xiàn)方法[J];計(jì)算機(jī)應(yīng)用與軟件;2002年11期

6 黃晨;胡紅云;蔣安東;謝俊元;;分布式安全審計(jì)系統(tǒng)設(shè)計(jì)與實(shí)現(xiàn)[J];計(jì)算機(jī)工程與設(shè)計(jì);2007年04期

，

本文編號(hào)：1816113