CN111586058A - Mixed protocol agent system and method for operation and maintenance audit system - Google Patents
Mixed protocol agent system and method for operation and maintenance audit system Download PDFInfo
- Publication number
- CN111586058A CN111586058A CN202010387913.9A CN202010387913A CN111586058A CN 111586058 A CN111586058 A CN 111586058A CN 202010387913 A CN202010387913 A CN 202010387913A CN 111586058 A CN111586058 A CN 111586058A
- Authority
- CN
- China
- Prior art keywords
- protocol
- data packet
- proxy engine
- multiplexer
- auditing system
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L69/00—Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
- H04L69/02—Protocol performance
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L43/00—Arrangements for monitoring or testing data switching networks
- H04L43/02—Capturing of monitoring data
- H04L43/028—Capturing of monitoring data by filtering
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L43/00—Arrangements for monitoring or testing data switching networks
- H04L43/18—Protocol analysers
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L69/00—Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
- H04L69/03—Protocol definition or specification
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Security & Cryptography (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention relates to a mixed protocol agent system and a method of an operation and maintenance auditing system, relating to the field of protocol ports, wherein a client of the operation and maintenance auditing system sends a data packet of unknown protocol, the decoded protocol field is directly matched to compare each character protocol or graphic protocol or plaintext protocol, and the data packet matched with the corresponding protocol is directly judged as the data packet encrypted by the protocol; adopting a rule detection method for a data packet which cannot perfectly match a corresponding protocol, depending on a preset character string or a binary sequence in a rule base, judging that the data packet belongs to the protocol when the similarity is higher than a preset threshold value, forwarding the data packet to a proxy engine, marking the data packet by the proxy engine, sending the data packet to a special proxy engine of different protocols, and sending the data packet to a target server by the special proxy engine; and analyzing the information structure in the data packet for the data packet of the incompatible protocol, analyzing and storing the data packet according to the attributes, and sending the processed data packet to a compatibility result display module for display.
Description
Technical Field
The invention relates to the field of protocol ports, in particular to a mixed protocol agent system and a method for an operation and maintenance auditing system.
Background
The existing operation and maintenance auditing system supports operation and maintenance auditing of multiple protocols, and facilitates operation and maintenance authority control and post-audit backtracking of users aiming at different applications, but the current operation and maintenance auditing system only performs discrete processing on monitoring ports of various protocols, and generates the condition that part of protocols cannot be brought under monitoring management of the operation and maintenance auditing system under the condition that a firewall does not open more ports for increasingly enhanced safety management, thereby generating the condition that part of protocols of the operation and maintenance auditing system cannot be proxied.
In the application scenario of the operation and maintenance auditing system in the current market, due to security management and control, most of ports are usually blocked by a firewall, but 443 ports are usually not blocked, but due to the fact that default ports of different application protocols are usually different, the operation and maintenance auditing system cannot directly perform operation, maintenance and auditing under the limiting condition. Therefore, a technical means is needed to solve the problem of identifying different protocols at the same port, and forward the data packet to the proxy engine for processing according to the identified result.
Disclosure of Invention
The invention aims to: the mixed protocol agent system and the method of the operation and maintenance auditing system are provided, a multiplexing technology is introduced to the operation and maintenance auditing system, the protocol type is determined according to the detected result and a threshold value for different data packets sent by a client, incompatible protocols are recorded and displayed, different data packets transmitted from the client at the front end to a virtual host behind the operation and maintenance auditing system which is released from a single port can be well identified and detected, and the data packets are forwarded to an agent engine for processing according to the identified result.
The technical scheme adopted by the invention is as follows:
a mixed protocol agent method of an operation and maintenance auditing system mainly comprises the following steps which are carried out in sequence:
step S1: the monitoring program detects that a client initiates a request;
step S2: forwarding the detected data to an application protocol multiplexer module for detecting a protocol type;
step S3: and the proxy engine receives the compatible result matched in the last step of detection and initiates connection to the target server.
In order to better implement the present solution, further, the method for detecting the protocol type by the protocol multiplexer is as follows: and extracting the first data packet after the three-way handshake, directly matching the decoded protocol field when the number of the protocols is small, confirming the protocol type according to the protocol field and sending the protocol type to the proxy engine.
In order to better implement the present solution, further, the method for determining the protocol type of the data packet by using the protocol multiplexer includes: the usage rule detection method comprises the following steps: and comparing and selecting the data packet according to a preset character string or a binary sequence in a rule base, recording the similarity, and judging that the data packet belongs to a protocol when the similarity of the data packet and the protocol input in advance meets the threshold requirement.
In order to better implement the scheme, further, when the application protocol multiplexer regularly matches the data packet to the incompatible protocol, the data packet belonging to the incompatible protocol is sent to the compatibility result processing module, the compatibility result processing module analyzes the information structure in the data packet, analyzes and stores the information structure according to the attribute, and sends the processed data packet to the compatibility result display module for display.
In order to better implement the scheme, further, when the data packet is stored after being analyzed according to the attributes, the source, the size, the flow direction and the similarity of the data packet are recorded.
In order to better implement the present solution, further, the method for detecting the SSH character protocol, the RDP graphic protocol, and the file transfer protocol FTP by the application protocol multiplexer is as follows:
SSH character protocol: after the data packet is decoded, the value of the protocol field of the data packet is SSH _2.0-OpenSSH _7.4, and after the regular expression is matched with the SSH field, the subsequent data is forwarded to the proxy engine and marked as SSH;
RDP graphics protocol: under the condition that the data packet is not encrypted, decoding the data packet in a tpkt mode, wherein the protocol field value after decoding is RDP, and forwarding the data packet to a proxy engine and marking the data packet as RDP after matching; detecting the encrypted RDP protocol data packet in a rule detection mode;
file transfer protocol FTP: the File transfer protocol FTP is a clear text protocol and can be directly parsed into the File transfer protocol field.
According to the mixed protocol agent method of the operation and maintenance auditing system, for a data packet of an unknown protocol sent to a virtual host at the rear end of the operation and maintenance auditing system by a client of the operation and maintenance auditing system, decoded protocol fields are directly matched to compare with each character protocol or graphic protocol or plaintext protocol, and for the data packet matched with a corresponding protocol, the data packet is directly judged to be an encrypted data packet of the protocol; the method adopts a rule detection method for the data packet which can not perfectly match the corresponding protocol, is different from the method that a firewall needs to process data which is complicatedly encrypted and confused, does not need to record a particularly huge feature library in an operation and maintenance auditing system, namely, we only need to rely on the preset character strings or binary sequences in the rule base for comparison selection, when the similarity is higher than the preset threshold requirement, the data packet can be judged to belong to the protocol, when comparing the data stream information of the data packet and traversing the data in the database, the data stream can be compared by selecting a regular mode or a bit stream mode, the data packets which belong to a certain protocol and are determined by the two methods are forwarded to the proxy engine, the data packets are marked by the proxy engine and then are sent to the proprietary proxy engine of different protocols, and the proprietary proxy engine sends the data packets to the target server.
A mixed protocol agent system of an operation and maintenance auditing system comprises a client, an agent engine and an application protocol multiplexer,
a client: initiating a connection request to a proxy engine;
the proxy engine: the method comprises the steps that a data packet sent by a client side is forwarded to an application protocol multiplexer, and the data packet is marked and then sent to a special proxy engine of different protocols according to the protocol type of the data packet detected by the application protocol multiplexer;
application protocol multiplexer: and receiving the data packet forwarded by the proxy engine, judging the protocol type of the data packet according to the protocol field input in advance, and sending the data packet to the proxy engine according to the detected protocol type.
In order to better implement the present solution, further, the method for determining the protocol type of the data packet by using the protocol multiplexer includes: and extracting the first data packet after the three-way handshake, directly matching the decoded protocol field when the number of the protocols is small, confirming the protocol type according to the protocol field and sending the protocol type to the proxy engine.
When the decoded protocol field can not meet the protocol type, using a rule detection method: comparing and selecting according to a character string or a binary sequence preset in a rule base, recording the similarity, and judging that a data packet belongs to a protocol when the similarity of the data packet and the protocol input in advance meets a threshold requirement;
in order to better implement the scheme, further, when the application protocol multiplexer regularly matches the data packet to the incompatible protocol, the data packet belonging to the incompatible protocol is sent to the compatibility result processing module, the compatibility result processing module analyzes the information structure in the data packet, analyzes and stores the information structure according to the attribute, and sends the processed data packet to the compatibility result display module for display.
The invention relates to an operation and maintenance auditing system mixed protocol proxy system, which is based on the operation and maintenance auditing system mixed protocol proxy method, when a monitor of a proxy engine detects that a client side initiates a data packet transmission request, the proxy engine receives data sent by the client side and forwards the data to an application protocol multiplexer, then in the application protocol multiplexer, a protocol supported by the operation and maintenance auditing system is traversed, decoded data is used for matching with an expected field, if the expected field is completely met, the protocol data packet is judged to be the protocol data packet, if the expected field is not completely met, a rule detection method is used, comparison and selection are carried out depending on a character string or a binary sequence preset in a rule base, when the similarity of the data packet and a protocol input in advance reaches a threshold value requirement, the data packet is judged to belong to the protocol, if all the character strings or the binary sequences compared cannot meet the threshold value requirement, and then judging that the data packet belongs to an incompatible protocol, correspondingly sending the data packet of the detected protocol type to a proxy engine, marking the data packet according to the protocol, sending the data packet to a special proxy engine of the corresponding protocol, sending the data packet to a target server by the special proxy engine, analyzing an information structure in the data packet for the data packet of the incompatible protocol, analyzing and storing the data packet according to attributes, and sending the processed data packet to a compatibility result display module for displaying.
In summary, due to the adoption of the technical scheme, the invention has the beneficial effects that:
1. the invention relates to an operation and maintenance auditing system mixed protocol proxy system and a method, wherein a multiplexing technology is introduced to the operation and maintenance auditing system, the protocol type is determined according to the detected result and the threshold value for different data packets sent by a client, incompatible protocols are recorded and displayed, unknown data packets transmitted from the client at the front end to a virtual host computer behind the operation and maintenance auditing system which is released from a single port can be well identified and detected, and the data packets are forwarded to a proxy engine for processing according to the identified protocol;
2. the invention relates to an operation and maintenance auditing system mixed protocol agent system and a method, which introduce a multiplexing technology to be applied to an operation and maintenance auditing system, determine the protocol type according to the detected result and a comparison threshold value for different data packets sent by a client, automatically number the incompatible protocol data packets and record related data.
Drawings
In order to more clearly illustrate the technical solution, the drawings needed to be used in the embodiments are briefly described below, and it should be understood that, for those skilled in the art, other related drawings can be obtained according to the drawings without creative efforts, wherein:
FIG. 1 is a block diagram of the present invention;
FIG. 2 is a protocol field value for one embodiment of the present invention;
fig. 3 is an enlarged schematic view of a portion of fig. 2 of the present invention.
Detailed Description
In order to more clearly illustrate the technical solutions of the embodiments of the present invention, the technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it should be understood that the described embodiments are only a part of the embodiments of the present invention, and not all embodiments, and therefore should not be considered as a limitation to the scope of protection. All other embodiments, which can be obtained by a person skilled in the art without any inventive step based on the embodiments of the present invention, are within the scope of the present invention.
In the description of the present invention, it is to be noted that, unless otherwise explicitly specified or limited, the terms "disposed," "connected," and "connected" are to be construed broadly, and may be, for example, fixedly connected, detachably connected, or integrally connected; can be mechanically or electrically connected; they may be connected directly or indirectly through intervening media, or they may be interconnected between two elements. The specific meanings of the above terms in the present invention can be understood in specific cases to those skilled in the art.
The present invention will be described in detail with reference to fig. 1 to 3.
Example 1
A mixed protocol agent method of an operation and maintenance auditing system is disclosed, as shown in figure 1, and mainly comprises the following steps which are carried out in sequence:
step S1: the monitoring program detects that a client initiates a request;
step S2: forwarding the detected data to an application protocol multiplexer module for detecting a protocol type;
step S3: and the proxy engine receives the compatible result matched in the last step of detection and initiates connection to the target server.
The working principle is as follows: according to the mixed protocol agent method for the operation and maintenance auditing system, for a data packet of an unknown protocol sent to a virtual host at the rear end of the operation and maintenance auditing system by a client of the operation and maintenance auditing system, decoded protocol fields are directly matched to compare various character protocols or graphic protocols or plaintext protocols.
Example 2
On the basis of the above embodiment 1, the method for detecting the protocol type by the protocol multiplexer includes: and extracting the first data packet after the three-way handshake, directly matching the decoded protocol field when the number of the protocols is small, confirming the protocol type according to the protocol field and sending the protocol type to the proxy engine.
The method for judging the protocol type of the data packet by the application protocol multiplexer comprises the following steps: the usage rule detection method comprises the following steps: and comparing and selecting the data packet according to a preset character string or a binary sequence in a rule base, recording the similarity, and judging that the data packet belongs to a protocol when the similarity of the data packet and the protocol input in advance meets the threshold requirement.
When the application protocol multiplexer regularly matches the data packet to the incompatible protocol, the data packet belonging to the incompatible protocol is sent to the compatibility result processing module, the compatibility result processing module analyzes the information structure in the data packet, analyzes and stores the information structure according to the attribute, and sends the processed data packet to the compatibility result display module for display.
And when the sub-attribute is analyzed and stored, recording the source, the size, the flow direction and the similarity of the data packet.
The detection method of the application protocol multiplexer on the SSH character protocol, the RDP graphic protocol and the file transfer protocol FTP comprises the following steps:
as shown in fig. 2 and 3, the SSH character protocol: after the data packet is decoded, the value of the protocol field of the data packet is SSH _2.0-OpenSSH _7.4, and after the regular expression is matched with the SSH field, the subsequent data is forwarded to the proxy engine and marked as SSH;
RDP graphics protocol: under the condition that the data packet is not encrypted, decoding the data packet in a tpkt mode, wherein the protocol field value after decoding is RDP, and forwarding the data packet to a proxy engine and marking the data packet as RDP after matching; detecting the encrypted RDP protocol data packet in a rule detection mode;
file transfer protocol FTP: the File transfer protocol FTP is a clear text protocol and can be directly parsed into the File transfer protocol field.
The working principle is as follows: according to the mixed protocol agent method of the operation and maintenance auditing system, for a data packet of an unknown protocol sent to a virtual host at the rear end of the operation and maintenance auditing system by a client of the operation and maintenance auditing system, decoded protocol fields are directly matched to compare with each character protocol or graphic protocol or plaintext protocol, and for the data packet matched with a corresponding protocol, the data packet is directly judged to be an encrypted data packet of the protocol; the method adopts a rule detection method for the data packet which can not perfectly match the corresponding protocol, is different from the method that a firewall needs to process data which is complicatedly encrypted and confused, does not need to record a particularly huge feature library in an operation and maintenance auditing system, namely, we only need to rely on the preset character strings or binary sequences in the rule base for comparison selection, when the similarity is higher than the preset threshold requirement, the data packet can be judged to belong to the protocol, when comparing the data stream information of the data packet and traversing the data in the database, the data stream can be compared by selecting a regular mode or a bit stream mode, the data packets which belong to a certain protocol and are determined by the two methods are forwarded to the proxy engine, the data packets are marked by the proxy engine and then are sent to the proprietary proxy engine of different protocols, and the proprietary proxy engine sends the data packets to the target server.
Other parts of this embodiment are the same as those of embodiment 1, and thus are not described again.
Example 3
A mixed protocol agent system of an operation and maintenance auditing system, as shown in figure 1, comprises a client, an agent engine and an application protocol multiplexer,
a client: initiating a connection request to a proxy engine;
the proxy engine: the method comprises the steps that a data packet sent by a client side is forwarded to an application protocol multiplexer, and the data packet is marked and then sent to a special proxy engine of different protocols according to the protocol type of the data packet detected by the application protocol multiplexer;
application protocol multiplexer: and receiving the data packet forwarded by the proxy engine, judging the protocol type of the data packet according to the protocol field input in advance, and sending the data packet to the proxy engine according to the detected protocol type.
The working principle is as follows: according to the mixed protocol agent system of the operation and maintenance auditing system, a data packet of an unknown protocol, which is sent to a virtual host at the rear end of the operation and maintenance auditing system by a client side of the operation and maintenance auditing system, is forwarded to an application protocol multiplexer to directly match a decoded protocol field to compare with each character protocol or graphic protocol or plaintext protocol after receiving data by using an agent engine, and is returned to the agent engine according to a detected protocol type.
Example 4
On the basis of the above embodiment 1, the method for determining the protocol type of the data packet by using the protocol multiplexer includes: and extracting the first data packet after the three-way handshake, directly matching the decoded protocol field when the number of the protocols is small, confirming the protocol type according to the protocol field and sending the protocol type to the proxy engine.
When the decoded protocol field can not meet the protocol type, using a rule detection method: comparing and selecting according to a character string or a binary sequence preset in a rule base, recording the similarity, and judging that a data packet belongs to a protocol when the similarity of the data packet and the protocol input in advance meets a threshold requirement;
when the application protocol multiplexer regularly matches the data packet to the incompatible protocol, the data packet belonging to the incompatible protocol is sent to the compatibility result processing module, the compatibility result processing module analyzes the information structure in the data packet, analyzes and stores the information structure according to the attribute, and sends the processed data packet to the compatibility result display module for display.
The working principle is as follows: the invention relates to an operation and maintenance auditing system mixed protocol proxy system, which is based on the operation and maintenance auditing system mixed protocol proxy method, when a monitor of a proxy engine detects that a client side initiates a data packet transmission request, the proxy engine receives data sent by the client side and forwards the data to an application protocol multiplexer, then in the application protocol multiplexer, a protocol supported by the operation and maintenance auditing system is traversed, decoded data is used for matching with an expected field, if the expected field is completely met, the protocol data packet is judged to be the protocol data packet, if the expected field is not completely met, a rule detection method is used, comparison and selection are carried out depending on a character string or a binary sequence preset in a rule base, when the similarity of the data packet and a protocol input in advance reaches a threshold value requirement, the data packet is judged to belong to the protocol, if all the character strings or the binary sequences compared cannot meet the threshold value requirement, and then judging that the data packet belongs to an incompatible protocol, correspondingly sending the data packet of the detected protocol type to a proxy engine, marking the data packet according to the protocol, sending the data packet to a special proxy engine of the corresponding protocol, sending the data packet to a target server by the special proxy engine, analyzing an information structure in the data packet for the data packet of the incompatible protocol, analyzing and storing the data packet according to attributes, and sending the processed data packet to a compatibility result display module for displaying.
The other parts of this embodiment are the same as those of embodiment 3, and thus are not described again.
The above description is only a preferred embodiment of the present invention, and is not intended to limit the present invention in any way, and all simple modifications and equivalent variations of the above embodiments according to the technical spirit of the present invention are included in the scope of the present invention.
Claims (9)
1. A mixed protocol agent method of an operation and maintenance auditing system is characterized in that: mainly comprises the following steps which are carried out in sequence:
step S1: the monitoring program detects that a client initiates a request;
step S2: forwarding the detected data to an application protocol multiplexer module for detecting a protocol type;
step S3: and the proxy engine receives the compatible result matched in the last step of detection and initiates connection to the target server.
2. The operation and maintenance auditing system hybrid protocol agent method of claim 1, characterized in that: the method for detecting the protocol type by the protocol multiplexer comprises the following steps: and extracting the first data packet after the three-way handshake, directly matching the decoded protocol field when the number of the protocols is small, confirming the protocol type according to the protocol field and sending the protocol type to the proxy engine.
3. The operation and maintenance auditing system mixed protocol proxy method according to claim 1 or 2, characterized by that: the method for judging the protocol type of the data packet by the application protocol multiplexer comprises the following steps: the usage rule detection method comprises the following steps: and comparing and selecting the data packet according to a preset character string or a binary sequence in a rule base, recording the similarity, and judging that the data packet belongs to a protocol when the similarity of the data packet and the protocol input in advance meets the threshold requirement.
4. The operation and maintenance auditing system hybrid protocol agent method of claim 3, characterized in that: when the application protocol multiplexer regularly matches the data packet to the incompatible protocol, the data packet belonging to the incompatible protocol is sent to the compatibility result processing module, the compatibility result processing module analyzes the information structure in the data packet, analyzes and stores the information structure according to the attribute, and sends the processed data packet to the compatibility result display module for display.
5. The operation and maintenance auditing system hybrid protocol agent method of claim 4, characterized in that: and when the sub-attribute is analyzed and stored, recording the source, the size, the flow direction and the similarity of the data packet.
6. The operation and maintenance auditing system hybrid protocol agent method of claim 5, characterized in that: the detection method of the application protocol multiplexer on the SSH character protocol, the RDP graphic protocol and the file transfer protocol FTP comprises the following steps:
SSH character protocol: after the data packet is decoded, the value of the protocol field of the data packet is SSH _2.0-OpenSSH _7.4, and after the regular expression is matched with the SSH field, the subsequent data is forwarded to the proxy engine and marked as SSH;
RDP graphics protocol: under the condition that the data packet is not encrypted, decoding the data packet in a tpkt mode, wherein the protocol field value after decoding is RDP, and forwarding the data packet to a proxy engine and marking the data packet as RDP after matching; detecting the encrypted RDP protocol data packet in a rule detection mode;
file transfer protocol FTP: the File transfer protocol FTP is a clear text protocol and can be directly parsed into the File transfer protocol field.
7. The utility model provides an operation and maintenance audit system hybrid protocol agent system, includes client, agent engine, application protocol multiplexer, its characterized in that:
a client: initiating a connection request to a proxy engine;
the proxy engine: the method comprises the steps that a data packet sent by a client side is forwarded to an application protocol multiplexer, and the data packet is marked and then sent to a special proxy engine of different protocols according to the protocol type of the data packet detected by the application protocol multiplexer;
application protocol multiplexer: and receiving the data packet forwarded by the proxy engine, judging the protocol type of the data packet according to the protocol field input in advance, and sending the data packet to the proxy engine according to the detected protocol type.
8. The operation and maintenance auditing system hybrid protocol agent system of claim 7, characterized in that: the method for judging the protocol type of the data packet by the application protocol multiplexer comprises the following steps: extracting the first data packet after three-way handshake, directly matching the decoded protocol field when the number of protocols is small, confirming the protocol type according to the protocol field and sending the protocol type to the proxy engine;
when the decoded protocol field can not meet the protocol type, using a rule detection method: and comparing and selecting the data packet according to a preset character string or a binary sequence in a rule base, recording the similarity, and judging that the data packet belongs to a protocol when the similarity of the data packet and the protocol input in advance meets the threshold requirement.
9. The operation and maintenance auditing system hybrid protocol agent system of claim 7, characterized in that: when the application protocol multiplexer regularly matches the data packet to the incompatible protocol, the data packet belonging to the incompatible protocol is sent to the compatibility result processing module, the compatibility result processing module analyzes the information structure in the data packet, analyzes and stores the information structure according to the attribute, and sends the processed data packet to the compatibility result display module for display.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010387913.9A CN111586058A (en) | 2020-05-09 | 2020-05-09 | Mixed protocol agent system and method for operation and maintenance audit system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010387913.9A CN111586058A (en) | 2020-05-09 | 2020-05-09 | Mixed protocol agent system and method for operation and maintenance audit system |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN111586058A true CN111586058A (en) | 2020-08-25 |
Family
ID=72110748
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202010387913.9A Pending CN111586058A (en) | 2020-05-09 | 2020-05-09 | Mixed protocol agent system and method for operation and maintenance audit system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN111586058A (en) |
Cited By (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN111984216A (en) * | 2020-08-26 | 2020-11-24 | 成都安恒信息技术有限公司 | Graphic auditing method and system for character operation and maintenance |
| CN112165463A (en) * | 2020-09-14 | 2021-01-01 | 杭州安恒信息技术股份有限公司 | Audit data generation method, device, equipment and computer readable storage medium |
| CN112235266A (en) * | 2020-09-29 | 2021-01-15 | 腾讯科技(深圳)有限公司 | Data processing method, device, equipment and storage medium |
| CN113301049A (en) * | 2021-05-26 | 2021-08-24 | 杭州安恒信息技术股份有限公司 | Industrial control equipment auditing method, device, equipment and readable storage medium |
| CN114338087A (en) * | 2021-12-03 | 2022-04-12 | 成都安恒信息技术有限公司 | Directional operation and maintenance auditing method and system based on firewall |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20100293259A1 (en) * | 2003-08-11 | 2010-11-18 | Teamon Systems, Inc. | Communications system providing multi-layered extensible protocol interface and related methods |
| CN103607373A (en) * | 2013-10-18 | 2014-02-26 | 尚思卓越(北京)科技有限公司 | Method enabling single service port to realize multiple network protocol agents |
| CN109951430A (en) * | 2017-12-21 | 2019-06-28 | 中移(杭州)信息技术有限公司 | A kind of data processing method and device |
| CN110677432A (en) * | 2019-10-14 | 2020-01-10 | 广州江南科友科技股份有限公司 | Network protocol internal proxy forwarding method, device, medium and terminal equipment |
| CN110958231A (en) * | 2019-11-21 | 2020-04-03 | 博智安全科技股份有限公司 | Industrial control safety event monitoring platform and method based on Internet |
-
2020
- 2020-05-09 CN CN202010387913.9A patent/CN111586058A/en active Pending
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20100293259A1 (en) * | 2003-08-11 | 2010-11-18 | Teamon Systems, Inc. | Communications system providing multi-layered extensible protocol interface and related methods |
| CN103607373A (en) * | 2013-10-18 | 2014-02-26 | 尚思卓越(北京)科技有限公司 | Method enabling single service port to realize multiple network protocol agents |
| CN109951430A (en) * | 2017-12-21 | 2019-06-28 | 中移(杭州)信息技术有限公司 | A kind of data processing method and device |
| CN110677432A (en) * | 2019-10-14 | 2020-01-10 | 广州江南科友科技股份有限公司 | Network protocol internal proxy forwarding method, device, medium and terminal equipment |
| CN110958231A (en) * | 2019-11-21 | 2020-04-03 | 博智安全科技股份有限公司 | Industrial control safety event monitoring platform and method based on Internet |
Cited By (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN111984216A (en) * | 2020-08-26 | 2020-11-24 | 成都安恒信息技术有限公司 | Graphic auditing method and system for character operation and maintenance |
| CN111984216B (en) * | 2020-08-26 | 2023-03-31 | 成都安恒信息技术有限公司 | Graphic auditing method and system for character operation and maintenance |
| CN112165463A (en) * | 2020-09-14 | 2021-01-01 | 杭州安恒信息技术股份有限公司 | Audit data generation method, device, equipment and computer readable storage medium |
| CN112165463B (en) * | 2020-09-14 | 2023-04-18 | 杭州安恒信息技术股份有限公司 | Audit data generation method, device, equipment and computer readable storage medium |
| CN112235266A (en) * | 2020-09-29 | 2021-01-15 | 腾讯科技(深圳)有限公司 | Data processing method, device, equipment and storage medium |
| CN112235266B (en) * | 2020-09-29 | 2024-04-12 | 腾讯科技(深圳)有限公司 | Data processing method, device, equipment and storage medium |
| CN113301049A (en) * | 2021-05-26 | 2021-08-24 | 杭州安恒信息技术股份有限公司 | Industrial control equipment auditing method, device, equipment and readable storage medium |
| CN114338087A (en) * | 2021-12-03 | 2022-04-12 | 成都安恒信息技术有限公司 | Directional operation and maintenance auditing method and system based on firewall |
| CN114338087B (en) * | 2021-12-03 | 2024-03-15 | 成都安恒信息技术有限公司 | Directional operation and maintenance auditing method and system based on firewall |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN111586058A (en) | Mixed protocol agent system and method for operation and maintenance audit system | |
| US9529678B2 (en) | Apparatus and method for monitoring and auditing activity of a legacy environment | |
| CN109451006B (en) | Data transmission method, device, server and computer storage medium | |
| CN109450777B (en) | Session information extraction method, device, equipment and medium | |
| US20120300628A1 (en) | Method and apparatus to passively determine the state of a flow including determining flow state in the event of missing data on one or both sides of the flow | |
| CN101296227B (en) | IPSec VPN protocol depth detection method based on packet offset matching | |
| IL176551A (en) | Apparatus and method for monitoring and auditing activity of a legacy environment | |
| CN101827082A (en) | Method, system and device for recording and playing back desktop operating information of user | |
| WO2019043804A1 (en) | Log analysis device, log analysis method, and computer-readable recording medium | |
| EP2523394A1 (en) | Method and Apparatus for Distinguishing and Sampling Bi-Directional Network Traffic at a Conversation Level | |
| CN113630418A (en) | Network service identification method, device, equipment and medium | |
| US8725901B2 (en) | Analysis tool for intra-node application messaging | |
| CN110708341B (en) | User behavior detection method and system based on remote desktop encryption network traffic mode difference | |
| CN112822204A (en) | NAT detection method, device, equipment and medium | |
| CN112491662A (en) | ICMP hidden tunnel detection method and device | |
| CN108600173B (en) | Distributed traveling wave ranging system and method with encryption security | |
| CN111224891A (en) | Traffic application identification system and method based on dynamic learning triples | |
| CN115865534A (en) | Traffic detection method, system, device and medium based on malicious encryption | |
| Fan et al. | Automatic reverse engineering of unknown security protocols from network traces | |
| CN112104590B (en) | Method and system for detecting private connection of network equipment in private network to public network | |
| CN114218561A (en) | Weak password detection method, terminal equipment and storage medium | |
| CN114048467A (en) | Model data processing method, device, equipment and storage medium based on intrusion detection system | |
| CN111611134A (en) | Time monitoring method and device, application terminal and storage medium | |
| CN113285904A (en) | RDP-based method for analyzing disk mapping file information | |
| Get’man et al. | Data representation model for in-depth analysis of network traffic |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20200825 |