CN108900499A - Information processing method and device, storage medium, electronic device - Google Patents

Information processing method and device, storage medium, electronic device Download PDF

Info

Publication number
CN108900499A
CN108900499A CN201810671940.1A CN201810671940A CN108900499A CN 108900499 A CN108900499 A CN 108900499A CN 201810671940 A CN201810671940 A CN 201810671940A CN 108900499 A CN108900499 A CN 108900499A
Authority
CN
China
Prior art keywords
flow table
preposition flow
packet
preposition
numerical information
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201810671940.1A
Other languages
Chinese (zh)
Other versions
CN108900499B (en
Inventor
刘京洋
劳仲康
李文俊
岑锐坚
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Netease Hangzhou Network Co Ltd
Original Assignee
Netease Hangzhou Network Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Netease Hangzhou Network Co Ltd filed Critical Netease Hangzhou Network Co Ltd
Priority to CN201810671940.1A priority Critical patent/CN108900499B/en
Publication of CN108900499A publication Critical patent/CN108900499A/en
Application granted granted Critical
Publication of CN108900499B publication Critical patent/CN108900499B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The present invention provides a kind of information processing method and device, storage medium, electronic devices, wherein this method includes:The numerical information of preposition flow table is set according to syn packet;Whether meet preset condition according to the ack packet that the judgement of the numerical information of preposition flow table receives;When ack packet meets preset rules, syn packet and ack packet are sent to mainstream table.Through the invention, it solves in the related technology when defending syn attack the technical issues of waste Internet resources, improves resource utilization.

