共查询到20条相似文献,搜索用时 15 毫秒
1.
本文通过校园网的管理实践,针对校园网管理中出现的问题,阐述了校园网管理方面的一些看法、思考,并以我校校园网的管理为实例,提出了几点相应的解决问题的思路和方法,最后还介绍了网络教室中学生如何学习和教师如何教学以及病毒防治方面的一些内容。 相似文献
2.
本文从结构,原理,分类等方面对千兆路由器第三层交换机两种最新的主干网络技术进行了分析和比较,着重阐述了两种解决方案中提高数据包转发或交换速度的关键技术。 相似文献
3.
鲁宏伟 《计算机工程与应用》2001,(2)
UDP是互联网上多媒体数据传输采用的主要传输协议。其主要特点是网络开销低但传输不可靠,易产生包丢失或失序。为了对失序数据包进行重排序,应用程序需要预留一个适当的缓冲区以存储期望包到达之前的数据包。该文分析了数据包丢失或失序情况下,缓冲区大小对系统性能的影响,给出了缓冲区大小的一个估计值,并对失序或数据包丢失情况下数据处理的策略进行了讨论。 相似文献
4.
基于Winsock技术的数据包解析研究 总被引:5,自引:1,他引:4
数据包解析技术是数据包过滤的基础。对数据包进行解析,是基于数据包过滤的防火墙要解决的核心问题,构造数据包的协议有很多种,要根据构造数据包的协议对该包进行处理,要正确理解在网络中传榆的单元,进而才能很好地控制网络单元的传输,实现数据包的过滤。Winsock的服务提供者编程接口的编程技术,打破了底层网络服务提供者的透明性,提供了修改系统SPI接口服务的可能性,利用这项技术能比较容易地完成数据包过滤功能,具体地说就是能增加一些自定义的功能函数,来实现数据包通信的控制,比如截获、转发、丢弃数据包等功能,也就是所说的防火墙实现的功能。当然也可以在这个基础上延伸下去,从而可以完成诸如传输质量控制、扩展TCP/IP协议栈、URL过滤及网络安全控制等功能。 相似文献
5.
1.引言随着网络技术的迅速发展和网络应用的急剧膨胀,网络安全日益成为人们关注的问题。防火墙是置于内部可信网络和外部不可信网络之间、作为一个阻塞点来监视和抛弃应用层的流量以及传输层和网络层的数据包的系统或系统组,用以达到对网络连接的安全性管理。在本文中,我们将讨论一种基于Windows 2000新结构的防火墙设计,首先我们将介绍一般的防火墙结构和原理,针对这种结构的不足,引出我们设计的结构,并给出具体的设计实现原型和性能分析,最后给出结论。 相似文献
6.
Network intrusion detection systems (NIDSs), especially signature-based NIDSs, are being widely deployed in a distributed network environment with the purpose of defending against a variety of network attacks. However, signature matching is a key limiting factor to limit and lower the performance of a signature-based NIDS in a large-scale network environment, in which the cost is at least linear to the size of an input string. The overhead network packets can greatly reduce the effectiveness of such detection systems and heavily consume computer resources. To mitigate this issue, a more efficient signature matching algorithm is desirable. In this paper, we therefore develop an adaptive character frequency-based exclusive signature matching scheme (named ACF-EX) that can improve the process of signature matching for a signature-based NIDS. In the experiment, we implemented the ACF-EX scheme in a distributed network environment, evaluated it by comparing with the performance of Snort. In addition, we further apply this scheme to constructing a packet filter that can filter out network packets by conducting exclusive signature matching for a signature-based NIDS, which can avoid implementation issues and improve the flexibility of the scheme. The experimental results demonstrate that, in the distributed network environment, the proposed ACF-EX scheme can positively reduce the time consumption of signature matching and that our scheme is promising in constructing a packet filter to reduce the burden of a signature-based NIDS. 相似文献
7.
单机版防火墙系统中数据包过滤技术的研究 总被引:3,自引:0,他引:3
随着Internet在人们日常生活中的普及,越来越多的单机上网用户开始关心系统的安全问题。文章以保护单台计算机为目的,介绍了一种应用单机版防火墙系统中的新型的数据包过滤技术,并给出其部分实现。 相似文献
8.
9.
10.
在Internet路由器中将数据包分类成流采用了散列算法的基本思想,并引入了流的局部性原理来加速散列查找的过程,用软件对该算法进行了仿真测试,并在最后从时间复杂度和空间复杂度两个方面对其进行了性能分析。实验结果表明,该算法能够快速地实现分流。 相似文献
11.
In this paper, we implement some notable hierarchical or decision-tree-based packet classification algorithms such as extended grid of tries (EGT), hierarchical intelligent cuttings (HiCuts), HyperCuts, and hierarchical binary search (HBS) on an IXP2400 network processor. By using all six of the available processing microengines (MEs), we find that none of these existing packet classification algorithms achieve the line speed of OC-48 provided by IXP2400. To improve the search speed of these packet classification algorithms, we propose the use of software cache designs to take advantage of the temporal locality of the packets because IXP network processors have no built-in caches for fast path processing in MEs. Furthermore, we propose hint-based cache designs to reduce the search duration of the packet classification data structure when cache misses occur. Both the header and prefix caches are studied. Although the proposed cache schemes are designed for all the dimension-by-dimension packet classification schemes, they are, nonetheless, the most suitable for HBS. Our performance simulations show that the HBS enhanced with the proposed cache schemes performs the best in terms of classification speed and number of memory accesses when the memory requirement is in the same range as those of HiCuts and HyperCuts. Based on the experiments with all the high and low locality packet traces, five MEs are sufficient for the proposed rule cache with hints to achieve the line speed of OC-48 provided by IXP2400. 相似文献
12.
13.
文中给出了一和中基于应用网关的防火墙安全系统的设计与实现的方法。重点介绍了系统安全策略以及所采用的分组滤波,基于IP层的 密这两种主要技术。 相似文献
14.
15.
Windows单机版防火墙包过滤多种方案比较与实现 总被引:3,自引:0,他引:3
本文介绍了Windows下单机防火墙的核心技术包拦截过滤的多种方案,分别阐述了每种方案的实现方法,比较几种方案的优缺点,得出各自的适用范围以及局限性,最后实现了基于NDIS中间驱动程序和Winsock 2 SPI技术的包过滤。 相似文献
16.
Hash函数实现数据包分流算法研究 总被引:3,自引:0,他引:3
随着Internet规模的不断扩大与应用技术的不断进步,越来越多的业务需要对数据包进行实时、快速的分类,对数据包分类的研究具有重要的现实意义。Hash算法采用了散列算法的基本思想,并引入了流的局部性原理加速散列查找的过程。由于时间精确度较高和面向对象的特点,选用了C^++语言编程对该算法进行了仿真测试,最后对Hash算法分析表明,Hash算法具有良好的时间复杂度和空间复杂度,可以实现快速的分流。 相似文献
17.
Chun-Nan LuAuthor Vitae Chun-Ying HuangAuthor VitaeYing-Dar LinAuthor Vitae Yuan-Cheng LaiAuthor Vitae 《Computer Networks》2012,56(1):260-272
Classifying traffic into specific network applications is essential for application-aware network management and it becomes more challenging because modern applications complicate their network behaviors. While port number-based classifiers work only for some well-known applications and signature-based classifiers are not applicable to encrypted packet payloads, researchers tend to classify network traffic based on behaviors observed in network applications. In this paper, a session level flow classification (SLFC) approach is proposed to classify network flows as a session, which comprises of flows in the same conversation. SLFC first classifies flows into the corresponding applications by packet size distribution (PSD) and then groups flows as sessions by port locality. With PSD, each flow is transformed into a set of points in a two-dimension space and the distances between each flow and the representatives of pre-selected applications are computed. The flow is recognized as the application having a minimum distance. Meanwhile, port locality is used to group flows as sessions because an application often uses consecutive port numbers within a session. If flows of a session are classified into different applications, an arbitration algorithm is invoked to make the correction. The evaluation shows that SLFC achieves high accuracy rates on both flow and session classifications, say 99.9% and 99.98%, respectively. When SLFC is applied to online classification, it is able to make decisions quickly by checking at most 300 packets for long-lasting flows. Based on our test data, an average of 72% of packets in long-lasting flows can be skipped without reducing the classification accuracy rates. 相似文献
18.
《Ergonomics》2012,55(7):1269-1274
The Most Comfortable Listening Level (MCLL) was determined for a running speech signal in a sample of 799 subjects, ranging in age from 17 to 92 years of age. The MCLL increased monotonically with increasing chronological age, in a non-linear relationship. Before the age of 40 MCLL increased approximately one-third of a dB per annum, while after the age of 65 MCLL increased by more than one half dB per year. Over the 75 year age range MCLL rose by 34 dB. Confirming earlier reports, MCLL was also found to be related to hearing sensitivity. Some implications for the design of sound systems are suggested. 相似文献
19.
提出了一种采用二叉判定图来表示规则集的新的算法。通过仿真实验证明:对于较大规模的规则集,基于BDD的包过滤规则设计方法简沽可行,且在存储空间和查询性能上要优于传统的线性顺序方法。 相似文献
20.
随着因特网的高速发展,因特网主干需要具备多业务能力的G位、甚至T位路由器。这就使得数据包输入处理成为主干路由器的瓶颈。本文分析了这一问题传统的纯软件算法解决方案,指出了其存在的历史局限性:传统的算法只适用于具有大内存和比较强的处理能力的计算机;进而本文提出了应着眼于设计新的硬件体系结构来解决这一问题,最后本文总结提出了三种非软件的解决方法和思路:发展新的CAM和TCAM设计工艺、基于人工神经网络的解决方法、基于协处理器的解决方法。 相似文献