Unlock instant, AI-driven research and patent intelligence for your innovation.

Method for quickly splitting HTTP request and response in traffic analysis scene

A technology of HTTP protocol and traffic, applied in the field of network security, can solve the problem of low response efficiency and achieve the effect of high analysis efficiency

Active Publication Date: 2020-10-02
SICHUAN CHANGHONG ELECTRIC CO LTD
View PDF10 Cites 1 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0010] The present invention provides a method for quickly splitting HTTP requests and responses in a traffic analysis scenario, in order to solve the existing problems in the background technology: using HTTP protocol feature preprocessing and TCP in and out direction identification methods to solve the problem of TCP sessions in the traffic analysis scenario Splitting the HTTP request and HTTP response and the low efficiency of the request and response

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Method for quickly splitting HTTP request and response in traffic analysis scene

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0051] Such as figure 1 as shown,

[0052] S1: Capture TCP traffic: realize the capture of TCP traffic through the Linux kernel AF_PACKET technology;

[0053] S2: Perform TCP packet reassembly and TCP load extraction:

[0054] S21: Extract the corresponding TCP message through IP fragment reassembly, and extract the TCP load through reassembly of the TCP message;

[0055] S22: For the Linux kernel tcp fastopen technology, check whether the tcp syn packet carries the cookie of tcp fastopen, if it is verified, and if the verification is correct, extract the TCP load;

[0056] S23: By judging the initiator of the TCP three-way handshake, assuming that the TCP three-way handshake syn packet sip=10.0.0.1, sport=8888, then the receiving end is dip=10.0.0.2, dport=80, if the syn packet is initiated by the TCP three-way handshake or S3, if the syn packet is not the initiator of the TCP three-way handshake, then S6; the syn packet is the packet with the syn tag in the tcp packet.

...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention discloses a method for quickly splitting an HTTP request and response in a traffic analysis scene, and belongs to the technical field of network security. The method comprises the following specific steps: TCP flow preprocessing: processing TCP layer data recombination and extracting HTTP content, forming a fingerprint library for an HTTP version and features, and performing fingerprint comparison after receiving TCP flow; HTTP flow preprocessing: quickly identifying the types of HTTP requests and responses under the same TCP session, associating the types with the direction of the TCP, and performing different flow processing according to different HTTP protocol versions; HTTP request and response rapid processing; preprocessing HTTP protocol request lines or response linesfor HTTP packet contents, only quickly searching the request lines or the response lines for TCP packets acquired by using a probe for HTTP long connection, and quickly splitting a plurality of HTTP requests and HTTP responses by using the characteristic that different TCP packet contents are split by different requests. According to the method, the problems that the HTTP request and the HTTP response under the TCP session are split and the response corresponding efficiency of the request and the response is low in a traffic analysis scene are solved.

Description

technical field [0001] The invention belongs to the field of network security and is applied in the traffic analysis direction, in particular, a method for quickly splitting HTTP requests and responses in the traffic analysis scene. Background technique [0002] At present, the method adopted in this technical field in the flow analysis scenario is to completely analyze the HTTP request and response content. The specific process is to put the TCP flow into the HTTP flow analyzer for analysis after obtaining the TCP flow through the flow probe. This technical solution The existing defects are low parsing efficiency and poor compatibility. The defects are caused by the following reasons: [0003] (1) Without preprocessing, all captured traffic is parsed through HTTP request and response content parsing; [0004] (2) After obtaining the HTTP request and response traffic, perform a complete analysis of the HTTP request and response, including parsing the request line, request h...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
IPC IPC(8): H04L29/06H04L29/08
CPCH04L69/22H04L69/18H04L69/163H04L67/02H04L67/60
Inventor 龚致
Owner SICHUAN CHANGHONG ELECTRIC CO LTD