CN113282800B - Dynamic multimode matching method and device based on information entropy - Google Patents
Dynamic multimode matching method and device based on information entropy Download PDFInfo
- Publication number
- CN113282800B CN113282800B CN202110595953.7A CN202110595953A CN113282800B CN 113282800 B CN113282800 B CN 113282800B CN 202110595953 A CN202110595953 A CN 202110595953A CN 113282800 B CN113282800 B CN 113282800B
- Authority
- CN
- China
- Prior art keywords
- information
- matching
- rule data
- industrial control
- control protocol
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000000034 method Methods 0.000 title claims abstract description 31
- 239000012634 fragment Substances 0.000 claims abstract description 87
- 238000004364 calculation method Methods 0.000 claims abstract description 13
- 238000012545 processing Methods 0.000 claims description 9
- 238000012163 sequencing technique Methods 0.000 claims description 7
- 230000011218 segmentation Effects 0.000 claims description 3
- 238000010276 construction Methods 0.000 claims description 2
- 230000001360 synchronised effect Effects 0.000 description 4
- 238000004590 computer program Methods 0.000 description 2
- 230000006870 function Effects 0.000 description 2
- 230000003068 static effect Effects 0.000 description 2
- 230000009286 beneficial effect Effects 0.000 description 1
- 238000004891 communication Methods 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 230000018109 developmental process Effects 0.000 description 1
- 238000010586 diagram Methods 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- 230000004927 fusion Effects 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 238000012546 transfer Methods 0.000 description 1
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/90—Details of database functions independent of the retrieved data types
- G06F16/901—Indexing; Data structures therefor; Storage structures
- G06F16/9014—Indexing; Data structures therefor; Storage structures hash tables
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/90—Details of database functions independent of the retrieved data types
- G06F16/903—Querying
- G06F16/90335—Query processing
- G06F16/90344—Query processing by using string matching techniques
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F18/00—Pattern recognition
- G06F18/20—Analysing
- G06F18/22—Matching criteria, e.g. proximity measures
-
- Y—GENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y02—TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
- Y02P—CLIMATE CHANGE MITIGATION TECHNOLOGIES IN THE PRODUCTION OR PROCESSING OF GOODS
- Y02P90/00—Enabling technologies with a potential contribution to greenhouse gas [GHG] emissions mitigation
- Y02P90/02—Total factory control, e.g. smart factories, flexible manufacturing systems [FMS] or integrated manufacturing systems [IMS]
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Databases & Information Systems (AREA)
- Data Mining & Analysis (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Computational Linguistics (AREA)
- Software Systems (AREA)
- Life Sciences & Earth Sciences (AREA)
- Artificial Intelligence (AREA)
- Bioinformatics & Cheminformatics (AREA)
- Bioinformatics & Computational Biology (AREA)
- Computer Vision & Pattern Recognition (AREA)
- Evolutionary Biology (AREA)
- Evolutionary Computation (AREA)
- Communication Control (AREA)
- Computer And Data Communications (AREA)
Abstract
The application discloses a dynamic multimode matching method and device based on information entropy. The method comprises the following steps of S1, constructing a matching model of industrial control protocol rule data: longitudinally dividing and numbering industrial control protocol rule data to obtain N information fragments; carrying out information entropy calculation on the N divided information fragments to obtain N information entropies, and calculating a hash value of each information fragment; sorting the N pieces of information entropy; determining a matching model corresponding to the rule data according to the hash value of the sorted information fragments; s2, acquiring an industrial control protocol message, extracting fields to be matched, arranging the fields to be matched according to a rule data arrangement mode, longitudinally dividing the arranged fields to be matched, calculating the information entropy of each divided information segment, and matching with a matching model of industrial control protocol rule data after sorting according to the information entropy. According to the characteristics of the rule data, the matching model is optimized, and the matching calculation cost is minimized.
Description
Technical Field
The invention relates to the technical field of industrial control, in particular to a dynamic multimode matching method and device based on information entropy.
Background
At present, along with continuous cross fusion of industrialization and informatization processes, more and more information technologies are applied to the industrial field. In the field of industrial control, there are many situations where fast matching data is required, for example, by which it is determined whether a visitor is present in a white list or a black list.
The existing industrial control protocol messages are very various, however, the matching models which are commonly used at present are single, for example byte-by-byte matching is performed, so that the data matching efficiency is very low, and the large-scale development of the industrial control system is seriously affected.
Disclosure of Invention
The invention provides S1, constructing a matching model of industrial control protocol rule data;
The construction of the matching model of the industrial control protocol rule data specifically comprises the following steps:
longitudinally dividing and numbering industrial control protocol rule data to obtain N information fragments;
carrying out information entropy calculation on the N divided information fragments to obtain N information entropies, and calculating a hash value of each information fragment;
Sorting the N pieces of information entropy;
Determining a matching model corresponding to the industrial control protocol rule data according to the hash value of the information fragment after the information entropy sequencing;
s2, acquiring an industrial control protocol message, extracting fields to be matched from the industrial control protocol message, arranging the fields to be matched according to an industrial control protocol rule data arrangement mode, longitudinally dividing the arranged fields to be matched, calculating the information entropy of each divided information segment, and matching with a matching model of the industrial control protocol rule data after sorting according to the information entropy.
The dynamic multimode matching method based on the information entropy, as described above, performs longitudinal segmentation on industrial control protocol rule data, and specifically includes: and sequentially and transversely arranging M pieces of industrial control protocol rule data, and then longitudinally dividing the arranged data to obtain N pieces of information.
The dynamic multimode matching method based on the information entropy, wherein if all data block hash values of the first information fragment after the information entropy sequencing are different, a matching model of the rule data is determined to be the hash value which only matches the first information fragment;
When matching the industrial control protocol messages, only the hash value of the segment to be matched is compared with the hash value of the first information segment of the rule data, if the hash values are the same, the matching is successful, otherwise, the matching is failed.
According to the dynamic multimode matching method based on the information entropy, if the first information fragment has the data blocks with the same hash value, information fragment combination is sequentially carried out, the hash value of each data block in the combined information fragment is calculated, and when the hash values of each data block in the combined information fragment are different, the matching model of the rule data can be determined to be the hash value matched with the current combined information fragment;
And when matching the industrial control protocol messages, according to the merging number of the rule data, merging the corresponding numbers of the fragments to be matched, then calculating the hash value of the merged fragments to be matched, and comparing the hash value of the merged fragments to be matched with the hash value of the merged fragments of the rule data, if the hash values are the same, matching is successful, otherwise, matching is failed.
The dynamic multimode matching method based on the information entropy, as described above, wherein if the number of the combined fragments for information fragment combination reaches N/2, then inIn the information fragments of N, only processing rule data with hash values still the same in the information fragments of the previous N/2, and carrying out new-round merging and adding calculation on the rule data until all hash values are not stopped at the same time; the matching model for this rule data can be determined at this time as: hash values corresponding to information fragments with different hash values can be distinguished from the hash values of N/2 combined fragments before matching and the hash values corresponding to information fragments with different hash values after matching;
And when matching the industrial control protocol messages, merging N/2 fragments before the fields to be matched to calculate hash values, and then calculating fragment hash values which are the same as the matching model in the N/2 fragments after calculation, wherein if the front N/2 fragment hash values and the rear N/2 fragment hash values of the fields to be matched and the rule data are the same, the matching is successful, otherwise, the matching is failed.
The application also provides a dynamic multimode matching device based on the information entropy, which executes the dynamic multimode matching method based on the information entropy.
The present application also provides a computer storage medium comprising: at least one memory and at least one processor;
the memory is used for storing one or more program instructions;
A processor for executing one or more program instructions for performing a dynamic multimode matching method based on information entropy as set forth in any one of the preceding claims.
The beneficial effects achieved by the application are as follows: according to the characteristics of the rule data, the matching model is optimized, and the matching calculation cost is minimized.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the embodiments or the description of the prior art will be briefly described below, and it is obvious that the drawings in the following description are only some embodiments described in the present invention, and other drawings may be obtained according to these drawings for a person having ordinary skill in the art.
FIG. 1 is a flow chart of a dynamic multimode matching method based on information entropy provided by the embodiment of the invention;
fig. 2 is a schematic diagram of longitudinal segmentation of industrial control protocol rule data.
Detailed Description
The following description of the embodiments of the present invention will be made clearly and fully with reference to the accompanying drawings, in which it is evident that the embodiments described are some, but not all embodiments of the invention. All other embodiments, which can be made by those skilled in the art based on the embodiments of the invention without making any inventive effort, are intended to be within the scope of the invention.
Example 1
As shown in fig. 1, a first embodiment of the present invention provides a dynamic multimode matching method based on information entropy, including:
Step 110, constructing a matching model of industrial control protocol rule data;
The number of industrial control protocol messages is large, the number of rules adopted for different industrial control protocol messages is large, and corresponding matching models are created for different rule data, so that dynamic multimode matching can be realized.
The method for constructing the matching model of the industrial control protocol rule data specifically comprises the following sub-steps:
Step 111, longitudinally dividing and numbering industrial control protocol rule data to obtain N information fragments;
The method comprises the following steps of longitudinally dividing industrial control protocol rule data: sequentially and transversely arranging M pieces of industrial control protocol rule data, and then longitudinally dividing the arranged data to obtain N pieces of information; the N value of the division of the industrial control protocol rule data is a positive integer, and may be set according to actual needs.
As shown in fig. 2, the industrial control protocol rule data is divided longitudinally, specifically: and (3) sequentially and transversely arranging M pieces of industrial control protocol rule data, and then longitudinally dividing the arranged data to obtain N rule information fragments and numbering the N rule information fragments (such as a first rule information fragment and a second rule information fragment … (N rule information fragments) in the figure 2), wherein each rule information fragment comprises one data block of each of the M pieces of industrial control protocol rule data, namely each rule information fragment comprises M data blocks.
Step 112, performing information entropy calculation on the N pieces of information to obtain N pieces of information entropy, sequencing the N pieces of information entropy, calculating hash values of data blocks in each piece of information, and determining a matching model corresponding to industrial control protocol rule data according to the hash values of the information pieces sequenced by the information entropy;
The method for determining the matching model corresponding to the industrial control protocol rule data according to the hash value of the information fragments after the information entropy sequencing specifically comprises the following steps:
① If all the data block hash values of the first information fragment after the information entropy sequencing are different, determining that the matching model of the rule data is only matched with the hash value of the first information fragment without further processing;
② If the first information fragment has the data blocks with the same hash value, sequentially carrying out information fragment combination, calculating the hash value of each data block in the combined information fragment, and when judging that the hash values of each data block in the combined information fragment are different, determining that the matching model of the rule data is the hash value matched with the current combined information fragment;
③ If the number of combined fragments for information fragment combination reaches N/2, then at In the information fragments of N, only processing rule data with hash values still the same in the information fragments of the previous N/2, and carrying out new-round merging and adding calculation on the rule data until all hash values are not stopped at the same time; the matching model for this rule data can be determined at this time as: hash values corresponding to information fragments with different hash values can be distinguished from the hash values of N/2 combined fragments before matching and the hash values corresponding to information fragments with different hash values in the N/2 fragments after matching.
In the embodiment of the application, since repeated merging processing of data can lead to larger and larger data processing amount, in order to accelerate the processing speed, all information fragments are divided into two parts for calculation, if the front half part still has the same hash value, when the rear half part is processed, only the regular data with the same hash value in the front half part is processed, and in the rear half part, new rounds of merging and adding calculation are carried out on the same hash value part until all hash values are not stopped at the same time.
For example, if the first information segment has a part with the same hash value, the first information segment and the second information segment are combined to obtain a new first information segment, the original third information segment is the new second information segment, if the new first information segment also has a part with the same hash value, the new first information segment and the new second information segment are combined to obtain a new first information segment again, at this time, the original first three information segments are all combined, if the hash values at this time are different, no further processing is needed, if the hash values at this time still have the same part, such as 2 nd, 3 rd and 5 th rule data hash values are still the same, the same operation as that of the first to third information segments is performed on the 2 nd, 3 rd and 5 th rule data in the original fourth, that is, the original first three information segments are combined and no longer combined with the original fourth information segment, and the data is processed only from the same part of the original fourth information segment, thereby reducing the data amount.
Referring back to fig. 1, step 120, an industrial control protocol message is obtained, the fields to be matched are extracted from the industrial control protocol message, the fields to be matched are arranged according to the industrial control protocol rule data arrangement mode, the arranged fields to be matched are longitudinally segmented, the information entropy of each segmented information segment is calculated, and after being ordered according to the information entropy, the information segment is matched with the matching model of the industrial control protocol rule data;
in the embodiment of the application, the fields to be matched in the industrial control protocol message are required to be transversely sequenced according to the arrangement mode of the industrial control protocol rule data, then are longitudinally divided into N segments to be matched, the information entropy of each segment to be matched is calculated and sequenced respectively, and then the segments are matched with the detailed matching model in the step 112;
specifically, since rule data corresponding to different protocol messages are different, and the different rule data correspond to respective matching models, the matching model of the corresponding matching rule is determined according to the field to be matched of the industrial control protocol message, and then the matching operation can be directly performed according to the set matching rule.
If the matching model of the matching rule corresponding to the protocol message to be matched is ① th matching model in the step 112, the hash value of the segment to be matched is only required to be compared with the hash value of the first information segment of the rule data, if the hash values are the same, the matching is successful, otherwise the matching is failed;
If the matching model of the matching rule corresponding to the protocol message to be matched is ② th matching model in the step 112, merging corresponding numbers of fragments to be matched according to the merging numbers of rule data, then calculating the hash value of the merged fragments to be matched, comparing the hash value of the merged fragments to be matched with the hash value of the merged fragments of the rule data, if the hash values are the same, then matching is successful, otherwise, matching is failed;
If the matching model of the matching rule corresponding to the protocol message to be matched is ③ th matching model in the step 112, merging the front N/2 segments of the field to be matched to calculate a hash value, then calculating the segment hash value which is the same as the matching model in the front N/2 segments, if the front N/2 segment hash value and the rear N/2 segment hash value of the field to be matched are the same as the matching model, then matching successfully, otherwise, matching fails.
Example two
The second embodiment of the invention provides a dynamic multimode matching device based on information entropy, which is applied to any industrial control equipment needing data matching in an industrial control system and is used for executing the dynamic multimode matching method based on the information entropy.
Corresponding to the above embodiments, an embodiment of the present invention provides a computer storage medium, including: at least one memory and at least one processor;
the memory is used for storing one or more program instructions;
And a processor for executing one or more program instructions for performing a dynamic multi-mode matching method based on information entropy.
In accordance with the foregoing embodiments, the embodiments of the present invention provide a computer readable storage medium having one or more program instructions embodied therein, the one or more program instructions configured to be executed by a processor to perform a dynamic multi-pattern matching method based on information entropy.
The disclosed embodiments provide a computer readable storage medium having stored therein computer program instructions that, when executed on a computer, cause the computer to perform a dynamic multimode matching method based on information entropy as described above.
In the embodiment of the invention, the processor may be an integrated circuit chip with signal processing capability. The Processor may be a general purpose Processor, a digital signal Processor (DIGITAL SIGNAL Processor, DSP), application SPECIFIC INTEGRATED Circuit (ASIC), field programmable gate array (FieldProgrammable GATE ARRAY, FPGA) or other programmable logic device, discrete gate or transistor logic device, discrete hardware components.
The disclosed methods, steps, and logic blocks in the embodiments of the present invention may be implemented or performed. A general purpose processor may be a microprocessor or the processor may be any conventional processor or the like. The steps of the method disclosed in connection with the embodiments of the present invention may be embodied directly in the execution of a hardware decoding processor, or in the execution of a combination of hardware and software modules in a decoding processor. The software modules may be located in a random access memory, flash memory, read only memory, programmable read only memory, or electrically erasable programmable memory, registers, etc. as well known in the art. The processor reads the information in the storage medium and, in combination with its hardware, performs the steps of the above method.
The storage medium may be memory, for example, may be volatile memory or nonvolatile memory, or may include both volatile and nonvolatile memory.
The nonvolatile Memory may be a Read-Only Memory (ROM), a Programmable ROM (PROM), an Erasable PROM (EPROM), an electrically Erasable ROM (ELECTRICALLY EPROM, EEPROM), or a flash Memory.
The volatile memory may be a random access memory (Random Access Memory, RAM for short) which acts as an external cache. By way of example, and not limitation, many forms of RAM are available, such as static random access memory (STATIC RAM, SRAM), dynamic random access memory (DYNAMIC RAM, DRAM), synchronous Dynamic Random Access Memory (SDRAM), double data rate Synchronous dynamic random access memory (Double DATA RATESDRAM, ddr SDRAM), enhanced Synchronous dynamic random access memory (ENHANCEDSDRAM, ESDRAM), synchronous link dynamic random access memory (SYNCHLINK DRAM, SLDRAM), and direct memory bus random access memory (DirectRambus RAM, DRRAM).
The storage media described in embodiments of the present invention are intended to comprise, without being limited to, these and any other suitable types of memory.
Those skilled in the art will appreciate that in one or more of the examples described above, the functions described in the present invention may be implemented in a combination of hardware and software. When the software is applied, the corresponding functions may be stored in a computer-readable medium or transmitted as one or more instructions or code on the computer-readable medium. Computer-readable media includes both computer storage media and communication media including any medium that facilitates transfer of a computer program from one place to another. A storage media may be any available media that can be accessed by a general purpose or special purpose computer.
The foregoing embodiments have been provided for the purpose of illustrating the general principles of the present invention in further detail, and are not to be construed as limiting the scope of the invention, but are merely intended to cover any modifications, equivalents, improvements, etc. based on the teachings of the invention.
Claims (7)
1. The dynamic multimode matching method based on the information entropy is characterized by comprising the following steps of:
s1, constructing a matching model of industrial control protocol rule data;
The construction of the matching model of the industrial control protocol rule data specifically comprises the following steps:
longitudinally dividing and numbering industrial control protocol rule data to obtain N information fragments;
carrying out information entropy calculation on the N divided information fragments to obtain N information entropies, and calculating a hash value of each information fragment;
Sorting the N pieces of information entropy;
Determining a matching model corresponding to the industrial control protocol rule data according to the hash value of the information fragment after the information entropy sequencing;
s2, acquiring an industrial control protocol message, extracting fields to be matched from the industrial control protocol message, arranging the fields to be matched according to an industrial control protocol rule data arrangement mode, longitudinally dividing the arranged fields to be matched, calculating the information entropy of each divided information segment, and matching with a matching model of the industrial control protocol rule data after sorting according to the information entropy.
2. The dynamic multimode matching method based on information entropy according to claim 1, wherein the longitudinal segmentation is performed on industrial control protocol rule data, specifically: and sequentially and transversely arranging M pieces of industrial control protocol rule data, and then longitudinally dividing the arranged data to obtain N pieces of information.
3. The method for dynamic multimode matching based on information entropy of claim 1,
If all the data block hash values of the first information fragment after the information entropy sequencing are different, determining that a matching model of the rule data is a hash value only matching the first information fragment;
When matching the industrial control protocol messages, only the hash value of the segment to be matched is compared with the hash value of the first information segment of the rule data, if the hash values are the same, the matching is successful, otherwise, the matching is failed.
4. The method for dynamic multimode matching based on information entropy of claim 1,
If the first information fragment has the data blocks with the same hash value, sequentially carrying out information fragment combination, calculating the hash value of each data block in the combined information fragment, and when judging that the hash values of each data block in the combined information fragment are different, determining that the matching model of the rule data is the hash value matched with the current combined information fragment;
And when matching the industrial control protocol messages, according to the merging number of the rule data, merging the corresponding numbers of the fragments to be matched, then calculating the hash value of the merged fragments to be matched, and comparing the hash value of the merged fragments to be matched with the hash value of the merged fragments of the rule data, if the hash values are the same, matching is successful, otherwise, matching is failed.
5. The method for dynamic multimode matching based on information entropy of claim 1,
If the number of combined fragments for information fragment combination reaches N/2, then atIn the information fragments of N, only processing rule data with hash values still the same in the information fragments of the previous N/2, and carrying out new-round merging and adding calculation on the rule data until all hash values are not stopped at the same time; the matching model for this rule data can be determined at this time as: hash values corresponding to information fragments with different hash values can be distinguished from the hash values of N/2 combined fragments before matching and the hash values corresponding to information fragments with different hash values after matching;
And when matching the industrial control protocol messages, merging N/2 fragments before the fields to be matched to calculate hash values, and then calculating fragment hash values which are the same as the matching model in the N/2 fragments after calculation, wherein if the front N/2 fragment hash values and the rear N/2 fragment hash values of the fields to be matched and the rule data are the same, the matching is successful, otherwise, the matching is failed.
6. An information entropy-based dynamic multimode matching device, wherein the device performs an information entropy-based dynamic multimode matching method according to any one of claims 1 to 5.
7. A computer storage medium, comprising: at least one memory and at least one processor;
the memory is used for storing one or more program instructions;
A processor for executing one or more program instructions for performing a dynamic multi-mode matching method based on information entropy as claimed in any one of claims 1-5.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202110595953.7A CN113282800B (en) | 2021-05-29 | 2021-05-29 | Dynamic multimode matching method and device based on information entropy |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202110595953.7A CN113282800B (en) | 2021-05-29 | 2021-05-29 | Dynamic multimode matching method and device based on information entropy |
Publications (2)
Publication Number | Publication Date |
---|---|
CN113282800A CN113282800A (en) | 2021-08-20 |
CN113282800B true CN113282800B (en) | 2024-05-31 |
Family
ID=77282475
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN202110595953.7A Active CN113282800B (en) | 2021-05-29 | 2021-05-29 | Dynamic multimode matching method and device based on information entropy |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN113282800B (en) |
Citations (11)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN1316696A (en) * | 2000-04-06 | 2001-10-10 | 国际商业机器公司 | Full-match search method and device for network processor |
KR20050108301A (en) * | 2004-05-11 | 2005-11-16 | 삼성전자주식회사 | The packet classification method through hierarchial rulebase partitioning |
CN102395985A (en) * | 2009-04-17 | 2012-03-28 | 阿尔卡特朗讯公司 | Variable-stride stream segmentation and multi-pattern matching |
CN103812700A (en) * | 2014-02-18 | 2014-05-21 | 西南大学 | Message classifying method based on rule information entropy |
CN104639470A (en) * | 2013-11-14 | 2015-05-20 | 中兴通讯股份有限公司 | Flow label encapsulating method and system |
CN105429977A (en) * | 2015-11-13 | 2016-03-23 | 武汉邮电科学研究院 | Method for monitoring abnormal flows of deep packet detection equipment based on information entropy measurement |
CN110210217A (en) * | 2018-04-26 | 2019-09-06 | 腾讯科技(深圳)有限公司 | A kind of recognition methods of file, equipment and computer readable storage medium |
CN110430187A (en) * | 2019-08-01 | 2019-11-08 | 英赛克科技(北京)有限公司 | Communication message method for auditing safely in industrial control system |
CN112448947A (en) * | 2020-11-10 | 2021-03-05 | 奇安信科技集团股份有限公司 | Network anomaly determination method, equipment and storage medium |
CN112583797A (en) * | 2020-11-30 | 2021-03-30 | 深圳力维智联技术有限公司 | Multi-protocol data processing method, device, equipment and computer readable storage medium |
CN112671759A (en) * | 2020-12-22 | 2021-04-16 | 互联网域名系统北京市工程研究中心有限公司 | DNS tunnel detection method and device based on multi-dimensional analysis |
Family Cites Families (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US11301452B2 (en) * | 2018-10-09 | 2022-04-12 | Ebay, Inc. | Storing and verification of derivative work data on blockchain with original work data |
-
2021
- 2021-05-29 CN CN202110595953.7A patent/CN113282800B/en active Active
Patent Citations (11)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN1316696A (en) * | 2000-04-06 | 2001-10-10 | 国际商业机器公司 | Full-match search method and device for network processor |
KR20050108301A (en) * | 2004-05-11 | 2005-11-16 | 삼성전자주식회사 | The packet classification method through hierarchial rulebase partitioning |
CN102395985A (en) * | 2009-04-17 | 2012-03-28 | 阿尔卡特朗讯公司 | Variable-stride stream segmentation and multi-pattern matching |
CN104639470A (en) * | 2013-11-14 | 2015-05-20 | 中兴通讯股份有限公司 | Flow label encapsulating method and system |
CN103812700A (en) * | 2014-02-18 | 2014-05-21 | 西南大学 | Message classifying method based on rule information entropy |
CN105429977A (en) * | 2015-11-13 | 2016-03-23 | 武汉邮电科学研究院 | Method for monitoring abnormal flows of deep packet detection equipment based on information entropy measurement |
CN110210217A (en) * | 2018-04-26 | 2019-09-06 | 腾讯科技(深圳)有限公司 | A kind of recognition methods of file, equipment and computer readable storage medium |
CN110430187A (en) * | 2019-08-01 | 2019-11-08 | 英赛克科技(北京)有限公司 | Communication message method for auditing safely in industrial control system |
CN112448947A (en) * | 2020-11-10 | 2021-03-05 | 奇安信科技集团股份有限公司 | Network anomaly determination method, equipment and storage medium |
CN112583797A (en) * | 2020-11-30 | 2021-03-30 | 深圳力维智联技术有限公司 | Multi-protocol data processing method, device, equipment and computer readable storage medium |
CN112671759A (en) * | 2020-12-22 | 2021-04-16 | 互联网域名系统北京市工程研究中心有限公司 | DNS tunnel detection method and device based on multi-dimensional analysis |
Non-Patent Citations (1)
Title |
---|
VoIP网关检测技术研究;刘许刚;《 CNKI优秀硕士学位论文全文库信息科技辑》;20120715;1-69 * |
Also Published As
Publication number | Publication date |
---|---|
CN113282800A (en) | 2021-08-20 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US10645105B2 (en) | Network attack detection method and device | |
CN111181569B (en) | Compression method, device and equipment of time sequence data | |
CN110958022A (en) | Data compression method and device for continuity curve and related equipment | |
EP3933743A1 (en) | Method and device for blockchain transaction tracing | |
CN113282800B (en) | Dynamic multimode matching method and device based on information entropy | |
CN117271571A (en) | Database uniqueness constraint processing method, device, equipment and storage medium | |
CN110852098B (en) | Data correction method, electronic equipment and storage medium | |
CN112395407A (en) | Method and device for extracting enterprise entity relationship and storage medium | |
CN111125459A (en) | Character string processing method and device | |
US8626688B2 (en) | Pattern matching device and method using non-deterministic finite automaton | |
CN113093702B (en) | Fault data prediction method and device, electronic equipment and storage medium | |
CN112422635B (en) | Data checking method, device, equipment, system and storage medium | |
CN113051569B (en) | Virus detection method and device, electronic equipment and storage medium | |
CN114049642A (en) | Text recognition method and computing device for form certificate image piece | |
CN116074124A (en) | Attack detection matching method and device for rule without fixed offset | |
CN110955515A (en) | File processing method and device, electronic equipment and storage medium | |
CN112463065B (en) | Account opening calculation method and system | |
CN116389088A (en) | Attack detection rule matching method and device based on coordinate system | |
CN111309811B (en) | Authorization information processing method and device and electronic equipment | |
CN117009319B (en) | Database operation method, system and storage medium based on large language model | |
CN113220456B (en) | Bill data processing method and related device | |
CN112380203B (en) | Data comparison method, device and storage medium | |
CN117668925B (en) | File fingerprint generation method and device, electronic equipment and storage medium | |
CN116382571A (en) | Data searching method and device and electronic equipment | |
CN116244685A (en) | Rapid generation method of program white list library |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |