防火墙入侵阻止功能的设计与实现

针对防火墙内嵌入侵阻止功能模块的研究,提出了2种不同的设计方案,方案1利用基于libipq库的netfilter的排队(QUEUE)动作以及snort_inline技术实现对攻击数据包的丢弃,方案2则是综合利用syncookies技术、netfilter的新模糊包速率匹配、PSD检测、U32检测技术并结合对防火墙内核改造来实现对主流拒绝服务攻击(DOS)攻击包的阻止;在综合比较的基础上,依据方案2完成了实验模块的设计与实现;攻击测试结果表明,该模块具备了较好地防御主流DOS攻击的能力。     

基于Linux下防止IP欺骗的SYN攻击防火墙的设计与实现

设计是以redhat5.O为实验平台构建一个防御IP欺骗SYN攻击的包过滤防火墙.是以RED算法为基础,结合TCP数据包重传机制,检验SYN数据包的IP地址真实性.对TCP请求数据包利用RED算法判断TCP请求的平均队列长度和包丢弃概率.平均队列长度超过系统负载最大值时,直接按照随机分配的丢弃概率判断是否丢弃数据包.平均队列长度在系统负载之内时,如果当前的丢弃概率大于给定的阈值,则查找哈希表是否有相同的数据节点,找到则接受该数据包,没找到则保存数据包信息到哈希表,同时丢弃该包.经过分析研究和实验的验证,该防火墙具有较好的吞吐量,同时正常数据包的通过率较高.     

嵌入内核式状态检测防火墙的研究与实现

利用过滤器挂钩驱动程序（Ipthdrv）机制,在Windows·2000／XP内核嵌入用户自定义状态检测模块来过滤数据包．使用TCP包SYN／ACK标志位和UDP包虚连接建立方式维护状态监测表,实现了状态检测．根据状态表存量实时对时间溢出值进行动态调控,控制状态表内表项的存量,避免遭受拒绝服务（DoS）攻击,提高了防火墙抗攻击性能。     

利用VC++编程实现防火墙数据包过滤

随着计算机网络深入社会、经济、国防、科技与文教等各个领域 ,计算机系统的安全问题正变得日益复杂和突出 .资源共享和网络分部更增加了网络收到威胁和攻击的可能性 ,于是基于包过滤加状态检测的防火墙系统成为保护网络安全的工具 .文中介绍一种集数据包过滤、日志、代理服务于一体的复合型防火墙系统 ,着重论述利用 VC 编程技术实现数据包过滤的软件方法 .     

状态防火墙受攻击导致状态表溢出故障的解决

网络防火墙的状态检测就是针对连接请求的数据包,检查连接实体其是否符合TCP/IP 协议的状态转换规则,相符则接收数据.DoS/DDoS攻击通过在短时间内发送大量短小的数据包给防火墙,造成状态表被填满而拒绝接收新的连接,导致产生拒绝服务攻击.传统的解决方案往往增加防火墙的负担.针对网络上常见的流量型DoS/DDoS攻击造成的状态防火墙状态表溢出故障提供一种应急解决方案.     

基于流量分析与双阈值包过滤策略的DDoS防范机制的研究

DoS攻击目的是使计算机或网络无法提供正常的服务,危害性极大.虽然目前提出的DoS解决方案很多,但各有优缺点.针对以往防火墙面对DDoS(分布式拒绝服务)攻击时的漏判或误判行为,文中提出了一种基于流量分析和双阈值策略的防范机制,采用可通信表记录可信任站点,使用双阈值并添加入侵检测提高系统性能,该方案利用Netfilter框架,在NF_IP_PRE_POUTING处注册了自己的防火墙模块,实现了对DoS攻击的入侵检测以及当攻击产生时过滤异常包等功能.通过实验环境测试了系统,验证了相关结论.     

基于StackSF的DDoS攻击和IP欺骗新型防御机制

针对互联网上的主机正面临着IP欺骗和大规模分布式拒绝服务(DDoS)攻击威胁,提出一种新的防御机制——StackSF.该机制不同于以往的方法,它是通过数据包标记和临界过滤器分析每个数据包的信息内容,过滤掉攻击数据包并检测出遭受欺骗的源IP地址.同时,还可以防御各种方式的IP欺骗的攻击.     

一种基于Mobile Agent的分布式主动防火墙体系结构

针对分布式防火墙不能有效防止拒绝服务攻击问题.在分布式防火墙基础上提出了一种基于Mobile Agent的分布式主动防火墙体系结构,不被动的防止攻击,利用Mobile Agent将攻击拒绝在攻击者处,并对该体系结构进行测试,可以有效地避免了拒绝服务攻击.     

Linux中Netfilter／iptables的研究与应用

Netfilter/iptables是Linux 2．6内核中的通用性功能框架,能够对数据包进行处理。分析了基于Linux内核的Netfilter/iptables框架以及iptables表、链的关系与作用;应用Netfilter/iptables中的包过滤特性建立了内外网间的防火墙,通过手动配置iptables规则的方式对数据包进行有目标性的过滤,防止非法数据攻击,实现了阻隔Ping洪水攻击、拦截特定网段数据包、数据包入队等待后续处理等功能,达到了保证内网安全的效果。     

基于边界路由的伪IP包筛选法研究

DDOS（分布式拒绝服务）是一种常见且难以防御的网络攻击手段,本文通过对其原理和本质进行分析,总结出伪IP包筛选技术,该方法利用数据包转发规则进行判断,使攻击者攻击目标时的伪IP包被筛除,当边界路由器采用该技术时,能简便、有效的抵御DDOS攻击。     

Markedness and its Interpretation in Language Use

Language markedness is a common phenomenon in languages, and is reflected from hearing, vision and sense, i.e. the variation in the three aspects such as phonology, morphology and semantics. This paper focuses on the interpretation of markedness in language use following the three perspectives, i.e. pragmatic interpretation, psychological interpretation and cognitive interpretation, with an aim to define the function of markedness.     

Features of Women's language

Language is a means of verbal communication. People use language to communicate with each other. In the society, no two speakers are exactly alike in the way of speaking. Some differences are due to age, gender, statue and personality. Above all, gender is one of the obvious reasons. The writer of this paper tries to describe the features of women＇s language from these perspectives： pronunciation, intonation, diction, subjects, grammar and discourse. From the discussion of the features of women＇s language, more attention should be paid to language use in social context. What＇s more, the linguistic phenomena in a speaking community can be understood more thoroughly.     

低渗透非均质砂岩油藏启动压力梯度研究

理论推导与室内实验相结合,建立了低渗透非均质砂岩油藏启动压力梯度确定方法。首先借助油藏流场与电场相似的原理,推导了非均质砂岩油藏启动压力梯度计算公式。其次基于稳定流实验方法,建立了非均质砂岩油藏启动压力梯度测试方法。结果表明:低渗透非均质砂岩油藏的启动压力梯度确定遵循两个等效原则。平面非均质油藏的启动压力梯度等于各级渗透率段的启动压力梯度关于长度的加权平均;纵向非均质油藏的启动压力梯度等于各渗透率层的启动压力梯度关于渗透率与渗流面积乘积的加权平均。研究成果可用于有效指导低渗透非均质砂岩油藏的合理井距确定,促进该类油藏的高效开发。     

On Tragic Consciousness In The Works By Ernest Hemingway

As an American modern novelist who were famous in the literary world, Hemingway was not a person who always followed the trend but a sharp observer. At the same time, he was a tragedy maestro, he paid great attention on existence, fate and end-result. The dramatis personae's tragedy of his works was an extreme limit by all means tragedy on the meaning of fearless challenge that failed. The beauty of tragedy was not produced on the destruction of life, but now this kind of value was in the impact activity. They performed for the reader about the tragedy on challenging for the limit and the death.     

Achieving Unusual States of Matter Under High Pressure

正The periodicity of the elements and the non-reactivity of the inner-shell electrons are two related principles of chemistry,rooted in the atomic shell structure.Within compounds,Group I elements,for example,invariably assume the+1 oxidation state,and their chemical properties differ completely from those of the p-block elements.These general rules govern our understanding of chemical structures and reactions.Using first principles calcula-     

Exchange-Correlation and Electronic Excitation Energies from Pairing Matrix Fluctuations

We have developed an adiabatic connection to formulate the ground-state exchange-correlation energy in terms of pairing matrix linear fluctuations.This formulation of the exchange-correlation energy opens a new channel for density functional approximations based on the many-body perturbation theory.We illustrate the potential of such approaches with an approximation based on the particle-particle Random Phase Approximation(pp-RPA).This re-     

Density Functional Theory for the Response of Periodic Systems to Electric Fields Based on the Vector Potential Approach

正The electronic and nuclear(structural/vibrational)response of 1D-3D nanoscale systems to electric fields gives rise to a host of optical,mechanical,spectral,etc.properties that are of high theoretical and applied interest.Due to the computational difficulty of treating such large systems it is convenient to model them as infinite and periodic(at least,in first approximation).The fundamental theoretical/computational problem in doing so is that     

On the Thermodynamic Limit for Responses to Static Electromagnetic Fields

For molecular systems,the quantum-mechanical treatment of their responses to static electromagnetic fields usually employs a scalar-potential treatment of the electric field and a vector-potential treatment of the magnetic field.Although the potential for each field separately is associated with the choice of an(unphysical)origin,the precise choice of the origin for the electrostatic field has little consequences for the results.This is different for the     

Call for Papers

<正>"The Journal of Shanghai Normal University:Mathematics"is published by Shanghai Normal University as regular issues of The Journal of Shanghai Normal University each year from 2014 in English.The editors-in-chief of the issues are professors Yuhao Cong and Maoan Han.The Journal of Shanghai Normal University was started in 1958 with     

Journal of Donghua University ( English Edition) Contents of Volume 31

正~~