作者投稿和查稿 主编审稿 专家审稿 编委审稿 远程编辑

计算机工程 ›› 2012, Vol. 38 ›› Issue (2): 135-137. doi: 10.3969/j.issn.1000-3428.2012.02.043

• 安全技术 • 上一篇    下一篇

防火墙过滤规则动态生成方案设计

赵跃华,周万胜   

  1. (江苏大学计算机科学与通信工程学院,江苏 镇江 212013)
  • 收稿日期:2011-05-20 出版日期:2012-01-20 发布日期:2012-01-20
  • 作者简介:赵跃华(1958-),男,教授、博士,主研方向:网络与信息安全,嵌入式系统;周万胜,硕士研究生
  • 基金资助:

    上海市信息安全综合管理技术研究重点实验室开放课题基金资助项目“基于Windows的智能化数据筛选防火墙”

Design of Dynamic Generation Scheme for Firewall Filtering Rule

ZHAO Yue-hua, ZHOU Wan-sheng   

  1. (Institute of Computer Science and Communication Engineering, Jiangsu University, Zhenjiang 212013, China)
  • Received:2011-05-20 Online:2012-01-20 Published:2012-01-20

摘要: 基于主机的包过滤防火墙只能提供单一层面的、静态的网络安全防护。为此,设计一个可动态生成防火墙过滤规则的方案。利用专家知识检测网络层数据包的攻击行为和运行中应用程序的攻击行为,通过专家系统推理,实现防火墙过滤规则的动态生成。基于 Windows系统的实验结果证明,该防火墙系统能检测出多种攻击行为,并及时生成防火墙的过滤规则。

关键词: 防火墙, CLIPS推理机, 过滤规则, 规则动态生成, 专家系统

Abstract: In order to overcome the shortcomings that packets filtering firewall on host only provides single-level and static network security protection, a firewall filtering rules dynamical generation scheme is designed. Attacks behavior information from network layer packets and application processes are detected by using expert knowledge and corresponding filtering rules are generated by using expert system reasoning. Experimental results based on Windows system demonstrate that the scheme can detect various attacks, and generates corresponding rules in time.

Key words: firewall, CLIPS reasoner, filtering rule, rule dynamic generation, expert system

中图分类号: