Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

FPGA (Field Programmable Gate Array)-based network security log processing method and device

A network security and processing device technology, applied in the field of network security, can solve the problems of low overall system efficiency, easy loss of added messages, message loss, etc., to achieve the effect of ensuring network security and avoiding network security risks

Active Publication Date: 2011-06-15
曙光网络科技有限公司
View PDF2 Cites 7 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0012] In practical application, the above solution has the following problems: the software processing speed is slow, and the added text is easy to be lost; the resource consumption of the central processing unit is large, resulting in low overall efficiency of the entire system
[0013] One of the main reasons for this situation is that in the existing security log software implementation scheme, the first packets of all packets that need to be logged must be reported to the software. Since the processing speed of the software is not high, a processing bottleneck will be formed. For If the instantaneous burst rate of data traffic is large, it will lead to packet loss; in this solution, the CPU needs to spend a lot of time executing software to analyze packets, calculate indexes, set forwarding entries, etc., which will greatly increase CPU load, which in turn leads to lower overall system efficiency

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • FPGA (Field Programmable Gate Array)-based network security log processing method and device
  • FPGA (Field Programmable Gate Array)-based network security log processing method and device
  • FPGA (Field Programmable Gate Array)-based network security log processing method and device

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0027] The present invention includes a network data storage, a user rule storage, and a feature comparator. The method for blocking the network security connection includes the following steps: receiving the data packet sent by the external network; temporarily storing the received data packet in the setting In the network data storage; and extract the characteristic value from the data packet, compare a certain rule in the user rule memory according to a characteristic value of the data packet, judge whether the data packet meets the condition of forwarding the log; when the characteristic value meets the , the network device promptly takes out the data packets from the network data storage, and packs them, and sends the data packets to the main memory of the host that requires storage, so as to facilitate data analysis.

[0028] Figure four It is a state transition diagram of a state machine. The actions of each state are as follows,

[0029] IDLE: In the initial state, ...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention provides an FPGA (Field Programmable Gate Array)-based network security log processing method and device. The device comprises a network data storage, a user rule storage and a feature comparator. The method comprises the steps of: receiving packets sent by an external network, and temporarily storing the packets in the network data storage; detecting source and target IP addresses, source and target ports and protocols of the network packets, and monitoring the control bit of a message; for packets in accordance with set source and target IP addresses, set source and target ports and a set protocol, filtering results according to rules for hit packets, analyzing packet header information and filtering actions, and judging whether to send a log packet and determining the type of the log packet; and when a feature value is accorded with, grouping the packets taken from the network data storage, and sending the grouped packets to a mainframe memory to be stored, and analyzing data. By means of the method and the device provided by the invention, packet contents on the network can be monitored in time, network security risks can be prevented from increasing, and the network security is guaranteed.

Description

technical field [0001] The invention relates to the field of network security, in particular to the realization of an FPGA-based network security log processing method. Background technique [0002] With the popularization and development of the network, the security of the network is becoming more and more important, and the security control technology of the network is developing rapidly. A set of overall network security solutions involves many aspects, including setting password policies, setting security log policies, security management systems, and so on. The policy of setting security logs is to monitor the usage of the network by recording some important information in the security logs, and constantly adjust the security settings through the monitoring results to improve network security. [0003] Due to the importance of network security, considering that the switch is at the core of the network, it is necessary to implement the monitoring log function for users ...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
IPC IPC(8): H04L29/06H04L12/56H04L12/26H04L12/721
Inventor 白宗元张磊李静纪奎张英文
Owner 曙光网络科技有限公司
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com