Protocol recognition method and device

A protocol identification and protocol technology, which is applied in the field of protocol identification, can solve the problems of low identification efficiency, single protocol feature data, limitations of application protocol identification technology, etc., and achieve high detection efficiency and good identification effect

Inactive Publication Date: 2007-09-12
NEW H3C TECH CO LTD
View PDF0 Cites 39 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

This limits the use of existing application protocol identification techniques
[0004] 2. It is impossible to implement dynamic hierarchical expansion of new protocols
[0013] a. The identified application protocols have no hierarchical relationship, and multiple application protocols with hierarchical relationships cannot be identified
[0014] b. The identification of protocol feature data does not distinguish between requests and responses, and the protocol feature data is single, which reduces the accuracy of identification
[0015] c. Match regular expressions one by one, and the recognition efficiency is low

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Protocol recognition method and device
  • Protocol recognition method and device
  • Protocol recognition method and device

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0035] This embodiment provides a method for fast protocol identification of received data packets. As shown in Figure 2 and 3,

[0036] Step 101, after receiving a data packet for protocol identification, match it with the matching condition determined according to the layered protocol tree, and the matching is a matching process.

[0037] Wherein, the layered protocol tree is generated according to the layered relationship of the protocol, and its layered relationship corresponds to the layered relationship of the existing layered protocol. It includes a root node and other nodes that have a certain hierarchical relationship with the root node, each node represents a protocol, and the derivation path from the root node to the other nodes contains one or more matching conditions, and the matching conditions can be The protocol characteristic data of the protocol corresponding to each node of the layered protocol tree.

[0038] For example, as shown in FIG. 3 , it is a schem...

Embodiment 2

[0044] This embodiment provides another method for fast protocol identification of received data packets. As shown in Figure 4,

[0045] Step 201, after receiving the data packet to be identified by the protocol, match it with the matching condition determined according to the layered protocol tree, specifically, match it with the detection rule information composed of the matching condition, and this matching is a matching process .

[0046] Wherein, the detection rule information is composed of matching conditions on the derivation path, and the detection rule information corresponds to each node except the root node. Specifically, the detection rule information may be represented by a regular expression. In addition, according to a certain hierarchical relationship among the nodes, the detection rule information of the nodes at the next level on the same derivation path may also include the detection rule information of the nodes at the previous level.

[0047]In step 20...

Embodiment 3

[0051] In this embodiment, an identification sequence number can also be set for each matching condition of the layered protocol tree, and corresponding detection rule information can also have a corresponding identification sequence number. The matching result may be a specific matching condition or detection rule information, or may also be its corresponding identification number. Since there may be one or more matched matching conditions, there may be one or more matched identification serial numbers. Specifically, the matched identification serial numbers may be represented in the form of an array.

[0052] In addition, an identification plane table can also be set, and the identification plane table is generated according to the layered protocol tree and matching conditions. The identification plane table includes upper-layer nodes, lower-layer nodes and matching conditions for finding lower-layer nodes from upper-layer nodes. Wherein, the upper layer node and the lower ...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention relates to a protocol identifying method and device, and the method comprises: once matching the received data packets with the matching conditions determined according to layered protocol tree; and according to the matching result, finding the corresponding protocols by layers. And the device comprises: identifying kernel module, matching condition extracting module and detection engine module. And the invention can accelerate identification process by find engine, having high detecting efficiency; and can implement online dynamic protocol extension; the identified protocols have layered relation and thus the identifying effect is better.

Description

technical field [0001] The invention relates to a method for identifying protocols, in particular to a method and device for identifying protocols of layers above the transmission layer. Background technique [0002] Application protocol identification technology refers to the identification and perception of various application protocols carried in the originally closed network. It is the basis of various application services such as bandwidth management, load balancing, quality assurance (abbreviation: QoS), intrusion detection / protection (abbreviation: IDS / IPS), application-based billing, etc. Almost all such devices need to have application protocols recognized function. Wherein, the application protocol refers to the protocol in each layer above the fourth layer in the layered protocol model of Open System Interconnect (Open System Interconnect, hereinafter referred to as: OSI). The existing application protocol identification technology still has the following defect...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): H04L29/06H04L29/08H04L12/56H04L1/00G06F17/30
Inventor 胡华强
Owner NEW H3C TECH CO LTD
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap