Check patentability & draft patents in minutes with Patsnap Eureka AI!

A method and system for network application layer protocol identification

A protocol identification and network application technology, applied in the Internet field, can solve problems such as unsatisfactory accuracy rate, slow identification speed, poor encryption protocol identification effect, etc., and achieve fast and accurate identification effect

Active Publication Date: 2018-10-23
CNIS TECH CO LTD
View PDF4 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

The traditional port-based detection technology has a particularly fast identification speed, but because many protocols do not have fixed transport layer ports, and some protocols even use dynamic port or masquerade port technology, the accuracy of port-based identification methods cannot meet the current needs
The traditional technology based on deep packet inspection can achieve a more accurate recognition effect by identifying precise feature strings, but the recognition speed is slow, and the recognition effect for some encryption protocols is poor

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • A method and system for network application layer protocol identification
  • A method and system for network application layer protocol identification
  • A method and system for network application layer protocol identification

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0049] figure 1 It is a flow chart of the method for network application layer protocol identification provided by this embodiment, see figure 1 , the method for network application layer protocol identification includes:

[0050] Step S1: Acquiring feature information of the communication process, said feature information including at least one of the following or a combination thereof: IP address of the communication process, main feature code, protocol port, length of data packets in the communication process;

[0051] Step S2: According to any hash table in the preset IP address hash table, main feature code hash table, protocol port hash table and data packet length hash table, or a preset identification plug-in for the The communication process is identified, and if the communication process is identified, the protocol ID of the communication process is obtained; otherwise, the protocol of the communication process is marked as undefined.

[0052] It should be noted th...

Embodiment 2

[0058] On the basis of Embodiment 1, the method for network application layer protocol identification provided by this embodiment also includes before step S1:

[0059] Obtain an IP address of a known communication process, perform a hash operation on the IP address to obtain a first initial hash value, and associate and store the first initial hash value and the protocol ID of the known communication process corresponding to the IP address to generate the IP address hash table;

[0060] Obtain the main feature code of the known communication process, perform a hash operation on the main feature code to obtain the second initial hash value, and store the second initial hash value and the protocol ID of the known communication process corresponding to the main feature code to generate the main feature code. signature hash table;

[0061] Obtain the protocol port of the known communication process, perform a hash operation on the protocol port to obtain the third initial hash v...

Embodiment 3

[0101] figure 2 It is a flow chart of the method for network application layer protocol identification provided by this embodiment, see figure 2 , on the basis of embodiment 2, said step S2 includes:

[0102] S21: Identify the communication process according to the IP address hash table, if the communication process is identified, obtain the protocol ID of the communication process, otherwise, enter step S22;

[0103] S22: Identify the communication process according to the main feature code hash table, if the communication process is identified, obtain the protocol ID of the communication process, otherwise, enter step S23;

[0104] S23: Identify the communication process according to the protocol port hash table, if the communication process is identified, obtain the protocol ID of the communication process, otherwise, enter step S24;

[0105] S24: Identify the communication process according to the length hash table of the data packet, if the communication process is id...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention discloses a network application layer protocol identification method and system. The method includes the following steps that: feature information of a communication process is acquired, wherein the feature information contains at least one kind of or the combination of information selected from the IP address, main feature code and protocol port of the communication process, as well as the length of data packets in the communication process; and the communication process is identified according to any one of a preset IP address hash table, main feature code hash table, protocol port hash table and length hash table of the data packets, or a preset identification plug-in, if the communication process is recognized, the protocol ID of the communication process is obtained, otherwise, the protocol of the communication process is marked as undefined. In an identification process of a communication process to be identified, a corresponding protocol ID can be queried in a hash table according to the hash value of the feature information of the communication process to be identified, and therefore, the application layer protocol ID in the communication process can be identified quickly and accurately.

Description

technical field [0001] The invention belongs to the technical field of the Internet, and in particular relates to a method and system for network application layer protocol identification. Background technique [0002] With the rapid development of Internet application technology, Internet applications have been greatly enriched, and more and more network applications use proprietary protocols. These network protocols have no publicly available protocol specification documents, which brings great challenges to the classification and precise identification of network protocols. new challenges. Typical examples are peer-to-peer (P2P) transmission protocols, audio and video applications, and various encrypted communication tools. [0003] In the traditional client-server communication model, a typical communication process is that the client initiates a request to the server, and the server receives the request and responds. Most session requests are initiated by the client. ...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
IPC IPC(8): H04L29/06H04L29/08H04L12/26
CPCH04L43/18H04L69/22H04L69/329
Inventor 代宏伟李宏伟付君辉
Owner CNIS TECH CO LTD
Features
  • R&D
  • Intellectual Property
  • Life Sciences
  • Materials
  • Tech Scout
Why Patsnap Eureka
  • Unparalleled Data Quality
  • Higher Quality Content
  • 60% Fewer Hallucinations
Social media
Patsnap Eureka Blog
Learn More

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2025 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com