摘要： 针对Internet 上越来越复杂的网络攻击，防火墙已经由过去单纯的底层包过滤型防护墙向下一代的应用层防火墙转变，从而对下一代网络安全测试也提出了新的要求。在进行网络安全评估时，需要采用新的状态流，同时还必须综合考虑防火墙的具体设置。该文对下一代应用层防火墙的发展现状及趋势、测试技术及方法进行了探讨，为进一步探索新的应用层防火墙测试技术提供基础依据。

关键词: 应用层防火墙；性能测试；Internet 网络攻击

Abstract: Network security devices are becoming smarter, turning from basic packet-filtering to application-awareness, in order to mitigate newapplication attacks on the Internet. Traditional vendor performance specifications are inadequate now, forcing vendors and network designers toadopt new test methods for performance evaluation and benchmarking. This paper gives a review and research on the next firewall development andevaluation, and puts forward the future research direction.

Key words: Application-aware firewall; Performance evaluation; Internet attacks