共查询到19条相似文献,搜索用时 125 毫秒
1.
2.
基于SPI的封包截获与重组技术研究 总被引:1,自引:0,他引:1
在一个网页内容过滤系统中,实现数据包截获并非困难,但要把截获的数据包重组成服务器返回的网页文件需要一定的难度。本文简单阐述了Windows SPI网页数据包截获技术,并结合HTTP协议和winsock2.0原理,提出了截获网页数据包并重组为网页文件的算法模型。最后在网络数据过滤系统中得以实现,并取得了良好的效果。 相似文献
3.
在网络技术飞速发展的今天,黑客和病毒每年给互联网用户带来了巨大的损失,个人防火墙应运而生.个人防火墙一般都是采用包过滤的方式来实现的.包过滤型防火墙如果在应用层过滤数据包,因不能捕获所有的数据包,安全性较低;而工作在NDIS层的包过滤型防火墙,则能对所有数据包进行过滤,安全性较好.文章设计并实现了一个包过滤型防火墙系统,在windows 内核中截获数据包,并通过采用多线程等技术进一步优化了包过滤的性能. 相似文献
4.
本文对网络入侵检测技术中的BP进行了深入研究。首先讲述了入侵检测的发展史和入侵检测数据包的截获技术的分类。然后详细分析了BPF(Berkeley Packet filter)的数据包截获和信息过滤技术。最后给出了入侵检测系统的发展趋势。 相似文献
5.
王璐 《电子产品维修与制作》2009,(19):87-89
在网络世界中,从过滤数据包的角度看,笔者一直认为防火墙绝对是“墙”,通常是不可逾越的所在。尤其是经过了长时间的发展,防火墙阻止数据包通过的手段层出不穷,任黑客玩什么猫腻,惹急了全都挡住。 相似文献
6.
7.
介绍了基于高性能FPGA的千兆网络数据分析过滤采集系统设计.该系统能够对千兆主干网的网络数据进行分析,过滤和采集.该系统提供良好的配置接口,并将所关心的数据转发,百分比采样或是抛弃.而且能够对报文进行统计,并按照协议类型,源地址,目的地址等规则将数据包分类存储起来.本系统采用硬件查找方式进行数据包的分类极大地加速了数据包分类的速度. 相似文献
8.
防水墙技术初探 总被引:3,自引:1,他引:2
李文剑 《信息安全与通信保密》2007,(5):107-108
防水墙技术是一种防止内部信息向外扩散的技术。论文给出了防水墙的定义及功能特性,并通过对防水墙系统WaterBox的介绍分析,探讨了利用防水墙技术构筑内网信息安全的可行性及发展趋势。 相似文献
9.
针对IPv4向IPv6过渡阶段网络的特殊性,分析了IPv6-in-IPv4隧道技术给网络带来的安全威胁。通过需求分析及防火墙框架设计,实现了基于Netfilter框架的Trans防火墙,Trans防火墙功能较为完善,不仅能够过滤普通的IPv4数据包,而且能够检查和过滤IPv6-in-IPv4封装数据包,并实现了过滤规则的动态配置以及日志记录等。最后,对Trans防火墙进行测试,结果表明Trans防火墙能够很好地对不同协议类型的数据包进行检查及过滤,从而为有效地防止隧道攻击提供了安全保证。 相似文献
10.
《中国无线电电子学文摘》2003,(4)
TP39 2003041934利用VC++编程实现防火培数据包过滤/昊金龙(华侨大学)11华侨大学学报(自然科学版)一2003,24(l)一92一97随着计算机网络深入社会、经济、国防、科技与文教等各个领域,计算机系统的安全问题正变得日益复杂和突出,资源共享和网络分部更增加了网络收到威胁和攻击的可能性,于是基于包过滤加状态检测的防火墙系统成为保护网络安全的工具‘文中介绍一种集数据包过滤、日志、代理服务于一体的复合型防火墙系统,着重论述利用VC十+编程技术实现数据包过滤的软件方法.图3参3(木)TP39,TN918 2003041935计算机网络安全系统设计/高常波… 相似文献
11.
Packet filtering allows a network gateway to control the network traffic flows and protect the computer system. Most of the recent research works on the filtering systems mainly concern the performance, reliability and defence against common network attacks. However, since the gateway might be controlled by red an untrusted attacker, who might try to infer the identity privacy of the sender host and mount IP tracking to its data packets. IP spoofing is another problem. To avoid data packets to be filtered in the packet filtering system, the malicious sender host might use a spoofed source IP address. Therefore, to preserve the source IP privacy and provide source IP authentication simultaneously in the filtering system is an interesting and challenging problem. To deal with the problem, we construct a data packet filtering scheme, which is formally proved to be semantic secure against the chosen IP attack and IP guessing attack. Based on this filtering scheme, we propose the first privacy-preserving packet filtering system, where the data packets whose source IP addresses are at risk are filtered, the privacy of the source IP is protected and its correctness can be verified by the recipient host. The analysis shows that our protocol can fulfil the objectives of a data packet filtering system. The performance evaluation demonstrates its applicability in the current network systems. We also presented a packet filtering scheme, where the data packets from one subnet can be filtered with only one filter policy. 相似文献
12.
基于智能网关的数字家庭网络系统,主要应用于智能网关的管理,能实现内部网络协议转换和QoS(网络服务质量)动态配置。该系统以PLC及UWB技术原理为基础,基于RC32434的MIPS+Linux系统平台,多SSID和VLAN技术,增强型X-10的总线技术及VPN技术的应用,实现了家庭网关的多业务和多种端口技术、三网合一的内部网络协议转换技术、智能路由技术及网络数据包过滤技术。 相似文献
13.
随着Internet的迅猛发展,计算机网络安全已经成为一个不容忽视的问题。计算机网络已不再局限于某一领域,而是广泛深入到社会生活的各个方面,计算机网络的开放性、互交行和分散性,使得计算机网络安全问题越来越凸现。重点讲述了如何配置H3C SecPath F100-A防火墙以实现ACL规则过滤数据包、静态路由、网络地址转换及攻击防范等功能,限制内外网之间的访问,提高网络安全性。 相似文献
14.
DDoS攻击是一种被黑客广泛应用的攻击方式,它以破坏计算机系统或网络的可用性为目标,危害性极大。本文首先介绍了DDoS攻击的攻击原理,接着从DDoS攻击的攻击手段和攻击方式两个方面对DoS攻击进行分类介绍,然后针对DDoS攻击的方式,提出了一种检测和防御DDoS攻击的模型,最后利用入侵检测技术和数据包过滤技术,设计了一个针对DDoS攻击的检测与防御系统,该系统具有配置简单、易于扩展、实用性较强等优点。 相似文献
15.
入侵防御系统是网络安全领域为弥补防火墙及入侵检测系统的不足而新发展起来的一种信息安全技术。系统采用NDIS Hooking技术捕获本机进出的网络数据流,通过模式匹配算法可以一次在数据包的负载中查找多个入侵模式。该系统不仅能够实现入侵检测的功能,而且可以在入侵检测的基础上提供有效的阻断。 相似文献
16.
Network intrusion detection systems (NIDS) are critical network security tools that help protect computer installations from malicious users. Traditional software-based NIDS architectures are becoming strained as network data rates increase and attacks intensify in volume and complexity. In recent years, researchers have proposed using FPGAs to perform the computationally-intensive components of intrusion detection analysis. In this work, we present a new NIDS architecture that integrates the network interface hardware and packet analysis hardware into a single FPGA chip. This integration enables a higher performance and more flexible NIDS platform. To demonstrate the benefits of this technique, we have implemented a complete and functional NIDS in a Xilinx Virtex II Pro FPGA that performs in-line packet analysis and filtering on multiple Gigabit Ethernet links using rules from the open-source Snort attack database. 相似文献
17.
随着网络传输速度的不断提高和网络应用的飞速发展,如何实时获取网络信息,准确快速地进行网络取证,已经成为计算机科学领域专家关注的热点问题。文中在分析网络取证技术和取证过程特点的基础上,给出了对主机、网络数据包和安全设备的协同取证系统,针对从不同取证要素获取的数据,系统并行地采用多种处理技术,最后采用模糊决策方法进行证据的分析和判定。该系统在计算机网络取证方面实现了协同并行处理、实时快速响应及综合智能分析。 相似文献
18.
《Vehicular Technology, IEEE Transactions on》1984,33(3):250-258
The need to provide computer network access to mobile terminals and computer communications in the mobile environment has stimulated and motivated the current developments in this area. Packet radio technology has developed over the past decade in response to the need for real-time, interactive communications among mobile users and shared computer resources. In computer communication systems we have a great need for sharing expensive resources among a collection of high peak-to-average (i.e., bursty) users. Packet radio networks provide an effective way to interconnect fixed and mobile resources. The results of an attempt to study the performance of the mobile packet radio network for computer communications over degraded channels are presented. We develop a model under fading conditions and derive a protocol for evaluating the performance of the mobile packet radio network (MPRNET) in terms of the packet error rate, packet delay, throughput and average number of retransmitted packets per cycle. The analytical results are presented and numerical examples are given to illustrate the behavior of these performance criteria as a function of packet transmission rate, packets transmitted per cycle, packet size, and vehicle speed with the help of appropriate plots. 相似文献
19.
Efficient utilization of network resources is a key goal for emerging broadband wireless access systems (BWAS). This is a complex goal to achieve due to the heterogeneous service nature and diverse quality of service (QoS) requirements of various applications that BWAS support. Packet scheduling is an important activity that affects BWAS QoS outcomes. This paper proposes a novel packet scheduling mechanism that improves QoS in mobile wireless networks which exploit IP as a transport technology for data transfer between BWAS base stations and mobile users at the radio transmission layer. In order to improve BWAS QoS the new packet algorithm makes changes at both the IP and the radio layers. The new packet scheduling algorithm exploits handoff priority scheduling principles and takes into account buffer occupancy and channel conditions. The packet scheduling mechanism also incorporates the concept of fairness. Performance results were obtained by computer simulation and compared to the well known algorithms. Results show that by exploiting the new packet scheduling algorithm, the transport system is able to provide a low handoff packet drop rate, low packet forwarding rate, low packet delay and ensure fairness amongst the users of different services. 相似文献
