Network communication quintuple fast matching algorithm based on improved automatic state machine

A quintuple and state machine technology, applied in the field of network communication, can solve the problem of large memory consumption by multi-pattern matching algorithms

Active Publication Date: 2015-01-14
CHENGDU WANGAN TECH DEV
View PDF3 Cites 10 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

In this way, although the time efficiency of matching can be significantly improved, it will further highlight the defect that the multi-pattern matching algorithm consumes too much memory

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Network communication quintuple fast matching algorithm based on improved automatic state machine
  • Network communication quintuple fast matching algorithm based on improved automatic state machine
  • Network communication quintuple fast matching algorithm based on improved automatic state machine

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0084] Let an actual rule quintuple be:

[0085] 192.16.0.18, 2000, 192.168.0.1 to 192.168.0.254, 2000, TCP, 192.167.0.18 to 192.168.0.254, *, *, 2000, UDP, 192.16.0.18, 2000, 192.168.1.1, 1200, TCP

[0086] The five-tuple to be matched is:

[0087] 192.168.0.18, 1500, 192.168.0.254, 2000, UDP.

[0088] Step 1: First determine that the rule quintuple contains wildcards, and perform wildcard processing on all wildcards. The processed rule quintuple is:

[0089] 192.16.0.18, 2000, 192.168.0.1 to 192.168.0.254, 1200, TCP, 192.167.0.18 to 192.168.0.254, 0, 0, 2000, UDP, 192.16.0.18, 2000, 192.168.0.1 to 192.164, 102.054. TCP.

[0090] Step 2: Divide the port of the regular quintuple after the wildcard processing into two segments, each of which is 8 bits in length, judge whether there are segments in the quintuple, and divide the quintuple, for 192.168.0.1 to 192.168 .0.254, divide the first 16 bits and the last 16 bits to get 192.168, 0.1 to 0.254, and then divide the first 1...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses a network communication quintuple (a source IP, a target IP, a source port, a target port and a protocol number) fast matching algorithm based on an improved automatic state machine. According to the algorithm, a quintuple unit dividing module, a mixture automatic state machine module, an asterisk wildcard mapping module and a matching rule calculating module are adopted, wherein the quintuple unit dividing module is used for establishing a mismatching collision domain, the mixture automatic state machine module is used for achieving uniform matching of point data and section data, the asterisk wildcard mapping module is used for solving the asterisk wildcard matching problem in matching, and the matching rule calculating module is used for reducing redundancy operation caused by asterisk wildcard mapping. The algorithm is characterized in that static parameters in the quintuple are extracted as mush as possible to establish an ordinary automatic state machine, and a larger collision domain is established; for section type parameters, a chain table is added behind the automatic state machine, a mixture automatic state machine structure is formed, and supporting for the section type parameter matching is achieved; the asterisk wildcard matching problem is solved through asterisk wildcard mapping, a replacement rule is precisely matched, and the amount of redundancy calculation is reduced. The algorithm can be widely applied to an intrusion detection system, a network blacklist and whitelist library, a network data analyzing product and other products.

Description

technical field [0001] The invention belongs to the field of network communication, in particular to a network communication five-tuple fast matching algorithm based on an improved automatic state machine. Background technique [0002] With the development of computer science and technology, especially the development of Internet technology, network communication technology has become more and more important. In network communication technology, the source information and destination of communication between communication entities are generally monitored by comparing the consistency of network communication information (network communication quintuples, namely source IP, source port, destination IP, destination port, protocol number). information, and then judge whether it is abnormal. Especially in the field of intrusion detection and defense, the system needs to configure some network communication blacklist databases (rule databases) or whitelist databases to monitor the...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): H04L12/26H04L29/06
Inventor 朱永强朱正富杨光明郑童瀚黄晓强秦疏婷
Owner CHENGDU WANGAN TECH DEV
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap