CN111245773B - Automobile Ethernet flow monitoring method, terminal equipment and storage medium - Google Patents
Automobile Ethernet flow monitoring method, terminal equipment and storage medium Download PDFInfo
- Publication number
- CN111245773B CN111245773B CN201811444582.7A CN201811444582A CN111245773B CN 111245773 B CN111245773 B CN 111245773B CN 201811444582 A CN201811444582 A CN 201811444582A CN 111245773 B CN111245773 B CN 111245773B
- Authority
- CN
- China
- Prior art keywords
- chain
- flow
- automobile
- main chain
- firewall
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
- H04L63/0227—Filtering policies
- H04L63/0263—Rule management
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/20—Network architectures or network communication protocols for network security for managing network security; network security policies in general
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/12—Protocols specially adapted for proprietary or special-purpose networking environments, e.g. medical networks, sensor networks, networks in vehicles or remote metering networks
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Computing Systems (AREA)
- Signal Processing (AREA)
- General Engineering & Computer Science (AREA)
- Computer Hardware Design (AREA)
- Medical Informatics (AREA)
- General Health & Medical Sciences (AREA)
- Health & Medical Sciences (AREA)
- Business, Economics & Management (AREA)
- General Business, Economics & Management (AREA)
- Small-Scale Networks (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention relates to a method for monitoring automobile Ethernet flow, a terminal device and a storage medium, wherein the method comprises the following steps: s100: dividing the network flow into a plurality of main chains according to the characteristics of the network flow, setting that each main chain comprises a plurality of secondary chains, and each secondary chain is a mutually independent chain capable of identifying the flow characteristics; s200: when network flow is received, dividing the network flow into a main chain according to the characteristics of the network flow; s300: and performing feature matching according to the secondary chain on the main chain in sequence to select and receive the network traffic meeting the matching condition of the secondary chain on the main chain consistent with the characteristics of the network traffic. The invention aims at the problem that the processing capacity of hardware on an automobile is limited, and redesigns the flow monitoring mode on an automobile gateway/firewall to make the flow monitoring mode more suitable for being used on the automobile, thereby effectively monitoring and controlling the flow with potential Ethernet security threat to make the automobile enter the network more safely.
Description
Technical Field
The invention relates to the technical field of automobile networks, in particular to an automobile Ethernet flow monitoring method, terminal equipment and a storage medium.
Background
Networking of automobiles has been a major trend, pushing automobiles from a closed system to an interconnected open system. However, the huge security threat of the automobile after networking is always one reason for the careful networking of the automobile factories and the observation attitude. The threat defense related to the automobile Ethernet is not as mature as the threat defense related to the traditional Internet, and the attention and the used related defense technical means are all explored. Although the conventional ethernet defense technology can also be used for the purpose of reference in the car ethernet, the conventional ethernet defense technology needs to be readjusted and designed due to different application scenarios and environments. Generally, the traditional ethernet traffic monitoring has strong hardware support, and the design of the monitoring filtering rule strategy for the data traffic is relatively random, so that finer control and management are required on the automobile ethernet due to the limitation of hardware resources.
Disclosure of Invention
In view of the above problems, the present invention aims to provide a method, a terminal device and a storage medium for monitoring the ethernet traffic of an automobile, which are capable of redesigning a traffic monitoring mode on an automobile gateway/firewall to make the traffic monitoring mode more suitable for use in the automobile, so as to effectively monitor and control the potential ethernet security threat traffic to make the automobile enter the network more secure, in view of the limited processing capability of hardware on the automobile.
The specific scheme is as follows:
an automobile Ethernet flow monitoring method comprises the following steps:
s100: dividing the network flow into a plurality of main chains according to the characteristics of the network flow, setting that each main chain comprises a plurality of secondary chains, and each secondary chain is a mutually independent chain capable of identifying the flow characteristics;
s200: when network flow is received, dividing the network flow into a main chain according to the characteristics of the network flow;
s300: and performing feature matching according to the secondary chain on the main chain in sequence to delete and select the network traffic meeting the matching condition of the secondary chain on the main chain consistent with the characteristics of the network traffic for receiving.
Further, the set automobile network flow is divided into three types, namely local flow, external flow and forwarding flow, six main chains are set respectively for inflow and outflow of the three types of flow, and the main chains are respectively as follows:
a first main chain: the data flows into the automobile gateway/firewall from the local area network, and the automobile gateway/firewall is used as final target equipment;
a second main chain: the automobile gateway/firewall is sent out as a source, and equipment in a local area network is used as final target equipment;
a third main chain: the data flows into the automobile gateway/firewall from the Internet, and the automobile gateway/firewall is taken as a final target device;
a fourth main chain: the automobile gateway/firewall is sent out as a source, and equipment on the Internet is used as final target equipment;
a fifth main chain: flows from the internet into an automobile gateway/firewall and forwards the data to the final target equipment in the local area network protected by the data;
a sixth main chain: the devices in the LAN protected by the car gateway/firewall are sent out as sources and forwarded to the final target device on the Internet through the car gateway/firewall.
Further, the setting process of the secondary chain in step S100 is: all secondary chains are stored in a feature chain pool, and each main chain extracts the required feature chain from the feature chain pool according to the requirement and is hung on the main chain to serve as the secondary chain.
Further, the rule of feature matching of each secondary chain in step S300 is: judging whether the network flow meets the chain entering condition of the secondary chain, if so, entering the secondary chain, matching the rule sets on the secondary chain one by one, if so, returning to the main chain, and if not, discarding the network flow; and if the requirement of entering the chain is not met, jumping to the next secondary chain for feature matching until all secondary chains on the main chain are completely matched.
An ethernet traffic monitoring terminal device for a vehicle comprises a processor, a memory and a computer program stored in the memory and operable on the processor, wherein the processor executes the computer program to implement the steps of the method according to the embodiment of the present invention.
A computer-readable storage medium, in which a computer program is stored, wherein the computer program, when being executed by a processor, is adapted to carry out the steps of the method according to an embodiment of the present invention as described above.
By adopting the technical scheme, the traffic monitoring method on the automobile gateway/firewall is redesigned aiming at the problem that the processing capacity of hardware on the automobile is limited, so that the traffic monitoring method is more suitable for being used on the automobile, and the traffic is effectively monitored and controlled by the potential Ethernet security threat, so that the automobile is safer to access the network.
Drawings
Fig. 1 is a schematic structural diagram of a first embodiment of the present invention.
Fig. 2 is a schematic diagram illustrating a secondary chain setting process according to a first embodiment of the present invention.
Fig. 3 is a schematic flow chart according to a first embodiment of the present invention.
Detailed Description
To further illustrate the various embodiments, the invention provides the accompanying drawings. The accompanying drawings, which are incorporated in and constitute a part of this disclosure, illustrate embodiments of the invention and, together with the description, serve to explain the principles of the embodiments. With these references, one of ordinary skill in the art will appreciate other possible embodiments and advantages of the present invention.
The invention will now be further described with reference to the accompanying drawings and detailed description.
The first embodiment is as follows:
the embodiment of the invention provides a method for monitoring the traffic of an automobile Ethernet, which uses netfilter of linux kernel and iptables basic technology of application layer to design a corresponding mechanism to comprehensively monitor the network traffic of an automobile Ethernet gateway/firewall, and comprises the following steps:
s100: as shown in fig. 1, the network traffic characteristics are divided into a plurality of main chains, which specifically include: the method comprises the following steps of setting automobile network flow into three types of local flow, external flow and forwarding flow, and setting six main chains for inflow and outflow of the three types of flow respectively, wherein the six main chains are as follows:
first backbone local in (local inflow): the data flows into the automobile gateway/firewall from the local area network, and the automobile gateway/firewall is used as final target equipment;
second backbone local out (local outflow): the automobile gateway/firewall is sent out as a source, and equipment in a local area network is used as final target equipment;
third main chain external in (external inflow): the data flows into the automobile gateway/firewall from the Internet, and the automobile gateway/firewall is taken as a final target device;
fourth main chain external out (external outflow): the automobile gateway/firewall is sent out as a source, and equipment on the Internet is used as final target equipment;
fifth backbone forward in: flows from the internet into an automobile gateway/firewall and forwards the data to the final target equipment in the local area network protected by the data;
sixth main chain forward out: the devices in the local area network protected by the automobile gateway/firewall are sent out as a source and are forwarded to the final target device on the internet through the automobile gateway/firewall.
And each main chain is set to comprise a plurality of secondary chains, each secondary chain is a mutually independent chain capable of identifying flow characteristics, and all the secondary chains are stored in the characteristic chain pool.
S200: when network traffic is received, it is divided into a main chain according to the characteristics of the network traffic.
S300: and performing feature matching according to the secondary chain on the main chain in sequence to delete the network traffic meeting the matching condition of the secondary chain on the main chain consistent with the characteristics of the network traffic.
After the network traffic is initially split based on the main chain, the split traffic is sent to the secondary chain hung on the main chain for further monitoring, as shown in fig. 3, the traffic is sequentially subjected to feature matching through the secondary chain, for example, the traffic can be quickly matched whether the traffic meets the chain entering condition of the secondary chain 1, if not, the next secondary chain is directly skipped to quickly match until all the secondary chains on the main chain are completely matched; if the requirement of entering a certain secondary chain is met, entering the secondary chain, matching the rule sets on the chains one by one, if the matching condition is met, returning to the main chain, entering the next secondary chain for feature matching until all the secondary chains on the main chain are completely matched, and if the matching condition is not met, discarding the network flow. If the traffic cannot be matched after being filtered by all the secondary chains, the default processing strategy, such as acceptance or discarding, is skipped.
All secondary chains on the main chain are from a characteristic chain pool, as shown in fig. 2, the characteristic chain pool contains chains capable of identifying flow characteristics, the chains are independent from each other, and each main chain can extract required characteristic chains from the characteristic chain pool as required and is hung on the own chain to serve as a secondary chain. Meanwhile, the main chain can also dynamically delete the unnecessary secondary chain or adjust the hanging position of a certain secondary chain in the main chain.
And if the two secondary chains of TCP and UDP have different chain entering parts, when the network flow is TCP, only the secondary chain conforming to the TCP chain entering part can be entered, but the secondary chain conforming to the UDP chain entering part cannot be entered.
The feature chains supported by the pool of feature chains are shown in table 1. These feature chains are managed using iptables custom chains and by putting rules that identify certain traffic features into the custom chains, do the corresponding actions if traffic flows through the chain and is matched by a set of rules in the feature chain, otherwise process according to the default policy of the feature chain or simply return from the feature chain.
TABLE 1
| Feature chain name | Monitoring flow | |
| 1 | IP_MAC_BIND_CHAIN | IP/MAC address binding monitoring |
| 2 | NET_SCAN_PROTECT_CHAIN | Network scanning monitoring |
| 3 | CONNECTION_TRACKING_CHAIN | State tracking check |
| 4 | PACKETS_INSPECT_CHAIN | Packet content inspection |
| 5 | CONCURENT_LIMIT_CHAIN | Concurrent connection number limitation |
| 6 | SRC_IP_CHECK_CHAIN | Source IP spoofing monitoring |
| 7 | DNS_SERVER_QUERY_CHAIN | DNS service request monitoring |
| 8 | DNS_SERVER_RESPONSE_CHAIN | DNS service response monitoring |
| 9 | UDP_SERVICE_REQUEST_CHAIN | UDP service request monitoring |
| 10 | UDP_SERVICE_RESPONSE_CHAIN | UDP service response monitoring |
| 11 | TCP_SERVICE_REQUEST_CHAIN | TCP service request monitoring |
| 12 | TCP_SERVICE_RESPONSE_CHAIN | TCP service response monitoring |
The secondary chain is illustrated below:
such as IP _ MAC _ BIND _ CHAIN secondary CHAIN, is used to detect whether the IP is bound to a particular MAC, and if the IP and MAC information of the packet is not unbound as in a white list preset in the secondary CHAIN, the packet is discarded, and if so, the packet is returned from the secondary CHAIN to the backbone. The process of other feature chain detection and processing is similar and not described in detail here.
In actual use, the 6 main chains can be hooked with the characteristic chains required by the main chains according to needs to carry out fine monitoring on the flow of the incoming flow. For example, the local in main CHAIN attaches feature CHAINs such as IP _ MAC _ BIND _ CHAIN, CONNECTION _ TRACKING _ CHAIN, CONNECTION _ LIMIT _ CHAIN, packet _ insert _ CHAIN from the feature pool as required, so as to monitor the incoming traffic in the order of the feature CHAIN attachment, such as monitoring the validity of IP and MAC of the car internal lan, monitoring the traffic state, limiting the maximum concurrent number of the traffic, checking the packet content of the traffic, etc., and if the traffic does not satisfy the matching condition in the process of entering a certain feature CHAIN, the traffic is processed (such as directly discarded) and does not continue to be monitored.
Example two:
the invention further provides an automobile ethernet flow monitoring terminal device, which comprises a memory, a processor and a computer program stored in the memory and capable of running on the processor, wherein the steps in the above method embodiment of the first embodiment of the invention are realized when the processor executes the computer program.
Further, as an executable scheme, the automobile ethernet flow monitoring terminal device may be a computing device such as a desktop computer, a notebook, a palm computer, and a cloud server. The automobile Ethernet flow monitoring terminal equipment can comprise, but is not limited to, a processor and a memory. It is understood by those skilled in the art that the above-mentioned constituent structure of the automotive ethernet traffic monitoring terminal device is only an example of the automotive ethernet traffic monitoring terminal device, and does not constitute a limitation on the automotive ethernet traffic monitoring terminal device, and may include more or less components than the above, or combine some components, or different components, for example, the automotive ethernet traffic monitoring terminal device may further include an input/output device, a network access device, a bus, and the like, which is not limited in this embodiment of the present invention.
Further, as an executable solution, the Processor may be a Central Processing Unit (CPU), other general purpose Processor, a Digital Signal Processor (DSP), an Application Specific Integrated Circuit (ASIC), an off-the-shelf Programmable Gate Array (FPGA) or other Programmable logic device, a discrete Gate or transistor logic device, a discrete hardware component, and the like. The general processor may be a microprocessor or the processor may be any conventional processor, etc., the processor is a control center of the automobile ethernet traffic monitoring terminal device, and various interfaces and lines are used to connect various parts of the whole automobile ethernet traffic monitoring terminal device.
The memory can be used for storing the computer program and/or the module, and the processor can realize various functions of the automobile Ethernet flow monitoring terminal equipment by operating or executing the computer program and/or the module stored in the memory and calling the data stored in the memory. The memory can mainly comprise a program storage area and a data storage area, wherein the program storage area can store an operating system and an application program required by at least one function; the storage data area may store data created according to the use of the mobile phone, and the like. In addition, the memory may include high speed random access memory, and may also include non-volatile memory, such as a hard disk, a memory, a plug-in hard disk, a Smart Media Card (SMC), a Secure Digital (SD) Card, a Flash memory Card (Flash Card), at least one magnetic disk storage device, a Flash memory device, or other volatile solid state storage device.
The invention also provides a computer-readable storage medium, in which a computer program is stored, which, when being executed by a processor, carries out the steps of the above-mentioned method of an embodiment of the invention.
The integrated module/unit of the automobile Ethernet flow monitoring terminal device can be stored in a computer readable storage medium if the integrated module/unit is realized in the form of a software functional unit and is sold or used as an independent product. Based on such understanding, all or part of the flow of the method according to the embodiments of the present invention may also be implemented by a computer program, which may be stored in a computer-readable storage medium, and when the computer program is executed by a processor, the steps of the method embodiments described above may be implemented. Wherein the computer program comprises computer program code, which may be in the form of source code, object code, an executable file or some intermediate form, etc. The computer-readable medium may include: any entity or device capable of carrying the computer program code, recording medium, usb disk, removable hard disk, magnetic disk, optical disk, computer Memory, read-Only Memory (ROM ), random Access Memory (RAM), software distribution medium, and the like.
While the invention has been particularly shown and described with reference to a preferred embodiment, it will be understood by those skilled in the art that various changes in form and detail may be made therein without departing from the spirit and scope of the invention as defined by the appended claims.
Claims (4)
1. A method for monitoring the Ethernet traffic of an automobile is characterized in that: the method comprises the following steps:
s100: dividing the network flow into a plurality of main chains according to the characteristics of the network flow, setting that each main chain comprises a plurality of secondary chains, and each secondary chain is a mutually independent chain capable of identifying the flow characteristics; the method comprises the following steps of setting automobile network flow into three types of local flow, external flow and forwarding flow, and setting six main chains for inflow and outflow of the three types of flow respectively, wherein the six main chains are as follows: a first main chain: the data flows into the automobile gateway/firewall from the local area network, and the automobile gateway/firewall is used as final target equipment; a second main chain: the automobile gateway/firewall is sent out as a source, and equipment in a local area network is used as final target equipment; a third main chain: the data flows into the automobile gateway/firewall from the Internet, and the automobile gateway/firewall is taken as a final target device; a fourth main chain: the automobile gateway/firewall is sent out as a source, and equipment on the Internet is used as final target equipment; a fifth main chain: flows into the automobile gateway/firewall from the Internet and is forwarded to the final target device in the LAN protected by the automobile gateway/firewall; a sixth main chain: the device in the local area network protected by the automobile gateway/firewall is used as a source to send out, and is forwarded to the final target device on the Internet through the automobile gateway/firewall;
s200: when network flow is received, dividing the network flow into a main chain according to the characteristics of the network flow;
s300: performing feature matching in sequence according to the secondary chains on the main chain to delete and select the network traffic meeting the matching conditions of the secondary chains on the main chain consistent with the characteristics of the network traffic for receiving; the rule of feature matching of each secondary chain is as follows: judging whether the network flow meets the chain entering condition of the secondary chain, if so, entering the secondary chain, matching the rule sets on the secondary chain one by one, if so, returning to the main chain, and if not, discarding the network flow; and if the requirement of entering the chain is not met, jumping to the next secondary chain for feature matching until all secondary chains on the main chain are matched.
2. An ethernet traffic monitoring method according to claim 1, characterized in that: the setting process of the secondary chain in the step S100 is as follows: all secondary chains are stored in a characteristic chain pool, and each main chain extracts the required characteristic chain from the characteristic chain pool according to the requirement and is hung on the main chain to serve as the secondary chain.
3. The utility model provides a car ethernet flow monitor terminal equipment which characterized in that: comprising a processor, a memory and a computer program stored in said memory and running on said processor, said processor implementing the steps of the method according to any one of claims 1-2 when executing said computer program.
4. A computer-readable storage medium, in which a computer program is stored which, when being executed by a processor, carries out the steps of the method according to any one of claims 1-2.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201811444582.7A CN111245773B (en) | 2018-11-29 | 2018-11-29 | Automobile Ethernet flow monitoring method, terminal equipment and storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201811444582.7A CN111245773B (en) | 2018-11-29 | 2018-11-29 | Automobile Ethernet flow monitoring method, terminal equipment and storage medium |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN111245773A CN111245773A (en) | 2020-06-05 |
| CN111245773B true CN111245773B (en) | 2023-04-18 |
Family
ID=70875920
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201811444582.7A Active CN111245773B (en) | 2018-11-29 | 2018-11-29 | Automobile Ethernet flow monitoring method, terminal equipment and storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN111245773B (en) |
Citations (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101119321A (en) * | 2007-09-29 | 2008-02-06 | 杭州华三通信技术有限公司 | Network flux classification processing method and apparatus |
| CN101789887A (en) * | 2009-12-25 | 2010-07-28 | 成都市华为赛门铁克科技有限公司 | Method and device for classifying network users and system for monitoring network services |
| CN102970190A (en) * | 2012-12-10 | 2013-03-13 | 东南大学 | Network traffic monitoring system |
| CN103560971A (en) * | 2013-10-31 | 2014-02-05 | 华为技术有限公司 | Network flow balancing control method and device |
| CN104378387A (en) * | 2014-12-09 | 2015-02-25 | 浪潮电子信息产业股份有限公司 | Virtual platform information security protection method |
| CN104506482A (en) * | 2014-10-10 | 2015-04-08 | 香港理工大学 | Detection method and detection device for network attack |
| CN106664255A (en) * | 2014-04-03 | 2017-05-10 | 奥比特多媒体控股公司 | Data flow control method |
| EP3373553A1 (en) * | 2017-03-09 | 2018-09-12 | Argus Cyber Security Ltd. | System and method for providing cyber security to an in-vehicle network |
Family Cites Families (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US9602527B2 (en) * | 2015-03-19 | 2017-03-21 | Fortinet, Inc. | Security threat detection |
| US10462159B2 (en) * | 2016-06-22 | 2019-10-29 | Ntt Innovation Institute, Inc. | Botnet detection system and method |
-
2018
- 2018-11-29 CN CN201811444582.7A patent/CN111245773B/en active Active
Patent Citations (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101119321A (en) * | 2007-09-29 | 2008-02-06 | 杭州华三通信技术有限公司 | Network flux classification processing method and apparatus |
| CN101789887A (en) * | 2009-12-25 | 2010-07-28 | 成都市华为赛门铁克科技有限公司 | Method and device for classifying network users and system for monitoring network services |
| CN102970190A (en) * | 2012-12-10 | 2013-03-13 | 东南大学 | Network traffic monitoring system |
| CN103560971A (en) * | 2013-10-31 | 2014-02-05 | 华为技术有限公司 | Network flow balancing control method and device |
| CN106664255A (en) * | 2014-04-03 | 2017-05-10 | 奥比特多媒体控股公司 | Data flow control method |
| CN104506482A (en) * | 2014-10-10 | 2015-04-08 | 香港理工大学 | Detection method and detection device for network attack |
| CN104378387A (en) * | 2014-12-09 | 2015-02-25 | 浪潮电子信息产业股份有限公司 | Virtual platform information security protection method |
| EP3373553A1 (en) * | 2017-03-09 | 2018-09-12 | Argus Cyber Security Ltd. | System and method for providing cyber security to an in-vehicle network |
Non-Patent Citations (2)
| Title |
|---|
| "A method of traffic flow measuring based on vehicle infrastructure integration system";Q. Wang等;《2009 IEEE Intelligent Vehicles Symposium》;20090714;全文 * |
| "基于改进分簇算法的网络流量识别方法";王宇科等;《计算机工程与科学》;20111115;全文 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN111245773A (en) | 2020-06-05 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN112073411B (en) | Network security deduction method, device, equipment and storage medium | |
| US9959751B2 (en) | Filter method for adapting a computing load | |
| CN105721461A (en) | System and method using dedicated computer security services | |
| EP3399723B1 (en) | Performing upper layer inspection of a flow based on a sampling rate | |
| US20160255012A1 (en) | Method for mitigation of unauthorized data transfer over domain name service (dns) | |
| CN108881328B (en) | Data packet filtering method and device, gateway equipment and storage medium | |
| US10581852B2 (en) | Hardware implementation methods and system for secure, policy-based access control for computing devices | |
| US11570201B2 (en) | System and method for detecting and blocking malicious attacks on a network | |
| EP2949098A1 (en) | Methods, systems, and computer readable media for using policy knowledge for needs based forwarding of bearer session traffic to network nodes | |
| CN112165460B (en) | Flow detection method, device, computer equipment and storage medium | |
| CN113709052B (en) | Processing method and device of network message, electronic equipment and storage medium | |
| CN104067558A (en) | Network access apparatus having a control module and a network access module | |
| CN110768976B (en) | Message processing method, device and network equipment | |
| WO2019033891A1 (en) | Rdma-based network traffic determination method and device | |
| CN111245773B (en) | Automobile Ethernet flow monitoring method, terminal equipment and storage medium | |
| CN111181983B (en) | Endogenous access control method, endogenous access control device, computing equipment and medium | |
| CN113395242A (en) | Packet capturing method and device for application data packet and computing equipment | |
| CN114745329B (en) | Flow control method and device, storage medium and electronic device | |
| CN109672665B (en) | Access control method, device and system and computer readable storage medium | |
| CN114024731B (en) | Message processing method and device | |
| US20210344704A1 (en) | Network Defense Method and Security Detection Device | |
| CN106357688B (en) | A kind of method and apparatus for defending ICMP flood attack | |
| CN112532610B (en) | Intrusion prevention detection method and device based on TCP segmentation | |
| US20190104110A1 (en) | Method and system for controlling transmission of data packets in a network | |
| CN113079128A (en) | Information plugging method and device, computing equipment and computer storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |