CN110098970A - A kind of High Performance Protocol recovery module based on more frames - Google Patents

A kind of High Performance Protocol recovery module based on more frames Download PDF

Info

Publication number
CN110098970A
CN110098970A CN201810089577.2A CN201810089577A CN110098970A CN 110098970 A CN110098970 A CN 110098970A CN 201810089577 A CN201810089577 A CN 201810089577A CN 110098970 A CN110098970 A CN 110098970A
Authority
CN
China
Prior art keywords
thread
protocol
session management
dec
frames
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201810089577.2A
Other languages
Chinese (zh)
Inventor
傅涛
冯凌
朱平
王力
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Jiangsu's Software Polytron Technologies Inc
Original Assignee
Jiangsu's Software Polytron Technologies Inc
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Jiangsu's Software Polytron Technologies Inc filed Critical Jiangsu's Software Polytron Technologies Inc
Priority to CN201810089577.2A priority Critical patent/CN110098970A/en
Publication of CN110098970A publication Critical patent/CN110098970A/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L43/00Arrangements for monitoring or testing data switching networks
    • H04L43/18Protocol analysers
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic

Abstract

The present invention relates to a kind of High Performance Protocol recovery modules based on more frames, including DEC thread, reduction library point to throw interface, session management thread and protocol analysis thread.The present invention is used for protocol assembly, carries out parsing reduction to the traffic messages for entering DEC process, produces ticket and rawfile, is suitable for the occasions such as network flow monitoring, sensitive information detection, rogue program monitoring.

Description

A kind of High Performance Protocol recovery module based on more frames
Technical field
The present invention relates to network safety fileds, and in particular to a kind of High Performance Protocol recovery module based on more frames.
Background technique
DPI(Deep Packet Inspection) message content depth recognition, it is network safety filed front end, is also Most basic component.The depth of DPI be with general analysis in comparison, common packet check only analyzing IP layer the following contents, It include: source IP, destination IP, source port, destination port, protocol type.But existing various network communications have used proprietary protocol, It is off-gauge to be communicated using the arbitrary port TCP/UDP, the difficulty of identification is increased, common mode, nothing are used Method accurately identifies agreement.Accurately to understand the information such as type of service and the uninterrupted that message is carried, it is necessary to track The protocol interaction process of service application, and the identification of depth is carried out to the load payload of message.
Protocol assembly module has following application:
(1) spam in network is analyzed
For the Spam filtering module service on upper layer, application layer data below and following are provided for Spam filtering module The interface of each layer, spam module only need to focus on application layer POP3 agreement and smtp protocol processing, directly use Protocol assembly module is inputted as lower layer.
(2) it is used for IPS intrusion prevention system
IP layers of various information and IP packet content are provided for IPS intrusion prevention system, include IP address data and long data packet Degree etc..IPS on the basis of protocol assembly module, can carry out the defence exploitation of various invasion modes.
Summary of the invention
The purpose of the present invention is to provide a kind of High Performance Protocol recovery modules based on more frames, it is used for agreement also Original carries out parsing reduction to the traffic messages for entering DEC process, produces ticket and rawfile, is suitable for network flow and supervises The occasions such as control, sensitive information detection, rogue program monitoring.
Realizing the technical solution of the object of the invention is: a kind of High Performance Protocol recovery module based on more frames, feature Be: it mainly includes DEC thread, reduction library point throwing interface, session management thread and protocol analysis thread.DEC thread with also Interface connection is thrown in former library point, and reduction library point is thrown interface and connect with session management thread, session management thread and protocol analysis thread Connection.
The working principle of the invention is: DEC process includes tri- kinds of SDEC, MDEC, PDEC, and DEC process is receiving data, report Wen Hou throws interface by reduction library point, is reported to session management thread, and protocol analysis thread is fetched evidence from session management thread Carry out parsing reduction.
Compared with prior art, the invention has the following advantages that (1) supports flow linearly to expand;(2) using plug-in unit Protocol frame is restored, the later period is facilitated to extend;(3) demand of user is responded rapidly;(4) be compatible with from it is low be fitted on it is high match it is hard Part environment.
Detailed description of the invention
Fig. 1 is a kind of frame assembly figure of High Performance Protocol recovery module based on more frames.
Specific embodiment
Present invention is further described in detail with reference to the accompanying drawing.
In conjunction with Fig. 1, a kind of High Performance Protocol recovery module based on more frames of the present invention, it mainly includes DEC thread (1), interface (2), session management thread (3) and protocol analysis thread (4) are thrown in reduction library point.DEC thread (1) and reduction library point are thrown Interface (2) connection, reduction library point are thrown interface (2) and are connect with session management thread (3), session management thread (3) and protocol analysis Thread (4) connection.
In conjunction with Fig. 1, a kind of working principle of the High Performance Protocol recovery module based on more frames of the present invention is: DEC process It (1) include tri- kinds of SDEC, MDEC, PDEC, DEC process (1) throws interface (2) after receiving data, message, through reduction library point, Be reported to session management thread (3), protocol analysis thread (4) from the session management thread (3) access according to carrying out parsing reduction.
A kind of High Performance Protocol recovery module based on more frames of the present invention is used for protocol assembly, to entrance DEC process Traffic messages carry out parsing reduction, produce ticket and rawfile, are suitable for network flow monitoring, sensitive information detection, malice The occasions such as sequential monitoring.

Claims (2)

1. a kind of High Performance Protocol recovery module based on more frames, it is characterised in that: it mainly includes DEC thread (1), reduction Throw interface (2), session management thread (3) and protocol analysis thread (4) in library point;Interface (2) are thrown in DEC thread (1) and reduction library point Connection, reduction library point are thrown interface (2) and are connect with session management thread (3), session management thread (3) and protocol analysis thread (4) Connection.
2. a kind of High Performance Protocol recovery module based on more frames according to claim 1, it is characterised in that: DEC into Journey (1) includes tri- kinds of SDEC, MDEC, PDEC, and DEC process (1) throws interface after receiving data, message, through reduction library point (2), be reported to session management thread (3), protocol analysis thread (4) from the session management thread (3) access according to parse also It is former.
CN201810089577.2A 2018-01-30 2018-01-30 A kind of High Performance Protocol recovery module based on more frames Pending CN110098970A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201810089577.2A CN110098970A (en) 2018-01-30 2018-01-30 A kind of High Performance Protocol recovery module based on more frames

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201810089577.2A CN110098970A (en) 2018-01-30 2018-01-30 A kind of High Performance Protocol recovery module based on more frames

Publications (1)

Publication Number Publication Date
CN110098970A true CN110098970A (en) 2019-08-06

Family

ID=67441960

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201810089577.2A Pending CN110098970A (en) 2018-01-30 2018-01-30 A kind of High Performance Protocol recovery module based on more frames

Country Status (1)

Country Link
CN (1) CN110098970A (en)

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7209473B1 (en) * 2000-08-18 2007-04-24 Juniper Networks, Inc. Method and apparatus for monitoring and processing voice over internet protocol packets
CN104038389A (en) * 2014-06-19 2014-09-10 高长喜 Multiple application protocol identification method and device
CN104348677A (en) * 2013-08-05 2015-02-11 华为技术有限公司 Deep packet inspection method and equipment and coprocessor
CN106549815A (en) * 2015-09-17 2017-03-29 武汉邮电科学研究院 For the apparatus and method of real-time deep application identification in network

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7209473B1 (en) * 2000-08-18 2007-04-24 Juniper Networks, Inc. Method and apparatus for monitoring and processing voice over internet protocol packets
CN104348677A (en) * 2013-08-05 2015-02-11 华为技术有限公司 Deep packet inspection method and equipment and coprocessor
CN104038389A (en) * 2014-06-19 2014-09-10 高长喜 Multiple application protocol identification method and device
CN106549815A (en) * 2015-09-17 2017-03-29 武汉邮电科学研究院 For the apparatus and method of real-time deep application identification in network

Similar Documents

Publication Publication Date Title
CN101902484B (en) Method and system for classifying local area network http application services
CN106506242B (en) Accurate positioning method and system for monitoring network abnormal behaviors and flow
CN103139315A (en) Application layer protocol analysis method suitable for home gateway
CN110401624A (en) The detection method and system of source net G system mutual message exception
US20140189867A1 (en) DDoS ATTACK PROCESSING APPARATUS AND METHOD IN OPENFLOW SWITCH
CN102387045B (en) Embedded point to point (P2P) flow monitoring system and method thereof
CN103795709A (en) Network security detection method and system
US10855549B2 (en) Network data processing driver for a cognitive artificial intelligence system
CN102055674B (en) Internet protocol (IP) message as well as information processing method and device based on same
CN109766695A (en) A kind of network security situational awareness method and system based on fusion decision
CN103780610A (en) Network data recovery method based on protocol characteristics
CN104115463A (en) A streaming method and system for processing network metadata
CN109922048B (en) Method and system for detecting serial scattered hidden threat intrusion attacks
CN102594625A (en) White data filter method and system in APT (Advanced Persistent Threat) intelligent detection and analysis platform
CN104660552A (en) Wireless local area network (WLAN) intrusion detection system
CN103873463A (en) Multistage filter firewall system and multistage filter method
US20170295068A1 (en) Logical network topology analyzer
WO2011134739A1 (en) Method for searching for message sequences, protocol analysis engine and protocol analyzer
CN106254338B (en) Message detecting method and device
CN105847250B (en) VoIP flow media various dimensions information steganography real-time detection method
CN107666486A (en) A kind of network data flow restoration methods and system based on message protocol feature
KR101602189B1 (en) traffic analysis and network monitoring system by packet capturing of 10-giga bit data
CN105007175A (en) Openflow-based flow depth correlation analysis method and system
CN106789728A (en) A kind of voip traffic real-time identification method based on NetFPGA
CN109271217A (en) Network flow detection method and system under cloud environment

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
CB02 Change of applicant information

Address after: 5 / F, building C, Runhe Software Park, 168 software Avenue, Yuhua District, Nanjing City, Jiangsu Province, 210012

Applicant after: Bozhi Safety Technology Co.,Ltd.

Address before: 5 / F, building C, Runhe Software Park, 168 software Avenue, Yuhua District, Nanjing City, Jiangsu Province, 210012

Applicant before: JIANGSU BOZHI SOFTWARE TECHNOLOGY Co.,Ltd.

CB02 Change of applicant information
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication

Application publication date: 20190806

RJ01 Rejection of invention patent application after publication