Deep packet inspection method and system

Abstract

The invention discloses a DPI (deep packet inspection) method and system. The DPI method comprises the followings steps: 1, information acquisition: a packet, input by a kernel of a network equipment operating system, in a to-be-processed session is received, and information of the packet is read; 2, DPI: the packet is inspected, and a subsequent packet is processed according to inspection results and the condition whether hardware acceleration configuration exists; 3, inspection data submission: the packet inspection results are counted and analyzed and submitted to a data platform for display of inspection and control results. According to the DPI method and system, compiling can be performed according to kernels of different sets of network equipment, the method and the system can adapt to various platforms quickly, the dependence degree on the equipment is reduced, and the problem of high coupling of a DPI module and the network equipment is solved; few resources are occupied, and application of the DPI technology on low-end network equipment is realized; the DPI method and system has the functions of application identification, terminal identification, acquisition of search keywords, URL (uniform resource locator) identification and classification, acquisition of specific information and the like, and wider coverage area and perfect functions are realized.

Description

technical field [0001] The invention relates to a method and system for controlling and analyzing network traffic, in particular to a method and system for in-depth message detection. Background technique [0002] Deep Packet Inspection (Deep Packet Inspection, hereinafter referred to as DPI) is a traffic analysis and detection technology for application layer analysis. DPI technology has become the standard configuration of high-end network equipment, used for fine-grained control and analysis of network traffic, but due to the constraints of hardware performance, function adaptation, system architecture and other factors, DPI has not been able to be used in a large number of low-end network equipment. (such as home routing, commercial WIFI, thin AP, etc.), which leads to the lack of advanced traffic optimization and service improvement for the majority of end users. Therefore, it is necessary to implement deep packet inspection technology that can be adapted to low-end net...

AI Technical Summary

Problems solved by technology

In this type of equipment, DPI exists as a component module of the system and is used in conjunction with other modules of the equipment. The interaction between internal modules is generally carried out in a way of resource sharing for the purpose of achieving high efficiency, and the functions are generally relatively complete. However, this technology The disadvantages are also more prominent

First of all, since DPI is a module of the device, the device is highly dependent, and the cost of migrating to other manufacturers is very high, or it cannot be migrated at all; secondly, the DPI module is highly coupled with other modules, and the function of upgrading DPI needs to be upgraded. The entire firmware is completed, so the scalability is poor; again, due to the abundant device resources, in order to achieve high performance, the resource occupation will be high, which cannot be applied to low-end devices with fewer resources.

[0004] Existing technology 2 is widely used in operator networks. It uses traffic mirroring to obtain all messages in a certain network segment, and uses a separate DPI software program to analyze the traffic. The implementation of this technology is to use mirroring in serial network equipment. The method guides all or part of the traffic to the DPI device, and the device works in parallel; the feature of this solution is that it can use a suitable DPI device according to the size of the traffic, and the device can use a general technical framework for analysis, and it is easier to upgrade the software program Convenient, but the disadvantage of this solution is that it cannot be analyzed online, and the flow cannot be controlled based on DPI

[0005] Therefore, it is necessary to study a method that can not only solve the problem that due to the limitation of equipment resources in low-end network equipment, it cannot be applied or analyzed online, and the flow cannot be effectively controlled; it can also solve the problem that DPI equipment cannot be quickly adapted to different hardware platforms and Method and system for in-depth packet detection for updating problems

Images