Description

Information processing method and device, storage medium, electronic device
Technical field
The present invention relates to the communications fields, in particular to a kind of information processing method and device, storage medium, electronics Device.
Background technique
Flow table is the common basis instrument of high-performance base network system in the related technology, in attacking and defending, load balancing and height There is relatively common application in performance processing.Flow table has a very big problem is how to enter table, makes it possible to malicious stream Carry out a degree of defence.It is to directly receive syn (synchronous) operation to hold that most common way, which is into table, Row enters the operation of table, but when syn attack occurs, flow table will be exploded quickly, to lose the function of flow table, even It will affect normal function.Carrying out a degree of syn attaching filtering before entering table thus is necessary.For Syn attack has many defence algorithms, but the application scenarios of here are not the defence to syn attack, but to flow table A degree of protection.The defence of Syn, which generally has, manslaughters, and requirement here is that can misplace but cannot manslaughter.This is The demand of two scenes, a degree of misplace is acceptable in flow table, and it is a degree of manslaughter syn defence in It is acceptable.The emphasis of the two is different, and the syn of flow table application prevents extremely sensitive to performance, is normally at number According to channel, complicated algorithm cannot be used.It it requires that algorithm is simple and efficient, while reaching certain flow table protective capability.
Flow table in the related technology, which enters table and is substantially, to be received syn and will generate flow table entry, can be used in some realizations Three are packed in table, this just needs a preposition table, and preposition table needs to safeguard the original state of a stream.It is equivalent to linux The difference of the Hash table of kernel shaken hands and the Hash table for the state that has built up.The method of preposition flow table has ratio for flowing tracking Preferable effect, three be packed in table way can the explosion of relatively good processing flow table the problem of, but three are packed in table and still need The problem of handling a traversal flow table, although preposition flow table can be smaller, preposition flow table still will maintain syn shape State, wastes more resource space, and efficiency is lower.
For the above problem present in the relevant technologies, at present it is not yet found that the solution of effect.
Summary of the invention
The embodiment of the invention provides a kind of information processing method and device, storage medium, electronic devices.
According to one embodiment of present invention, a kind of information processing method is provided, including:It is arranged according to syn packet preposition The numerical information of flow table;Whether meet preset condition according to the ack packet that the judgement of the numerical information of the preposition flow table receives;When When the ack packet meets preset rules, the syn packet and ack packet are sent to mainstream table.
According to another embodiment of the invention, a kind of information processing unit is provided, including:Setup module, according to syn The numerical information of preposition flow table is arranged in packet;Judgment module judges the ack packet received according to the numerical information of the preposition flow table Whether preset condition is met;The syn packet and ack packet are sent to by sending module when the ack packet meets preset rules Mainstream table.
According to still another embodiment of the invention, a kind of storage medium is additionally provided, meter is stored in the storage medium Calculation machine program, wherein the computer program is arranged to execute the step in any of the above-described embodiment of the method when operation.
According to still another embodiment of the invention, a kind of electronic device, including memory and processor are additionally provided, it is described Computer program is stored in memory, the processor is arranged to run the computer program to execute any of the above-described Step in embodiment of the method.
Through the invention, the preposition flow table by using Bu Longbiao as mainstream table prevents from leading for filtering syn attack Flow table is quickly exploded under syn attack, and only with extremely low CPU and memory overhead is paid, the flow table syn reached a certain level is attacked The purpose of defence.It solves in the related technology when defending syn attack the technical issues of waste Internet resources, improves resource benefit With rate.
Detailed description of the invention
The drawings described herein are used to provide a further understanding of the present invention, constitutes part of this application, this hair Bright illustrative embodiments and their description are used to explain the present invention, and are not constituted improper limitations of the present invention.In the accompanying drawings:
Fig. 1 is the flow chart of information processing method according to an embodiment of the present invention;
Fig. 2 is the overhaul flow chart of the embodiment of the present invention;
Fig. 3 is the structural block diagram of information processing unit according to an embodiment of the present invention.
Specific embodiment
Hereinafter, the present invention will be described in detail with reference to the accompanying drawings and in combination with Examples.It should be noted that not conflicting In the case of, the features in the embodiments and the embodiments of the present application can be combined with each other.
It should be noted that description and claims of this specification and term " first " in above-mentioned attached drawing, " Two " etc. be to be used to distinguish similar objects, without being used to describe a particular order or precedence order.
Embodiment 1
A kind of method of detection data packet is provided in the present embodiment, and Fig. 1 is at information according to an embodiment of the present invention The flow chart of reason method, as shown in Figure 1, the process includes the following steps:
The numerical information of preposition flow table is arranged according to syn packet by step S102;
Whether step S104 meets preset condition according to the ack packet that the judgement of the numerical information of preposition flow table receives;
Syn packet and ack packet are sent to mainstream table when ack packet meets preset rules by step S106.
Through the above steps, ack packet is filtered by using preposition flow table, for filtering syn attack, prevents mainstream table from existing Syn attacks lower quickly explosion, only uses and pays extremely low CPU and memory overhead, the flow table syn attack defending reached a certain level Purpose.It solves in the related technology when defending syn attack the technical issues of waste Internet resources, improves resource utilization.
When flow table is defendd for simple syn, in the case where reducing security level, table can be entered with double-contracting.If Double-contracting enters table, there is no need to a preposition Hash table, but a preposition Bu Longbiao, the present embodiment is put into preposition flow table can Think Bu Longbiao.Bu Longbiao has high performance boost relative to Hash table.It is packed in that is, double-contracting enters table relative to three Table saves a large amount of memory and cpu resource, it is quick to be especially suitable for performance under conditions of reducing certain security level The flow table environment of sense, such as four-layer load-equalizing project.In the present embodiment, client will send one when tcp shakes hands Syn packet, an ack complete three-way handshake.Double-contracting refers to the syn packet and ack packet sent in three-way handshake by client.Three guarantees Other than syn packet also ack packet, data packet is further comprised, that is, the actual packet for sending data after completing of shaking hands.If number According at third handshake packet (fast-TCP), third handshake packet is also thought to be data packet and three guarantees simultaneously (although actually There are two packets).
Optionally, the executing subject of above-mentioned steps can be the server etc. of network side, but not limited to this.
Optionally, include according to the step of numerical information of the preposition flow table of syn packet setting:When receiving syn packet, according to The first key assignments is arranged in the syn packet determination in the Bu Longbiao.It is corresponding, when not receiving syn packet, in Bu Longbiao not First key assignments can be set, can characterize whether have been received that syn packet by the first key assignments.First key assignments is to pass through calculating What the received signal strength indication RSS that the five-tuple of transmission control protocol TCP message obtains was obtained, wherein five-tuple includes:Source IP Address, source port, purpose IP address, destination port, transport layer protocol.Double-contracting enters the principle of table when syn data packet reaches When, directly Bu Longbiao operation is carried out using RSS (received signal strength) value that network interface card calculates.Bu Longbiao is that a detection is No existing device, unusual memory is compact, and Bu Longbiao is to whether there is with the position in memory come mark one calculated result Device.Fig. 2 is the overhaul flow chart of the embodiment of the present invention.
Optionally, include according to whether the ack packet that the judgement of the numerical information of preposition flow table receives meets preset condition:
S11 receives ack packet, the first cryptographic Hash is calculated according to the ack packet;
S12, according to first cryptographic Hash determine the corresponding position in the Bu Longbiao there are when first key assignments, Determine that the ack packet meets preset condition.The rss value of syn under the same request and the rss value of ack are identical.So logical It is as a result also all identical when crossing identical hash algorithm calculating rss value.Under the premise of this:By the rss to syn packet into Row Hash calculation, it is determined that the X position in Bu Longbiao (bitmap table) is then set as 1 (being normally 0) in the numerical value of X position. When then receiving ack packet, the X position in Bu Longbiao can be also navigated to according to the rss of ack packet, discovery X position has had 1, by This can determine the ack for having been received and matching with syn.The RSS value of the syn packet and ack packet that are calculated by five-tuple is phase With, it with syn packet when entering table, is equivalent to and establishes Bu Longbiao (query criteria), then, then when receiving ack packet, calculate After cryptographic Hash, only need to see whether corresponding position is 1 in corresponding bitmap, can judge whether complete when tabling look-up It shakes hands for 3 times.
Optionally, preposition flow table includes the preposition flow table of the first son and the second preposition flow table of son, wherein the second preposition flow table of son Established in the first preposition flow table of son from after establishing the first preset duration, according to the numerical information of the preposition flow table of syn packet setting it Before, method further includes:When the first preposition flow table of son is deleted from after establishing the second preset duration, wherein the second preset duration is big In the first preset duration;Using the second preposition flow table of son as the first preposition flow table of son, and new preposition flow table is established as second The preposition flow table of son.
In flow table preposition including two sons, include according to the numerical information that preposition flow table is arranged in syn packet:According to syn packet The numerical information of the first preposition flow table of son and the numerical information of the second preposition flow table of son are set.
It is that there is no aging projects, but use the rolling death model of double Bu Longbiao in the design of Bu Longbiao.Often One syn packet can enter simultaneously two Bu Longbiao (the preposition flow table of the i.e. first son and the second preposition flow table of son), work as respectively It is preceding and next.It is directly to delete upper one when aging, reactivates a new Bu Longbiao, it is believed that be one A primary Bu Longbiao and spare Bu Longbiao.Assuming that the time-to-live of a Bu Longbiao is set as 1000 seconds, then working as arrival When 500 seconds, each syn for entering table can enter next Bu Longbiao simultaneously.That is each Bu Longbiao survival period Between the storage of first half time interval be upper half the time stream information, the stream information of lower half the time is both stored in this table, It is stored in the first half period of next table.Refer to when the time-to-live of current Bu Longbiao alreading exceed half, is left The syn packet for entering Bu Longbiao can enter simultaneously next Bu Longbiao (namely simultaneously into two Bu Longbiao).At this point, first is pre- If duration and the second preset duration are respectively set to 500 seconds and 1000 seconds.
The purpose of the present embodiment is further saving CPU and memory overhead to complete the syn forgery source attack on basis.Relatively In the scheme that three are packed in table, the double-contracting of the present embodiment enters the operation that table does not traverse, and saves a large amount of CPU, does not need to store No matter stream mode is all to increase exponentially (more than thirtyfold) on time-to-live or memory requirements.The present embodiment is using double Bu Longbiao rolls dead mode and examines to complete the aging of flow table and enter table, using the high space utilization rate of Bu Longbiao, leads to Cross double Bu Longbiao, and effective solution Bu Longbiao is difficult to the problem of changing, and is satisfied with the needs of load balancing project.
Through the above description of the embodiments, those skilled in the art can be understood that according to above-mentioned implementation The method of example can be realized by means of software and necessary general hardware platform, naturally it is also possible to by hardware, but it is very much In the case of the former be more preferably embodiment.Based on this understanding, technical solution of the present invention is substantially in other words to existing The part that technology contributes can be embodied in the form of software products, which is stored in a storage In medium (such as ROM/RAM, magnetic disk, CD), including some instructions are used so that a terminal device (can be mobile phone, calculate Machine, server or network equipment etc.) method that executes each embodiment of the present invention.
Additionally provide a kind of device of detection data packet in the present embodiment, the device is for realizing above-described embodiment and excellent Embodiment is selected, the descriptions that have already been made will not be repeated.As used below, predetermined function may be implemented in term " module " Software and/or hardware combination.Although device described in following embodiment is preferably realized with software, hardware, Or the realization of the combination of software and hardware is also that may and be contemplated.
Fig. 3 is the structural block diagram of the device of detection data packet according to an embodiment of the present invention, as shown in figure 3, the device packet It includes:
The numerical information of preposition flow table is arranged according to syn packet for setup module 30;
Whether judgment module 32 meets preset condition according to the ack packet that the judgement of the numerical information of preposition flow table receives;
Syn packet and ack packet are sent to mainstream table when ack packet meets preset rules by sending module 34.
Optionally, preposition flow table is Bu Longbiao.
It should be noted that above-mentioned modules can be realized by software or hardware, for the latter, Ke Yitong Following manner realization is crossed, but not limited to this:Above-mentioned module is respectively positioned in same processor;Alternatively, above-mentioned modules are with any Combined form is located in different processors.
Embodiment 2
The embodiments of the present invention also provide a kind of storage medium, computer program is stored in the storage medium, wherein The computer program is arranged to execute the step in any of the above-described embodiment of the method when operation.
Optionally, in the present embodiment, above-mentioned storage medium can be set to store by executing based on following steps Calculation machine program:
The numerical information of preposition flow table is arranged according to syn packet by S1;
Whether S2 meets preset condition according to the ack packet that the judgement of the numerical information of preposition flow table receives;
Syn packet and ack packet are sent to mainstream table when ack packet meets preset rules by S3.
Optionally, in the present embodiment, above-mentioned storage medium can include but is not limited to:USB flash disk, read-only memory (Read- Only Memory, referred to as ROM), it is random access memory (Random Access Memory, referred to as RAM), mobile hard The various media that can store computer program such as disk, magnetic or disk.
The embodiments of the present invention also provide a kind of electronic device, including memory and processor, stored in the memory There is computer program, which is arranged to run computer program to execute the step in any of the above-described embodiment of the method Suddenly.
Optionally, above-mentioned electronic device can also include transmission device and input-output equipment, wherein the transmission device It is connected with above-mentioned processor, which connects with above-mentioned processor.
Optionally, in the present embodiment, above-mentioned processor can be set to execute following steps by computer program:
The numerical information of preposition flow table is arranged according to syn packet by S1;
Whether S2 meets preset condition according to the ack packet that the judgement of the numerical information of preposition flow table receives;
Syn packet and ack packet are sent to mainstream table when ack packet meets preset rules by S3.
Optionally, the specific example in the present embodiment can be with reference to described in above-described embodiment and optional embodiment Example, details are not described herein for the present embodiment.
Obviously, those skilled in the art should be understood that each module of the above invention or each step can be with general Computing device realize that they can be concentrated on a single computing device, or be distributed in multiple computing devices and formed Network on, optionally, they can be realized with the program code that computing device can perform, it is thus possible to which they are stored It is performed by computing device in the storage device, and in some cases, it can be to be different from shown in sequence execution herein Out or description the step of, perhaps they are fabricated to each integrated circuit modules or by them multiple modules or Step is fabricated to single integrated circuit module to realize.In this way, the present invention is not limited to any specific hardware and softwares to combine.
The foregoing is only a preferred embodiment of the present invention, is not intended to restrict the invention, for the skill of this field For art personnel, the invention may be variously modified and varied.It is all within principle of the invention, it is made it is any modification, etc. With replacement, improvement etc., should all be included in the protection scope of the present invention.

Claims (11)

1. a kind of information processing method, which is characterized in that including:
The numerical information of preposition flow table is set according to syn packet;
Whether meet preset condition according to the ack packet that the judgement of the numerical information of the preposition flow table receives;
When the ack packet meets preset rules, the syn packet and ack packet are sent to mainstream table.
2. the method according to claim 1, wherein the preposition flow table is Bu Longbiao.
3. according to the method described in claim 2, it is characterized in that, the numerical information that preposition flow table is arranged according to syn packet Including:
When receiving syn packet, the first key assignments is arranged in the Bu Longbiao according to syn packet determination.
4. according to the method described in claim 3, it is characterized in that, described connect according to the judgement of the numerical information of the preposition flow table Whether the ack packet received meets preset condition:
Ack packet is received, the first cryptographic Hash is calculated according to the ack packet;
Determining the corresponding position in the Bu Longbiao there are when first key assignments according to first cryptographic Hash, determine described in Ack packet meets preset condition.
5. according to the method described in claim 3, it is characterized in that, first key assignments is by calculating transmission control protocol What the received signal strength indication RSS that the five-tuple of TCP message obtains was obtained, wherein the five-tuple includes:Source IP address, source Port, purpose IP address, destination port, transport layer protocol.
6. the method according to claim 1, wherein the preposition flow table includes the preposition flow table of the first son and second The preposition flow table of son, wherein the preposition flow table of second son is built in the preposition flow table of first son from after establishing the first preset duration It is vertical, before according to syn packet, the numerical information of preposition flow table is set, the method also includes:
When the preposition flow table of first son is deleted from after establishing the second preset duration, wherein second preset duration is greater than First preset duration;
Using the preposition flow table of second son as the preposition flow table of first son, and new preposition flow table is established as described second The preposition flow table of son.
7. according to the method described in claim 6, it is characterized in that, the numerical information that preposition flow table is arranged according to syn packet Including:
According to the numerical information of the numerical information of the preposition flow table of syn packet setting first son and the preposition flow table of second son.
8. a kind of device of detection data packet, which is characterized in that including:
The numerical information of preposition flow table is arranged according to syn packet for setup module;
Whether judgment module meets preset condition according to the ack packet that the judgement of the numerical information of the preposition flow table receives;
The syn packet and ack packet are sent to mainstream table when the ack packet meets preset rules by sending module.
9. device according to claim 8, which is characterized in that the preposition flow table is Bu Longbiao.
10. a kind of storage medium, which is characterized in that be stored with computer program in the storage medium, wherein the computer Program is arranged to execute method described in any one of claim 1 to 7 when operation.
11. a kind of electronic device, including memory and processor, which is characterized in that be stored with computer journey in the memory Sequence, the processor are arranged to run the computer program to execute side described in any one of claim 1 to 7 Method.
CN201810671940.1A 2018-06-26 2018-06-26 Information processing method and device, storage medium, and electronic device Active CN108900499B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201810671940.1A CN108900499B (en) 2018-06-26 2018-06-26 Information processing method and device, storage medium, and electronic device

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201810671940.1A CN108900499B (en) 2018-06-26 2018-06-26 Information processing method and device, storage medium, and electronic device

Publications (2)

Publication Number Publication Date
CN108900499A true CN108900499A (en) 2018-11-27
CN108900499B CN108900499B (en) 2021-05-25

Family

ID=64346122

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201810671940.1A Active CN108900499B (en) 2018-06-26 2018-06-26 Information processing method and device, storage medium, and electronic device

Country Status (1)

Country Link
CN (1) CN108900499B (en)

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101902461A (en) * 2010-04-07 2010-12-01 北京星网锐捷网络技术有限公司 Method and device for filtering data stream contents
CN104184749A (en) * 2014-09-15 2014-12-03 上海斐讯数据通信技术有限公司 SDN network access method and system
US9547598B1 (en) * 2013-09-21 2017-01-17 Avego Technologies General Ip (Singapore) Pte. Ltd. Cache prefill of cache memory for rapid start up of computer servers in computer networks

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101902461A (en) * 2010-04-07 2010-12-01 北京星网锐捷网络技术有限公司 Method and device for filtering data stream contents
US9547598B1 (en) * 2013-09-21 2017-01-17 Avego Technologies General Ip (Singapore) Pte. Ltd. Cache prefill of cache memory for rapid start up of computer servers in computer networks
CN104184749A (en) * 2014-09-15 2014-12-03 上海斐讯数据通信技术有限公司 SDN network access method and system

Also Published As

Publication number Publication date
CN108900499B (en) 2021-05-25

Similar Documents

Publication Publication Date Title
US7831822B2 (en) Real-time stateful packet inspection method and apparatus
CN100574323C (en) The dynamic network security device and method of network processing unit
Rahman et al. Block-sdotcloud: Enhancing security of cloud storage through blockchain-based sdn in iot network
CN104333529B (en) The detection method and system of HTTP dos attacks under a kind of cloud computing environment
CN108809749B (en) Performing upper layer inspection of a stream based on a sampling rate
CN106330951B (en) A kind of network protection methods, devices and systems
WO2019237813A1 (en) Method and device for scheduling service resource
CN112804223B (en) Message processing method and device
CN110224969A (en) The processing method and processing device of data
CN108028828A (en) A kind of distributed denial of service ddos attack detection method and relevant device
CN108183884B (en) Network attack determination method and device
CN107797859A (en) A kind of dispatching method of timed task and a kind of dispatch server
CN110177102A (en) Anti-attack method, electronic equipment, system and medium based on fringe node
CN106301992B (en) A kind of attack message detection method and equipment
US20150046507A1 (en) Secure Network Data
CN108900499A (en) Information processing method and device, storage medium, electronic device
Thatha et al. Security and risk analysis in the cloud with software defined networking architecture.
CN115658220A (en) Data processing method, equipment and computer readable storage medium
CN110198298A (en) A kind of information processing method, device and storage medium
CN114745142B (en) Abnormal flow processing method and device, computer equipment and storage medium
CN116743406A (en) Network security early warning method and device, storage medium and computer equipment
Gil MULTOPS: A data structure for denial-of-service attack detection
CN108965261B (en) Information processing method and device, storage medium, and electronic device
CN110162969A (en) A kind of analysis method and device of flow
US20100157806A1 (en) Method for processing data packet load balancing and network equipment thereof

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant