Method and system for monitoring P2P software

A software and strategy technology, applied in the network field, can solve the problems of inaccurate matching and identification, lack of products with blocking function, etc., to avoid false negatives and false positives, widely used, simple and convenient to expand

Inactive Publication Date: 2009-05-27
BEIJING VENUS INFORMATION TECH
View PDF0 Cites 12 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

Many users, enterprises and institutions put forward high requirements for the accurate identification and blocking of P2P protocols and software usage, which makes the identification based on the original port location or static packet feature matching inaccurate
Most of the intrusion detecti

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Method and system for monitoring P2P software
  • Method and system for monitoring P2P software
  • Method and system for monitoring P2P software

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0047] Embodiment 1. In the establishment stage of above-mentioned A. protocol feature model; The protocol static feature extraction step of Edonkey2000 is arranged, see figure 2 ;

[0048] 1) E3 96 FF F0 load length 6

[0049] 2) E3 A2 FF F0 load length 6

[0050] 3) E3 97 load length 34

[0051] 4) E3 9A load length 18

[0052] 5) E3 92 load length 10

[0053] Similar to the above-mentioned embodiments, static features can be extracted for data packets transmitted in specific applications of each P2P application, and a static feature model corresponding to the P2P application can be established accordingly:

[0054] Secondly, mining the associated behavior feature sequence in the actual P2P application running process, this stage includes all the action behavior sequences that can identify the specific stage of the protocol during the P2P running process (such as the client sends a Peer request, the server responds to the Peer list, etc.).

Embodiment 2

[0055] Embodiment 2: In the step of identification and positioning in the above-mentioned B. application stage, there are steps for establishing a behavior characteristic state model in the stage of Netease popo login:

[0056] 1) The client and the server perform a TCP handshake connection (usually 220.181.28.238:443)

[0057] 2) Use the SSL protocol to negotiate the session key used in subsequent communications (the client sends a Clienth*llo to initiate a handshake. This message contains a list of algorithms that can be implemented by itself and other required messages, and the SSL server will respond A Serverh*llo, which determines the algorithm required for this communication, and then sends its own certificate (which contains its identity and its own public key). After receiving this message, the Client will generate a secret message, using SSL The server's public key is encrypted and transmitted, and the SSL server decrypts it with its own private key. The session key n...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention relates to a P2P software monitoring method and a P2P software monitoring system capable of being used in network products. The method and the system can extract various protocol features during network protocol communication according to information carried by actually captured messages, so as to realize monitoring of P2P application, and can implement interdiction of different strategies according to actual demands and aiming at different running states. The method and the system comprise three stages of establishment of a protocol feature model, application stage identification and positioning, and implementation of corresponding interdiction strategies, wherein a module for establishing the protocol feature model works out matching features of specific states of detailed P2P application; an application stage identification and positioning module realizes positioning of application states and protocol states affiliated to detailed data messages in the multi-pattern matching mode; and a corresponding interdiction strategy module realizes establishment and correlation of related strategies and corresponding monitoring function.

Description

technical field [0001] The present invention relates to a P2P software monitoring method and system for certain P2P download software and network live broadcast software that can be used in intrusion detection and defense (IDS / IPS) products. The precise identification and blocking of the feature belongs to the field of network technology. Background technique [0002] As an important means of network security protection, intrusion detection / protection system (Intrusion Detection / Protection System, IDS / IPS) is usually deployed at the entrance of key network interior / network boundary, and captures the packet data flow in or in and out of the network in real time and conducts Intelligent comprehensive analysis, discover possible intrusion behavior and block it in real time. At present, most intrusion detection products or systems use port positioning (such as Emule uses port 4662, BT uses ports 6881-6889, etc.) or static protocol features (such as product L7-filter, Cisco's PD...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
IPC IPC(8): H04L29/06H04L12/24
Inventor 孙海波骆拥政李永泉胡斌杨海青
Owner BEIJING VENUS INFORMATION TECH
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap