CN107592303B - Method and device for extracting outgoing files in high-speed mirror image network traffic - Google Patents
Method and device for extracting outgoing files in high-speed mirror image network traffic Download PDFInfo
- Publication number
- CN107592303B CN107592303B CN201710751696.5A CN201710751696A CN107592303B CN 107592303 B CN107592303 B CN 107592303B CN 201710751696 A CN201710751696 A CN 201710751696A CN 107592303 B CN107592303 B CN 107592303B
- Authority
- CN
- China
- Prior art keywords
- data
- protocol
- tcp
- document
- message
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Landscapes
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention discloses a method and a device for extracting an outgoing file in high-speed mirror image network flow, wherein the method comprises the following steps: creating a Hash barrel for each monitored TCP data identified by the quadruple; when each TCP data packet arrives, the TCP data is put into a corresponding HASH bucket according to the quadruple mark information; carrying out protocol identification and protocol data analysis on the TCP data put into the corresponding HASH bucket; receiving a message obtained by analyzing protocol data, and extracting document attribute information from the message; and extracting document data according to the document attributes, and storing the extracted document data on an in-memory file system. The scheme of the invention can quickly and effectively extract outgoing documents, can ensure that document data in high-speed flow is processed, and provides conditions for flow audit, virus detection and the like.
Description
Technical Field
The invention relates to the field of data security, in particular to a method and a device for extracting an outgoing file in high-speed mirror image network traffic.
Background
Auditing the port mirror image flow of an outlet switch or a router of an enterprise external network is an effective way for preventing enterprise sensitive data from leaking through the network. How to extract the document in the port mirror image flow and perform deep analysis and accurate content matching on the proposed document are the key to realize flow audit. The port mirror image flow comprises outgoing documents and receiving documents, and only the outgoing documents are the attention points of the data leakage prevention DLP.
The analysis of the port mirror image flow mainly comprises three processes of session restoration, protocol identification and protocol analysis. The session recovery refers to processing network data packets in port mirror flow, and completing main work such as invalid data packet discarding, out-of-order data packet sequencing and the like. The protocol identification refers to attributing the restored network session data to the corresponding application protocol according to the port, the protocol characteristics and the like. The protocol analysis refers to analyzing the identified network session according to protocol rules of RFC, extracting contents transmitted in the session, and extracting contents of a text or an attachment. In practical applications, the mirror traffic in the extranet is mainly HTTP traffic and SMTP traffic.
Prior art documents:
document 1: CN104318162A, source code leakage detection method and device.
In patent document 1, a network data stream is intercepted, a protocol of the data stream is analyzed to obtain a character stream, and whether the character stream includes a source code is determined according to a preset detection character string and/or a syntax analysis library function.
The main purpose of document 1 is to determine whether a character stream contains a source code by means of detecting a character string, and to block the network data stream if the character stream contains a source code. However, the following disadvantages exist in the literature:
(1) it does not address the handling of high speed traffic.
(2) It is mainly to determine whether the character stream contains a specific keyword.
(3) Concurrent protocol parsing is not employed, resulting in slow data processing.
The invention mainly aims to explain how to extract the content of the file from each protocol session data in high-speed flow from the perspective of content recovery. Thereby establishing conditions for subsequent auditing, identification, encryption and other processes.
Disclosure of Invention
In order to solve the technical problem, the invention provides a method for extracting an outgoing file in high-speed mirror image network traffic, which comprises the following steps:
(1) creating a HASH bucket for each monitored TCP data identified by the quadruple;
(2) when each TCP data packet arrives, the TCP data is placed into a corresponding HASH bucket according to the quadruple identification information;
(3) carrying out protocol identification and protocol data analysis on the TCP data put into the corresponding HASH bucket;
(4) receiving a message obtained by analyzing the protocol data, and extracting document attribute information from the message;
(5) extracting document data according to the document attribute information, and storing the extracted document data on an internal memory file system;
and the protocol data analysis adopts a thread pool to realize high-concurrency TCP session data analysis in high-speed mirror network flow.
According to the embodiment of the present invention, it is preferable that before the step (1), the method further comprises the steps of:
on a switch or a router, data traffic of one or more source ports is forwarded to a certain specified port to realize monitoring of network data.
According to the embodiment of the present invention, preferably, the step (2) is further followed by:
at the end of the TCP session, the HASH bucket created for the TCP data is closed.
According to the embodiment of the present invention, preferably, the protocol identification in step (3) includes:
determining the type of the application protocol according to the command word of the application request in the session data and the corresponding response code, wherein the method comprises the following steps: HTTP, SMTP or FTP protocols.
According to the embodiment of the present invention, preferably, the protocol data analysis that uses the thread pool to realize the high-concurrency TCP session data analysis in the high-speed mirror network traffic specifically includes: after each TCP session is finished, a message is sent to the thread pool, and after the message is obtained by the thread pool, a thread is established immediately to process the TCP session.
In order to solve the above technical problem, the present invention provides an apparatus for extracting an outbound document in high-speed mirror network traffic, the apparatus comprising:
the session restoration module is used for creating a HASH bucket for the monitored TCP data of each quadruple identifier, putting the TCP data into the corresponding HASH bucket according to the quadruple identifier information when each TCP data packet arrives, closing the HASH bucket created for the TCP data when the TCP session is ended, and sending a message to the protocol analysis module;
the protocol analysis module is used for carrying out protocol identification and protocol data analysis on the TCP data placed in the corresponding HASH bucket, and sending a message to the document storage module after the protocol data analysis is finished;
the document storage module is used for receiving the message sent by the protocol analysis module, extracting document attribute information from the message, extracting document data according to the document attribute information and storing the extracted document data in the memory file system;
and the protocol data analysis adopts a thread pool to realize high-concurrency TCP session data analysis in high-speed mirror network flow.
According to the embodiment of the present invention, preferably, the forwarding module forwards data traffic of one or more source ports of the switch or the router to a certain specified port to implement snooping on the network.
According to the embodiment of the present invention, preferably, determining the type of the application protocol according to the command word of the application request in the session data and the corresponding response code includes: HTTP, SMTP or FTP protocols.
According to the embodiment of the present invention, preferably, the protocol data analysis that uses the thread pool to realize the high-concurrency TCP session data analysis in the high-speed mirror network traffic specifically includes: after each TCP session is finished, a message is sent to the thread pool, and after the message is obtained by the thread pool, a thread is established immediately to process the TCP session.
To solve the above technical problem, the present invention provides a computer storage medium comprising computer program instructions which, when executed, perform one of the above methods.
The technical scheme of the invention achieves the following technical effects:
the method and the device for extracting the document in the high-speed flow can quickly and effectively extract the outgoing document, ensure that the document data in the high-speed flow is processed, and provide conditions for flow audit, virus detection and the like.
Drawings
FIG. 1 is a system architecture diagram of the present invention
Detailed Description
Port mirroring, on a switch or a router, forwarding data traffic of one or more source ports to a certain designated port to realize monitoring on the network. The mirror image function is used in the enterprise, network data in the enterprise can be well monitored and managed, and when the network fails, the fault can be quickly positioned.
Network protocol-a set of rules, standards, or conventions established for exchanging data over a computer network.
And protocol identification, namely comprehensively judging the application of the network data by combining the characteristics of different application protocols on the basis of analyzing the message header according to the deep packet inspection technology for the network data of the application protocol of the L7 layer.
And (4) protocol analysis, namely extracting information from the network flow data with the determined protocol type according to a protocol format.
Data Loss Prevention (DLP), or Data Leakage Prevention (Data Leakage Prevention), is the name of the enterprise information security and Data protection system that is the mainstream in the information field at present. DLP is classified, graded and controlled on all electronic information and data in an enterprise by a certain data processing and analyzing method and combining with an information security management strategy of the enterprise, so that information assets or key data in the enterprise are prevented from losing, divulging or uncontrolled diffusion.
The method for extracting the files in the high-speed flow, which is provided by the invention, aims at the purposes of enterprise flow audit or safety protection and the like, and solves the technical problem of extracting the files from the high-speed network flow. The method starts from the flow analysis of the high-speed network flow, describes the processes of session reduction, protocol analysis, document analysis and extraction and the like in detail, and forms a solution for extracting the document in the high-speed and high-efficiency network flow.
And session restoration: and assembling the data of a plurality of TCP packets through the quintuple and the timestamp, discarding invalid TCP packets in the assembling process, and adjusting the disorder phenomenon of the TCP packets. The recombined TCP session data can orderly reflect the data transmission condition of the application layer.
Protocol analysis: in a complete session data, the type of the application protocol of the L7 layer, such as HTTP, SMTP or FTP, is determined according to the command word and the corresponding response code of the application request in the session data. And after the protocol type is determined, analyzing the transmission document in the protocol content according to the specific flow of the protocol.
Document storage: the number of documents in the high-speed network flow is huge, the byte capacity is large, and the documents need to be rapidly stored in a memory storage area and then transferred to a hard disk.
< method of processing service >
The invention provides a method for extracting an outgoing file in high-speed mirror image network flow, which comprises the following steps:
(1) for the TCP data identified by each monitored quadruple, a HASH bucket is created according to a quadruple calling system HASH function;
the quadruple refers to: source IP address, destination IP address, source port number, destination port number.
(2) When each TCP data packet arrives, the TCP data is put into a corresponding HASH bucket according to the quadruple mark information;
(3) carrying out protocol identification and protocol data analysis on the TCP data put into the corresponding HASH bucket;
(4) receiving a message obtained by analyzing the protocol data, and extracting document attribute information from the message;
(5) extracting document data according to the document attribute information, and storing the extracted document data on an internal memory file system;
and the protocol data analysis adopts a thread pool to realize high-concurrency TCP session data analysis in high-speed mirror network flow.
The method also comprises the following steps before the step (1):
the monitoring of the network data is realized by forwarding the data traffic of one or more source ports to a certain specified port on a switch or a router.
The step (2) is followed by:
at the end of the TCP session, the HASH bucket created for the TCP data is closed.
The protocol identification in the step (3) comprises:
determining the type of the application protocol according to the command word of the application request in the session data and the corresponding response code, wherein the method comprises the following steps: HTTP, SMTP or FTP protocols.
The protocol data analysis in the step (3) that the thread pool is adopted to realize the analysis of the high concurrent TCP session data in the high-speed mirror network flow specifically comprises the following steps: after each TCP session is finished, a message is sent to the thread pool, and after the message is obtained by the thread pool, a thread is established immediately to process the TCP session.
After said step (5), the document may then be unloaded onto the hard disk.
< business processing System >
As shown in fig. 1, the present invention provides an apparatus for extracting an outgoing file in high-speed mirror network traffic, the apparatus comprising:
the session restoration module calls a system HASH function to create a HASH bucket for the monitored TCP data of each quadruple identifier, the TCP data is placed into the corresponding HASH bucket according to the quadruple identifier information when each TCP data packet arrives, the HASH bucket created for the TCP data is closed when the TCP session is ended, and a message is sent to the protocol analysis module;
and the protocol data analysis adopts a thread pool to realize high-concurrency TCP session data analysis in high-speed mirror network flow.
The quadruple refers to: source IP address, destination IP address, source port number, destination port number.
And the protocol analysis module is used for carrying out protocol identification and protocol data analysis on the TCP data put into the corresponding HASH bucket, and sending a message to the document storage module after the protocol data analysis is finished.
And the document storage module is used for receiving the message sent by the protocol analysis module, extracting document attribute information from the message, extracting document data according to the document attribute information and storing the extracted document data in the memory file system.
The device also includes:
and the forwarding module is used for forwarding the data traffic of one or more source ports of the switch or the router to a certain specified port to realize the monitoring of the network.
The protocol identification comprises:
determining the type of the application protocol according to the command word of the application request in the session data and the corresponding response code, wherein the method comprises the following steps: HTTP, SMTP or FTP protocols.
The protocol data analysis method for realizing high-concurrency TCP session data analysis in high-speed mirror network flow by adopting the thread pool specifically comprises the following steps: after each TCP session is finished, a message is sent to the thread pool, and after the message is obtained by the thread pool, a thread is established immediately to process the TCP session.
Referring to fig. 1, the device for extracting documents in high-speed flow according to the present invention mainly includes the following components:
(1) and a session restoring module. The method comprises the steps of session reorganization, TCP data entering a bucket and TCP data exiting the bucket. The session restore module may call the system HASH function to create a HASH bucket for each quadruple of identified TCP data. Each TCP packet comes in a specific HASH bucket based on the quadruple information. And when the TCP session is ended, closing the HASH bucket and sending a message to the protocol analysis module.
The quadruple refers to: source IP address, destination IP address, source port number, destination port number.
(2) And a protocol analysis module. The protocol analysis module comprises two parts of protocol identification and protocol data analysis. In a complete session data, according to the port number and the command word characteristics of the TCP session, the type of the application protocol at layer L7 of the OSI seven-layer protocol is determined, such as HTTP: 80. SMTP: 25 or FTP:21, etc. After the protocol type is determined, the attachment or the file in the protocol content is analyzed according to the specific flow of the protocol. The content analysis process of the protocol data realizes a large amount of concurrent processing by using the thread pool, for example, after each TCP session is restored, a message is sent to the thread pool, and after the message is obtained by the thread pool, a thread is established immediately to process the TCP session. Because the amount of concurrent TCP session data in the high-speed traffic is large, after the reassembly is completed, more protocol data need to be processed in parallel. And after the protocol analysis is completed, sending a message to the document storage module.
(3) And a document storage module. The file storage module receives the message from the protocol parsing module and then extracts the document attribute information from the message. And finally, extracting the document data according to the document path included in the document attribute, and storing the document data on an internal memory file system. The document may then be unloaded onto the hard disk.
< specific examples >
Detailed description of the preferred embodiment 1
Some enterprises need to audit network data sent out by the enterprises, and the aim is to prevent important files of the enterprises from being sent out to the Internet. The quantity of documents sent out by the enterprise is not large, but the downlink flow of the network port of the enterprise is large.
By using the method for extracting the network flow document, the document sent out by the enterprise staff through the network outlet can be extracted, so that conditions are provided for subsequent content examination.
Specific example 2
And a certain enterprise detects viruses of files flowing into the enterprise from a network port so as to prevent Trojan horse or apt attacks. By using the technical means of the invention, the document can be extracted from the downstream traffic data of the enterprise network. Thereby establishing conditions for the examination of a virus, trojan or apt attack.
The technical scheme of the invention achieves the following technical effects: through concurrent TCP session processing, outgoing documents can be extracted quickly and effectively, document data in high-speed flow can be processed, and conditions are provided for flow audit, virus detection and the like.
The above description is only for the preferred embodiment of the present invention, and is not intended to limit the scope of the present invention. Any modification, equivalent replacement, and improvement made within the spirit and principle of the present invention should be protected within the protection scope of the present invention.
Claims (8)
1. A method for extracting an outgoing file in high-speed mirror image network flow comprises the following steps:
(1) on a switch or a router, forwarding data traffic of one or more source ports to a certain specified port to realize monitoring of network data; creating a HASH bucket for each monitored TCP data identified by the quadruple;
(2) when each TCP data packet arrives, the TCP data is placed into a corresponding HASH bucket according to the quadruple identification information;
(3) carrying out protocol identification and protocol data analysis on the TCP data put into the corresponding HASH bucket;
(4) receiving a message obtained by analyzing the protocol data, and extracting document attribute information from the message;
(5) extracting document data according to the document attribute information, and storing the extracted document data on an internal memory file system;
the protocol data analysis adopts a thread pool to realize high-concurrency TCP session data analysis in high-speed mirror network flow;
the document is then unloaded onto the hard disk.
2. The method of claim 1, further comprising after step (2):
at the end of the TCP session, the HASH bucket created for the TCP data is closed.
3. The method of claim 1, the protocol identification in step (3) comprising:
determining the type of the application protocol according to the command word of the application request in the session data and the corresponding response code, wherein the method comprises the following steps: HTTP, SMTP or FTP protocols.
4. The method of claim 3, the protocol data parsing in step (3) comprising: after the protocol type is determined, analyzing the attachment or the file in the protocol content according to the specific flow of the protocol;
the protocol data analysis method for realizing high-concurrency TCP session data analysis in high-speed mirror network flow by adopting the thread pool specifically comprises the following steps: after each TCP session is finished, a message is sent to the thread pool, and after the message is obtained by the thread pool, a thread is established immediately to process the TCP session.
5. An extraction device for an outgoing file in high-speed mirror image network traffic, comprising:
the session restoration module is used for forwarding the data traffic of one or more source ports to a certain specified port on a switch or a router to realize the monitoring of the network data; creating a HASH bucket for the monitored TCP data identified by each quadruple, putting the TCP data into the corresponding HASH bucket when each TCP data packet arrives according to the quadruple identification information, closing the HASH bucket created for the TCP data when the TCP session is ended, and sending a message to a protocol analysis module;
the protocol analysis module is used for carrying out protocol identification and protocol data analysis on the TCP data placed in the corresponding HASH bucket, and sending a message to the document storage module after the protocol data analysis is finished;
the document storage module is used for receiving the message sent by the protocol analysis module, extracting document attribute information from the message, extracting document data according to the document attribute information and storing the extracted document data in the memory file system;
the protocol data analysis adopts a thread pool to realize high-concurrency TCP session data analysis in high-speed mirror network flow;
the document is then unloaded onto the hard disk.
6. The apparatus of claim 5, the protocol identification comprising:
determining the type of the application protocol according to the command word of the application request in the session data and the corresponding response code, wherein the method comprises the following steps: HTTP, SMTP or FTP protocols.
7. The apparatus according to claim 6, wherein the protocol data parsing for implementing high-concurrency TCP session data parsing in high-speed mirror network traffic using a thread pool specifically comprises: after each TCP session is finished, a message is sent to the thread pool, and after the message is obtained by the thread pool, a thread is established immediately to process the TCP session.
8. A computer storage medium comprising computer program instructions which, when executed, perform the method of any of claims 1-4.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201710751696.5A CN107592303B (en) | 2017-08-28 | 2017-08-28 | Method and device for extracting outgoing files in high-speed mirror image network traffic |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201710751696.5A CN107592303B (en) | 2017-08-28 | 2017-08-28 | Method and device for extracting outgoing files in high-speed mirror image network traffic |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN107592303A CN107592303A (en) | 2018-01-16 |
| CN107592303B true CN107592303B (en) | 2020-01-03 |
Family
ID=61041845
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201710751696.5A Active CN107592303B (en) | 2017-08-28 | 2017-08-28 | Method and device for extracting outgoing files in high-speed mirror image network traffic |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN107592303B (en) |
Families Citing this family (12)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN109639592B (en) * | 2018-12-11 | 2023-01-06 | 武汉奥浦信息技术有限公司 | Rapid data analysis method and device based on ten-gigabit traffic |
| CN110224995A (en) * | 2019-05-17 | 2019-09-10 | 南京聚铭网络科技有限公司 | A kind of high-efficiency multi-function packet depth recognition method |
| CN111988346B (en) * | 2019-05-21 | 2021-10-22 | 新华三信息安全技术有限公司 | Data leakage protection equipment and message processing method |
| CN110311914A (en) * | 2019-07-02 | 2019-10-08 | 北京微步在线科技有限公司 | Pass through the method and device of image network flow extraction document |
| CN111556058B (en) * | 2020-04-29 | 2022-09-09 | 杭州迪普信息技术有限公司 | Session processing method and device |
| CN111884876A (en) * | 2020-07-22 | 2020-11-03 | 杭州安恒信息技术股份有限公司 | Method, device, equipment and medium for detecting protocol type of network protocol |
| CN112039904A (en) * | 2020-09-03 | 2020-12-04 | 福州林科斯拉信息技术有限公司 | Network traffic analysis and file extraction system and method |
| CN112328764A (en) * | 2020-11-05 | 2021-02-05 | 北京微步在线科技有限公司 | File identification method and device and computer readable storage medium |
| CN113268696B (en) * | 2021-06-16 | 2022-09-23 | 广州数智网络科技有限公司 | Method for identifying four-party payment website and analyzing user |
| CN114338436A (en) * | 2021-12-28 | 2022-04-12 | 深信服科技股份有限公司 | Network traffic file identification method and device, electronic equipment and medium |
| CN115348332B (en) * | 2022-07-08 | 2023-08-29 | 宜通世纪科技股份有限公司 | Method for reorganizing HTTP data stream session in signaling analysis scene |
| CN115604207B (en) * | 2022-12-12 | 2023-03-10 | 成都数默科技有限公司 | Session-oriented network flow storage and indexing method |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101127690A (en) * | 2006-08-17 | 2008-02-20 | 王玉鹏 | Identification method for next generation of network service traffic |
| CN101286903A (en) * | 2008-05-06 | 2008-10-15 | 北京锐安科技有限公司 | Method for enhancing integrity of sessions in network audit field |
| CN101431539A (en) * | 2008-12-11 | 2009-05-13 | 华为技术有限公司 | Domain name resolution method, system and apparatus |
| CN103281213A (en) * | 2013-04-18 | 2013-09-04 | 西安交通大学 | Method for extracting, analyzing and searching network flow and content |
| US9571286B2 (en) * | 2014-01-06 | 2017-02-14 | Cloudflare, Inc. | Authenticating the identity of initiators of TCP connections |
-
2017
- 2017-08-28 CN CN201710751696.5A patent/CN107592303B/en active Active
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101127690A (en) * | 2006-08-17 | 2008-02-20 | 王玉鹏 | Identification method for next generation of network service traffic |
| CN101286903A (en) * | 2008-05-06 | 2008-10-15 | 北京锐安科技有限公司 | Method for enhancing integrity of sessions in network audit field |
| CN101431539A (en) * | 2008-12-11 | 2009-05-13 | 华为技术有限公司 | Domain name resolution method, system and apparatus |
| CN103281213A (en) * | 2013-04-18 | 2013-09-04 | 西安交通大学 | Method for extracting, analyzing and searching network flow and content |
| US9571286B2 (en) * | 2014-01-06 | 2017-02-14 | Cloudflare, Inc. | Authenticating the identity of initiators of TCP connections |
Also Published As
| Publication number | Publication date |
|---|---|
| CN107592303A (en) | 2018-01-16 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN107592303B (en) | Method and device for extracting outgoing files in high-speed mirror image network traffic | |
| US9954873B2 (en) | Mobile device-based intrusion prevention system | |
| US7706378B2 (en) | Method and apparatus for processing network packets | |
| US8677473B2 (en) | Network intrusion protection | |
| US8751787B2 (en) | Method and device for integrating multiple threat security services | |
| US20020107953A1 (en) | Method and device for monitoring data traffic and preventing unauthorized access to a network | |
| US20090055930A1 (en) | Content Security by Network Switch | |
| US10505952B2 (en) | Attack detection device, attack detection method, and attack detection program | |
| US20020133586A1 (en) | Method and device for monitoring data traffic and preventing unauthorized access to a network | |
| US9356844B2 (en) | Efficient application recognition in network traffic | |
| US10015205B1 (en) | Techniques for traffic capture and reconstruction | |
| CN110166480B (en) | Data packet analysis method and device | |
| JP7388613B2 (en) | Packet processing method and apparatus, device, and computer readable storage medium | |
| CN110581780B (en) | Automatic identification method for WEB server assets | |
| KR101292873B1 (en) | Network interface card device and method of processing traffic by using the network interface card device | |
| CN105656937B (en) | A kind of anti-method and system that leak of http data based on depth content parsing | |
| RU2358395C2 (en) | Method of reducing transmission time of run file through test point | |
| CN110224932B (en) | Method and system for rapidly forwarding data | |
| JP4391455B2 (en) | Unauthorized access detection system and program for DDoS attack | |
| TWI520548B (en) | Information System and Its Method of Confidential Data Based on Packet Analysis | |
| Tedesco et al. | Data reduction in intrusion alert correlation | |
| CN110311850A (en) | A kind of network-based data processing method and electronic equipment | |
| Gupta et al. | DeeP4R: Deep Packet Inspection in P4 using Packet Recirculation | |
| Cui et al. | A Method for Realizing Covert Communication at Router Driving Layer | |
| WO2022199316A1 (en) | Control method and apparatus, and computing device |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |