Design And Implementation Based The Netfilter Framework For Flow Recognition System

With the widespread popularity of the Internet, the network application services become more and more colorful, network application development and user’s conmand growth, prompting today’s fast-growing Internet traffic but also to become more complicated. Urgency not only in network monitoring bandwidth utilization, more and more malicious programs such as viruses Trojans worms, spam, phishing, phishing sites, network crime phenomenon caused a great deal of pressure, but also to social stability. The face of these increasingly serious problem affecting the user experience, how to quickly and efficiently monitor the network traffic as little as possible to become critical.DPI protocol identification technology and DFI technology identification technology is widely used as two of the most effective methods. DPI technology has a high level of disaggregation, to identify the effect of a good advantage, but the disadvantage is that the recognition accuracy is unstable, unreliable and can not identify the application layer encryption protocol; the DFI technology to identify with high accuracy, the identification process is simple and easy to achieve, but the disadvantage is the level of disaggregation is insufficient to meet user’s needs.In this paper, after study the advantages and disadvantages of both recognition technology,we proposed a parallel approach to combine the advantages of both analysis and based on the shortcomings of traditional DPI firewall, get a lot of improvement in the traditional firewall, and combined advantage of DFI detection module for system design.Then, in this paper, the Linux system Netfilter framework of the implements new identification monitoring system, defines the grammatical structure of the features of the library, and design a new system architecture, the introduction of a quintuple flow table, the contrast mechanism the type proposed mechanism and concurrent formula recognition mode.Finally, we use the system that we design, take a large number of existing network tests performances and the system’s structures, the completion of the identification function and blocking the realization of the function, and finally concluded that the system designed to meet the requirements before design was begin, it have a significant improvement of the traditional DPI firewall.