Inspection method and device of Internet deep packet

A deep packet inspection, Internet technology, applied in the field of Internet network intrusion detection, can solve the problems of high cost and high power consumption, and achieve the effects of low power consumption, fast speed and small capacity

Inactive Publication Date: 2010-09-29
FENGHUO COMM SCI & TECH CO LTD
View PDF2 Cites 22 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0007] The technical problem to be solved by the present invention is to solve the problem of high cost and high power consumption of the Internet deep message detection device

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Inspection method and device of Internet deep packet
  • Inspection method and device of Internet deep packet
  • Inspection method and device of Internet deep packet

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0040] Aiming at the problems of limited number of jumping bytes and high power consumption in the feature word matching method based on TCAM, the present invention provides a method and device for Internet deep message detection, which uses a Bloom filter (Bloom Filter) combined with The TCAM performs Internet deep packet detection. The starting point of the present invention is: most of the messages in the network messages are ordinary messages that do not contain attack signature words, which can be directly skipped without TCAM signature detection, even if they are attack messages, most of the message content is also non-characteristic Word content, this part of the content can also be directly skipped without TCAM signature word detection, filter non-attack packets and non-signature word content of attack packets through the Bloom filter, and only suspicious attack packets Suspicious parts are sent to TCAM for detection. On the one hand, it can speed up the feature word m...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention claims inspection method and device of an Internet deep packet. The method comprises the following steps of: sequentially filtering the contents of the Internet packets section by section through a Bloom filter, delivering suspected content parts to a matching unit for matching when suspected attacking packets are discovered; respectively carrying out parallel matching on suspected parts in the suspected attacking packets with a plurality of characteristic words in a TCAM of the matching unit, and acquiring the judgment result that whether the suspected parts are attacking packets, if the suspected parts are not attacking packets, filtering the rest contents section by section through the Bloom filter, and otherwise, discharging the packets and generating a warning. The invention improves the efficiency of characteristic word matching and greatly reduces the energy consumption via filtering the non-characteristic word contents of the non-attacking packets and the attacking packets through the Bloom filter, and only sending the suspected parts of the suspected attacking packets to the matching unit for carrying out matching inspection.

Description

technical field [0001] The invention relates to Internet network intrusion detection technology, in particular to a method and device for Internet deep message detection. Background technique [0002] With the rapid development of computer network technology and Internet technology, network attacks and intrusion incidents are increasing day by day, especially in the past two years, the computer networks of government departments, military institutions, financial institutions, and enterprises have been frequently attacked by hackers. With the continuous improvement of the network security risk factor, the firewall, which was once the most important means of security prevention, can no longer meet people's needs for network security. As a useful supplement to the firewall, the Network Intrusion Detection System (NIDS: Network Intrusion Detection System) ) can help the network system to quickly discover the occurrence of network attacks and improve the integrity of the informat...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): H04L29/06H04L12/26H04L12/56
Inventor 朱国胜
Owner FENGHUO COMM SCI & TECH CO LTD
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products