Unlock instant, AI-driven research and patent intelligence for your innovation.

Harmful code detection method and device based on http compressed data stream

A technology of code detection and data flow, applied in the field of communication, can solve the problems of large time and storage resources, consumption, etc.

Active Publication Date: 2020-01-14
BEIHANG UNIV
View PDF4 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0004] The present invention provides a harmful code detection method and device based on HTTP compressed data streams, which are used to solve the problem of consuming a lot of time and storage resources in the existing detection process

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Harmful code detection method and device based on http compressed data stream
  • Harmful code detection method and device based on http compressed data stream
  • Harmful code detection method and device based on http compressed data stream

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0059] In order to make the purpose, technical solutions and advantages of the embodiments of the present invention clearer, the technical solutions in the embodiments of the present invention will be clearly and completely described below in conjunction with the drawings in the embodiments of the present invention. Obviously, the described embodiments It is a part of embodiments of the present invention, but not all embodiments. Based on the embodiments of the present invention, all other embodiments obtained by persons of ordinary skill in the art without making creative efforts belong to the protection scope of the present invention.

[0060] figure 1 The flowchart of an embodiment of the harmful code detection method based on HTTP compressed data stream provided by the present invention, as figure 1 As shown, it specifically includes the following steps:

[0061] 101. Obtain the gzip compressed data stream to be received by the client sent by the Internet server. The gzi...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention provides a method and a device for detecting a malicious code of a compressed data stream based on an HTTP. The method comprises the following steps of obtaining a to-be-received gzip compressed data stream of a client, which is sent by an Internet server, and carrying out Huffman decoding on the gzip compressed data stream to obtain a first compressed data stream which is compressed through LZ77; triggering a multimode matching window to slide in order to push an LZ77 decompression sliding window to slide on the first compressed data stream; and only carrying out boundary matching on a long pointer in the first compressed data stream and judging whether a provisional stack has an index position in a reference character string pointed by the pointer, if yes, determining the index position in a target position where the pointer is located and storing the index position into the provisional stack, wherein a distance between the LZ77 decompression sliding window and the multimode matching window is smaller than a preset distance threshold, so that the LZ77 decompression and the jumpy multimode matching detection can be carried out simultaneously, and thus the time for invasion of the compressed data stream or detection of the malicious code is reduced, and the speed for a client user to carry out online experience is increased.

Description

technical field [0001] The invention relates to the field of communication technology, in particular to a method and device for detecting harmful codes based on HTTP compressed data streams. Background technique [0002] At present, in order to improve the security of network transmission, the gzip compressed data stream based on Hyper Text Transfer Protocol (Hyper Text Transfer Protocol, HTTP) sent by the Internet server (obtained by LZ77 compression and Huffman encoding of the data stream respectively) is located at The firewall and gateway server between the Internet server and the client need to perform intrusion detection and harmful code detection on each TCP compressed segment of the compressed data stream, and send each TCP compressed segment of the compressed data stream to the client after passing the detection . [0003] In the prior art, when firewalls and gateway servers detect compressed data streams, they first need to perform Huffman decoding and LZ77 decomp...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Patents(China)
IPC IPC(8): H04L29/06
CPCH04L63/0245H04L63/14H04L67/02H04L69/04H04L69/161
Inventor 李建欣彭浩武南南兰天
Owner BEIHANG UNIV