Intelligent protocol parsing method and device

A technology of protocol analysis and intelligent analysis, applied in digital transmission systems, electrical components, transmission systems, etc., can solve problems such as protocol in-depth analysis errors, difficulty in accurate protocol analysis, and inability to match, so as to improve accuracy and strong versatility of the method , the effect of high accuracy

Inactive Publication Date: 2007-09-12
BEIJING VENUS INFORMATION TECH
View PDF0 Cites 52 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

In this case, IDS/IPS products cannot correctly identify the protocol type of the message or the specific software usage according to the port mapping table or specific field pattern matching, which brings great trouble to some specific requirements. This requires intelligent identification of the protocol type of the message according to the operating behavior characteristics of the network protocol, otherwis

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Intelligent protocol parsing method and device
  • Intelligent protocol parsing method and device
  • Intelligent protocol parsing method and device

Examples

Experimental program
Comparison scheme
Effect test

Example Embodiment

[0051] Embodiment 1 (Static Features of BitTorrent Protocol):

[0052] %13BitTorrent%20Protocol can identify the BitTorrent message type in the BitTorrent protocol or software communication process that uses the BitTorrent protocol, and it can be used as the BitTorrent protocol static identification rule;

[0053] Establish the BITTORRENT protocol static identification rule set:

[0054] The text must contain the string "Bittorrent";

[0055] And so on, if the actual data packet sample is:

[0056] GET / announce? info_hash=%OD%40_%F3%0A%269%81%94%B9 / %B80%5EC%8A%8

[0057] A%9A%9C%E5&peer_id=Plus---tL3l5oWGtwZ9o&port=9096&uploaded=0&dow

[0058] nloaded=0&left=28742712&event=started HTTP / 1.0..Host:btfans.332

[0059] 2.org: 8000.. Accept-encoding: gzip.. User-agent: BitTorrent / Plus!

[0060] II 1.02 RC1....

[0061] However, in some cases, it is difficult to judge the specific software or version. For example, if an IP packet is found to carry the protocol static feature "HTTP", it ...

Example Embodiment

[0062] Embodiment 2 (BitTorrent protocol behavior characteristics):

[0063] First use the track HTTP protocol that interacts with the tracker server:

[0064] 1) The client sends an HTTP GET request to the tracker

[0065] The feature of this step is: GET / announce...the GET request sent to Tracker by HTTP / 1.0, including the keyword Bittorent:

[0066] 2) The tracker returns the information of the downloader of the same file to the other party. The feature of this step is: the Peers address and port of the dictionary list encoded by bencoded.

[0067] 3) The BitTorrent client sends a connection request according to the obtained peer list. The feature of this step is that the "BitTorrent" keyword is included in the connection request of each peer.

[0068] Protocol feature extraction: The feature extraction is mainly divided into two steps, the first is the static feature extraction of protocol packets. This part mainly relies on a single data packet to make preliminary judgments o...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention relates to smart agreement analytical methods and devices used for intruding detection defense (IDS / IPS) and audit products. The purpose of the invention is to provide an agreement not to rely solely on the static ports and matching agreement characteristics of intelligent field protocol analysis technology and analytical format of the agreement is automatically adjusted in different versions of the software and gives accurate results, which enhanced the accuracy of the analysis of the agreement. The invention consists of three major steps: the establishment of agreements features model; agreement recognition; intelligent analysis of that agreement. This invention solved the traditional IDS / IPS products for the non-standard ports or did not have static characteristics of field data packet network protocol identification of problems but for some applications or different versions of the agreement, such as the reasons for the analytical results can provide automated error rectification work.

Description

technical field [0001] An intelligent protocol analysis method and device of the present invention relate to a network with switching as a function, and is a communication control / processing method and device characterized by protocol, preventing data from being fetched from a data transmission channel without permission. It is an intelligent protocol analysis method and device in an intrusion detection / protection system (Intrusion Detection / Protection System, IDS / IPS) and an audit product. Background technique [0002] As an important means of network security protection, intrusion detection / prevention system (IDS / IPS) is usually deployed at the entrance of the key network / network boundary, and captures the packet data flow in the network or in and out of the network in real time and conducts intelligent comprehensive analysis to detect possible intrusion behavior and block it in real time. Application layer protocol deep analysis technology is widely used in current mains...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
IPC IPC(8): H04L29/02H04L29/06H04L12/26H04L12/24H04L12/56
Inventor 孙海波骆拥政龚晟叶润国
Owner BEIJING VENUS INFORMATION TECH
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap