- 學位論文
透通架構應用層過濾器的設計與實作
The Design and Implementation of Transparent Application-Layer Filtering Framework
若您是本文的作者,可授權文章由華藝線上圖書館中協助推廣。
摘要
防火牆是做為網路安全的守護者。目前防火牆的種類可分為兩種,分別是封包過濾型以及代理伺服器型。因為封包過濾型有著效能佳、建置容易,因此目前網際網路上實際運行的防火牆大多是屬於此類。可是隨著駭客手法的更新,有許多的網路攻擊方式是傳統封包過濾型防火牆所不能夠阻擋,如Worm、Virus等等,也因為如此,代理伺服器型防火牆已經慢慢的受到重視。但是代理伺服器有著效能不佳,及建置困難的兩大缺點,使得在推廣上不易。效能不佳可以利用更強大的硬體處理能力來改善,而建置困難卻是網際網路上許多網路協定先天本質所產生。此論文提出了新的開發平台,可以不受應用協定的影響(Application-Independent),無論在實體部署上或是以兩端的應用程式來看,都是具備真實透通的架構,這樣一來可以大幅降低代理伺服器的建置困難缺點。
並列摘要
For a long time, firewall has been an important role in network security, protecting many of us against the attacks of malicious users. Firewalls in nature can be classified into two types: Packet-filtering and Proxy Server. Packet-filtering firewalls have gained enormous popularity because of its high performance and easy deployment features. However new generation of network attacks (worms, viruses etc) have penetrated the protection of the traditional packet-filtering firewalls. Application-Layer firewalls (originally called proxy servers) are given increasing attention recently. The two weakness, inefficient performance and complicated deployment procedures, have hindered the spread of application-layer firewalls. Powerful hardware can be adopted, like ASIC, to greatly improve the performance while complicated deployment roots in the congenital inability of many network protocols. To solve the deployment difficulty, this project has proposed a new protocol-dependent framework, which 'True Transparent' is the main nucleus.
參考文獻
[2] V. Dimopoulos, G. Papadopoulos, and D. Pnevmatikatos. On the importance of header classification in hw/sw network intrusion detection systems. In Proceedings of the 10th Panhellenic Conference on Informatics (PCI), November 11-13, 2005.
[3] J. Moscola, J. Lockwood, R. P. Loui, and M. Pachos. Implementation of a Content-Scanning Module for an Internet Firewall. In IEEE Symposium on Field-Programmable Custom Computing Machines, April 2003.
[6] Sebastian Wolfgarten, Investigating large-scale Internet content filtering
[7] P. Akritidis, K. Anagnostakis, E. P. Markatos. Efficient Content-Based Detection of Zero-DayWorms
[10] Zhen Chen, Chuang Lin, senior member, IEEE, Jia Ni, Dong-Hua Ruan, Bo Zheng, Yi-Xin Jiang, Xue-Hai Peng, Yang Wang, An-an Luo, Bing Zhu, Yao Yue, Feng-Yuan Ren. AntiWorm NPU-based Parallel Bloom Filters for TCP/IP Content Processing in Giga-Ethernet LAN
延伸閱讀
- 林敬達(2007)。協同過濾演算法之實作與應用〔碩士論文,淡江大學〕。華藝線上圖書館。https://www.airitilibrary.com/Article/Detail?DocID=U0002-3007200714125400
- 吳政霖(2014)。應用實驗設計法於透氣防水膜製程參數最佳化之研究〔碩士論文,國立虎尾科技大學〕。華藝線上圖書館。https://doi.org/10.6827/NFU.2014.00089
- 涂志偉(2007)。薄膜透析加超過濾操作系統二維質傳之研究〔博士論文,淡江大學〕。華藝線上圖書館。https://doi.org/10.6846/TKU.2007.00987
- Chou, C. F. (2004). 多級多層帶通濾波器之設計 [master's thesis, National Taiwan University]. Airiti Library. https://doi.org/10.6342/NTU.2004.10112
- Chae, H. S., Cui, J. F., Park, J. W., Park, J. G., & Lee, W. J. (2009). An Object-Oriented Framework Approach to Flexible Availability Management for Developing Distributed Applications. Journal of Information Science and Engineering, 25(4), 1021-1039. https://doi.org/10.6688/JISE.2009.25.4.4