摘要
随着现今互联网流量的飞速增长,防火墙的防护重心由网络层开始向应用层转变,深度包检测技术面临着新的需要与发展。而其中的字符串匹配算法作为深度包检测技术的中心部分,面向模式集合的匹配优化过程直接影响了该深度包检测技术的性能优劣。深度包检测技术比传统的防火墙技术更有效,它不仅分析检测IP层和TCP/UDP层的数据包包头,而且深入到应用层的有效载荷所包含的内容中,检查它们的合法性,并以此决定是否对数据包进行过滤。本研究对普遍应用的多模式串BM匹配算法进行了改进,通过引入AVL树结构减少BMDFA中的冗余状态节点,在不影响算法速度的前提下优化原BM算法在面对大规模模式集合匹配过程中占用的大内存情况。经过检验,在模式集合规模,100000时,优化的BM模式匹配算法内存占用量约为传统BM算法的10%,以降低大模式集合下深度包检测技术带来的系统内存开销。
As the Internet traffic advances rapidly, Firewall protection center of gravity from the network layer to the application layer changes, deep packet detection is facing new changes. And the string matching algorithm as the core of deep inspection packet technology, collection model oriented matching optimization results directly determines the performance of deep inspection packet technology. Deep packet inspection is more efficient than traditional firewall techniques. It not only analyzes the packet headers that detect IP and TCP/UDP layers,but also penetrates the contents of the payload of the application layer, examines their validity, This decision whether to filter the data packet. This study on the applications of multimodal string of BM matching algorithm is improved, with the introduction of AVL tree structure to eliminate the redundant state BMDFA node,in does not affect the algorithm speed optimization under the premise of the original algorithm in the face of large-scale pattern matching takes up too much memory problems in the process of collection. By the test, the optimized BM pattern matching algorithm is about 10% of the traditional BM algorithm when the mode collection size reaches 100000.
出处
《自动化与仪器仪表》
2018年第3期46-50,共5页
Automation & Instrumentation
基金
河西学院青年教师科研基金资助项目(QN2014-25)
