CN105187436B - A kind of packet filtering mainframe network control method based on hash table - Google Patents
A kind of packet filtering mainframe network control method based on hash table Download PDFInfo
- Publication number
- CN105187436B CN105187436B CN201510621770.2A CN201510621770A CN105187436B CN 105187436 B CN105187436 B CN 105187436B CN 201510621770 A CN201510621770 A CN 201510621770A CN 105187436 B CN105187436 B CN 105187436B
- Authority
- CN
- China
- Prior art keywords
- data packet
- address
- strategy
- hash table
- characteristic information
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
- H04L63/0227—Filtering policies
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
- H04L63/0227—Filtering policies
- H04L63/0263—Rule management
Abstract
The packet filtering mainframe network control method based on hash table that the invention discloses a kind of, wherein include: to be ranked up according to control direction and the grouping of agreement establishment strategy, and to the strategy in strategy grouping;Hash table is established, which includes the characteristic information of data packet;The data packet for intercepting and capturing all outflows and inflow host network card, extracts the characteristic information in data packet;The Hash Value of characteristic information is calculated according to the characteristic information in data packet;It searches and whether there is the Hash Value in hash table, pass through if there is permission time data packet;By the control direction of data packet, destination address or source address are searched in strategy is grouped according to binary chop;If it does, whether comparison characteristic information is all equal one by one, if compared successfully, returns to processing result and this data packet is forbidden to pass through;If comparing failure, this data packet is allowed to pass through;The characteristic information of data packet is inserted into the hash table.
Description
Technical field
The present invention relates to a kind of host security defense technical field, especially a kind of mainframe network control method.
Background technique
Host monitor technology is the basis of host security defense technology, be can be realized to rows such as Host Status, resource access
For monitoring, construct perfect intranet security system.Important component of the network-control as host monitor technology, responsible pair
The network packet of disengaging host is monitored, and prior data bank is blocked to encroach on the attack of Intranet and host.
Packet filtering technology is one kind of mainframe network control technology, is intercepted data packet in position appropriate in a network, root
Selective clearance or blocking are carried out to data packet according to filtering rule.In Intranet, mainframe network control is generally basede on " blacklist ",
It is blocked for meeting the data packet of filtering rule, remainder data packet does clearance processing.
In existing packet filtering technology, data packet need with filtering rule carry out one by one sequence match, until match at
Function carries out data packet blocking or all it fails to match lets pass, and strainability can be with the increase of filtering rule and under linear
Drop.The characteristics of it is necessary to be controlled according to mainframe network, designs a kind of efficient packet filtering control method, realizes data packet and filtering
The Rapid matching of rule improves strainability.
Summary of the invention
The method for the packet filtering mainframe network control based on hash table that the purpose of the present invention is to propose to a kind of, it is existing for solving
Have a problem that packet filtering rules matching efficiency is low in mainframe network control technology, realize in mainframe network control technology data packet with
The Rapid matching of filtering rule.
A kind of packet filtering mainframe network control method based on hash table of the present invention, wherein include: S1, according to controlling party
It is grouped to agreement establishment strategy, and the strategy in strategy grouping is ranked up;Hash table is established, which includes data
The characteristic information of packet;S2, the data packet for intercepting and capturing all outflows and inflow host network card, extract the characteristic information in data packet;S3,
The Hash Value of characteristic information is calculated according to the characteristic information in data packet;S4, it searches with the presence or absence of the Hash Value in hash table, such as
Fruit, which exists, allows time data packet to pass through, and otherwise, enters step S5;S5, the control direction by data packet, according to binary chop
Destination address or source address are searched in strategy is grouped;If it does not, into S6;If it does, comparing characteristic information one by one
It is whether all equal, if compared successfully, returns to processing result and this data packet is forbidden to pass through;If comparing failure, allow
This data packet passes through, and enters S6;S6, the characteristic information of data packet is inserted into the hash table.
An a kind of embodiment of the packet filtering mainframe network control method based on hash table according to the present invention, wherein S1 tool
Body includes: that control direction includes flowing in and out, and the strategy that control direction is outflow is grouped, according to destination address range
Start address size carry out Bit-reversed, if destination address range be it is unlimited, by this start address press minimum treat;For
Control direction is the strategy grouping flowed into, Bit-reversed is carried out according to source address range start address size, if source address model
It encloses to be unlimited, then this start address is pressed into minimum treat.
An a kind of embodiment of the packet filtering mainframe network control method based on hash table according to the present invention, wherein hash
The characteristic information of the data packet of table includes source address, destination address, source port, destination port and agreement, the meter of Hash Value hv
Calculation method includes:
Hv=fhash(buff);
Wherein buff=sip ⊕ dip ⊕ sport ⊕ dport ⊕ proto, length 13bytes, ⊕ represent concatenation
Wherein, sip is source address, dip is purpose address, sport is source port, dport is and proto is the characteristic value of agreement.
An a kind of embodiment of the packet filtering mainframe network control method based on hash table according to the present invention, wherein S5 packet
It includes: judging data pack protocol proto field, the regular array in positioning corresponding data packet control direction and agreement, for controlling party
To the rule for outflow, the start address of the grouping destination address range of five-tuple destination address and strategy is compared, utilizes two points
The start address that the method for lookup finds destination address range in the grouping of strategy is not more than first of five-tuple destination address
Strategy;It is the rule flowed into for control direction, with comparing the beginning of the grouping source address range of five-tuple source address and strategy
The start address of source address range in the grouping of strategy is found no more than five-tuple source address using the method for binary chop in location
First strategy;If it does not, being directly entered S6;And if so, being compared one by one since this strategy to the last item
Whether sip, dip, sport and dport field are all equal in network five-tuple and strategy grouping, if compared successfully,
Returning to processing result forbids this data packet to pass through, and network control processing terminates;If comparing failure, returning the result permission, this is counted
Pass through according to packet, and enters S6.
To sum up, the present invention is the packet filtering mainframe network control method based on hash table, and advantage and effect are: 1) being directed to
The features such as mainframe network access address is limited in scope, concentrates forms network access " white list " using hash sheet form, promotes number
According to packet to by the data packet of rule-based filtering using can be to avoid the repetition for accessing same network address by way of hash search
Filtering promotes response speed;2) filtering rule is grouped and is sorted according to agreement, strategy matching item can be effectively reduced
Number shortens comparison time.
Detailed description of the invention
Fig. 1 show a kind of flow chart of the packet filtering mainframe network control method based on hash table of the present invention.
Specific embodiment
To keep the purpose of the present invention, content and advantage clearer, with reference to the accompanying drawings and examples, to of the invention
Specific embodiment is described in further detail.
A kind of packet filtering mainframe network control method based on hash table of the invention adapts to host and accesses network address model
The characteristics of being with limit, concentrating, is inserted into network packet " white list " matching module before rule match module;Network packet
" white list " is a hash table, and hash object is the five-tuple information of data packet, if network packet is in " white list "
It directly lets pass, no longer progress rule match, subsequent rule match processing, successful match is carried out if not in " white list "
Forbid, matching is unsuccessful, and data packet is added in " white list ".
Fig. 1 show a kind of flow chart of the packet filtering mainframe network control method based on hash table of the present invention, such as Fig. 1 institute
Show, as shown in Figure 1, including 5 stages based on the packet filtering mainframe network control method of hash table, is respectively as follows: initialization rank
Section, Data Packet Seize stage, hash table lookup stage, filter rule match stage, hash table more new stage.
Stage 1: initial phase: this stage mainly completes filtering rule packet sequencing, hash table initial work.Filtering
Regular mainly includes source address range, destination address range, destination port range, destination port range, agreement, six, direction word
Section, filtering rule are grouped according to direction and protocol fields, the regular composition rule array in same control direction and agreement, and
It is ranked up according to network address size;The main size and overflow table length for determining hash table of hash table initialization, overflow table
Using individual event chained list.
Stage 2: the Data Packet Seize stage: this stage mainly completes the intercepting and capturing of network packet and the extraction of characteristic,
Package capture is by intercepting and capturing the data packets of all transmitting-receivings of host in host operating system bottom, and by the source of data packet
5 fields such as location, destination address, source port, destination port, agreement extract, for the number of no source port, destination port
The field is set 0 according to Bao Ze.
Stage 3: the hash table lookup stage: the five-tuple that the stage 2 is extracted carries out first using hash table hash function
Secondary hash operation calculates its hash address in hash table, if the hash address value is sky, enters the stage 4, if dissipated
Column address is not sky, then carries out second of hash operation to five-tuple information, corresponding Hash Value is searched in overflow table, if deposited
Then directly the data packet is being let pass, if there is no then into the stage 4.
