一种违规上网行为监控及管理系统的研究与实现

发布时间：2018-06-01 08:16

本文选题：违规外联 + 数据包拦截　；参考：《北京交通大学》2014年硕士论文

【摘要】：近年来,伴随着计算机与网络技术的飞速发展,因特网在我们的工作、学习和生活中扮演者越来越重要的角色。一个企业给自己的员工提供网络是希望员工能够有效地利用网络,更好、更高效地完成本职工作。然而,在企业中,员工的违规上网行为普遍存在,这不仅违反了企业架设计算机网络的初衷,并且严重限制了其关键业务的带宽。同时,员工的违规上网行为,还可能带来诸如计算机病毒等危害企业内网安全的各类问题。为了能够有效地规范企业员工的上网行为,企业中亟需一种能够规范上网行为的系统。本文面向企业需求,深入研究了违规上网行为监控和管理的方法和技术,并在此基础上,结合了实际系统的应用需求,提出了一种基于NDIS (Network Driver Interface Specification)以及SVM (Support Vector Machine)的违规上网行为监控和管理系统的实现方案,同时对方案的可行性和可用性进行了相关实验和评估。论文主要工作成果如下： (1)在驱动层上实现了网络数据包的过滤。论文通过对现有的上网行为控制机制以及网络数据包过滤技术的研究,提出了在驱动层面上进行上网行为控制的方法。同时,本文基于NDIS Filter驱动程序进行网络数据包过滤程序的开发,实现了主机网络传输中网络数据包的分类别过滤,达到了控制上网行为的目的。 (2)实现了基于SVM的未知网页的识别。论文通过对网页文本分类技术的研究,将基于SVM的分类识别技术引入对未知网络访问的识别中,提出了利用SVM识别未知网络访问行为的方法。同时,本文实现了一个基于SVM支持向量机的未知页面识别程序,达到了识别未知上网行为,并分类别管控的目的。 (3)对系统功能进行了实验及相关测试。论文通过实验和测试,对系统的可行性和可用性进行了有效的评估,并总结了研究成果,进一步提出了下一步的研究及系统改进方向。
[Abstract]:In recent years, with the rapid development of computer and network technology, the Internet plays an increasingly important role in our work, study and life. An enterprise provides its employees with networks in the hope that they can make effective use of the network and accomplish their own work more efficiently and efficiently. However, in the enterprise, the illegal behavior of the employee is common, which not only violates the original intention of the enterprise to set up the computer network, but also restricts the bandwidth of the key business seriously. At the same time, the illegal behavior of employees on the Internet may bring all kinds of problems, such as computer virus, endangering the security of enterprise intranet. In order to standardize the behavior of employees, a system is needed to standardize the behavior. In this paper, the methods and techniques of monitoring and management of illegal online behavior are deeply studied in order to meet the needs of enterprises, and on the basis of this, the application requirements of the actual system are combined. In this paper, a scheme of monitoring and management of illegal Internet access based on NDIS Network Driver Interface Specification) and SVM support Vector Machine is proposed, and the feasibility and availability of the scheme are evaluated and tested. The main achievements of the thesis are as follows: The filter of network data packet is realized on the driver layer. Based on the research of the existing behavior control mechanism and the network packet filtering technology, this paper puts forward a method to control the Internet behavior at the driving level. At the same time, this paper develops the network packet filter program based on the NDIS Filter driver, realizes the classification filtering of the network data packet in the host network transmission, and achieves the purpose of controlling the behavior of the network. The recognition of unknown web pages based on SVM is realized. Based on the research of web page text classification technology, this paper introduces the classification and recognition technology based on SVM into the recognition of unknown network access, and proposes a method to identify unknown network access behavior using SVM. At the same time, an unknown page recognition program based on SVM support vector machine is implemented in this paper. The function of the system is tested and tested. In this paper, the feasibility and usability of the system are evaluated through experiments and tests, and the research results are summarized, and the further research and the direction of system improvement are put forward.
【学位授予单位】：北京交通大学
【学位级别】：硕士
【学位授予年份】：2014
【分类号】：TP393.092;TP393.08

【共引文献】