CN106131050A - The quick processing system of packet - Google Patents
The quick processing system of packet Download PDFInfo
- Publication number
- CN106131050A CN106131050A CN201610673785.8A CN201610673785A CN106131050A CN 106131050 A CN106131050 A CN 106131050A CN 201610673785 A CN201610673785 A CN 201610673785A CN 106131050 A CN106131050 A CN 106131050A
- Authority
- CN
- China
- Prior art keywords
- packet
- signature
- module
- fifo memory
- memory buffer
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
- H04L63/1458—Denial of Service
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3247—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
A kind of quick processing system of packet, including two fifo memory buffers, entrance FIFO and outlet fifo memory buffer, safety detecting system is connected with entrance FIFO and outlet fifo memory buffer respectively;The packet being received externally is respectively stored in entrance FIFO and outlet fifo memory buffer;Packet at entrance fifo memory buffer resolves through safety detecting system and is compiled into row packet signature matching detection and makes signature detection decision-making;This signature detection decision-making is applied to exporting in the packet in fifo memory buffer determining that this packet should be read or be deleted.By the present invention can quick read data packet, and it is detected, prevents from receiving the packet paralysis system of malicious attack.
Description
Technical field
The present invention relates to the quick processing system of packet with quick signatures match scheme, it is applicable to server and protects
Protecting, the technology particularly improved can detect in network safety system and prevent malicious attack, such as intruding detection system
(IDS), intrusion prevention system (IPS), or anti-mass service system with rejection (DOS).
Background technology
A lot of companies and individual utilize their computer to be connected to the Internet, with shared information.In addition, these networks
User it is generally desirable to share some information by the Internet between the computer outside their computer and their network range,
The most multiduty website.Information sharing is that the communication session by arranging between server computer and client computer comes
Realize.These physics and logic connection establishment between computer play a global computer network, such as, interconnection
Net.
Unfortunately, malicious computer users can use the Internet connection to make network service interrupt, confidential data
Or deletion data.One example of this attack is mass service system with rejection (being called for short DOS), and the assailant during this attacks attempts refusal
Some offering customers service given by victim's computer.Dos attack can by various modes, including take server internal memory and
Network connection realizes.The service of server computer can also be destroyed by network attack, and this all can pass through IDS or IPS system
Detect.
Connect to set up network, must have exchange process between client computer and server.Such as, client
Computer sends service request to server.In response to this request, server meeting storage allocation space and the time of process, will ring
Computer should be sent back to, and wait that client computer is replied.Client computer can send asks service in a large number
To server, but never reply server.Then, server waits a response that forever all can not receive, and the most also can waste
Internal memory and the time of process.During waiting, server also accepts extra packet, in such server may be used up
Deposit, process space or network connection.
Finally, request is too many to such an extent as to server cannot provide to validated user and connect, and the internet communication of server is also
To substantially interrupt.This may result in Email, linking Internet, and/or Web server afunction.
These other examples attacked include flooding server with mass data bag, to consume all of cpu power, thus
Refusal validated user accesses network, or by allowing server perform substantial amounts of program or script, thus it is empty to consume available internal memory
Between.
In the type of numerous network attacks, because there being substantial amounts of packets need to be examined, therefore examine at packet
When looking into, utilize the signature of packet load to realize attack and be difficult to detect.The invention is intended to solve by complexity, consumption CPU
The signatures match process of resource and the detection that causes and the problem of prevention hydraulic performance decline.
Summary of the invention
The technical problem to be solved is to provide a kind of quick processing system of packet, uses dual-port storage
Device, makes packet detection and packet reading point carry out respectively in two ports, it is achieved packet quickly processes, and prevents data
Wrap under attack, make systemic breakdown.
For solving above-mentioned technical problem, the technical scheme that the present invention provides is a kind of quick processing system of packet, and it is special
Levying and be to include two fifo memory buffers, one of them is entrance fifo memory buffer, and another is deposited for outlet FIFO
Storage buffer;Safety detecting system is connected with described entrance fifo memory buffer and outlet fifo memory buffer respectively;From
The packet being externally received is respectively stored in described entrance fifo memory buffer and outlet fifo memory buffer;Described
Packet at entrance fifo memory buffer resolves through described safety detecting system and is compiled into the coupling inspection of row packet signature
Survey and make signature detection decision-making;When signatures match result affirmative, it is stored in the packet in outlet fifo memory buffer
Linked signature detection decision-making certainly, is stored in the packet in outlet fifo memory buffer together with signature detection decision-making one
Rise and be read;When signatures match result negates, the packet being stored in outlet fifo memory buffer is linked negative
Signature detection decision-making, be stored in outlet fifo memory buffer in packet then be deleted abandon.
Described safety detecting system includes packet parsing module, signatures match module and processing data packets decision module;
Packet at described entrance fifo memory buffer is respectively sent to packet parsing module and signatures match module;By number
Carry out resolving compiling according to Packet analyzing module, extract header information and layer 7 load is carried out byte location, and this header is believed
Breath and load data send and carry out signatures match detection to signatures match module, and described detection detects with linear speed;Processing data packets
Decision module generates signature detection decision-making according to the signatures match result received and header information, and is applied to export FIFO
The packet that storage buffer preserves.
Described signatures match module uses dual-ported memory, based on the hexadecimal label being stored in dual-ported memory
Name information, and resolve the original position of compiling back loading data, load data stream is carried out signatures match detection, and by affirmative
Signatures match result and header information send to the generation signature detection decision-making of processing data packets decision module.
Described signatures match module includes quickly signing scan module, scan data memory module and accurate model coupling mould
Block;Signature length and the signature scheme of load data are scanned by described quick signature scan module, and by positive loose
The related load data of matching result are saved in scan data memory module, and accurate model matching module is swept according to quickly signature
Retouch pattern match window and the related load data that are saved in scan data memory module and actual signature that module generates
Information list carries out accurate signatures match;And accurate signatures match result and header information are sent to processing data packets decision
Module.
Quick signature length scan module that described quick signature scan module degree of including signature length is scanned, to label
The quick signature scheme matching module of name Mode scans and signature window selection module;Described signature window selection module is according to fast
Speed signature length scan module and quickly signature scheme matching module scan the loose matching result generation mode matching window compared
Mouthful, and the load data stream relevant to loose matching result certainly is saved in scan data memory module.
The signature length information of load data and signature scheme information are saved in described dual-ported memory, one of them
Port is for contrasting with load data, and another port updates for real-time signature and is identified in capture load data needs inspection
The signature surveyed.
When receiving packet at network safety system, this packet will be stored in two FIFO memory.At this
In invention, entrance fifo memory buffer is used for sequentially providing complete data packet to detect.Outlet fifo memory buffer
For forwarding packet and applying detection or preventative strategies can, after the signature of packet load is detected, preventative strategies can is divided
It is fitted on each signature.When packet is read out from outlet fifo memory buffer, and each signature detection strategy will be answered
Use in packet.Once in outlet fifo memory buffer, the whole signatures match process of certain packet of storage completes also
Obtaining the signatures match result of affirmative, this packet being stored in outlet fifo memory buffer is read at once;No when obtaining
Fixed signatures match result, the packet being stored in outlet fifo memory buffer then can be deleted and abandon.Thus ensure whole
Packet after individual system will not be maliciously tampered is attacked.In order to keep input data identical with the speed of outgoi8ng data, use
Dual-ported memory performs quick signature scheme coupling.
The module of the present invention receives inlet flow rate and resolves frame, detects the signature of packet load with this, and application is attacked
Hit detection/preventative strategies can.
In complete packet is received and stored in entrance fifo memory buffer, this packet can be by from entrance
Fifo memory buffer reads out, and is sent to packet parsing module and signatures match module.Packet resolves mould
Block will resolve packet, identifies the header information of every layer and the border of packet load and extracts the value of each header.Signature
Matching module will compare the content of packet load with the signature stored, thus produces at further packet
The signatures match result of reason.May there is the preliminary matches result of multiple affirmative, be then passed through preliminary signatures match knot certainly
Fruit carries out accurate signatures match, obtains final signatures match result.
Signatures match module uses dual-ported memory, and a port carries out comparing, and another port is signed
Update and capture load data is identified the signature needing detection.Pass through dual-ported memory, it is possible to achieve linear speed scans.
