本文選題：防火墻　切入點(diǎn)：網(wǎng)絡(luò)協(xié)議分析　出處：《北京交通大學(xué)》2014年碩士論文　論文類型：學(xué)位論文

【摘要】：隨著互聯(lián)網(wǎng)的飛速發(fā)展,互聯(lián)網(wǎng)應(yīng)用的網(wǎng)絡(luò)特性變得越來(lái)越復(fù)雜多變,同時(shí)越來(lái)越多的網(wǎng)絡(luò)威脅來(lái)自于應(yīng)用層。傳統(tǒng)防火墻基于P和端口號(hào)的五元組流量識(shí)別方法已經(jīng)難以應(yīng)對(duì),由此產(chǎn)生了基于應(yīng)用層網(wǎng)絡(luò)流量識(shí)別的下一代網(wǎng)絡(luò)防火墻。目前國(guó)內(nèi)的下一代網(wǎng)絡(luò)防火墻都沒(méi)有特別完善的網(wǎng)絡(luò)應(yīng)用特征庫(kù),在支持應(yīng)用的規(guī)模和應(yīng)用識(shí)別的精細(xì)度上都不夠理想。同時(shí)國(guó)外較先進(jìn)的部分下一代網(wǎng)絡(luò)防火墻對(duì)國(guó)內(nèi)主流網(wǎng)絡(luò)應(yīng)用的支持度也較低�；谶@種原因,本項(xiàng)目著手進(jìn)行了下一代網(wǎng)絡(luò)防火墻的應(yīng)用層網(wǎng)絡(luò)協(xié)議分析、分類和特征庫(kù)的構(gòu)建,特征庫(kù)主要支持絕大部分國(guó)內(nèi)主流網(wǎng)絡(luò)應(yīng)用功能。 作者負(fù)責(zé)了特征庫(kù)中6個(gè)一級(jí)分類的全部網(wǎng)絡(luò)應(yīng)用的應(yīng)用協(xié)議分析和應(yīng)用特征提取工作,參與了移動(dòng)端應(yīng)用特征自動(dòng)提取系統(tǒng)的開(kāi)發(fā),負(fù)責(zé)其中Android應(yīng)用信息爬取、apk包下載和apk內(nèi)容解析等部分的設(shè)計(jì)和代碼實(shí)現(xiàn)工作。其他輔助性的工作包括PC端主流互聯(lián)網(wǎng)應(yīng)用和分類調(diào)研,網(wǎng)絡(luò)游戲、代理軟件、股票期貨軟件和辦公會(huì)議軟件等類型應(yīng)用的使用和網(wǎng)絡(luò)流量生成方法調(diào)研。 項(xiàng)目最終構(gòu)建的應(yīng)用協(xié)議特征庫(kù),在內(nèi)部測(cè)試環(huán)境下各項(xiàng)指標(biāo)均超過(guò)預(yù)期,在多個(gè)Beta用戶環(huán)境下的網(wǎng)絡(luò)流量測(cè)試也均成功通過(guò),大幅度提升了應(yīng)用支持規(guī)模的同時(shí),進(jìn)一步提高了網(wǎng)絡(luò)應(yīng)用的識(shí)別率和識(shí)別精細(xì)度。本特征庫(kù)在隨實(shí)際產(chǎn)品上線后,表現(xiàn)的應(yīng)用識(shí)別能力優(yōu)秀而穩(wěn)定,獲得了產(chǎn)品用戶的一致好評(píng)。
[Abstract]:With the rapid development of the Internet, the network characteristics of Internet applications become more and more complex and changeable. At the same time, more and more network threats come from the application layer. As a result, the next generation network firewall based on application layer network traffic identification has emerged. At present, none of the next generation network firewalls in China has a particularly perfect network application signature library. The scale of supporting applications and the fineness of application identification are not ideal. At the same time, some of the more advanced next generation network firewalls in foreign countries also have lower support for mainstream network applications in China. This project begins to analyze, classify and construct the application layer network protocol of the next generation network firewall. The feature library mainly supports the majority of mainstream network application functions in China. The author is in charge of the application protocol analysis and application feature extraction of all the network applications of six first-level classification in the signature database, and participates in the development of the automatic feature extraction system for mobile applications. Responsible for the design and code implementation of Android application information crawling, APK package downloading and apk content parsing. Other supporting work includes mainstream Internet applications and classification research on the PC side, online games, agent software, etc. Research on the use of stock futures software and office conference software and network traffic generation methods. Finally, the application protocol signature library constructed by the project has exceeded the expectations under the internal test environment, and the network traffic testing under multiple Beta user environments has also been successfully passed, which has greatly enhanced the application support scale at the same time. The recognition rate and fineness of the network application are further improved. After the actual product goes online, the performance of the application recognition ability is excellent and stable, and it has been well received by the product users.
【學(xué)位授予單位】：北京交通大學(xué)
【學(xué)位級(jí)別】：碩士
【學(xué)位授予年份】：2014
【分類號(hào)】：TP393.08

【參考文獻(xiàn)】

相關(guān)期刊論文 前2條

1 何飛;項(xiàng)帆;邵熠陽(yáng);薛一波;李軍;;Accelerating Application Identification with Two-Stage Matching and Pre-Classification[J];Tsinghua Science and Technology;2011年04期

2 趙國(guó)鋒;吉朝明;徐川;;Internet流量識(shí)別技術(shù)研究[J];小型微型計(jì)算機(jī)系統(tǒng);2010年08期

，

本文編號(hào)：1591483