CN106131050B - Data packet fast processing system - Google Patents
Data packet fast processing system Download PDFInfo
- Publication number
- CN106131050B CN106131050B CN201610673785.8A CN201610673785A CN106131050B CN 106131050 B CN106131050 B CN 106131050B CN 201610673785 A CN201610673785 A CN 201610673785A CN 106131050 B CN106131050 B CN 106131050B
- Authority
- CN
- China
- Prior art keywords
- signature
- module
- fifo memory
- data packet
- memory buffer
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
- H04L63/1458—Denial of Service
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3247—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
Abstract
A data packet fast processing system comprises two FIFO memory buffers, an inlet FIFO and an outlet FIFO memory buffer, wherein a safety detection system is respectively connected with the inlet FIFO and the outlet FIFO memory buffers; data packets received from the outside are respectively stored in an inlet FIFO memory buffer and an outlet FIFO memory buffer; analyzing and compiling the data packet at the inlet FIFO memory buffer by a safety detection system to perform data packet signature matching detection and make a signature detection decision; the signature detection decision is applied to the packet in the egress FIFO memory buffer to decide whether the packet should be read or deleted. The invention can quickly read the data packet and detect the data packet, thereby preventing the data packet from being paralyzed by malicious attack.
Description
Technical Field
The present invention relates to a packet fast processing system with a fast signature matching scheme, which is suitable for server protection, and in particular, an improved technique that can detect and prevent malicious attacks such as Intrusion Detection System (IDS), intrusion Prevention System (IPS), or denial of service system (DOS) in a network security system.
Background
Many companies and individuals utilize their computers to connect to the internet to share information. In addition, these network users often wish to share information, such as multipurpose websites, between their computers and computers outside of their network via the internet. Information sharing is achieved through a communication session set up between a server computer and a client computer. These physical and logical connections between the computers establish a global computer network, such as the internet.
Unfortunately, a malicious computer user may use an internet connection to disrupt network communications, access confidential data, or delete data. An example of such an attack is a denial of service system (DOS) in which an attacker attempts to deny the victim's computer to certain customers. DOS attacks can be implemented in a variety of ways, including occupying memory and network connections of the server. The services of the server computer may also be compromised by network attacks, both detectable by the IDS or IPS system.
In order to establish a network connection, there must be an exchange process between the client computer and the server. For example, a client computer makes a service request to a server. In response to the request, the server allocates memory space and processing time, sends a response back to the computer, and waits for the client computer to reply. A client computer may send a large number of request services to a server, but never reply to the server. The server then waits for a response that is never received, wasting memory and processing time. During the wait, the server also accepts additional packets, such that the server may run out of memory, processing space, or network connections.
Eventually, the requests are so many that the server will not provide a connection to the legitimate user, and the server's internet communication will be substantially interrupted. This may result in loss of e-mail, internet access, and/or Web server functionality.
Other examples of such attacks include flooding the server with large numbers of packets to consume all CPU power to deny legitimate users access to the network, or by having the server execute large numbers of programs or scripts to consume available memory space.
Among the many types of network attacks, the implementation of an attack using the signature of the packet payload is difficult to detect during packet inspection because there are a large number of packets to be inspected. The present invention is intended to solve the problem of detection and prevention of performance degradation caused by a complex signature matching process that consumes CPU resources.
Disclosure of Invention
The invention aims to solve the technical problem of providing a data packet rapid processing system, which adopts a dual-port memory to respectively carry out data packet detection and data packet reading in two ports, thereby realizing rapid processing of data packets, preventing the data packets from being attacked and breaking down the system.
In order to solve the above technical problem, the technical solution provided by the present invention is a packet fast processing system, which is characterized by comprising two FIFO memory buffers, wherein one of the FIFO memory buffers is an ingress FIFO memory buffer, and the other FIFO memory buffer is an egress FIFO memory buffer; the safety detection system is respectively connected with the inlet FIFO memory buffer and the outlet FIFO memory buffer; data packets received from the outside are respectively stored in the inlet FIFO memory buffer and the outlet FIFO memory buffer; the data packet at the inlet FIFO memory buffer is analyzed and compiled by the security detection system to carry out data packet signature matching detection and make a signature detection decision; when the signature matching result is positive, linking the data packet stored in the outlet FIFO memory buffer with a positive signature detection decision, and reading the data packet stored in the outlet FIFO memory buffer together with the signature detection decision; and when the signature matching result is negative, linking the data packet stored in the outlet FIFO memory buffer with a negative signature detection decision, and deleting and discarding the data packet stored in the outlet FIFO memory buffer.
The safety detection system comprises a data packet analysis module, a signature matching module and a data packet processing decision module; the data packet at the inlet FIFO memory buffer is respectively sent to a data packet analysis module and a signature matching module; analyzing and compiling through a data packet analyzing module, extracting header information, performing byte positioning on a seventh layer load, and sending the header information and load data to a signature matching module for signature matching detection, wherein the detection is performed at a linear speed; and the data packet processing and determining module generates a signature detection decision according to the received signature matching result and the header information and applies the signature detection decision to the data packet stored in the output FIFO memory buffer.
The signature matching module adopts a dual-port memory, performs signature matching detection on the load data stream based on hexadecimal signature information stored in the dual-port memory and the initial position of the compiled load data, and sends a positive signature matching result and header information to the data packet processing decision module to generate a signature detection decision.
The signature matching module comprises a rapid signature scanning module, a scanned data storage module and an accurate pattern matching module; the rapid signature scanning module scans the signature length and the signature pattern of the load data, and stores the relevant load data of the positive loose matching result in the scanning data storage module, and the accurate pattern matching module performs accurate signature matching according to a pattern matching window generated by the rapid signature scanning module and the relevant load data stored in the scanning data storage module and an actual signature information list; and sending the precise signature matching result and the header information to a data packet processing decision module.
The quick signature scanning module comprises a quick signature length scanning module for scanning the signature length, a quick signature mode matching module for scanning the signature mode and a signature window selection module; the signature window selection module generates a pattern matching window according to loose matching results scanned and compared by the fast signature length scanning module and the fast signature pattern matching module, and stores load data streams related to the positive loose matching results in the scanning data storage module.
And the signature length information and the signature mode information of the load data are stored in the dual-port memory, wherein one port is used for comparing with the load data, and the other port is used for updating the real-time signature and capturing the signature which is determined to need to be detected in the load data.
When a packet is received at the network security system, the packet will be stored in both FIFO memories. In this invention, an ingress FIFO memory buffer is used to provide complete packets in order for detection. The egress FIFO memory buffer is used to forward the packet and apply a detection or prevention policy that is assigned to each signature after the signature of the packet payload is detected. Each signature detection policy is applied to the packet as it is read from the egress FIFO memory buffer. Once the whole signature matching process of a certain data packet stored in the outlet FIFO memory buffer is completed and a positive signature matching result is obtained, the data packet stored in the outlet FIFO memory buffer is read out immediately; when a negative signature match is obtained, the packet stored in the egress FIFO memory buffer is discarded. Therefore, the whole system can not be attacked by the maliciously tampered data packet. To keep the speed of incoming and outgoing data the same, a dual port memory is employed to perform fast signature pattern matching.
The module of the present invention receives ingress traffic and parse frames to detect signatures of packet loads and apply attack detection/prevention strategies.
When a complete packet is received and stored in the ingress FIFO memory buffer, the packet is read from the ingress FIFO memory buffer and passed to the packet parsing module and the signature matching module. The packet parsing module parses the packet, identifies the header information of each layer and the boundary of the packet payload and extracts the value of each header. The signature matching module will compare the contents of the packet payload with the stored signature to generate a signature match result for further packet processing. There may be multiple positive preliminary matching results, and then a final signature matching result is obtained by performing accurate signature matching on the positive preliminary signature matching results.
The signature matching module adopts a dual-port memory, one port performs data comparison, and the other port performs signature updating and captures a signature which is identified to be detected in the load data. Line speed scanning can be achieved by a dual port memory.
The data packet rapid scanning system can realize line speed scanning and prevent system paralysis caused by attack of the data packet.
Drawings
Fig. 1 is a schematic block diagram of a flow structure of a packet fast processing system.
FIG. 2 is a block diagram illustrating a flow of a signature matching module architecture.
FIG. 3 is a block diagram illustrating the flow of the fast signature scan module architecture.
Fig. 4 is a schematic diagram of a workflow of the fast signature length scanning module.
Fig. 5 is a schematic diagram of the fast signature pattern matching module.
Detailed Description
For a better understanding of the packet fast processing system of the present invention, a preferred embodiment will now be described in detail with reference to the drawings. The invention relates to a data packet rapid processing system, which comprises two FIFO memories, wherein one FIFO memory is an inlet FIFO memory buffer, and the other FIFO memory buffer is an outlet FIFO memory buffer; the safety detection system is respectively connected with the inlet FIFO memory buffer and the outlet FIFO memory buffer; data packets received from the outside are respectively stored in the inlet FIFO memory buffer and the outlet FIFO memory buffer; the data packet at the inlet FIFO memory buffer is analyzed and compiled by the safety detection system to carry out data packet signature matching detection; when the signature matching result is positive, linking a positive signature detection decision to the data packet stored in the outlet FIFO memory buffer, and reading the data packet stored in the outlet FIFO memory buffer together with the signature detection decision; when the signature match result is negative, the data packet stored in the output FIFO memory buffer is linked to a negative signature detection decision, and the data packet stored in the output FIFO memory buffer is deleted and discarded. The specific description is as follows.
In the present invention, referring to fig. 1, ingress traffic is in layer 2 frame format, typically associated with ethernet frames, and then stored into two first-in/first-out (FIFO) memory buffers, an ingress FIFO memory buffer 100 and an egress FIFO memory buffer 500. When a complete frame is stored in the ingress FIFO memory buffer 100, the processing system reads the incoming packet in the order it was stored in the ingress FIFO memory buffer 100 and the egress FIFO memory buffer 500 and provides the incoming packet to the packet parsing module 200 and the signature matching module 300.
The packet parsing module 200 will extract header information, such as values of the second layer header, the third layer header, and the fourth layer header, and start byte positioning of the layer 7 payload. Layer three and layer four header information may be used as specific detection report information relating to possible signature matches in the payload. As header information is extracted and payload data begins to be identified, the signature matching module 300 will compare the payload information to a list of signatures that the system wants to detect. Thus, in signature matching module 300, the payload data is processed and compared against all signatures stored in the system for detection at line speed.
When the signature matching process is performed at the line speed, the signature matching result is transmitted to the packet processing decision module 400 together with the header information. The packet processing decision module 400 will decide how the detected signature match result will be applied to the packet. This signature policy will be linked to the egress FIFO memory buffer 500 and such a detection policy may be applied in the outgoing packet traffic. When the signature matching result received by the packet processing decision module 400 is positive, a positive signature decision is made and linked to the egress FIFO memory buffer 500, so that the packet stored in the egress FIFO memory buffer 500 is successfully read; if the signature matching result received by the packet processing decision module 400 is negative, that is, if the packet is determined to have been tampered with maliciously or attacked maliciously, a negative signature decision is made and linked to the egress FIFO memory buffer 500, so that the packet stored in the egress FIFO memory buffer 500 is deleted and discarded. Therefore, the possibility of preventing the system from being attacked maliciously by the data packet is realized.
Fig. 2 is a schematic block flow diagram of the signature matching module 300. Signature matching module 300 includes a fast signature scan module 310, a scan data storage module 320, and a precise pattern matching module 330.
The target performance of signature matching is line speed scanning, and in order to realize the line speed scanning, the signature matching module adopts a dual-port memory. The data stream of the packet payload is provided to the fast signature scan module 310 by parsing the start position of the packet payload in the packet payload provided by the compilation based on the packet parsing module 200. At this point in the fast signature scan module 310, the payload data stream will be compared to all signatures stored in the system for signature matching based on the hexadecimal signature information stored in the dual port memory. These signatures stored in the system are compared against the payload data in each incoming packet.
When a positive scan result is identified, a pattern matching window is generated and sent to the exact pattern matching module 330, along with a signal, such that the load data associated with a positive loose match result will be stored in a separate memory space in the scan data storage module 320. The payload data of the loose match result will then be matched against the actual list of signatures stored in the exact pattern matching module 330 in the generated pattern matching window. When a positive signature match is indicated, the signature match and header information are sent to the packet processing decision block 400.
Fig. 3 is a flow diagram of a fast signature scan mode 310. The purpose of the fast signature scan module 310 is to locate possible signatures from the incoming packet payload. To maintain high scanning performance, information representing the length of the signature and the pattern are stored in a dual port memory such that one port is used for comparison with the payload data and the other port is used for real-time signature updating and capturing of the signature in the payload deemed to be detected. Each signature to be detected is compiled into dual port memory so that a portion of the signature and the length of the signature can be scanned at line speed.
As shown in fig. 3, for example, when "http _ method", "http _ met" realizes partial matching, and information "method" of the last three hexadecimal values matches both the signature length and the pseudo-short pattern, the signature "http _ method" (equivalent to "68/74/74/70/5f/6d/65/74/68/6f/64" in hexadecimal numbers) can be broadly defined as a matching signature. These partial matches are done by a fast signature length scan pattern 311 and a fast signature pattern match 312. Based on a positive match result of the synchronization of the incoming payload data stream, e.g., "http _ method", the signature window selection block 313 generates a pattern matching window for the packet payload and also generates a signal to enable the scan data storage block 320 to store the actual data payload information portion for further detailed matching at the exact pattern matching block 330.
Fig. 4 is a schematic diagram of the fast signature length scanning module 311. Length information of a particular signature may be stored at each word bit position of the stored data. For example, as shown in FIG. 4, the length information of the "http _ method" signature (which may be represented by 16-ary "68/74/74/70/5f/6d/65/74/68/6 f/64") may be programmed into a plurality of memories with 8-bit addresses and 32-bit data widths. If the last three characters of a signature are used to indicate the length of the relevant signature, the maximum length of the signature to be detected is 32 characters, and 3 memories with 8-bit addresses and 32-bit data width can be used. For example, the last three characters of the signature "http _ method" are "hod" (which may be expressed as "68/6f/64" in 16). Then the word bit "10" of the three memories at the "x68", "x6f" and "x64" addresses can be programmed to "1" as shown in figure 4. After the signature length is thus programmed, the programmed 32-bit stored data is read out of the memory when a series of data is used as the read address for these memories. When the 3 memories are addressed simultaneously as "x68", "x6f" and "x64" and the information for the word bit "10" of the three memories is "1", then this indicates that there may be a signature with the last three characters being "hod". Data is read every clock cycle to ensure that the signature length scan is performed at line speed.
Fig. 5 is a schematic flow chart of the operation of the fast signature pattern matching pattern 312. In the same manner as the fast signature length scan module 311, the fast signature match module 312 may loosely match "http _ met" from the payload data, using the memory specified by the payload data. Therefore, when the fast signature length scan module 311 and the fast signature pattern match module 312 both delay at the same time with the correct data timing to produce a positive possible signature match result, the generated pattern match window will produce a signal to store part of the payload data for further accurate signature matching.
According to the above, the packet fast processing system of the present invention comprises two FIFO memories, one of which is an ingress FIFO memory buffer and the other is an egress FIFO memory buffer; the data packets received by the safety detection system are respectively stored in the inlet FIFO memory buffer and the outlet FIFO memory buffer; analyzing and compiling the data packet at the inlet FIFO memory buffer to perform data packet signature matching; and when the signature matching result is positive, the data packet stored in the outlet FIFO memory buffer is linked with the signature detection decision, and the data packet of the outlet FIFO memory buffer is read together with the signature detection decision. In this way, data packets that may have been subjected to malicious attacks can be detected or prevented, preventing the entire system from being paralyzed.
The invention uses FPGA technology to realize signature matching application of 10 Gbps. The signature can be actively processed while the forwarding performance of the line speed data packet is ensured.
Claims (6)
1. A data packet fast processing system is characterized by comprising two FIFO memory buffers, wherein one is an inlet FIFO memory buffer, and the other is an outlet FIFO memory buffer; the safety detection system is respectively connected with the inlet FIFO memory buffer and the outlet FIFO memory buffer; data packets received from the outside are respectively stored in the inlet FIFO memory buffer and the outlet FIFO memory buffer; the data packet at the inlet FIFO memory buffer is analyzed and compiled by the security detection system to carry out data packet signature matching detection and make a signature detection decision; when the signature matching result is positive, the data packet stored in the outlet FIFO memory buffer is linked with a positive signature detection decision, and the data packet stored in the outlet FIFO memory buffer is read together with the signature detection decision; and when the signature matching result is negative, linking the data packet stored in the outlet FIFO memory buffer with a negative signature detection decision, and deleting and discarding the data packet stored in the outlet FIFO memory buffer.
2. The system for rapidly processing the data packet according to claim 1, wherein the security detection system comprises a data packet parsing module, a signature matching module and a data packet processing decision module; the data packet at the inlet FIFO memory buffer is respectively sent to a data packet analysis module and a signature matching module; analyzing and compiling through a data packet analyzing module, extracting header information, performing byte positioning on a seventh layer load, and sending the header information and load data to a signature matching module for signature matching detection, wherein the signature matching detection is detected at a linear speed; and the data packet processing decision module generates a signature detection decision according to the received signature matching result and the header information and applies the signature detection decision to the data packet stored in the outlet FIFO memory buffer.
3. The system according to claim 2, wherein the signature matching module employs a dual port memory, performs signature matching detection on the load data stream based on hexadecimal signature information stored in the dual port memory and analyzing the start position of the compiled load data, and sends a positive signature matching result and header information to the packet processing decision module to generate the signature detection decision.
4. The system for rapid processing of data packets according to claim 3, wherein said signature matching module comprises a rapid signature scanning module, a scanned data storage module and a precise pattern matching module; the rapid signature scanning module scans the signature length and the signature mode of the load data and stores the relevant load data of the positive loose matching result in the scanning data storage module, and the accurate pattern matching module performs accurate signature matching according to the pattern matching window generated by the rapid signature scanning module and the relevant load data stored in the scanning data storage module and an actual signature information list; and sending the precise signature matching result and the header information to a packet processing decision module.
5. The system for rapidly processing the data packet according to claim 4, wherein the rapid signature scanning module comprises a rapid signature length scanning module for scanning the signature length, a rapid signature pattern matching module for scanning the signature pattern, and a signature window selection module; the signature window selection module generates a pattern matching window according to loose matching results scanned and compared by the fast signature length scanning module and the fast signature pattern matching module, and stores a load data stream related to a positive loose matching result in the scanning data storage module.
6. The system of claim 5, wherein the signature length information and the signature pattern information of the payload data are stored in the dual port memory, one port is used for comparing with the payload data, and the other port is used for real-time signature updating and capturing the signature deemed to be detected in the payload data.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201610673785.8A CN106131050B (en) | 2016-08-17 | 2016-08-17 | Data packet fast processing system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201610673785.8A CN106131050B (en) | 2016-08-17 | 2016-08-17 | Data packet fast processing system |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN106131050A CN106131050A (en) | 2016-11-16 |
| CN106131050B true CN106131050B (en) | 2022-12-09 |
Family
ID=57258229
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201610673785.8A Active CN106131050B (en) | 2016-08-17 | 2016-08-17 | Data packet fast processing system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN106131050B (en) |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| KR20040085266A (en) * | 2003-03-31 | 2004-10-08 | 엘지엔시스(주) | Network Intrusion Detection System with double buffer and the operating method |
| CN101421991A (en) * | 2004-03-26 | 2009-04-29 | 思科技术公司 | Hardware filtering support for denial-of-service attacks |
| CN101460983A (en) * | 2006-04-17 | 2009-06-17 | 恒接信息科技公司 | Malicious attack detection system and an associated method of use |
| CN103139072A (en) * | 2011-11-30 | 2013-06-05 | 美国博通公司 | System and method for integrating line-rate application recognition in a switch ASIC |
Family Cites Families (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20030229710A1 (en) * | 2002-06-11 | 2003-12-11 | Netrake Corporation | Method for matching complex patterns in IP data streams |
-
2016
- 2016-08-17 CN CN201610673785.8A patent/CN106131050B/en active Active
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| KR20040085266A (en) * | 2003-03-31 | 2004-10-08 | 엘지엔시스(주) | Network Intrusion Detection System with double buffer and the operating method |
| CN101421991A (en) * | 2004-03-26 | 2009-04-29 | 思科技术公司 | Hardware filtering support for denial-of-service attacks |
| CN101460983A (en) * | 2006-04-17 | 2009-06-17 | 恒接信息科技公司 | Malicious attack detection system and an associated method of use |
| CN103139072A (en) * | 2011-11-30 | 2013-06-05 | 美国博通公司 | System and method for integrating line-rate application recognition in a switch ASIC |
Also Published As
| Publication number | Publication date |
|---|---|
| CN106131050A (en) | 2016-11-16 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US7936682B2 (en) | Detecting malicious attacks using network behavior and header analysis | |
| US20180255075A1 (en) | Creating a Multi-Dimensional Host Fingerprint for Optimizing Reputation for IPV6 | |
| KR100862187B1 (en) | A Method and a Device for Network-Based Internet Worm Detection With The Vulnerability Analysis and Attack Modeling | |
| US7873998B1 (en) | Rapidly propagating threat detection | |
| US20090307776A1 (en) | Method and apparatus for providing network security by scanning for viruses | |
| US20070245417A1 (en) | Malicious Attack Detection System and An Associated Method of Use | |
| US20060288418A1 (en) | Computer-implemented method with real-time response mechanism for detecting viruses in data transfer on a stream basis | |
| US20200304521A1 (en) | Bot Characteristic Detection Method and Apparatus | |
| JP2008516306A (en) | Network-based security platform | |
| US9294487B2 (en) | Method and apparatus for providing network security | |
| US10999304B2 (en) | Bind shell attack detection | |
| US8336098B2 (en) | Method and apparatus for classifying harmful packet | |
| Singh et al. | A honeypot system for efficient capture and analysis of network attack traffic | |
| EP4293550A1 (en) | Traffic processing method and protection system | |
| EP3091465B1 (en) | Monitoring device, monitoring method, and monitoring program | |
| Almousa et al. | Identification of ransomware families by analyzing network traffic using machine learning techniques | |
| Shukla et al. | Identification of spoofed emails by applying email forensics and memory forensics | |
| KR20190028597A (en) | Matching method of high speed snort rule and yara rule based on fpga | |
| CN106131050B (en) | Data packet fast processing system | |
| KR20190028596A (en) | Matching device of high speed snort rule and yara rule based on fpga | |
| JP5385867B2 (en) | Data transfer apparatus and access analysis method | |
| Hsu et al. | CTCP: A transparent centralized TCP/IP architecture for network security | |
| US11451584B2 (en) | Detecting a remote exploitation attack | |
| JP7215571B2 (en) | DETECTION DEVICE, DETECTION METHOD AND DETECTION PROGRAM | |
| CN110661766B (en) | System and method for analyzing content of encrypted network traffic |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C41 | Transfer of patent application or patent right or utility model | ||
| TA01 | Transfer of patent application right |
Effective date of registration: 20161109 Address after: Zuchongzhi road Kunshan City 215000 Suzhou City, Jiangsu province No. 1699 Industrial Technology Research Institute apartment 8 1101 Applicant after: Pei Zhiyong Address before: 215000, No. 58 energy road, Yushan Town, Kunshan City, Jiangsu, Suzhou Applicant before: SHENGPULUO NETWORK TECHNOLOGY (SUZHOU) CO.,LTD. |
|
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |