防火墙状态检测技术研究

发布时间：2018-04-12 12:03

本文选题：状态检测 + 防火墙　；参考：《电子科技大学》2014年硕士论文

【摘要】：随着互联网的发展,网络安全问题已经成为影响网络健康发展的关键问题。其中防火墙技术就是有效的阻断网络供给、构建网络安全区域的关键技术。传统的包过滤防火墙在处理用户伪装识别方面表现出严重的不足。为了有效的提供防火墙的防护效果,本文对基于状态检测的防火墙技术进行了研究。并且对本文构建的基于状态检测技术的防火墙进行了详细的分析和设计。在对状态检测防火墙的总体结构进行设计的基础之上,详细的讨论了不同网络协议下的状态检测机制的实现方法。并且对利用状态检测来实现NAT子系统方法进行了分析和设计。最后在基于状态检测的防火墙技术分析与设计的基础之上,本文对本文构建的状态检测防火墙的功能和性能进行了测试。详细的探讨了状态检测防火墙在处理TCP、UDP、ICMP协议方面的表现。通过本文的研究详细的构建出一种基于状态检测技术的防火墙系统,切实的达到了对网络流量的精准控制和过滤。有效的避免了传统包过滤防火墙以及代理技术防火墙存在的弊端和不足。希望通过本文的研究对于其他学者进一步探讨状态防火墙技术,强化网络安全起到借鉴作用和参考价值。
[Abstract]:With the development of the Internet, network security has become a key issue affecting the healthy development of the network.Firewall technology is the key technology to effectively block the network supply and construct the network security area.The traditional packet filtering firewall has a serious deficiency in handling user camouflage identification.In order to provide the protective effect of firewall effectively, the firewall technology based on state detection is studied in this paper.And the firewall based on state detection technology is analyzed and designed in detail.Based on the design of the overall structure of the state detection firewall, the implementation of the state detection mechanism under different network protocols is discussed in detail.The method of using state detection to realize NAT subsystem is analyzed and designed.Finally, based on the analysis and design of the firewall based on state detection, this paper tests the function and performance of the firewall.The performance of state detection firewall in handling TCP / UDP / ICMP protocol is discussed in detail.Through the research of this paper, a firewall system based on state detection technology is built in detail, which can achieve the accurate control and filtering of network traffic.The traditional packet filter firewall and proxy firewall are avoided effectively.It is hoped that the research in this paper can be used as a reference for other scholars to further explore the state firewall technology and strengthen network security.
【学位授予单位】：电子科技大学
【学位级别】：硕士
【学位授予年份】：2014
【分类号】：TP393.08

【参考文献】