下一代网络防火墙的互联应用协议分析

发布时间：2018-03-10 03:09

本文选题：防火墙　切入点：网络协议分析　出处：《北京交通大学》2014年硕士论文　论文类型：学位论文

【摘要】：随着互联网的飞速发展,互联网应用的网络特性变得越来越复杂多变,同时越来越多的网络威胁来自于应用层。传统防火墙基于P和端口号的五元组流量识别方法已经难以应对,由此产生了基于应用层网络流量识别的下一代网络防火墙。目前国内的下一代网络防火墙都没有特别完善的网络应用特征库,在支持应用的规模和应用识别的精细度上都不够理想。同时国外较先进的部分下一代网络防火墙对国内主流网络应用的支持度也较低。基于这种原因,本项目着手进行了下一代网络防火墙的应用层网络协议分析、分类和特征库的构建,特征库主要支持绝大部分国内主流网络应用功能。作者负责了特征库中6个一级分类的全部网络应用的应用协议分析和应用特征提取工作,参与了移动端应用特征自动提取系统的开发,负责其中Android应用信息爬取、apk包下载和apk内容解析等部分的设计和代码实现工作。其他辅助性的工作包括PC端主流互联网应用和分类调研,网络游戏、代理软件、股票期货软件和办公会议软件等类型应用的使用和网络流量生成方法调研。项目最终构建的应用协议特征库,在内部测试环境下各项指标均超过预期,在多个Beta用户环境下的网络流量测试也均成功通过,大幅度提升了应用支持规模的同时,进一步提高了网络应用的识别率和识别精细度。本特征库在随实际产品上线后,表现的应用识别能力优秀而稳定,获得了产品用户的一致好评。
[Abstract]:With the rapid development of the Internet, the network characteristics of Internet applications become more and more complex and changeable. At the same time, more and more network threats come from the application layer. As a result, the next generation network firewall based on application layer network traffic identification has emerged. At present, none of the next generation network firewalls in China has a particularly perfect network application signature library. The scale of supporting applications and the fineness of application identification are not ideal. At the same time, some of the more advanced next generation network firewalls in foreign countries also have lower support for mainstream network applications in China. This project begins to analyze, classify and construct the application layer network protocol of the next generation network firewall. The feature library mainly supports the majority of mainstream network application functions in China. The author is in charge of the application protocol analysis and application feature extraction of all the network applications of six first-level classification in the signature database, and participates in the development of the automatic feature extraction system for mobile applications. Responsible for the design and code implementation of Android application information crawling, APK package downloading and apk content parsing. Other supporting work includes mainstream Internet applications and classification research on the PC side, online games, agent software, etc. Research on the use of stock futures software and office conference software and network traffic generation methods. Finally, the application protocol signature library constructed by the project has exceeded the expectations under the internal test environment, and the network traffic testing under multiple Beta user environments has also been successfully passed, which has greatly enhanced the application support scale at the same time. The recognition rate and fineness of the network application are further improved. After the actual product goes online, the performance of the application recognition ability is excellent and stable, and it has been well received by the product users.
【学位授予单位】：北京交通大学
【学位级别】：硕士
【学位授予年份】：2014
【分类号】：TP393.08

【参考文献】