CN102821100B - Method for realizing streaming file system based on security gateway of network application layer - Google Patents

Method for realizing streaming file system based on security gateway of network application layer Download PDF

Info

Publication number
CN102821100B
CN102821100B CN201210259257.XA CN201210259257A CN102821100B CN 102821100 B CN102821100 B CN 102821100B CN 201210259257 A CN201210259257 A CN 201210259257A CN 102821100 B CN102821100 B CN 102821100B
Authority
CN
China
Prior art keywords
data
message
security gateway
file
decollator
Prior art date
Application number
CN201210259257.XA
Other languages
Chinese (zh)
Other versions
CN102821100A (en
Inventor
陈国斌
于颖
王智辉
宋苏宇
管勇
赵满满
时兴华
王利娟
苏云玲
Original Assignee
河南省信息中心
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 河南省信息中心 filed Critical 河南省信息中心
Priority to CN201210259257.XA priority Critical patent/CN102821100B/en
Publication of CN102821100A publication Critical patent/CN102821100A/en
Application granted granted Critical
Publication of CN102821100B publication Critical patent/CN102821100B/en

Links

Abstract

The invention discloses a method for realizing a streaming file system based on a security gateway of a network application layer. With the adoption of the method, the streaming file system can be virtualized, number of messages in buffer is reduced, and system processing speed and efficiency are improved. The method disclosed by the invention is mainly characterized in that the streaming file system which is similar to a file is virtualized in a kernel; a small quantity of data in the messages are stored by the streaming file system only through the buffer, and uniform operation interfaces are provided externally; the small quantity of data in the buffer and complete field data of a mapping area are delivered to a detecting module of the security gateway in a pointer mapping way so as to be detected, so that the system processing speed and efficiency are increased; and synchronously, the detecting module of the security gateway can be adapted to both MUBFFER structure and SKBUFFER structure of messages, so that transportability and reusability of software can be enhanced.

Description

A kind of streamed file system implementation method of application layer security gateway Network Based

Technical field

The present invention relates to a kind of streamed file system implementation method of application layer security gateway Network Based.

Background technology

Constantly universal along with the extensive use of computer and network, also increasing from network internal and outside Virus.At present, people are setting up an application layer security gateway conventionally between in-house network and extranets or between private network and public network, thereby protection in-house network or private network are avoided disabled user's invasion and the destruction of Virus.Application layer security gateway plays important effect at aspects such as anti-hacking, anti-virus, anti-rubbish mail and network application flow management, and application layer security gateway generally includes the equipment such as IPS equipment, AV equipment, anti-rubbish mail equipment, Application control gateway, ALG, application bandwidth management equipment and UTM.

Osi protocol is formulated by IS0 (International Standards Organization), and it has three basic functions: offer necessary, general concept of developer to develop perfect, can be used for explaining connection different system framework.OSI is divided into following seven layers from top to bottom by computer network architectures (architecture): 7 application layers, 6 presentation layers, 5 session layers, 4 transport layers, 3 network layers, 2 data link layers, 1 physical layer.

The fire compartment wall that at present people generally use mainly works three layers of the second layers to the, and fire compartment wall act on the 4th layer very faint to layer 7.Viral software mainly works to layer 7 at layer 5.Existing application layer security gateway is mainly by reading corresponding interface socket, relevant message all being read out and puts into buffer memory; After having read, then according to the mode of similar file, carry out string matching and matching regular expressions, carry out the subsequent treatment such as anti-hacking, anti-virus, anti-rubbish mail and network application flow management.In processing procedure, there is the mutual of a large amount of message copies and user's space and kernel, so time delay and performance all lower.

Summary of the invention

The streamed file system implementation method that the object of this invention is to provide a kind of application layer security gateway Network Based, can a virtual streamed file system, reduces the message amount in buffer memory, speed and efficiency that raising system is processed.

The present invention adopts following technical proposals:

A streamed file system implementation method for application layer security gateway Network Based, comprises the following steps:

A: when streamed file system detects a newly-built application layer and connects, create a stream file, and application of electronic report layer data is write to stream file by streamed file system;

B: the detection module of security gateway reads the message data of appointment by the fetch interface of stream file, and by string matching and matching regular expressions, message data is detected;

C: after current detection completes, the detection module of security gateway continues the message data in next stream file to detect.

Described B step is further comprising the steps of

Whether B1: streamed file system detects and judges in first message receiving whether comprise complete field, comprise in first message after decollator and decollator without message data, if so, enters step B2; If not, enter step B3;

B2: streamed file system directly shines upon the complete field data of map section mode by pointer is given the detection module of security gateway, then enters step B6;

B3: streamed file system by the data storing in first message in buffer memory, then detect and judge in the subsequent packet receiving, whether to comprise decollator, when streamed file system traverses last decollator in subsequent packet data, if without message data, enter step B4 after decollator; If there is message data after decollator, enter step B5;

B4: streamed file system directly shines upon the data in first message in buffer memory and the complete field data of map section mode by pointer is given the detection module of security gateway, then enters step B6;

B5: streamed file system directly shines upon the whole field data before last decollator in the data in first message in buffer memory and a plurality of map section mode by pointer is given the detection module of security gateway, empty buffer memory, and by file synchronization, operate the message data that the security gateway detection module after decollator is not detected and be stored in buffer memory, then enter step B6;

B6: the detection module of security gateway reads the message data of appointment by the fetch interface of stream file, and by string matching and matching regular expressions, message data is detected, step C then entered.

The present invention is the streamed file system of a virtual similar file in kernel mainly, by streamed file system only by the low volume data in buffer memory message and unified operation-interface is externally provided, the detection module that the mode that a small amount of message data in buffer memory and the complete field data of map section are shone upon by pointer is given security gateway detects, speed and efficiency that raising system is processed; Meanwhile, can make MBUFFER and the SKBUFFER structure of the detection module simultaneous adaptation message of security gateway, improve portability and the durability of software.

Accompanying drawing explanation

Fig. 1 is flow chart of the present invention;

Fig. 2, Fig. 3 and Fig. 4 are respectively the application of electronic report layer data processing method schematic diagram based on resolving the lower three kinds of different structures of mode of SMTP.

Embodiment

Stream of the present invention refers to a series of data messages by equipment; Stream file refers to the corresponding data structure of these messages of storage; Streamed file system refers to the class storage mode being comprised of character string or binary system.

As shown in Figure 1, the present invention includes following steps:

A: when streamed file system detects a newly-built application layer and connects, create a stream file, and application of electronic report layer data is write to stream file by streamed file system;

Whether B1: streamed file system detects and judges in first message receiving whether comprise complete field, comprise in first message after decollator and decollator without message data, if so, enters step B2; If not, enter step B3;

B2: streamed file system directly shines upon the complete field data of map section mode by pointer is given the detection module of security gateway, then enters step B6;

B3: streamed file system by the data storing in first message in buffer memory, then detect and judge in the subsequent packet receiving, whether to comprise decollator, when streamed file system traverses last decollator in subsequent packet data, if without message data, enter step B4 after decollator; If there is message data after decollator, enter step B5;

B4: streamed file system directly shines upon the complete field data in the data in first message in buffer memory and a plurality of map section mode by pointer is given the detection module of security gateway, then enters step B6;

B5: streamed file system directly shines upon the complete field data before last decollator in the data in first message in buffer memory and a plurality of map section mode by pointer is given the detection module of security gateway, then empty buffer memory, and by file synchronization, operate the message data that the security gateway detection module after decollator is not detected and be stored in buffer memory, then enter step B6;

B6: the detection module of security gateway reads the message data of appointment by the fetch interface of stream file, and by string matching and matching regular expressions, message data is detected, step C then entered;

C: after current detection completes, the detection module of security gateway continues the message data in next stream file to detect.

In the present invention, when new message writes stream file, direct copying not, but the map section in stream file is pointed to the application layer data of message, can process respectively by a plurality of map sections the message of network layer burst and application layer segmentation.Owing to there is no copy function, and do not need to process the restructuring of network layer burst and application layer segmentation, greatly improving performance and reduce time delay.

In the mode based on resolving SMTP, be illustrated below:

As shown in Figure 2, when application layer message comprises whole field, be in first message, whether to comprise after decollator and decollator without message data, in first message, include decollator " n ", and after decollator " n " without message data, therefore, in first message, comprise whole field: " abcd ", streamed file system directly shines upon the whole field data of map section " abcd " mode by pointer is given the detection module of security gateway, by detection module, carries out string matching and matching regular expressions detects.

As shown in Figure 3, when first application layer message abcd does not comprise decollator " n ", streamed file system is stored in the data " abcd " in first application layer message in buffer memory, then detect and judge in the subsequent packet receiving, whether to comprise decollator, streamed file system traverses last decollator of comprising in second application layer message data " n ", and after decollator " n " without message data, now, streamed file system directly shines upon the data " abcd " in first application layer message in buffer memory and the whole field data of map section " efgh " mode by pointer is given the detection module of security gateway, by detection module, carry out string matching and matching regular expressions detects.

As shown in Figure 4, when first application layer message " abcd " does not comprise decollator " n ", streamed file system is stored in the data " abcd " in first application layer message in buffer memory, and a plurality of map sections in stream file are pointed to respectively to the application layer data " ef " of subsequent packet, " gh " and " st ", then detect and judge and in the subsequent packet receiving, whether comprise decollator " n ", streamed file system traverses last decollator of comprising in second application layer message data of application layer " n ", and after decollator " n ", also has message data " st ", now, streamed file system is directly given the detection module of security gateway by " ef " and " gh " whole field data in the data " abcd " in first application layer message in buffer memory and two map sections (be last decollator before whole field data) mode of shining upon by pointer, by detection module, carry out string matching and matching regular expressions detects.Subsequently, streamed file system empties the data " abcd " in first message in buffer memory, and by file synchronization, operate the message data " st " that the security gateway detection module after decollator " n " is not detected and be stored in buffer memory, process with the application of electronic report layer data that the next one writes stream file by streamed file system.

Claims (1)

1. a streamed file system implementation method for application layer security gateway Network Based, is characterized in that: comprise the following steps:
A: when streamed file system detects a newly-built application layer and connects, create a stream file, and application of electronic report layer data is write to stream file by streamed file system;
B: the detection module of security gateway reads the message data of appointment by the fetch interface of stream file, and by string matching and matching regular expressions, message data is detected; Wherein, B step comprises following concrete steps:
Whether B1: streamed file system detects and judges in first message receiving whether comprise complete field, comprise in first message after decollator and decollator without message data, if so, enters step B2; If not, enter step B3;
B2: streamed file system directly shines upon the complete field data of map section mode by pointer is given the detection module of security gateway, then enters step B6;
B3: streamed file system by the data storing in first message in buffer memory, then detect and judge in the subsequent packet receiving, whether to comprise decollator, when streamed file system traverses last decollator in subsequent packet data, if without message data, enter step B4 after decollator; If there is message data after decollator, enter step B5;
B4: streamed file system directly shines upon the data in first message in buffer memory and the complete field data of map section mode by pointer is given the detection module of security gateway, then enters step B6;
B5: streamed file system directly shines upon the whole field data before last decollator in the data in first message in buffer memory and a plurality of map section mode by pointer is given the detection module of security gateway, empty buffer memory, and by file synchronization, operate the message data that the security gateway detection module after decollator is not detected and be stored in buffer memory, then enter step B6;
B6: the detection module of security gateway reads the message data of appointment by the fetch interface of stream file, and by string matching and matching regular expressions, message data is detected, step C then entered;
C: after current detection completes, the detection module of security gateway continues the message data in next stream file to detect.
CN201210259257.XA 2012-07-25 2012-07-25 Method for realizing streaming file system based on security gateway of network application layer CN102821100B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201210259257.XA CN102821100B (en) 2012-07-25 2012-07-25 Method for realizing streaming file system based on security gateway of network application layer

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201210259257.XA CN102821100B (en) 2012-07-25 2012-07-25 Method for realizing streaming file system based on security gateway of network application layer

Publications (2)

Publication Number Publication Date
CN102821100A CN102821100A (en) 2012-12-12
CN102821100B true CN102821100B (en) 2014-10-29

Family

ID=47304957

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201210259257.XA CN102821100B (en) 2012-07-25 2012-07-25 Method for realizing streaming file system based on security gateway of network application layer

Country Status (1)

Country Link
CN (1) CN102821100B (en)

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106161479B (en) * 2016-09-21 2019-06-07 杭州迪普科技股份有限公司 A kind of coding attack detection method and device of the supported feature across packet

Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1349351A (en) * 2000-10-13 2002-05-15 北京算通数字技术研究中心有限公司 Method of generating data stream index file and using said file accessing frame and shearing lens
CN1852245A (en) * 2005-12-15 2006-10-25 华为技术有限公司 Method for detecting superlong signaling message based text code
CN101039225A (en) * 2007-04-04 2007-09-19 北京佳讯飞鸿电气有限责任公司 Method for realizing data safe transmission of distribution cooperating intrusion detection system
CN101068229A (en) * 2007-06-08 2007-11-07 北京工业大学 Content filtering gateway realizing method based on network filter
CN101252444A (en) * 2008-04-03 2008-08-27 华为技术有限公司 Method and apparatus for checking message characteristic
CN101262491A (en) * 2008-04-02 2008-09-10 王京 Application layer network analysis method and system
CN102123076A (en) * 2010-01-08 2011-07-13 丛林网络公司 High availability for network security devices

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US9455892B2 (en) * 2010-10-29 2016-09-27 Symantec Corporation Data loss monitoring of partial data streams

Patent Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1349351A (en) * 2000-10-13 2002-05-15 北京算通数字技术研究中心有限公司 Method of generating data stream index file and using said file accessing frame and shearing lens
CN1852245A (en) * 2005-12-15 2006-10-25 华为技术有限公司 Method for detecting superlong signaling message based text code
CN101039225A (en) * 2007-04-04 2007-09-19 北京佳讯飞鸿电气有限责任公司 Method for realizing data safe transmission of distribution cooperating intrusion detection system
CN101068229A (en) * 2007-06-08 2007-11-07 北京工业大学 Content filtering gateway realizing method based on network filter
CN101262491A (en) * 2008-04-02 2008-09-10 王京 Application layer network analysis method and system
CN101252444A (en) * 2008-04-03 2008-08-27 华为技术有限公司 Method and apparatus for checking message characteristic
CN102123076A (en) * 2010-01-08 2011-07-13 丛林网络公司 High availability for network security devices

Also Published As

Publication number Publication date
CN102821100A (en) 2012-12-12

Similar Documents

Publication Publication Date Title
Chan et al. Rapid emergence and predominance of a broadly recognizing and fast-evolving norovirus GII. 17 variant in late 2014
US10733116B2 (en) System and method for securely connecting to a peripheral device
US10503679B2 (en) NVM express controller for remote access of memory and I/O over Ethernet-type networks
US9178958B2 (en) Distributed storage system
CN104335196B (en) Methods, devices and systems for transmitting data
US9880971B2 (en) Memory appliance for accessing memory
TWI516915B (en) Live error recovery
CN103297330B (en) Neatly terminal logic is integrated into various platform
CN104040516B (en) Method, apparatus and system for data deduplication
CN103621026B (en) The method for interchanging data of virtual machine, device and system
CN105531685B (en) The port general PCI EXPRESS
CN103139072B (en) For the system and method for linear speed application identification integrated in switch ASIC
EP2999276A1 (en) Method and terminal for reporting sensor data
US8612594B1 (en) Systems and methods for preventing data loss from files sent from endpoints
CN102937967B (en) Data redundancy realization method and device
US8933941B2 (en) Method and apparatus for redirection of video data
CN102209103B (en) Multicasting write requests to multiple storage controllers
US9672143B2 (en) Remote memory ring buffers in a cluster of data processing nodes
CN104714905B (en) Method and system for performing failover operations
CN102402487B (en) Zero copy message reception method and system
US9251201B2 (en) Compatibly extending offload token size
EP2774412B1 (en) Packet ordering based on delivery route changes
CN101938260B (en) For limiting the noise elimination filtering that puppet is waken up
CN104115121A (en) System and method for providing a scalable signaling mechanism for virtual machine migration in a middleware machine environment
CN107889529A (en) Share the dynamic data link selection on physical interface

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
COR Change of bibliographic data

Free format text: CORRECT: INVENTOR; FROM: CHEN GUOBIN SONG SUYU YU YING WANG ZHIHUI GUAN YONG ZHAO MANMAN SHI XINGHUA WANG LIJUAN TO: CHEN GUOBIN YU YING WANG ZHIHUI SONG SUYU GUAN YONG ZHAO MANMAN SHI XINGHUA WANG LIJUAN SU YUNLING

C53 Correction of patent for invention or patent application
CB03 Change of inventor or designer information

Inventor after: Chen Guobin

Inventor after: Yu Ying

Inventor after: Wang Zhihui

Inventor after: Song Suyu

Inventor after: Guan Yong

Inventor after: Zhao Manman

Inventor after: Shi Xinghua

Inventor after: Wang Lijuan

Inventor after: Su Yunling

Inventor before: Chen Guobin

Inventor before: Song Suyu

Inventor before: Yu Ying

Inventor before: Wang Zhihui

Inventor before: Guan Yong

Inventor before: Zhao Manman

Inventor before: Shi Xinghua

Inventor before: Wang Lijuan

C14 Grant of patent or utility model
GR01 Patent grant