期刊文献+
任意字段
题名或关键词
题名
关键词
文摘
作者
第一作者
机构
刊名
分类号
参考文献
作者简介
基金资助
栏目信息

BM算法的改进及其在应用层防护网关中的应用

The Improvement of Boyer-Moore Algorithm and its Application in the Application-layer Protection Gateway
下载PDF
导出
摘要 本文在传统网络层防火墙基础上实现了应用层防护网关,此网关对应用层常用协议进行分析和对执行语句进行还原并过滤,实现了网络各层综合防护。对执行语句与常见攻击特征字段进行模式匹配是应用层过滤最有效的手段,但模式匹配的效率是防护网关性能的主要瓶颈。本文研究了BM算法的实现机理,对传统的BM算法进行了改进;在此应用层防护网关中采用改进后的BM算法很好地提高了装置吞吐量、提升了系统效率。 An Application Protection Gateway was realized based on the traditional network-layer firewall, some general application layer protocols were analyzed and the operating strings were reverted and filtered, so that most of the network layers were defended. The most available method to filter at application layer is to match the attack character pattern with the operating strings, but the pattern matching's efficiency is the bottleneck of the Protection Gateway. In this paper, the mechanism of BM algorithm was investigated, an improved BM algorithm was also proposed, The application of this algorithm in the Application Protection Gateway can greatly improve the set's throughput and the system efficiency.
作者 陈建业 张涛 林为民
机构地区 国网电科院
出处 《微计算机信息》 2010年第21期73-75,111,共4页 Control & Automation
关键词 防火墙 应用层防护网关 模式匹配 BM算法 firewall application protection gateway pattern matching BM algorithm
分类号 TP302.1 [自动化与计算机技术—计算机系统结构]
  • 相关文献

参考文献8

  • 1谢煜然,张钢.基于divert socket的应用层防火墙[J].微处理机,2006,27(5):21-24. 被引量:1
  • 2朱鹏.基于状态包过滤的防火墙技术[J].微计算机信息,2005,21(3):197-198. 被引量:13
  • 3S.W. Boyd, A. D. Keromytis. Preventing SQL injection Attacks [C]. In International Conference on Applied Cryptography and Network Security (ACNS), LNCS, 2004,2:292-302.
  • 4Bass L,Clements P. Software Architecture in Practice [M].北京:清华大学出版社.2003:71-127.
  • 5Roesch, M. Snort-Lightweight Intrusion Detection for Networks [C]. USENIX LISA Conference, 1999. http://www.usenix.org/events/ lisa99/full_papers/roesch/roesch.pdf.
  • 6Boyer R, Moore J. A Fast String Searching Algorithm [J]. Communications of the ACM, 1977,20(10):762-772.
  • 7M. Crochemore, T. Lecroq. Pattern matching and text compression algorithms[M]. The Computer Science and Engineering Handbook, 1996,8:162-202, Boca Raton:CRC Press Inc., 1996.
  • 8R. Baeza-Yates, G. Navarro, B. Ribeiro-Neto. Indexing and Searching[J]. Modern Information Retrieval, 1999,8:191-228.

二级参考文献6

  • 1[2]W Richard Stevens.UNIX Network Programming Volume 1 2nd edition(影印版)[M].北京:清华大学出版社,1998:655-702.
  • 2[3]R Fielding,J Gettys,J Mogul,H Frystyk,L Masinter,P Leach,T Berners-Lee.RFC2616:Hypertext Transfer Protocol--HTTP/1.1[EB/OL].http://www.w3.org/Protocols/rfc2616/rfc2616.html.
  • 3[4]Ugen J S.Antsilevich,Poul-Henning Kamp,Alex Nash,Archie Cobbs,Luigi Rizzo.FreeBSD System Manager's Manual IPFW(8)[EB/OL].http://www.freebsd.org/cgi/man.cgi?query=ipfw.
  • 4[5]Archie Cobbs.FreeBSD Kernel Interfaces Manual DIVERT(4)[EB/OL].http://www.freebsd.org/cgi/man.cgi?query=divert.
  • 5[6]Bram Cohen.BitTorrent Protocol[EB/OL].http://www.bitconjurer.org/BitTorrent/protocol.html.
  • 6yawl.《linux防火墙实现技术比较》[EB/OL].http://www.obfuscation.org/ipf/tcp filtering.pdf,.

共引文献12

微计算机信息
2010年 第21期

相关作者

内容加载中请稍等...

相关机构

内容加载中请稍等...

相关主题

内容加载中请稍等...

浏览历史

内容加载中请稍等...
;
使用帮助 返回顶部