CN106131050A - The quick processing system of packet - Google Patents

The quick processing system of packet Download PDF

Info

Publication number
CN106131050A
CN106131050A CN201610673785.8A CN201610673785A CN106131050A CN 106131050 A CN106131050 A CN 106131050A CN 201610673785 A CN201610673785 A CN 201610673785A CN 106131050 A CN106131050 A CN 106131050A
Authority
CN
China
Prior art keywords
packet
signature
module
fifo memory
memory buffer
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201610673785.8A
Other languages
Chinese (zh)
Other versions
CN106131050B (en
Inventor
裴志永
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Pei Zhiyong
Original Assignee
Network Technology (suzhou) Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Network Technology (suzhou) Co Ltd filed Critical Network Technology (suzhou) Co Ltd
Priority to CN201610673785.8A priority Critical patent/CN106131050B/en
Publication of CN106131050A publication Critical patent/CN106131050A/en
Application granted granted Critical
Publication of CN106131050B publication Critical patent/CN106131050B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic
    • H04L63/1458Denial of Service
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

A kind of quick processing system of packet, including two fifo memory buffers, entrance FIFO and outlet fifo memory buffer, safety detecting system is connected with entrance FIFO and outlet fifo memory buffer respectively;The packet being received externally is respectively stored in entrance FIFO and outlet fifo memory buffer;Packet at entrance fifo memory buffer resolves through safety detecting system and is compiled into row packet signature matching detection and makes signature detection decision-making;This signature detection decision-making is applied to exporting in the packet in fifo memory buffer determining that this packet should be read or be deleted.By the present invention can quick read data packet, and it is detected, prevents from receiving the packet paralysis system of malicious attack.

Description

The quick processing system of packet
Technical field
The present invention relates to the quick processing system of packet with quick signatures match scheme, it is applicable to server and protects Protecting, the technology particularly improved can detect in network safety system and prevent malicious attack, such as intruding detection system (IDS), intrusion prevention system (IPS), or anti-mass service system with rejection (DOS).
Background technology
A lot of companies and individual utilize their computer to be connected to the Internet, with shared information.In addition, these networks User it is generally desirable to share some information by the Internet between the computer outside their computer and their network range, The most multiduty website.Information sharing is that the communication session by arranging between server computer and client computer comes Realize.These physics and logic connection establishment between computer play a global computer network, such as, interconnection Net.
Unfortunately, malicious computer users can use the Internet connection to make network service interrupt, confidential data Or deletion data.One example of this attack is mass service system with rejection (being called for short DOS), and the assailant during this attacks attempts refusal Some offering customers service given by victim's computer.Dos attack can by various modes, including take server internal memory and Network connection realizes.The service of server computer can also be destroyed by network attack, and this all can pass through IDS or IPS system Detect.
Connect to set up network, must have exchange process between client computer and server.Such as, client Computer sends service request to server.In response to this request, server meeting storage allocation space and the time of process, will ring Computer should be sent back to, and wait that client computer is replied.Client computer can send asks service in a large number To server, but never reply server.Then, server waits a response that forever all can not receive, and the most also can waste Internal memory and the time of process.During waiting, server also accepts extra packet, in such server may be used up Deposit, process space or network connection.
Finally, request is too many to such an extent as to server cannot provide to validated user and connect, and the internet communication of server is also To substantially interrupt.This may result in Email, linking Internet, and/or Web server afunction.
These other examples attacked include flooding server with mass data bag, to consume all of cpu power, thus Refusal validated user accesses network, or by allowing server perform substantial amounts of program or script, thus it is empty to consume available internal memory Between.
In the type of numerous network attacks, because there being substantial amounts of packets need to be examined, therefore examine at packet When looking into, utilize the signature of packet load to realize attack and be difficult to detect.The invention is intended to solve by complexity, consumption CPU The signatures match process of resource and the detection that causes and the problem of prevention hydraulic performance decline.
Summary of the invention
The technical problem to be solved is to provide a kind of quick processing system of packet, uses dual-port storage Device, makes packet detection and packet reading point carry out respectively in two ports, it is achieved packet quickly processes, and prevents data Wrap under attack, make systemic breakdown.
For solving above-mentioned technical problem, the technical scheme that the present invention provides is a kind of quick processing system of packet, and it is special Levying and be to include two fifo memory buffers, one of them is entrance fifo memory buffer, and another is deposited for outlet FIFO Storage buffer;Safety detecting system is connected with described entrance fifo memory buffer and outlet fifo memory buffer respectively;From The packet being externally received is respectively stored in described entrance fifo memory buffer and outlet fifo memory buffer;Described Packet at entrance fifo memory buffer resolves through described safety detecting system and is compiled into the coupling inspection of row packet signature Survey and make signature detection decision-making;When signatures match result affirmative, it is stored in the packet in outlet fifo memory buffer Linked signature detection decision-making certainly, is stored in the packet in outlet fifo memory buffer together with signature detection decision-making one Rise and be read;When signatures match result negates, the packet being stored in outlet fifo memory buffer is linked negative Signature detection decision-making, be stored in outlet fifo memory buffer in packet then be deleted abandon.
Described safety detecting system includes packet parsing module, signatures match module and processing data packets decision module; Packet at described entrance fifo memory buffer is respectively sent to packet parsing module and signatures match module;By number Carry out resolving compiling according to Packet analyzing module, extract header information and layer 7 load is carried out byte location, and this header is believed Breath and load data send and carry out signatures match detection to signatures match module, and described detection detects with linear speed;Processing data packets Decision module generates signature detection decision-making according to the signatures match result received and header information, and is applied to export FIFO The packet that storage buffer preserves.
Described signatures match module uses dual-ported memory, based on the hexadecimal label being stored in dual-ported memory Name information, and resolve the original position of compiling back loading data, load data stream is carried out signatures match detection, and by affirmative Signatures match result and header information send to the generation signature detection decision-making of processing data packets decision module.
Described signatures match module includes quickly signing scan module, scan data memory module and accurate model coupling mould Block;Signature length and the signature scheme of load data are scanned by described quick signature scan module, and by positive loose The related load data of matching result are saved in scan data memory module, and accurate model matching module is swept according to quickly signature Retouch pattern match window and the related load data that are saved in scan data memory module and actual signature that module generates Information list carries out accurate signatures match;And accurate signatures match result and header information are sent to processing data packets decision Module.
Quick signature length scan module that described quick signature scan module degree of including signature length is scanned, to label The quick signature scheme matching module of name Mode scans and signature window selection module;Described signature window selection module is according to fast Speed signature length scan module and quickly signature scheme matching module scan the loose matching result generation mode matching window compared Mouthful, and the load data stream relevant to loose matching result certainly is saved in scan data memory module.
The signature length information of load data and signature scheme information are saved in described dual-ported memory, one of them Port is for contrasting with load data, and another port updates for real-time signature and is identified in capture load data needs inspection The signature surveyed.
When receiving packet at network safety system, this packet will be stored in two FIFO memory.At this In invention, entrance fifo memory buffer is used for sequentially providing complete data packet to detect.Outlet fifo memory buffer For forwarding packet and applying detection or preventative strategies can, after the signature of packet load is detected, preventative strategies can is divided It is fitted on each signature.When packet is read out from outlet fifo memory buffer, and each signature detection strategy will be answered Use in packet.Once in outlet fifo memory buffer, the whole signatures match process of certain packet of storage completes also Obtaining the signatures match result of affirmative, this packet being stored in outlet fifo memory buffer is read at once;No when obtaining Fixed signatures match result, the packet being stored in outlet fifo memory buffer then can be deleted and abandon.Thus ensure whole Packet after individual system will not be maliciously tampered is attacked.In order to keep input data identical with the speed of outgoi8ng data, use Dual-ported memory performs quick signature scheme coupling.
The module of the present invention receives inlet flow rate and resolves frame, detects the signature of packet load with this, and application is attacked Hit detection/preventative strategies can.
In complete packet is received and stored in entrance fifo memory buffer, this packet can be by from entrance Fifo memory buffer reads out, and is sent to packet parsing module and signatures match module.Packet resolves mould Block will resolve packet, identifies the header information of every layer and the border of packet load and extracts the value of each header.Signature Matching module will compare the content of packet load with the signature stored, thus produces at further packet The signatures match result of reason.May there is the preliminary matches result of multiple affirmative, be then passed through preliminary signatures match knot certainly Fruit carries out accurate signatures match, obtains final signatures match result.
Signatures match module uses dual-ported memory, and a port carries out comparing, and another port is signed Update and capture load data is identified the signature needing detection.Pass through dual-ported memory, it is possible to achieve linear speed scans.
The quick scanning system of packet of the present invention, it is possible to achieve linear speed scans, and prevents packet from causing because of attack Systemic breakdown.
Accompanying drawing explanation
Fig. 1, for the flowage structure schematic block diagram of the quick processing system of packet.
Fig. 2, the flow process of signatures match modular structure shows that frame is intended to.
Fig. 3, is the schematic process flow diagram of quickly signature scan module structure.
Fig. 4, is the workflow schematic diagram of quick signature length scan module.
Fig. 5, is quick signature scheme matching module workflow schematic diagram.
Detailed description of the invention
In order to be better understood from the quick processing system of the packet of the present invention, now lift preferred embodiment combining illustrate into Row illustrates.The quick processing system of packet of the present invention, including two FIFO memory, one of them is deposited for entrance FIFO Storage buffer, another is outlet fifo memory buffer;Safety detecting system respectively with described entrance fifo memory buffer Connect with outlet fifo memory buffer;The packet being received externally is respectively stored in described entrance FIFO storage buffering In device and outlet fifo memory buffer;Packet at described entrance fifo memory buffer is through described safety detecting system Parsing is compiled into row packet signature matching detection;When signatures match result affirmative, it is stored in outlet fifo memory buffer In packet be linked a signature detection decision-making certainly, be stored in the packet in outlet fifo memory buffer together with label Name detection decision-making is read together;When signatures match result negates, it is stored in the packet in outlet fifo memory buffer The signature detection decision-making of a linked negative, is stored in the packet in outlet fifo memory buffer and is then deleted and abandons.Tool Body is described as follows.
In the present invention, referring to Fig. 1, inlet flow rate is layer 2 frame form, is generally associated with ethernet frame, then It is stored in two and first enters/first go out in (FIFO) storage buffer, deposit as entrance fifo memory buffer 100 and outlet FIFO Storage buffer 500.In complete frame is stored in entrance fifo memory buffer 100, processing system can be by its storage to entering The order of mouth fifo memory buffer 100 and outlet fifo memory buffer 500 reads inflow packet, and to packet solution Analysis module 200 and signatures match module 300 provide and flow into packet.
Packet parsing module 200 will extract header information, such as second layer header, and third layer packet header, the 4th layer of header Value, and start the byte location of the 7th layer of load.Third layer and the 4th layer of header information are used as particular detection report information, The signatures match that this information is possible to load is relevant.Due to header information be extracted, load data starts to be identified, signature Joining module 300 will want the signature list of detection to compare load information and system.Therefore, in signatures match module In 300, load data will be processed, compare with all storages signature in systems, detect with linear speed.
When performing signatures match process with linear speed, signatures match result will be sent to packet together with header information Process decision module 400.How the signatures match result that decision is detected by processing data packets decision module 400 will be answered Use packet.This Sign Policies will be linked to export fifo memory buffer 500, and such inspection policies can be answered It is used in the outlet data packet stream amount of outflow.The signatures match result received when processing data packets decision module 400 is affirmative, Then make the signature decision-making of affirmative and be linked to export fifo memory buffer 500, making to be stored in outlet FIFO storage slow The packet rushing device 500 is read smoothly;The signatures match result received such as processing data packets decision module 400 is negative, When i.e. packet is judged to be maliciously tampered or received malicious attack after testing, then makes the signature decision-making of negative and incite somebody to action It links to export fifo memory buffer 500, makes the packet being stored in outlet fifo memory buffer 500 be deleted and loses Abandon.Thus realize the prevention system factor data bag possibility by malicious attack.
Fig. 2 is the schematic process flow diagram of signatures match module 300.Signatures match module 300 includes scanning mould of quickly signing Block 310, scan data memory module 320, accurate model matching module 330.
The target capabilities of signatures match is linear speed scanning, and for realizing linear speed scanning, signatures match module uses dual-port to deposit Reservoir.Based on packet parsing module 200 by resolving the original position of data payload in the packet load that compiling provides, number It is provided to scan module 310 of quickly signing according to the data stream of bag load.Now in quickly signature scan module 310, load The all signatures being used for signatures match with storage in systems are compared by data stream, and signatures match therein is based on storage Hexadecimal signing messages in dual-ported memory.In system, these signatures of storage will be with the packet of each inflow In load data compare.
When positive scanning result is identified, and generation mode match window sends to accurate model matching module 330, simultaneously Generating signal, the load data that the loose matching result of the affirmative made is relevant will be stored in scan data memory module 320 Independent storage space in.Then, the load data of loose matching result will be stored in accurate model matching module 330 Signature actual list generate pattern match window in mate.When demonstrating the signatures match result of affirmative, should Signatures match result and header information are sent to processing data packets decision module 400.
Fig. 3 is the schematic process flow diagram of quickly signature scan pattern 310.Quickly the purpose of signature scan module 310 be from The load of incoming data bag positions signature that may be present.In order to keep the highest scan performance, by procuration length information Being stored in dual-ported memory with pattern, so make a port for contrasting with load data, another port is used for Real-time signature updates and is identified, in capture load, the signature needing detection.Each Autograph Session to be detected is compiled to both-end Mouth memorizer, the most just can be with a part for linear speed scan signature and the length of signature.
As it is shown on figure 3, such as " http_method ", " http_met " realizes part coupling, last three hexadecimals When information " hod " pattern short with signature length and puppet of value is all mated, signature " http_method " is (medium in hexadecimal number It is same as " 68/74/74/70/5f/6d/65/74/68/6f/64 ") signature match can be broadly defined as.These parts Join is to be mated 312 by quick signature length scan pattern 311 and quick signature scheme to complete.According to flowing into the same of load data stream The matching result of the affirmative of step, such as " http_method ", signature window selection module 313 produces the pattern of packet load Match window, produces signal simultaneously and makes scan data memory module 320 can store real data payload message part, in order to Coupling the most in detail is carried out at accurate model matching module 330.
Fig. 4 is the operating diagram of quick signature length scan module 311.The length information of particular signature can be stored On each word bit position of storage data.Such as, as shown in Figure 4, the length information (available 16 that " http_method " signs System " 68/74/74/70/5f/6d/65/74/68/6f/64 " represents) may be programmed into 8 bit address and 32 bit data In multiple memorizeies of width.If last three characters of a signature are used to refer to the length of related signature, detect The greatest length of signature be 32 characters, 3 can be used with 8 bit address and the memorizer of 32 bit data width.Such as, signature Last three characters of " http_method " are " hod " (available 16 systems are expressed as " 68/6f/64 ").The most as shown in Figure 4, On " x68 ", " x6f " and " x64 " address, the word bit " 10 " of three memorizeies may be programmed into " 1 ".At signature length quilt So after programming, when a series of data are used as the reading address of these memorizeies, it is programmed that 32 storage data meetings Read out from memorizer.When these 3 memorizeies are addressed to " x68 " simultaneously, " x6f " and " x64 ", and also these three is deposited The information of the word bit " 10 " of reservoir is all " 1 ", then, this shows to there may be the signature that last three character are " hod ". Each clock cycle can carry out digital independent, ensures to carry out signature length scanning with linear speed with this.
Fig. 5 is the workflow schematic diagram of quick signature scheme match pattern 312.With quick signature length scan module 311 identical modes, utilize be supported the internal memory that data are specified, quick signatures match module 312 can with from load data " http_met " loose coupling.So, when this quick signature length scan module 311 and quick signature scheme matching module 312 all in the same time, postpone with correct data time sequence, when producing possible signatures match result certainly, and the pattern of generation Match window will produce signal, stores part load data, for the most accurately signatures match.
In accordance with the above, the quick processing system of packet of the present invention, including two FIFO memory, one of them is Entrance fifo memory buffer, another is outlet fifo memory buffer;The packet that safety detecting system receives is respectively It is stored in described entrance fifo memory buffer and outlet fifo memory buffer;Data at entrance fifo memory buffer Wrap and be compiled into row packet signature coupling through parsing;When signatures match result affirmative, it is stored in outlet FIFO storage buffering Packet in device is linked signature detection decision-making, and the packet of outlet fifo memory buffer is together with signature detection decision-making It is read.So, can detect or prevent to have been subjected to the packet of malicious attack, prevent whole system from being paralysed.
The present invention is to use FPGA technology to apply to the signatures match realizing 10Gbps.Can ensure that Wire speed packet forwards While performance, positive treatment is signed.

Claims (6)

1. the quick processing system of packet, it is characterised in that include two fifo memory buffers, one of them is entrance Fifo memory buffer, another is outlet fifo memory buffer;Safety detecting system stores with described entrance FIFO respectively Buffer and outlet fifo memory buffer connect;The packet being received externally is respectively stored in described entrance FIFO and deposits In storage buffer and outlet fifo memory buffer;Packet at described entrance fifo memory buffer is through described safety inspection Examining system resolves and is compiled into row packet signature matching detection and makes signature detection decision-making;When signatures match result affirmative, The packet being stored in outlet fifo memory buffer is linked the signature detection decision-making of affirmative, is stored in outlet FIFO storage Packet in buffer is read together with signature detection decision-making;When signatures match result negates, it is stored in outlet Packet in fifo memory buffer is linked the signature detection decision-making of negative, is stored in outlet fifo memory buffer Packet is then deleted and abandons.
The quick processing system of packet the most according to claim 1, it is characterised in that described safety detecting system includes number According to Packet analyzing module, signatures match module and processing data packets decision module;Data at described entrance fifo memory buffer Bag is respectively sent to packet parsing module and signatures match module;Carry out resolving compiling by packet parsing module, extract Header information also carries out byte location, and send this header information and load data to signatures match module to layer 7 load Carrying out signatures match detection, described detection detects with linear speed;Processing data packets decision module is according to the signatures match result received And header information generates signature detection decision-making, and it is applied to export the packet that fifo memory buffer preserves.
The quick processing system of packet the most according to claim 2, it is characterised in that described signatures match module uses double Port store, based on the hexadecimal signing messages being stored in dual-ported memory, and resolves compiling back loading data Original position, carries out signatures match detection, and signatures match result certainly and header information is sent extremely load data stream Processing data packets decision module generates signature detection decision-making.
The quick processing system of packet the most according to claim 3, it is characterised in that described signatures match module includes soon Speed signature scan module, scan data memory module and accurate model matching module;Described quick signature scan module is to load Signature length and the signature scheme of data are scanned, and the related load data of positive loose matching result are saved in and sweep Retouching in data memory module, accurate model matching module is according to the pattern match window that quickly signature scan module generates and preservation Related load data in scan data memory module carry out accurate signatures match with actual signing messages list;And by essence True signatures match result and header information send to processing data packets decision module.
The quick processing system of packet the most according to claim 4, it is characterised in that described quick signature scan module bag The quick signature length scan module that degree of including signature length is scanned, the quick signature scheme coupling mould to signature scheme scanning Block and signature window selection module;Described signature window selection module is according to quick signature length scan module and mould of quickly signing Formula matching module scans the loose matching result generation mode match window compared, and by relevant to loose matching result certainly Load data stream be saved in scan data memory module.
The quick processing system of packet the most according to claim 5, it is characterised in that the signature length information of load data And signature scheme information is saved in described dual-ported memory, one of them port is used for contrasting with load data, another Port updates for real-time signature and is identified in capture load data needs the signature of detection.
CN201610673785.8A 2016-08-17 2016-08-17 Data packet fast processing system Active CN106131050B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201610673785.8A CN106131050B (en) 2016-08-17 2016-08-17 Data packet fast processing system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201610673785.8A CN106131050B (en) 2016-08-17 2016-08-17 Data packet fast processing system

Publications (2)

Publication Number Publication Date
CN106131050A true CN106131050A (en) 2016-11-16
CN106131050B CN106131050B (en) 2022-12-09

Family

ID=57258229

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201610673785.8A Active CN106131050B (en) 2016-08-17 2016-08-17 Data packet fast processing system

Country Status (1)

Country Link
CN (1) CN106131050B (en)

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20030229710A1 (en) * 2002-06-11 2003-12-11 Netrake Corporation Method for matching complex patterns in IP data streams
KR20040085266A (en) * 2003-03-31 2004-10-08 엘지엔시스(주) Network Intrusion Detection System with double buffer and the operating method
US20050213570A1 (en) * 2004-03-26 2005-09-29 Stacy John K Hardware filtering support for denial-of-service attacks
CN101460983A (en) * 2006-04-17 2009-06-17 恒接信息科技公司 Malicious attack detection system and an associated method of use
CN103139072A (en) * 2011-11-30 2013-06-05 美国博通公司 System and method for integrating line-rate application recognition in a switch ASIC

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20030229710A1 (en) * 2002-06-11 2003-12-11 Netrake Corporation Method for matching complex patterns in IP data streams
KR20040085266A (en) * 2003-03-31 2004-10-08 엘지엔시스(주) Network Intrusion Detection System with double buffer and the operating method
US20050213570A1 (en) * 2004-03-26 2005-09-29 Stacy John K Hardware filtering support for denial-of-service attacks
CN101421991A (en) * 2004-03-26 2009-04-29 思科技术公司 Hardware filtering support for denial-of-service attacks
CN101460983A (en) * 2006-04-17 2009-06-17 恒接信息科技公司 Malicious attack detection system and an associated method of use
CN103139072A (en) * 2011-11-30 2013-06-05 美国博通公司 System and method for integrating line-rate application recognition in a switch ASIC

Also Published As

Publication number Publication date
CN106131050B (en) 2022-12-09

Similar Documents

Publication Publication Date Title
CN103688489B (en) Method for strategy processing and network equipment
US20050278781A1 (en) System security approaches using sub-expression automata
KR101045452B1 (en) Advanced spam detection techniques
TWI271056B (en) System security approach methods using state tables, related computer-readable medium, and related systems
US20030149726A1 (en) Automating the reduction of unsolicited email in real time
CN107733851A (en) DNS tunnels Trojan detecting method based on communication behavior analysis
US20110197284A1 (en) Attributes of captured objects in a capture system
CN109951359A (en) The asynchronous scan method of distributed network assets and equipment
US10091235B1 (en) Method, system, and apparatus for detecting and preventing targeted attacks
CN101997700A (en) Internet protocol version 6 (IPv6) monitoring equipment based on deep packet inspection and deep flow inspection
JP2023527568A (en) E-mail Security Service Providing Apparatus Using Hierarchical Architecture Based on Security Levels and Operating Method Thereof
CN107222511A (en) Detection method and device, computer installation and the readable storage medium storing program for executing of Malware
CN106911640A (en) Cyberthreat treating method and apparatus
Al-Daweri et al. An adaptive method and a new dataset, UKM-IDS20, for the network intrusion detection system
CN108351941A (en) Analytical equipment, analysis method and analysis program
Liu et al. Fast and memory-efficient traffic classification with deep packet inspection in CMP architecture
KR102648653B1 (en) Mail security-based zero-day URL attack defense service providing device and method of operation
Ramesh et al. Performance metric system for malicious URL data using revised random forest algorithm
CN106131050A (en) The quick processing system of packet
Nazar et al. Integrating web server log forensics through deep learning
Cohen Two models of digital forensic examination
CN108712324B (en) Method and device for processing mail
Nivedha et al. Detection of email spam using Natural Language Processing based Random Forest approach
Komisarek et al. Network Intrusion Detection in the Wild-the Orange use case in the SIMARGL project
CN104113841B (en) A kind of virtualization detecting system and detection method for mobile Internet Botnet

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C41 Transfer of patent application or patent right or utility model
TA01 Transfer of patent application right

Effective date of registration: 20161109

Address after: Zuchongzhi road Kunshan City 215000 Suzhou City, Jiangsu province No. 1699 Industrial Technology Research Institute apartment 8 1101

Applicant after: Pei Zhiyong

Address before: 215000, No. 58 energy road, Yushan Town, Kunshan City, Jiangsu, Suzhou

Applicant before: SHENGPULUO NETWORK TECHNOLOGY (SUZHOU) CO.,LTD.

C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant