Unlock instant, AI-driven research and patent intelligence for your innovation.

Rule matching method and device of message

A matching method and matching device technology, applied in the field of network packets, can solve problems such as no solution proposed, affecting the performance of system processing traffic, etc., and achieve the effect of improving performance

Inactive Publication Date: 2016-06-15
DAWNING INFORMATION IND BEIJING
View PDF4 Cites 6 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0003] It can be seen that in the prior art, quintuple matching and range matching are performed separately, and range matching is generally implemented by software, which greatly affects the performance of the system for processing traffic.
[0004] Aiming at the above problems in related technologies, no effective solution has been proposed yet

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Rule matching method and device of message
  • Rule matching method and device of message
  • Rule matching method and device of message

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0027] The following will clearly and completely describe the technical solutions in the embodiments of the present invention with reference to the accompanying drawings in the embodiments of the present invention. Obviously, the described embodiments are only some, not all, embodiments of the present invention. All other embodiments obtained by persons of ordinary skill in the art based on the embodiments of the present invention belong to the protection scope of the present invention.

[0028] According to an embodiment of the present invention, a method for matching rules of messages is provided.

[0029] Such as figure 1 As shown, the rule matching method according to the embodiment of the present invention includes:

[0030] Step S101, analyzing the received message to obtain the quintuple, L2 layer length, L3 layer length, L4 layer length, L5 layer length, ACK value and SEQ value of the message;

[0031] Step S103, perform exact matching and range matching on the messa...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention discloses a rule matching method and device of a message. The method comprises following steps of analyzing a received message, thus obtaining the quintuple, L2 layer length, L3 layer length, L4 layer length, L5 layer length, ACK value and SEQ value of the message; and carrying out precision matching and range matching to the message according to a preset rule. According to the method and the device provided by the invention, the system performance is greatly improved through adding the range matching field in quintuple rule matching.

Description

technical field [0001] The invention relates to the field of network messages, in particular to a method and device for rule matching of messages. Background technique [0002] In the field of network security, it is necessary to detect whether the packets are abnormal traffic or to perform subsequent abnormal detection on packets of certain IP segments. In anomaly detection, the length of each layer of the message, the TCP acknowledgment character (ACK) number, and the SEQ (a preset external command in Linux) number are important signs for judging whether the message is abnormal. Existing technology is generally to carry out quintuple (comprising source IP, destination IP, source port, destination port, transport layer agreement) match to message first, then carry out anomaly detection to the message that hits, and concrete anomaly detection method is Use the software to analyze the length of the message, TCPACK, and SEQ values ​​for range matching, and detect whether ther...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Applications(China)
IPC IPC(8): H04L12/743H04L12/26H04L12/851H04L12/863
CPCH04L43/18H04L47/2483H04L47/627H04L63/1425H04L45/74591
Inventor 王继五李峰伟窦晓光耿雄飞
Owner DAWNING INFORMATION IND BEIJING