现代电子技术
現代電子技術
현대전자기술
Modern Electronics Technique
2015年
22期
25-28,33
,共5页
网络入侵%未知协议%识别单元%网络安全
網絡入侵%未知協議%識彆單元%網絡安全
망락입침%미지협의%식별단원%망락안전
network intrusion%unknown protocol%recognition unit%network security
为了提高复杂环境下的网络安全性,设计并实现了一种网络入侵中未知协议识别单元.系统通过网络入侵检测模块对网络入侵进行检测并过滤,使得未知协议识别单元的设计不受网络入侵的干扰.利用流量采集模块对网络节点的网络流量进行采集,为后续阶段提供完整的网络数据包以及充分的数据分析样本,将采集的网络数据包以指针的形式返回,发送至流量调度模块.通过流量调度模块将网络数据包的源IP地址作为调度参数,依据用户自定义调度算法将网络数据包传输至指定识别模块,实现整个网络入侵中未知协议识别单元的负载均衡.利用规则匹配模块将从流量调度模块接收到的信息和协议特征库进行匹配,从而实现未知协议的识别.软件设计过程中,对网络入侵中未知协议识别单元进行了详细分析,并给出了网络入侵中未知协议识别的程序代码.仿真实验结果验证了该系统的可行性和实用性.
為瞭提高複雜環境下的網絡安全性,設計併實現瞭一種網絡入侵中未知協議識彆單元.繫統通過網絡入侵檢測模塊對網絡入侵進行檢測併過濾,使得未知協議識彆單元的設計不受網絡入侵的榦擾.利用流量採集模塊對網絡節點的網絡流量進行採集,為後續階段提供完整的網絡數據包以及充分的數據分析樣本,將採集的網絡數據包以指針的形式返迴,髮送至流量調度模塊.通過流量調度模塊將網絡數據包的源IP地阯作為調度參數,依據用戶自定義調度算法將網絡數據包傳輸至指定識彆模塊,實現整箇網絡入侵中未知協議識彆單元的負載均衡.利用規則匹配模塊將從流量調度模塊接收到的信息和協議特徵庫進行匹配,從而實現未知協議的識彆.軟件設計過程中,對網絡入侵中未知協議識彆單元進行瞭詳細分析,併給齣瞭網絡入侵中未知協議識彆的程序代碼.倣真實驗結果驗證瞭該繫統的可行性和實用性.
위료제고복잡배경하적망락안전성,설계병실현료일충망락입침중미지협의식별단원.계통통과망락입침검측모괴대망락입침진행검측병과려,사득미지협의식별단원적설계불수망락입침적간우.이용류량채집모괴대망락절점적망락류량진행채집,위후속계단제공완정적망락수거포이급충분적수거분석양본,장채집적망락수거포이지침적형식반회,발송지류량조도모괴.통과류량조도모괴장망락수거포적원IP지지작위조도삼수,의거용호자정의조도산법장망락수거포전수지지정식별모괴,실현정개망락입침중미지협의식별단원적부재균형.이용규칙필배모괴장종류량조도모괴접수도적신식화협의특정고진행필배,종이실현미지협의적식별.연건설계과정중,대망락입침중미지협의식별단원진행료상세분석,병급출료망락입침중미지협의식별적정서대마.방진실험결과험증료해계통적가행성화실용성.
In order to improve the network security in a complicated environment,an identification unit for unknown proto-cols in network intrusion was designed and realized. System detects and filters network intrusion through the network intrusion detection module to make the unknown protocol identification unit unaffected by the interference of network intrusion. The net-work traffic of the network nodes is collected by traffic acquisition module,which provides complete network data packets and sufficient data analysis samples for later stages,and returns the collected network data packets in the pointer form and sends to the traffic scheduling module. The source IP address of the network data packets is taken as scheduling parameters through traf-fic scheduling module. The network data packets are transmitted to the assigned identification module according to the user-de-fined scheduling algorithm to realize the load balancing of unknown protocol identification unit in the whole network intrusion. the information received by traffic scheduling module is matched with the protocol characteristic library by means of the rule matching module,so as to realize the identification of unknown protocol. In the process of software design,the recognition unit of unknown protocol in network intrusion are analyzed in detail. The program code for unknown protocol recognition in network intrusion is offered. The feasibility and practicability of the system were verified by simulation experiment.