CN109639694A - A kind of data packet matched algorithm of firewall of rule-based tree retrieval - Google Patents

A kind of data packet matched algorithm of firewall of rule-based tree retrieval Download PDF

Info

Publication number
CN109639694A
CN109639694A CN201811563774.XA CN201811563774A CN109639694A CN 109639694 A CN109639694 A CN 109639694A CN 201811563774 A CN201811563774 A CN 201811563774A CN 109639694 A CN109639694 A CN 109639694A
Authority
CN
China
Prior art keywords
rule
field
data packet
matched
matching
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Withdrawn
Application number
CN201811563774.XA
Other languages
Chinese (zh)
Inventor
韩飞
季统凯
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
G Cloud Technology Co Ltd
Original Assignee
G Cloud Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by G Cloud Technology Co Ltd filed Critical G Cloud Technology Co Ltd
Priority to CN201811563774.XA priority Critical patent/CN109639694A/en
Publication of CN109639694A publication Critical patent/CN109639694A/en
Withdrawn legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • H04L63/0227Filtering policies
    • H04L63/0263Rule management
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Business, Economics & Management (AREA)
  • General Business, Economics & Management (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The present invention relates to a kind of data packet matched algorithms of firewall of rule-based tree retrieval.The method of the present invention includes preprocessing rules, building rule tree and data packet matched;Preprocessing rule is that formalization and standardization are carried out to rule, generates the consistent rule set of structural integrity;Constructing rule tree is to handle strictly all rules, generates one by tree data structure tissue, storing strictly all rules information, being easy and fast to retrieval;Data packet matched includes: that matched data packet is wanted in 1, parsing, obtains data packet feature;2, according to the rule tree of building, retrieval matching is carried out to each feature of data packet one by one, is finally matched to certain rule;Matching is counted and backtracking is counted and recorded;3, the strategy for the rule setting being matched to is executed, or matching executes default policy less than rule.The present invention provides a kind of performance is outstanding, space complexity is controllable, supports the friendly data packet matched algorithm of firewall to increase and decrease rule.

Description

A kind of data packet matched algorithm of firewall of rule-based tree retrieval
Technical field
The present invention relates to field of information security technology, especially a kind of firewall of rule-based tree retrieval is data packet matched Algorithm.
Background technique
In the information age, tissue and individual are generating mass data and demand all the time, and pass through network and hand over Mutually transmission.Conceal a large amount of fallacious message again among these.Firewall rises as the important means and facility to guarantee network security Indispensable role.One of core operating principle of firewall box is exactly the rule according to default or acquistion, to passing Data packet is carried out checking matching and be handled.Among these, communication data matching performance become influence Firewall Network handling capacity with The key of response speed.High performance data packet matched strategy and algorithm have great meaning to optimization firewall box network performance Justice.
Traditional firewall rule matching algorithm has various incomplete places.
For example the netfilter firewall frame of linux, the matching to rule are that simple sequence matches, and are had linear Time complexity, the inefficiency under extensive regular scene.
Ternary CAM algorithm, Bitmap Intersection algorithm etc. are the algorithms based on special chip and equipment, The scope of application is narrow.
Hierachical Tries is a kind of longest prefix match algorithm based on Trie tree, and the algorithm is to regular dimension Scalability support poor, rule dynamic updates difficult, do not support the flexible and efficient matching of service logic level, such as The comparison of location range, port range;Set-Pruning Tries algorithm improves Hierachical by copy rule The backtracking problem of Tries algorithm, but the difficulty that space complexity rises and updates rule to dynamic is brought again;
RFC algorithm is another kind of typical packet classification and rule matching algorithm, core concept are the intersections of building rule Product table realizes efficient matchings.The algorithm realize it is more complicated, extensive rule set, multidimensional scene under, the pre- place of rule Reason and the space complexity for generating crossed product table are uncontrollable.
There are also another large class algorithm, core concept is that (statistical data can be with based on the history match number statistics to rule Counted from firewall engine or Firewall Log), to adjust the matching order and priority of rule, to reach reduction rule Mean match quantity, improve the effect of performance.The shortcomings that this kind of algorithm, is that its key is to rely on history match number statistics, The feature and matching statistical conditions of pending data are relied on, therefore performance is unstable, advantage is to realize very simply.
Summary of the invention
Present invention solves the technical problem that being to provide a kind of data packet matched algorithm of firewall of rule-based tree retrieval; It provides that a kind of performance is outstanding, and space complexity is controllable, friendly algorithm is supported to increase and decrease rule.
The technical solution that the present invention solves above-mentioned technical problem is:
The method includes: preprocessing rule, building rule tree and data packet matched;
The preprocessing rule is formalization and standardization to be carried out to rule, including logic reasonableness check, patrol Relationship fractured operation is collected, the consistent rule set of structural integrity is generated;
The building rule tree is to handle strictly all rules, generate one by tissue, store all rule Then information, be easy and fast to retrieval tree data structure;
It is described data packet matched to include the following steps:
Step 1: matched data packet is wanted in parsing, obtains data packet feature;
Step 2: according to the rule tree of building, retrieval matching being carried out to each feature of data packet one by one, is finally matched to Certain rule;Matching is counted and backtracking is counted and recorded;
Step 3: executing the strategy for the rule setting being matched to, or matching executes default policy less than rule.
The building rule tree includes the following steps:
One, identification serial number is assigned to each rule;
Two, every rule is decomposed by field, the field of strictly all rules same type forms a table;Identical value then merges Storage;By serial number hashed table index;The field of a type is selected to serve as root node as the case may be.
The retrieval of the root node field is carried out by hash index.
The method all records backtracking number to the node that the matching process of field is every a kind of field, according to every class word The size of the sum of the backtracking counting of section, to adjust matched priority;Matching order is counted by backtracking and is successively carried out from small to large.
The method all records backtracking number to the node that the matching process of field is every a kind of field, according to every class word The size of the sum of the backtracking counting of section, to adjust matched priority;Matching order is counted by backtracking and is successively carried out from small to large.
In the method, data packet feature is matched respectively according to type and sequencing;Every successful match one A field matches next field just according to the correlation rule serial number chained list ref_list that it is recorded;Multiple rules in chained list Serial number presses the statistical counting of successful match, sorts from large to small, is successively matched;The number of regulation of successful match, count increase Counting is added to record, and according to the successive sequence for counting adjustment catena;Successful match rate is improved by matching counter mechanism, is subtracted Unsuccessful caused backtracking is matched less;If fields match fails, a field is retracted, the chain for matching a field is removed The next number of regulation recorded in table;If all it fails to match for all serial numbers, increase the backtracking fail count of this field, then Upper level field is retracted, next matching is carried out.
Using the present invention is based on the data packet matched algorithm of rule tree retrieval and correlated performance optimisation strategy, may be implemented To the Rapid matching of data in firewall class equipment, to improve the performance of data processing.Meanwhile and it can guarantee the simple of algorithm And applicability, there is good Time & Space Complexity, be easy to dynamic alteration ruler.
Detailed description of the invention
The following further describes the present invention with reference to the drawings:
Fig. 1 is peer-port field schematic diagram of the present invention;
Fig. 2 is Node field index logic figure of the present invention;
Fig. 3 is the flow chart of algorithm initialization building rule tree in the embodiment of the present invention;
Fig. 4 is the schematic diagram of rule tree matched data packet in the embodiment of the present invention.
Specific embodiment
See Fig. 3, is the present invention one flow chart for constructing and handling data packet including rule tree.Including following method:
Step 1: preprocessing rule.
Preprocessing rule handles the firewall rule of input.The firewall herein referred to, including network firewall, Database firewall, Web application firewall etc. be all access control is realized based on data classification and rule match principle be System and equipment.Algorithm of the present invention is all applicable in them.
In the embodiment, the firewall rule of input is pre-processed, to carry out the structure of rule tree for next stage It builds;
Its concrete operations includes are as follows: carries out formalization and standardization to rule.If the rule submitted is in describing word Duan Shangyou missing, then completion in logic is carried out to rule.Check completion after rule with the presence or absence of it is equal in logic, wrapped Containing situations such as, have, simplify.To with complex logic, such as list, include, mutually with rule decomposed.After processing, just The rule set with uniform structure and complete business logic is obtained.
For example, by taking network firewall rule as an example.The rule of network firewall without loss of generality, at least has 6 dimensions Degree, they are:
Rule=(source address, source port, destination address, destination port, transport layer protocol, state);
Formal Representation are as follows:
R=(S1, S2, S3, S4, S5, S6)
Here S1, S2 etc. are known as a field, and the field of different location has different meanings.Assuming that there is a rule, prohibit The request for only accessing 80 and 8888 ports enters.For this rule, searches, can convert by logical breakdown and field completion etc. For two rules:
R1=(*, *, *, 80, TCP, SYN)
R2=(*, *, *, 8888, TCP, SYN)
* number indicate that the rule field is without restriction to content, principle is consistent, only a kind of special circumstances.This step generates The rule of standardization and structuring, convenient for being handled in next step.
Step 2: building rule tree.This step is the core and key component of algorithm of the present invention, and how description constructs One rule tree.
In the embodiment, strictly all rules are handled, then generate one by tissue, store strictly all rules letter Tree data structure ceasing, being easy and fast to retrieval, referred to herein as rule tree.Construction step is as follows:
One, identification serial number is assigned to each rule, for positioning and identifying.Identification serial number can be simply with just whole Number;
R1=(S11, S12, S13, S14, S15, S16)
R2=(S21, S22, S23, S24, S25, S26)
R3=(S31, S32, S33, S34, S35, S36)
...
Rn=(Sn1, Sn2, Sn3, Sn4, Sn5, Sn6)
Two, every rule is decomposed by field, the field of strictly all rules same type forms a table, and the element of table is exactly The field of same type, such as (S11, S21, S31, S41...Sn1).Merge it if having repetition in field, and remembers It records in the same element, the number of regulation that the element is stored also is had recorded in element.The number of regulation of element record is used for It is associated with other rule fields.The element of the table is indexed using Hash table, such as typically, is indexed with number of regulation, Hash Space size is exactly regular population size.As shown in Fig. 1 peer-port field.
In Fig. 1, the data structure of number concordance list realizes that example code (C language description) is as follows:
In this way, successively handling all fields of rule, multiple tables are obtained;Between different tables, number of regulation is made It is interrelated for index, form a rule tree.Multiple nodes of identical value can be indicated by a node, and be recorded Their serial number.This rule tree may have multiple root nodes, number of nodes depend on serving as root node field how many.Example Such as, if serving as root node with protocol type field, root node is with regard to there are three, because transport layer protocol has TCP, UDP at present With tri- kinds of SCTP.
It is the basic skills of tree building above, in addition there are two more crucial places.First is how root node is examined Rope, because the possible more than one of root node, and there is no field that can be associated with thereon before it;Second is multiple fields match Sequencing problem, this problem include select what field serve as root node.Illustrate separately below.
First problem carries out quick-searching by carrying out hash index to root node field.Such as Fig. 2, root node by Protocol fields are served as.Assuming that network firewall supports 3 kinds of transport layer protocols, it is TCP, UDP and SCTP respectively, uses certain side Method, such as packet header length, to represent the type of packet, so that Hash table is constructed, to realize index.Such as with destination port word Section does root node, then can directly be indexed with port numbers.Method is all applicable to all types of fields.
Second Problem, the matching sequencing of each field, principle are to reduce backtracking, improve recall precision.Method is The node of every one kind field can all record backtracking number, the size of the sum of backtracking counting according to every class field, to adjust matching Priority.Matching order is counted by backtracking and is successively carried out from small to large.When constructing rule tree, the difference of each field Value, such as the value of the destination port field of Fig. 2,21,80,1024 etc., the data structure of each value contains recall_count Field.The sum of the recall_count field of data structure of 21,80,1024 equal nodes, is exactly the backtracking meter of port class field The sum of number.
Step 3: rule tree building finishes, can be used for data packet matched.As shown in Figure 4.
After Fig. 4 is rule tree building, the basic logic schematic diagram of data packet matched process.Include the following steps:
Step 1: parsing data packet, obtains each feature field of description data packet feature.With network described in preceding step It (is not excluded for also matching other features, such as link layer protocol in specific implementation) for firewall, is exactly following feature:
Feature=(source address, source port, destination address, destination port, transport layer protocol, state)
Step 2: according to the building situation of rule tree, it is known that the type and sequencing of each fields match.Foundation This type and sequencing respectively match data packet feature.Whether the port for such as matching port record is consistent.Every matching As soon as success field matches next field according to the correlation rule serial number chained list ref_list that it is recorded.It is more in chained list A number of regulation is the statistical counting by successful match, is sorted from large to small, and can successively be matched.The rule of successful match Then serial number, count will increase counting record, and according to the successive sequence for counting adjustment catena.By matching counter mechanism come Successful match rate is improved, the unsuccessful caused backtracking of matching is reduced.If fields match fails, a field is retracted, is gone Match the next number of regulation recorded in the chained list of a field.If all it fails to match for all serial numbers, increase this word The backtracking fail count of section, then upper level field is retracted, carry out next matching.
Step 3: in this way, until being matched to a rule, the then operation strategy of executing rule setting;If matching is not To any rule, then the default policy of firewall setting is executed.Pseudocode is as follows:
It key improvements point of the invention and solves the problems, such as follows:
One, semantic and service logic level decomposition is carried out to the rule of rule set (to be different from and calculate based on longest-prefix tree The HT matching algorithm of method), and rule tree is constructed based on obtained field is decomposed.The processing method of such rule set has simply, The features such as Time & Space Complexity is controllable, supports elastic traffic logic, as port range matches;
Two, the retrieval of root node is based on hash algorithm, realizes the retrieval of O (1) time complexity;
Three, rule tree realize data structure support matching counter mechanism, can in real time dynamic adjustment member have it is identical The matching priority of the rule of feature field, reduces the backtracking quantity of coupling path;
The data structure that rule tree is realized supports backtracking counter mechanism, dynamically adjusts multiple words in real time based on this counter mechanism The matching issue of priority of section realizes matched minimum total backtracking number, improves retrieval performance.

Claims (6)

1. a kind of data packet matched algorithm of firewall of rule-based tree retrieval, it is characterised in that: the method includes: pre- place Reason rule, building rule tree and data packet matched;
The preprocessing rule is formalization and standardization to be carried out to rule, including logic reasonableness check, logic are closed It is fractured operation, generates the consistent rule set of structural integrity;
The building rule tree is to handle strictly all rules, generate one by tissue, store strictly all rules letter Tree data structure ceasing, being easy and fast to retrieval;
It is described data packet matched to include the following steps:
Step 1: matched data packet is wanted in parsing, obtains data packet feature;
Step 2: according to the rule tree of building, retrieval matching being carried out to each feature of data packet one by one, is finally matched to certain Rule;Matching is counted and backtracking is counted and recorded;
Step 3: executing the strategy for the rule setting being matched to, or matching executes default policy less than rule.
2. according to the method described in claim 1, it is characterized by:
The building rule tree includes the following steps:
One, identification serial number is assigned to each rule;
Two, every rule is decomposed by field, the field of strictly all rules same type forms a table;Identical value, which then merges, deposits Storage;By serial number hashed table index;The field of a type is selected to serve as root node as the case may be.
3. according to the method described in claim 2, it is characterized by:
The retrieval of the root node field is carried out by hash index.
4. according to the method described in claim 2, it is characterized by:
The method all records backtracking number to the node that the matching process of field is every a kind of field, according to every class field The size of the sum of backtracking counting, to adjust matched priority;Matching order is counted by backtracking and is successively carried out from small to large.
5. according to the method described in claim 3, it is characterized by:
The method all records backtracking number to the node that the matching process of field is every a kind of field, according to every class field The size of the sum of backtracking counting, to adjust matched priority;Matching order is counted by backtracking and is successively carried out from small to large.
6. according to the method described in claim 1, it is characterized by:
In the method, data packet feature is matched respectively according to type and sequencing;One word of every successful match Section matches next field just according to the correlation rule serial number chained list ref_list that it is recorded;Multiple number of regulations in chained list By the statistical counting of successful match, sorts from large to small, successively matched;The number of regulation of successful match, count increase meter Number scale record, and according to the successive sequence for counting adjustment catena;Successful match rate, reduction are improved by matching counter mechanism With unsuccessful caused backtracking;If fields match fails, a field is retracted, is gone in the chained list for matching a field Next number of regulation of record;If all it fails to match for all serial numbers, increase the backtracking fail count of this field, then retracts Upper level field carries out next matching.
CN201811563774.XA 2018-12-20 2018-12-20 A kind of data packet matched algorithm of firewall of rule-based tree retrieval Withdrawn CN109639694A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201811563774.XA CN109639694A (en) 2018-12-20 2018-12-20 A kind of data packet matched algorithm of firewall of rule-based tree retrieval

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201811563774.XA CN109639694A (en) 2018-12-20 2018-12-20 A kind of data packet matched algorithm of firewall of rule-based tree retrieval

Publications (1)

Publication Number Publication Date
CN109639694A true CN109639694A (en) 2019-04-16

Family

ID=66075894

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201811563774.XA Withdrawn CN109639694A (en) 2018-12-20 2018-12-20 A kind of data packet matched algorithm of firewall of rule-based tree retrieval

Country Status (1)

Country Link
CN (1) CN109639694A (en)

Cited By (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110113356A (en) * 2019-05-22 2019-08-09 北京明朝万达科技股份有限公司 A kind of data monitoring method and device
CN110336841A (en) * 2019-08-09 2019-10-15 深圳证券交易所 Detection method, detection device and the readable storage medium storing program for executing of firewall rule
CN110417745A (en) * 2019-07-03 2019-11-05 长沙学院 A kind of rule matching method and system for supporting the processing of ModbusTCP low delay
CN110708317A (en) * 2019-10-10 2020-01-17 深圳市网心科技有限公司 Data packet matching method, device, network equipment and storage medium
CN111241138A (en) * 2020-01-14 2020-06-05 北京恒光信息技术股份有限公司 Data matching method and device
CN111614689A (en) * 2020-05-27 2020-09-01 北京天融信网络安全技术有限公司 Message forwarding method and device for state firewall
CN113542204A (en) * 2020-04-22 2021-10-22 中国电信股份有限公司 Protection rule generation method and device and storage medium
CN113688289A (en) * 2020-05-19 2021-11-23 中移(成都)信息通信科技有限公司 Data packet key field matching method, device, equipment and storage medium
CN113810242A (en) * 2020-06-16 2021-12-17 中盈优创资讯科技有限公司 System log analysis method and device
CN114189572A (en) * 2021-12-16 2022-03-15 深圳市领创星通科技有限公司 Packet detection rule matching method, device, network element and storage medium
CN116633865A (en) * 2023-07-25 2023-08-22 北京城建智控科技股份有限公司 Network flow control method and device, electronic equipment and storage medium

Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101888369A (en) * 2009-05-15 2010-11-17 北京启明星辰信息技术股份有限公司 Method and device for matching network message rules
CN102487374A (en) * 2010-12-01 2012-06-06 中兴通讯股份有限公司 Access control list realization method and apparatus thereof
CN103973684A (en) * 2014-05-07 2014-08-06 北京神州绿盟信息安全科技股份有限公司 Rule compiling and matching method and device
US20140282854A1 (en) * 2013-03-13 2014-09-18 FireMon, LLC System and method for modeling a networking device policy
CN104468161A (en) * 2013-09-17 2015-03-25 中国移动通信集团设计院有限公司 Configuration method and apparatus of firewall rule set, and firewall
CN105357118A (en) * 2015-10-23 2016-02-24 上海斐讯数据通信技术有限公司 Rule based flow classifying method and system
CN106534095A (en) * 2016-10-27 2017-03-22 成都知道创宇信息技术有限公司 Fast matching method for WAF security rules

Patent Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101888369A (en) * 2009-05-15 2010-11-17 北京启明星辰信息技术股份有限公司 Method and device for matching network message rules
CN102487374A (en) * 2010-12-01 2012-06-06 中兴通讯股份有限公司 Access control list realization method and apparatus thereof
US20140282854A1 (en) * 2013-03-13 2014-09-18 FireMon, LLC System and method for modeling a networking device policy
CN104468161A (en) * 2013-09-17 2015-03-25 中国移动通信集团设计院有限公司 Configuration method and apparatus of firewall rule set, and firewall
CN103973684A (en) * 2014-05-07 2014-08-06 北京神州绿盟信息安全科技股份有限公司 Rule compiling and matching method and device
CN105357118A (en) * 2015-10-23 2016-02-24 上海斐讯数据通信技术有限公司 Rule based flow classifying method and system
CN106534095A (en) * 2016-10-27 2017-03-22 成都知道创宇信息技术有限公司 Fast matching method for WAF security rules

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
何祥滨等: ""基于哈夫曼树的防火墙规则动态优化的研究"", 《计算机与现代化》 *

Cited By (17)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110113356A (en) * 2019-05-22 2019-08-09 北京明朝万达科技股份有限公司 A kind of data monitoring method and device
CN110417745B (en) * 2019-07-03 2021-09-03 长沙学院 Rule matching method and system supporting ModbusTCP low-delay processing
CN110417745A (en) * 2019-07-03 2019-11-05 长沙学院 A kind of rule matching method and system for supporting the processing of ModbusTCP low delay
CN110336841A (en) * 2019-08-09 2019-10-15 深圳证券交易所 Detection method, detection device and the readable storage medium storing program for executing of firewall rule
CN110708317A (en) * 2019-10-10 2020-01-17 深圳市网心科技有限公司 Data packet matching method, device, network equipment and storage medium
CN110708317B (en) * 2019-10-10 2022-09-20 深圳市网心科技有限公司 Data packet matching method, device, network equipment and storage medium
CN111241138A (en) * 2020-01-14 2020-06-05 北京恒光信息技术股份有限公司 Data matching method and device
CN111241138B (en) * 2020-01-14 2024-02-06 北京恒光信息技术股份有限公司 Data matching method and device
CN113542204A (en) * 2020-04-22 2021-10-22 中国电信股份有限公司 Protection rule generation method and device and storage medium
CN113688289A (en) * 2020-05-19 2021-11-23 中移(成都)信息通信科技有限公司 Data packet key field matching method, device, equipment and storage medium
CN113688289B (en) * 2020-05-19 2023-11-24 中移(成都)信息通信科技有限公司 Data packet key field matching method, device, equipment and storage medium
CN111614689B (en) * 2020-05-27 2021-02-19 北京天融信网络安全技术有限公司 Message forwarding method and device for state firewall
CN111614689A (en) * 2020-05-27 2020-09-01 北京天融信网络安全技术有限公司 Message forwarding method and device for state firewall
CN113810242A (en) * 2020-06-16 2021-12-17 中盈优创资讯科技有限公司 System log analysis method and device
CN114189572A (en) * 2021-12-16 2022-03-15 深圳市领创星通科技有限公司 Packet detection rule matching method, device, network element and storage medium
CN116633865A (en) * 2023-07-25 2023-08-22 北京城建智控科技股份有限公司 Network flow control method and device, electronic equipment and storage medium
CN116633865B (en) * 2023-07-25 2023-11-07 北京城建智控科技股份有限公司 Network flow control method and device, electronic equipment and storage medium

Similar Documents

Publication Publication Date Title
CN109639694A (en) A kind of data packet matched algorithm of firewall of rule-based tree retrieval
CN1881950B (en) Packet classification acceleration using spectral analysis
CN101213811B (en) Multi-pattern packet content inspection mechanisms employing tagged values
Singh et al. Bloom filter based optimization scheme for massive data handling in IoT environment
Baboescu et al. Scalable packet classification
US9208438B2 (en) Duplication in decision trees
Kogan et al. SAX-PAC (scalable and expressive packet classification)
US7930547B2 (en) High accuracy bloom filter using partitioned hashing
CN101258721B (en) Stateful packet content matching mechanisms
US20150117461A1 (en) Packet Classification
Meiners et al. Hardware based packet classification for high speed internet routers
CN104243315A (en) Apparatus and Method for Uniquely Enumerating Paths in a Parse Tree
US8095549B2 (en) Searching for strings in messages
WO2010056267A1 (en) Method and system for classifying date packets
US11327974B2 (en) Field variability based TCAM splitting
CN100385880C (en) Packet classification apparatus and method using field level tries
US9647947B2 (en) Block mask register key processing by compiling data structures to traverse rules and creating a new rule set
CN110324245A (en) A kind of method and device to be E-Packeted based on integrated flow table
Ficara et al. Enhancing counting bloom filters through huffman-coded multilayer structures
CN112131356B (en) Message keyword matching method and device based on TCAM
CN106487769B (en) Method and device for realizing Access Control List (ACL)
Lee et al. Dual-load Bloom filter: Application for name lookup
CN107204891A (en) A kind of method and device of the lower message identification of magnanimity rule
US9900409B2 (en) Classification engine for data packet classification
Yang Hybrid single‐packet IP traceback with low storage and high accuracy

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
WW01 Invention patent application withdrawn after publication
WW01 Invention patent application withdrawn after publication

Application publication date: 20190416