CAJ | 학술논문

近年来，互联网的规模呈现爆炸性增长，骨干网通信带宽达到了千兆甚至万兆，因此保护互联网的安全变得越来越重要。网络安全领域的各种产品如防火墙、入侵检测系统都是基于对网络数据的分析和预测而开发的，而截获和还原数据的协议还原技术成为设计这些网络安全产品的基石。文章研究并实现了基于Libnids库的Internet网络协议还原系统，该系统利用旁路数据链路帧的方式捕获数据包，借鉴Linux内核的实现方法进行IP分片组装和TCP流重组，有效实现了网络信息内容监控。该系统可以根据需要加入扩展模块，可根据需要还原多种应用层数据。
근년래，호련망적규모정현폭작성증장，골간망통신대관체도료천조심지만조，인차보호호련망적안전변득월래월중요。망락안전영역적각충산품여방화장、입침검측계통도시기우대망락수거적분석화예측이개발적，이절획화환원수거적협의환원기술성위설계저사망락안전산품적기석。문장연구병실현료기우Libnids고적Internet망락협의환원계통，해계통이용방로수거련로정적방식포획수거포，차감Linux내핵적실현방법진행IP분편조장화TCP류중조，유효실현료망락신식내용감공。해계통가이근거수요가입확전모괴，가근거수요환원다충응용층수거。
In recent years, the Internet has got the explosive growth, with the bandwidth of the backbone network achieving gigabit or even 10 gigabit, so the security of the Internet is becoming more and more important. The network security products such as firewall, intrusion detection system, etc., are developed based on the analysis and prediction of the data on network, and the technologies of Protocol reassembling on network is the foundation of designing these network security products. In this paper, an Internet network protocol reassembling system based on Libnids library is studied and implemented, which captures data packets in the way of bypass data link frame, executes IP fragmentation assembling and TCP flow reorganizing referring to the realization way of the Linux kernel, thereby effectively realizing the monitoring of the network content. It is easy and convenient to add in extension modules according to the need of a variety of application layer data.