CN110098970A - A kind of High Performance Protocol recovery module based on more frames - Google Patents
A kind of High Performance Protocol recovery module based on more frames Download PDFInfo
- Publication number
- CN110098970A CN110098970A CN201810089577.2A CN201810089577A CN110098970A CN 110098970 A CN110098970 A CN 110098970A CN 201810089577 A CN201810089577 A CN 201810089577A CN 110098970 A CN110098970 A CN 110098970A
- Authority
- CN
- China
- Prior art keywords
- thread
- protocol
- session management
- dec
- frames
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L43/00—Arrangements for monitoring or testing data switching networks
- H04L43/18—Protocol analysers
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
Abstract
The present invention relates to a kind of High Performance Protocol recovery modules based on more frames, including DEC thread, reduction library point to throw interface, session management thread and protocol analysis thread.The present invention is used for protocol assembly, carries out parsing reduction to the traffic messages for entering DEC process, produces ticket and rawfile, is suitable for the occasions such as network flow monitoring, sensitive information detection, rogue program monitoring.
Description
Technical field
The present invention relates to network safety fileds, and in particular to a kind of High Performance Protocol recovery module based on more frames.
Background technique
DPI(Deep Packet Inspection) message content depth recognition, it is network safety filed front end, is also
Most basic component.The depth of DPI be with general analysis in comparison, common packet check only analyzing IP layer the following contents,
It include: source IP, destination IP, source port, destination port, protocol type.But existing various network communications have used proprietary protocol,
It is off-gauge to be communicated using the arbitrary port TCP/UDP, the difficulty of identification is increased, common mode, nothing are used
Method accurately identifies agreement.Accurately to understand the information such as type of service and the uninterrupted that message is carried, it is necessary to track
The protocol interaction process of service application, and the identification of depth is carried out to the load payload of message.
Protocol assembly module has following application:
(1) spam in network is analyzed
For the Spam filtering module service on upper layer, application layer data below and following are provided for Spam filtering module
The interface of each layer, spam module only need to focus on application layer POP3 agreement and smtp protocol processing, directly use
Protocol assembly module is inputted as lower layer.
(2) it is used for IPS intrusion prevention system
IP layers of various information and IP packet content are provided for IPS intrusion prevention system, include IP address data and long data packet
Degree etc..IPS on the basis of protocol assembly module, can carry out the defence exploitation of various invasion modes.
Summary of the invention
The purpose of the present invention is to provide a kind of High Performance Protocol recovery modules based on more frames, it is used for agreement also
Original carries out parsing reduction to the traffic messages for entering DEC process, produces ticket and rawfile, is suitable for network flow and supervises
The occasions such as control, sensitive information detection, rogue program monitoring.
Realizing the technical solution of the object of the invention is: a kind of High Performance Protocol recovery module based on more frames, feature
Be: it mainly includes DEC thread, reduction library point throwing interface, session management thread and protocol analysis thread.DEC thread with also
Interface connection is thrown in former library point, and reduction library point is thrown interface and connect with session management thread, session management thread and protocol analysis thread
Connection.
The working principle of the invention is: DEC process includes tri- kinds of SDEC, MDEC, PDEC, and DEC process is receiving data, report
Wen Hou throws interface by reduction library point, is reported to session management thread, and protocol analysis thread is fetched evidence from session management thread
Carry out parsing reduction.
Compared with prior art, the invention has the following advantages that (1) supports flow linearly to expand;(2) using plug-in unit
Protocol frame is restored, the later period is facilitated to extend;(3) demand of user is responded rapidly;(4) be compatible with from it is low be fitted on it is high match it is hard
Part environment.
Detailed description of the invention
Fig. 1 is a kind of frame assembly figure of High Performance Protocol recovery module based on more frames.
Specific embodiment
Present invention is further described in detail with reference to the accompanying drawing.
In conjunction with Fig. 1, a kind of High Performance Protocol recovery module based on more frames of the present invention, it mainly includes DEC thread
(1), interface (2), session management thread (3) and protocol analysis thread (4) are thrown in reduction library point.DEC thread (1) and reduction library point are thrown
Interface (2) connection, reduction library point are thrown interface (2) and are connect with session management thread (3), session management thread (3) and protocol analysis
Thread (4) connection.
In conjunction with Fig. 1, a kind of working principle of the High Performance Protocol recovery module based on more frames of the present invention is: DEC process
It (1) include tri- kinds of SDEC, MDEC, PDEC, DEC process (1) throws interface (2) after receiving data, message, through reduction library point,
Be reported to session management thread (3), protocol analysis thread (4) from the session management thread (3) access according to carrying out parsing reduction.
A kind of High Performance Protocol recovery module based on more frames of the present invention is used for protocol assembly, to entrance DEC process
Traffic messages carry out parsing reduction, produce ticket and rawfile, are suitable for network flow monitoring, sensitive information detection, malice
The occasions such as sequential monitoring.
Claims (2)
1. a kind of High Performance Protocol recovery module based on more frames, it is characterised in that: it mainly includes DEC thread (1), reduction
Throw interface (2), session management thread (3) and protocol analysis thread (4) in library point;Interface (2) are thrown in DEC thread (1) and reduction library point
Connection, reduction library point are thrown interface (2) and are connect with session management thread (3), session management thread (3) and protocol analysis thread (4)
Connection.
2. a kind of High Performance Protocol recovery module based on more frames according to claim 1, it is characterised in that: DEC into
Journey (1) includes tri- kinds of SDEC, MDEC, PDEC, and DEC process (1) throws interface after receiving data, message, through reduction library point
(2), be reported to session management thread (3), protocol analysis thread (4) from the session management thread (3) access according to parse also
It is former.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201810089577.2A CN110098970A (en) | 2018-01-30 | 2018-01-30 | A kind of High Performance Protocol recovery module based on more frames |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201810089577.2A CN110098970A (en) | 2018-01-30 | 2018-01-30 | A kind of High Performance Protocol recovery module based on more frames |
Publications (1)
Publication Number | Publication Date |
---|---|
CN110098970A true CN110098970A (en) | 2019-08-06 |
Family
ID=67441960
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201810089577.2A Pending CN110098970A (en) | 2018-01-30 | 2018-01-30 | A kind of High Performance Protocol recovery module based on more frames |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN110098970A (en) |
Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US7209473B1 (en) * | 2000-08-18 | 2007-04-24 | Juniper Networks, Inc. | Method and apparatus for monitoring and processing voice over internet protocol packets |
CN104038389A (en) * | 2014-06-19 | 2014-09-10 | 高长喜 | Multiple application protocol identification method and device |
CN104348677A (en) * | 2013-08-05 | 2015-02-11 | 华为技术有限公司 | Deep packet inspection method and equipment and coprocessor |
CN106549815A (en) * | 2015-09-17 | 2017-03-29 | 武汉邮电科学研究院 | For the apparatus and method of real-time deep application identification in network |
-
2018
- 2018-01-30 CN CN201810089577.2A patent/CN110098970A/en active Pending
Patent Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US7209473B1 (en) * | 2000-08-18 | 2007-04-24 | Juniper Networks, Inc. | Method and apparatus for monitoring and processing voice over internet protocol packets |
CN104348677A (en) * | 2013-08-05 | 2015-02-11 | 华为技术有限公司 | Deep packet inspection method and equipment and coprocessor |
CN104038389A (en) * | 2014-06-19 | 2014-09-10 | 高长喜 | Multiple application protocol identification method and device |
CN106549815A (en) * | 2015-09-17 | 2017-03-29 | 武汉邮电科学研究院 | For the apparatus and method of real-time deep application identification in network |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN101902484B (en) | Method and system for classifying local area network http application services | |
CN106506242B (en) | Accurate positioning method and system for monitoring network abnormal behaviors and flow | |
CN103139315A (en) | Application layer protocol analysis method suitable for home gateway | |
CN110401624A (en) | The detection method and system of source net G system mutual message exception | |
US20140189867A1 (en) | DDoS ATTACK PROCESSING APPARATUS AND METHOD IN OPENFLOW SWITCH | |
CN102387045B (en) | Embedded point to point (P2P) flow monitoring system and method thereof | |
CN103795709A (en) | Network security detection method and system | |
US10855549B2 (en) | Network data processing driver for a cognitive artificial intelligence system | |
CN102055674B (en) | Internet protocol (IP) message as well as information processing method and device based on same | |
CN109766695A (en) | A kind of network security situational awareness method and system based on fusion decision | |
CN103780610A (en) | Network data recovery method based on protocol characteristics | |
CN104115463A (en) | A streaming method and system for processing network metadata | |
CN109922048B (en) | Method and system for detecting serial scattered hidden threat intrusion attacks | |
CN102594625A (en) | White data filter method and system in APT (Advanced Persistent Threat) intelligent detection and analysis platform | |
CN104660552A (en) | Wireless local area network (WLAN) intrusion detection system | |
CN103873463A (en) | Multistage filter firewall system and multistage filter method | |
US20170295068A1 (en) | Logical network topology analyzer | |
WO2011134739A1 (en) | Method for searching for message sequences, protocol analysis engine and protocol analyzer | |
CN106254338B (en) | Message detecting method and device | |
CN105847250B (en) | VoIP flow media various dimensions information steganography real-time detection method | |
CN107666486A (en) | A kind of network data flow restoration methods and system based on message protocol feature | |
KR101602189B1 (en) | traffic analysis and network monitoring system by packet capturing of 10-giga bit data | |
CN105007175A (en) | Openflow-based flow depth correlation analysis method and system | |
CN106789728A (en) | A kind of voip traffic real-time identification method based on NetFPGA | |
CN109271217A (en) | Network flow detection method and system under cloud environment |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
CB02 | Change of applicant information |
Address after: 5 / F, building C, Runhe Software Park, 168 software Avenue, Yuhua District, Nanjing City, Jiangsu Province, 210012 Applicant after: Bozhi Safety Technology Co.,Ltd. Address before: 5 / F, building C, Runhe Software Park, 168 software Avenue, Yuhua District, Nanjing City, Jiangsu Province, 210012 Applicant before: JIANGSU BOZHI SOFTWARE TECHNOLOGY Co.,Ltd. |
|
CB02 | Change of applicant information | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
RJ01 | Rejection of invention patent application after publication |
Application publication date: 20190806 |
|
RJ01 | Rejection of invention patent application after publication |