General protocol parsing method and system

A general protocol and analysis method technology, applied in the field of general protocol analysis, can solve problems such as insufficient consideration, and achieve the effects of simple structure, enhanced intrusion detection ability, and high accuracy

Inactive Publication Date: 2009-05-06
BEIJING VENUS INFORMATION TECH
View PDF0 Cites 46 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

In addition, the design and implementation of commonly used protocol analysis tools do not fully consider how to use them in intrusion detection products to achieve intrusion detection functions while efficiently and accurately analyzing data packets

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • General protocol parsing method and system
  • General protocol parsing method and system
  • General protocol parsing method and system

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0040] This embodiment is a basic mode of a general protocol analysis method, and the system used is such as figure 1 shown. It includes an intrusion detection engine, a general protocol analysis console, a general protocol analysis control module, a trap, a memory, and a protocol analysis device. Contains the following steps:

[0041] ① The protocol and field registration steps of the general protocol analysis system;

[0042] Each protocol analysis plug-in supported by the general protocol analysis system must first register with the system. Only through registration can the general protocol analysis system know the name, data type, and representation of the subtree / field (decimal / hexadecimal / string etc.), all of this information comes from static data declared inside the subprotocol. In addition, the protocol parser can also choose to provide a structure for the core to further explain the specific meaning corresponding to the field value. This structure is also static d...

Embodiment 2

[0052] This embodiment is an optimal scheme of the protocol and field registration steps of the general protocol analysis system in the first embodiment.

[0053] The basic idea of ​​this embodiment is: its process is as follows Image 6 As shown: Each protocol parser supported by the general protocol parsing system must first register with the system. The registered content includes: the way the system identifies the protocol (port or feature byte callback function), the information of the protocol field (type, name, abbreviation) etc.), the entry point for protocol analysis. After the registration is completed, the general protocol parsing system knows the subtree / field name, data type, and representation (decimal / hexadecimal / string, etc.), all of which come from the static data declared inside the subprotocol. In addition, the protocol parser can also choose to provide a structure for the core to further explain the specific meaning corresponding to the field value. This s...

Embodiment 3

[0056] This embodiment is a preferred solution of the report capturing step in the general protocol analysis system in the first embodiment. The basic idea of ​​this embodiment is: first judge the application environment, if it is under Linux, then call Libpcap (network datagram capture development report under linux) to capture the report, if it is under Windows, then call Winpcap (network datagram under windows) Report Capture Development Report) is a platform-independent network datagram capture device. The trapper in the general protocol analysis system adopts a general datagram filter mechanism, which is a filtering module based on the kernel, which enables the trapper to capture specific datagrams, and can filter out unnecessary datagrams on the network , and only capture datagrams of interest. Datagram filters such as Figure 8 As shown, it consists of two parts, one is the network forwarding part, and the other is the data filtering part. The network forwarding part ...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

A general protocol resolving method and system comprises an engine, general protocol resolving console, general protocol resolving control module, arrestor, memory, protocol resolving device. The operation comprises following steps: registering of protocol and field, trapping, protocol resolving and data processing. The general protocol resolving system of the invention solves problem of traditional network safety product depending on only port for protocol resolving, adds intelligent elicitation type protocol resolving function, possesses good design structure and strong resolving ability; the system adopts plug-in interface technology for protocol resolving and has merits of quick protocol resolving speed, high accuracy and good expandability.

Description

technical field [0001] The invention relates to a general protocol analysis method and system which can be used in various network security products, which provides a powerful protocol analysis function according to the message characteristics in the network data flow, and belongs to the network technology field. Background technique [0002] The protocol analysis technology is the core component module of the intrusion detection and auditing system. The accuracy and efficiency of the usual intrusion detection and auditing depend on the accuracy and efficiency of the protocol analysis. At present, most IDS / IPS products judge the protocol type of the network packet based on the port mapping table for further protocol analysis. TransferProtocol) protocol message, and further use the FTP protocol format to analyze the data message. Usually this port mapping table has been determined when the IDS / IPS product leaves the factory. In fact, due to the wide variety of various protoc...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): H04L29/02H04L29/06H04L12/26
Inventor 孙海波王磊骆拥政焦玉峰李博
Owner BEIJING VENUS INFORMATION TECH
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap