CN114520774A - Deep message detection method and device based on intelligent contract - Google Patents
Deep message detection method and device based on intelligent contract Download PDFInfo
- Publication number
- CN114520774A CN114520774A CN202111624168.6A CN202111624168A CN114520774A CN 114520774 A CN114520774 A CN 114520774A CN 202111624168 A CN202111624168 A CN 202111624168A CN 114520774 A CN114520774 A CN 114520774A
- Authority
- CN
- China
- Prior art keywords
- flow
- detected
- traffic
- intelligent contract
- version
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000001514 detection method Methods 0.000 title claims abstract description 68
- 238000000034 method Methods 0.000 claims abstract description 58
- 238000007689 inspection Methods 0.000 claims description 39
- 238000001914 filtration Methods 0.000 claims description 23
- 238000004590 computer program Methods 0.000 claims description 18
- 230000007246 mechanism Effects 0.000 claims description 14
- 230000001960 triggered effect Effects 0.000 abstract description 4
- 238000007726 management method Methods 0.000 description 9
- 230000006870 function Effects 0.000 description 8
- 238000010586 diagram Methods 0.000 description 7
- 238000004891 communication Methods 0.000 description 5
- 238000012545 processing Methods 0.000 description 5
- 230000009286 beneficial effect Effects 0.000 description 4
- 238000004806 packaging method and process Methods 0.000 description 4
- 238000002360 preparation method Methods 0.000 description 3
- 238000012216 screening Methods 0.000 description 3
- 238000012795 verification Methods 0.000 description 3
- 238000004364 calculation method Methods 0.000 description 2
- 230000003287 optical effect Effects 0.000 description 2
- 230000002776 aggregation Effects 0.000 description 1
- 238000004220 aggregation Methods 0.000 description 1
- 238000004458 analytical method Methods 0.000 description 1
- 238000012790 confirmation Methods 0.000 description 1
- 238000013500 data storage Methods 0.000 description 1
- 238000013524 data verification Methods 0.000 description 1
- 230000007547 defect Effects 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
- 238000010200 validation analysis Methods 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L43/00—Arrangements for monitoring or testing data switching networks
- H04L43/02—Capturing of monitoring data
- H04L43/028—Capturing of monitoring data by filtering
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L43/00—Arrangements for monitoring or testing data switching networks
- H04L43/08—Monitoring or testing based on specific metrics, e.g. QoS, energy consumption or environmental parameters
- H04L43/0876—Network utilisation, e.g. volume of load or congestion level
-
- Y—GENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y02—TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
- Y02D—CLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
- Y02D30/00—Reducing energy consumption in communication networks
- Y02D30/50—Reducing energy consumption in communication networks in wire-line communication networks, e.g. low power modes or reduced link rate
Abstract
The invention provides a depth message detection method and a device based on an intelligent contract, wherein the method comprises the following steps: acquiring a flow to be detected; and acquiring sample characteristics of the flow of each version of the target service application from the block chain based on the intelligent contract subset corresponding to the flow to be detected, detecting the flow to be detected, and acquiring a deep message detection result of the flow to be detected. According to the depth message detection method and device based on the intelligent contract, the intelligent contract is triggered through the external account to execute the flow sample characteristic comparison based on the application version information, the decentralized problem of the service sample characteristic data can be solved, the storage and management of the sample characteristic data cannot be falsified, the service application version of the flow characteristic can be traced, the characteristic comparison is realized through the intelligent contract arranged on the block link point, the reliability and the uniqueness of the depth message detection can be ensured, and the identification of the flow of different versions of the same service application in the depth message detection can be realized.
Description
Technical Field
The invention relates to the technical field of computers, in particular to a depth message detection method and device based on an intelligent contract.
Background
At present, a Deep Packet Inspection (DPI) method mainly uses a Deep Packet Inspection device to maintain a Packet sample feature library, and the DPI device acquires traffic and packets at a network key node and compares the acquired traffic and packets with the sample feature library, thereby implementing functions such as fine identification and analysis of service traffic, traffic proportion statistics, and application of traffic filtering.
However, for the subdivided traffic of the service application, due to the update iteration of the application version, the difference caused by version update occurs between the same traffic characteristics to be detected. The current identification mode generally manages the sample characteristics of the same service application data in a unified way, and the refined statistics and the traceable management of the version sample characteristics are not realized for the flow of different versions of the service application.
Disclosure of Invention
The invention provides a deep message detection method and device based on an intelligent contract, which are used for solving the defect that messages of different versions of the same service application cannot be identified in the prior art, and realizing updating iteration of service application flow characteristics and realizing accurate statistics and accurate tracing.
The invention provides a depth message detection method based on an intelligent contract, which comprises the following steps:
acquiring a flow to be detected;
and acquiring sample characteristics of the flow of each version of the target service application from a block chain based on the intelligent contract subset corresponding to the flow to be detected, detecting the flow to be detected, and acquiring a deep message detection result of the flow to be detected.
According to the depth message detection method based on the intelligent contract provided by the invention, before obtaining a depth message detection result of the flow to be detected based on version information, the method further comprises the following steps of obtaining sample characteristics of the flow of each version of target service application from a block chain based on an intelligent contract subset corresponding to the flow to be detected, detecting the flow to be detected, and obtaining the depth message detection result of the flow to be detected based on the version information:
adding sample characteristics of the target version of traffic of the target business application to a blockchain based on a consensus mechanism.
According to the depth message detection method based on the intelligent contract provided by the invention, the method comprises the following steps of obtaining sample characteristics of the flow of each version of target service application from a block chain based on the intelligent contract subset corresponding to the flow to be detected, detecting the flow to be detected, and obtaining the depth message detection result of the flow to be detected, wherein the method specifically comprises the following steps:
acquiring sample characteristics of the flow of each version of the target service application from a block chain based on the intelligent contract subset corresponding to the flow to be detected;
and comparing the sample characteristics of the flow of each version of the target service application with the flow to be detected based on an intelligent contract, and determining the version information of the flow to be detected.
According to the depth message detection method based on the intelligent contract provided by the invention, the method further comprises the following steps of obtaining sample characteristics of the flow of each version of target service application from a block chain based on the intelligent contract subset corresponding to the flow to be detected, detecting the flow to be detected, and obtaining a detection result of the depth message of the flow to be detected:
and counting the flow to be detected based on the version information of the flow to be detected.
According to the depth message detection method based on the intelligent contract provided by the invention, the method further comprises the following steps of obtaining sample characteristics of the flow of each version of target service application from a block chain based on the intelligent contract subset corresponding to the flow to be detected, detecting the flow to be detected, and obtaining a detection result of the depth message of the flow to be detected:
and filtering the flow to be detected based on the version information of the flow to be detected.
According to the deep packet inspection method based on the intelligent contract, provided by the invention, the sample characteristics comprise a source port and a destination port of the flow, a source address and a destination address of the flow and a characteristic field of the flow.
The invention also provides a device for detecting the depth message based on the intelligent contract, which comprises:
the flow acquisition module is used for acquiring the flow to be detected;
and the message detection module is used for acquiring sample characteristics of the flow of each version of the target service application from a block chain based on the intelligent contract subset corresponding to the flow to be detected, detecting the flow to be detected based on the sample characteristics of the flow of the target version of the target service application corresponding to the flow to be detected, and acquiring a deep message detection result of the flow to be detected.
The invention also provides an electronic device, which comprises a memory, a processor and a computer program which is stored on the memory and can run on the processor, wherein the processor executes the program to realize the steps of any one of the intelligent contract-based deep packet inspection methods.
The present invention also provides a non-transitory computer readable storage medium having stored thereon a computer program which, when executed by a processor, implements the steps of the method for detecting a deep packet based on a smart contract as described in any of the above.
The present invention also provides a computer program product, including a computer program, where the computer program, when executed by a processor, implements the steps of any of the above-mentioned deep packet inspection methods based on an intelligent contract.
The method and the device for detecting the deep message based on the intelligent contract separate the effective business application flow by receiving the business application flow information transmitted by the external interface, the flow sample characteristic comparison based on the application version information is executed by triggering the intelligent contract through the external account, the decentralization problem of the service sample characteristic data can be solved, the storage and management of the sample characteristic data can not be falsified, and the traceability of the business application version of the flow characteristic is ensured, the feature comparison is realized through intelligent contracts deployed on block link points, the reliability and the uniqueness of deep message detection can be ensured, each type of service flow can be managed more finely, and the method is compatible with the flow difference caused by different application versions of the same service application, and can realize the identification of the flow of different versions of the same service application in the deep packet inspection.
Drawings
In order to more clearly illustrate the technical solutions of the present invention or the prior art, the drawings needed to be used in the description of the embodiments or the prior art will be briefly described below, and it is obvious that the drawings in the following description are some embodiments of the present invention, and it is obvious for those skilled in the art to obtain other drawings based on these drawings without creative efforts.
Fig. 1 is a schematic flow diagram of a deep packet inspection method based on an intelligent contract according to the present invention;
fig. 2 is a schematic flow chart illustrating uplink steps in the method for detecting a deep packet based on an intelligent contract according to the present invention;
fig. 3 is a schematic flowchart of detection steps in the method for detecting a deep packet based on an intelligent contract according to the present invention;
fig. 4 is one of the structural schematic diagrams of the depth packet detection apparatus based on the intelligent contract provided in the present invention;
fig. 5 is a second schematic structural diagram of the apparatus for detecting deep packets based on an intelligent contract according to the present invention;
FIG. 6 is a block chain storage structure and a schematic flow chart of an intelligent contract implementation provided by the present invention;
fig. 7 is a schematic structural diagram of an electronic device provided by the present invention.
Detailed Description
In order to make the objects, technical solutions and advantages of the present invention clearer, the technical solutions of the present invention will be clearly and completely described below with reference to the accompanying drawings, and it is obvious that the described embodiments are some, but not all embodiments of the present invention. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
In the description of the embodiments of the invention, the terms "first", "second", and "third" are used for descriptive purposes only and are not to be construed as indicating or implying relative importance, nor order.
In the description of the embodiments of the present invention, it should be noted that, unless explicitly stated or limited otherwise, the terms "mounted," "connected," and "connected" are to be construed broadly, and may be, for example, fixedly connected, detachably connected, or integrally connected; can be mechanically or electrically connected; they may be connected directly or indirectly through intervening media, or they may be interconnected between two elements. Specific meanings of the above terms in the embodiments of the present invention can be understood in specific cases by those of ordinary skill in the art.
The method and apparatus for detecting deep packets based on intelligent contracts provided by the present invention are described below with reference to fig. 1 to 7.
Fig. 1 is a schematic flow chart of a deep packet inspection method based on an intelligent contract provided in the present application. The method for detecting a deep packet based on an intelligent contract according to the embodiment of the present application is described below with reference to fig. 1. As shown in fig. 1, the method includes: step 101 and step 102.
Specifically, the execution main body of the depth message detection method based on the intelligent contract provided by the embodiment of the present invention is a depth message detection device based on the intelligent contract.
Specifically, the service application traffic to be detected (hereinafter, may be referred to as "traffic") transmitted from the external interface may be acquired and processed by the external account. The specific form of the traffic to be detected may be a message.
Optionally, after the traffic to be detected is obtained, the traffic to be detected may be subjected to preliminary processing, and divided according to the TCP stream and the UDP stream, so as to filter out the obviously invalid traffic and only retain the valid service application traffic. Obviously invalid traffic may include, but is not limited to, situations such as too short a packet, erroneous packets, and retransmitted packet data.
It should be noted that after the traffic to be detected is acquired, the traffic to be detected may be preliminarily screened through a preset traffic configuration file, and an application (i.e., a target service application) to which the traffic to be detected belongs is determined, so that an intelligent contract subset corresponding to the target service application may be determined.
102, acquiring sample characteristics of the flow of each version of the target service application from the block chain based on the intelligent contract subset corresponding to the flow to be detected, detecting the flow to be detected, and acquiring a deep message detection result of the flow to be detected.
Specifically, an intelligent contract may be deployed on the block chain, and the intelligent contract is used to implement comparison and deep packet inspection of the service application flow based on the service application version information, and implement refined statistics and filtering based on the service application version information.
It should be noted that the blockchain may store sample characteristics of traffic of each version of each service application, and thus may be referred to as a sample characteristic data blockchain. Version refers to the version of the business application. Each tile on the chain of tiles may be used to store sample characteristics of a version of traffic for a business application.
A set of intelligent contract subsets may be maintained, each intelligent contract subset of the set for managing sample characteristic data for all versions of traffic for a business application, each intelligent contract subset may include one or more intelligent contracts. When condition trigger of the external account is received, the external account triggers a corresponding business application intelligent contract subset, the intelligent contract subset acquires a corresponding sample data block from a sample characteristic block chain, version comparison is carried out, a deep message detection result of flow to be detected is acquired, and the detection result is transmitted back to the external account.
The deep packet inspection method provided by the embodiment of the invention has the advantages of availability, high efficiency and expandability.
(1) And managing the sample characteristics of the service flow by using the block chain, wherein the sample characteristics of the flow of the same service flow in different application versions are managed. And an intelligent contract set is deployed on the data sample characteristic block chain, so that accurate identification of different version data corresponding to various service flows is realized, and accurate statistics and accurate filtering functions of service application flow data based on version information can be further completed. Therefore, the deep packet inspection method provided by the embodiment of the invention has usability.
(2) The adding, storing and managing functions of the data sample characteristics in the deep packet inspection are innovatively realized by adopting a block chain mode. By means of a decentralized storage mechanism, a non-tampering mechanism and a traceable mechanism of the block chain, the reliability, the safety and the confidentiality of the business application sample feature data storage can be guaranteed. Moreover, the screening and matching of the version flow are realized through the intelligent contract deployed on the block chain, and the accuracy and the reliability of flow judgment can be ensured. Therefore, the deep packet inspection method provided by the embodiment of the invention has high efficiency.
(3) The intelligent contract set is used for realizing the matching of the business application flow, and the intelligent contract set can be expanded to realize more accurate matching of business application requirements. More functional modules related to the service requirements can be expanded in the result statistics and the result filtering, so that the service requirements of deep packet inspection can be effectively served. Therefore, the deep packet inspection method provided by the embodiment of the invention has expandability.
The embodiment of the invention can separate effective business application flow by receiving business application flow information transmitted by an external interface, trigger an intelligent contract through an external account to execute flow sample characteristic comparison based on application version information, solve the decentralized problem of the business sample characteristic data, ensure that the storage and management of the sample characteristic data cannot be falsified, ensure that the business application version of the flow characteristic can be traced, realize the characteristic comparison by the intelligent contract arranged on a block chain link point, ensure the reliability and the uniqueness of deep packet inspection, more finely manage each type of business flow, be compatible with the flow difference caused by different application versions of the same business application, and realize the identification of the flow of different versions of the same business application in the deep packet inspection.
Based on the content of any of the above embodiments, before acquiring the sample characteristics of the traffic of each version of the target service application from the block chain based on the intelligent contract subset corresponding to the traffic to be detected, detecting the traffic to be detected, and acquiring the deep packet inspection result of the traffic to be detected based on the version information, the method further includes: based on the consensus mechanism, sample characteristics of traffic of a target version of a target business application are added to the blockchain.
Specifically, before step 102, the service application packet sample characteristics required by deep packet inspection may be encrypted and packaged, the sample characteristic data is issued to the block chain through a block chain consensus mechanism, and the block chain is used to manage the sample characteristic data.
Receiving service sample characteristic data (namely sample characteristics of a certain service application flow of a certain version), generating a block chain taking the service sample characteristic data as content, and maintaining a decentralized adding mechanism of the block data.
Optionally, the service sample feature data may be obtained through an external interface, the service sample feature data is packaged, the block chain data layer sends a broadcast message to the network layer, and a block to be uplinked is broadcasted on the block chain; after each block link node receives the broadcasted service sample feature data, the node on the block chain can be triggered to start a consensus mechanism, the signature verification is carried out on the block to be linked (i.e. the sample feature data block for storing the service sample feature data), the verified sample feature data block is allowed to be added to the block chain, and finally, the effective sample feature data block is added to the block chain.
Alternatively, the external interface may be a custom external interface.
Optionally, a hash (hash) calculation may be performed on the service sample characteristic data, a hash pointer (i.e., a hash digest) of a header of the block to be uplink is generated, and the service sample characteristic data is encrypted and packaged to generate the block to be uplink.
For example, as shown in fig. 2, the uplink step may be implemented as follows:
And acquiring the characteristic data of the service sample to be added through an external interface. The service sample characteristic data may include sample characteristics of a version of traffic for a service application.
And generating a hash pointer according to the service sample characteristic data, encrypting and packaging the sample characteristic data, and generating a sample characteristic data block based on version information.
The sample characteristic data blocks are broadcasted to each block chain node, signature verification of block data is achieved based on a BFT-DPOS consensus mechanism, rapid release of the data blocks is guaranteed, and resource loss is reduced.
And step 204, adding an intelligent contract on the block chain.
The user can write an intelligent contract based on the service flow screening and comparison, and the intelligent contract is deployed on the currently generated sample feature block chain.
The embodiment of the invention uses the block chain to manage the sample characteristics of the flow of each version of the service application, and deploys the intelligent contract set on the data sample characteristic block chain, thereby improving the availability and the high efficiency of deep message detection.
Based on the content of any of the above embodiments, based on the intelligent contract subset corresponding to the traffic to be detected, the method obtains the sample characteristics of the traffic of each version of the target service application from the block chain, detects the traffic to be detected, and obtains the deep packet inspection result of the traffic to be detected, which specifically includes: and acquiring sample characteristics of the flow of each version of the target service application from the block chain based on the intelligent contract subset corresponding to the flow to be detected.
Specifically, after receiving the traffic to be detected, the external account module may trigger the intelligent contract subset i to acquire the block data from the block chain. The obtained block data may include sample characteristics of traffic of each version of the target service application. Wherein, i is more than or equal to 1 and less than or equal to n, and n represents the number of intelligent contract subsets included in the intelligent contract set.
And an intelligent contract subset i for managing sample feature data of all versions of traffic of the target business application.
And based on the intelligent contract, comparing the sample characteristics of the flow of each version of the target service application with the flow to be detected, and determining the version information of the flow to be detected.
Specifically, based on the intelligent contract deployed on the blockchain, the sample characteristics of the traffic of each version of the target service application and the traffic to be detected may be compared, and whether the traffic to be detected matches the sample characteristics of the traffic of a certain version of the target service application or not may be determined, so that the application to which the detected traffic belongs and the version information thereof may be determined.
If the flow to be detected is matched with the sample characteristics of the flow of a certain version of the target service application, the application to which the detected flow belongs can be determined as the target service application, and the version information is the version number of the certain version (namely the target version) and other version information.
The embodiment of the invention realizes the matching of the service application flow by using the intelligent contract set, and can realize more accurate deep message detection of the service application flow.
Based on the content of any of the above embodiments, based on the intelligent contract subset corresponding to the traffic to be detected, obtaining the sample characteristics of the traffic of each version of the target service application from the block chain, detecting the traffic to be detected, and after obtaining the detection result of the deep packet of the traffic to be detected, the method further includes: and counting the flow to be detected based on the version information of the flow to be detected.
Specifically, after the detection result of the traffic deep packet to be detected is obtained, accurate statistics based on version information can be performed based on information such as the version number of the target version of the target service application. For example, traffic of a target version of a target business application may be counted, and so on.
The embodiment of the invention counts the flow to be detected based on the version information of the flow to be detected, and can realize more accurate flow statistics.
Based on the content of any of the above embodiments, based on the intelligent contract subset corresponding to the traffic to be detected, obtaining the sample characteristics of the traffic of each version of the target service application from the block chain, detecting the traffic to be detected, and after obtaining the detection result of the deep packet of the traffic to be detected, the method further includes: and filtering the flow to be detected based on the version information of the flow to be detected.
Specifically, after the detection result of the traffic deep packet to be detected is obtained, accurate filtering based on version information may be performed based on information such as a version number of a target version of the target service application. For example, in the case that the target version of the target service application is a filtering target, the traffic to be detected may be filtered; and under the condition that the target version of the target service application is not the filtering target, the flow to be detected can not be filtered.
Illustratively, as shown in fig. 3, the detection step may be implemented as follows:
And step 302, separating the effective service application flow and sending the effective service application flow to an external account.
And step 304, the external account sends the comparison result to the data statistics module.
And 305, performing refined statistics on the flow based on the version information according to the comparison result by the data statistics module.
And 307, performing fine filtering based on version information on the flow according to the comparison result by the data filtering module.
The embodiment of the invention filters the flow to be detected based on the version information of the flow to be detected, and can realize more accurate flow filtering.
Based on the content of any of the above embodiments, the sample characteristics include source and destination ports of the traffic, source and destination addresses of the traffic, and a characteristic field of the traffic.
Specifically, the sample characteristics may include, but are not limited to, information such as a source port of the traffic, a destination port of the traffic, a source address of the traffic, a destination address of the traffic, and a characteristic field of the traffic.
The following describes the depth message detection apparatus based on the intelligent contract provided by the present invention, and the depth message detection apparatus based on the intelligent contract described below and the depth message detection method based on the intelligent contract described above may be referred to each other correspondingly.
Fig. 4 is a schematic structural diagram of a deep packet inspection apparatus based on an intelligent contract according to the present invention. Based on the content of any of the above embodiments, as shown in fig. 4, the apparatus includes a traffic acquisition module 401 and a message detection module 402, where:
a flow acquiring module 401, configured to acquire a flow to be detected;
the message detection module 402 is configured to obtain, from the block chain, a sample feature of a flow of each version of the target service application based on the intelligent contract subset corresponding to the flow to be detected, detect the flow to be detected based on the sample feature of the flow of the target version of the target service application corresponding to the flow to be detected, and obtain a deep message detection result of the flow to be detected.
Specifically, the traffic acquiring module 401 is electrically connected to the message detecting module 402.
The traffic obtaining module 401 may obtain traffic to be detected, which is transmitted from the external interface, and give the traffic to the external account for processing.
The traffic acquisition module 401 may perform preliminary screening on traffic to be detected through a preset traffic configuration file, and determine an application (i.e., a target service application) to which the traffic to be detected belongs, so as to determine an intelligent contract subset corresponding to the target service application.
The message detection module 402 may trigger a corresponding service application intelligent contract subset from an external account, where the intelligent contract subset acquires a corresponding sample data block from the sample feature block chain, performs version comparison, acquires a deep message detection result of the flow to be detected, and returns the detection result to the external account.
Optionally, the apparatus for deep packet inspection based on an intelligent contract may further include:
and the block management module is used for adding the sample characteristics of the flow of the target version of the target business application to the block chain based on the consensus mechanism.
Optionally, the packet detection module 402 may include:
the characteristic acquisition unit is used for acquiring sample characteristics of the flow of each version of the target service application from the block chain based on the intelligent contract subset corresponding to the flow to be detected;
and the characteristic comparison unit is used for comparing the sample characteristics of the flow of each version of the target service application with the flow to be detected based on the intelligent contract and determining the version information of the flow to be detected.
Optionally, the apparatus for detecting a deep packet based on an intelligent contract may further include:
and the flow counting module is used for counting the flow to be detected based on the version information of the flow to be detected.
Optionally, the apparatus for detecting a deep packet based on an intelligent contract may further include:
and the flow counting module is used for filtering the flow to be detected based on the version information of the flow to be detected.
Optionally, the sample characteristics include source and destination ports of the traffic, source and destination addresses of the traffic, and a characteristic field of the traffic.
Fig. 5 is a second schematic structural diagram of the deep packet inspection apparatus based on the intelligent contract according to the present invention. Illustratively, as shown in fig. 5, the apparatus may include: external processing sub-device 50, message detection module 402, and block management module 403.
The block management module 403 may include a sample feature data acquisition unit 4031, a sample feature data block generation unit 4032, and a consensus mechanism addition unit 4033.
The sample feature data acquisition unit 4031 is configured to acquire a service application packet sample feature uploaded through an external interface. A sample characteristic data block generating unit 4032, configured to receive the data (i.e., the service application packet sample characteristics) uploaded by the sample characteristic data acquiring unit 4031, perform hash calculation on the data, generate a hash pointer, perform encryption and packaging on the data, and generate a block to be linked. A consensus adding unit 4033, configured to initiate a data block addition broadcast to a blockchain network (composed of multiple blockchain nodes), add a timestamp and a data signature to the data through a block chain agreed consensus mechanism, check the block to be uplink, and add the block to be uplink to a blockchain (i.e., a sample characteristic blockchain) after the block is determined to be a valid block.
The message detection module 402 may be referred to as an intelligent contract aggregation module.
The message detection module 402 includes a number of intelligent contract subsets. The intelligent contract subset can be a code for acquiring and comparing sample characteristics of the flow of a certain business application based on version information. The intelligent contract subset is published on a sample feature block chain. When the intelligent contract subset is triggered by the external account module 501, the codes of the intelligent contract subset are executed, the corresponding sample feature blocks are obtained, the obtained sample feature blocks are compared with the flow data transmitted by the external account module 501, and the comparison result and the version information are transmitted back to the external account module 501.
The external processing sub-device 50 may include a traffic acquisition module 401, an external account module 501, a traffic statistics module 502, and a traffic filtering module 503.
The external account module 501 interacts with the intelligent contract subset for triggering the intelligent contract to perform the functions of reading the sample feature block and comparing the flow feature data.
The external account module 501 also interacts with the traffic acquisition module 401, the traffic statistics module 502, and the traffic filtering module 503, respectively.
The traffic obtaining module 401 is configured to send valid traffic information to the external account module 501.
The traffic statistics module 502 is configured to receive a sample feature comparison result based on version information obtained by the external account module 501, and perform refined traffic statistics based on application version information according to a service requirement on data (to-be-detected traffic) meeting a comparison condition.
The traffic filtering module 503 is configured to receive a sample feature comparison result based on version information obtained by the external account module 501, and perform a fine filtering operation based on application version information according to a service requirement on data (to-be-detected traffic) meeting a comparison condition.
It should be noted that the deep packet inspection apparatus executes the deep packet inspection method, and the deep packet inspection apparatus may be divided into a preparation stage and an execution stage.
The preparation phase work may include generation and validation of blockchains, and deployment of intelligent contracts. As shown in fig. 6, the generated blockchain and the intelligence disposed on the blockchain approximate the on-chain portion.
The flow of the preparation phase may include: receiving sample characteristic data of the business application based on version information; finishing the functions of block data packaging, block data broadcasting, block data verification and block data release according to the block generation rule; the intelligent contract is deployed on the block chain, and the intelligent contract code is used for executing comparison and verification functions of related business application flow and versions thereof, and triggering and executing corresponding functions through conditions of an external account.
The execution phase, i.e., the phase of the smart contract execution detection, is shown in the lower chain portion of fig. 6.
The flow of the execution phase may include: acquiring a flow to be detected; the intelligent contract subset of the corresponding business application is triggered by utilizing the external account, the reading of sample characteristic block data (namely data in each block of the sample characteristic used for storing the flow of each version of the target business application), the comparison of the sample characteristics and the confirmation of the version information are realized, the comparison result is returned to the external processing sub-device, and the functions of refined statistics and filtering of deep packet inspection based on the business application version information are realized.
The deep packet inspection device comprises modules which can correspondingly use a sample characteristic data acquisition server, a block generation server, a block node server, an external service flow acquisition server, an external account management server, an external service flow statistical server and an external service flow filtering server in terms of hardware. The sample characteristic data acquisition server is used for acquiring, classifying and packaging data samples of the service application flow and sending the data samples to the block generation server; the block generation server is used for encrypting the sample characteristic data, generating a hash pointer and broadcasting the hash pointer to the block chain network; the block node server manages block chain nodes; the external service flow acquisition server is used for acquiring the service application data flow to be detected and separating effective service characteristic flow; the external account management server interacts with the intelligent contract nodes on the block chain; the external service flow statistical server is used for carrying out refined statistics on the deep packet detection result based on version information; and the external service flow filtering server is used for carrying out fine filtering on the depth message detection result based on the version information.
The depth message detection device based on the intelligent contract provided by the embodiment of the invention is used for executing the depth message detection method based on the intelligent contract, the implementation mode of the depth message detection device based on the intelligent contract provided by the invention is consistent with that of the depth message detection method based on the intelligent contract provided by the invention, the same beneficial effects can be achieved, and details are not repeated here.
The depth message detection device based on the intelligent contract is used for the depth message detection method based on the intelligent contract in each embodiment. Therefore, the description and definition in the depth packet inspection method based on the intelligent contract in the foregoing embodiments may be used for understanding each execution module in the embodiments of the present invention.
The embodiment of the invention can separate effective business application flow by receiving business application flow information transmitted by an external interface, trigger an intelligent contract through an external account to execute flow sample characteristic comparison based on application version information, solve the decentralized problem of the business sample characteristic data, ensure that the storage and management of the sample characteristic data cannot be falsified, ensure that the business application version of the flow characteristic can be traced, realize the characteristic comparison by the intelligent contract arranged on a block chain link point, ensure the reliability and the uniqueness of deep packet inspection, more finely manage each type of business flow, be compatible with the flow difference caused by different application versions of the same business application, and realize the identification of the flow of different versions of the same business application in the deep packet inspection.
Fig. 7 illustrates a physical structure diagram of an electronic device, and as shown in fig. 7, the electronic device may include: a processor (processor)710, a communication Interface (Communications Interface)720, a memory (memory)730, and a communication bus 740, wherein the processor 710, the communication Interface 720, and the memory 730 communicate with each other via the communication bus 740. Processor 710 may invoke logic instructions in memory 730 to perform a smart contract-based deep packet inspection method comprising: acquiring a flow to be detected; and acquiring sample characteristics of the flow of each version of the target service application from the block chain based on the intelligent contract subset corresponding to the flow to be detected, detecting the flow to be detected, and acquiring a deep message detection result of the flow to be detected.
In addition, the logic instructions in the memory 730 can be implemented in the form of software functional units and stored in a computer readable storage medium when the software functional units are sold or used as independent products. Based on such understanding, the technical solution of the present invention may be embodied in the form of a software product, which is stored in a storage medium and includes instructions for causing a computer device (which may be a personal computer, a server, or a network device) to execute all or part of the steps of the method according to the embodiments of the present invention. And the aforementioned storage medium includes: a U-disk, a removable hard disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), a magnetic disk, or an optical disk, and various media capable of storing program codes.
The processor 710 in the electronic device provided in the embodiment of the present application may call the logic instruction in the memory 730, and an implementation manner of the processor 710 is consistent with an implementation manner of the method for detecting a deep packet based on an intelligent contract provided in the present application, and the same beneficial effects may be achieved, which is not described herein again.
In another aspect, the present invention also provides a computer program product, which includes a computer program stored on a non-transitory computer-readable storage medium, the computer program including program instructions, when the program instructions are executed by a computer, the computer is capable of executing the method for detecting a depth message based on a smart contract, which is provided by the above methods, the method including: acquiring a flow to be detected; and acquiring sample characteristics of the flow of each version of the target service application from the block chain based on the intelligent contract subset corresponding to the flow to be detected, detecting the flow to be detected, and acquiring a deep message detection result of the flow to be detected.
When the computer program product provided in the embodiment of the present application is executed, the method for detecting a deep packet based on an intelligent contract is implemented, and a specific implementation manner of the method is consistent with that described in the embodiment of the foregoing method, and the same beneficial effects can be achieved, and details are not described here.
In another aspect, the present invention further provides a non-transitory computer-readable storage medium, on which a computer program is stored, where the computer program is implemented by a processor to execute the above-mentioned methods for detecting deep packets based on smart contracts, where the method includes: acquiring a flow to be detected; and acquiring sample characteristics of the flow of each version of the target service application from the block chain based on the intelligent contract subset corresponding to the flow to be detected, detecting the flow to be detected, and acquiring a deep message detection result of the flow to be detected.
When a computer program stored on a non-transitory computer-readable storage medium provided in the embodiment of the present application is executed, the method for detecting a deep packet based on an intelligent contract is implemented, and a specific implementation manner of the method is consistent with that described in the foregoing method, and the same beneficial effects can be achieved, which is not described herein again.
The above-described embodiments of the apparatus are merely illustrative, and the units described as separate parts may or may not be physically separate, and parts displayed as units may or may not be physical units, may be located in one place, or may be distributed on a plurality of network units. Some or all of the modules may be selected according to actual needs to achieve the purpose of the solution of the present embodiment. One of ordinary skill in the art can understand and implement it without inventive effort.
Through the above description of the embodiments, those skilled in the art will clearly understand that each embodiment can be implemented by software plus a necessary general hardware platform, and certainly can also be implemented by hardware. With this understanding in mind, the above-described technical solutions may be embodied in the form of a software product, which can be stored in a computer-readable storage medium such as ROM/RAM, magnetic disk, optical disk, etc., and includes instructions for causing a computer device (which may be a personal computer, a server, or a network device, etc.) to execute the methods described in the embodiments or some parts of the embodiments.
Finally, it should be noted that: the above examples are only intended to illustrate the technical solution of the present invention, but not to limit it; although the present invention has been described in detail with reference to the foregoing embodiments, it will be understood by those of ordinary skill in the art that: the technical solutions described in the foregoing embodiments may still be modified, or some technical features may be equivalently replaced; and such modifications or substitutions do not depart from the spirit and scope of the corresponding technical solutions of the embodiments of the present invention.
Claims (10)
1. A deep message detection method based on an intelligent contract is characterized by comprising the following steps:
acquiring a flow to be detected;
and acquiring sample characteristics of the flow of each version of the target service application from a block chain based on the intelligent contract subset corresponding to the flow to be detected, detecting the flow to be detected, and acquiring a deep message detection result of the flow to be detected.
2. The method according to claim 1, wherein before obtaining a deep packet inspection result of the traffic to be inspected based on version information, the method further includes:
adding sample characteristics of the target version of traffic of the target business application to a blockchain based on a consensus mechanism.
3. The intelligent contract-based deep packet inspection method according to claim 1, wherein the acquiring, based on the intelligent contract subset corresponding to the traffic to be inspected, the sample characteristics of the traffic of each version of the target service application from a block chain, inspecting the traffic to be inspected, and acquiring the deep packet inspection result of the traffic to be inspected specifically includes:
acquiring sample characteristics of the flow of each version of the target service application from a block chain based on the intelligent contract subset corresponding to the flow to be detected;
and comparing the sample characteristics of the flow of each version of the target service application with the flow to be detected based on an intelligent contract, and determining the version information of the flow to be detected.
4. The method according to claim 3, wherein the method for detecting deep packets based on an intelligent contract is characterized in that, based on the intelligent contract subset corresponding to the traffic to be detected, sample characteristics of the traffic of each version of a target service application are obtained from a block chain, the traffic to be detected is detected, and after a detection result of the deep packet of the traffic to be detected is obtained, the method further includes:
and counting the flow to be detected based on the version information of the flow to be detected.
5. The method according to claim 3, wherein the method for detecting deep packets based on an intelligent contract is characterized in that, based on the intelligent contract subset corresponding to the traffic to be detected, sample characteristics of the traffic of each version of a target service application are obtained from a block chain, the traffic to be detected is detected, and after a detection result of the deep packet of the traffic to be detected is obtained, the method further includes:
and filtering the flow to be detected based on the version information of the flow to be detected.
6. The method according to any one of claims 1 to 5, wherein the sample characteristics include source and destination ports of traffic, source and destination addresses of traffic, and a characteristic field of traffic.
7. A deep packet inspection device based on intelligent contract is characterized by comprising:
the flow acquisition module is used for acquiring the flow to be detected;
and the message detection module is used for acquiring sample characteristics of the flow of each version of the target service application from a block chain based on the intelligent contract subset corresponding to the flow to be detected, detecting the flow to be detected based on the sample characteristics of the flow of the target version of the target service application corresponding to the flow to be detected, and acquiring a deep message detection result of the flow to be detected.
8. An electronic device comprising a memory, a processor and a computer program stored on the memory and executable on the processor, wherein the processor implements the steps of the smart contract-based deep packet inspection method according to any one of claims 1 to 6 when executing the program.
9. A non-transitory computer readable storage medium, having stored thereon a computer program, wherein the computer program, when being executed by a processor, implements the steps of the smart contract-based deep packet inspection method according to any one of claims 1 to 6.
10. A computer program product comprising a computer program, wherein the computer program when executed by a processor implements the steps of the smart contract-based deep packet inspection method according to any one of claims 1 to 6.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111624168.6A CN114520774B (en) | 2021-12-28 | 2021-12-28 | Deep message detection method and device based on intelligent contract |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111624168.6A CN114520774B (en) | 2021-12-28 | 2021-12-28 | Deep message detection method and device based on intelligent contract |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN114520774A true CN114520774A (en) | 2022-05-20 |
| CN114520774B CN114520774B (en) | 2024-02-23 |
Family
ID=81596342
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202111624168.6A Active CN114520774B (en) | 2021-12-28 | 2021-12-28 | Deep message detection method and device based on intelligent contract |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN114520774B (en) |
Citations (19)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US7765194B1 (en) * | 2006-03-17 | 2010-07-27 | Cisco Technology, Inc. | Detection and enforcement of version compatibility in network devices |
| CN102045363A (en) * | 2010-12-31 | 2011-05-04 | 成都市华为赛门铁克科技有限公司 | Establishment, identification control method and device for network flow characteristic identification rule |
| CN102082699A (en) * | 2009-11-27 | 2011-06-01 | 上海博达数据通信有限公司 | P2P (peer-to-peer) protocol identification method on basis of active detection mode |
| US9614773B1 (en) * | 2014-03-13 | 2017-04-04 | Juniper Networks, Inc. | Systems and methods for automatically correcting classification signatures |
| US20190065709A1 (en) * | 2017-08-24 | 2019-02-28 | Oracle International Corporation | Digital asset traceability and assurance using a distributed ledger |
| CN110061887A (en) * | 2019-03-07 | 2019-07-26 | 阿里巴巴集团控股有限公司 | A kind of flow statistical method based on block chain, device and equipment |
| CN110213171A (en) * | 2019-06-03 | 2019-09-06 | 杭州云象网络技术有限公司 | A kind of data traffic monitoring and control method based on alliance's chain technology |
| US20200250374A1 (en) * | 2019-07-26 | 2020-08-06 | Alibaba Group Holding Limited | Blockchain-based text similarity detection method, apparatus and electronic device |
| WO2020160755A1 (en) * | 2019-02-05 | 2020-08-13 | Huawei Technologies Co., Ltd. | Detecting network traffic |
| CN111813857A (en) * | 2020-07-02 | 2020-10-23 | 珑门汽车科技(上海)有限公司 | Detection data management system and method based on block chain technology |
| CN112202753A (en) * | 2019-11-27 | 2021-01-08 | 朱培培 | Data stream detection method and system based on cloud platform and block chain |
| CN112381119A (en) * | 2020-10-27 | 2021-02-19 | 中国科学院信息工程研究所 | Multi-scene classification method and system based on decentralized application encryption flow characteristics |
| CN112433744A (en) * | 2020-12-30 | 2021-03-02 | 广东金赋科技股份有限公司 | Tax terminal application system upgrading and migrating method based on intelligent contract |
| WO2021036545A1 (en) * | 2019-08-29 | 2021-03-04 | 腾讯科技(深圳)有限公司 | Smart contract-based data processing method, and device and storage medium |
| CN112468520A (en) * | 2021-01-28 | 2021-03-09 | 腾讯科技(深圳)有限公司 | Data detection method, device and equipment and readable storage medium |
| CN112491823A (en) * | 2020-11-13 | 2021-03-12 | 齐鲁工业大学 | DDoS attack joint defense system and method based on block chain |
| CN113067743A (en) * | 2020-01-02 | 2021-07-02 | 中国移动通信有限公司研究院 | Flow rule extraction method, device, system and storage medium |
| CN113300977A (en) * | 2021-05-27 | 2021-08-24 | 国家计算机网络与信息安全管理中心 | Application flow identification and classification method based on multi-feature fusion analysis |
| CN113609219A (en) * | 2021-07-21 | 2021-11-05 | 微易签(杭州)科技有限公司 | Method, system, device and storage medium for verifying file based on block chain |
-
2021
- 2021-12-28 CN CN202111624168.6A patent/CN114520774B/en active Active
Patent Citations (19)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US7765194B1 (en) * | 2006-03-17 | 2010-07-27 | Cisco Technology, Inc. | Detection and enforcement of version compatibility in network devices |
| CN102082699A (en) * | 2009-11-27 | 2011-06-01 | 上海博达数据通信有限公司 | P2P (peer-to-peer) protocol identification method on basis of active detection mode |
| CN102045363A (en) * | 2010-12-31 | 2011-05-04 | 成都市华为赛门铁克科技有限公司 | Establishment, identification control method and device for network flow characteristic identification rule |
| US9614773B1 (en) * | 2014-03-13 | 2017-04-04 | Juniper Networks, Inc. | Systems and methods for automatically correcting classification signatures |
| US20190065709A1 (en) * | 2017-08-24 | 2019-02-28 | Oracle International Corporation | Digital asset traceability and assurance using a distributed ledger |
| WO2020160755A1 (en) * | 2019-02-05 | 2020-08-13 | Huawei Technologies Co., Ltd. | Detecting network traffic |
| CN110061887A (en) * | 2019-03-07 | 2019-07-26 | 阿里巴巴集团控股有限公司 | A kind of flow statistical method based on block chain, device and equipment |
| CN110213171A (en) * | 2019-06-03 | 2019-09-06 | 杭州云象网络技术有限公司 | A kind of data traffic monitoring and control method based on alliance's chain technology |
| US20200250374A1 (en) * | 2019-07-26 | 2020-08-06 | Alibaba Group Holding Limited | Blockchain-based text similarity detection method, apparatus and electronic device |
| WO2021036545A1 (en) * | 2019-08-29 | 2021-03-04 | 腾讯科技(深圳)有限公司 | Smart contract-based data processing method, and device and storage medium |
| CN112202753A (en) * | 2019-11-27 | 2021-01-08 | 朱培培 | Data stream detection method and system based on cloud platform and block chain |
| CN113067743A (en) * | 2020-01-02 | 2021-07-02 | 中国移动通信有限公司研究院 | Flow rule extraction method, device, system and storage medium |
| CN111813857A (en) * | 2020-07-02 | 2020-10-23 | 珑门汽车科技(上海)有限公司 | Detection data management system and method based on block chain technology |
| CN112381119A (en) * | 2020-10-27 | 2021-02-19 | 中国科学院信息工程研究所 | Multi-scene classification method and system based on decentralized application encryption flow characteristics |
| CN112491823A (en) * | 2020-11-13 | 2021-03-12 | 齐鲁工业大学 | DDoS attack joint defense system and method based on block chain |
| CN112433744A (en) * | 2020-12-30 | 2021-03-02 | 广东金赋科技股份有限公司 | Tax terminal application system upgrading and migrating method based on intelligent contract |
| CN112468520A (en) * | 2021-01-28 | 2021-03-09 | 腾讯科技(深圳)有限公司 | Data detection method, device and equipment and readable storage medium |
| CN113300977A (en) * | 2021-05-27 | 2021-08-24 | 国家计算机网络与信息安全管理中心 | Application flow identification and classification method based on multi-feature fusion analysis |
| CN113609219A (en) * | 2021-07-21 | 2021-11-05 | 微易签(杭州)科技有限公司 | Method, system, device and storage medium for verifying file based on block chain |
Non-Patent Citations (1)
| Title |
|---|
| 徐美强;高志远;王伟;袁浩;姜玉磊;: "基于区块链技术的智能变电站配置版本管理", 电力系统保护与控制, no. 02, pages 66 - 73 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN114520774B (en) | 2024-02-23 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN109688105B (en) | Threat alarm information generation method and system | |
| CN111709009A (en) | Detection method and device for networked industrial control system, computer equipment and medium | |
| CA2635969A1 (en) | Systems and methods for improved network based content inspection | |
| CN114465823B (en) | Industrial Internet terminal encrypted flow data security detection method, device and equipment | |
| CN110225045A (en) | Full link data method for authenticating, device, equipment and storage medium | |
| CN112134893A (en) | Internet of things safety protection method and device, electronic equipment and storage medium | |
| CN112688932A (en) | Honeypot generation method, honeypot generation device, honeypot generation equipment and computer readable storage medium | |
| US9910994B1 (en) | System for assuring security of sensitive data on a host | |
| CN104067558A (en) | Network access apparatus having a control module and a network access module | |
| CN110149318B (en) | Mail metadata processing method and device, storage medium and electronic device | |
| CN113098852B (en) | Log processing method and device | |
| CN105071991B (en) | The test method of the IP connectivity of multiple fire walls | |
| US20210377161A1 (en) | Communication device, communication method, recording medium storing communication program | |
| CN109104458B (en) | Data acquisition method and system for cloud platform credibility verification | |
| CN113727348B (en) | Method, device, system and storage medium for detecting user data of User Equipment (UE) | |
| Gomez et al. | Unsupervised detection and clustering of malicious tls flows | |
| CN111010362B (en) | Monitoring method and device for abnormal host | |
| CN114520774A (en) | Deep message detection method and device based on intelligent contract | |
| CN103326892B (en) | The operating method and device of web interface | |
| CN112153027B (en) | Counterfeit behavior identification method, apparatus, device and computer readable storage medium | |
| CN117391214A (en) | Model training method and device and related equipment | |
| CN111079144B (en) | Virus propagation behavior detection method and device | |
| CN114513331A (en) | Mining Trojan detection method, device and equipment based on application layer communication protocol | |
| CN113992425A (en) | Method for receiving and transmitting network data packet, network equipment and communication system | |
| CN107342969B (en) | Message identification system, method and device |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |