CN206498428U - The auditing system recombinated based on TCP - Google Patents

The auditing system recombinated based on TCP Download PDF

Info

Publication number
CN206498428U
CN206498428U CN201621219624.3U CN201621219624U CN206498428U CN 206498428 U CN206498428 U CN 206498428U CN 201621219624 U CN201621219624 U CN 201621219624U CN 206498428 U CN206498428 U CN 206498428U
Authority
CN
China
Prior art keywords
data
tcp
unit
packet
module
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201621219624.3U
Other languages
Chinese (zh)
Inventor
赵鹏
王建章
许德森
李东垣
刘智宏
张陆勇
褚腾飞
钱明
李璇
单路超
孟永焱
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
CHINACOMM SYSTEM Co Ltd
Original Assignee
CHINACOMM SYSTEM Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by CHINACOMM SYSTEM Co Ltd filed Critical CHINACOMM SYSTEM Co Ltd
Priority to CN201621219624.3U priority Critical patent/CN206498428U/en
Application granted granted Critical
Publication of CN206498428U publication Critical patent/CN206498428U/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Abstract

The utility model is related to a kind of auditing system recombinated based on TCP.System described in the utility model includes data capture module, data reorganization module and data processing module.Data capture module is used to capture by the packet of audit main frame, and the packet of crawl is stored into memory cell;Data reorganization module, is recombinated for extracting data from the packet in memory cell, and to the data of extraction, forms complete TCP links;Data processing module, the TCP links for being formed to data reorganization module are parsed, and sensitive terminology match is carried out to the content of text after parsing.The data reorganization module that sequence number is linked based on Hash table and TCP of the utility model design so that the conflict reduction of Hash mapping, while improving the efficiency of TCP restructuring.Also, data processing module is improved many character match, the efficiency of audit is improved.

Description

The auditing system recombinated based on TCP
Technical field
The utility model is related to technical field of network information safety, specifically a kind of auditing system recombinated based on TCP.
Background technology
With the extensive use of network technology, information security issue is increasingly serious, Network Safety Analysis system also meet the tendency of and It is raw, such as network audit system, Network Intrusion Detection System and the network information also original system.Such system includes three moulds mostly Block:Data acquisition module, data resolution module and data memory module.Wherein, how efficiently in correct acquisition network Data flow is the basis of whole system, while being also the most important technology of most critical.
Existing Network Safety Analysis system, is to capture packet by network intermediate line link mostly, then by analyzing these The feature of packet distinguishes network behavior, and the packet captured from network intermediate line link does not transfer to the agreement of operating system Stack is handled.Data in crawl network are surrounded by the Libcap under the kit much increased income, such as linux system, Winpcap and Java middlewares JPCAP under windows systems.But, only capture packet and do not ensure that data Correctness.Because the packet in same data flow may be arrived at by different network paths, packet is caused Different delay, loses, and the phenomenon such as out of order occurs.Therefore, will from network intermediate line link capture come packet be integrated into it is orderly, The technology (i.e. data recombination technology) for the ordered data stream do not lost becomes the key technology of many security system researchs.
It can be seen that, to adapt to current big flow network security demand, the research of efficient, reliable data reconstitution method seems It is particularly important.
The existing TCP data stream reassembly algorithm based on Hash table and TCP Receiving Order row numbers, its basic thought is:For The packet of one capture according to a hash function, it is necessary to map that in Hash table, while according to tcp chains in Hash table The Receiving Order row number of data flow is connect to judge whether the packet is legal.Ensure big stream at a high speed using the high efficiency of Hash table search The restructuring of TCP data stream is measured, the correctness that packet is received is ensured using the sequence number of packet.
At present, the technology of TCP data stream restructuring can be all related in the various network security softwares, related technology also has A lot:
(1) realize that TCP is recombinated based on two-dimensional chain table
The first of two-dimensional chain table is classified as linked list head node, and chained list head node is made up of three parts:First part is mainly The four-tuple that source IP address, purpose IP address, source port number and destination slogan are constituted;Part II by TCP data bag base The reference composition of this information field and next packet object of the same TCP connections of sensing, wherein essential information field bag Include the fields such as source IP address, purpose IP address, source port number, destination slogan, flag bit, sequence number and data;Part III table What is shown is the object reference of next head node, and is general data node after head node, and general data node includes source IP address, purpose IP address, source port number and destination slogan composition four-tuple, also data message, Prex quote and Next is quoted, and the two, which are quoted, the time in the upper node and next node for being respectively directed to the node, each node Field, increase time field is to dynamically delete out-of-date or overtime connection and its packet in subsequent operation.Two-dimentional chain Table has many good qualities to deposit data:First, it has good organizational structure, and many outstanding lookup algorithms can guarantee that The speed of lookup, improves the efficiency of system operation;Secondly, room and time is more saved in the operation for deleting node, only needs letter The front and rear node of single modification node is quoted just can be with.
(2) realize that TCP is recombinated based on splay trees
Splay trees are a kind of binary search trees of self-regulated shaping type, are every time passed through access node a series of in rotary moving Turn into root node to the superiors.Its theoretical foundation is that application program access tree node has biased property, i.e., the part within a period of time Node accesses related frequency, and the node accessed recently ceaselessly is moved on into tree root, overall access efficiency can be improved.Due to network Next packet that the arrival of packet has connection belonging to principle of locality, i.e. this packet can be reached quickly, therefore, This accesses node and is likely to be accessed again, and searching need to only compare once.After the tree undergoes a series of access, recently The node frequently accessed will reduce average lookup traversal number of times, improve overall search efficiency close to root node.
But, the technology of TCP restructuring is realized based on two-dimensional chain table, is carrying out being limited to chained list when TCP links are searched This data structure efficiency is not high enough;And realize that the technology of TCP restructuring implements complex and efficiency and carried based on splay trees Rise nor apparent.Therefore, to adapt to current big flow network security demand, for efficient, reliable network data The research of stream recombination method is particularly important.
, it is necessary to be parsed to TCP links after the completion of TCP restructuring, and sensitive vocabulary is carried out to the content of text after parsing Matching, retrieval whether there is sensitive information, so as to ensure the safety of LAN.At present, using the most commonly used character string of scope Matching algorithm is monotype and multi-pattern matching algorithm.The main distinction of single pattern matching and multi-mode matching is:If deposited Matching is needed in multiple patterns, Single Pattern Matching Algorithms can only perform a pattern match every time, and if using multi-mode With algorithm, then all patterns can be once matched after all mode being carried out relevant treatment.In Single Pattern Matching Algorithms, most write Two of name are KMP algorithms and BM algorithms.The two algorithms are respectively provided with the linear lookup time in the worst cases.But if The set of character string mode more than one but multiple character string modes composition, then BM algorithms are just unsuitable.WM algorithms It is a kind of typical multi-pattern matching algorithm, it is the matching algorithm improved on the basis of BM algorithms, it uses multiple words The character block for according with composition is matched, unlike the single charactor comparisons of other algorithms, the appropriate application of prefix table, is reduced The time consumed during matching somebody with somebody, therefore, it is possible to obtain good actual effect.But, WM algorithms are not sufficiently stable sometimes, for Degradation phenomena may occur for some sets of patterns and character string, cause efficiency not high enough.
Transmission Control Protocol is a kind of connection-oriented, reliable host-host protocol, and the IP agreement under TCP is Message Oriented Unreliable protocol, it is impossible to ensure message in order, reliable deliver.Therefore, substantial amounts of packet may arrive simultaneously and It is disorderly and unsystematic, or even go out the situation of active.In order to which these out of order packets are reintegrated into orderly data flow, TCP The sequence number and identifier of stem turn into key.
Data package-restructuring is only concerned about TCP sequence numbers, acknowledgement number and data, also several special TCP marks.It is described special It is flagged with:SYN,ACK,RST,FIN.
SYN:Synchronous sequence number is represented, for setting up connection.SYN and ACK will together with use, if SYN=1, ACK=0, Then represent transmission is request data;If SYN=1, ACK=1, then represent that what is sent is in response to data.
ACK:Represent Acknowledge effectively, i.e. TCP acknowledgement numbers in TCP data bag, the domain there are two values:0 and 1, when it When size is 1, represent effective, then represent invalid when to take its size be 0;
RST:Represent to send reset request.When there are abnormal connection and data, need to set multiple by this flag bit Position request.
FIN:After sender transfers full detail, need to notify recipient by FIN, be then shut off to each other Connection.
TCP is connection-oriented transmitting service, and reliable transmission service is needed by being reliably bi-directionally connected come real Existing, the process that TCP connections are set up is referred to as three-way handshake, and its substantially flow is as follows:
Shake hands for the first time:Client by server send syn bags (syn=i), represent oneself expect and server it Between set up connection, prepare the reception server response message;
Second handshake:After server receives the syn bags that client is sended over, if agreeing to set up connection, Sending two bags to client tells client to set up connection, and the two bags one confirm bag ack (ack=i+l;) and one The individual SYN bags (syn=j) of oneself;
Third time is shaken hands:Client is received after two packets that server is sended over, it is known that both sides can set up Connection, just sends to server and confirms bag ACK (ack=j+l), so passed through three-way handshake and just establish reliably now Communication connection.
Utility model content
For defect present in prior art, the purpose of this utility model is to provide a kind of based on examining that TCP is recombinated Meter systems.This system provides the data reorganization module that sequence number is linked based on Hash table and TCP so that the conflict of Hash mapping Reduction, while make use of the characteristics of Hash table realizes simple again, improves the efficiency of TCP restructuring.And to Data processing Many character match are improved, and improve the efficiency of audit.
To achieve the above objectives, the utility model is adopted the technical scheme that:
A kind of auditing system recombinated based on TCP, including:Data capture module, data reorganization module and data processing mould Block;
Data capture module, is connected with data reorganization module, for capturing by the packet of audit main frame, and by crawl Packet is stored into its memory cell;
Data reorganization module, is connected with data processing module, for extracting data from the packet in memory cell, and Data to extraction are recombinated, and form complete TCP links;
Data processing module, the TCP links for being formed to data reorganization module are parsed, and to the text after parsing Content carries out sensitive word matching.
On the basis of such scheme, the data capture module includes:JPCAP units, packet seal off unit, information Extraction unit, cryptographic Hash computing unit and memory cell;
JPCAP units are sealed off unit with packet and are connected, and packet is sealed off unit and is connected with information extraction unit, and information is carried Unit is taken to be connected with cryptographic Hash computing unit;
JPCAP units are used to capture the packet on link layer;
Packet, which seals off unit, to be used to seal off each packet, is obtained its transport layer protocol information, is worked as transmission When layer protocol information is Transmission Control Protocol, the packet after opening is exported to information extraction unit;
Quaternary group information, sequence number, confirmation number and flag that information extraction unit is used to extract in packet;Described four Tuple information includes source IP address, purpose IP address, source port and destination interface;
Cryptographic Hash computing unit is used for the cryptographic Hash that TCP links are obtained by quaternary group information, and cryptographic Hash is used to navigate to The TCP of this in Hash table is linked.
On the basis of such scheme, the packet formation data packet queue in the memory cell is sequentially output to number According to recombination module.
On the basis of such scheme, the data reorganization module includes:TCP flag bits judging unit, instruction obtain single Member and Hash table administrative unit;
TCP flag bits judging unit is connected with instruction acquiring unit, and instruction acquiring unit is connected with Hash table administrative unit;
Hash table administrative unit is used to store TCP links by Hash table;
TCP flag bits judging unit is used to calculate corresponding decision information according to the situation of TCP flag bits;
Acquiring unit is instructed to be used to export corresponding control instruction according to decision information.
On the basis of such scheme, the control instruction includes:
Create a new TCP link and be put into Hash table instruction,
Hash table instruction is searched according to cryptographic Hash,
Client and server end status command is updated,
Update receiving stream and send stream instruction,
TCP links complete to receive instruction,
TCP links remove instruction.
On the basis of such scheme, the data processing module includes data resolution unit and data matching unit;
The TCP links that data resolution unit is used for data reorganization module formation are parsed;
Data matching unit is used to carry out sensitive word matching to the content of text after parsing.
On the basis of such scheme, the data matching unit includes Trie trees structural unit and sensitive word matching is single Member;
Trie tree structural units, for judging character mode according to the positional information of each character in sensitive word, according to character Sensitive word is loaded into construction Trie trees in internal memory by state;
Sensitive word matching unit, for the character mode according to sensitive word character in Trie trees, is carried out many to sensitive word Character match.
On the basis of such scheme, the character mode includes:Intermediate state and ending state.
Beneficial effect described in the utility model based on the TCP auditing systems recombinated:
The utility model is realized by the way that the data reorganization module that sequence number is linked based on Hash table and TCP is efficient TCP is recombinated so that the conflict reduction of Hash mapping, improves efficiency of tabling look-up, the speed for searching TCP links is improved, so that The efficiency of TCP restructuring is improved.Also, data processing module is improved many character match, effectively raise careful The speed and efficiency of meter.
Brief description of the drawings
The utility model has drawings described below:
System architecture schematic diagrams of the Fig. 1 based on the TCP auditing systems recombinated;
The improved Trie trees logical construction schematic diagrams of Fig. 2.
Embodiment
The utility model is described in further detail below in conjunction with accompanying drawing.
As depicted in figs. 1 and 2, a kind of auditing system recombinated based on TCP described in the utility model, including:Data are caught Obtain module, data reorganization module and data processing module;
Data capture module is located in audit server, is connected with data reorganization module, for capturing by audit main frame Packet, and the packet of crawl is stored into its memory cell;
Data reorganization module, is connected with data processing module, for extracting data from the packet in memory cell, and Data to extraction are recombinated, and form complete TCP links;
Data processing module, the TCP links for being formed to data reorganization module are parsed, and to the text after parsing Content carries out sensitive terminology match.
On the basis of such scheme, the data capture module includes:JPCAP units, packet seal off unit, information Extraction unit, cryptographic Hash computing unit and memory cell;
JPCAP units are sealed off unit with packet and are connected, and packet is sealed off unit and is connected with information extraction unit, and information is carried Unit is taken to be connected with cryptographic Hash computing unit;
JPCAP units are used to capture the packet on link layer;
Packet, which seals off unit, to be used to seal off each packet, is obtained its transport layer protocol information, is worked as transmission When layer protocol information is Transmission Control Protocol, the packet after opening is exported to information extraction unit;
Quaternary group information, sequence number, confirmation number and flag that information extraction unit is used to extract in packet;Described four Tuple information includes source IP address, purpose IP address, source port and destination interface;
Cryptographic Hash computing unit is used for the cryptographic Hash that TCP links are obtained by quaternary group information, and cryptographic Hash is used to navigate to The TCP of this in Hash table is linked.
On the basis of such scheme, the packet formation data packet queue in the memory cell is sequentially output to number According to recombination module.
On the basis of such scheme, the data reorganization module includes:TCP flag bits judging unit, instruction obtain single Member and Hash table administrative unit;
TCP flag bits judging unit is connected with instruction acquiring unit, and instruction acquiring unit is connected with Hash table administrative unit;
Hash table administrative unit is used to store TCP links by Hash table;
TCP flag bits judging unit is used to calculate corresponding decision information according to the situation of TCP flag bits;
Acquiring unit is instructed to be used to export corresponding control instruction according to decision information.
On the basis of such scheme, the control instruction includes:
Create a new TCP link and be put into Hash table instruction, for example:If the SYN of packet is that 1, ACK is 0, explanation This is a request synchronous package, is put into HASH tables, is sent while initializing in the link so creating a new TCP link The information of stream:State is SYN_SENT, the SEQ+1 that the Serial No. of next bag is currently wrapped;
Hash table instruction is searched according to cryptographic Hash, for example:If the SYN of packet is that 1, ACK is 1, according to the four of the bag The cryptographic Hash of tuple goes in Hash table to look for, if it is found, then server is agreed to establish the link, if the ACK_NUM of the packet Equal to the sequence number of next bag of client, then initialize the information of server end in the link:State is SYN_RCVD, The ACK_NUM of the Serial No. packet of the expectation reception of server end is set;
