CN105187436B - A kind of packet filtering mainframe network control method based on hash table - Google Patents

A kind of packet filtering mainframe network control method based on hash table Download PDF

Info

Publication number
CN105187436B
CN105187436B CN201510621770.2A CN201510621770A CN105187436B CN 105187436 B CN105187436 B CN 105187436B CN 201510621770 A CN201510621770 A CN 201510621770A CN 105187436 B CN105187436 B CN 105187436B
Authority
CN
China
Prior art keywords
data packet
address
strategy
hash table
characteristic information
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201510621770.2A
Other languages
Chinese (zh)
Other versions
CN105187436A (en
Inventor
赵朋川
陈志浩
曾淑娟
孟宪哲
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
706th Institute Of No2 Research Institute Casic
Original Assignee
706th Institute Of No2 Research Institute Casic
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 706th Institute Of No2 Research Institute Casic filed Critical 706th Institute Of No2 Research Institute Casic
Priority to CN201510621770.2A priority Critical patent/CN105187436B/en
Publication of CN105187436A publication Critical patent/CN105187436A/en
Application granted granted Critical
Publication of CN105187436B publication Critical patent/CN105187436B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • H04L63/0227Filtering policies
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • H04L63/0227Filtering policies
    • H04L63/0263Rule management

Abstract

The packet filtering mainframe network control method based on hash table that the invention discloses a kind of, wherein include: to be ranked up according to control direction and the grouping of agreement establishment strategy, and to the strategy in strategy grouping;Hash table is established, which includes the characteristic information of data packet;The data packet for intercepting and capturing all outflows and inflow host network card, extracts the characteristic information in data packet;The Hash Value of characteristic information is calculated according to the characteristic information in data packet;It searches and whether there is the Hash Value in hash table, pass through if there is permission time data packet;By the control direction of data packet, destination address or source address are searched in strategy is grouped according to binary chop;If it does, whether comparison characteristic information is all equal one by one, if compared successfully, returns to processing result and this data packet is forbidden to pass through;If comparing failure, this data packet is allowed to pass through;The characteristic information of data packet is inserted into the hash table.

Description

A kind of packet filtering mainframe network control method based on hash table
Technical field
The present invention relates to a kind of host security defense technical field, especially a kind of mainframe network control method.
Background technique
Host monitor technology is the basis of host security defense technology, be can be realized to rows such as Host Status, resource access For monitoring, construct perfect intranet security system.Important component of the network-control as host monitor technology, responsible pair The network packet of disengaging host is monitored, and prior data bank is blocked to encroach on the attack of Intranet and host.
Packet filtering technology is one kind of mainframe network control technology, is intercepted data packet in position appropriate in a network, root Selective clearance or blocking are carried out to data packet according to filtering rule.In Intranet, mainframe network control is generally basede on " blacklist ", It is blocked for meeting the data packet of filtering rule, remainder data packet does clearance processing.
In existing packet filtering technology, data packet need with filtering rule carry out one by one sequence match, until match at Function carries out data packet blocking or all it fails to match lets pass, and strainability can be with the increase of filtering rule and under linear Drop.The characteristics of it is necessary to be controlled according to mainframe network, designs a kind of efficient packet filtering control method, realizes data packet and filtering The Rapid matching of rule improves strainability.
Summary of the invention
The method for the packet filtering mainframe network control based on hash table that the purpose of the present invention is to propose to a kind of, it is existing for solving Have a problem that packet filtering rules matching efficiency is low in mainframe network control technology, realize in mainframe network control technology data packet with The Rapid matching of filtering rule.
A kind of packet filtering mainframe network control method based on hash table of the present invention, wherein include: S1, according to controlling party It is grouped to agreement establishment strategy, and the strategy in strategy grouping is ranked up;Hash table is established, which includes data The characteristic information of packet;S2, the data packet for intercepting and capturing all outflows and inflow host network card, extract the characteristic information in data packet;S3, The Hash Value of characteristic information is calculated according to the characteristic information in data packet;S4, it searches with the presence or absence of the Hash Value in hash table, such as Fruit, which exists, allows time data packet to pass through, and otherwise, enters step S5;S5, the control direction by data packet, according to binary chop Destination address or source address are searched in strategy is grouped;If it does not, into S6;If it does, comparing characteristic information one by one It is whether all equal, if compared successfully, returns to processing result and this data packet is forbidden to pass through;If comparing failure, allow This data packet passes through, and enters S6;S6, the characteristic information of data packet is inserted into the hash table.
An a kind of embodiment of the packet filtering mainframe network control method based on hash table according to the present invention, wherein S1 tool Body includes: that control direction includes flowing in and out, and the strategy that control direction is outflow is grouped, according to destination address range Start address size carry out Bit-reversed, if destination address range be it is unlimited, by this start address press minimum treat;For Control direction is the strategy grouping flowed into, Bit-reversed is carried out according to source address range start address size, if source address model It encloses to be unlimited, then this start address is pressed into minimum treat.
An a kind of embodiment of the packet filtering mainframe network control method based on hash table according to the present invention, wherein hash The characteristic information of the data packet of table includes source address, destination address, source port, destination port and agreement, the meter of Hash Value hv Calculation method includes:
Hv=fhash(buff);
Wherein buff=sip ⊕ dip ⊕ sport ⊕ dport ⊕ proto, length 13bytes, ⊕ represent concatenation Wherein, sip is source address, dip is purpose address, sport is source port, dport is and proto is the characteristic value of agreement.
An a kind of embodiment of the packet filtering mainframe network control method based on hash table according to the present invention, wherein S5 packet It includes: judging data pack protocol proto field, the regular array in positioning corresponding data packet control direction and agreement, for controlling party To the rule for outflow, the start address of the grouping destination address range of five-tuple destination address and strategy is compared, utilizes two points The start address that the method for lookup finds destination address range in the grouping of strategy is not more than first of five-tuple destination address Strategy;It is the rule flowed into for control direction, with comparing the beginning of the grouping source address range of five-tuple source address and strategy The start address of source address range in the grouping of strategy is found no more than five-tuple source address using the method for binary chop in location First strategy;If it does not, being directly entered S6;And if so, being compared one by one since this strategy to the last item Whether sip, dip, sport and dport field are all equal in network five-tuple and strategy grouping, if compared successfully, Returning to processing result forbids this data packet to pass through, and network control processing terminates;If comparing failure, returning the result permission, this is counted Pass through according to packet, and enters S6.
To sum up, the present invention is the packet filtering mainframe network control method based on hash table, and advantage and effect are: 1) being directed to The features such as mainframe network access address is limited in scope, concentrates forms network access " white list " using hash sheet form, promotes number According to packet to by the data packet of rule-based filtering using can be to avoid the repetition for accessing same network address by way of hash search Filtering promotes response speed;2) filtering rule is grouped and is sorted according to agreement, strategy matching item can be effectively reduced Number shortens comparison time.
Detailed description of the invention
Fig. 1 show a kind of flow chart of the packet filtering mainframe network control method based on hash table of the present invention.
Specific embodiment
To keep the purpose of the present invention, content and advantage clearer, with reference to the accompanying drawings and examples, to of the invention Specific embodiment is described in further detail.
A kind of packet filtering mainframe network control method based on hash table of the invention adapts to host and accesses network address model The characteristics of being with limit, concentrating, is inserted into network packet " white list " matching module before rule match module;Network packet " white list " is a hash table, and hash object is the five-tuple information of data packet, if network packet is in " white list " It directly lets pass, no longer progress rule match, subsequent rule match processing, successful match is carried out if not in " white list " Forbid, matching is unsuccessful, and data packet is added in " white list ".
Fig. 1 show a kind of flow chart of the packet filtering mainframe network control method based on hash table of the present invention, such as Fig. 1 institute Show, as shown in Figure 1, including 5 stages based on the packet filtering mainframe network control method of hash table, is respectively as follows: initialization rank Section, Data Packet Seize stage, hash table lookup stage, filter rule match stage, hash table more new stage.
Stage 1: initial phase: this stage mainly completes filtering rule packet sequencing, hash table initial work.Filtering Regular mainly includes source address range, destination address range, destination port range, destination port range, agreement, six, direction word Section, filtering rule are grouped according to direction and protocol fields, the regular composition rule array in same control direction and agreement, and It is ranked up according to network address size;The main size and overflow table length for determining hash table of hash table initialization, overflow table Using individual event chained list.
Stage 2: the Data Packet Seize stage: this stage mainly completes the intercepting and capturing of network packet and the extraction of characteristic, Package capture is by intercepting and capturing the data packets of all transmitting-receivings of host in host operating system bottom, and by the source of data packet 5 fields such as location, destination address, source port, destination port, agreement extract, for the number of no source port, destination port The field is set 0 according to Bao Ze.
Stage 3: the hash table lookup stage: the five-tuple that the stage 2 is extracted carries out first using hash table hash function Secondary hash operation calculates its hash address in hash table, if the hash address value is sky, enters the stage 4, if dissipated Column address is not sky, then carries out second of hash operation to five-tuple information, corresponding Hash Value is searched in overflow table, if deposited Then directly the data packet is being let pass, if there is no then into the stage 4.
Stage 4: the rule match stage: extracting protocol fields in five-tuple, selects corresponding rule chain according to protocol fields Table is compared, and the rule that first address is greater than address in corresponding five-tuple is searched using binary chop, if result is Sky then enters the stage 5, otherwise successively matches subsequent rule, compare source address, destination address, source port, destination port Right, successful match, which then returns, forbids as a result, it fails to match then enters the stage 5.
Stage 5: to the five-tuple for entering the stage 5, the hash table more new stage: is carried out using hash table hash function first Hash operation calculates its hash address in hash table, if the hash address corresponding position is sky, by the position It is set to non-empty, and second of hash operation is carried out to five-tuple information, Hash Value is inserted into the corresponding overflow table in the position; If the hash address corresponding position is non-empty, hash operation directly is carried out to five-tuple information, is finally inserted into Hash Value Into the corresponding overflow table in the position.
Table 1 is the symbol meaning table of comparisons
Table 1
The hash table and data packet five-tuple information explanation that this method is used:
1. hash table hash function:
fmo(n)=n%N
Wherein n is the integer of input, handles to obtain by transfer function by network five-tuple information in the present invention;N is matter Number is the size of hash table;
2. five-tuple transfer function:
fxor(sip, dip, sport, dport, proto)=sip^dip^sport^dport^proto
Wherein sip length is 4bytes;Dip length is 4bytes;Sport length is 2bytes;Dport length is 2bytes;Proto length is 1bytes;^, which is represented, presses bit progress exclusive-OR operations, and data length is insufficient, and left side mends 0.
3. overflow table hash function:
fhash(buff)=MD5 (buff)
Wherein buff is that five-tuple splices byte array.It includes: the source address of intercepting and capturing, purpose that five-tuple, which splices byte array, The data that address dip, source port sport, destination port dport, agreement proto are stitched together.
4. overflow table
See Fig. 1, is filtering process figure of the present invention.
The present invention is divided into initial phase, hash table lookup stage, rule match stage, hash table more new stage.It is in detail Thin implementation procedure is as follows:
1. initial phase
Initial phase is initially entered when network control module starting, tactful grouping is carried out first and sequence, strategy is pressed It is grouped according to control direction and agreement, control direction includes outflow and flows into, and agreement generally comprises IP, TCP, UDP, ICMP tetra- Class agreement.For the strategy grouping that control direction is outflow, inverted order row is carried out according to the start address size of destination address range Sequence, if destination address range be it is unlimited, by this start address press minimum treat.It is the strategy point flowed into for control direction Group, according to source address range start address size carry out Bit-reversed, if source address range be it is unlimited, by this start address By minimum treat.Hash table is ht [N], and wherein N is prime number, indicates the size (element number) of hash table, table element ht [i] class Type is pointer, is directed toward the first address of overflow table, sets 0 when for sky;Overflow table length is l.Overflow table, for storing five-tuple Hash Value.
2. the Data Packet Seize stage
The data packet for intercepting and capturing all outflows and inflow host network card, extracts network five-tuple field in data packet, including source Address sip, destination address dip, source port sport, destination port dport, agreement proto, sip and dip are that length is 4bytes, sport and dport length are 2bytes, and proto length is 1byte.
3. the hash table lookup stage
The five-tuple that the stage 2 is extracted first carries out hash operation and obtains Hash Value n:
N=fxor(sip,dip,sport,dport,proto)
Calculate position p of the five-tuple characteristic information in hash table:
P=fmo(n)
If ht [p]=0 (being initially 0), was directly entered for the 4th stage;Otherwise enter overflow table pointed by ht [p] to look into It looks for, search procedure are as follows:
First calculate the Hash Value hv of five-tuple:
Hv=fhash(buff)
Wherein buff=sip ⊕ dip ⊕ sport ⊕ dport ⊕ proto, length 13bytes, ⊕ represent concatenation.
Then the node that sequential search element value is hv since overflowing gauge outfit node, and if so, returning the result permission This data packet passes through, and network-control process terminates;If there is no then into the 4th stage.
4. the rule match stage
First determine whether that data pack protocol proto field, the regular array in positioning corresponding data packet control direction and agreement are right It is the rule of outflow in control direction, compares the start address of the grouping destination address range of five-tuple destination address and strategy, It is not more than five-tuple destination address using the start address that the method for binary chop finds destination address range in the grouping of strategy First strategy;It is the rule flowed into for control direction, compares the grouping source address range of five-tuple source address and strategy Start address, using binary chop method find strategy grouping in source address range start address be not more than five-tuple First strategy of source address;If it does not, being directly entered for the 5th stage;And if so, to last since this strategy One, network five-tuple is compared one by one and whether sip, dip, sport, dport field in strategy grouping are all equal, if than To success, then returns to processing result and this data packet is forbidden to pass through, network control processing terminates;If comparing failure, knot is returned Fruit allows this data packet to pass through, and enters for the 5th stage.
5. the hash table more new stage
Newnode element, is set to the hv obtained in the 3rd stage, then basis by overflow table node n ewnode newly-built first Judge whether ht [p] is sky in the p that the 3rd stage was calculated, if ht [p]=0, ht [p] is set to the ground of newnode Location;If ht [p] is not sky, newnode is inserted into the tail portion of overflow table pointed by ht [p].
The present invention is the packet filtering mainframe network control method based on hash table, and advantage and effect are: 1) being directed to host The features such as network access address is limited in scope, concentrates forms network access " white list " using hash sheet form, promotes data packet To the data packet of rule-based filtering using by way of hash search can to avoid the repetition filtering of access same network address, Promote response speed;2) filtering rule is grouped and is sorted according to agreement, strategy matching item number can be effectively reduced, shortened Comparison time.
The above is only a preferred embodiment of the present invention, it is noted that for the ordinary skill people of the art For member, without departing from the technical principles of the invention, several improvement and deformations can also be made, these improvement and deformations Also it should be regarded as protection scope of the present invention.

Claims (3)

1. a kind of packet filtering mainframe network control method based on hash table characterized by comprising
Step S1, it is grouped according to control direction and agreement establishment strategy, and the strategy in strategy grouping is ranked up;It establishes and dissipates List, the hash table include the characteristic information of data packet;
Step S2, the data packet for intercepting and capturing all outflows and inflow host network card, extracts the characteristic information in data packet;
Step S3, the Hash Value of characteristic information is calculated according to the characteristic information in data packet;
Step S4, searching whether there is the Hash Value in hash table, if there is allowing this data packet to pass through, otherwise, into step Rapid S5;
Step S5, interior with searching destination address or source in strategy grouping according to binary chop by the control direction of data packet Location;If it does not, entering step S6;If it does, whether comparison characteristic information is all equal one by one, if compared successfully, Then returning to processing result forbids this data packet to pass through;If comparing failure, this data packet is allowed to pass through, and enter step S6;
Step S6, the characteristic information of data packet is inserted into the hash table;
Step S5 includes: to judge data pack protocol proto field, the regular number in positioning corresponding data packet control direction and agreement Group is the rule of outflow for control direction, compares the beginning of the grouping destination address range of five-tuple destination address and strategy Address is not more than five-tuple purpose using the start address that the method for binary chop finds destination address range in the grouping of strategy First strategy of address;It is the rule flowed into for control direction, compares the grouping source address of five-tuple source address and strategy The start address of range is not more than five using the start address that the method for binary chop finds source address range in the grouping of strategy First strategy of tuple source address;If it does not, being directly entered step S6;And if so, to most since this strategy Latter item compares protocol number proto, source IP address sip, purpose IP address dip, source in network five-tuple and strategy grouping one by one Whether the field of port numbers sport and destination slogan dport are all equal, if compared successfully, return to processing result This data packet is forbidden to pass through, network control processing terminates;If comparing failure, returning the result allows this data packet to pass through, and Enter step S6.
2. the packet filtering mainframe network control method based on hash table as described in claim 1, which is characterized in that step S1 tool Body includes: that control direction includes flowing in and out, and the strategy that control direction is outflow is grouped, according to destination address range Start address size carry out Bit-reversed, if destination address range be it is unlimited, by this start address press minimum treat;For Control direction is the strategy grouping flowed into, Bit-reversed is carried out according to source address range start address size, if source address model It encloses to be unlimited, then this start address is pressed into minimum treat.
3. the packet filtering mainframe network control method based on hash table as claimed in claim 2, which is characterized in that hash table The characteristic information of data packet includes: source IP address, purpose IP address, source port number, destination slogan and protocol number, Hash Value The calculation method of hv includes:
Hv=fhash(buff);
WhereinLength is 13bytes,Represent concatenation, wherein Sip is source IP address, dip is purpose IP address, sport is source port number, dport is purpose port numbers and proto is association The protocol number of view.
CN201510621770.2A 2015-09-25 2015-09-25 A kind of packet filtering mainframe network control method based on hash table Active CN105187436B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201510621770.2A CN105187436B (en) 2015-09-25 2015-09-25 A kind of packet filtering mainframe network control method based on hash table

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201510621770.2A CN105187436B (en) 2015-09-25 2015-09-25 A kind of packet filtering mainframe network control method based on hash table

Publications (2)

Publication Number Publication Date
CN105187436A CN105187436A (en) 2015-12-23
CN105187436B true CN105187436B (en) 2019-03-08

Family

ID=54909280

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201510621770.2A Active CN105187436B (en) 2015-09-25 2015-09-25 A kind of packet filtering mainframe network control method based on hash table

Country Status (1)

Country Link
CN (1) CN105187436B (en)

Families Citing this family (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106254395B (en) * 2016-10-08 2019-06-14 湖南智卓创新信息产业股份有限公司 A kind of data filtering method and system
CN107395655A (en) * 2017-09-15 2017-11-24 郑州云海信息技术有限公司 A kind of system and method that network access is controlled using blacklist
CN107682365A (en) * 2017-11-03 2018-02-09 郑州云海信息技术有限公司 A kind of cross-platform network access control system and method
CN110337137B (en) * 2019-05-22 2021-08-13 华为技术有限公司 Data packet filtering method, device and system
CN110213050B (en) * 2019-06-04 2021-07-30 苏州科达科技股份有限公司 Key generation method, device and storage medium
CN111106982B (en) * 2019-12-23 2022-03-01 杭州迪普科技股份有限公司 Information filtering method and device, electronic equipment and storage medium
CN112532598B (en) * 2020-11-19 2021-10-26 南京大学 Filtering method for real-time intrusion detection system
CN113225308B (en) * 2021-03-19 2022-11-08 深圳市网心科技有限公司 Network access control method, node equipment and server

Citations (13)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1545285A (en) * 2003-11-11 2004-11-10 中兴通讯股份有限公司 Method of access control list or security policy database
CN1571352A (en) * 2003-07-12 2005-01-26 华为技术有限公司 Method for processing five-membered stream group in network equipment
CN101202652A (en) * 2006-12-15 2008-06-18 北京大学 Device for classifying and recognizing network application flow quantity and method thereof
CN101369386A (en) * 2007-08-13 2009-02-18 姚锡根 DH hashing method
CN101707617A (en) * 2009-12-04 2010-05-12 福建星网锐捷网络有限公司 Message filtering method, device and network device
CN101860531A (en) * 2010-04-21 2010-10-13 北京星网锐捷网络技术有限公司 Filtering rule matching method of data packet and device thereof
CN103078754A (en) * 2012-12-29 2013-05-01 大连环宇移动科技有限公司 Network data stream statistical method on basis of counting bloom filter
CN103179039A (en) * 2012-10-25 2013-06-26 四川省电力公司信息通信公司 Method for effectively filtering normal network data package
CN103428185A (en) * 2012-05-24 2013-12-04 百度在线网络技术(北京)有限公司 Message filtering/speed limit method, system and device
CN103490937A (en) * 2013-10-12 2014-01-01 北京奇虎科技有限公司 Method and device for filtering monitoring data
CN103746919A (en) * 2014-01-14 2014-04-23 浪潮电子信息产业股份有限公司 Method for quickly classifying network packets through combining multi-way decision tree and Hash tables
CN103746920A (en) * 2014-01-24 2014-04-23 成都卫士通信息产业股份有限公司 Method for realizing data transmission based on gatekeeper
CN103888321A (en) * 2014-04-14 2014-06-25 中国人民解放军信息工程大学 Dataflow detecting method and multi-core processing device

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP2337274B1 (en) * 2009-12-17 2014-03-05 Alcatel Lucent Method for processing a plurality of data and switching device for switching communication packets

Patent Citations (13)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1571352A (en) * 2003-07-12 2005-01-26 华为技术有限公司 Method for processing five-membered stream group in network equipment
CN1545285A (en) * 2003-11-11 2004-11-10 中兴通讯股份有限公司 Method of access control list or security policy database
CN101202652A (en) * 2006-12-15 2008-06-18 北京大学 Device for classifying and recognizing network application flow quantity and method thereof
CN101369386A (en) * 2007-08-13 2009-02-18 姚锡根 DH hashing method
CN101707617A (en) * 2009-12-04 2010-05-12 福建星网锐捷网络有限公司 Message filtering method, device and network device
CN101860531A (en) * 2010-04-21 2010-10-13 北京星网锐捷网络技术有限公司 Filtering rule matching method of data packet and device thereof
CN103428185A (en) * 2012-05-24 2013-12-04 百度在线网络技术(北京)有限公司 Message filtering/speed limit method, system and device
CN103179039A (en) * 2012-10-25 2013-06-26 四川省电力公司信息通信公司 Method for effectively filtering normal network data package
CN103078754A (en) * 2012-12-29 2013-05-01 大连环宇移动科技有限公司 Network data stream statistical method on basis of counting bloom filter
CN103490937A (en) * 2013-10-12 2014-01-01 北京奇虎科技有限公司 Method and device for filtering monitoring data
CN103746919A (en) * 2014-01-14 2014-04-23 浪潮电子信息产业股份有限公司 Method for quickly classifying network packets through combining multi-way decision tree and Hash tables
CN103746920A (en) * 2014-01-24 2014-04-23 成都卫士通信息产业股份有限公司 Method for realizing data transmission based on gatekeeper
CN103888321A (en) * 2014-04-14 2014-06-25 中国人民解放军信息工程大学 Dataflow detecting method and multi-core processing device

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
《数据包过滤规则的快速匹配算法和冲突检测》;田大新等;《计算机研究与发展》;20051231;第1128-1134页

Also Published As

Publication number Publication date
CN105187436A (en) 2015-12-23

Similar Documents

Publication Publication Date Title
CN105187436B (en) A kind of packet filtering mainframe network control method based on hash table
US10476794B2 (en) Efficient caching of TCAM rules in RAM
US10735221B2 (en) Flexible processor of a port extender device
CN104320304B (en) A kind of core network user flow application recognition methods of the multimode fusion easily extended
CN106790170B (en) Data packet filtering method and device
CN103428224B (en) A kind of method and apparatus of intelligence defending DDoS (Distributed Denial of Service) attacks
CN110247930A (en) A kind of refined net method for recognizing flux based on deep neural network
US20160248739A1 (en) System and method for rule matching in a processor
US20150067776A1 (en) Method and apparatus for compilation of finite automata
CN103763198B (en) A kind of data packet classification method
CN106533947B (en) Message processing method and device
CN103312565A (en) Independent learning based peer-to-peer (P2P) network flow identification method
CN103841096A (en) Intrusion detection method with matching algorithm automatically adjusted
Bremler-Barr et al. CompactDFA: Scalable pattern matching using longest prefix match solutions
CN103746869B (en) With reference to data/mask and the multistage deep packet inspection method of regular expression
CN104333483A (en) Identification method, system and identification device for internet application flow
US10237207B2 (en) Apparatus and method for storing data traffic on flow basis
CN103957154B (en) Network packet url filtering method
CN105897609B (en) A kind of method and apparatus for supervising data stream transmitting
EP3264713B1 (en) Hardware acceleration architecture for signature matching applications for deep packet inspection
US11968286B2 (en) Packet filtering using binary search trees
CN103532779B (en) A kind of method and system of quick positioning shunting device packet loss
CN103095718B (en) Application layer protocol characteristic extracting method based on Hadoop
WO2020078390A1 (en) Method, device, and apparatus for traffic policing, and computer storage medium
EP3264716B1 (en) State transition compression mechanism to efficiently compress dfa based regular expression signatures

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant