Eureka AIR delivers breakthrough ideas for toughest innovation challenges, trusted by R&D personnel around the world.

Network protocol identification method and device

A network protocol and protocol identification technology, applied in the network field, can solve the problems that new protocols cannot respond to judgment, are difficult to play a role, and new protocols cannot be quickly identified, and achieve the effect of ensuring extensiveness and accuracy and improving performance.

Active Publication Date: 2016-01-27
亿阳安全技术有限公司
View PDF8 Cites 15 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

However, the solidified hardware uses the underlying compiled language, which is highly dependent on the hardware and cannot be updated in time, and cannot be deployed across devices. That is, when a single device reaches the processing limit, it can only be solved by adding devices. This method is difficult to work in the network environment of road mirroring
[0008] Unable to quickly identify new protocols: the development of network technology is changing with each passing day, new technologies and new applications emerge in an endless stream, and new network protocols continue to emerge. These protocols are not only customized according to open source protocols, but also closed private protocols. Protocol analysis has brought great challenges. Traditional network protocol analysis uses static signature database technology, which can only identify existing network protocols, and cannot respond to and judge new protocols. It can only passively wait for the signature database to be updated. If the signature database If the update is slow or missing, it will not be able to play the original role of protocol analysis

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Network protocol identification method and device
  • Network protocol identification method and device
  • Network protocol identification method and device

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 2

[0105] In order to better illustrate the process of obtaining the characteristic information in each network protocol and the process of building a decision tree in the present invention, the second embodiment of the present invention is given below, as image 3 Shown:

[0106] Step S201: Create a code stream array to store the current code stream data, and create a feature vector array corresponding to the code stream array.

[0107] Set the initial value of each position of the eigenvector array to a fixed identifier.

[0108] Step S202: Obtain the code stream data to be compared, and perform consistency comparison between the code stream data to be compared and the corresponding positions of the current code stream data according to the fixed identification position information in the feature vector array.

[0109] The code stream data to be compared is consistent with the IP port of the current code stream data, so as to ensure that the obtained characteristic information...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention discloses a network protocol identification method. Code stream data of the same IP ports are compared, and then fixed characteristic information in network protocols are obtained; the characteristic information are stored in a protocol knowledge base according to a occurrence sequence of the characteristic information in the network protocols; a decision tree is built through the characteristic information stored in the protocol knowledge base, and leaf nodes in the decision tree identify the network protocol of branches where of the leaf nodes locate; according to information of the nodes and various node branch identifiers of the decision tree, protocol identification is performed on to-be-identified data; and, according to the leaf node where the identification reaches, the network protocol of the to-be-identified data is determined. Through usage of the network protocol identification method, the network protocol of code flow data can be rapidly identified. The invention further discloses a network protocol identification device.

Description

technical field [0001] The invention relates to the field of network technology, in particular to a network protocol identification technology. Background technique [0002] With the rapid development of the network and the continuous emergence of new applications, the demand for network information security products such as network security audit, intrusion detection, and data leakage prevention is also increasing. These network security products are mainly based on the deep packet inspection technology DPI (DeepPacketInspection), and the core of deep packet inspection technology is application layer protocol identification, that is, to identify which application layer protocol is used for the data transmitted on the network link, and to restore and analyze these protocols. The specific implementation mechanism is to reorganize the application layer information in the OSI7 layer protocol by deeply reading the content of the IP packet load, thereby identifying the applicatio...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
IPC IPC(8): H04L29/06G06F17/30
Inventor 周春楠刘凌郭波杨宁怿赵贵阳张雪山刘玉莲
Owner 亿阳安全技术有限公司
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com