CAJ | 학술논문

针对网络监听中应用层网络协议类型多、端口动态化、负载变化频繁、关键词匹配难度大等问题。本文提出了一种能够不降低被监听网络性能的多模式匹配的应用协议识别算法。首先根据模式串集合前后缀关系进行分类，然后采用正、反向匹配算法进行处理，最后采用活跃规则的方式对协议规则进行调度。实验结果表明，新算法在模式集较大的情况下，能明显提高应用协议识别的效率，并减少资源消耗，适用于实行大规模网络监听的生产环境。
침대망락감은중응용층망락협의류형다、단구동태화、부재변화빈번、관건사필배난도대등문제。본문제출료일충능구불강저피감은망락성능적다모식필배적응용협의식별산법。수선근거모식천집합전후철관계진행분류，연후채용정、반향필배산법진행처리，최후채용활약규칙적방식대협의규칙진행조도。실험결과표명，신산법재모식집교대적정황하，능명현제고응용협의식별적효솔，병감소자원소모，괄용우실행대규모망락감은적생산배경。
Aiming at the problem of the multiple types of application layer network protocol, port dynamic variety, load changing frequently, keyword matching difficultly in network monitoring, in this paper, an application protocol identification algorithm based on multi-pattern matching was presented, but the network performance could not be re-duced. Firstly, the set of pattern strings is classified with relation of prefix and suffix, and then processed by forward algorithm and reverse algorithm. The active rules is used for scheduling protocol rule. The experimental results show that with the larger the pattern set the efficiency of application protocol identification can be significantly improved by new algorithm and resource consumption can be reduced,the new algorithm are suitable for large-scale network moni-toring of the production environment.