The quick scanning system of packet of the present invention, it is possible to achieve linear speed scans, and prevents packet from causing because of attack
Systemic breakdown.
Accompanying drawing explanation
Fig. 1, for the flowage structure schematic block diagram of the quick processing system of packet.
Fig. 2, the flow process of signatures match modular structure shows that frame is intended to.
Fig. 3, is the schematic process flow diagram of quickly signature scan module structure.
Fig. 4, is the workflow schematic diagram of quick signature length scan module.
Fig. 5, is quick signature scheme matching module workflow schematic diagram.
Detailed description of the invention
In order to be better understood from the quick processing system of the packet of the present invention, now lift preferred embodiment combining illustrate into
Row illustrates.The quick processing system of packet of the present invention, including two FIFO memory, one of them is deposited for entrance FIFO
Storage buffer, another is outlet fifo memory buffer;Safety detecting system respectively with described entrance fifo memory buffer
Connect with outlet fifo memory buffer;The packet being received externally is respectively stored in described entrance FIFO storage buffering
In device and outlet fifo memory buffer;Packet at described entrance fifo memory buffer is through described safety detecting system
Parsing is compiled into row packet signature matching detection;When signatures match result affirmative, it is stored in outlet fifo memory buffer
In packet be linked a signature detection decision-making certainly, be stored in the packet in outlet fifo memory buffer together with label
Name detection decision-making is read together;When signatures match result negates, it is stored in the packet in outlet fifo memory buffer
The signature detection decision-making of a linked negative, is stored in the packet in outlet fifo memory buffer and is then deleted and abandons.Tool
Body is described as follows.
In the present invention, referring to Fig. 1, inlet flow rate is layer 2 frame form, is generally associated with ethernet frame, then
It is stored in two and first enters/first go out in (FIFO) storage buffer, deposit as entrance fifo memory buffer 100 and outlet FIFO
Storage buffer 500.In complete frame is stored in entrance fifo memory buffer 100, processing system can be by its storage to entering
The order of mouth fifo memory buffer 100 and outlet fifo memory buffer 500 reads inflow packet, and to packet solution
Analysis module 200 and signatures match module 300 provide and flow into packet.
Packet parsing module 200 will extract header information, such as second layer header, and third layer packet header, the 4th layer of header
Value, and start the byte location of the 7th layer of load.Third layer and the 4th layer of header information are used as particular detection report information,
The signatures match that this information is possible to load is relevant.Due to header information be extracted, load data starts to be identified, signature
Joining module 300 will want the signature list of detection to compare load information and system.Therefore, in signatures match module
In 300, load data will be processed, compare with all storages signature in systems, detect with linear speed.
When performing signatures match process with linear speed, signatures match result will be sent to packet together with header information
Process decision module 400.How the signatures match result that decision is detected by processing data packets decision module 400 will be answered
Use packet.This Sign Policies will be linked to export fifo memory buffer 500, and such inspection policies can be answered
It is used in the outlet data packet stream amount of outflow.The signatures match result received when processing data packets decision module 400 is affirmative,
Then make the signature decision-making of affirmative and be linked to export fifo memory buffer 500, making to be stored in outlet FIFO storage slow
The packet rushing device 500 is read smoothly;The signatures match result received such as processing data packets decision module 400 is negative,
When i.e. packet is judged to be maliciously tampered or received malicious attack after testing, then makes the signature decision-making of negative and incite somebody to action
It links to export fifo memory buffer 500, makes the packet being stored in outlet fifo memory buffer 500 be deleted and loses
Abandon.Thus realize the prevention system factor data bag possibility by malicious attack.
Fig. 2 is the schematic process flow diagram of signatures match module 300.Signatures match module 300 includes scanning mould of quickly signing
Block 310, scan data memory module 320, accurate model matching module 330.
The target capabilities of signatures match is linear speed scanning, and for realizing linear speed scanning, signatures match module uses dual-port to deposit
Reservoir.Based on packet parsing module 200 by resolving the original position of data payload in the packet load that compiling provides, number
It is provided to scan module 310 of quickly signing according to the data stream of bag load.Now in quickly signature scan module 310, load
The all signatures being used for signatures match with storage in systems are compared by data stream, and signatures match therein is based on storage
Hexadecimal signing messages in dual-ported memory.In system, these signatures of storage will be with the packet of each inflow
In load data compare.
When positive scanning result is identified, and generation mode match window sends to accurate model matching module 330, simultaneously
Generating signal, the load data that the loose matching result of the affirmative made is relevant will be stored in scan data memory module 320
Independent storage space in.Then, the load data of loose matching result will be stored in accurate model matching module 330
Signature actual list generate pattern match window in mate.When demonstrating the signatures match result of affirmative, should
Signatures match result and header information are sent to processing data packets decision module 400.
Fig. 3 is the schematic process flow diagram of quickly signature scan pattern 310.Quickly the purpose of signature scan module 310 be from
The load of incoming data bag positions signature that may be present.In order to keep the highest scan performance, by procuration length information
Being stored in dual-ported memory with pattern, so make a port for contrasting with load data, another port is used for
Real-time signature updates and is identified, in capture load, the signature needing detection.Each Autograph Session to be detected is compiled to both-end
Mouth memorizer, the most just can be with a part for linear speed scan signature and the length of signature.
As it is shown on figure 3, such as " http_method ", " http_met " realizes part coupling, last three hexadecimals
When information " hod " pattern short with signature length and puppet of value is all mated, signature " http_method " is (medium in hexadecimal number
It is same as " 68/74/74/70/5f/6d/65/74/68/6f/64 ") signature match can be broadly defined as.These parts
Join is to be mated 312 by quick signature length scan pattern 311 and quick signature scheme to complete.According to flowing into the same of load data stream
The matching result of the affirmative of step, such as " http_method ", signature window selection module 313 produces the pattern of packet load
Match window, produces signal simultaneously and makes scan data memory module 320 can store real data payload message part, in order to
Coupling the most in detail is carried out at accurate model matching module 330.
Fig. 4 is the operating diagram of quick signature length scan module 311.The length information of particular signature can be stored
On each word bit position of storage data.Such as, as shown in Figure 4, the length information (available 16 that " http_method " signs
System " 68/74/74/70/5f/6d/65/74/68/6f/64 " represents) may be programmed into 8 bit address and 32 bit data
In multiple memorizeies of width.If last three characters of a signature are used to refer to the length of related signature, detect
The greatest length of signature be 32 characters, 3 can be used with 8 bit address and the memorizer of 32 bit data width.Such as, signature
Last three characters of " http_method " are " hod " (available 16 systems are expressed as " 68/6f/64 ").The most as shown in Figure 4,
On " x68 ", " x6f " and " x64 " address, the word bit " 10 " of three memorizeies may be programmed into " 1 ".At signature length quilt
So after programming, when a series of data are used as the reading address of these memorizeies, it is programmed that 32 storage data meetings
Read out from memorizer.When these 3 memorizeies are addressed to " x68 " simultaneously, " x6f " and " x64 ", and also these three is deposited
The information of the word bit " 10 " of reservoir is all " 1 ", then, this shows to there may be the signature that last three character are " hod ".
Each clock cycle can carry out digital independent, ensures to carry out signature length scanning with linear speed with this.
Fig. 5 is the workflow schematic diagram of quick signature scheme match pattern 312.With quick signature length scan module
311 identical modes, utilize be supported the internal memory that data are specified, quick signatures match module 312 can with from load data
" http_met " loose coupling.So, when this quick signature length scan module 311 and quick signature scheme matching module
312 all in the same time, postpone with correct data time sequence, when producing possible signatures match result certainly, and the pattern of generation
Match window will produce signal, stores part load data, for the most accurately signatures match.
In accordance with the above, the quick processing system of packet of the present invention, including two FIFO memory, one of them is
Entrance fifo memory buffer, another is outlet fifo memory buffer;The packet that safety detecting system receives is respectively
It is stored in described entrance fifo memory buffer and outlet fifo memory buffer;Data at entrance fifo memory buffer
Wrap and be compiled into row packet signature coupling through parsing;When signatures match result affirmative, it is stored in outlet FIFO storage buffering
Packet in device is linked signature detection decision-making, and the packet of outlet fifo memory buffer is together with signature detection decision-making
It is read.So, can detect or prevent to have been subjected to the packet of malicious attack, prevent whole system from being paralysed.
The present invention is to use FPGA technology to apply to the signatures match realizing 10Gbps.Can ensure that Wire speed packet forwards
While performance, positive treatment is signed.
Claims (6)
1. the quick processing system of packet, it is characterised in that include two fifo memory buffers, one of them is entrance
Fifo memory buffer, another is outlet fifo memory buffer;Safety detecting system stores with described entrance FIFO respectively
Buffer and outlet fifo memory buffer connect;The packet being received externally is respectively stored in described entrance FIFO and deposits
In storage buffer and outlet fifo memory buffer;Packet at described entrance fifo memory buffer is through described safety inspection
Examining system resolves and is compiled into row packet signature matching detection and makes signature detection decision-making;When signatures match result affirmative,
The packet being stored in outlet fifo memory buffer is linked the signature detection decision-making of affirmative, is stored in outlet FIFO storage
Packet in buffer is read together with signature detection decision-making;When signatures match result negates, it is stored in outlet
Packet in fifo memory buffer is linked the signature detection decision-making of negative, is stored in outlet fifo memory buffer
Packet is then deleted and abandons.
The quick processing system of packet the most according to claim 1, it is characterised in that described safety detecting system includes number
According to Packet analyzing module, signatures match module and processing data packets decision module;Data at described entrance fifo memory buffer
Bag is respectively sent to packet parsing module and signatures match module;Carry out resolving compiling by packet parsing module, extract
Header information also carries out byte location, and send this header information and load data to signatures match module to layer 7 load
Carrying out signatures match detection, described detection detects with linear speed;Processing data packets decision module is according to the signatures match result received
And header information generates signature detection decision-making, and it is applied to export the packet that fifo memory buffer preserves.
The quick processing system of packet the most according to claim 2, it is characterised in that described signatures match module uses double
Port store, based on the hexadecimal signing messages being stored in dual-ported memory, and resolves compiling back loading data
Original position, carries out signatures match detection, and signatures match result certainly and header information is sent extremely load data stream
Processing data packets decision module generates signature detection decision-making.
The quick processing system of packet the most according to claim 3, it is characterised in that described signatures match module includes soon
Speed signature scan module, scan data memory module and accurate model matching module;Described quick signature scan module is to load
Signature length and the signature scheme of data are scanned, and the related load data of positive loose matching result are saved in and sweep
Retouching in data memory module, accurate model matching module is according to the pattern match window that quickly signature scan module generates and preservation
Related load data in scan data memory module carry out accurate signatures match with actual signing messages list;And by essence
True signatures match result and header information send to processing data packets decision module.
The quick processing system of packet the most according to claim 4, it is characterised in that described quick signature scan module bag
The quick signature length scan module that degree of including signature length is scanned, the quick signature scheme coupling mould to signature scheme scanning
Block and signature window selection module;Described signature window selection module is according to quick signature length scan module and mould of quickly signing
Formula matching module scans the loose matching result generation mode match window compared, and by relevant to loose matching result certainly
Load data stream be saved in scan data memory module.
The quick processing system of packet the most according to claim 5, it is characterised in that the signature length information of load data
And signature scheme information is saved in described dual-ported memory, one of them port is used for contrasting with load data, another
Port updates for real-time signature and is identified in capture load data needs the signature of detection.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201610673785.8A CN106131050B (en) | 2016-08-17 | 2016-08-17 | Data packet fast processing system |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201610673785.8A CN106131050B (en) | 2016-08-17 | 2016-08-17 | Data packet fast processing system |
Publications (2)
Publication Number | Publication Date |
---|---|
CN106131050A true CN106131050A (en) | 2016-11-16 |
CN106131050B CN106131050B (en) | 2022-12-09 |
Family
ID=57258229
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201610673785.8A Active CN106131050B (en) | 2016-08-17 | 2016-08-17 | Data packet fast processing system |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN106131050B (en) |
Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20030229710A1 (en) * | 2002-06-11 | 2003-12-11 | Netrake Corporation | Method for matching complex patterns in IP data streams |
KR20040085266A (en) * | 2003-03-31 | 2004-10-08 | 엘지엔시스(주) | Network Intrusion Detection System with double buffer and the operating method |
US20050213570A1 (en) * | 2004-03-26 | 2005-09-29 | Stacy John K | Hardware filtering support for denial-of-service attacks |
CN101460983A (en) * | 2006-04-17 | 2009-06-17 | 恒接信息科技公司 | Malicious attack detection system and an associated method of use |
CN103139072A (en) * | 2011-11-30 | 2013-06-05 | 美国博通公司 | System and method for integrating line-rate application recognition in a switch ASIC |
-
2016
- 2016-08-17 CN CN201610673785.8A patent/CN106131050B/en active Active
Patent Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20030229710A1 (en) * | 2002-06-11 | 2003-12-11 | Netrake Corporation | Method for matching complex patterns in IP data streams |
KR20040085266A (en) * | 2003-03-31 | 2004-10-08 | 엘지엔시스(주) | Network Intrusion Detection System with double buffer and the operating method |
US20050213570A1 (en) * | 2004-03-26 | 2005-09-29 | Stacy John K | Hardware filtering support for denial-of-service attacks |
CN101421991A (en) * | 2004-03-26 | 2009-04-29 | 思科技术公司 | Hardware filtering support for denial-of-service attacks |
CN101460983A (en) * | 2006-04-17 | 2009-06-17 | 恒接信息科技公司 | Malicious attack detection system and an associated method of use |
CN103139072A (en) * | 2011-11-30 | 2013-06-05 | 美国博通公司 | System and method for integrating line-rate application recognition in a switch ASIC |
Also Published As
Publication number | Publication date |
---|---|
CN106131050B (en) | 2022-12-09 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN103688489B (en) | Method for strategy processing and network equipment | |
US20050278781A1 (en) | System security approaches using sub-expression automata | |
KR101045452B1 (en) | Advanced spam detection techniques | |
TWI271056B (en) | System security approach methods using state tables, related computer-readable medium, and related systems | |
US20030149726A1 (en) | Automating the reduction of unsolicited email in real time | |
CN107733851A (en) | DNS tunnels Trojan detecting method based on communication behavior analysis | |
US20110197284A1 (en) | Attributes of captured objects in a capture system | |
CN109951359A (en) | The asynchronous scan method of distributed network assets and equipment | |
US10091235B1 (en) | Method, system, and apparatus for detecting and preventing targeted attacks | |
CN101997700A (en) | Internet protocol version 6 (IPv6) monitoring equipment based on deep packet inspection and deep flow inspection | |
JP2023527568A (en) | E-mail Security Service Providing Apparatus Using Hierarchical Architecture Based on Security Levels and Operating Method Thereof | |
CN107222511A (en) | Detection method and device, computer installation and the readable storage medium storing program for executing of Malware | |
CN106911640A (en) | Cyberthreat treating method and apparatus | |
Al-Daweri et al. | An adaptive method and a new dataset, UKM-IDS20, for the network intrusion detection system | |
CN108351941A (en) | Analytical equipment, analysis method and analysis program | |
Liu et al. | Fast and memory-efficient traffic classification with deep packet inspection in CMP architecture | |
KR102648653B1 (en) | Mail security-based zero-day URL attack defense service providing device and method of operation | |
Ramesh et al. | Performance metric system for malicious URL data using revised random forest algorithm | |
CN106131050A (en) | The quick processing system of packet | |
Nazar et al. | Integrating web server log forensics through deep learning | |
Cohen | Two models of digital forensic examination | |
CN108712324B (en) | Method and device for processing mail | |
Nivedha et al. | Detection of email spam using Natural Language Processing based Random Forest approach | |
Komisarek et al. | Network Intrusion Detection in the Wild-the Orange use case in the SIMARGL project | |
CN104113841B (en) | A kind of virtualization detecting system and detection method for mobile Internet Botnet |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C41 | Transfer of patent application or patent right or utility model | ||
TA01 | Transfer of patent application right |
Effective date of registration: 20161109 Address after: Zuchongzhi road Kunshan City 215000 Suzhou City, Jiangsu province No. 1699 Industrial Technology Research Institute apartment 8 1101 Applicant after: Pei Zhiyong Address before: 215000, No. 58 energy road, Yushan Town, Kunshan City, Jiangsu, Suzhou Applicant before: SHENGPULUO NETWORK TECHNOLOGY (SUZHOU) CO.,LTD. |
|
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |