Unlock instant, AI-driven research and patent intelligence for your innovation.
A fast retrospective analysis method for network data packets
What is Al technical title?
Al technical title is built by PatSnap Al team. It summarizes the technical point description of the patent document.
A technology of network data packets and analysis methods, which is applied in the field of rapid retrospective analysis of network data packets to achieve the effect of improving efficiency and efficient and rapid analysis.
Active Publication Date: 2020-04-14
INST OF ACOUSTICS CHINESE ACAD OF SCI +1
View PDF5 Cites 0 Cited by
Summary
Abstract
Description
Claims
Application Information
AI Technical Summary
This helps you quickly interpret patents by identifying the three key elements:
Problems solved by technology
Method used
Benefits of technology
Problems solved by technology
[0003] The current storage format and method of network data packets cannot realize fast and efficient retrospective analysis of a large number of data packets
Method used
the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more
Image
Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
Click on the blue label to locate the original text in one second.
Reading with bidirectional positioning of images and text.
Smart Image
Examples
Experimental program
Comparison scheme
Effect test
Embodiment 1
[0047] like figure 1 As shown, the network data packet storage method provided by Embodiment 1 of the present invention, the network data packet stored by using this method can realize fast backtracking analysis of network traffic, and the method includes:
[0048] Step 1) Create a title block SHB (Section Header Block), and add file description extension options;
[0049] In the protocol SHB extension option, the information to be recorded includes, but is not limited to: magic number, file generation time, software version, and collector identification.
[0050] The magic number is used to add an identification to the retained network packet file, and the identification is used to verify the file in retrospective analysis;
[0051] The file generation time is used to record the generation time of the retained network packet file;
[0052] The software version is used to identify the software version that generates the file;
[0053] The collector identifier is used to ide...
Embodiment 2
[0072] like Figure 4 As shown, Embodiment 2 of the present invention provides a fast retrospective analysis method for network data packets, which is used to retrieve historical abnormal traffic. The method first executes the data storage method provided by Embodiment 1 to save network data packets in the system , and then perform the following steps:
[0073] Step S1) According to the selected backtracking analysis time window, locate the corresponding pcapng file according to the timestamp information in the file name;
[0074] Step S2) Utilize the time stamp and the offset information recorded in the TIB in the pcapng (PCAP Next Generation Dump File Format) file to jump to the search start position;
[0075] Step S3) According to the given filter rules (according to protocol, quadruple, retention reason, etc.), compare the option fields (protocol, TAG, session ID, etc.) Extract qualified data streams from abnormal traffic.
the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More
PUM
Login to View More
Abstract
The invention discloses a fast backtracking analysis method of network data packets. The method comprises the following steps: 1) creating a title block SHB containing file description extension options, an interface description block IDB and several enhanced data packet blocks EPB, filling each EPB with network original data packets, and adding data packet information and session information extension options for each data packet; creating a custom timestamp index block TIB that adds packet index options within the file; according to SHB-IDB-EPB-EPB- ... - EPB-EPB-TIB format, generatingpcapngfile from network data packets; 2) selecting pcapng file through a backtracking time window, then quickly positioning the pcapng file on the EPB through the TIB, and then extracting the metadata information of the data packet by using the session information expansion option of the EPB. The method of the invention can improve the backtracking analysis efficiency in the network traffic backtracking analysis system.
Description
technical field [0001] The invention relates to the technical field of network security, in particular to a fast backtracking analysis method for network data packets. Background technique [0002] The continuous, efficient and safe operation of the network is the basis for the normal operation of user services. This requires network managers to be able to grasp the key indicators of business application operation at any time, detect abnormalities and give early warnings in a timely manner, and realize active operation and maintenance and active management; Reduce downtime; once the network is attacked or a security incident occurs, means and evidence are required to achieve effective positioning, analysis, and evidence collection. The network backtracking analysis system has long-term and large-capacity data storage capabilities, and can store various statistical data such as captured original data packets, data streams, network sessions, and application logs in real time ...
Claims
the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More
Application Information
Patent Timeline
Application Date:The date an application was filed.
Publication Date:The date a patent or application was officially published.
First Publication Date:The earliest publication date of a patent with the same application number.
Issue Date:Publication date of the patent grant document.
PCT Entry Date:The Entry date of PCT National Phase.
Estimated Expiry Date:The statutory expiry date of a patent right according to the Patent Law, and it is the longest term of protection that the patent right can achieve without the termination of the patent right due to other reasons(Term extension factor has been taken into account ).
Invalid Date:Actual expiry date is based on effective date or publication date of legal transaction data of invalid patent.
Login to View More 
Login to View More