摘要: 基于主机的包过滤防火墙只能提供单一层面的、静态的网络安全防护。为此,设计一个可动态生成防火墙过滤规则的方案。利用专家知识检测网络层数据包的攻击行为和运行中应用程序的攻击行为,通过专家系统推理,实现防火墙过滤规则的动态生成。基于 Windows系统的实验结果证明,该防火墙系统能检测出多种攻击行为,并及时生成防火墙的过滤规则。
关键词:
防火墙,
CLIPS推理机,
过滤规则,
规则动态生成,
专家系统
Abstract: In order to overcome the shortcomings that packets filtering firewall on host only provides single-level and static network security protection, a firewall filtering rules dynamical generation scheme is designed. Attacks behavior information from network layer packets and application processes are detected by using expert knowledge and corresponding filtering rules are generated by using expert system reasoning. Experimental results based on Windows system demonstrate that the scheme can detect various attacks, and generates corresponding rules in time.
Key words:
firewall,
CLIPS reasoner,
filtering rule,
rule dynamic generation,
expert system
中图分类号:
赵跃华, 周万胜. 防火墙过滤规则动态生成方案设计[J]. 计算机工程, 2012, 38(2): 135-137.
DIAO Ti-Hua, ZHOU Mo-Qing. Design of Dynamic Generation Scheme for Firewall Filtering Rule[J]. Computer Engineering, 2012, 38(2): 135-137.