Unlock instant, AI-driven research and patent intelligence for your innovation.

Low-delay TCP cross-message firewall detection method

A technology of text firewall and detection method, which is applied in the direction of electrical components, transmission systems, etc., can solve the problems of large delay, small delay, and inability to detect cross-message attacks, etc., and achieve the effect of reducing delay

Active Publication Date: 2020-02-28
CHENGDU DBAPP SECURITY
View PDF4 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

The advantage is that the delay is small, and the disadvantage is that it cannot detect cross-message attacks
[0008] b. Cache detection, which detects several IP packets each time (the detection start position and length are determined according to the application layer protocol), that is, several packets are cached and combined for detection, and if no attack is found, they are sent at once, that is, all packets The text is sent after the detection is completed. Its advantage is that it can detect cross-message attacks. The disadvantage is that the delay is relatively large.

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Low-delay TCP cross-message firewall detection method

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0028] The present invention is realized through the following technical solutions, as figure 1 As shown, a low-latency TCP cross-message firewall detection method, when there are N packets detected, first backup the packets 2-N in the buffer, and then send them to the data receiving end; at the same time, in the buffer Assemble and detect message 1-packet N; if an attack is detected, block processing; if no attack is detected, send message 1 to the data receiving end, clear the buffer, and repeat the above operations until the detection is completed.

[0029] It should be noted that, through the above improvements, the present invention utilizes the principle that the receiving end of TCP data needs to recombine data to process, bypasses the first message and forwards the following messages first, so that only the first IP message is delayed , while the subsequent packet delay is small. At the same time, if the data receiving end does not receive the message 1, it cannot be ...

Embodiment 2

[0031] This embodiment is further optimized on the basis of the above embodiments, such as figure 1 Shown, step by step, in order to realize the present invention better, specifically comprise the following steps:

[0032] Step S1: The buffer receives message 1-message N, and determines whether the received message is message 1 or message 2-N;

[0033] If it is message 1, store it directly;

[0034] If it is a message 2-N, store and send the message 2-N to the data receiving end;

[0035] Step S2: Assemble and detect the message 1 and message 2-N in the buffer according to the TCP sequence number;

[0036] If an attack is found, block it;

[0037] If no attack is found, send the buffer message 1 to the data receiving end, and clear the buffer messages 1-N.

[0038] It should be noted that through the above improvements, even if the attack data has been sent to the data receiving end, since the data receiving end has not received the message 1, the data receiving end cannot...

Embodiment 3

[0042] This embodiment is further optimized on the basis of the above embodiments, such as figure 1 As shown, further, in order to better realize the present invention, the blocking processing in the step S2 specifically refers to: discarding the message 1, or sending the RST message to the receiving end.

[0043] Further, in order to better realize the present invention, the data receiving end is a data receiving end based on the TCP protocol stack.

[0044] Other parts of this embodiment are the same as those of the foregoing embodiments, so details are not repeated here.

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention belongs to the technical field of firewall detection, and discloses a low-delay TCP cross-message firewall detection method which is characterized by comprising the following steps of when N messages are detected, firstly backing up messages 2-N in a buffer area, and then sending the messages 2-N to a data receiving end; assembling and detecting the message 1 to the message N in thebuffer area; if the attack is detected, performing blocking processing; if the attack is not detected, sending the message 1 to the data receiving end, and emptying the buffer area to finish the detection. The beneficial effects of the invention are that the method can achieve the effective cross-message detection, and the delay in the detection process is effectively reduced.

Description

technical field [0001] The invention relates to the technical field of firewall detection, in particular to a low-delay TCP cross-message firewall detection method. Background technique [0002] A cross-packet attack means that the data of the attack spans two or more IP packets. In a single-packet attack, the attack data is complete in one IP packet, so that the firewall can identify the attack by detecting one packet. In a cross-packet attack, the attack data is distributed in two or more packets, and it is impossible for the firewall to identify the attack by detecting any one of the packets. [0003] The TCP protocol is a connection-oriented, reliable, byte stream-based transport layer communication protocol. It is the most widely used protocol on the Internet, and most application layer protocols are based on the TCP protocol. [0004] The IP protocol is a connectionless and unreliable network layer protocol, which is usually located at the bottom layer of the TCP pr...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Applications(China)
IPC IPC(8): H04L29/06H04L29/08
CPCH04L63/1416H04L67/568
Inventor 刘颖范渊吴永越郑学新刘韬
Owner CHENGDU DBAPP SECURITY