Method for recognizing and tracking application based on keyword sequence

A keyword sequence and application identification technology, applied in special data processing applications, instruments, electrical digital data processing, etc., can solve problems such as tracking of limited protocol status

Inactive Publication Date: 2012-06-27
SUN YAT SEN UNIV
View PDF0 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

Although the firewall can track the protocol status, it is mainly limited to the tracking of the protocol status of the transport layer and IP layer, and this kind of protocol status tracking is actually the reproduction of the protocol process, which also requires a lot of manual analysis and programming in advance accomplish

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Method for recognizing and tracking application based on keyword sequence
  • Method for recognizing and tracking application based on keyword sequence
  • Method for recognizing and tracking application based on keyword sequence

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0024] The present invention will be further described below in conjunction with the accompanying drawings.

[0025] The invention is attached figure 1 As shown, the application is identified and the application process is tracked by collecting the keyword sequence of the application layer. Specific steps are as follows:

[0026] 1. Build a keyword set

[0027] The keyword may be a specific character, a character string, or a logical relationship between complex characters represented by a regular expression, or an identifiable character string feature in the application layer data. Methods for establishing keyword sets include:

[0028] a) Manual collection: By consulting standard documents or analyzing application layer data collected on the network, find keywords and key features of known application layer protocols to obtain keyword sets;

[0029] b) Automatic collection: through data mining of known or unknown application layer data collected on the network, frequentl...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention provides an application, identification and tracking method based on a keyword sequence, which comprises: firstly, establishing a keyword set; secondly, matching keywords with data in an application layer; thirdly, performing syntax tree judgment and evaluation on a keyword sequence obtained after matching; and fourthly, tracking the keyword sequence and identifying application types. The application, identification and tracking method based on the keyword sequence does not need manually understanding and programming an application layer protocol, manually analyzing unique characteristics of application and writing out a regular expression, can realize automatic modeling, identification and tracking of known or unknown application, and further realizes flow control and security defense of fine grain of the application and the application process.

Description

technical field [0001] The invention belongs to the technical field of network security detection and network flow control, and in particular relates to an application identification and tracking method based on a keyword sequence. technical background [0002] Existing methods for application layer protocol identification mainly include identification methods based on port numbers, methods based on manually established regular expressions, and methods based on statistical characteristics of flows. The method based on the protocol port number, because many standard applications use non-standard port numbers, and non-standard applications use standard port numbers, such as illegal applications and attacks that use well-known port numbers (such as port 80) to avoid firewall filtering and The limitation of traffic management equipment has made the method of identifying applications based on port numbers unsuitable. The regular expression-based application identification method...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Patents(China)
IPC IPC(8): H04L29/06H04L12/24G06F17/30
Inventor 余顺争
Owner SUN YAT SEN UNIV
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap