為了應對這些威脅,本論文提出了一種基於容器化和DPDK技術的應用程式防火牆。容器化技術實現了快速部署和輕量化運行,而DPDK技術則提高了封包處理效率。結合這些特點,為本應用程式防火牆系統增加了強大的防禦能力,在與原生Linux相比提高了百分之五效能的情況下,還能有效保護網路應用服務免受應用層攻擊的威脅。;In recent years, with the rapid development of the Internet, the range of various online services has been continuously expanding, making people′s lives and work inseparably connected to the network. However, this convenience also brings severe security challenges. Particularly, the threats of application layer attacks and Distributed Denial of Service (DDoS) attacks are becoming increasingly prominent, posing significant risks to the data security and privacy of enterprises and users. Application layer attacks target network application layer protocols, often exploiting vulnerabilities in applications. Attackers may use these vulnerabilities to steal sensitive information, disrupt system operations, or even control systems for malicious purposes. DDoS attacks aim to paralyze normally functioning services, denying legitimate users access to them, resulting in substantial losses. To solve these problems, this paper proposes an application firewall based on containerization and DPDK technology. Containerization technology enables rapid deployment and lightweight operation, while DPDK technology enhances packet processing efficiency. Combining these features, the proposed application firewall system significantly strengthens defensive capabilities, achieving a 5% performance improvement compared to native Linux, and effectively protects network application services from application layer attack threats.
