Research And Design Of Intelligent Generation Of Filtered Rules

As the problem of network security increasing, personal firewall has become the primary protection of the host security. So far many domestic and foreign scholars have carried out research on intelligent personal firewall at different level. Information filtering technology which is the most mature technology of firewall determines the security feature in the design of firewall. In the field of intelligent filtered rules generating, researchers have achieved a personal firewall based on knowledge acquisition and inference engine of intelligence. This method achieved intelligent filtered rules generation by knowledge acquisition, and achieved intelligent rules matching and execution by inference engine during the operation of firewall.This paper studies the method of intelligent of filtered rules generation. It first studies natural language processing technology in depth, which is the key technology of changing users'natural language to filtered rules of semi-structured. Based on the analysis of existing natural language processing technology it makes the main research of automatic summarization and information extraction technology based on the field of network security. For the user input of filtered needs in form of natural language, this paper achieved filtered rule elements extraction and semi-structured rule generation.Under the precondition of acquiring semi-structured filtered rules, for generating efficient filtered rules, this thesis uses formal technology to describe and validate filtered rules. This part gives the description of filtered rules combining the application of formal technology in network security fields and analyses the possible existence of redundancy and conflict. It designs detection algorithm to improve existing filtered rules optimization method to make the rule sets satisfy requirements of compatibility and minimal set. And this paper simulates the running process of filtered rules to analyse safety of rule set dynamically.At last, this paper designs prototype system of intelligent filtered rules generation. It divides system module based on intelligent generation process, including natural language acquisition, natural language processing, structured language generation module and so on, and also designs filtered rules data structure, storage method etc.. By running prototype system, inputing users' filtering needs, checking filtered rules generation processes, it verificates whether the system can realize intelligent generating filtered rules. Tests show that the prototype system can correctly, intelligently generate filtered rules, and conforming to the filtering requirements of individual user, as well as the general requirements of network security. And the system can automatically optimize filtered rule sets. Research on filtered rules intelligence offers some reference value for firewall system design, which has a wide application prospects.