Client and server end status command is updated, for example:If the ACK of packet is 1, from client, and visitor The state at family end is SYN_SENT, and server end state is SYN_RCVD, and its sequence number expects what is received with server end Sequence number is equal, then connection is successfully established, and it is ESTABLISHED to update client and server end state;
Update receiving stream and send stream instruction, for example:If data packet length is not that 0 or flag bit FIN is 1, explanation This is the bag of common packet or release connection;If the sequence number currently wrapped is to be received equal to data flow mid-term is received Sequence number, current bag is added in receiving stream;If this bag FIN is 1, to set and send the state flowed is FIN_SENT; If ACK is also simultaneously 1, by receiving stream mode for FIN_SENT, then its state is updated for CONFIRMED, renewal connects Receiving the expectation Receiving Order row number flowed is:The length+1 of packet;If this bag FIN is 0, the expectation Receiving Order of receiving stream is updated Row number is:The length of packet;The out of order bag buffering area in receiving stream is traveled through after renewal, if there is bag to meet receiving stream expectation Sequence number, if repeating the step;
TCP links complete to receive instruction, for example:If the ACK of packet is 1, if reception stream mode is FIN_SENT, Its state is updated for CONFIRMED;If receiving stream and transmission stream are all CONFIRMED, TCP links complete reception;
TCP links remove instruction, for example:If it is 1 to wrap RST, the link is removed in Hash table.
On the basis of such scheme, the data processing module includes data resolution unit and matching unit;
The TCP links that data resolution unit is used for data reorganization module formation are parsed;
Matching unit is used to carry out sensitive word matching to the content of text after parsing.
On the basis of such scheme, the matching unit includes Trie trees structural unit and sensitive word matching unit;
Trie tree structural units, for judging character mode according to the positional information of each character in sensitive word, according to character Sensitive word is loaded into construction Trie trees in internal memory by state;
All sensitive words, for the character mode according to sensitive word character in Trie trees, are entered by sensitive word matching unit The many character match of row.
On the basis of such scheme, the character mode includes:
Intermediate state, for example:The initial character of sensitive word is read, judges whether there is the character in Trie trees, if then reading Character late;If in the head Knots inserting initial character Hash table without if as Trie trees, and the state of the character is set For intermediate state;Character late is read, judges to whether there is the character in Trie trees, if then continuing to read next word Symbol, by that analogy;If inserting the character into Trie trees without if, if the character is not the last character of the sensitive word Symbol, it is intermediate state to set the character mode;
End up state, for example:The last character of sensitive word is read, judges whether there is the character in Trie trees, if do not had Have, the character is inserted into Trie trees, if then setting the character mode to be ending state.
Sensitive word matching unit is used for the character mode according to sensitive word character in Trie trees, and all sensitive words are carried out Quick many character match, for example:The character of sensitive word to be matched is successively read, is searched in the initial character Hash table in Trie trees Whether the character of matching is had, if it is not, continuing to read character late;If so, judge current character state, if Intermediate state, reads the character late of sensitive word to be matched;
The character of matching is searched whether in the child node of current Trie trees, if the next word of continuation reading without if Symbol, if then judging current character state;If intermediate state, the character late of sensitive word to be matched is read;If worked as Preceding character is ending state, and the match is successful;Repeat the above steps, until all sensitive word matchings to be matched are completed.
Data matching unit formula in data processing module is a kind of based on finite automata (DFA) multimode for improving Trie trees Formula matching unit, DFA basic function can be by event and current state obtains next state, i.e. event+ State=nextstate.It is higher concurrent in order to deal with sensitive word matching unit, there is a target important, Just it is to try to reduce and calculates, and is calculated substantially without what in DFA, the simply state transfer having.The system is using improved Trie trees realize DFA.Improved Trie trees are made up of initial character Hash table and child node, and each sensitive word can constitute one The positional information that character is participated in word-building during Trie trees, construction Trie trees is defined as different states, thus constitutes One limited automatic machine.If a character is not the tail word of some sensitive word, referred to as intermediate state, represented with 0.
Child node is all character sets using current character as prefix, and the data structure of child node can be using order Mechanism, chain structure and hash data structure etc..Data structure determines the complexity and space complexity of lookup time.Here We use hash data structure.The node of the initial character formation of sensitive word, is stored in initial character Hash table, child node uses Hash Structure, state is used for judging whether arrival suffix, and improved Trie trees logical construction is as shown in Figure 2.
Quick many characters can be just carried out after Trie tree construction completes to content of text to have matched.With in content of text Some initial character searches improved Trie tree constructions as initial character, and all sensitive words using the initial character as initial character are constituted One finite automata, each node is in a state of finite automata, reads the character late of character string as certainly The input of motivation, is shifted according to state of automata, and a matching is completed when reaching ending state.
The content not being described in detail in this specification belongs to prior art known to professional and technical personnel in the field.

