Supercharge Your Innovation With Domain-Expert AI Agents!

Method and system for filtering messages based on audited object

A message filtering and object technology, applied in transmission systems, digital transmission systems, electrical components, etc., can solve the problems of wasting detector CPU computing resources, wasting detector CPU resources and memory, etc., to save processing overhead and improve processing capacity, the effect of reducing hardware requirements

Inactive Publication Date: 2009-11-18
BEIJING VENUS INFORMATION TECH
View PDF0 Cites 8 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0005] 2) For the preprocessing stage of the message, all captured messages in the buffer need to be decoded step by step from the data link layer, network layer, transport layer, session layer, presentation layer to the application layer of the message, It also reassembles packet fragments, reassembles and buffers streams for stream-based protocols, and reassembles sessions for session-based protocols. During this process, all collected packets will be processed in these steps, which undoubtedly wastes Detects massive CPU resources and memory
At this stage, the matching and comparison of a large amount of irrelevant data wastes a lot of CPU computing resources of the detector

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Method and system for filtering messages based on audited object
  • Method and system for filtering messages based on audited object
  • Method and system for filtering messages based on audited object

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0029] The method of the invention includes a method for generating a network message filtering strategy based on an audited object and a method for executing the filtering strategy in a message capture driver program. The network packet filtering strategy based on the audited object is based on the Ethernet address (MAC address) of the server host being concerned and the TCP / IP port number of the network service provided to match all the packets captured by the mirror port of the switch and the packet capture network card. All Ethernet packets, and filter out all unnecessary network communication packets.

[0030] The method and system for filtering messages based on the audited object described in the present invention will be further elaborated below with specific embodiments. The specific implementation will be described in detail below, but it is not intended to limit the present invention. For example, the present invention does not limit the specific use of column algor...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention discloses a method and a system for filtering messages based on an audited object. The method comprises the following steps: a control management end of an auditing system sends information containing an Ethernet MAC address, a service port, and the like of an audited server host computer to a detector; a network card driver of the detector analyzes a current network communication message captured by a network card to obtain a source MAC address, a destination address, a source port and a destination port of the current network communication message; and the source MAC address, the destination address, the source port and the destination port of the current network communication message are matched with the MAC address and the service port of the audited server host computer received by the control management end to obtain a successfully matched communication message by filtering. In the invention, messages with no need of attention are filtered and discarded in the early period of capturing the messages, thereby the processing expense in each stage of the later period can be saved, larger system resource margin can be brought, the processing ability of the system is improved, and the requirement of the network auditing system on the hardware of a messaging capturing detector is reduced.

Description

technical field [0001] The invention relates to the processing of network data of a network security audit system, in particular to a network card driver layer message filtering method based on the network audit system and a message filtering subsystem based on the network audit system. Background technique [0002] High-performance packet capture and processing is the key technology and basic problem of network security auditing system. The network audit system is through the steps of packet capture, packet analysis, fragment reassembly, session reassembly, and protocol analysis of the audited network communication, and matches the protocol parameters and content with the audit policy, so that the network communication that violates the security policy A system for alerting, logging and blocking. The system usually consists of a detector deployed at the mirror port of the switch for capturing and analyzing network communication packets, and a control management and data st...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Applications(China)
IPC IPC(8): H04L29/06H04L12/24
Inventor 赵海峰
Owner BEIJING VENUS INFORMATION TECH
Features
  • R&D
  • Intellectual Property
  • Life Sciences
  • Materials
  • Tech Scout
Why Patsnap Eureka
  • Unparalleled Data Quality
  • Higher Quality Content
  • 60% Fewer Hallucinations
Social media
Patsnap Eureka Blog
Learn More

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2025 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com