CN109005194B - No-port shadow communication method based on KCP protocol and computer storage medium - Google Patents
No-port shadow communication method based on KCP protocol and computer storage medium Download PDFInfo
- Publication number
- CN109005194B CN109005194B CN201811024376.0A CN201811024376A CN109005194B CN 109005194 B CN109005194 B CN 109005194B CN 201811024376 A CN201811024376 A CN 201811024376A CN 109005194 B CN109005194 B CN 109005194B
- Authority
- CN
- China
- Prior art keywords
- receiving end
- network communication
- random number
- data
- sending end
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/14—Session management
- H04L67/141—Setup of application sessions
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L69/00—Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
- H04L69/08—Protocols for interworking; Protocol conversion
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L69/00—Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
- H04L69/26—Special purpose or proprietary protocols or architectures
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Security & Cryptography (AREA)
- Computing Systems (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention provides a non-port shadow communication method based on a KCP protocol and a computer storage medium, wherein the method comprises the following steps: the receiving end establishes a network communication control link with the sending end in a network card drive packet capturing mode; a network communication data link is established between the receiving end and the transmitting end through the network communication control link; and the receiving end and the transmitting end receive and transmit data messages through the network communication data link based on a KCP protocol. The invention can effectively avoid the problems of poor concealment, easy detection and attack, single data verification and the like caused by monitoring the network communication port.
Description
Technical Field
The invention relates to the technical field of internet communication, in particular to a non-port shadow communication technology based on a KCP (fast reliable protocol) and a computer storage medium.
Background
Nowadays, the internet becomes an essential part of human life, people engage in activities such as entertainment, study, office and the like through the internet, the internet thoroughly changes human life and working modes, and social development is greatly promoted. However, as more and more information is transmitted through the internet, lawless persons acquire the information transmitted on the internet by using the loophole of the internet communication technology, so that personal information and business secrets are leaked, great threats are brought to personal privacy and company property safety, and how to guarantee the safe transmission of the information on the internet becomes a problem which needs to be solved urgently at present.
At present, the SSL/TLS (secure socket layer/transport layer security) protocol is mainly used to ensure the secure transmission of information on the internet, and the SSL/TLS protocol ensures the confidentiality and data integrity of network communication between two communication applications, and is widely applied to the internet, for example, common communication protocols such as HTTPS, SMTPS, and SFTP are implemented based on the SSL/TLS protocol. Although the use of SSL/TLS guarantees the secure transmission of network information to a certain extent, because SSL/TLS is established on TCP (transmission control protocol), the communication data stream has the characteristics of TCP session, so that the concealment of communication session is poor, and the communication session is easy to be attacked and hijacked by lawbreakers; in addition, the communication session network has poor penetrability and is easy to be intercepted or blocked by gateway equipment such as a firewall and the like; the server side monitors that the network port is easy to be illegally detected and suffers from DDOS (distributed denial of service) attack for a long time. Meanwhile, as a data encryption and decryption step is added in the communication session process, the data transmission delay is increased, and the user experience is poor.
Therefore, it is highly desirable for those skilled in the art to develop a network communication method, which can improve the efficiency of network communication while ensuring reliable data transmission.
Therefore, the patent proposes a non-port shadow communication technology based on KCP. The technology uses the shadow system to capture packets at the physical network card to replace the traditional method of monitoring the network port at the TCP/IP protocol stack to acquire network communication data, thereby avoiding the problems of poor concealment, easy detection and attack and the like caused by monitoring the port. Meanwhile, a KCP (fast reliable protocol) is adopted to package and transmit data, and the stability and reliability of communication can be ensured even under the condition of network congestion.
Disclosure of Invention
In view of this, the technical problem to be solved by the present invention is to provide a non-port shadow communication method based on KCP protocol and a computer storage medium, which solve the problems of poor concealment, weak penetrability, easy interception, detection and attack, etc. of the existing network communication.
In order to solve the above technical problem, an embodiment of the present invention provides a non-port shadow communication method based on a KCP protocol, including: the receiving end establishes a network communication control link with the sending end in a network card drive packet capturing mode; a network communication data link is established between the receiving end and the transmitting end through the network communication control link; and the receiving end and the transmitting end receive and transmit data messages through the network communication data link based on a KCP protocol.
Embodiments of the present invention also provide a computer storage medium containing computer-executable instructions that, when processed by a data processing device, cause the data processing device to perform a non-ported shadow communication method based on a KCP protocol.
According to the above embodiments of the present invention, the non-port shadow communication method based on the KCP protocol and the computer storage medium have at least the following advantages: the receiving end adopts the shadow communication technology, does not need to establish a communication monitoring port on any network of the local machine through the shadow communication technology, and the network card of the receiving end works in a flooding mode, directly captures all data packets sent to the local machine by adopting a driving packet capturing mode, so that the communication without the port of the receiving end is realized, and the problems of poor concealment, easy detection and attack, single data verification and the like caused by monitoring the network communication port can be effectively avoided. The communication behavior based on the TCP protocol is converted into a UDP-bearing high-efficiency safe KCP protocol, the penetrability of network communication is enhanced, the probability that network data is intercepted by network equipment such as a firewall is reduced, the transmission rate of data messages is enhanced, the data transmission rate is improved under the condition of ensuring the reliability, and the problem that the transmission speed of a TCP data packet is low under the condition of network congestion is solved. And defining a control link and a data link for multi-link communication management, wherein the control link is used for establishing and negotiating the session information, and the data link is used for transmitting the session data. The receiving end dynamically updates the data link information and enhances the concealment of the transmission session. The method is greatly helpful for constructing a communication system with high safety, strong concealment and stable transmission, and can be widely applied to the network communication fields of shadow communication systems, security agent systems, anonymous transmission networks and the like.
It is to be understood that both the foregoing general description and the following detailed description are exemplary and explanatory only and are not restrictive of the invention, as claimed.
Drawings
The accompanying drawings, which are incorporated in and constitute a part of this specification, illustrate exemplary embodiments of the invention and together with the description, serve to explain the principles of the invention.
Fig. 1 is a flowchart of a first embodiment of a non-port shadow communication method based on a KCP protocol according to an embodiment of the present invention.
Fig. 2 is a flowchart of a second embodiment of a non-port shadow communication method based on a KCP protocol according to a specific embodiment of the present invention.
Fig. 3 is an overall architecture diagram of a receiving end and a transmitting end according to an embodiment of the present invention.
FIG. 4 is a specific architecture diagram of the shadow system of the receiving end in FIG. 3.
Fig. 5A is a timing diagram illustrating establishment of a network communication control link between a receiving end and a transmitting end according to an embodiment of the present invention.
Fig. 5B is a timing diagram illustrating the establishment of a data link for network communication between a receiving end and a transmitting end according to an embodiment of the present invention.
Fig. 5C is a timing diagram of transmitting a data packet between a receiving end and a transmitting end according to an embodiment of the present invention.
Fig. 5D is a timing diagram illustrating a link disconnection between a receiving end and a transmitting end according to an embodiment of the present invention.
Detailed Description
For the purpose of promoting a clear understanding of the objects, aspects and advantages of the embodiments of the invention, reference will now be made to the drawings and detailed description, wherein there are shown in the drawings and described in detail, various modifications of the embodiments described herein, and other embodiments of the invention will be apparent to those skilled in the art.
The exemplary embodiments of the present invention and the description thereof are provided to explain the present invention and not to limit the present invention. Additionally, the same or similar numbered elements/components used in the drawings and the embodiments are used to represent the same or similar parts.
As used herein, the terms "first," "second," …, etc., do not denote any order or sequence, nor are they used to limit the present invention, but rather are used to distinguish one element from another or from another element or operation described in the same technical language.
With respect to directional terminology used herein, for example: up, down, left, right, front or rear, etc., are simply directions with reference to the drawings. Accordingly, the directional terminology used is intended to be illustrative and is not intended to be limiting of the present teachings.
As used herein, the terms "comprising," "including," "having," "containing," and the like are open-ended terms that mean including, but not limited to.
As used herein, "and/or" includes any and all combinations of the described items.
References to "plurality" herein include "two" and "more than two"; reference to "multiple sets" herein includes "two sets" and "more than two sets".
As used herein, the terms "substantially", "about" and the like are used to modify any slight variation in quantity or error that does not alter the nature of the variation. Generally, the range of slight variations or errors modified by such terms may be 20% in some embodiments, 10% in some embodiments, 5% in some embodiments, or other values. It should be understood by those skilled in the art that the aforementioned values can be adjusted according to actual needs, and are not limited thereto.
Fig. 1 is a flowchart of a first embodiment of a non-port shadow communication method based on a KCP protocol according to a specific embodiment of the present invention, where as shown in fig. 1, a network card at a receiving end operates in a flooding mode, the network card at the receiving end captures all data packets arriving at a local network card, so as to establish a network communication control link with a transmitting end, establish a network communication data link through information acquired by the network communication control link, and finally receive and transmit data messages through the established network communication data link based on the KCP protocol.
In the embodiment shown in the figure, the non-port shadow communication method based on the KCP protocol includes:
step 101: the receiving end establishes a network communication control link with the transmitting end in a network card drive packet capturing mode. In the embodiment of the present invention, the receiving end may be a user equipment or a server configured with a network card, and the sending end may be a user equipment or a server. The network card of the receiving end works in a flooding mode, the network card of the receiving end captures all data packets reaching the local network card in the mode, the receiving end uses a multi-core programming technology to bind an Operating System (OS) to a specified core for running, a large page (hugpages) memory technology, an UnlockQueue technology and a DirectIO (direct IO) technology are used, memory access and exchange are reduced, and meanwhile a lock-free circular queue technology of multi-thread operation is adopted to avoid multi-thread competition.
Step 102: and a network communication data link is established between the receiving end and the transmitting end through the network communication control link. In the embodiment of the invention, the receiving end establishes the network communication data link by using the information acquired by the network communication control link. The network communication control link is used for establishing and negotiating the session information, and the network communication data link is used for transmitting the session data message. The receiving end dynamically updates the network communication data link information and enhances the concealment of the transmission of the session data message.
Step 103: and the receiving end and the transmitting end receive and transmit data messages through the network communication data link based on a KCP protocol. In the embodiment of the invention, the behavior based on TCP protocol communication is converted into a connectionless, efficient and safe KCP protocol carried by a UDP protocol, the probability of interception by network equipment such as a firewall is reduced, the transmission rate of data messages is enhanced, and the data transmission rate is improved under the condition of ensuring the reliability.
Referring to fig. 1, a receiving end adopts a shadow communication technology, that is, a communication monitoring port is not established on any network of a local machine, and a network card drive packet capturing mode is adopted to directly capture all data packets sent to a local network card, so that the problems of poor communication concealment, easiness in detection and attack, single data verification and the like caused by the monitoring port can be effectively avoided; the behavior based on TCP protocol communication is converted into a connectionless, efficient and safe KCP protocol carried by a UDP protocol, the probability of interception by network equipment such as a firewall is reduced, the data transmission rate is improved under the condition of ensuring the reliability, and the transmission rate of a data message is not influenced under the condition of network congestion; and the multilink communication management defines a network communication control link and a network communication data link, and the receiving end can dynamically update the network communication data link information to further enhance the concealment of the communication between the receiving end and the transmitting end.
In a specific embodiment of the present invention, step 101 specifically includes: the network card of the receiving end starts a flooding mode, and captures all data packets on the network in a network card drive packet capturing mode; the sending end sends a first random number and one or more first encryption modes to the receiving end, wherein the first encryption mode can be a symmetric encryption mode or an asymmetric encryption mode, and the receiving end transmits the first random number and the one or more first encryption modes to the sending end through a traditional protocol stack (such as a TCP/IP protocol); the receiving end utilizes a BPF (Berkeley packet filter) and an efficient feature matching algorithm to screen out the first random number and the first encryption mode from all data packets, and replies a second random number, a public key and a second encryption mode to the transmitting end, wherein the second encryption mode is one of the first encryption modes, the efficient feature matching algorithm can be a Horspool algorithm, a Sunday algorithm and the like, the receiving end transmits the second random number, the public key and the second encryption mode to the transmitting end through a traditional protocol stack (such as a TCP/IP protocol), the network card captures all data packets sent to the local, a large amount of redundant data are included in the data packets, and the BPF and the efficient feature matching algorithm are utilized to clear the redundant data packets; the sending end encrypts a third random number by using the public key and the second encryption mode and sends the encrypted third random number to the receiving end; the receiving end utilizes BPF and efficient feature matching algorithm to screen out the encrypted third random number from all data packets, utilizes the public key to decrypt the encrypted third random number to obtain the third random number, utilizes the first random number, the second random number and the third random number to generate a first session key, and then returns the first session key and data link information to the transmitting end, and the receiving end transmits the first session key and data link information to the transmitting end through a traditional protocol stack (such as TCP/IP protocol); and the sending end establishes the network communication control link with the receiving end according to the first session key and the data link information. In order to prevent lawless persons from forging, modifying or replaying data, the encrypted third random number also needs to be checked, and the security of the data is further ensured, after the receiving end screens out the encrypted third random number from all data packets by using a BPF (binary pattern filter) and an efficient feature matching algorithm, the encrypted third random number can also be checked by using a timestamp, the first random number, the second random number and a digital signature.
In another embodiment of the present invention, step 102 specifically includes: the sending end sends a fourth random number and one or more first encryption modes to the receiving end based on the network communication control link; the receiving end utilizes a BPF and an efficient feature matching algorithm to screen out the fourth random number and the first encryption mode from all data packets, and replies a fifth random number, the public key and a third encryption mode to the sending end, wherein the third encryption mode is one of the first encryption modes, the third encryption mode can be the same as the second encryption mode or different from the second encryption mode, and the receiving end transmits the fifth random number, the public key and the third encryption mode to the sending end through a traditional protocol stack (for example, a TCP/IP protocol); the sending end encrypts a sixth random number by using the public key and the third encryption mode and sends the encrypted sixth random number to the receiving end; the receiving end utilizes a BPF and an efficient feature matching algorithm to screen out the encrypted sixth random number from all data packets, utilizes the public key to decrypt the encrypted sixth random number to obtain the sixth random number, utilizes the fourth random number, the fifth random number and the sixth random number to generate a second session key, and then returns the second session key to the transmitting end, and the receiving end transmits the second session key to the transmitting end through a traditional protocol stack (such as a TCP/IP protocol); and the sending end establishes the network communication data link with the receiving end according to the second session key.
In another embodiment of the present invention, step 103 specifically includes: the sending end sends a first data message to the receiving end at a first rate through the network communication control link by using a sliding window mechanism of a KCP protocol, and starts timing; the receiving end utilizes a BPF and an efficient feature matching algorithm to screen the first data message from all data packets and replies first response information to the sending end, and the receiving end transmits the first response information to the sending end through a traditional protocol stack (such as a TCP/IP protocol); the sending end receives the first response information within the preset time, and the transmission of the first data message is finished, wherein the sending end continues to send one or more second data messages to the receiving end at a second speed within the preset time, the second speed is less than the first speed, the second data message is not transmitted after the first data message is normally received by the receiving end, but the second data message is transmitted while waiting, so that the data message transmission speed is further improved, the data message sending speed is prevented from exceeding the processing capacity of the receiving end, and the transmission speed of the second data message is less than that of the first data message, so that the communication stability is ensured; and the sending end does not receive the response information within preset time, and resends the first data message until the first response information is received, and a retransmission mechanism ensures the reliability of communication. In order to prevent lawless persons from forging, modifying or replaying data, the first data message also needs to be verified, and the security of the data is further ensured, after the receiving end screens the first data message from all data packets by using a BPF and an efficient feature matching algorithm, the first data message can also be verified by using a timestamp, the second session key and a digital signature.
Fig. 2 is a flowchart of a second embodiment of a non-port shadow communication method based on a KCP protocol according to a specific embodiment of the present invention, and as shown in fig. 2, after completing data packet transceiving between a receiving end and a transmitting end, the transmitting end sequentially initiates an operation of disconnecting a network communication data link and a network communication control link.
In the embodiment shown in the figure, after step 103, the method further comprises:
step 104: and the sending end sequentially initiates the operation of disconnecting the network communication data link and the network communication control link. In the embodiment of the present invention, step 104 specifically includes: the sending end sends first notification information for disconnecting the network communication data link to the receiving end through the network communication data link, and starts timing; the receiving end utilizes a BPF and an efficient feature matching algorithm to screen out the first notification information from all data packets, adopts a timestamp, the second session key and a digital signature to check the first notification information, then replies first disconnection information to the sending end, and transmits the first disconnection information to the sending end through a traditional protocol stack (such as a TCP/IP protocol); after the sending end receives the first disconnection information in preset time, the network communication data link is disconnected; the sending end does not receive the first disconnection information within preset time, and resends the first notification information until the first disconnection information is received, so that the communication stability is ensured; the sending end sends second notification information for disconnecting the network communication control link to the receiving end through the network communication control link, and starts timing; the receiving end utilizes a BPF and an efficient feature matching algorithm to screen out the second notification information from all data packets, adopts a timestamp, the first session key and a digital signature to check the second notification information, then replies second disconnection information to the sending end, and transmits the second disconnection information to the sending end through a traditional protocol stack (such as a TCP/IP protocol); after the sending end receives the second disconnection information in preset time, the network communication control link is disconnected; and the sending end does not receive the second disconnection information within preset time, forcibly disconnects the network communication control link and prevents useless links from occupying communication resources. And multilink communication management, which respectively defines a network communication control link and a network communication data link. The network communication control link is used for establishing and negotiating the session information, the network communication data link is used for transmitting the session data message, and the receiving end can dynamically update the network communication data link information, so that the communication concealment is further enhanced.
Embodiments of the present invention also provide a computer storage medium containing computer-executable instructions that, when processed by a data processing device, cause the data processing device to perform a non-ported shadow communication method based on a KCP protocol. The method comprises the following steps:
step 101: the receiving end establishes a network communication control link with the transmitting end in a network card drive packet capturing mode.
Step 102: and a network communication data link is established between the receiving end and the transmitting end through the network communication control link.
Step 103: and the receiving end and the transmitting end receive and transmit data messages through the network communication data link based on a KCP protocol.
Embodiments of the present invention also provide a computer storage medium containing computer-executable instructions that, when processed by a data processing device, cause the data processing device to perform a non-ported shadow communication method based on a KCP protocol. The method comprises the following steps:
step 101: the receiving end establishes a network communication control link with the transmitting end in a network card drive packet capturing mode.
Step 102: and a network communication data link is established between the receiving end and the transmitting end through the network communication control link.
Step 103: and the receiving end and the transmitting end receive and transmit data messages through the network communication data link based on a KCP protocol.
Step 104: and the sending end sequentially initiates the operation of disconnecting the network communication data link and the network communication control link.
Fig. 3 is an overall architecture diagram formed by a receiving end and a sending end according to a specific embodiment of the present invention, and fig. 4 is a specific architecture diagram of a shadow system of the receiving end in fig. 3, as shown in fig. 3 and fig. 4, application layers of the receiving end and the sending end provide a call interface for data display, storage, or calculation programs before and after encryption and decryption. The encryption and decryption layers of the receiving end and the sending end carry out encryption and decryption operations on the data message through a specified encryption mode and a key, so that the safety of the data message in the transmission process is ensured; the encryption mode and the key are negotiated by two communication parties when the communication session is established, and the common symmetric encryption mode and asymmetric encryption mode are supported. The KCP layers of the receiving end and the transmitting end convert the communication data based on the TCP protocol into communication data based on the UDP protocol, package and transmit the data according to the KCP protocol, use the KCP protocol to carry out communication management, and ensure the rapidity and reliability of data message transmission through a retransmission mechanism and a sliding window mechanism. The shadow system of the receiving end does not use the traditional TCP/IP protocol stack, the memory copy and system interrupt times are reduced through a large-page memory technology, a non-lock loop technology and a DirectIO (direct IO) technology, the data message transmission efficiency can be improved, meanwhile, due to the fact that a driving layer (kernel layer) supports BPF and an efficient characteristic matching algorithm, an expected data packet can be matched quickly, an illegal data packet is discarded, and the attack behavior caused by the performance bottleneck of network hardware is avoided. As shown in fig. 4, the packet capturing driver uses a kernel layer driver to capture packets, supports a common Intel network card type, abandons a Linux kernel protocol stack, and transmits data packets to a user customized protocol stack; binding an OS (operating system) to a specified core run using multi-core programming techniques; large-page memory management is used, so that memory access and exchange are reduced; thread contention is avoided using lock-free circular queue techniques for multi-threaded operations. The data preprocessing comprises the following steps: the data captured by the driver are all data packets arriving at the local network card, and a plurality of redundant data are included, so that the data need to be preprocessed, the redundant data are cleared, the shadow communication data packet is taken out, and the conventional BPF rule and the space-time efficient data packet matching algorithm are supported. The data verification comprises the following steps: the shadow communication data packet is screened out through preprocessing, but in order to prevent a third party from forging, modifying and replaying data, data verification still needs to be carried out on the preprocessed data, and the safety of the data is further ensured. The KCP protocol encapsulation comprises the following steps: packaging the checked data according to a KCP protocol format, submitting the data to an upper layer KCP management module, and continuously processing the data by a subsequent module; meanwhile, after being processed and served by the application layer, the data to be returned to the sending end is sent out through the traditional protocol stack.
Fig. 5A is a timing diagram illustrating establishment of a network communication control link between a receiving end and a transmitting end according to an embodiment of the present invention; fig. 5B is a timing diagram illustrating a data link established between a receiving end and a transmitting end according to an embodiment of the present invention; fig. 5C is a timing diagram illustrating a data packet transmission between a receiving end and a transmitting end according to an embodiment of the present invention; fig. 5D is a timing diagram for disconnecting a link between a receiving end and a sending end according to a specific embodiment of the present invention, as shown in fig. 5A to 5D, fig. 5A shows a timing diagram for establishing a network communication control link, a network card of the receiving end opens a flooding mode, the sending end sends an encryption mode supported by the sending end and a generated random number to the receiving end, the receiving end screens out the random number and the encryption mode from all data packets by using a BPF and an efficient feature matching algorithm, and replies an encryption mode supported by both parties, the generated random number, a certificate authorized by the receiving end, and a public key; after receiving the data, the sending end encrypts a new random number by a public key and an encryption mode sent by the receiving end and sends the encrypted random number to the receiving end; the receiving end receives the data to decrypt, and generates a session key by using three interactive random numbers, and returns the session key and the data link information to the transmitting end.
Fig. 5B shows a timing diagram for establishing a network communication data link, which is established by the transmitting end using information obtained by the network communication control link. The specific process comprises the following steps: sending the generated random number and the encryption mode to a receiving end based on a network communication control link; the receiving terminal utilizes BPF and high-efficiency characteristic matching algorithm to screen out random numbers and encryption modes from all data packets, and replies the encryption modes supported by both sides, the generated random numbers, the certificate authorized by the receiving terminal and a public key to the transmitting terminal; after receiving the data, the sending end encrypts a new random number by a public key and an encryption mode sent by the receiving end and sends the encrypted random number to the receiving end; the receiving end receives the data to decrypt, and generates a session key by using the three interactive random numbers, and returns the session key to the sending end.
FIG. 5C shows a timing diagram for transmitting data packets, after a network communication data link is established, the transmitting end transmits data packets to the receiving end in batches through a sliding window mechanism; the receiving end returns the ID of the received data message to the sending end; and the sending end does not receive the ID of the data message within preset time, and automatically resends the data message which is received by the receiving end in failure according to an overtime mechanism until the data transmission is finished. And the sending end sends the subsequent data message by using lower data transmission rate during waiting for receiving the ID of the data message.
Fig. 5D shows a timing chart of disconnecting the link between the receiving end and the transmitting end, where the network communication data link is disconnected first, and then the network communication control link is disconnected, both initiated by the transmitting end, the disconnected network communication data link must be confirmed by the receiving end, and the transmitting end can be actively disconnected when the disconnected network communication control link cannot receive a response from the receiving end, so as to save network and computing resources on the premise of ensuring communication stability.
The embodiment of the invention provides a non-port shadow communication method based on a KCP (KCP protocol) and a computer storage medium. Monitoring any network port at a receiving end from an unused socket, wherein the receiving end directly captures data messages on a network card by using a driver by adopting a shadow system when receiving the data messages, and then, preprocessing, analyzing, verifying data, packaging into a KCP data packet and submitting an upper layer; and after the upper layer finishes processing, returning the data to the sending end through the traditional protocol stack. The method realizes the non-port communication of the receiving end, and can effectively avoid the problems of poor concealment, easy detection and attack, single data verification and the like caused by monitoring the network communication port. The communication behavior based on the TCP protocol is converted into a UDP-bearing high-efficiency safe KCP protocol, the penetrability of network communication is enhanced, the probability that network data is intercepted by network equipment such as a firewall is reduced, the transmission rate of data messages is enhanced, the data transmission rate is improved under the condition that the communication reliability is ensured, and the problem that the transmission speed of a TCP data packet is low under the condition of network congestion is solved. And defining a control link and a data link for multi-link communication management, wherein the control link is used for establishing and negotiating the session information, and the data link is used for transmitting the session data. The receiving end dynamically updates the data link information and enhances the concealment of the transmission session. The method is greatly helpful for constructing a communication system with high safety, strong concealment and stable transmission, and can be widely applied to the network communication fields of shadow communication systems, security agent systems, anonymous transmission networks and the like.
The embodiments of the invention described above may be implemented in various hardware, software code, or combinations of both. For example, an embodiment of the present invention may also be program code for executing the above method in a Digital Signal Processor (DSP). The invention may also relate to a variety of functions performed by a computer processor, digital signal processor, microprocessor, or Field Programmable Gate Array (FPGA). The processor described above may be configured according to the present invention to perform certain tasks by executing machine-readable software code or firmware code that defines certain methods disclosed herein. Software code or firmware code may be developed in different programming languages and in different formats or forms. Software code may also be compiled for different target platforms. However, the different code styles, types, and languages of software code and other types of configuration code that perform tasks in accordance with the present invention do not depart from the spirit and scope of the present invention.
The foregoing is merely an illustrative embodiment of the present invention, and any equivalent changes and modifications made by those skilled in the art without departing from the spirit and principle of the present invention should fall within the protection scope of the present invention.
Claims (9)
1. A non-port shadow communication method based on a KCP protocol is characterized by comprising the following steps:
the receiving end establishes a network communication control link with the sending end in a network card drive packet capturing mode;
a network communication data link is established between the receiving end and the transmitting end through the network communication control link; and
the receiving end and the transmitting end receive and transmit data messages through the network communication data link based on the KCP protocol,
the method comprises the following steps that a receiving end establishes a network communication control link with a sending end in a network card drive packet capturing mode, and specifically comprises the following steps:
the network card of the receiving end starts a flooding mode, and captures all data packets on the network in a network card drive packet capturing mode;
the sending end sends a first random number and one or more first encryption modes to the receiving end;
the receiving end utilizes a BPF and an efficient feature matching algorithm to screen the first random number and the first encryption mode from all data packets, and replies a second random number, a public key and a second encryption mode to the sending end, wherein the second encryption mode is one of the first encryption modes;
the sending end encrypts a third random number by using the public key and the second encryption mode and sends the encrypted third random number to the receiving end;
the receiving end screens out the encrypted third random number from all data packets by using a BPF and an efficient feature matching algorithm, decrypts the encrypted third random number by using the public key to obtain the third random number, generates a first session key by using the first random number, the second random number and the third random number, and returns the first session key and data link information to the transmitting end; and
and the sending end establishes the network communication control link with the receiving end according to the first session key and the data link information.
2. The KCP protocol-based non-ported shadow communication method of claim 1, wherein after the receiving end sifts out the encrypted third random number from all data packets using BPF and efficient feature matching algorithm, further comprising:
verifying the encrypted third random number using a timestamp, the first random number, the second random number, and a digital signature.
3. The KCP protocol-based non-ported shadow communication method of claim 1, wherein the step of establishing a network communication data link between the receiving end and the transmitting end via the network communication control link specifically comprises:
the sending end sends a fourth random number and one or more first encryption modes to the receiving end based on the network communication control link;
the receiving end utilizes a BPF and an efficient feature matching algorithm to screen out the fourth random number and the first encryption mode from all data packets, and replies a fifth random number, the public key and a third encryption mode to the sending end, wherein the third encryption mode is one of the first encryption modes;
the sending end encrypts a sixth random number by using the public key and the third encryption mode and sends the encrypted sixth random number to the receiving end;
the receiving end screens out the encrypted sixth random number from all data packets by using a BPF (business process function) and an efficient feature matching algorithm, decrypts the encrypted sixth random number by using the public key to obtain the sixth random number, generates a second session key by using the fourth random number, the fifth random number and the sixth random number, and returns the second session key to the transmitting end; and
and the sending end establishes the network communication data link with the receiving end according to the second session key.
4. The no-port shadow communication method based on the KCP protocol as claimed in claim 3, wherein the step of transceiving the data packet between the receiving end and the transmitting end through the network communication data link based on the KCP protocol specifically comprises:
the sending end sends a first data message to the receiving end at a first rate through the network communication control link by using a sliding window mechanism of a KCP protocol, and starts timing;
the receiving end screens the first data message from all data packets by using a BPF (Business Process Format) and an efficient feature matching algorithm, and replies first response information to the transmitting end;
the sending end receives the first response information in preset time, and the transmission of the first data message is finished, wherein the sending end continues to send a second data message to the receiving end at a second rate in preset time, and the second rate is smaller than the first rate;
and the sending end does not receive the response information within preset time, and resends the first data message until the first response information is received.
5. The KCP protocol-based non-ported shadow communication method of claim 4, wherein after the receiving end screens out the first data packet from all data packets by using BPF and efficient feature matching algorithm, further comprising:
and verifying the first data message by adopting a timestamp, the second session key and a digital signature.
6. The KCP protocol-based non-ported shadow communication method of claim 3, wherein after the step of transceiving data packets between the receiving end and the transmitting end over the network communication data link based on the KCP protocol, the method further comprises:
and the sending end sequentially initiates the operation of disconnecting the network communication data link and the network communication control link.
7. The no-port shadow communication method based on the KCP protocol of claim 6, wherein the step of the sending end sequentially initiating the operation of disconnecting the network communication data link and the network communication control link, specifically comprises:
the sending end sends first notification information for disconnecting the network communication data link to the receiving end through the network communication data link, and starts timing;
the receiving end screens out the first notification information from all data packets by using a BPF (Business process Format) and an efficient feature matching algorithm, and replies first disconnection information to the sending end;
after the sending end receives the first disconnection information in preset time, the network communication data link is disconnected;
the sending end does not receive the first disconnection information within preset time, and resends the first notification information until the first disconnection information is received;
the sending end sends second notification information for disconnecting the network communication control link to the receiving end through the network communication control link, and starts timing;
the receiving end screens out the second notification information from all data packets by using a BPF (Business process Format) and an efficient feature matching algorithm, and replies second disconnection information to the sending end;
after the sending end receives the second disconnection information in preset time, the network communication control link is disconnected; and
and the sending end does not receive the second disconnection information within preset time and forcibly disconnects the network communication control link.
8. The KCP protocol-based non-ported shadow communication method of claim 7, wherein after the receiving end filters out the first notification information from all data packets using BPF and efficient feature matching algorithm, further comprising:
verifying the first notification information using a timestamp, the second session key and a digital signature,
after the receiving end utilizes the BPF and the efficient feature matching algorithm to screen out the second notification information from all the data packets, the method further comprises the following steps:
verifying the second notification information using a timestamp, the first session key, and a digital signature.
9. A computer storage medium containing computer executable instructions which, when processed by a data processing apparatus, perform the KCP protocol based non-ported shadow communication method of any one of claims 1 to 8.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201811024376.0A CN109005194B (en) | 2018-09-04 | 2018-09-04 | No-port shadow communication method based on KCP protocol and computer storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201811024376.0A CN109005194B (en) | 2018-09-04 | 2018-09-04 | No-port shadow communication method based on KCP protocol and computer storage medium |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN109005194A CN109005194A (en) | 2018-12-14 |
| CN109005194B true CN109005194B (en) | 2020-10-27 |
Family
ID=64590318
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201811024376.0A Active CN109005194B (en) | 2018-09-04 | 2018-09-04 | No-port shadow communication method based on KCP protocol and computer storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN109005194B (en) |
Families Citing this family (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN111176961B (en) * | 2019-12-05 | 2022-03-29 | 腾讯科技(深圳)有限公司 | Application program testing method and device and storage medium |
| CN111404842B (en) * | 2019-12-11 | 2024-04-09 | 杭州海康威视系统技术有限公司 | Data transmission method, device and computer storage medium |
| CN111405298A (en) * | 2020-02-17 | 2020-07-10 | 重庆邮电大学 | Android end-to-end live broadcast method based on KCP protocol |
| CN113890896A (en) * | 2021-09-24 | 2022-01-04 | 中移(杭州)信息技术有限公司 | Network access method, communication device, and computer-readable storage medium |
| CN114221801A (en) * | 2021-12-08 | 2022-03-22 | 山东浪潮工业互联网产业股份有限公司 | Network security communication method and device |
| CN114598497B (en) * | 2022-01-26 | 2023-10-20 | 南京南瑞信息通信科技有限公司 | Data isolation device and method based on transmission card error-correcting multichannel |
| CN115955517B (en) * | 2023-03-10 | 2023-07-28 | 北京太一星晨信息技术有限公司 | Message processing method and system |
| CN117896035B (en) * | 2024-03-14 | 2024-06-04 | 杭州义益钛迪信息技术有限公司 | Data acquisition method and equipment of edge controller |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102739473A (en) * | 2012-07-09 | 2012-10-17 | 南京中兴特种软件有限责任公司 | Network detecting method using intelligent network card |
| CN103036904A (en) * | 2012-12-27 | 2013-04-10 | 东方通信股份有限公司 | Method of data reliable transmission with user datagram protocol (UDP) in communication network |
| CN104767734A (en) * | 2015-03-18 | 2015-07-08 | 欧普照明股份有限公司 | Network communication system |
| CN105493524A (en) * | 2013-07-25 | 2016-04-13 | 康维达无线有限责任公司 | End-to-end M2M service layer sessions |
Family Cites Families (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US8392631B1 (en) * | 2008-10-02 | 2013-03-05 | Apple Inc. | Methods and apparatus for transmitting data streams via a heterogeneous network |
-
2018
- 2018-09-04 CN CN201811024376.0A patent/CN109005194B/en active Active
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102739473A (en) * | 2012-07-09 | 2012-10-17 | 南京中兴特种软件有限责任公司 | Network detecting method using intelligent network card |
| CN103036904A (en) * | 2012-12-27 | 2013-04-10 | 东方通信股份有限公司 | Method of data reliable transmission with user datagram protocol (UDP) in communication network |
| CN105493524A (en) * | 2013-07-25 | 2016-04-13 | 康维达无线有限责任公司 | End-to-end M2M service layer sessions |
| CN104767734A (en) * | 2015-03-18 | 2015-07-08 | 欧普照明股份有限公司 | Network communication system |
Non-Patent Citations (1)
| Title |
|---|
| 基于模式匹配与协议分析的分布式入侵检测研究;邓全才;《中国优秀硕士学位论文全文数据库 信息科技辑》;20120115;全文 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN109005194A (en) | 2018-12-14 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN109005194B (en) | No-port shadow communication method based on KCP protocol and computer storage medium | |
| US9438592B1 (en) | System and method for providing unified transport and security protocols | |
| US6779033B1 (en) | System and method for transacting a validated application session in a networked computing environment | |
| US8572382B2 (en) | Out-of band authentication method and system for communication over a data network | |
| US8051480B2 (en) | System and method for monitoring and analyzing multiple interfaces and multiple protocols | |
| CN110198293B (en) | Attack protection method and device for server, storage medium and electronic device | |
| CN102291441B (en) | Method and security agent device for protecting against attack of synchronize (SYN) Flood | |
| US20120227088A1 (en) | Method for authenticating communication traffic, communication system and protective apparatus | |
| US20060221946A1 (en) | Connection establishment on a tcp offload engine | |
| US20050144441A1 (en) | Presence validation to assist in protecting against Denial of Service (DOS) attacks | |
| CN110266678B (en) | Security attack detection method and device, computer equipment and storage medium | |
| CN111064755B (en) | Data protection method and device, computer equipment and storage medium | |
| CN111988289B (en) | EPA industrial control network security test system and method | |
| US9641485B1 (en) | System and method for out-of-band network firewall | |
| CA3159619A1 (en) | Packet processing method and apparatus, device, and computer-readable storage medium | |
| US8973143B2 (en) | Method and system for defeating denial of service attacks | |
| Cao et al. | 0-rtt attack and defense of quic protocol | |
| CN108667829A (en) | A kind of means of defence of network attack, device and storage medium | |
| Rana et al. | A Study and Detection of TCP SYN Flood Attacks with IP spoofing and its Mitigations | |
| US11689517B2 (en) | Method for distributed application segmentation through authorization | |
| US11310265B2 (en) | Detecting MAC/IP spoofing attacks on networks | |
| US7424741B1 (en) | Method and system for prevention of network denial-of-service attacks | |
| KR101971995B1 (en) | Method for decryping secure sockets layer for security | |
| CN115426654A (en) | Method for constructing network element abnormity detection model facing 5G communication system | |
| CN112565309B (en) | Message processing method, device, equipment and storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |