SSH protocol-based session analysis method and system

An analysis method and protocol technology, which is applied in the field of computer networks, can solve problems such as poor scalability and concurrency performance to be improved, and achieve the effects of saving cache space, saving memory space, and simplifying the processing flow

Active Publication Date: 2016-06-22
INST OF ACOUSTICS CHINESE ACAD OF SCI +1
View PDF4 Cites 14 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

At present, there are few analyzes based on the SSH protocol. The existing protocol analysis technologies are often only applicable to some preset fixed scenarios, and the scalability is poor.
In addition, the current method is still based on pure soft analysis, and the concurrency performance needs to be improved

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • SSH protocol-based session analysis method and system
  • SSH protocol-based session analysis method and system
  • SSH protocol-based session analysis method and system

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0047] In order to realize the above method, the present invention provides an analysis system, such as Figure 1-a and 1-b as shown, Figure 1-a It is a schematic diagram of the logical structure of the three modules, Figure 1-b It is a schematic diagram of the application scene of the analysis system; the three modules involved in the present invention include: a packet processing module, an analysis module and a log sending module.

[0048]The packet processing module is used to process the received data packet. The relationship between the received data packet and the message is a many-to-many mapping, that is, it is possible that a data packet contains one or more messages, or a message may exist in Among multiple data packets, if such data packets are directly parsed, it is easy to omit the content of the message, resulting in incomplete parsing. Therefore, the data packet needs to be processed before parsing. For a data packet containing multiple messages, the message...

Embodiment 2

[0074] In order to meet the needs of some enterprises or institutions for business auditing, the present invention proposes a session parsing method based on the SSH protocol.

[0075] A kind of session parsing method based on SSH protocol provided by the present invention comprises the following steps, and what described method handles is the plain text SSH packet:

[0076] After each SSH packet arrives, it is submitted to the packet processing module. The data packet before processing may contain an incomplete message, may also contain a complete message, and may contain multiple messages. The packet processing module generates a complete message by splitting and splicing the data packet for the protocol Parse module parsing.

[0077] Among them, the process of packet splitting is actually the process of extracting messages from the packet, and using the message header address and message length to represent a message; while the process of packet splicing is realized by cac...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention provides an SSH protocol-based session analysis method and system. The method includes the following steps that: step 101) data packets of an SSH protocol-based session are received, and the received data packets are processed as follows: when one data packet contains a plurality of complete messages, each complete message is extracted from the data packet sequentially, when messages contained in one data packet are incomplete messages, at first, the incomplete messages contained by the current data packet are cached, and then, subsequent data packets are received, and finally, the content of messages contained by the subsequent data packets and the cached messages are spliced until a complete message is obtained; and step 102) content related to generated logs is extracted from the obtained complete messages, and the content related to the generated logs is packaged according to a set format, and therefore, analyzed logs can be obtained, and session analysis can be completed. With the SSH protocol-based session analysis method and system of the invention adopted, the audit of SSH protocol-based sessions can be realized, and security guarantee can be provided for institutions such as banks.

Description

technical field [0001] The invention belongs to the technical field of computer networks, and in particular relates to a session analysis method and system based on the SSH protocol. Background technique [0002] Protocol is a way of communication in and between various computer applications, and protocol analysis has become an indispensable technology in network applications. The communication parties encapsulate the communication content in the protocol for transmission, and some protocols also encrypt the transmitted data, such as the SSH protocol, which is a protocol for secure remote login and other secure network services on an insecure network, through the SSH channel All transmitted data is encrypted. [0003] In the business systems of some enterprises or institutions, it is necessary to monitor and record the login and operation behavior of the client for business auditing. The monitoring of user behavior is generally achieved by adding a middleman between the se...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): H04L29/06
CPCH04L63/168
Inventor 宋磊吴京洪郑艳伟叶晓舟曹作伟
Owner INST OF ACOUSTICS CHINESE ACAD OF SCI
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap