CN102790704A - Data packet detection method and device for resistance characteristics of pressure field - Google Patents
Data packet detection method and device for resistance characteristics of pressure field Download PDFInfo
- Publication number
- CN102790704A CN102790704A CN2011103871015A CN201110387101A CN102790704A CN 102790704 A CN102790704 A CN 102790704A CN 2011103871015 A CN2011103871015 A CN 2011103871015A CN 201110387101 A CN201110387101 A CN 201110387101A CN 102790704 A CN102790704 A CN 102790704A
- Authority
- CN
- China
- Prior art keywords
- characteristic
- data packet
- packet
- traditional
- data bag
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Landscapes
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention provides a data packet detection method and device for resistance characteristics of a pressure field. According to the detection method and the device, a traditional feature code is divided to form a feature code group on the base of the detection technology of the traditional feature codes, the characteristics of the feature code group are matched with a sequence of the sorted data packet content, and if any characteristic is successfully matched, a data packet is determined to be a malice data packet, otherwise the data packet is a safe data packet. By the adoption of the feature code group to detect the data packet, the situation that a traditional single feature code is out of the range of one data packet is effectively avoided, and the probability of matching a suspecting malice code in the data packet with the feature code is increased.
Description
Technical field
The present invention relates to the network security detection range, particularly a kind of anti-characteristic is pressed the packet detection method and the device on boundary.
Background technology
In the network security detection range, it is the malicious code detection technique of present main flow that condition code detects, and detects suspect code through the condition code of from malicious code in the past, extracting with universality, judges to reach preliminary whether this suspect code belongs to malicious code.The condition code detection technique is in detecting process data packet, and the problem that possibly run into is that single condition code is comprised in a plurality of packets, causes not detect this condition code, is security code thereby one section malicious code is judged by accident, judges by accident.
Summary of the invention
The invention provides a kind of anti-characteristic and press the packet detection method and the device on boundary, solved traditional single condition code and be comprised in a plurality of packets, thus the situation of generation erroneous judgement.
A kind of anti-characteristic is pressed the packet detection method on boundary, comprising:
The traditional characteristic sign indicating number is split, form the characteristic code character;
Packet content after characteristic in the characteristic code character and the ordering is mated in proper order, if the success of arbitrary characteristic matching, then the specified data bag is the malicious data bag, otherwise is the secure data bag.
In the described method, condition code is according to traditional characteristic sign indicating number sequence arrangement in the described characteristic code character.
A kind of anti-characteristic is pressed the packet checkout gear on boundary, comprising:
Memory module is used for storage and the traditional characteristic sign indicating number is split the characteristic code character of formation;
Matching module is used for the characteristic of characteristic code character and the packet content after the ordering are mated in proper order, if the success of arbitrary characteristic matching, then the specified data bag is the malicious data bag, otherwise is the secure data bag.
In the described device, condition code is according to traditional characteristic sign indicating number sequence arrangement in the described characteristic code character.
The present invention provides a kind of anti-characteristic to press the packet detection method and the device on boundary; On traditional characteristic sign indicating number detection technique basis, the traditional characteristic sign indicating number is split, form the characteristic code character; Packet content after characteristic in the characteristic code character and the ordering is mated in proper order; If arbitrary characteristic matching success, then the specified data bag is the malicious data bag, otherwise is the secure data bag.Detect packet with the characteristic code character, effectively avoided situation, the probability of doubtful malicious code and condition code coupling in the increase packet because of the out-of-bounds in a packet of the single condition code of tradition.
Description of drawings
In order to be illustrated more clearly in the present invention or technical scheme of the prior art; To do to introduce simply to the accompanying drawing of required use in embodiment or the description of the Prior Art below; Obviously, the accompanying drawing in describing below only is some embodiment that put down in writing among the present invention, for those of ordinary skills; Under the prerequisite of not paying creative work, can also obtain other accompanying drawing according to these accompanying drawings.
Fig. 1 is the packet detection method flow chart that anti-characteristic is pressed the boundary;
Fig. 2 is the packet checkout gear structure chart that anti-characteristic is pressed the boundary;
Fig. 3 is a traditional data packet inspection technical sketch map;
Fig. 4 is the packet detection technique sketch map that anti-characteristic is pressed the boundary.
Embodiment
In order to make those skilled in the art person understand the technical scheme in the embodiment of the invention better, and make above-mentioned purpose of the present invention, feature and advantage can be more obviously understandable, below in conjunction with accompanying drawing technical scheme among the present invention done further detailed explanation.
The invention provides a kind of anti-characteristic and press the packet detection method and the device on boundary, solved traditional single condition code and be comprised in a plurality of packets, thus the situation of generation erroneous judgement.
A kind of anti-characteristic is pressed the packet detection method on boundary, and is as shown in Figure 1, comprising:
S101: the traditional characteristic sign indicating number is split, form the characteristic code character;
S102: the packet content after characteristic in the characteristic code character and the ordering is mated in proper order, if the success of arbitrary characteristic matching, then the specified data bag is the malicious data bag, otherwise is the secure data bag.
In the described method, condition code is according to traditional characteristic sign indicating number sequence arrangement in the described characteristic code character.
A kind of anti-characteristic is pressed the packet checkout gear on boundary, and is as shown in Figure 2, comprising:
Memory module 201 is used for storage and the traditional characteristic sign indicating number is split the characteristic code character of formation;
Matching module 202 is used for the characteristic of characteristic code character and the packet content after the ordering are mated in proper order, if the success of arbitrary characteristic matching, then the specified data bag is the malicious data bag, otherwise is the secure data bag.
In the described device, condition code is according to traditional characteristic sign indicating number sequence arrangement in the described characteristic code character.
The condition code testing process of packet is carried out after packet sequence is arranged again; For technical scheme of the present invention is described; With two condition codes is that one group characteristic code character explains that anti-characteristic presses the packet detection technique on boundary, but is not limited to the mode of other characteristic code characters.
As shown in Figure 3; Be traditional data packet inspection technical sketch map: the traditional characteristic sign indicating number possibly be comprised in continuous a plurality of packets; When therefore coming the matching network packet according to existing traditional characteristic sign indicating number detection technique; If traditional characteristic sign indicating number 301 is comprised in respectively among packet a302, the packet b303, then when detecting owing to can't detect complete traditional characteristic sign indicating number 301, draw the result who does not contain condition code in this series data bag.The situation of this condition code in the different pieces of information bag is called characteristic and presses the boundary.
As shown in Figure 4, be the packet detection technique sketch map on the anti-characteristic pressure of the present invention circle: above-mentioned traditional characteristic sign indicating number 301 is split, form the characteristic code character, comprise condition code a401 and condition code b402; Packet content after characteristic in the characteristic code character and the ordering is mated in proper order; Be about to condition code a401 and packet a403 coupling; Press boundary's situation owing to produce characteristic; Therefore in packet a403, can't detect condition code a401, but then necessarily comprise condition code b402 among the packet b404, so the judgment data bag is the malicious data bag.
The present invention provides a kind of anti-characteristic to press the packet detection method and the device on boundary; On traditional characteristic sign indicating number detection technique basis, the traditional characteristic sign indicating number is split, form the characteristic code character; Packet content after characteristic in the characteristic code character and the ordering is mated in proper order; If arbitrary characteristic matching success, then the specified data bag is the malicious data bag, otherwise is the secure data bag.Detect packet with the characteristic code character, effectively avoided situation, the probability of doubtful malicious code and condition code coupling in the increase packet because of the out-of-bounds in a packet of the single condition code of tradition.
The traditional characteristic sign indicating number is split described in the present invention forms the characteristic code character, is with the segmentation of traditional characteristic sign indicating number; Therefore be continuous between every section condition code; Therefore other can show the condition code extracting mode of same form, as obtaining condition code etc. continuously, all in this patent protection range.
Though described the present invention through embodiment, those of ordinary skills know, the present invention has many distortion and variation and do not break away from spirit of the present invention, hope that appended claim comprises these distortion and variation and do not break away from spirit of the present invention.
Claims (4)
1. the packet detection method on an anti-characteristic pressure circle is characterized in that, comprising:
The traditional characteristic sign indicating number is split, form the characteristic code character;
Packet content after characteristic in the characteristic code character and the ordering is mated in proper order, if the success of arbitrary characteristic matching, then the specified data bag is the malicious data bag, otherwise is the secure data bag.
2. the method for claim 1 is characterized in that, condition code is according to traditional characteristic sign indicating number sequence arrangement in the described characteristic code character.
3. the packet checkout gear on an anti-characteristic pressure circle is characterized in that, comprising:
Memory module is used for storage and the traditional characteristic sign indicating number is split the characteristic code character of formation;
Matching module is used for the characteristic of characteristic code character and the packet content after the ordering are mated in proper order, if the success of arbitrary characteristic matching, then the specified data bag is the malicious data bag, otherwise is the secure data bag.
4. device as claimed in claim 3 is characterized in that, condition code is according to traditional characteristic sign indicating number sequence arrangement in the described characteristic code character.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2011103871015A CN102790704A (en) | 2011-11-29 | 2011-11-29 | Data packet detection method and device for resistance characteristics of pressure field |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2011103871015A CN102790704A (en) | 2011-11-29 | 2011-11-29 | Data packet detection method and device for resistance characteristics of pressure field |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN102790704A true CN102790704A (en) | 2012-11-21 |
Family
ID=47156011
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN2011103871015A Pending CN102790704A (en) | 2011-11-29 | 2011-11-29 | Data packet detection method and device for resistance characteristics of pressure field |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN102790704A (en) |
Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1783838A (en) * | 2005-10-21 | 2006-06-07 | 清华大学 | High speed block detecting method based on stated filter engine |
| CN101414914A (en) * | 2008-11-26 | 2009-04-22 | 北京星网锐捷网络技术有限公司 | Method and apparatus for filtrating data content, finite state automata and conformation apparatus |
-
2011
- 2011-11-29 CN CN2011103871015A patent/CN102790704A/en active Pending
Patent Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1783838A (en) * | 2005-10-21 | 2006-06-07 | 清华大学 | High speed block detecting method based on stated filter engine |
| CN101414914A (en) * | 2008-11-26 | 2009-04-22 | 北京星网锐捷网络技术有限公司 | Method and apparatus for filtrating data content, finite state automata and conformation apparatus |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN103761507B (en) | Local multi-value pattern face recognition method based on Weber law | |
| CN103679018A (en) | Method and device for detecting CSRF loophole | |
| CN103955660A (en) | Method for recognizing batch two-dimension code images | |
| CN105678455A (en) | Method and system for monitoring transaction risk | |
| CN103020807A (en) | Information display method and system | |
| CN106886707B (en) | Image authentication method and device | |
| CN103294953B (en) | A kind of mobile phone malicious code detecting method and system | |
| CN102642664A (en) | Anti-counterfeiting bottle with random coded lock and anti-counterfeiting method | |
| CN105792152A (en) | Method and device for recognizing pseudo base station short message | |
| CN104750791A (en) | Image retrieval method and device | |
| CN107885989A (en) | Signing messages acquisition method, signature verification method and electric signing system | |
| CN114021556A (en) | Log sensitive data detection method and system based on natural language processing technology | |
| CN103152347B (en) | A kind of method that microblogging sham publicity is pointed out | |
| CN102790704A (en) | Data packet detection method and device for resistance characteristics of pressure field | |
| CN103761538A (en) | Traffic sign recognition method based on shape feature invariant subspace | |
| CN104111932A (en) | Recognition method and device of ID (identity) card numbers | |
| CN106685963B (en) | Establishment method and establishment system of malicious network traffic word stock | |
| CN102542183A (en) | Method and system for detecting copyright of network literature | |
| CN105138894B (en) | A kind of identifying code safety defense method, system and device | |
| CN112085081B (en) | Sewage component detection method and system | |
| CN205486113U (en) | Electronic seal | |
| CN205334525U (en) | Intelligence electron antifalsification label system | |
| CN103793672B (en) | Anti-fake authentication method, system and identification | |
| CN106156591A (en) | A kind of smart phone user Transparent Authentication method under cloud environment | |
| CN105653959A (en) | Method and system for identifying counterfeited website on the basis of functional image |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C53 | Correction of patent of invention or patent application | ||
| CB02 | Change of applicant information |
Address after: 100080 Haidian District City, Zhongguancun, the main street, No. 1 Hailong building, room 1415, room 14 Applicant after: Beijing Antiy Electronic Installation Co., Ltd. Address before: 100084, 2B-521, bright city, No. 1, Nongda South Road, Beijing, Haidian District Applicant before: Beijing Antiy Electronic Installation Co., Ltd. |
|
| C12 | Rejection of a patent application after its publication | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20121121 |