Claims (7)

1. a kind of auditing system recombinated based on TCP, it is characterised in that including:Data capture module, data reorganization module sum According to processing module;
Data capture module, is connected with data reorganization module, for capturing by the packet of audit main frame, and by the data of crawl Bag storage is into its memory cell;
Data reorganization module, is connected with data processing module, for extracting data from the packet in memory cell, and to carrying The data taken are recombinated, and form complete TCP links;
Data processing module, the TCP links for being formed to data reorganization module are parsed, and to the content of text after parsing Carry out sensitive word matching;
The data reorganization module includes:TCP flag bits judging unit, instruction acquiring unit and Hash table administrative unit;
TCP flag bits judging unit is connected with instruction acquiring unit, and instruction acquiring unit is connected with Hash table administrative unit;
Hash table administrative unit is used to store TCP links by Hash table;
TCP flag bits judging unit is used to calculate corresponding decision information according to the situation of TCP flag bits;
Acquiring unit is instructed to be used to export corresponding control instruction according to decision information.
2. the auditing system as claimed in claim 1 recombinated based on TCP, it is characterised in that:The data capture module includes: JPCAP units, packet seal off unit, information extraction unit, cryptographic Hash computing unit and memory cell;
JPCAP units are sealed off unit with packet and are connected, and packet is sealed off unit and is connected with information extraction unit, information extraction list Member is connected with cryptographic Hash computing unit;
JPCAP units are used to capture the packet on link layer;
Packet, which seals off unit, to be used to seal off each packet, obtains its transport layer protocol information, when transport layer association When discussing information for Transmission Control Protocol, the packet after opening is exported to information extraction unit;
Quaternary group information, sequence number, confirmation number and flag that information extraction unit is used to extract in packet;The four-tuple Information includes source IP address, purpose IP address, source port and destination interface;
Cryptographic Hash computing unit is used for the cryptographic Hash that TCP links are obtained by quaternary group information, and cryptographic Hash is used to navigate to Hash The TCP of this in table is linked.
3. the auditing system as claimed in claim 1 or 2 recombinated based on TCP, it is characterised in that:Number in the memory cell Data packet queue is formed according to bag, is sequentially output to data reorganization module.
4. the auditing system as claimed in claim 1 recombinated based on TCP, it is characterised in that:The control instruction includes:
Create a new TCP link and be put into Hash table instruction,
Hash table instruction is searched according to cryptographic Hash,
Client and server end status command is updated,
Update receiving stream and send stream instruction,
TCP links complete to receive instruction,
TCP links remove instruction.
5. the auditing system as claimed in claim 1 recombinated based on TCP, it is characterised in that:The data processing module includes Data resolution unit and data matching unit;
The TCP links that data resolution unit is used for data reorganization module formation are parsed;
Data matching unit is used to carry out sensitive word matching to the content of text after parsing.
6. the auditing system as claimed in claim 5 recombinated based on TCP, it is characterised in that:The data matching unit includes Trie trees structural unit and sensitive word matching unit;
Trie tree structural units, for judging character mode according to the positional information of each character in sensitive word, according to character mode Sensitive word is loaded into construction Trie trees in internal memory;
Sensitive word matching unit, for the character mode according to sensitive word character in Trie trees, many characters are carried out to sensitive word Matching.
7. the auditing system as claimed in claim 6 recombinated based on TCP, it is characterised in that:The character mode includes:It is middle State and ending state.
CN201621219624.3U 2016-11-11 2016-11-11 The auditing system recombinated based on TCP Active CN206498428U (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201621219624.3U CN206498428U (en) 2016-11-11 2016-11-11 The auditing system recombinated based on TCP

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201621219624.3U CN206498428U (en) 2016-11-11 2016-11-11 The auditing system recombinated based on TCP

Publications (1)

Publication Number Publication Date
CN206498428U true CN206498428U (en) 2017-09-15

Family

ID=59800032

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201621219624.3U Active CN206498428U (en) 2016-11-11 2016-11-11 The auditing system recombinated based on TCP

Country Status (1)

Country Link
CN (1) CN206498428U (en)

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108011850A (en) * 2017-12-18 2018-05-08 北京百度网讯科技有限公司 The recombination method and device of data packet, computer equipment and computer-readable recording medium
CN109120518A (en) * 2018-09-07 2019-01-01 张立江 A kind of home gateway system and its data forwarding method
CN109547447A (en) * 2018-11-29 2019-03-29 中国刑事警察学院 A kind of GIF image reorganization method in rogue program communication data
CN115190090A (en) * 2022-07-12 2022-10-14 国泰君安证券股份有限公司 TCP stream recombination behavior monitoring processing method, system, device, processor and storage medium based on hash table and queue structure
CN116955247A (en) * 2023-09-18 2023-10-27 北京云豹创芯智能科技有限公司 Cache descriptor management device and method, medium and chip thereof

Cited By (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108011850A (en) * 2017-12-18 2018-05-08 北京百度网讯科技有限公司 The recombination method and device of data packet, computer equipment and computer-readable recording medium
CN108011850B (en) * 2017-12-18 2021-08-17 北京百度网讯科技有限公司 Data packet reassembly method and apparatus, computer device, and readable medium
CN109120518A (en) * 2018-09-07 2019-01-01 张立江 A kind of home gateway system and its data forwarding method
CN109547447A (en) * 2018-11-29 2019-03-29 中国刑事警察学院 A kind of GIF image reorganization method in rogue program communication data
CN115190090A (en) * 2022-07-12 2022-10-14 国泰君安证券股份有限公司 TCP stream recombination behavior monitoring processing method, system, device, processor and storage medium based on hash table and queue structure
CN116955247A (en) * 2023-09-18 2023-10-27 北京云豹创芯智能科技有限公司 Cache descriptor management device and method, medium and chip thereof
CN116955247B (en) * 2023-09-18 2024-02-09 北京云豹创芯智能科技有限公司 Cache descriptor management device and method, medium and chip thereof

Similar Documents

Publication Publication Date Title
CN206498428U (en) The auditing system recombinated based on TCP
TWI452877B (en) Network direct memory access
US7181544B2 (en) Network protocol engine
CN104012052B (en) System and method for the flow management in software defined network
CN102307149B (en) IP (internet protocol) lookup method and device and route updating method and device
Billington et al. A Coloured Petri net approach to protocol verification
KR100997182B1 (en) Flow information restricting apparatus and method
CN108521378A (en) Retransmission method, device and the network switching equipment of heterogeneous protocol message
CN105337991B (en) A kind of integrated message flow is searched and update method
CN107395565B (en) Serial port receiving preprocessing method under fixed-length single byte format message protocol
CN104796354A (en) Out-of-order data packet string matching method and system
CN104883335B (en) A kind of devices at full hardware TCP protocol stack realizes system
CN102420771B (en) Method for increasing concurrent transmission control protocol (TCP) connection speed in high-speed network environment
TW201501556A (en) Apparatus and method for uniquely enumerating paths in a parse tree
US7187676B2 (en) Apparatus and method for steering a communication to an open stream
US20040044796A1 (en) Tracking out-of-order packets
CN104283786B (en) System and method for the scalability for increasing software defined network
CN110083746B (en) Quick matching identification method and device based on character strings
CN101827073A (en) Tracking fragmented data flows
CN101316232B (en) Fragmentation and reassembly method based on network protocol version six
CN102427428A (en) Stream identifying method and device based on multi-domain longest match
BR102013007138A2 (en) Method and apparatus for reducing flash memory device programming time over a c.a.n. bus
CN114327833A (en) Efficient flow processing method based on software-defined complex rule
US7016354B2 (en) Packet-based clock signal
JP4729389B2 (en) Pattern matching device, pattern matching method, pattern matching program, and recording medium

Legal Events

Date Code Title Description
GR01 Patent grant
GR01 Patent grant