Stage 4: the rule match stage: extracting protocol fields in five-tuple, selects corresponding rule chain according to protocol fields
Table is compared, and the rule that first address is greater than address in corresponding five-tuple is searched using binary chop, if result is
Sky then enters the stage 5, otherwise successively matches subsequent rule, compare source address, destination address, source port, destination port
Right, successful match, which then returns, forbids as a result, it fails to match then enters the stage 5.
Stage 5: to the five-tuple for entering the stage 5, the hash table more new stage: is carried out using hash table hash function first
Hash operation calculates its hash address in hash table, if the hash address corresponding position is sky, by the position
It is set to non-empty, and second of hash operation is carried out to five-tuple information, Hash Value is inserted into the corresponding overflow table in the position;
If the hash address corresponding position is non-empty, hash operation directly is carried out to five-tuple information, is finally inserted into Hash Value
Into the corresponding overflow table in the position.
Table 1 is the symbol meaning table of comparisons
Table 1
The hash table and data packet five-tuple information explanation that this method is used:
1. hash table hash function:
fmo(n)=n%N
Wherein n is the integer of input, handles to obtain by transfer function by network five-tuple information in the present invention;N is matter
Number is the size of hash table;
2. five-tuple transfer function:
fxor(sip, dip, sport, dport, proto)=sip^dip^sport^dport^proto
Wherein sip length is 4bytes;Dip length is 4bytes;Sport length is 2bytes;Dport length is
2bytes;Proto length is 1bytes;^, which is represented, presses bit progress exclusive-OR operations, and data length is insufficient, and left side mends 0.
3. overflow table hash function:
fhash(buff)=MD5 (buff)
Wherein buff is that five-tuple splices byte array.It includes: the source address of intercepting and capturing, purpose that five-tuple, which splices byte array,
The data that address dip, source port sport, destination port dport, agreement proto are stitched together.
4. overflow table
See Fig. 1, is filtering process figure of the present invention.
The present invention is divided into initial phase, hash table lookup stage, rule match stage, hash table more new stage.It is in detail
Thin implementation procedure is as follows:
1. initial phase
Initial phase is initially entered when network control module starting, tactful grouping is carried out first and sequence, strategy is pressed
It is grouped according to control direction and agreement, control direction includes outflow and flows into, and agreement generally comprises IP, TCP, UDP, ICMP tetra-
Class agreement.For the strategy grouping that control direction is outflow, inverted order row is carried out according to the start address size of destination address range
Sequence, if destination address range be it is unlimited, by this start address press minimum treat.It is the strategy point flowed into for control direction
Group, according to source address range start address size carry out Bit-reversed, if source address range be it is unlimited, by this start address
By minimum treat.Hash table is ht [N], and wherein N is prime number, indicates the size (element number) of hash table, table element ht [i] class
Type is pointer, is directed toward the first address of overflow table, sets 0 when for sky;Overflow table length is l.Overflow table, for storing five-tuple
Hash Value.
2. the Data Packet Seize stage
The data packet for intercepting and capturing all outflows and inflow host network card, extracts network five-tuple field in data packet, including source
Address sip, destination address dip, source port sport, destination port dport, agreement proto, sip and dip are that length is
4bytes, sport and dport length are 2bytes, and proto length is 1byte.
3. the hash table lookup stage
The five-tuple that the stage 2 is extracted first carries out hash operation and obtains Hash Value n:
N=fxor(sip,dip,sport,dport,proto)
Calculate position p of the five-tuple characteristic information in hash table:
P=fmo(n)
If ht [p]=0 (being initially 0), was directly entered for the 4th stage;Otherwise enter overflow table pointed by ht [p] to look into
It looks for, search procedure are as follows:
First calculate the Hash Value hv of five-tuple:
Hv=fhash(buff)
Wherein buff=sip ⊕ dip ⊕ sport ⊕ dport ⊕ proto, length 13bytes, ⊕ represent concatenation.
Then the node that sequential search element value is hv since overflowing gauge outfit node, and if so, returning the result permission
This data packet passes through, and network-control process terminates;If there is no then into the 4th stage.
4. the rule match stage
First determine whether that data pack protocol proto field, the regular array in positioning corresponding data packet control direction and agreement are right
It is the rule of outflow in control direction, compares the start address of the grouping destination address range of five-tuple destination address and strategy,
It is not more than five-tuple destination address using the start address that the method for binary chop finds destination address range in the grouping of strategy
First strategy;It is the rule flowed into for control direction, compares the grouping source address range of five-tuple source address and strategy
Start address, using binary chop method find strategy grouping in source address range start address be not more than five-tuple
First strategy of source address;If it does not, being directly entered for the 5th stage;And if so, to last since this strategy
One, network five-tuple is compared one by one and whether sip, dip, sport, dport field in strategy grouping are all equal, if than
To success, then returns to processing result and this data packet is forbidden to pass through, network control processing terminates;If comparing failure, knot is returned
Fruit allows this data packet to pass through, and enters for the 5th stage.
5. the hash table more new stage
Newnode element, is set to the hv obtained in the 3rd stage, then basis by overflow table node n ewnode newly-built first
Judge whether ht [p] is sky in the p that the 3rd stage was calculated, if ht [p]=0, ht [p] is set to the ground of newnode
Location;If ht [p] is not sky, newnode is inserted into the tail portion of overflow table pointed by ht [p].
The present invention is the packet filtering mainframe network control method based on hash table, and advantage and effect are: 1) being directed to host
The features such as network access address is limited in scope, concentrates forms network access " white list " using hash sheet form, promotes data packet
To the data packet of rule-based filtering using by way of hash search can to avoid the repetition filtering of access same network address,
Promote response speed;2) filtering rule is grouped and is sorted according to agreement, strategy matching item number can be effectively reduced, shortened
Comparison time.
The above is only a preferred embodiment of the present invention, it is noted that for the ordinary skill people of the art
For member, without departing from the technical principles of the invention, several improvement and deformations can also be made, these improvement and deformations
Also it should be regarded as protection scope of the present invention.
Claims (3)
1. a kind of packet filtering mainframe network control method based on hash table characterized by comprising
Step S1, it is grouped according to control direction and agreement establishment strategy, and the strategy in strategy grouping is ranked up;It establishes and dissipates
List, the hash table include the characteristic information of data packet;
Step S2, the data packet for intercepting and capturing all outflows and inflow host network card, extracts the characteristic information in data packet;
Step S3, the Hash Value of characteristic information is calculated according to the characteristic information in data packet;
Step S4, searching whether there is the Hash Value in hash table, if there is allowing this data packet to pass through, otherwise, into step
Rapid S5;
Step S5, interior with searching destination address or source in strategy grouping according to binary chop by the control direction of data packet
Location;If it does not, entering step S6;If it does, whether comparison characteristic information is all equal one by one, if compared successfully,
Then returning to processing result forbids this data packet to pass through;If comparing failure, this data packet is allowed to pass through, and enter step S6;
Step S6, the characteristic information of data packet is inserted into the hash table;
Step S5 includes: to judge data pack protocol proto field, the regular number in positioning corresponding data packet control direction and agreement
Group is the rule of outflow for control direction, compares the beginning of the grouping destination address range of five-tuple destination address and strategy
Address is not more than five-tuple purpose using the start address that the method for binary chop finds destination address range in the grouping of strategy
First strategy of address;It is the rule flowed into for control direction, compares the grouping source address of five-tuple source address and strategy
The start address of range is not more than five using the start address that the method for binary chop finds source address range in the grouping of strategy
First strategy of tuple source address;If it does not, being directly entered step S6;And if so, to most since this strategy
Latter item compares protocol number proto, source IP address sip, purpose IP address dip, source in network five-tuple and strategy grouping one by one
Whether the field of port numbers sport and destination slogan dport are all equal, if compared successfully, return to processing result
This data packet is forbidden to pass through, network control processing terminates;If comparing failure, returning the result allows this data packet to pass through, and
Enter step S6.
2. the packet filtering mainframe network control method based on hash table as described in claim 1, which is characterized in that step S1 tool
Body includes: that control direction includes flowing in and out, and the strategy that control direction is outflow is grouped, according to destination address range
Start address size carry out Bit-reversed, if destination address range be it is unlimited, by this start address press minimum treat;For
Control direction is the strategy grouping flowed into, Bit-reversed is carried out according to source address range start address size, if source address model
It encloses to be unlimited, then this start address is pressed into minimum treat.
3. the packet filtering mainframe network control method based on hash table as claimed in claim 2, which is characterized in that hash table
The characteristic information of data packet includes: source IP address, purpose IP address, source port number, destination slogan and protocol number, Hash Value
The calculation method of hv includes:
Hv=fhash(buff);
WhereinLength is 13bytes,Represent concatenation, wherein
Sip is source IP address, dip is purpose IP address, sport is source port number, dport is purpose port numbers and proto is association
The protocol number of view.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201510621770.2A CN105187436B (en) | 2015-09-25 | 2015-09-25 | A kind of packet filtering mainframe network control method based on hash table |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201510621770.2A CN105187436B (en) | 2015-09-25 | 2015-09-25 | A kind of packet filtering mainframe network control method based on hash table |
Publications (2)
Publication Number | Publication Date |
---|---|
CN105187436A CN105187436A (en) | 2015-12-23 |
CN105187436B true CN105187436B (en) | 2019-03-08 |
Family
ID=54909280
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201510621770.2A Active CN105187436B (en) | 2015-09-25 | 2015-09-25 | A kind of packet filtering mainframe network control method based on hash table |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN105187436B (en) |
Families Citing this family (8)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN106254395B (en) * | 2016-10-08 | 2019-06-14 | 湖南智卓创新信息产业股份有限公司 | A kind of data filtering method and system |
CN107395655A (en) * | 2017-09-15 | 2017-11-24 | 郑州云海信息技术有限公司 | A kind of system and method that network access is controlled using blacklist |
CN107682365A (en) * | 2017-11-03 | 2018-02-09 | 郑州云海信息技术有限公司 | A kind of cross-platform network access control system and method |
CN110337137B (en) * | 2019-05-22 | 2021-08-13 | 华为技术有限公司 | Data packet filtering method, device and system |
CN110213050B (en) * | 2019-06-04 | 2021-07-30 | 苏州科达科技股份有限公司 | Key generation method, device and storage medium |
CN111106982B (en) * | 2019-12-23 | 2022-03-01 | 杭州迪普科技股份有限公司 | Information filtering method and device, electronic equipment and storage medium |
CN112532598B (en) * | 2020-11-19 | 2021-10-26 | 南京大学 | Filtering method for real-time intrusion detection system |
CN113225308B (en) * | 2021-03-19 | 2022-11-08 | 深圳市网心科技有限公司 | Network access control method, node equipment and server |
Citations (13)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN1545285A (en) * | 2003-11-11 | 2004-11-10 | 中兴通讯股份有限公司 | Method of access control list or security policy database |
CN1571352A (en) * | 2003-07-12 | 2005-01-26 | 华为技术有限公司 | Method for processing five-membered stream group in network equipment |
CN101202652A (en) * | 2006-12-15 | 2008-06-18 | 北京大学 | Device for classifying and recognizing network application flow quantity and method thereof |
CN101369386A (en) * | 2007-08-13 | 2009-02-18 | 姚锡根 | DH hashing method |
CN101707617A (en) * | 2009-12-04 | 2010-05-12 | 福建星网锐捷网络有限公司 | Message filtering method, device and network device |
CN101860531A (en) * | 2010-04-21 | 2010-10-13 | 北京星网锐捷网络技术有限公司 | Filtering rule matching method of data packet and device thereof |
CN103078754A (en) * | 2012-12-29 | 2013-05-01 | 大连环宇移动科技有限公司 | Network data stream statistical method on basis of counting bloom filter |
CN103179039A (en) * | 2012-10-25 | 2013-06-26 | 四川省电力公司信息通信公司 | Method for effectively filtering normal network data package |
CN103428185A (en) * | 2012-05-24 | 2013-12-04 | 百度在线网络技术(北京)有限公司 | Message filtering/speed limit method, system and device |
CN103490937A (en) * | 2013-10-12 | 2014-01-01 | 北京奇虎科技有限公司 | Method and device for filtering monitoring data |
CN103746919A (en) * | 2014-01-14 | 2014-04-23 | 浪潮电子信息产业股份有限公司 | Method for quickly classifying network packets through combining multi-way decision tree and Hash tables |
CN103746920A (en) * | 2014-01-24 | 2014-04-23 | 成都卫士通信息产业股份有限公司 | Method for realizing data transmission based on gatekeeper |
CN103888321A (en) * | 2014-04-14 | 2014-06-25 | 中国人民解放军信息工程大学 | Dataflow detecting method and multi-core processing device |
Family Cites Families (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
EP2337274B1 (en) * | 2009-12-17 | 2014-03-05 | Alcatel Lucent | Method for processing a plurality of data and switching device for switching communication packets |
-
2015
- 2015-09-25 CN CN201510621770.2A patent/CN105187436B/en active Active
Patent Citations (13)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN1571352A (en) * | 2003-07-12 | 2005-01-26 | 华为技术有限公司 | Method for processing five-membered stream group in network equipment |
CN1545285A (en) * | 2003-11-11 | 2004-11-10 | 中兴通讯股份有限公司 | Method of access control list or security policy database |
CN101202652A (en) * | 2006-12-15 | 2008-06-18 | 北京大学 | Device for classifying and recognizing network application flow quantity and method thereof |
CN101369386A (en) * | 2007-08-13 | 2009-02-18 | 姚锡根 | DH hashing method |
CN101707617A (en) * | 2009-12-04 | 2010-05-12 | 福建星网锐捷网络有限公司 | Message filtering method, device and network device |
CN101860531A (en) * | 2010-04-21 | 2010-10-13 | 北京星网锐捷网络技术有限公司 | Filtering rule matching method of data packet and device thereof |
CN103428185A (en) * | 2012-05-24 | 2013-12-04 | 百度在线网络技术(北京)有限公司 | Message filtering/speed limit method, system and device |
CN103179039A (en) * | 2012-10-25 | 2013-06-26 | 四川省电力公司信息通信公司 | Method for effectively filtering normal network data package |
CN103078754A (en) * | 2012-12-29 | 2013-05-01 | 大连环宇移动科技有限公司 | Network data stream statistical method on basis of counting bloom filter |
CN103490937A (en) * | 2013-10-12 | 2014-01-01 | 北京奇虎科技有限公司 | Method and device for filtering monitoring data |
CN103746919A (en) * | 2014-01-14 | 2014-04-23 | 浪潮电子信息产业股份有限公司 | Method for quickly classifying network packets through combining multi-way decision tree and Hash tables |
CN103746920A (en) * | 2014-01-24 | 2014-04-23 | 成都卫士通信息产业股份有限公司 | Method for realizing data transmission based on gatekeeper |
CN103888321A (en) * | 2014-04-14 | 2014-06-25 | 中国人民解放军信息工程大学 | Dataflow detecting method and multi-core processing device |
Non-Patent Citations (1)
Title |
---|
《数据包过滤规则的快速匹配算法和冲突检测》;田大新等;《计算机研究与发展》;20051231;第1128-1134页 |
Also Published As
Publication number | Publication date |
---|---|
CN105187436A (en) | 2015-12-23 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN105187436B (en) | A kind of packet filtering mainframe network control method based on hash table | |
US10476794B2 (en) | Efficient caching of TCAM rules in RAM | |
US10735221B2 (en) | Flexible processor of a port extender device | |
CN104320304B (en) | A kind of core network user flow application recognition methods of the multimode fusion easily extended | |
CN106790170B (en) | Data packet filtering method and device | |
CN103428224B (en) | A kind of method and apparatus of intelligence defending DDoS (Distributed Denial of Service) attacks | |
CN110247930A (en) | A kind of refined net method for recognizing flux based on deep neural network | |
US20160248739A1 (en) | System and method for rule matching in a processor | |
US20150067776A1 (en) | Method and apparatus for compilation of finite automata | |
CN103763198B (en) | A kind of data packet classification method | |
CN106533947B (en) | Message processing method and device | |
CN103312565A (en) | Independent learning based peer-to-peer (P2P) network flow identification method | |
CN103841096A (en) | Intrusion detection method with matching algorithm automatically adjusted | |
Bremler-Barr et al. | CompactDFA: Scalable pattern matching using longest prefix match solutions | |
CN103746869B (en) | With reference to data/mask and the multistage deep packet inspection method of regular expression | |
CN104333483A (en) | Identification method, system and identification device for internet application flow | |
US10237207B2 (en) | Apparatus and method for storing data traffic on flow basis | |
CN103957154B (en) | Network packet url filtering method | |
CN105897609B (en) | A kind of method and apparatus for supervising data stream transmitting | |
EP3264713B1 (en) | Hardware acceleration architecture for signature matching applications for deep packet inspection | |
US11968286B2 (en) | Packet filtering using binary search trees | |
CN103532779B (en) | A kind of method and system of quick positioning shunting device packet loss | |
CN103095718B (en) | Application layer protocol characteristic extracting method based on Hadoop | |
WO2020078390A1 (en) | Method, device, and apparatus for traffic policing, and computer storage medium | |
EP3264716B1 (en) | State transition compression mechanism to efficiently compress dfa based regular expression signatures |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |