CN101056222A - A deep message detection method, network device and system - Google Patents
A deep message detection method, network device and system Download PDFInfo
- Publication number
- CN101056222A CN101056222A CNA2007100745387A CN200710074538A CN101056222A CN 101056222 A CN101056222 A CN 101056222A CN A2007100745387 A CNA2007100745387 A CN A2007100745387A CN 200710074538 A CN200710074538 A CN 200710074538A CN 101056222 A CN101056222 A CN 101056222A
- Authority
- CN
- China
- Prior art keywords
- data message
- dpi
- checkout gear
- message
- module
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Abstract
The invention relates to the network safety technology, discloses a deep message detection method, network equipment and system. The method includes: receive the data message in the data stream; determine whether the data message required to be detected or not, if yes, firstly identify the data message; if can't be identified, then copy the data message, and send one copy of the data message to the deep message detection device, that is, the DPI detection device for deep message detecting. The invention may solve the balancing problem between the DPI detection and rapid data forward performances, meet with the sensing and controlling demand of network operator for the internet services, save the network resources.
Description
Technical field
The present invention relates to network security technology, relate in particular to a kind of deep message and detect (Deep PacketInspection, DPI) method, the network equipment and system.
Background technology
Along with the continuous development of IP technology, IP network makes the transition to operation level multi-service directions such as voice-bearer, data, video, big customer's special line, 3G, NGN from carrying single Internet business gradually.In transformation process, the change of essence also will take place in IP network on fail safe, reliability, QoS.
On the one hand, computer network is subjected to more and more severe attack and invasion, causes very tremendous loss for user and operator.Though a part of attack has been alleviated in the appearance of fire compartment wall.But common fire compartment wall is propagated, is attacked for the virus of hiding oneself among IP bag payload, seems unable to do what one wishes.In recent years, the development trend of network attack is to turn to higher layer applications gradually.According to one's analysis, it is to concentrate on application layer that present attack to network has more than 70%, and this numeral is in rising trend.Just because of this, content safety begins to become the problem of most critical in the present information security.
On the other hand, along with the continuous development of network technology, various new application emerge in an endless stream, but owing to lack effective technical means, can not perception and the management that becomes more meticulous to a lot of new application.These professional a large amount of " parasitisms " when bringing enormous profits to the service provider, have caused heavy losses to Virtual network operator in the IP bearer network.Typical example is exactly along with peer-to-peer network (Peer to Peer, that P2P) uses progressively popularizes, P2P uses (voice, video, file transfer etc.) and has taken network bandwidth resources more than 60%, cause network appearance in various degree congested, greatly reduce the user experience of other application.The final consequence that all these problems are brought is that operating cost of operator increases, income reduces and the decline of user satisfaction, so the urgent hope of operator can address these problems.
(Deep Packet Inspection DPI), can use by sensing network, and the means of network control and management are provided to operator in a kind of new technological means---deep message detection.So-called " degree of depth " is relative with the detection layers second phase of common message, common message detects the content below 4 layers that only detects the IP bag, comprise source address, destination address, source port, destination interface and type of service, and DPI is except the level to the front detects, also increased the application layer detection, can discern various application and content thereof, and control and manage.
How releasing a cover DPI total solution more rapidly on existing network, and do not influence the reliability of existing network again, is an important difficult problem of network operators face.Because the access device development is early, the access device on the existing network is not generally all considered the function of DPI, detects in order to support DPI, generally adopts following two kinds of methods:
As shown in Figure 1, carry out the system configuration schematic diagram that DPI detects for the available technology adopting series system.In this scheme, directly the DPI checkout gear is connected on (its deployed position can be Access Layer or convergence-level) on the existing network, all data are just transmitted after all must detecting through DPI.The advantage of this scheme is and can controls in real time and manage Business Stream, can support comprehensive DPI characteristic, comprises business such as identification, control, attack-defending.
As shown in Figure 2, carry out the system configuration schematic diagram that DPI detects for the available technology adopting parallel way.In this scheme, adopt parallel way that DPI checkout gear side is suspended on the existing network, by router or physics light-dividing device all flow beam split are detected to the DPI checkout gear.After the DPI checkout gear identifies illegal business, connect the transmission of disturbing the illegal business of controlling the user by UDP/TCP to the user that sends illegal business.
The inventor is through discovering, more than two kinds of schemes all have in various degree defective: in carry out the process that DPI detects with series system, because it is that the IP packet is carried out the tagged word search that DPI detects, expend very much processor resource, causing DPI to detect becomes the bottleneck of data forwarding, thereby influences all professional quality of service QoS.And in the process of carrying out the DPI detection with parallel way, all flows of user all will copy to the DPI checkout gear by the mode of beam split or mirror image and detect, increase the burden of DPI checkout gear and the method that the user disturbs has been difficult to realization under some is used based on the encryption of UDP, reduced the control effect.
Summary of the invention
In order to address the above problem, the embodiment of the invention provides a kind of deep message detection method, the network equipment and system.
Deep message detection method may further comprise the steps described in the embodiment of the invention:
Data message in the receiving data stream;
Judge whether described data message needs to detect, and if desired, at first described data message is discerned;
If can not discern described data message, then duplicate described data message, and a copy of it data message is sent to the deep message checkout gear, promptly the DPI checkout gear carries out the deep message detection.
Wherein, described DPI checkout gear carries out deep message and detects and specifically to comprise:
The DPI checkout gear also feeds back to the network equipment with the type of service of this data flow according to the type of service that the data message that receives detects described data flow.
Wherein, described method also comprises:
After the network equipment is received the follow-up data message of described data flow, handle described follow-up data message according to the predetermined policy of the type of service of described data flow.
Wherein, described method also comprises:
Receive the real-time detection notice of carrying traffic flow information that the DPI checkout gear sends;
After receiving the data message under the entrained data flow of described real-time detection notice, no longer judge and discern, directly send described data message to the DPI checkout gear;
The DPI checkout gear detects in real time to described data message.
Wherein, described method also comprises:
Receive the real-time detection termination notice of carrying traffic flow information that the DPI checkout gear sends;
No longer stop notifying the affiliated data message of entrained data flow directly to send to the DPI checkout gear described real-time detection.
The network equipment described in the embodiment of the invention comprises receiver module, judge module, inner identification module and replication module, wherein:
Described receiver module is used for the data message of receiving data stream, and described data message is sent to judge module;
Described judge module is used to judge whether and need the described data message that receiver module sends be detected, and the data message that will need to detect sends to inner identification module;
Inner identification module.Be used for the data message that judge module sends is discerned, and can not send to replication module by the recognition data message;
Replication module, being used to duplicate inner identification module can not the recognition data message.
Wherein, the described network equipment also comprises:
Forwarding module is used for the data message forwarding that judge module not needing of sending detected being gone out or the data message that replication module duplicates being sent.
Wherein, the described network equipment also comprises the DPI detection module, is used to receive the data message that replication module can not send, and described data message is carried out DPI detect, to detect the type of service of described data message.
Network system described in the embodiment of the invention comprises the network equipment and DPI checkout gear, wherein:
The described network equipment is used for receiving data packets, and judges whether described data message needs to detect; If described data message needs to detect, described data message is discerned, if can not discern described data message, then duplicate described data message, and a data message is sent to the destination, another piece of data message is sent to the DPI checkout gear;
Described DPI checkout gear is used to receive the data message that the network equipment sends, and detects the type of service of described data message, and the type of service of described data message is fed back to the described network equipment.
Wherein, the described network equipment also is used for according to the type of service of DPI checkout gear feedback data message the follow-up data message of the data flow under this data message being carried out respective handling.
The embodiment of the invention by by the network equipment and DPI checkout gear according to own characteristic, the division of labor is carried out message and is detected, solved the equilibrium problem between DPI detection and the rapid data forwarding performance, satisfied the demand of Virtual network operator, saved Internet resources Internet service perception, control.
Description of drawings
Fig. 1 is for carrying out the system configuration schematic diagram that DPI detects with series system in the prior art;
Fig. 2 is for carrying out the system configuration schematic diagram that DPI detects with parallel way in the prior art;
Fig. 3 is the flow chart of deep message detection method in the embodiment of the invention;
Fig. 4 is the structural representation of network system in the embodiment of the invention;
Fig. 5 is the structural representation of the network equipment in the embodiment of the invention.
Embodiment
The invention will be further described below in conjunction with the drawings and specific embodiments, but should not regard limitation of the present invention as.
In embodiments of the present invention, consider router or broadband services gateway (Broadband Network Gateway in the existing network, BNG) strong but the characteristic that transfer capability is weak of data forwarding ability height and DPI checkout gear recognition capability has adopted the DPI checkout gear is parallel to networking mode on router or the BNG.
As shown in Figure 4, be the structural representation of network system in the embodiment of the invention, on the basis of existing networking, the DPI checkout gear hung on BNG or the router that BNG or router are connected by physical interface with the DPI checkout gear outward.Wherein, BNG or router are used to receive the data message that the user sends, and judge whether this data message needs to detect, if this data message needs to detect, BNG or router also are used for this data message is discerned, if BNG or router can not be discerned this data message, BNG or router also are used to duplicate this data message, and a data message sent to the destination, and another piece of data message is sent to the DPI checkout gear.Described DPI checkout gear is used to receive the data message of BNG or router transmission, detect the type of service of this data message, and the type of service of this data message fed back to BNG or router, afterwards, after BNG or router are received the follow-up data message of the data flow under this data message, just needn't duplicate this follow-up data message again and give the DPI checkout gear, as long as the processing policy that the type of service that basis is fed back for the DPI checkout gear sets is handled this follow-up data message.
A just embodiment of network system of the present invention shown in Figure 4, in addition, the composition module of DPI checkout gear as BNG (router) can also be embedded on BNG or the router, perhaps according to the disposal ability of DPI and BNG or router, a DPI checkout gear corresponding many BNG or routers are set or are a BNG or a plurality of DPI checkout gears of configuration of routers.In order to guarantee the availability of DPI device, can also between DPI checkout gear and BNG or router, set up Operations, Administration and Maintenance (Operation, Administration and Maintenance, OAM) mechanism.
Fig. 3 is system shown in Figure 4 method embodiment flow chart when carrying out the deep message detection.In the present embodiment, BNG or router have also been born certain testing, can avoid like this mass data is copied on the DPI checkout gear, have alleviated the pressure of DPI checkout gear.Below in conjunction with Fig. 3 this flow process is described.
Referring to Fig. 3, the flow chart for deep message detection method in the embodiment of the invention said method comprising the steps of:
Seizure 302, BNG judge whether that at first need carry out deep message to this data message detects and control; If desired, execution in step 304, otherwise, execution in step 303.
Above-mentioned basis for estimation can be set as required, for example, can judge according to class of subscriber, for senior users such as IPTV, special lines, can its flow not carried out any intervention and control.And, then carry out different processing according to type of service to low end subscriber.
Can step 305, BNG judge discern this data message, if can discern, and execution in step 306, otherwise, execution in step 307;
Step 307, BNG duplicate this data message;
BNG does not need all data messages of certain data flow are all duplicated, and just duplicates the data message of receiving in the time can not discerning this data flow; Receive the type of service of certain data flow that the DPI checkout gear sends as BNG after, just can directly handle the follow-up data message of this data flow, and no longer need the follow-up data message of this data flow is duplicated and send to the DPI checkout gear according to the strategy of setting at this type of service.
In the present embodiment, do not need that all data traffics are all copied to the DPI checkout gear and detect, but by network equipment BNG (router) control, the data message of selecting to need to detect duplicates and send to the DPI checkout gear.And after the DPI checkout gear is finished detection, will no longer detect the follow-up data message of same data flow.
The embodiment of the invention also discloses a kind of network equipment, as shown in Figure 5, be the structural representation of this network equipment, comprise receiver module, judge module, inner identification module, replication module and forwarding module, wherein:
Receiver module is used to receive the data message that the user sends, and this data message is sent to judge module;
Judge module is used to judge whether the data message that receiver module receives needs to detect, and detects if desired, is used for this data message is sent to inner identification module, otherwise, be used for this data message is sent to inner identification module;
Inner identification module is used to discern the data message that needs that judge module sends detect; If can discern, this data message is sent to forwarding module handle; If can not discern, this data message is sent to replication module.
Replication module is used to duplicate the data message that inner identification module sends, and the data message that duplicates is sent to forwarding module;
Forwarding module is used for sending datagram to next jumping of BNG (router), perhaps is used for sending datagram to the DPI checkout gear.
In addition, if with DPI checkout gear equipment in network device internal, this network equipment should also comprise a DPI detection module, the data message that is used for that replication module is duplicated carries out DPI and detects, to obtain the type of service of this data message.
The networking mode that the embodiment of the invention adopts the DPI checkout gear to combine with network equipment parallel connection and serial connection, by the network equipment and DPI checkout gear according to own characteristic, the division of labor is carried out message and is detected, solved the equilibrium problem between DPI detection and the rapid data forwarding performance, satisfied the demand of Virtual network operator, saved Internet resources Internet service perception, control.
The above only is a better embodiment of the present invention, can not regard limitation of the present invention as.Those skilled in the art are in the scope that the embodiment of the invention discloses, and common replacement of being carried out and variation all should be included within protection scope of the present invention.
Claims (10)
1, a kind of deep message detection method is characterized in that, comprising:
Data message in the receiving data stream;
Judge whether described data message needs to detect, and if desired, at first described data message is discerned;
If can not discern described data message, then duplicate described data message, and a copy of it data message is sent to the deep message checkout gear, promptly the DPI checkout gear carries out the deep message detection.
2, method according to claim 1 is characterized in that, described DPI checkout gear carries out the deep message detection and specifically comprises:
The DPI checkout gear also feeds back to the network equipment with the type of service of this data flow according to the type of service that the data message that receives detects described data flow.
3, method according to claim 2 is characterized in that, described method also comprises:
After the network equipment is received the follow-up data message of described data flow, handle described follow-up data message according to the predetermined policy of the type of service of described data flow.
4, method according to claim 1 is characterized in that, described method also comprises:
Receive the real-time detection notice of carrying traffic flow information that the DPI checkout gear sends;
After receiving the data message under the entrained data flow of described real-time detection notice, no longer judge and discern, directly send described data message to the DPI checkout gear;
The DPI checkout gear detects in real time to described data message.
5, method according to claim 4 is characterized in that, described method also comprises:
Receive the real-time detection termination notice of carrying traffic flow information that the DPI checkout gear sends;
No longer stop notifying the affiliated data message of entrained data flow directly to send to the DPI checkout gear described real-time detection.
6, a kind of network equipment is characterized in that, comprises receiver module, judge module, inner identification module and replication module, wherein:
Described receiver module is used for the data message of receiving data stream, and described data message is sent to judge module;
Described judge module is used to judge whether and need the described data message that receiver module sends be detected, and the data message that will need to detect sends to inner identification module;
Inner identification module.Be used for the data message that judge module sends is discerned, and can not send to replication module by the recognition data message;
Replication module, being used to duplicate inner identification module can not the recognition data message.
7, the network equipment according to claim 6 is characterized in that, the described network equipment also comprises:
Forwarding module is used for the data message forwarding that judge module not needing of sending detected being gone out or the data message that replication module duplicates being sent.
8, according to the claim 6 or the 7 described network equipments, it is characterized in that the described network equipment also comprises the DPI detection module, be used to receive the data message that replication module can not send, and described data message is carried out DPI detect, to detect the type of service of described data message.
9, a kind of network system is characterized in that, comprises the network equipment and DPI checkout gear, wherein:
The described network equipment is used for receiving data packets, and judges whether described data message needs to detect; If described data message needs to detect, described data message is discerned, if can not discern described data message, then duplicate described data message, and a data message is sent to the destination, another piece of data message is sent to the DPI checkout gear;
Described DPI checkout gear is used to receive the data message that the network equipment sends, and detects the type of service of described data message, and the type of service of described data message is fed back to the described network equipment.
10, network system according to claim 9 is characterized in that, the described network equipment also is used for according to the type of service of DPI checkout gear feedback data message the follow-up data message of the data flow under this data message being carried out respective handling.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CNB2007100745387A CN100474819C (en) | 2007-05-17 | 2007-05-17 | A deep message detection method, network device and system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CNB2007100745387A CN100474819C (en) | 2007-05-17 | 2007-05-17 | A deep message detection method, network device and system |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN101056222A true CN101056222A (en) | 2007-10-17 |
| CN100474819C CN100474819C (en) | 2009-04-01 |
Family
ID=38795842
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CNB2007100745387A Active CN100474819C (en) | 2007-05-17 | 2007-05-17 | A deep message detection method, network device and system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN100474819C (en) |
Cited By (29)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2009089701A1 (en) * | 2008-01-16 | 2009-07-23 | Huawei Technologies Co., Ltd. | Method and system for packet inspection |
| WO2009138000A1 (en) * | 2008-05-16 | 2009-11-19 | 成都市华为赛门铁克科技有限公司 | Method, device and system for controlling network flow |
| WO2009146621A1 (en) * | 2008-06-04 | 2009-12-10 | 华为技术有限公司 | Data processing method, broadband network gateway, policy controller and access device |
| WO2010102570A1 (en) * | 2009-03-12 | 2010-09-16 | 成都市华为赛门铁克科技有限公司 | Method and apparatus for realizing green internet-access |
| WO2010127614A1 (en) * | 2009-05-07 | 2010-11-11 | 华为技术有限公司 | Method, device and system for transmitting packet service data |
| WO2010127534A1 (en) * | 2009-05-07 | 2010-11-11 | 中兴通讯股份有限公司 | System and method for performing classification on deep packet inspection devices |
| CN101478447B (en) * | 2009-01-08 | 2011-01-05 | 中国人民解放军信息工程大学 | Method and apparatus for deep packet detection |
| WO2011022992A1 (en) * | 2009-08-28 | 2011-03-03 | 中兴通讯股份有限公司 | Control element, forwarding element and routing method for internet protocol network |
| CN102137059A (en) * | 2010-01-21 | 2011-07-27 | 阿里巴巴集团控股有限公司 | Method and system for blocking malicious accesses |
| CN102148773A (en) * | 2010-02-08 | 2011-08-10 | 中国联合网络通信集团有限公司 | Method and system for converting IPv6 (Internet Protocol Version 6) protocol and IPv4 (Internet Protocol Version 4) protocol |
| WO2011103835A2 (en) * | 2011-04-18 | 2011-09-01 | 华为技术有限公司 | User access control method, apparatus and system |
| CN101459489B (en) * | 2007-12-11 | 2011-12-07 | 中兴通讯股份有限公司 | Deep packet detection device and method |
| CN101414939B (en) * | 2008-11-28 | 2011-12-28 | 武汉虹旭信息技术有限责任公司 | Internet application recognition method based on dynamical depth package detection |
| CN101662428B (en) * | 2009-09-25 | 2012-06-27 | 上海大学 | Stacked structure-based real-time security management system of 10G high-performance wideband network behavior |
| CN101674584B (en) * | 2009-09-03 | 2012-07-04 | 中兴通讯股份有限公司 | Method for detecting virus and system |
| US8250646B2 (en) | 2007-09-27 | 2012-08-21 | Huawei Technologies Co., Ltd. | Method, system, and device for filtering packets |
| CN103581034A (en) * | 2012-07-27 | 2014-02-12 | 北京宽广电信高技术发展有限公司 | Message mirroring and encrypted transmitting method |
| CN103607354A (en) * | 2013-11-26 | 2014-02-26 | 中国联合网络通信集团有限公司 | Flow control method, DPI equipment and system |
| WO2014187406A1 (en) * | 2013-10-16 | 2014-11-27 | 中兴通讯股份有限公司 | Parallel-mode p2p scrambling method, device and system |
| CN104348638A (en) * | 2013-07-29 | 2015-02-11 | 中国移动通信集团公司 | Method for identifying service type of session flow and system and equipment thereof |
| CN105704042A (en) * | 2015-12-31 | 2016-06-22 | 华为技术有限公司 | Message processing method, BNG and BNG cluster system |
| WO2016206513A1 (en) * | 2015-06-26 | 2016-12-29 | 中兴通讯股份有限公司 | Method of boosting data processing, and assignment device and switch utilizing same |
| CN107172107A (en) * | 2017-07-24 | 2017-09-15 | 中国人民解放军信息工程大学 | The transparent management-control method and equipment of a kind of differentiated service stream early stage passback |
| CN107547533A (en) * | 2017-08-24 | 2018-01-05 | 新华三信息安全技术有限公司 | A kind of characterization rules open method and device |
| CN108206828A (en) * | 2017-12-28 | 2018-06-26 | 浙江宇视科技有限公司 | A kind of double monitoring method of controlling security and system |
| US10673897B2 (en) | 2010-08-25 | 2020-06-02 | International Business Machines Corporation | Two-tier deep analysis of HTML traffic |
| CN112822066A (en) * | 2020-12-31 | 2021-05-18 | 北京浩瀚深度信息技术股份有限公司 | Method and system for testing data link of DPI (deep packet inspection) equipment |
| CN114978718A (en) * | 2022-05-25 | 2022-08-30 | 新华三信息安全技术有限公司 | Message processing method and device |
| CN115361334A (en) * | 2022-10-19 | 2022-11-18 | 深圳市光联世纪信息科技有限公司 | SD-WAN traffic identification method based on deep packet inspection technology |
-
2007
- 2007-05-17 CN CNB2007100745387A patent/CN100474819C/en active Active
Cited By (44)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US8250646B2 (en) | 2007-09-27 | 2012-08-21 | Huawei Technologies Co., Ltd. | Method, system, and device for filtering packets |
| CN101459489B (en) * | 2007-12-11 | 2011-12-07 | 中兴通讯股份有限公司 | Deep packet detection device and method |
| WO2009089701A1 (en) * | 2008-01-16 | 2009-07-23 | Huawei Technologies Co., Ltd. | Method and system for packet inspection |
| WO2009138000A1 (en) * | 2008-05-16 | 2009-11-19 | 成都市华为赛门铁克科技有限公司 | Method, device and system for controlling network flow |
| CN101286937B (en) * | 2008-05-16 | 2011-01-05 | 成都市华为赛门铁克科技有限公司 | Network flow control method, device and system |
| WO2009146621A1 (en) * | 2008-06-04 | 2009-12-10 | 华为技术有限公司 | Data processing method, broadband network gateway, policy controller and access device |
| CN101599895B (en) * | 2008-06-04 | 2012-07-04 | 华为技术有限公司 | Data processing method, wideband network gateway, strategy controller device and accessing node equipment |
| CN101414939B (en) * | 2008-11-28 | 2011-12-28 | 武汉虹旭信息技术有限责任公司 | Internet application recognition method based on dynamical depth package detection |
| CN101478447B (en) * | 2009-01-08 | 2011-01-05 | 中国人民解放军信息工程大学 | Method and apparatus for deep packet detection |
| WO2010102570A1 (en) * | 2009-03-12 | 2010-09-16 | 成都市华为赛门铁克科技有限公司 | Method and apparatus for realizing green internet-access |
| CN101883018B (en) * | 2009-05-07 | 2014-01-01 | 中兴通讯股份有限公司 | System and method for classifying deep packet inspection facilities |
| WO2010127534A1 (en) * | 2009-05-07 | 2010-11-11 | 中兴通讯股份有限公司 | System and method for performing classification on deep packet inspection devices |
| CN101883393B (en) * | 2009-05-07 | 2013-01-09 | 华为技术有限公司 | Method, device and system for transmitting packet service data |
| WO2010127614A1 (en) * | 2009-05-07 | 2010-11-11 | 华为技术有限公司 | Method, device and system for transmitting packet service data |
| CN101997826A (en) * | 2009-08-28 | 2011-03-30 | 中兴通讯股份有限公司 | Routing methods of control net element, forwarding net element and internet protocol network |
| WO2011022992A1 (en) * | 2009-08-28 | 2011-03-03 | 中兴通讯股份有限公司 | Control element, forwarding element and routing method for internet protocol network |
| CN101674584B (en) * | 2009-09-03 | 2012-07-04 | 中兴通讯股份有限公司 | Method for detecting virus and system |
| CN101662428B (en) * | 2009-09-25 | 2012-06-27 | 上海大学 | Stacked structure-based real-time security management system of 10G high-performance wideband network behavior |
| CN102137059A (en) * | 2010-01-21 | 2011-07-27 | 阿里巴巴集团控股有限公司 | Method and system for blocking malicious accesses |
| CN102148773A (en) * | 2010-02-08 | 2011-08-10 | 中国联合网络通信集团有限公司 | Method and system for converting IPv6 (Internet Protocol Version 6) protocol and IPv4 (Internet Protocol Version 4) protocol |
| CN102148773B (en) * | 2010-02-08 | 2014-03-12 | 中国联合网络通信集团有限公司 | Method and system for converting IPv6 (Internet Protocol Version 6) protocol and IPv4 (Internet Protocol Version 4) protocol |
| US10673898B2 (en) | 2010-08-25 | 2020-06-02 | International Business Machines Corporation | Two-tier deep analysis of HTML traffic |
| US10673897B2 (en) | 2010-08-25 | 2020-06-02 | International Business Machines Corporation | Two-tier deep analysis of HTML traffic |
| WO2011103835A3 (en) * | 2011-04-18 | 2012-03-29 | 华为技术有限公司 | User access control method, apparatus and system |
| WO2011103835A2 (en) * | 2011-04-18 | 2011-09-01 | 华为技术有限公司 | User access control method, apparatus and system |
| CN102754488A (en) * | 2011-04-18 | 2012-10-24 | 华为技术有限公司 | User access control method, apparatus and system |
| CN103581034A (en) * | 2012-07-27 | 2014-02-12 | 北京宽广电信高技术发展有限公司 | Message mirroring and encrypted transmitting method |
| CN104348638B (en) * | 2013-07-29 | 2017-12-01 | 中国移动通信集团公司 | Identify method, system and the equipment of the type of service of session traffic |
| CN104348638A (en) * | 2013-07-29 | 2015-02-11 | 中国移动通信集团公司 | Method for identifying service type of session flow and system and equipment thereof |
| WO2014187406A1 (en) * | 2013-10-16 | 2014-11-27 | 中兴通讯股份有限公司 | Parallel-mode p2p scrambling method, device and system |
| CN103607354A (en) * | 2013-11-26 | 2014-02-26 | 中国联合网络通信集团有限公司 | Flow control method, DPI equipment and system |
| CN103607354B (en) * | 2013-11-26 | 2016-09-07 | 中国联合网络通信集团有限公司 | A kind of flow control methods, DPI equipment and system |
| WO2016206513A1 (en) * | 2015-06-26 | 2016-12-29 | 中兴通讯股份有限公司 | Method of boosting data processing, and assignment device and switch utilizing same |
| CN106330762A (en) * | 2015-06-26 | 2017-01-11 | 中兴通讯股份有限公司 | Method of switch to accelerate data processing, CPU core for carrying out acceleration processing on data and switch |
| CN105704042A (en) * | 2015-12-31 | 2016-06-22 | 华为技术有限公司 | Message processing method, BNG and BNG cluster system |
| CN107172107B (en) * | 2017-07-24 | 2019-08-13 | 中国人民解放军信息工程大学 | A kind of transparent management-control method and equipment of the passback of differentiated service stream early stage |
| CN107172107A (en) * | 2017-07-24 | 2017-09-15 | 中国人民解放军信息工程大学 | The transparent management-control method and equipment of a kind of differentiated service stream early stage passback |
| CN107547533A (en) * | 2017-08-24 | 2018-01-05 | 新华三信息安全技术有限公司 | A kind of characterization rules open method and device |
| CN108206828A (en) * | 2017-12-28 | 2018-06-26 | 浙江宇视科技有限公司 | A kind of double monitoring method of controlling security and system |
| CN108206828B (en) * | 2017-12-28 | 2021-03-09 | 浙江宇视科技有限公司 | Dual-monitoring safety control method and system |
| CN112822066A (en) * | 2020-12-31 | 2021-05-18 | 北京浩瀚深度信息技术股份有限公司 | Method and system for testing data link of DPI (deep packet inspection) equipment |
| CN112822066B (en) * | 2020-12-31 | 2022-03-11 | 北京浩瀚深度信息技术股份有限公司 | Method and system for testing data link of DPI (deep packet inspection) equipment |
| CN114978718A (en) * | 2022-05-25 | 2022-08-30 | 新华三信息安全技术有限公司 | Message processing method and device |
| CN115361334A (en) * | 2022-10-19 | 2022-11-18 | 深圳市光联世纪信息科技有限公司 | SD-WAN traffic identification method based on deep packet inspection technology |
Also Published As
| Publication number | Publication date |
|---|---|
| CN100474819C (en) | 2009-04-01 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN101056222A (en) | A deep message detection method, network device and system | |
| KR101900154B1 (en) | SDN capable of detection DDoS attacks and switch including the same | |
| EP3148118B1 (en) | Providing application metadata using export protocols in computer networks | |
| US7636305B1 (en) | Method and apparatus for monitoring network traffic | |
| JP6162337B2 (en) | Application-aware network management | |
| EP2629466B1 (en) | Method, device and system for forwarding data in communication system | |
| CN1617511A (en) | Conversation Qo S controller | |
| US20120210416A1 (en) | Load balancing in a network with session information | |
| CN1905517A (en) | Control system and method for selecting for warding path for media stream in NGN network | |
| WO2009089701A1 (en) | Method and system for packet inspection | |
| KR20090083339A (en) | Systems and methods of improving performance of transport protocols in a multi-path environment | |
| WO2011150701A1 (en) | Method, network device and network system for data service processing | |
| US20190149573A1 (en) | System of defending against http ddos attack based on sdn and method thereof | |
| WO2016062106A1 (en) | Packet processing method, device and system | |
| CN1905555A (en) | Fire wall controlling system and method based on NGN service | |
| WO2009152734A1 (en) | Process method, system and device for binding/unbinding | |
| WO2011144068A2 (en) | Method and apparatus for reporting network packet-loss information | |
| CN101039309A (en) | Link sharing service apparatus and communication method thereof | |
| CN106656648B (en) | Application flow dynamic protection method and system based on home gateway and home gateway | |
| US20080104688A1 (en) | System and method for blocking anonymous proxy traffic | |
| WO2015106453A1 (en) | Service processing method and network device | |
| CN101056273A (en) | Session-based network speed limit method and device | |
| CN1643858A (en) | Quality of service request correlation | |
| CN1741473A (en) | A network data packet availability deciding method and system | |
| JP2009053969A (en) | Service providing system, filtering device, filtering method and message confirmation method |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant |