CN101562612A - Method and device for constructing matching rule list and recognizing message type - Google Patents
Method and device for constructing matching rule list and recognizing message type Download PDFInfo
- Publication number
- CN101562612A CN101562612A CNA2009100856001A CN200910085600A CN101562612A CN 101562612 A CN101562612 A CN 101562612A CN A2009100856001 A CNA2009100856001 A CN A2009100856001A CN 200910085600 A CN200910085600 A CN 200910085600A CN 101562612 A CN101562612 A CN 101562612A
- Authority
- CN
- China
- Prior art keywords
- message
- matched rule
- type
- cryptographic hash
- hash
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Abstract
The invention provides a method and a device for constructing a matching rule list and recognizing a message type, wherein the method comprises the following steps: calculating a hash value of a matching rule corresponding to the message type, wherein the matching rule is constructed according to message characteristics and describes that the type of a message is a condition required to be satisfied by the message type; and storing the matching rule into a hash list according to the hash value to form the matching rule list for recognizing the message type. By applying the technique provided by the embodiment of the invention, quick recognition of the message type can be achieved by extracting a characteristic field of the message and comparing the characteristic field with a specific matching rule prestored in the hash list, thus the time complexity matched with the message is reduced from O (n) to O (1) on constant level.
Description
Technical field
The present invention relates to the communications field, be meant the method and apparatus of a kind of constructing matching rule list and identification type of message especially.
Background technology
In many network equipments (for example switch, router), need handle the various messages that receive, wherein, have some processing need know the type of message, so as to add up, monitoring etc.The type of message is represented by the value of some specific fields in the message, dissimilar messages is in the value difference of some field, judge whether a message belongs to a certain type of message, need from this message, obtain the value of these fields, and with the combination of known corresponding field value contrast, if both are in full accord, can conclude that then current message is the type of message of expection.
Judge whether certain belongs to the process of an expection type of message to a message, is called the message coupling, and wherein, the combination of known field value is the standard of judging, is called matched rule.The message that satisfies a matched rule must belong to the type of message of this matched rule correspondence, otherwise all messages of a certain type of message all have identical matched rule.Message meets specific matched rule, is the necessary and sufficient condition that message belongs to the special packet type.In view of the above, can each type of message is corresponding one by one with a definite matched rule, judge arbitrary type of message, just value and a series of matched rule with some field in this message compares, if find the rule of a coupling, this message just belongs to the type of message of this matched rule correspondence so.In the prior art, the normal recognition methods of using based on the message specific fields can be resolved and bed-by-bed analysis content of message, to determine type of message.
The inventor is in realizing process of the present invention, find that there are the following problems at least in the prior art: to content of message resolve and bed-by-bed analysis low with the technical efficiency of obtaining type of message and being adopted, be not suitable for the occasion of the network equipments such as similar switch, router to type of message recognition performance high requirement; For a large amount of matched rules, if deposit these matched rules in the mode of linear list, then at one the time complexity that mates in the matched rule table of n matched rule being arranged is O (n).
Summary of the invention
The method and apparatus that the purpose of this invention is to provide a kind of constructing matching rule list and identification type of message, be used for solving prior art, to content of message resolve and bed-by-bed analysis low with the technical efficiency of obtaining type of message and being adopted, be not suitable for the problem of the network equipments such as similar switch, router to the occasion of type identification performance high requirement.
A kind of method of constructing matching rule list comprises: the pairing cryptographic Hash of matched rule of calculating the type of message correspondence; Described matched rule forms according to the message characteristic structure, and the type of having described a message is the condition that described type of message need satisfy; According to described cryptographic Hash described matched rule is deposited in the Hash table, form one and be used for the matched rule table that type of message is discerned.
A kind of device of constructing matching rule list comprises: the cryptographic Hash computing module is used to calculate the cryptographic Hash of the matched rule of type of message correspondence; Described matched rule forms according to the message characteristic structure, and the type of having described message is the condition that described type of message need satisfy; The matched rule table is set up module, is used for depositing described matched rule in a Hash table according to described cryptographic Hash, forms one and is used for the matched rule table that type of message is discerned.
A kind of method of discerning type of message comprises: receive a message; Extract the value of feature field in the described message, generate a message characteristic; Calculate a cryptographic Hash according to described message characteristic; In the matched rule table, search corresponding matched rule according to described cryptographic Hash, described message characteristic and this matched rule are mated; Described matched rule table is a Hash table of preserving matched rule; After the match is successful, determine that the pairing type of message of described matched rule is the type of message of described message.
A kind of device that can discern type of message comprises: the message receiver module is used to receive message; The message characteristic extraction module is used for extracting the feature field of described message, generates a message characteristic; Message characteristic cryptographic Hash computing module is used for calculating a cryptographic Hash according to described message characteristic; Matched rule is searched module, is used for searching corresponding matched rule and mating with this matched rule at described matched rule table according to described cryptographic Hash; Described matched rule table is a Hash table of preserving matched rule; After the match is successful, determine that the pairing type of message of described matched rule is the type of message of described message.
Use the technology that the embodiment of the invention provides, introduce Hash table and store matched rule as the matched rule table, by extracting the feature field of message, it and the matched rule that is stored in the Hash table are in advance compared, realize the quick identification of type of message, thereby the time complexity of coupling has been reduced to other O of constant level (1) by O (n).
Description of drawings
Fig. 1 is an embodiment of the invention constructing matching rule list method flow schematic diagram one;
Fig. 2 is an embodiment of the invention constructing matching rule list method flow schematic diagram two;
Fig. 3 is the apparatus structure schematic diagram of embodiment of the invention constructing matching rule list;
Fig. 4 is the method flow schematic diagram one of embodiment of the invention identification type of message;
Fig. 5 is the method flow schematic diagram two of embodiment of the invention identification type of message;
Fig. 6 is the apparatus structure schematic diagram of embodiment of the invention identification type of message.
Embodiment
For making purpose of the present invention, technical characterictic and implementation result clearer, below in conjunction with the accompanying drawings and the specific embodiments technical scheme of the present invention is described in detail.Embodiment provided by the invention provides the method for setting up the matched rule table and carrying out the message coupling based on Hash table in order to overcome low problem and the defective of matched rule table search efficiency that exists in the prior art.
Among the embodiment provided by the invention, provide a kind of method of constructing matching rule list, as shown in Figure 1, comprising:
Step 101, the pairing cryptographic Hash of matched rule of calculating type of message correspondence; Described matched rule forms according to the message characteristic structure, and the type of having described a message is the condition that described type of message need satisfy;
Use the technology that present embodiment provides, with the different type of message of matched rule table record, for realizing on the network equipment of handling multiple message types at needs such as switch, routers that the quick identification type of message provides feasible program.
Be the flow process that fully discloses structure one matched rule table in the present embodiment, be without loss of generality that there is a concrete type of message type in setting, message pkt, then the feature field C (pkt) with matched rule R (type) and message is expressed as:
R(type)={Condition1,Condition2,...,Conditionn} (1)
C(pkt)={Field1:value1,Field2:value2,...,Fieldn:valuen}(2)
In the formula (1), Condition1, Condition2 etc. have provided a series of conditions that type of message type need satisfy; In the formula (2), provided the title and the value of each feature field of message pkt.
In the matching process, the value of one or more feature field of message is extracted, note is made C (pkt), and C (pkt) and the matched rule R (type) that determines are compared, and reaches a conclusion according to comparing result; If C (pkt) satisfies the described condition of R (type), then pkt is exactly the message of this type of message of type, otherwise pkt is not the type message.
For example, the type of message of a message is that the necessary and sufficient condition of ARP is: owing to be the Ethernet message type, so to have value in this message be the EtherType field EthType of 0x0806, the matched rule of ARP message can be designated as:
R(arp)={EthType=0x0806}
Therefore, according to given arbitrary message pkt, the EtherType that extracts this message pkt constitutes the message characteristic field, is designated as:
C(pkt)={EthType:<ethType>}。Wherein,<and ethType〉be the value of the actual EtherType of this message pkt; If<ethType〉value be 0x0806, illustrate that message pkt satisfies matched rule R (arp), can judge that pkt is an arp message, otherwise not be the arp message.
In like manner, the matched rule of ospf message is designated as:
R(ospf)={EthType=0x0800,IPVersion=4,Protocol=0x59}
That is, when the EtherType of message be 0x0800, IP version number be 4, when protocol number is 0x59, this message just can be considered to the ospf message.
By foregoing description as can be known,, depend on the value of one or more specific fields in the message, and the information of other fields (as user data) can not influence the judgement of type of message in the message for the identification of type of message.These specific fields multidigits are in each layer packet header of message, relative position is fixed, so technology of using present embodiment to provide, only need the specific fields that from message, to extract to compare with different matched rules in the matched rule table, just can judge the type of message that message is whether corresponding, than the way of byte-by-byte analytic message, improved the efficient of judging type of message.
In the present embodiment, provided a kind of method of structure of comparatively general definition matched rule:
R={
{Valid,DstMac=DST_MAC},
{Valid,EthType=ETHTYPE},
{Valid,Protocol=PROTOCOL},
{Valid,SrcPort=SRC_PORT},
{Valid,DstPort=DST_PORT},
{Valid,ExtendedCondition}
}
Obviously, matched rule R is made of 6 inspection conditions, each inspection condition comprises the value requirement on a sign Valid and the right side, wherein, sign Valid is used to refer in this inspection condition, and whether the condition of right side correspondence must be satisfied: if this sign Valid then checks message according to given field value for true, if be false, then needn't satisfy this corresponding condition to message.Last inspection condition can be that condition is checked in any one expansion that must examine, can adopt an equation or other any type of expression formulas, for example can represent with the function of complexity, so that satisfy some special coupling demand.
The matched rule of all type of messages that transmit in the Ethernet all can be described with said structure, and a series of matched rules insert and promptly constitute a matched rule table in the Hash table.The foundation of matched rule table need be determined the cryptographic Hash of each matched rule, the cryptographic Hash of this matched rule need be mapped with the cryptographic Hash of calculating gained, therefore, can only calculate according to the some specific inspection field in the matched rule, the critical field that this specific inspection field is this matched rule is designated as key.
Different matched rules might not all can be checked same critical field, therefore can't use the next critical field as matched rule of certain fixing feature field.The calculating of cryptographic Hash need select a suitable critical field to calculate according to every matched rule characteristics separately.
In the present embodiment, for Ethernet form message, this form message EthType/Len field is represented the EtherType of message greater than 0x0600, be this class message matched rule must the searching section; For non-Ethernet form message, its EthType/Len field is not more than 0x0600, does not represent the EtherType of message, but its purpose MAC has clear and definite feature usually, can be used for discerning type of message.Therefore, every matched rule, in purpose MAC field and EthType/Len field, have at least one be need to check must the searching section.
Below described cryptographic Hash computational methods, just be based on these characteristics, determined the critical field of matched rule, just can use a hash function calculate the cryptographic Hash hash_code of current matched rule according to its value:
hash_code=Hash(key) (3)
Usually in using, all need to distinguish type of message by protocol application; Find by the form of analyzing various messages, in being applied to the message of Ethernet, can discern according to one or several the value in following each feature field:
Purpose MAC (DstMac), EtherType (EthType), IP message protocol number (Protocol), source port number (SrcPort), destination slogan (DstPort) etc.
The cryptographic Hash of determining that the matched rule correspondence has been arranged, matched rule just can be inserted Hash table according to this cryptographic Hash and constitute described matched rule table.As shown in Figure 2, provided the flow process of setting up the matched rule table based on above-mentioned feature field as critical field:
Step 209 according to the cryptographic Hash hash_code that calculates, is inserted matched rule in the matched rule table.
Step 210 judges whether in addition type of messages of being identified of needing more, if do not change step 211, if having then return step 201.
Because the calculating to cryptographic Hash in the different matched rules might not be according to identical critical field, therefore there is the identical possibility of cryptographic Hash in different matched rules, promptly may have conflict between the different matched rules in the matched rule table; Therefore, described cryptographic Hash deposits described matched rule in one Hash table in and further comprises: described Hash table can be supported the chain that conflicts; When matched rule that too much matched rule has identical cryptographic Hash occurring and insert described matched rule table, described Hash table is set up voluntarily and is safeguarded that a conflict chain is to realize the preservation of these matched rules.Promptly the cryptographic Hash when different matched rules is identical, and Hash table can be set up a conflict chain automatically and preserve these matched rules.The initial table space size of matched rule table if can rationally be set, perhaps change cryptographic Hash computing function Hash (key), can reduce even eliminate the possibility that conflict occurs." occurring too much " in the present embodiment is meant that the number of the matched rule with identical cryptographic Hash has exceeded the predefined limit that can tolerate.
The method that the foregoing description provides can be applied to the every field of network security.
Corresponding with the method that is provided, present embodiment provides a kind of device of constructing matching rule list, as shown in Figure 3, comprises at least:
Cryptographic Hash computing module 301 is used to calculate the cryptographic Hash of the matched rule correspondence of type of message correspondence; Described matched rule forms according to the message characteristic structure, and the type of having described message is the condition that described type of message need satisfy;
The matched rule table is set up module 302, is used for depositing described matched rule in a Hash table according to described cryptographic Hash, forms one and is used for the matched rule table that type of message is discerned.
Use the technology that present embodiment provides,, provide dependable technology for realizing type of message identification fast on the network equipment of handling the polytype message at needs such as switch, routers with the different type of message of matched rule table record.
Can also comprise: correcting module 303, be connected with cryptographic Hash computing module 301, add up different matched rules and the identical situation of cryptographic Hash occurs, be used for when the cryptographic Hash that too much matched rule occurs is identical, reset the table space size of described Hash table, perhaps change the hash function that is used to calculate described cryptographic Hash; Set up module 302 with the matched rule table and be connected, set up module 302 for described matched rule table and rebulid a matched rule table, the conflict between the cryptographic Hash of different matched rules is reduced to a predetermined extent; Improve with this and to have the matched rule performance in when conflict.These adjustment should be determined in the design phase.
In the present embodiment,, use this matched rule table and carry out the message coupling, a kind of method of discerning type of message is provided, as shown in Figure 4, specifically comprise based on the constructed matched rule table of the above-mentioned technical scheme that provides:
Step 401 receives a message;
Step 402 is extracted the value of feature field in the described message, generates a message characteristic;
Step 403 calculates a cryptographic Hash according to described message characteristic;
Step 405 after the match is successful, determines that the pairing type of message of described matched rule is the type of message of described message.
Use the technology that present embodiment provides, improve at lower problem and the defective of matched rule table search efficiency that exists in the prior art, introduce Hash table and stored the matched rule table, by extracting the feature field of message, it and the matched rule that is stored in the Hash table are in advance compared, realize the quick identification of type of message, thereby the time complexity of coupling has been reduced to other O of constant level (1) by O (n).
Message coupling is to be selected critical field and calculated cryptographic Hash by message characteristic, and cryptographic Hash compares with different matched rule in the matched rule table in view of the above.Because the possibility that has conflict is arranged in the matched rule table, according to cryptographic Hash find article one matched rule might not the match is successful, therefore may need traversal conflict chain, successively with the chain that conflict on part or all of matched rule mate, until the match is successful or all get nowhere.
Most of message can be discerned according to one or several the value in following each field: purpose Media Access Control address (Dst MAC), EtherType (EthType), IP message protocol number (Protocol), source port number (SrcPort), destination slogan (DstPort) etc.The flow chart of message coupling as shown in Figure 5 for any message, comprising:
Whether step 502, the value of judging EthType/Len if change step 504, otherwise change step 503 greater than 0x0600.
Step 507 by the value of the critical field Key that obtains in step 503, step 505 or the step 506, calculates the cryptographic Hash hash_code of this message in the extraction message.Therefore the message of the ETHERNET form of the right and wrong IP that this step 507 is handled in fact is critical field Key with EthType.
Step 508 uses described hash_code that the matched rule table is carried out Hash lookup, attempts finding next bar matched rule R (hash_code) of this hash_code correspondence;
Step 509 judges whether search matched rule R (hash_code) exists, and changes step 510 if exist, otherwise changes step 512.
Step 510 has found R (hash_code), with the message characteristic of message therewith matched rule compare coupling;
Judge whether that the match is successful,, otherwise change step 508 if change step 511.
Mating unsuccessful reason is the matched rule that does not find the feature that can describe message to be matched in the matched rule table.
Selecting different feature field as critical field according to message, is corresponding with selecting critical field according to the characteristics of matched rule in the previous embodiment, and also uses identical hash function calculating cryptographic Hash separately, thereby finds matched rule fast.
With the message matching process accordingly, present embodiment provides a kind of device that can discern type of message, as shown in Figure 6, comprising:
Message characteristic extraction module 602 is used for extracting the feature field of described message, generates a message characteristic.
Message characteristic cryptographic Hash computing module 603 is used for calculating a cryptographic Hash according to described message characteristic.
Matched rule is searched module 604, is used for searching corresponding matched rule and mating with this matched rule at a matched rule table according to described cryptographic Hash; Described matched rule table is a Hash table of preserving matched rule;
After the match is successful, determine that the pairing type of message of described matched rule is the type of message of described message.
Use the technology that present embodiment provides, improve at lower problem and the defective of matched rule table search efficiency that exists in the prior art, introduce Hash table and stored the matched rule table, by extracting the feature field of message, it and the matched rule that is stored in the Hash table are in advance compared, realize the quick identification of type of message, the mode with respect to adopting linear list storage matched rule has been reduced to other O of constant level (1) with the time complexity that mates by O (n).
For all can be processed when arbitrarily message pkt is received by device, matched rule and matched rule table should be ready to when device is carried out initialization, therefore also comprise:
Matched rule table memory module is used to store described matched rule and matched rule table, and promptly matched rule is to determine in advance, and is stored in the device standby with the form of matched rule table.
Embodiments of the invention have following beneficial effect, improve at lower problem and the defective of matched rule table search efficiency that exists in the prior art, introduced Hash table and stored the matched rule table, thereby the time complexity of coupling has been reduced to O (1).
Should be noted that above embodiment is only unrestricted in order to technical scheme of the present invention to be described, all parameter values can be according to the actual conditions adjustment, and in this rights protection scope.Those of ordinary skill in the art should be appreciated that and can make amendment or be equal to replacement technical scheme of the present invention, and do not break away from the spiritual scope of technical solution of the present invention, and it all should be encompassed in the middle of the claim scope of the present invention.
Claims (12)
1. the method for a constructing matching rule list is characterized in that, comprising:
Calculate the cryptographic Hash of the matched rule of type of message correspondence; Described matched rule forms according to the message characteristic structure, and the type of having described a message is the condition that described type of message need satisfy;
According to described cryptographic Hash described matched rule is deposited in the Hash table, form one and be used for the matched rule table that type of message is discerned.
2. method according to claim 1 is characterized in that, described matched rule comprises at least one condition that should satisfy, and each condition is the value that a feature field should be got;
In the message that is transmitted in Ethernet, described feature field comprises:
In purpose Media Access Control address, EtherType, IP message protocol number, source port number, the destination slogan at least one.
3. method according to claim 1 is characterized in that, the cryptographic Hash of calculating described matched rule further comprises:
Determine a critical field of a described matched rule, use a hash function to calculate the cryptographic Hash of described matched rule according to described critical field.
4. method according to claim 1 is characterized in that, according to described cryptographic Hash described matched rule is deposited in the Hash table further to comprise:
Described Hash table can be supported the chain that conflicts;
When the matched rule that identical cryptographic Hash occurs too much having inserted described matched rule table, described Hash table was set up voluntarily and is safeguarded that described conflict chain is to realize the preservation of these described matched rules.
5. the device of a constructing matching rule list is characterized in that, comprising:
The cryptographic Hash computing module is used to calculate the cryptographic Hash of the matched rule of type of message correspondence; Described matched rule forms according to the message characteristic structure, and the type of having described message is the condition that described type of message need satisfy;
The matched rule table is set up module, is used for depositing described matched rule in a Hash table according to described cryptographic Hash, forms one and is used for the matched rule table that type of message is discerned.
6. device according to claim 5 is characterized in that,
Correcting module is used for resetting the table space size of described Hash table when the cryptographic Hash that too much matched rule occurs is identical, perhaps changes the hash function that is used to calculate described cryptographic Hash; Rebulid a matched rule table, the conflict between the cryptographic Hash of different matched rules is reduced to a predetermined extent.
7. a method of discerning type of message is characterized in that, comprising:
Receive a message;
Extract the value of feature field in the described message, generate a message characteristic;
Calculate a cryptographic Hash according to described message characteristic;
In the matched rule table, search corresponding matched rule according to described cryptographic Hash, described message characteristic and this matched rule are mated; Described matched rule table is a Hash table of preserving matched rule;
After the match is successful, determine that the pairing type of message of described matched rule is the type of message of described message.
8. method according to claim 7 is characterized in that,
In the matched rule table, search corresponding matched rule according to described cryptographic Hash, described message characteristic and this matched rule are mated further comprise:
When the value of each described feature field in the described message was consistent with the value of each the corresponding feature field that must examine in the described matched rule, the match is successful;
Also comprise the expansion inspection condition that must examine in described matched rule, then described message also need satisfy described expansion inspection, and condition can the match is successful.
9. method according to claim 7 is characterized in that, searches corresponding matched rule according to described cryptographic Hash in a matched rule table, described message characteristic and this matched rule is mated further comprise:
After finding a described matched rule according to described cryptographic Hash, described message characteristic and described matched rule do not match, and when more matched rules corresponding with this cryptographic Hash arranged in the matched rule table, travel through other matched rules corresponding in the described matched rule table, mate with every the matched rule that finds successively with this cryptographic Hash.
10. method according to claim 7 is characterized in that, described matched rule comprises at least one condition that should satisfy, and each condition is the value that a feature field should be got;
In the message that is transmitted in Ethernet, described feature field comprises:
In purpose Media Access Control address, EtherType, IP message protocol number, source port number, the destination slogan at least one.
11. method according to claim 7 is characterized in that, described message characteristic and this matched rule is mated further comprise:
Described message satisfies the expansion that sets in advance and checks condition.
12. the device that can discern type of message is characterized in that, comprising:
The message receiver module is used to receive message;
The message characteristic extraction module is used for extracting the feature field of described message, generates a message characteristic;
Message characteristic cryptographic Hash computing module is used for calculating a cryptographic Hash according to described message characteristic;
Matched rule is searched module, is used for searching corresponding matched rule and mating with this matched rule at described matched rule table according to described cryptographic Hash; Described matched rule table is a Hash table of preserving matched rule;
After the match is successful, determine that the pairing type of message of described matched rule is the type of message of described message.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CNA2009100856001A CN101562612A (en) | 2009-05-26 | 2009-05-26 | Method and device for constructing matching rule list and recognizing message type |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CNA2009100856001A CN101562612A (en) | 2009-05-26 | 2009-05-26 | Method and device for constructing matching rule list and recognizing message type |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN101562612A true CN101562612A (en) | 2009-10-21 |
Family
ID=41221232
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CNA2009100856001A Pending CN101562612A (en) | 2009-05-26 | 2009-05-26 | Method and device for constructing matching rule list and recognizing message type |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN101562612A (en) |
Cited By (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102143074A (en) * | 2011-03-25 | 2011-08-03 | 中兴通讯股份有限公司 | Method and system for sharing network load and network processor |
| CN102646097A (en) * | 2011-02-18 | 2012-08-22 | 腾讯科技(深圳)有限公司 | Clustering method and device |
| CN104125107A (en) * | 2013-04-25 | 2014-10-29 | 上海斐讯数据通信技术有限公司 | EPON system and testing device of OAM extension message and method thereof |
| CN107911315A (en) * | 2017-11-17 | 2018-04-13 | 成都西加云杉科技有限公司 | Packet classification method and the network equipment |
| CN111211981A (en) * | 2019-12-30 | 2020-05-29 | 杭州迪普科技股份有限公司 | Message forwarding method and device based on policy routing |
| CN112307275A (en) * | 2019-07-30 | 2021-02-02 | 北京国电智深控制技术有限公司 | Information processing method and device and computer storage medium |
| CN112367262A (en) * | 2020-08-20 | 2021-02-12 | 国家计算机网络与信息安全管理中心 | Matching method and device for quintuple rule |
| CN113572761A (en) * | 2021-07-22 | 2021-10-29 | 四川英得赛克科技有限公司 | Equipment identification method and device, electronic equipment and storage medium |
| CN117439898A (en) * | 2023-12-22 | 2024-01-23 | 深圳万物安全科技有限公司 | Network device identification method, network device identification device, and storage medium |
-
2009
- 2009-05-26 CN CNA2009100856001A patent/CN101562612A/en active Pending
Cited By (14)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102646097B (en) * | 2011-02-18 | 2019-04-26 | 腾讯科技(深圳)有限公司 | A kind of clustering method and device |
| CN102646097A (en) * | 2011-02-18 | 2012-08-22 | 腾讯科技(深圳)有限公司 | Clustering method and device |
| CN102143074B (en) * | 2011-03-25 | 2015-09-16 | 中兴通讯股份有限公司 | The sharing method of network load, system and network processing unit |
| CN102143074A (en) * | 2011-03-25 | 2011-08-03 | 中兴通讯股份有限公司 | Method and system for sharing network load and network processor |
| CN104125107B (en) * | 2013-04-25 | 2018-02-13 | 上海斐讯数据通信技术有限公司 | The test device and method of EPON system and its OAM amplifying messages |
| CN104125107A (en) * | 2013-04-25 | 2014-10-29 | 上海斐讯数据通信技术有限公司 | EPON system and testing device of OAM extension message and method thereof |
| CN107911315A (en) * | 2017-11-17 | 2018-04-13 | 成都西加云杉科技有限公司 | Packet classification method and the network equipment |
| CN112307275A (en) * | 2019-07-30 | 2021-02-02 | 北京国电智深控制技术有限公司 | Information processing method and device and computer storage medium |
| CN111211981A (en) * | 2019-12-30 | 2020-05-29 | 杭州迪普科技股份有限公司 | Message forwarding method and device based on policy routing |
| CN112367262A (en) * | 2020-08-20 | 2021-02-12 | 国家计算机网络与信息安全管理中心 | Matching method and device for quintuple rule |
| CN113572761A (en) * | 2021-07-22 | 2021-10-29 | 四川英得赛克科技有限公司 | Equipment identification method and device, electronic equipment and storage medium |
| CN113572761B (en) * | 2021-07-22 | 2023-06-30 | 四川英得赛克科技有限公司 | Equipment identification method and device, electronic equipment and storage medium |
| CN117439898A (en) * | 2023-12-22 | 2024-01-23 | 深圳万物安全科技有限公司 | Network device identification method, network device identification device, and storage medium |
| CN117439898B (en) * | 2023-12-22 | 2024-03-12 | 深圳万物安全科技有限公司 | Network device identification method, network device identification device, and storage medium |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN101562612A (en) | Method and device for constructing matching rule list and recognizing message type | |
| US9712559B2 (en) | Identifying frames | |
| US20150033343A1 (en) | Method, Apparatus, and Device for Detecting E-Mail Attack | |
| CN108206814A (en) | A kind of method, apparatus and system for defending DNS attacks | |
| US20080295163A1 (en) | Method and Apparatus for Updating Anti-Replay Window in Ipsec | |
| US7599364B2 (en) | Configurable network connection address forming hardware | |
| US11178114B2 (en) | Data processing method, device, and system | |
| CN104348716A (en) | Message processing method and equipment | |
| CN106357660B (en) | Method and device for detecting forged source IP in DDOS defense system | |
| US8336098B2 (en) | Method and apparatus for classifying harmful packet | |
| US20160094517A1 (en) | Apparatus and method for blocking abnormal communication | |
| CN106534068B (en) | Method and device for cleaning counterfeit source IP in DDOS defense system | |
| CN108377262A (en) | Manage the method for the service chaining at the network equipment, the corresponding network equipment | |
| EP2112802B1 (en) | Packet transfer controlling apparatus and packet transfer controlling method | |
| US11838318B2 (en) | Data plane with connection validation circuits | |
| US10348751B2 (en) | Device, system and method for extraction of malicious communication pattern to detect traffic caused by malware using traffic logs | |
| WO2017157335A1 (en) | Message identification method and device | |
| CN112583827B (en) | Data leakage detection method and device | |
| CN113709129A (en) | White list generation method, device and system based on traffic learning | |
| US9497083B1 (en) | Discovering network nodes | |
| CN115190056B (en) | Method, device and equipment for identifying and analyzing programmable flow protocol | |
| US7995595B1 (en) | Method for efficiently detecting node addresses | |
| RU2622788C1 (en) | Method for protecting information-computer networks against cyber attacks | |
| US10015179B2 (en) | Interrogating malware | |
| CN110808972B (en) | Data stream identification method and device |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C12 | Rejection of a patent application after its publication | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20091021 |