CN116055123B - MQTT theme matching method and device, computing equipment and storage medium - Google Patents

MQTT theme matching method and device, computing equipment and storage medium Download PDF

Info

Publication number
CN116055123B
CN116055123B CN202211652197.8A CN202211652197A CN116055123B CN 116055123 B CN116055123 B CN 116055123B CN 202211652197 A CN202211652197 A CN 202211652197A CN 116055123 B CN116055123 B CN 116055123B
Authority
CN
China
Prior art keywords
mqtt
theme
hyperscan
regular expression
topic
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202211652197.8A
Other languages
Chinese (zh)
Other versions
CN116055123A (en
Inventor
王鑫洋
汪义舟
姜海昆
范宇
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Changyang Technology Beijing Co ltd
Original Assignee
Changyang Technology Beijing Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Changyang Technology Beijing Co ltd filed Critical Changyang Technology Beijing Co ltd
Priority to CN202211652197.8A priority Critical patent/CN116055123B/en
Publication of CN116055123A publication Critical patent/CN116055123A/en
Application granted granted Critical
Publication of CN116055123B publication Critical patent/CN116055123B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • H04L63/0227Filtering policies
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/20Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
    • G06F16/24Querying
    • G06F16/245Query processing
    • G06F16/2455Query execution
    • G06F16/24553Query execution of query operations
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/46Multiprogramming arrangements
    • G06F9/54Interprogram communication
    • G06F9/546Message passing systems or structures, e.g. queues
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • H04L63/0227Filtering policies
    • H04L63/0263Rule management
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L69/00Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
    • H04L69/22Parsing or analysis of headers
    • YGENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
    • Y02TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
    • Y02DCLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
    • Y02D10/00Energy efficient computing, e.g. low power processors, power management or thermal management

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • General Engineering & Computer Science (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Physics & Mathematics (AREA)
  • Computing Systems (AREA)
  • General Physics & Mathematics (AREA)
  • Computer Hardware Design (AREA)
  • Software Systems (AREA)
  • Business, Economics & Management (AREA)
  • General Business, Economics & Management (AREA)
  • Computational Linguistics (AREA)
  • Data Mining & Analysis (AREA)
  • Databases & Information Systems (AREA)
  • Information Retrieval, Db Structures And Fs Structures Therefor (AREA)

Abstract

The invention provides an MQTT theme matching method, a device, computing equipment and a storage medium, wherein the method comprises the following steps: receiving an MQTT control strategy sent by a user; converting the MQTT control strategy into an MQTT theme regular expression based on hyperscan; generating a hyperscan matching database according to the MQTT theme regular expression; and matching the acquired service data by using the hyperscan matching database. The MQTT topic matching method improves the matching efficiency of the MQTT topic.

Description

MQTT theme matching method and device, computing equipment and storage medium
Technical Field
The invention relates to the technical field of network security, in particular to an MQTT theme matching method, an MQTT theme matching device, computing equipment and a storage medium.
Background
Message queue telemetry (MessageQueuingTelemetryTransport, MQTT) protocols subscribe to and publish messages based on Topic (Topic), have become standard internet of things message transmission protocols. In the transmission process, each application system can publish some information of itself in the form of messages, and other application systems interested in a topic can subscribe according to topic matching corresponding published messages.
For a firewall in an MQTT network security environment, when a message passes through the firewall, the message theme is matched with the MQTT theme of a control strategy issued by the firewall, and the message is processed on the matching. The internet of things as data collection equipment is generally subscribed to thousands of topics and limited by the shortage of resources, and the continuous adoption of the character string one-by-one comparison mode with low efficiency can lead to thousands of strategies, and the method has to be very accurate, so that a firewall occupies a large amount of memory and CPU performance when filtering the MQTT message, and cannot meet the performance requirements. On the other hand, MQTT topics are hierarchically separated by "/" as symbols, and there are "+" and "#" wild cards, and conventional hash, tree, etc. data structures cannot be directly applied to topic matching. Therefore, an efficient topic matching method needs to be designed for MQTT topic features.
Disclosure of Invention
The invention provides an MQTT theme matching method, an MQTT theme matching device, computing equipment and a storage medium.
In a first aspect, an embodiment of the present invention provides a MQTT theme matching method, including:
receiving an MQTT control strategy sent by a user;
converting the MQTT control strategy into an MQTT theme regular expression based on hyperscan;
generating a hyperscan matching database according to the MQTT theme regular expression;
and matching the acquired service data by using the hyperscan matching database.
Optionally, the hyperscan-based transformation of the MQTT control strategy into an MQTT theme regular expression includes:
information extraction is carried out on the MQTT control strategy, and a first theme and an ID corresponding to the MQTT control strategy are obtained; wherein the first theme comprises wild cards;
converting the first theme into the MQTT theme regular expression identified by hyperscan; each MQTT control strategy corresponds to one MQTT theme regular expression.
Optionally, the MQTT topic regular expression comprises the first topic with addition of a start and end symbol.
Optionally, converting the same-layer wild card "+" in the first theme to [ ]/\f\n\r\t\v ] +;
converting the unlimited layer wild card "#" in the first topic to [ +\f\n\r\t\v ] +.
Optionally, the generating a hyperscan matching database according to the MQTT theme regular expression includes:
invoking a hyperscan algorithm to compile the MQTT topic regular expression and an ID corresponding to the MQTT topic regular expression to generate the hyperscan matching database;
the hyperscan matching database comprises at least two groups of MQTT theme regular expressions and IDs in one-to-one correspondence.
Optionally, the matching the acquired service data by using the hyperscan matching database includes:
acquiring the service data;
identifying and extracting the service data to obtain an MQTT protocol message;
analyzing the MQTT protocol message to obtain a second theme; wherein the second topic comprises topic information of a subscription message or topic information of a release message;
judging whether the MQTT topic regular expression matched with the second topic exists in the hyperscan matching database;
if so, determining the regular expression of the MQTT theme, and sending the service data to the user according to the ID of the MQTT control strategy corresponding to the regular expression of the MQTT theme.
Optionally, the method further comprises:
and if the MQTT topic regular expression matched with the second topic does not exist in the hyperscan matching database, discarding the service data or determining the service data as suspicious data.
In a second aspect, an embodiment of the present invention further provides an MQTT theme matching apparatus, including:
the receiving module is used for receiving the MQTT control strategy sent by the user;
the conversion module is used for converting the MQTT control strategy into an MQTT theme regular expression based on hyperscan;
the generating module is used for generating a hyperscan matching database according to the MQTT theme regular expression;
and the matching processing module is used for matching the acquired service data by utilizing the hyperscan matching database.
Optionally, the conversion module is configured to perform the following operations:
information extraction is carried out on the MQTT control strategy, and a first theme and an ID corresponding to the MQTT control strategy are obtained; wherein the first theme comprises wild cards;
converting the first theme into the MQTT theme regular expression identified by hyperscan; each MQTT control strategy corresponds to one MQTT theme regular expression.
In a third aspect, an embodiment of the present invention further provides a computing device, including a memory and a processor, where the memory stores a computer program, and when the processor executes the computer program, the processor implements the MQTT theme matching method of any one of the foregoing embodiments.
In a fourth aspect, an embodiment of the present invention further provides a computer readable storage medium having a computer program stored thereon, which when executed in a computer, causes the computer to perform the MQTT theme matching method of any one of the above.
The embodiment of the invention provides an MQTT theme matching method, an MQTT theme matching device, a computing device and a storage medium. Therefore, the invention converts the MQTT control strategy into the regular expression based on the hyperscan algorithm, avoids the limitation that the traditional MQTT theme is required to be matched due to the wildcard, solves the problem that the traditional hash, tree and other data structures cannot be directly applied to theme matching, solves the problems of low matching efficiency and huge control strategy quantity when the theme of the MQTT protocol message is controlled in the network environment, can effectively protect the network environment of the MQTT protocol and resist network attack by controlling the MQTT message theme, and can match the theme in the subscription and release message in the MQTT protocol at high speed and stably by the method of the invention, thereby improving the efficiency of the MQTT theme matching.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings that are required in the embodiments or the description of the prior art will be briefly described, and it is obvious that the drawings in the following description are some embodiments of the present invention, and other drawings may be obtained according to these drawings without inventive effort for a person skilled in the art.
FIG. 1 is a flow chart of an MQTT topic matching method provided by an embodiment of the present invention;
FIG. 2 is a hardware architecture diagram of a computing device according to one embodiment of the present invention;
fig. 3 is a block diagram of an MQTT theme matching apparatus according to an embodiment of the present invention.
Detailed Description
For the purpose of making the objects, technical solutions and advantages of the embodiments of the present invention more apparent, the technical solutions of the embodiments of the present invention will be clearly and completely described below with reference to the accompanying drawings in the embodiments of the present invention, and it is apparent that the described embodiments are some embodiments of the present invention, but not all embodiments, and all other embodiments obtained by those skilled in the art without making any inventive effort based on the embodiments of the present invention are within the scope of protection of the present invention.
Referring to fig. 1, an embodiment of the present invention provides a MQTT theme matching method, which includes:
step 100, receiving an MQTT control strategy sent by a user;
step 102, converting the MQTT control strategy into an MQTT theme regular expression based on hyperscan;
step 104, generating a hyperscan matching database according to the MQTT theme regular expression;
and step 106, matching the acquired service data by using a hyperscan matching database.
It should be noted that Hyperscan is a high-performance multi-regular expression matching library, and can be used with CAPI as an open source library. Hyperscan uses a hybrid automaton technique to allow cross-stream data to match a large number of regular expressions simultaneously.
In the embodiment of the invention, the MQTT control strategy sent by the user is converted into the regular expression based on the hyperscan algorithm, the regular expression is compiled into the hyperscan matching database, and the hyperscan matching database is utilized to match the acquired business data, so that the matching of the MQTT theme is realized. Therefore, the invention converts the MQTT control strategy into the regular expression based on the hyperscan algorithm, avoids the limitation that the traditional MQTT theme needs to be matched due to the use of wild cards, solves the problem that the traditional hash, tree and other data structures cannot be directly applied to theme matching, solves the problems of low matching efficiency and huge control strategy quantity in the theme control of the MQTT protocol message in the network environment, and improves the efficiency of the MQTT theme matching.
The manner in which the individual steps shown in fig. 1 are performed is described below.
First, for step 100, the MQTT control policy issued by the user is received. Specifically, each MQTT control strategy issued by the user comprises the subject characteristics and other field characteristics of the message which the user wants to control to be released or discarded, and the subject characteristics and other field characteristics are used for matching with the message of the MQTT protocol.
Next, step 102, converting the MQTT control strategy into an MQTT topic regular expression based on hyperscan, comprising:
information extraction is carried out on the MQTT control strategy, and a first theme and an ID corresponding to the MQTT control strategy are obtained; wherein the first theme comprises wild cards;
converting the first topic into a hyperscan-identified MQTT topic regular expression; each MQTT control strategy corresponds to one MQTT theme regular expression.
It should be noted that the first theme and the ID are in one-to-one correspondence, and a one-to-one mapping relationship exists among the MQTT control policy, the ID and the MQTT theme regular expression, and each ID uniquely corresponds to one MQTT control policy and one MQTT theme regular expression.
In some preferred embodiments, the MQTT topic regular expression includes a first topic that adds a start and end symbol.
In some more preferred embodiments, the same-layer wild card "+" in the first theme is converted to [ ]/\f\n\r\t\v ] +;
the unlimited layer wild card "#" in the first topic is converted to [ +\f\n\r\t\v ] +.
Specifically, the topic and ID in each MQTT control policy issued by the user are extracted, for example: "sensor/temperature/china", "sensor/+/china", "sensor/temperature/#"; then all extracted topics are converted into regular expressions which can be identified by a hyperscan algorithm, and the conversion comprises adding an upper expression start symbol "+% and an expression end symbol" $ "to the topic head, converting the same-layer wild card symbol" + "into" [ ] f\n\r\t\v ] + ", and converting the unlimited-layer wild card symbol" # "into" [ ] f\n\r\t\v ] + ", so as to generate a new topic regular expression for compiling by the hyperscan algorithm.
In the invention, a wild card symbol "+" in an MQTT control strategy during matching is converted into a regular expression "[ lambda/\f\r\t\v ] +", and the expression can be matched with any character string, but does not match layering symbols "/" and page-changing symbols "\f", line-changing symbols "\n", carriage return symbols "\r", horizontal tabulation symbols "\t", and vertical tabulation symbols "\v" specified by the MQTT protocol, namely, the theme of any character string with the same level is matched. Meanwhile, the wild card symbol "#" in the MQTT control strategy is converted into a regular expression "[ ] f\n\r\t\v ] +", any character string is matched, but page-changing symbols "\f", line-changing symbols "\n", carriage return symbols "\r", horizontal tab "\t" and vertical tab "\v" are not matched, namely, the matching of layering symbols "/" specified by the MQTT protocol is included, so that the matching of multiple levels of wild card effects is realized.
In the invention, when the hyperscan algorithm is matched, the regular expression of the wildcard character is used for matching the theme in the message, so that the problem that the wildcard can not be achieved when the pure character string is matched is solved; secondly, due to the fact that the unified effect is achieved, the quantity of issuing control strategies is saved, so that the memory is saved, and meanwhile, the comparison times are reduced, so that the load of a chip is reduced; meanwhile, the hyperscan algorithm is higher than the pure character string comparison efficiency, so that the matching efficiency of the MQTT theme is improved more remarkably. In conclusion, the invention saves the quantity of strategy issued by users, and greatly improves the performance of the firewall based on MQTT theme matching under the same hardware environment.
Next, in step 104, a hyperscan match database is generated from the MQTT subject regular expression, including:
invoking a hyperscan algorithm to compile the MQTT theme regular expression and the ID corresponding to the MQTT theme regular expression to generate a hyperscan matching database;
the hyperscan matching database comprises at least two groups of MQTT theme regular expressions and IDs in one-to-one correspondence.
Specifically, compiling the converted MQTT topic regular expression and the corresponding ID call hyperscan algorithm into a hyperscan matching database for topic matching of the MQTT message in the subsequent service data. The hyperscan matching database stores a plurality of groups of MQTT theme regular expressions and IDs which are in one-to-one correspondence.
For step 106, matching the acquired service data using a hyperscan matching database, including:
acquiring service data;
carrying out identification extraction on the service data to obtain an MQTT protocol message;
analyzing the MQTT protocol message to obtain a second theme; wherein the second topic comprises topic information of a subscription message or topic information of a release message;
judging whether an MQTT topic regular expression matched with the second topic exists in the hyperscan matching database;
if so, determining an MQTT theme regular expression, and sending the service data to the user according to the ID of the MQTT control strategy corresponding to the MQTT theme regular expression.
More specifically, for step 106, the ID is sent to the user so that the user obtains the corresponding MQTT control policy based on the ID.
Specifically, a service data stream is obtained from a server, the service data stream is identified, an MQTT protocol message is identified, the message type is distinguished, topic information in subscription and release messages is analyzed, the analyzed topic information is stored in a character string form and is used as a matching KEY for matching in a hyperscan matching database.
In some preferred embodiments, further comprising:
and if the MQTT topic regular expression matched with the second topic does not exist in the hyperscan matching database, discarding the service data or determining the service data as suspicious data.
In the present invention, the second topic obtained by parsing is used as KEY to search and match in the hyperscan matching database generated in step 104, and there are two results: if the matching is successful, a policy in the hyperscan matching database is hit, the hyperscan algorithm returns an ID after the matching, a corresponding MQTT control policy is found according to the returned ID, a release action is issued, and the hit ID is reported to a user; if the matching fails, the subject regular expression which indicates that any strategy in the hyperscan matching database cannot be hit is issued to discard the action or determine the service data as suspicious data. Therefore, through controlling the MQTT message theme, the network environment of the MQTT protocol can be effectively protected, network attacks can be resisted, the performance of a firewall can be improved, and the theme in the subscription message in the MQTT protocol identified in service data can be matched at high speed and stably.
As shown in fig. 2 and 3, the embodiment of the invention provides an MQTT theme matching device. The apparatus embodiments may be implemented by software, or may be implemented by hardware or a combination of hardware and software. In terms of hardware, as shown in fig. 2, a hardware architecture diagram of a computing device where an MQTT theme matching apparatus provided by an embodiment of the present invention is located, where the computing device where the embodiment is located may generally include other hardware, such as a forwarding chip responsible for processing a packet, in addition to the processor, the memory, the network interface, and the nonvolatile memory shown in fig. 2. Taking a software implementation as an example, as shown in fig. 3, as a device in a logic sense, the device is formed by reading a corresponding computer program in a nonvolatile memory into a memory by a CPU of a computing device where the device is located. The MQTT theme matching apparatus provided in this embodiment includes: a receiving module 300, a converting module 302, a generating module 304 and a matching processing module 306;
the receiving module 300 is configured to receive an MQTT control policy sent by a user;
the conversion module 302 is configured to convert the MQTT control policy into an MQTT theme regular expression based on hyperscan;
the generating module 304 is configured to generate a hyperscan matching database according to the MQTT theme regular expression;
and the matching processing module 306 is configured to match the acquired service data with a hyperscan matching database.
In some embodiments, the receiving module 300 may be configured to perform the step 100, the converting module 302 may be configured to perform the step 102, the generating module 304 may be configured to perform the step 104, and the matching processing module 306 may be configured to perform the step 106.
In some specific embodiments, the conversion module 302 is configured to perform the following operations:
information extraction is carried out on the MQTT control strategy, and a first theme and an ID of the MQTT control strategy are obtained; wherein the first theme comprises wild cards;
converting the first topic into a hyperscan-identified MQTT topic regular expression; each MQTT control strategy corresponds to one MQTT theme regular expression.
In some specific embodiments, the generating module 304 is configured to perform the following operations:
invoking a hyperscan algorithm to compile the MQTT theme regular expression and the ID corresponding to the MQTT theme regular expression to generate a hyperscan matching database;
the hyperscan matching database comprises at least two groups of MQTT theme regular expressions and IDs in one-to-one correspondence.
In some specific implementations, the MQTT topic regular expression includes a first topic that adds a start and end symbol.
In some specific embodiments, the matching process module 306 is configured to perform the following operations:
acquiring service data;
carrying out identification extraction on the service data to obtain an MQTT protocol message;
analyzing the MQTT protocol message to obtain a second theme; wherein the second topic comprises topic information of a subscription message or topic information of a release message;
judging whether an MQTT topic regular expression matched with the second topic exists in the hyperscan matching database;
if so, determining an MQTT theme regular expression, and sending the service data to the user according to the ID of the MQTT control strategy corresponding to the MQTT theme regular expression.
In some specific embodiments, the matching process module 306 is further configured to perform the following operations:
and if the MQTT topic regular expression matched with the second topic does not exist in the hyperscan matching database, discarding the service data or determining the service data as suspicious data.
It will be appreciated that the structure illustrated in the embodiments of the present invention is not intended to be limiting of a MQTT theme matching apparatus. In other embodiments of the invention, an MQTT-subject matching device may include more or fewer components than shown, or combine certain components, or split certain components, or a different arrangement of components. The illustrated components may be implemented in hardware, software, or a combination of software and hardware.
The content of information interaction and execution process between the modules in the device is based on the same conception as the embodiment of the method of the present invention, and specific content can be referred to the description in the embodiment of the method of the present invention, which is not repeated here.
The embodiment of the invention also provides a computing device, which comprises a memory and a processor, wherein the memory stores a computer program, and when the processor executes the computer program, the method for matching the MQTT theme in any embodiment of the invention is realized.
The embodiment of the invention also provides a computer readable storage medium, wherein the computer readable storage medium is stored with a computer program, and the computer program when being executed by a processor, causes the processor to execute the MQTT topic matching method in any embodiment of the invention.
Specifically, a system or apparatus provided with a storage medium on which a software program code realizing the functions of any of the above embodiments is stored, and a computer (or CPU or MPU) of the system or apparatus may be caused to read out and execute the program code stored in the storage medium.
In this case, the program code itself read from the storage medium may realize the functions of any of the above-described embodiments, and thus the program code and the storage medium storing the program code form part of the present invention.
Examples of the storage medium for providing the program code include a floppy disk, a hard disk, a magneto-optical disk, an optical disk (e.g., CD-ROM, CD-R, CD-RW, DVD-ROM, DVD-RAM, DVD-RW, DVD+RW), a magnetic tape, a nonvolatile memory card, and a ROM. Alternatively, the program code may be downloaded from a server computer by a communication network.
Further, it should be apparent that the functions of any of the above-described embodiments may be implemented not only by executing the program code read out by the computer, but also by causing an operating system or the like operating on the computer to perform part or all of the actual operations based on the instructions of the program code.
Further, it is understood that the program code read out by the storage medium is written into a memory provided in an expansion board inserted into a computer or into a memory provided in an expansion module connected to the computer, and then a CPU or the like mounted on the expansion board or the expansion module is caused to perform part and all of actual operations based on instructions of the program code, thereby realizing the functions of any of the above embodiments.
It is noted that relational terms such as first and second, and the like, are used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions. Moreover, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising one …" does not exclude the presence of additional identical elements in a process, method, article or apparatus that comprises the element.
Those of ordinary skill in the art will appreciate that: all or part of the steps for implementing the above method embodiments may be implemented by hardware related to program instructions, and the foregoing program may be stored in a computer readable storage medium, where the program, when executed, performs steps including the above method embodiments; and the aforementioned storage medium includes: various media in which program code may be stored, such as ROM, RAM, magnetic or optical disks.
Finally, it should be noted that: the above embodiments are only for illustrating the technical solution of the present invention, and are not limiting; although the invention has been described in detail with reference to the foregoing embodiments, it will be understood by those of ordinary skill in the art that: the technical scheme described in the foregoing embodiments can be modified or some technical features thereof can be replaced by equivalents; such modifications and substitutions do not depart from the spirit and scope of the technical solutions of the embodiments of the present invention.

Claims (7)

1. The MQTT theme matching method is characterized by comprising the following steps of:
receiving an MQTT control strategy sent by a user;
converting the MQTT control strategy into an MQTT theme regular expression based on hyperscan;
generating a hyperscan matching database according to the MQTT theme regular expression;
matching the acquired service data by using the hyperscan matching database;
the hyperscan-based transformation of the MQTT control strategy into an MQTT topic regular expression comprises the following steps:
information extraction is carried out on the MQTT control strategy, and a first theme and an ID corresponding to the MQTT control strategy are obtained; wherein the first theme comprises wild cards;
converting the first theme into the MQTT theme regular expression identified by hyperscan; wherein, each MQTT control strategy corresponds to one regular expression of the MQTT theme;
the matching the acquired service data by using the hyperscan matching database comprises the following steps:
acquiring the service data;
identifying and extracting the service data to obtain an MQTT protocol message;
analyzing the MQTT protocol message to obtain a second theme; wherein the second topic comprises topic information of a subscription message or topic information of a release message;
judging whether the MQTT topic regular expression matched with the second topic exists in the hyperscan matching database;
if so, determining the regular expression of the MQTT theme, and sending the service data to the user according to the ID of the MQTT control strategy corresponding to the regular expression of the MQTT theme.
2. The method of claim 1, wherein generating a hyperscan match database from the MQTT theme regular expression comprises:
invoking a hyperscan algorithm to compile the MQTT topic regular expression and an ID corresponding to the MQTT topic regular expression to generate the hyperscan matching database;
the hyperscan matching database comprises at least two groups of MQTT theme regular expressions and IDs in one-to-one correspondence.
3. The method of claim 1, wherein the step of determining the position of the substrate comprises,
the MQTT topic regular expression includes the first topic with addition of a start and end symbol.
4. The method as recited in claim 1, further comprising:
and if the MQTT topic regular expression matched with the second topic does not exist in the hyperscan matching database, discarding the service data or determining the service data as suspicious data.
5. An MQTT theme matching apparatus, comprising:
the receiving module is used for receiving the MQTT control strategy sent by the user;
the conversion module is used for converting the MQTT control strategy into an MQTT theme regular expression based on hyperscan;
the generating module is used for generating a hyperscan matching database according to the MQTT theme regular expression;
the matching processing module is used for matching the acquired service data by utilizing the hyperscan matching database;
the conversion module is used for executing the following operations:
information extraction is carried out on the MQTT control strategy, and a first theme and an ID corresponding to the MQTT control strategy are obtained; wherein the first theme comprises wild cards;
converting the first theme into the MQTT theme regular expression identified by hyperscan; wherein, each MQTT control strategy corresponds to one regular expression of the MQTT theme;
the matching processing module is used for executing the following operations:
acquiring service data;
carrying out identification extraction on the service data to obtain an MQTT protocol message;
analyzing the MQTT protocol message to obtain a second theme; wherein the second topic comprises topic information of a subscription message or topic information of a release message;
judging whether an MQTT topic regular expression matched with the second topic exists in the hyperscan matching database;
if so, determining an MQTT theme regular expression, and sending the service data to the user according to the ID of the MQTT control strategy corresponding to the MQTT theme regular expression.
6. A computing device comprising a memory and a processor, the memory having stored therein a computer program, the processor implementing the method of any of claims 1-4 when the computer program is executed.
7. A computer readable storage medium having stored thereon a computer program which, when executed in a computer, causes the computer to perform the method of any of claims 1-4.
CN202211652197.8A 2022-12-21 2022-12-21 MQTT theme matching method and device, computing equipment and storage medium Active CN116055123B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202211652197.8A CN116055123B (en) 2022-12-21 2022-12-21 MQTT theme matching method and device, computing equipment and storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202211652197.8A CN116055123B (en) 2022-12-21 2022-12-21 MQTT theme matching method and device, computing equipment and storage medium

Publications (2)

Publication Number Publication Date
CN116055123A CN116055123A (en) 2023-05-02
CN116055123B true CN116055123B (en) 2023-08-22

Family

ID=86124718

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202211652197.8A Active CN116055123B (en) 2022-12-21 2022-12-21 MQTT theme matching method and device, computing equipment and storage medium

Country Status (1)

Country Link
CN (1) CN116055123B (en)

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108809970A (en) * 2018-05-29 2018-11-13 华南理工大学 A kind of safety protecting method of smart home security gateway
CN111651476A (en) * 2020-05-18 2020-09-11 青岛海洋科学与技术国家实验室发展中心 Quick matching method and system for MQTT theme in gateway of Internet of things
CN112558948A (en) * 2020-12-16 2021-03-26 武汉绿色网络信息服务有限责任公司 Method and device for identifying message under mass flow
CN112671618A (en) * 2021-03-15 2021-04-16 北京安帝科技有限公司 Deep packet inspection method and device
CN114745364A (en) * 2022-03-28 2022-07-12 重庆长安汽车股份有限公司 Internet of vehicles data distribution system and method based on MQTT protocol
CN114900453A (en) * 2022-04-21 2022-08-12 成都陆迪盛华科技有限公司 Internet of things type solution method for issuing audio monitoring instruction among different clients

Family Cites Families (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US10225219B2 (en) * 2016-02-22 2019-03-05 International Business Machines Corporation Message delivery in a message system
US10645181B2 (en) * 2016-12-12 2020-05-05 Sap Se Meta broker for publish-subscribe-based messaging

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108809970A (en) * 2018-05-29 2018-11-13 华南理工大学 A kind of safety protecting method of smart home security gateway
CN111651476A (en) * 2020-05-18 2020-09-11 青岛海洋科学与技术国家实验室发展中心 Quick matching method and system for MQTT theme in gateway of Internet of things
CN112558948A (en) * 2020-12-16 2021-03-26 武汉绿色网络信息服务有限责任公司 Method and device for identifying message under mass flow
CN112671618A (en) * 2021-03-15 2021-04-16 北京安帝科技有限公司 Deep packet inspection method and device
CN114745364A (en) * 2022-03-28 2022-07-12 重庆长安汽车股份有限公司 Internet of vehicles data distribution system and method based on MQTT protocol
CN114900453A (en) * 2022-04-21 2022-08-12 成都陆迪盛华科技有限公司 Internet of things type solution method for issuing audio monitoring instruction among different clients

Also Published As

Publication number Publication date
CN116055123A (en) 2023-05-02

Similar Documents

Publication Publication Date Title
US8069210B2 (en) Graph based bot-user detection
US8554907B1 (en) Reputation prediction of IP addresses
CN101286988B (en) Parallel multi-mode matching method and system therefor
WO2020042029A1 (en) Discovery method for invoked link, apparatus, device, and storage medium
CN100518183C (en) Server equipment and server method
CN114157502B (en) Terminal identification method and device, electronic equipment and storage medium
CN102664967A (en) Method and system for interacting cross-platform personal information and background server
US8326982B2 (en) Method and apparatus for extracting and visualizing execution patterns from web services
CN107769992B (en) Message parsing and shunting method and device
Zhang et al. Toward unsupervised protocol feature word extraction
CN103036910A (en) Method and device for controlling user web access behaviors
CN114218318B (en) Data processing system and method for electric power big data
CN115766258A (en) Multi-stage attack trend prediction method and device based on causal graph and storage medium
Hossain et al. Mining accurate message formats for service APIs
CN115189914A (en) Application Programming Interface (API) identification method and device for network traffic
CN116055123B (en) MQTT theme matching method and device, computing equipment and storage medium
CN116545740A (en) Threat behavior analysis method and server based on big data
CN111563123B (en) Real-time synchronization method for hive warehouse metadata
Sija et al. Automatic payload signature generation for accurate identification of internet applications and application services
CN112511643A (en) Message data extraction method and device
CN115396128A (en) Malicious traffic detection method and device, storage medium and electronic equipment
CN111695031A (en) Label-based searching method, device, server and storage medium
CN117201194B (en) URL classification method, device and system based on character string similarity calculation
CN109688043A (en) A kind of IMAP protocol multi-link association analytic method and system
EP3786825B1 (en) Natural language processing systems and methods for automatic reduction of false positives in domain discovery

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant