CN114520774B - Deep message detection method and device based on intelligent contract - Google Patents
Deep message detection method and device based on intelligent contract Download PDFInfo
- Publication number
- CN114520774B CN114520774B CN202111624168.6A CN202111624168A CN114520774B CN 114520774 B CN114520774 B CN 114520774B CN 202111624168 A CN202111624168 A CN 202111624168A CN 114520774 B CN114520774 B CN 114520774B
- Authority
- CN
- China
- Prior art keywords
- flow
- detected
- traffic
- version
- packet inspection
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000001514 detection method Methods 0.000 title claims abstract description 44
- 238000007689 inspection Methods 0.000 claims abstract description 66
- 238000000034 method Methods 0.000 claims abstract description 64
- 238000001914 filtration Methods 0.000 claims description 23
- 230000007246 mechanism Effects 0.000 claims description 15
- 238000004590 computer program Methods 0.000 claims description 13
- 230000001960 triggered effect Effects 0.000 abstract description 6
- 238000007726 management method Methods 0.000 description 10
- 230000006870 function Effects 0.000 description 8
- 238000004891 communication Methods 0.000 description 6
- 238000010586 diagram Methods 0.000 description 6
- 238000012545 processing Methods 0.000 description 5
- 230000009286 beneficial effect Effects 0.000 description 4
- 238000012795 verification Methods 0.000 description 4
- 238000004806 packaging method and process Methods 0.000 description 3
- 238000002360 preparation method Methods 0.000 description 3
- 238000004364 calculation method Methods 0.000 description 2
- 230000003287 optical effect Effects 0.000 description 2
- 238000012216 screening Methods 0.000 description 2
- 230000002776 aggregation Effects 0.000 description 1
- 238000004220 aggregation Methods 0.000 description 1
- 238000004458 analytical method Methods 0.000 description 1
- 238000013480 data collection Methods 0.000 description 1
- 238000013500 data storage Methods 0.000 description 1
- 238000013524 data verification Methods 0.000 description 1
- 230000007547 defect Effects 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 230000008569 process Effects 0.000 description 1
- 230000000717 retained effect Effects 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
- 238000012360 testing method Methods 0.000 description 1
- 238000010200 validation analysis Methods 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L43/00—Arrangements for monitoring or testing data switching networks
- H04L43/02—Capturing of monitoring data
- H04L43/028—Capturing of monitoring data by filtering
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L43/00—Arrangements for monitoring or testing data switching networks
- H04L43/08—Monitoring or testing based on specific metrics, e.g. QoS, energy consumption or environmental parameters
- H04L43/0876—Network utilisation, e.g. volume of load or congestion level
-
- Y—GENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y02—TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
- Y02D—CLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
- Y02D30/00—Reducing energy consumption in communication networks
- Y02D30/50—Reducing energy consumption in communication networks in wire-line communication networks, e.g. low power modes or reduced link rate
Abstract
The invention provides a method and a device for detecting a deep message based on an intelligent contract, wherein the method comprises the following steps: acquiring flow to be detected; based on the intelligent contract subset corresponding to the flow to be detected, sample characteristics of the flow of each version of the target service application are obtained from the blockchain, the flow to be detected is detected, and a deep message detection result of the flow to be detected is obtained. According to the intelligent contract-based deep packet inspection method and device, the intelligent contract is triggered by the external account to execute the flow sample feature comparison based on the application version information, the decentralization problem of the service sample feature data can be solved, the storage and management of the sample feature data can not be tampered, the traceability of the service application version of the flow feature is ensured, the feature comparison is realized through the intelligent contract deployed on the block chain node, the reliability and the uniqueness of the deep packet inspection can be ensured, and the flow of different versions of the same service application can be identified in the deep packet inspection.
Description
Technical Field
The invention relates to the technical field of computers, in particular to a method and a device for detecting a deep message based on an intelligent contract.
Background
At present, a deep packet inspection (Deep Packet Inspection, DPI) method mainly uses a deep packet inspection device to maintain a packet sample feature library, and the DPI device collects flow and packets at key nodes of a network and compares the collected flow and the packets with the sample feature library, so that functions of fine identification and analysis of service flow, flow duty statistics, application flow filtration and the like are realized.
However, for the subdivision traffic of the service application, due to the update iteration of the application version, a difference caused by version update can occur between the traffic characteristics to be detected. The current identification mode generally manages the sample characteristics of the same service application data in a unified way, and the different version flows of the service application do not realize the precise statistics and the traceable management of the version sample characteristics.
Disclosure of Invention
The invention provides a method and a device for detecting a deep message based on an intelligent contract, which are used for solving the defect that messages of different versions of the same service application cannot be identified in the prior art, and realizing accurate statistics and accurate traceability by updating and iterating the traffic characteristics of the service application.
The invention provides a deep message detection method based on intelligent contracts, which comprises the following steps:
acquiring flow to be detected;
and based on the intelligent contract subset corresponding to the flow to be detected, acquiring sample characteristics of the flow of each version of the target service application from a blockchain, detecting the flow to be detected, and acquiring a deep message detection result of the flow to be detected.
According to the method for detecting the deep packet based on the intelligent contract provided by the invention, based on the intelligent contract subset corresponding to the to-be-detected flow, the sample characteristics of the flows of each version of the target service application are obtained from the blockchain, the to-be-detected flow is detected, and before the deep packet detection result of the to-be-detected flow based on the version information is obtained, the method further comprises:
sample features of traffic for a target version of the target business application are added to the blockchain based on a consensus mechanism.
According to the method for detecting the deep message based on the intelligent contract provided by the invention, based on the intelligent contract subset corresponding to the flow to be detected, the sample characteristics of the flow of each version of the target service application are obtained from the blockchain, the flow to be detected is detected, and the deep message detection result of the flow to be detected is obtained, and the method specifically comprises the following steps:
based on the intelligent contract subset corresponding to the flow to be detected, acquiring sample characteristics of the flow of each version of the target service application from a blockchain;
based on intelligent contracts, comparing sample characteristics of the traffic of each version of the target service application with the traffic to be detected, and determining version information of the traffic to be detected.
According to the method for detecting the depth message based on the intelligent contract provided by the invention, based on the intelligent contract subset corresponding to the flow to be detected, the sample characteristics of the flow of each version of the target service application are obtained from the blockchain, the flow to be detected is detected, and after the flow depth message detection result to be detected is obtained, the method further comprises the following steps:
and counting the flow to be detected based on the version information of the flow to be detected.
According to the method for detecting the depth message based on the intelligent contract provided by the invention, based on the intelligent contract subset corresponding to the flow to be detected, the sample characteristics of the flow of each version of the target service application are obtained from the blockchain, the flow to be detected is detected, and after the flow depth message detection result to be detected is obtained, the method further comprises the following steps:
and filtering the flow to be detected based on the version information of the flow to be detected.
According to the method for detecting the deep packet inspection based on the intelligent contract, the sample characteristics comprise a source port and a destination port of the flow, a source address and a destination address of the flow and characteristic fields of the flow.
The invention also provides a device for detecting the depth message based on the intelligent contract, which comprises the following steps:
the flow acquisition module is used for acquiring the flow to be detected;
the message detection module is used for acquiring sample characteristics of the flow of each version of the target service application from a blockchain based on the intelligent contract subset corresponding to the flow to be detected, detecting the flow to be detected based on the sample characteristics of the flow of the target version of the target service application corresponding to the flow to be detected, and acquiring a depth message detection result of the flow to be detected.
The invention also provides an electronic device comprising a memory, a processor and a computer program stored on the memory and capable of running on the processor, wherein the processor realizes the steps of the intelligent contract-based deep packet inspection method when executing the program.
The present invention also provides a non-transitory computer readable storage medium having stored thereon a computer program which, when executed by a processor, implements the steps of the smart contract-based deep packet inspection method as described in any of the above.
The invention also provides a computer program product comprising a computer program which when executed by a processor implements the steps of the smart contract-based deep packet inspection method as described in any one of the above.
According to the intelligent contract-based deep packet inspection method and device, the effective service application flow is separated by receiving the service application flow information transmitted by the external interface, the intelligent contract is triggered by the external account to execute the flow sample feature comparison based on the application version information, the problem of decentralization of service sample feature data can be solved, the storage and management of the sample feature data can not be tampered, the traceability of the service application version of the flow feature is ensured, the feature comparison is realized through the intelligent contract deployed on the blockchain node, the reliability and the uniqueness of the deep packet inspection can be ensured, each type of service flow can be managed more finely, the flow difference caused by different application versions of the same service application is compatible, and the identification of the flows of different versions of the same service application in the deep packet inspection can be realized.
Drawings
In order to more clearly illustrate the invention or the technical solutions of the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described, and it is obvious that the drawings in the description below are some embodiments of the invention, and other drawings can be obtained according to these drawings without inventive effort for a person skilled in the art.
FIG. 1 is a flow chart of a method for detecting a deep packet inspection based on an intelligent contract according to the present invention;
FIG. 2 is a schematic flow chart of the uplink step in the smart contract-based deep packet inspection method according to the present invention;
FIG. 3 is a schematic flow chart of the detection steps in the smart contract-based deep packet inspection method provided by the present invention;
FIG. 4 is a schematic structural diagram of a smart contract-based deep packet inspection device according to the present invention;
FIG. 5 is a schematic diagram of a second embodiment of a smart contract-based deep packet inspection device according to the present invention;
FIG. 6 is a flow chart of a blockchain storage architecture and intelligent contract implementation provided by the present invention;
fig. 7 is a schematic structural diagram of an electronic device provided by the present invention.
Detailed Description
For the purpose of making the objects, technical solutions and advantages of the present invention more apparent, the technical solutions of the present invention will be clearly and completely described below with reference to the accompanying drawings, and it is apparent that the described embodiments are some embodiments of the present invention, not all embodiments. All other embodiments, which can be made by those skilled in the art based on the embodiments of the invention without making any inventive effort, are intended to be within the scope of the invention.
In the description of embodiments of the present invention, the terms "first," "second," "third," and the like are used for descriptive purposes only and are not to be construed as indicating or implying relative importance and not order.
In describing embodiments of the present invention, it should be noted that, unless explicitly stated and limited otherwise, the terms "mounted," "connected," and "connected" should be construed broadly, and may be, for example, fixedly connected, detachably connected, or integrally connected; can be mechanically or electrically connected; can be directly connected or indirectly connected through an intermediate medium, and can be communication between two elements. The specific meaning of the above terms in embodiments of the present invention will be understood in detail by those of ordinary skill in the art.
The following describes a method and a device for detecting a deep packet based on an intelligent contract according to the present invention with reference to fig. 1 to 7.
Fig. 1 is a flow chart of a method for detecting a deep packet inspection based on an intelligent contract provided in the present application. The following describes a deep packet inspection method based on intelligent contracts according to an embodiment of the present application with reference to fig. 1. As shown in fig. 1, the method includes: step 101 and step 102.
Specifically, the execution subject of the smart contract-based deep packet inspection method provided by the embodiment of the invention is a smart contract-based deep packet inspection device.
And 101, acquiring the flow to be detected.
Specifically, the service application flow (hereinafter may be referred to as "flow") to be detected, which is transmitted from the external interface, may be acquired and submitted to the external account for processing. The specific form of the flow to be detected may be a message.
Optionally, after the flow to be detected is obtained, the flow to be detected may be initially processed, divided into a TCP flow and a UDP flow, and the obviously invalid flow is filtered, so that only the valid service application flow is retained. Obviously invalid traffic may include, but is not limited to, packets that are too short, erroneous packets, and retransmission of packet data.
After the flow to be detected is obtained, the flow to be detected can be initially screened through a preset service flow configuration file, and an application to which the flow to be detected belongs (namely, a target service application) is determined, so that an intelligent contract subset corresponding to the target service application can be determined.
Step 102, based on the intelligent contract subset corresponding to the flow to be detected, obtaining sample characteristics of the flow of each version of the target service application from the blockchain, detecting the flow to be detected, and obtaining a deep message detection result of the flow to be detected.
Specifically, intelligent contracts can be deployed on the blockchain, and the intelligent contracts are used for realizing comparison and deep message detection of service application flow based on service application version information, and realizing fine statistics and filtering based on the service application version information.
It should be noted that, the blockchain may store sample features of traffic of each version of each service application, and thus may be referred to as a sample feature data blockchain. Version refers to the version of the business application. Each block on the blockchain may be used to store sample characteristics of traffic for a certain version of a certain service application.
A set of smart contract sets may be maintained, each smart contract subset in the set being used to manage sample feature data for traffic for all versions of a business application, each smart contract subset may include one or more smart contracts. When the condition trigger of the external account is received, the external account triggers the corresponding business application intelligent contract subset, the intelligent contract subset obtains the corresponding sample data block from the sample characteristic block chain, version comparison is carried out, the deep message detection result of the flow to be detected is obtained, and the detection result is transmitted back to the external account.
The deep packet inspection method provided by the embodiment of the invention has the advantages of availability, high efficiency and expandability.
(1) Sample characteristics of traffic are managed using a blockchain, including sample characteristics management of traffic for different application versions of the same traffic. And an intelligent contract set is deployed on the data sample characteristic block chain, so that the accurate identification of different version data corresponding to various service flows is realized, and further, the accurate statistics and accurate filtering functions of the service application flow data based on version information can be completed. Therefore, the method for detecting the depth message provided by the embodiment of the invention has usability.
(2) The block chain mode is innovatively adopted to realize the functions of adding, storing and managing the data sample characteristics in the deep packet inspection. By means of a decentralised storage mechanism, a non-tamperable mechanism and a traceable mechanism of the blockchain, the reliability, the safety and the confidentiality of the service application sample characteristic data storage can be guaranteed. And moreover, the version flow is screened and matched through intelligent contracts deployed on the blockchain, so that the accuracy and reliability of flow judgment can be ensured. Therefore, the method for detecting the deep message provided by the embodiment of the invention has high efficiency.
(3) The intelligent contract set is used for realizing the matching of the business application flow, and the intelligent contract is expanded so as to realize the more accurate matching of the business application demands. More functional modules related to service requirements can be expanded in result statistics and result filtering, so that the service requirements of deep packet inspection can be more effectively served. Therefore, the deep packet inspection method provided by the embodiment of the invention has expandability.
According to the embodiment of the invention, the effective service application flow is separated by receiving the service application flow information transmitted by the external interface, the intelligent contract is triggered by the external account to execute the flow sample feature comparison based on the application version information, the decentralization problem of the service sample feature data can be solved, the storage and management of the sample feature data can not be tampered, the traceability of the service application version of the flow feature is ensured, the feature comparison is realized through the intelligent contract deployed on the blockchain node, the reliability and the uniqueness of the deep packet detection can be ensured, each type of service flow can be finely managed, the flow difference caused by different application versions of the same service application is compatible, and the identification of the flows of different versions of the same service application in the deep packet detection can be realized.
Based on the content of any of the foregoing embodiments, based on the intelligent contract subset corresponding to the traffic to be detected, obtaining sample features of the traffic of each version of the target service application from the blockchain, detecting the traffic to be detected, and before obtaining the deep packet detection result of the traffic to be detected based on the version information, further including: sample features of traffic for a target version of a target business application are added to the blockchain based on a consensus mechanism.
Specifically, before step 102, the sample characteristics of the service application message required by the deep packet inspection may be encrypted and packaged, the sample characteristic data is issued to the blockchain through a blockchain consensus mechanism, and the blockchain is used to manage the sample characteristic data.
And receiving the service sample characteristic data (namely, the sample characteristic of the traffic of a certain version applied to a certain service), generating a block chain taking the service sample characteristic data as the content, and maintaining a decentralization adding mechanism of the block data.
Optionally, the service sample feature data can be obtained through an external interface, the service sample feature data is packaged and encapsulated, the blockchain data layer sends a broadcast message to the network layer, and a block to be uplink is broadcast on the blockchain; after each block link point receives the broadcast service sample characteristic data, the node on the block chain can be triggered to start a consensus mechanism, signature verification is carried out on the block to be uplink (namely, the sample characteristic data block for storing the service sample characteristic data), the sample characteristic data block passing verification is allowed to be added to the block chain, and finally, the effective sample characteristic data block is added to the block chain.
Alternatively, the external interface may be a custom external interface.
Optionally, hash (hash) calculation may be performed on the service sample feature data to generate a hash pointer (i.e., a hash data digest) of the header of the block to be uplinked, and the service sample feature data is encrypted and packaged to generate the block to be uplinked.
Illustratively, as shown in fig. 2, the implementation of the step of uplink may be as follows:
step 201, collecting service application sample characteristic data.
And acquiring the characteristic data of the service sample to be added through an external interface. The traffic sample feature data may include sample features of traffic of a certain version of a certain traffic application.
Step 202, generating a sample characteristic data block based on version information.
And generating a hash pointer according to the service sample characteristic data, encrypting and packaging the sample characteristic data, and generating a sample characteristic data block based on version information.
Step 203, adding the sample feature data block to the blockchain based on the consensus mechanism.
The sample characteristic data block is broadcast to each block chain node, signature verification of block data is realized based on a BFT-DPOS consensus mechanism, quick release of the data block is ensured, and resource loss is reduced.
Step 204, adding an intelligent contract on the blockchain.
A user may write an intelligent contract based on traffic screening and comparison and deploy the intelligent contract on a currently generated sample feature blockchain.
According to the embodiment of the invention, the block chain is used for managing the sample characteristics of the traffic of each version of the service application, and the intelligent contract set is deployed on the data sample characteristic block chain, so that the availability and the high efficiency of the deep packet inspection can be improved.
Based on the content of any one of the embodiments, based on the intelligent contract subset corresponding to the flow to be detected, sample features of the flow of each version of the target service application are obtained from the blockchain, the flow to be detected is detected, and a deep message detection result of the flow to be detected is obtained, which specifically includes: based on the intelligent contract subset corresponding to the traffic to be detected, sample characteristics of the traffic of each version of the target service application are obtained from the blockchain.
Specifically, after receiving the traffic to be detected, the external account module may trigger the smart contract subset i to acquire the block data from the blockchain. The obtained block data may include sample characteristics of traffic of each version of the target service application. Wherein 1.ltoreq.i.ltoreq.n, n representing the number of smart contract subsets comprised by the smart contract set.
A subset i of intelligent contracts for managing sample feature data of traffic of all versions of the target business application.
Based on the intelligent contract, comparing the sample characteristics of the traffic of each version of the target service application with the traffic to be detected, and determining the version information of the traffic to be detected.
Specifically, based on the intelligent contracts deployed on the blockchain, the sample characteristics of the traffic of each version of the target service application are compared with the traffic to be detected, and whether the traffic to be detected is matched with the sample characteristics of the traffic of a certain version of the target service application is judged, so that the application to which the detected traffic belongs and the version information thereof can be determined.
If the flow to be detected is matched with the sample characteristics of the flow of a certain version of the target service application, the application to which the detected flow belongs can be determined to be the target service application, and the version information is the version information of the version such as the version number of the certain version (namely the target version).
The embodiment of the invention uses the intelligent contract set to realize the matching of the service application flow, and can realize more accurate deep message detection of the service application flow.
Based on the content of any one of the embodiments, based on the intelligent contract subset corresponding to the traffic to be detected, sample features of the traffic of each version of the target service application are obtained from the blockchain, the traffic to be detected is detected, and after the detection result of the traffic depth message to be detected is obtained, the method further includes: and counting the flow to be detected based on the version information of the flow to be detected.
Specifically, after the flow depth message detection result to be detected is obtained, accurate statistics based on version information can be performed based on information such as the version number of the target version of the target service application. For example, traffic of a target version of a target business application may be counted, etc.
The embodiment of the invention carries out statistics on the flow to be detected based on the version information of the flow to be detected, and can realize more accurate flow statistics.
Based on the content of any one of the embodiments, based on the intelligent contract subset corresponding to the traffic to be detected, sample features of the traffic of each version of the target service application are obtained from the blockchain, the traffic to be detected is detected, and after the detection result of the traffic depth message to be detected is obtained, the method further includes: and filtering the flow to be detected based on the version information of the flow to be detected.
Specifically, after the flow depth message detection result to be detected is obtained, accurate filtering based on version information can be performed based on information such as the version number of the target version of the target service application. For example, in the case that the target version of the target service application is the filtering target, the flow to be detected may be filtered out; in the case that the target version of the target service application is not the filtering target, the traffic to be detected may not be filtered.
Illustratively, as shown in FIG. 3, the detection step may be performed as follows:
step 301, receiving a flow to be detected.
And 302, separating out the effective business application flow and sending the effective business application flow to an external account.
Step 303, the external account triggers the intelligent contract to execute sample feature comparison, and the comparison result is transmitted back to the external account.
And step 304, the external account sends the comparison result to the data statistics module.
And 305, carrying out refined statistics on the flow based on version information by a data statistics module according to the comparison result.
And 306, the external account sends the comparison result to the data filtering module.
And 307, the data filtering module performs refined filtering on the flow based on version information according to the comparison result.
The embodiment of the invention filters the flow to be detected based on the version information of the flow to be detected, and can realize more accurate flow filtration.
Based on any of the above embodiments, the sample characteristics include source and destination ports of the traffic, source and destination addresses of the traffic, and characteristic fields of the traffic.
In particular, the sample characteristics may include, but are not limited to, information such as a source port of the traffic, a destination port of the traffic, a source address of the traffic, a destination address of the traffic, and a characteristic field of the traffic.
The smart contract-based deep packet inspection device provided by the invention is described below, and the smart contract-based deep packet inspection device described below and the smart contract-based deep packet inspection method described above can be referred to correspondingly.
Fig. 4 is a schematic structural diagram of a smart contract-based deep packet inspection device according to the present invention. Based on the foregoing content of any one of the foregoing embodiments, as shown in fig. 4, the apparatus includes a flow obtaining module 401 and a packet detecting module 402, where:
a flow obtaining module 401, configured to obtain a flow to be detected;
the message detection module 402 is configured to obtain, from the blockchain, sample characteristics of the flows of each version of the target service application based on the intelligent contract subset corresponding to the flow to be detected, detect the flow to be detected based on the sample characteristics of the flows of the target version of the target service application corresponding to the flow to be detected, and obtain a deep message detection result of the flow to be detected.
Specifically, the flow obtaining module 401 and the message detecting module 402 are electrically connected.
The flow obtaining module 401 may obtain the flow to be detected, which is transmitted from the external interface, and process the flow with the external account.
The flow obtaining module 401 may perform preliminary screening on the flow to be detected through a preset service flow configuration file, and determine an application to which the flow to be detected belongs (i.e., a target service application), so as to determine an intelligent contract subset corresponding to the target service application.
The message detection module 402 may trigger the corresponding service application intelligent contract subset by the external account, where the intelligent contract subset obtains a corresponding sample data block from the sample feature block chain, performs version comparison, obtains a deep message detection result of the flow to be detected, and returns the detection result to the external account.
Optionally, the smart contract-based deep packet inspection device may further include:
and the block management module is used for adding the sample characteristics of the traffic of the target version of the target business application to the block chain based on the consensus mechanism.
Alternatively, the packet detection module 402 may include:
the feature acquisition unit is used for acquiring sample features of the traffic of each version of the target service application from the blockchain based on the intelligent contract subset corresponding to the traffic to be detected;
and the characteristic comparison unit is used for comparing the sample characteristics of the traffic of each version of the target service application with the traffic to be detected based on the intelligent contract, and determining the version information of the traffic to be detected.
Optionally, the smart contract-based deep packet inspection device may further include:
and the flow statistics module is used for counting the flow to be detected based on the version information of the flow to be detected.
Optionally, the smart contract-based deep packet inspection device may further include:
and the flow statistics module is used for filtering the flow to be detected based on the version information of the flow to be detected.
Optionally, the sample characteristics include source and destination ports of the traffic, source and destination addresses of the traffic, and characteristic fields of the traffic.
Fig. 5 is a schematic diagram of a second embodiment of a smart contract-based deep packet inspection device according to the present invention. Illustratively, as shown in fig. 5, the apparatus may include: an external processing sub-device 50, a message detection module 402 and a block management module 403.
The block management module 403 may include a sample feature data acquisition unit 4031, a sample feature data block generation unit 4032, and a consensus mechanism addition unit 4033.
The sample feature data collection unit 4031 is configured to collect sample features of the service application message uploaded through the external interface. The sample feature data block generating unit 4032 is configured to receive the data (i.e. the service application message sample feature) uploaded by the sample feature data collecting unit 4031, perform hash calculation on the data to generate a hash pointer, encrypt and package the data, and generate a block to be uplink. The consensus mechanism adding unit 4033 is configured to initiate a data block adding broadcast to a blockchain network (including a plurality of blockchain nodes), add a timestamp and a data signature to the data by using a consensus mechanism agreed by the blockchain, verify the block to be uploaded, and add the block to be uploaded to the blockchain (i.e. the sample feature blockchain) after recognizing the block to be legal.
Message detection module 402 may be referred to as an intelligent contract aggregation module.
The message detection module 402 includes a number of smart contract subsets. The smart contract subset may be a code that performs version information based acquisition and comparison of sample features of traffic of a certain business application. The smart contract subset is published on a sample feature blockchain. When the intelligent contract subset is triggered by the external account module 501, the codes of the intelligent contract subset are executed, corresponding sample feature blocks are obtained, the sample feature blocks are compared with flow data transmitted by the external account module 501, and the comparison result is transmitted back to the external account module 501 together with version information.
The external processing sub-device 50 may include a flow acquisition module 401, an external account module 501, a flow statistics module 502, and a flow filtering module 503.
The external account module 501 interacts with the subset of smart contracts to trigger the smart contracts to perform the functions of reading the sample feature block and comparing the flow feature data.
The external account module 501 also interacts with the flow acquisition module 401, the flow statistics module 502, and the flow filtering module 503, respectively.
The flow obtaining module 401 is configured to obtain a flow to be detected, and send valid flow information to the external account module 501.
The flow statistics module 502 is configured to receive the sample feature comparison result based on the version information obtained by the external account module 501, and perform refined flow statistics based on the application version information according to the service requirement for data (i.e. the flow to be detected) that satisfies the comparison condition.
The flow filtering module 503 is configured to receive the sample feature comparison result based on the version information obtained by the external account module 501, and perform a refined filtering operation based on the application version information according to the service requirement for the data (i.e. the flow to be detected) that satisfies the comparison condition.
It should be noted that, the deep packet inspection device performs the deep packet inspection method, and may be divided into a preparation stage and an execution stage.
The work of the preparation phase may include generation and validation of blockchains, and deployment of intelligent contracts. As shown in FIG. 6, the generated blockchain and the intelligence deployed on the blockchain are about the on-chain portion.
The flow of the preparation phase may include: receiving sample feature data of a business application based on version information; the functions of block data packaging, block data broadcasting, block data verification and block data release are completed according to the block generation rules; the intelligent contract is deployed on the blockchain, and the intelligent contract code is used for executing the comparison and verification functions of the related business application flow and the version thereof, and triggering and executing the corresponding functions through the conditions of the external account.
The execution phase, i.e., the phase in which the smart contract performs the test, is shown in the under-chain portion of FIG. 6.
The flow of the execution phase may include: acquiring flow to be detected; the method comprises the steps of triggering an intelligent contract subset of a corresponding service application by using an external account, reading sample feature block data (namely data in each block for storing sample features of flow of each version of a target service application), comparing the sample features and confirming version information, and transmitting a comparison result back to an external processing sub-device, so that the functions of refined statistics and filtering based on the version information of the service application in deep message detection are realized.
The modules included in the deep packet inspection device can correspondingly use a sample characteristic data acquisition server, a block generation server, a block node server, an external service flow acquisition server, an external account management server, an external service flow statistics server and an external service flow filtering server in terms of hardware. The sample characteristic data acquisition server is used for acquiring, classifying and packaging data samples of the service application flow and sending the data samples to the block generation server; the block generation server is used for carrying out encryption processing on the sample characteristic data, generating a hash pointer and broadcasting the hash pointer to the block chain network; the block node server manages block chain nodes; the external service flow acquisition server is used for acquiring service application data flow to be detected and separating effective service characteristic flow; the external account management server interacts with the intelligent contract node on the blockchain; the external service flow statistics server is used for carrying out refined statistics based on version information on the deep packet inspection result; the external service flow filtering server is used for carrying out refined filtering based on version information on the deep packet inspection result.
The smart contract-based deep packet inspection device provided by the embodiment of the invention is used for executing the smart contract-based deep packet inspection method provided by the invention, and the implementation mode of the smart contract-based deep packet inspection device is consistent with the implementation mode of the smart contract-based deep packet inspection method provided by the invention, and the same beneficial effects can be achieved, and the detailed description is omitted.
The intelligent contract-based deep packet inspection device is used for the intelligent contract-based deep packet inspection method in the foregoing embodiments. Therefore, the description and definition in the smart contract-based deep packet inspection method in the foregoing embodiments may be used for understanding each execution module in the embodiments of the present invention.
According to the embodiment of the invention, the effective service application flow is separated by receiving the service application flow information transmitted by the external interface, the intelligent contract is triggered by the external account to execute the flow sample feature comparison based on the application version information, the decentralization problem of the service sample feature data can be solved, the storage and management of the sample feature data can not be tampered, the traceability of the service application version of the flow feature is ensured, the feature comparison is realized through the intelligent contract deployed on the blockchain node, the reliability and the uniqueness of the deep packet detection can be ensured, each type of service flow can be finely managed, the flow difference caused by different application versions of the same service application is compatible, and the identification of the flows of different versions of the same service application in the deep packet detection can be realized.
Fig. 7 illustrates a physical schematic diagram of an electronic device, as shown in fig. 7, which may include: processor 710, communication interface (Communications Interface) 720, memory 730, and communication bus 740, wherein processor 710, communication interface 720, memory 730 communicate with each other via communication bus 740. Processor 710 may invoke logic instructions in memory 730 to perform a smart contract-based deep packet inspection method comprising: acquiring flow to be detected; based on the intelligent contract subset corresponding to the flow to be detected, sample characteristics of the flow of each version of the target service application are obtained from the blockchain, the flow to be detected is detected, and a deep message detection result of the flow to be detected is obtained.
Further, the logic instructions in the memory 730 described above may be implemented in the form of software functional units and may be stored in a computer readable storage medium when sold or used as a stand alone product. Based on this understanding, the technical solution of the present invention may be embodied essentially or in a part contributing to the prior art or in a part of the technical solution, in the form of a software product stored in a storage medium, comprising several instructions for causing a computer device (which may be a personal computer, a server, a network device, etc.) to perform all or part of the steps of the method according to the embodiments of the present invention. And the aforementioned storage medium includes: a U-disk, a removable hard disk, a Read-Only Memory (ROM), a random access Memory (RAM, random Access Memory), a magnetic disk, or an optical disk, or other various media capable of storing program codes.
The processor 710 in the electronic device provided in the embodiment of the present application may call the logic instruction in the memory 730, and its implementation manner is consistent with the implementation manner of the smart contract-based deep packet inspection method provided in the present application, and may achieve the same beneficial effects, which are not described herein again.
In another aspect, the present invention also provides a computer program product comprising a computer program stored on a non-transitory computer readable storage medium, the computer program comprising program instructions which, when executed by a computer, enable the computer to perform the smart contract-based deep packet inspection method provided by the above methods, the method comprising: acquiring flow to be detected; based on the intelligent contract subset corresponding to the flow to be detected, sample characteristics of the flow of each version of the target service application are obtained from the blockchain, the flow to be detected is detected, and a deep message detection result of the flow to be detected is obtained.
When the computer program product provided in the embodiment of the present application is executed, the foregoing smart contract-based deep packet inspection method is implemented, and a specific implementation manner of the method is consistent with an implementation manner described in the embodiment of the foregoing method, and may achieve the same beneficial effects, which are not described herein again.
In yet another aspect, the present invention further provides a non-transitory computer readable storage medium having stored thereon a computer program, which when executed by a processor, is implemented to perform the smart contract-based deep packet inspection methods provided above, the method comprising: acquiring flow to be detected; based on the intelligent contract subset corresponding to the flow to be detected, sample characteristics of the flow of each version of the target service application are obtained from the blockchain, the flow to be detected is detected, and a deep message detection result of the flow to be detected is obtained.
When the computer program stored on the non-transitory computer readable storage medium provided in the embodiment of the present application is executed, the above method for detecting a deep packet based on an intelligent contract is implemented, and a specific implementation manner of the method is consistent with an implementation manner described in the embodiment of the foregoing method, and the same beneficial effects can be achieved, which is not repeated herein.
The apparatus embodiments described above are merely illustrative, wherein the elements illustrated as separate elements may or may not be physically separate, and the elements shown as elements may or may not be physical elements, may be located in one place, or may be distributed over a plurality of network elements. Some or all of the modules may be selected according to actual needs to achieve the purpose of the solution of this embodiment. Those of ordinary skill in the art will understand and implement the present invention without undue burden.
From the above description of the embodiments, it will be apparent to those skilled in the art that the embodiments may be implemented by means of software plus necessary general hardware platforms, or of course may be implemented by means of hardware. Based on this understanding, the foregoing technical solution may be embodied essentially or in a part contributing to the prior art in the form of a software product, which may be stored in a computer readable storage medium, such as ROM/RAM, a magnetic disk, an optical disk, etc., including several instructions for causing a computer device (which may be a personal computer, a server, or a network device, etc.) to execute the method described in the respective embodiments or some parts of the embodiments.
Finally, it should be noted that: the above embodiments are only for illustrating the technical solution of the present invention, and are not limiting; although the invention has been described in detail with reference to the foregoing embodiments, it will be understood by those of ordinary skill in the art that: the technical scheme described in the foregoing embodiments can be modified or some technical features thereof can be replaced by equivalents; such modifications and substitutions do not depart from the spirit and scope of the technical solutions of the embodiments of the present invention.
Claims (9)
1. The intelligent contract-based deep packet inspection method is characterized by comprising the following steps of:
acquiring flow to be detected;
and based on the intelligent contract subset corresponding to the flow to be detected, acquiring sample characteristics of the flow of each version of the target service application from a blockchain, detecting the flow to be detected, and acquiring a deep message detection result of the flow to be detected.
2. The smart contract-based deep packet inspection method according to claim 1, wherein the acquiring sample features of the traffic of each version of the target service application from the blockchain based on the smart contract subset corresponding to the traffic to be inspected, detecting the traffic to be inspected, and before acquiring the deep packet inspection result of the traffic to be inspected based on the version information, further comprises:
sample features of traffic for a target version of the target business application are added to the blockchain based on a consensus mechanism.
3. The smart contract-based deep packet inspection method according to claim 1, wherein the obtaining, based on the smart contract subset corresponding to the traffic to be inspected, sample features of traffic of each version of the target service application from a blockchain, inspecting the traffic to be inspected, and obtaining a deep packet inspection result of the traffic to be inspected specifically includes:
based on the intelligent contract subset corresponding to the flow to be detected, acquiring sample characteristics of the flow of each version of the target service application from a blockchain;
based on intelligent contracts, comparing sample characteristics of the traffic of each version of the target service application with the traffic to be detected, and determining version information of the traffic to be detected.
4. The smart contract-based deep packet inspection method according to claim 3, wherein the acquiring sample features of the traffic of each version of the target service application from the blockchain based on the smart contract subset corresponding to the traffic to be inspected, detecting the traffic to be inspected, and after acquiring the traffic deep packet inspection result to be inspected, further comprises:
and counting the flow to be detected based on the version information of the flow to be detected.
5. The smart contract-based deep packet inspection method according to claim 3, wherein the acquiring sample features of the traffic of each version of the target service application from the blockchain based on the smart contract subset corresponding to the traffic to be inspected, detecting the traffic to be inspected, and after acquiring the traffic deep packet inspection result to be inspected, further comprises:
and filtering the flow to be detected based on the version information of the flow to be detected.
6. The smart contract-based deep packet inspection method of any one of claims 1-5, wherein the sample characteristics include source and destination ports of traffic, source and destination addresses of traffic, and characteristic fields of traffic.
7. An intelligent contract-based deep packet inspection device, comprising:
the flow acquisition module is used for acquiring the flow to be detected;
the message detection module is used for acquiring sample characteristics of the flow of each version of the target service application from a blockchain based on the intelligent contract subset corresponding to the flow to be detected, detecting the flow to be detected based on the sample characteristics of the flow of the target version of the target service application corresponding to the flow to be detected, and acquiring a depth message detection result of the flow to be detected.
8. An electronic device comprising a memory, a processor and a computer program stored on the memory and executable on the processor, wherein the processor performs the steps of the smart contract-based deep packet inspection method of any one of claims 1 to 6 when the program is executed.
9. A non-transitory computer readable storage medium having stored thereon a computer program, wherein the computer program when executed by a processor implements the steps of the smart contract-based deep packet inspection method of any of claims 1 to 6.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111624168.6A CN114520774B (en) | 2021-12-28 | 2021-12-28 | Deep message detection method and device based on intelligent contract |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111624168.6A CN114520774B (en) | 2021-12-28 | 2021-12-28 | Deep message detection method and device based on intelligent contract |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN114520774A CN114520774A (en) | 2022-05-20 |
| CN114520774B true CN114520774B (en) | 2024-02-23 |
Family
ID=81596342
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202111624168.6A Active CN114520774B (en) | 2021-12-28 | 2021-12-28 | Deep message detection method and device based on intelligent contract |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN114520774B (en) |
Citations (17)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US7765194B1 (en) * | 2006-03-17 | 2010-07-27 | Cisco Technology, Inc. | Detection and enforcement of version compatibility in network devices |
| CN102045363A (en) * | 2010-12-31 | 2011-05-04 | 成都市华为赛门铁克科技有限公司 | Establishment, identification control method and device for network flow characteristic identification rule |
| CN102082699A (en) * | 2009-11-27 | 2011-06-01 | 上海博达数据通信有限公司 | P2P (peer-to-peer) protocol identification method on basis of active detection mode |
| US9614773B1 (en) * | 2014-03-13 | 2017-04-04 | Juniper Networks, Inc. | Systems and methods for automatically correcting classification signatures |
| CN110061887A (en) * | 2019-03-07 | 2019-07-26 | 阿里巴巴集团控股有限公司 | A kind of flow statistical method based on block chain, device and equipment |
| CN110213171A (en) * | 2019-06-03 | 2019-09-06 | 杭州云象网络技术有限公司 | A kind of data traffic monitoring and control method based on alliance's chain technology |
| WO2020160755A1 (en) * | 2019-02-05 | 2020-08-13 | Huawei Technologies Co., Ltd. | Detecting network traffic |
| CN111813857A (en) * | 2020-07-02 | 2020-10-23 | 珑门汽车科技(上海)有限公司 | Detection data management system and method based on block chain technology |
| CN112202753A (en) * | 2019-11-27 | 2021-01-08 | 朱培培 | Data stream detection method and system based on cloud platform and block chain |
| CN112381119A (en) * | 2020-10-27 | 2021-02-19 | 中国科学院信息工程研究所 | Multi-scene classification method and system based on decentralized application encryption flow characteristics |
| CN112433744A (en) * | 2020-12-30 | 2021-03-02 | 广东金赋科技股份有限公司 | Tax terminal application system upgrading and migrating method based on intelligent contract |
| WO2021036545A1 (en) * | 2019-08-29 | 2021-03-04 | 腾讯科技(深圳)有限公司 | Smart contract-based data processing method, and device and storage medium |
| CN112468520A (en) * | 2021-01-28 | 2021-03-09 | 腾讯科技(深圳)有限公司 | Data detection method, device and equipment and readable storage medium |
| CN112491823A (en) * | 2020-11-13 | 2021-03-12 | 齐鲁工业大学 | DDoS attack joint defense system and method based on block chain |
| CN113067743A (en) * | 2020-01-02 | 2021-07-02 | 中国移动通信有限公司研究院 | Flow rule extraction method, device, system and storage medium |
| CN113300977A (en) * | 2021-05-27 | 2021-08-24 | 国家计算机网络与信息安全管理中心 | Application flow identification and classification method based on multi-feature fusion analysis |
| CN113609219A (en) * | 2021-07-21 | 2021-11-05 | 微易签(杭州)科技有限公司 | Method, system, device and storage medium for verifying file based on block chain |
Family Cites Families (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US10795977B2 (en) * | 2017-08-24 | 2020-10-06 | Oracle International Corporation | Digital asset traceability and assurance using a distributed ledger |
| US10909317B2 (en) * | 2019-07-26 | 2021-02-02 | Advanced New Technologies Co., Ltd. | Blockchain-based text similarity detection method, apparatus and electronic device |
-
2021
- 2021-12-28 CN CN202111624168.6A patent/CN114520774B/en active Active
Patent Citations (17)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US7765194B1 (en) * | 2006-03-17 | 2010-07-27 | Cisco Technology, Inc. | Detection and enforcement of version compatibility in network devices |
| CN102082699A (en) * | 2009-11-27 | 2011-06-01 | 上海博达数据通信有限公司 | P2P (peer-to-peer) protocol identification method on basis of active detection mode |
| CN102045363A (en) * | 2010-12-31 | 2011-05-04 | 成都市华为赛门铁克科技有限公司 | Establishment, identification control method and device for network flow characteristic identification rule |
| US9614773B1 (en) * | 2014-03-13 | 2017-04-04 | Juniper Networks, Inc. | Systems and methods for automatically correcting classification signatures |
| WO2020160755A1 (en) * | 2019-02-05 | 2020-08-13 | Huawei Technologies Co., Ltd. | Detecting network traffic |
| CN110061887A (en) * | 2019-03-07 | 2019-07-26 | 阿里巴巴集团控股有限公司 | A kind of flow statistical method based on block chain, device and equipment |
| CN110213171A (en) * | 2019-06-03 | 2019-09-06 | 杭州云象网络技术有限公司 | A kind of data traffic monitoring and control method based on alliance's chain technology |
| WO2021036545A1 (en) * | 2019-08-29 | 2021-03-04 | 腾讯科技(深圳)有限公司 | Smart contract-based data processing method, and device and storage medium |
| CN112202753A (en) * | 2019-11-27 | 2021-01-08 | 朱培培 | Data stream detection method and system based on cloud platform and block chain |
| CN113067743A (en) * | 2020-01-02 | 2021-07-02 | 中国移动通信有限公司研究院 | Flow rule extraction method, device, system and storage medium |
| CN111813857A (en) * | 2020-07-02 | 2020-10-23 | 珑门汽车科技(上海)有限公司 | Detection data management system and method based on block chain technology |
| CN112381119A (en) * | 2020-10-27 | 2021-02-19 | 中国科学院信息工程研究所 | Multi-scene classification method and system based on decentralized application encryption flow characteristics |
| CN112491823A (en) * | 2020-11-13 | 2021-03-12 | 齐鲁工业大学 | DDoS attack joint defense system and method based on block chain |
| CN112433744A (en) * | 2020-12-30 | 2021-03-02 | 广东金赋科技股份有限公司 | Tax terminal application system upgrading and migrating method based on intelligent contract |
| CN112468520A (en) * | 2021-01-28 | 2021-03-09 | 腾讯科技(深圳)有限公司 | Data detection method, device and equipment and readable storage medium |
| CN113300977A (en) * | 2021-05-27 | 2021-08-24 | 国家计算机网络与信息安全管理中心 | Application flow identification and classification method based on multi-feature fusion analysis |
| CN113609219A (en) * | 2021-07-21 | 2021-11-05 | 微易签(杭州)科技有限公司 | Method, system, device and storage medium for verifying file based on block chain |
Non-Patent Citations (1)
| Title |
|---|
| 基于区块链技术的智能变电站配置版本管理;徐美强;高志远;王伟;袁浩;姜玉磊;;电力系统保护与控制(第02期);66-73 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN114520774A (en) | 2022-05-20 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US10452843B2 (en) | Self-adaptive application programming interface level security monitoring | |
| CN104115463B (en) | For processing the streaming method and system of network metadata | |
| CN111709009A (en) | Detection method and device for networked industrial control system, computer equipment and medium | |
| CN103155487A (en) | Methods and systems for detecting suspected data leakage using traffic samples | |
| CN106815511B (en) | Information processing unit and method | |
| CN110225045A (en) | Full link data method for authenticating, device, equipment and storage medium | |
| CN108234345A (en) | A kind of traffic characteristic recognition methods of terminal network application, device and system | |
| CN112688932A (en) | Honeypot generation method, honeypot generation device, honeypot generation equipment and computer readable storage medium | |
| CN101741745A (en) | Method and system for identifying application traffic of peer-to-peer network | |
| CN112769635B (en) | Service identification method and device for multi-granularity feature analysis | |
| CN110580225A (en) | Simulation method and device of service system | |
| CN113727348B (en) | Method, device, system and storage medium for detecting user data of User Equipment (UE) | |
| Hajamydeen et al. | A detailed description on unsupervised heterogeneous anomaly based intrusion detection framework | |
| CN114520774B (en) | Deep message detection method and device based on intelligent contract | |
| Gomez et al. | Unsupervised detection and clustering of malicious tls flows | |
| CN113098852A (en) | Log processing method and device | |
| CN112688924A (en) | Network protocol analysis system | |
| CN103326892B (en) | The operating method and device of web interface | |
| CN114205146B (en) | Processing method and device for multi-source heterogeneous security log | |
| CN111079144B (en) | Virus propagation behavior detection method and device | |
| CN110661799B (en) | ARP (Address resolution protocol) deception behavior detection method and system | |
| CN107342969B (en) | Message identification system, method and device | |
| CN111988271A (en) | Communication flow processing method and device | |
| CN111917715B (en) | Equipment identification method based on 802.11ac MAC layer fingerprint | |
| CN112769599B (en) | Automatic resource access method, system and readable storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |