High-speed network message monitoring and analyzing method and system supporting custom rules

A high-speed network, self-defined technology, applied in the field of network information security, can solve problems such as incomplete flow, and achieve the effect of improving processing performance, improving event monitoring capabilities, and improving flexibility and applicability

Pending Publication Date: 2021-03-09
BEIJING RUICHI XINAN TECH
View PDF0 Cites 14 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

Although this method can filter out some messages and reduce the processing pressure of the system, there is a possibility that

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • High-speed network message monitoring and analyzing method and system supporting custom rules
  • High-speed network message monitoring and analyzing method and system supporting custom rules

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0031] The present invention will be further described in detail with reference to the accompanying drawings and embodiments.

[0032] The high-speed network packet monitoring and analysis method and system supporting self-defined rules provided by the present invention can achieve the following objectives:

[0033] (1) It can cover the protocol field analysis and matching business of the traditional message monitoring system, and meet the basic functions of the existing message monitoring system.

[0034] (2) It can support the analysis and matching of custom rules such as complex filter expressions. The custom rules are composed of basic protocol types, basic data types, various operators, custom functions, and strings. The corresponding grammar is written and distributed.

[0035] (3) It can support packet mode and flow mode matching. The packet mode is parsed and matched based on a single message, and the stream mode needs to parse and match the message according to the f...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention provides a high-speed network message monitoring and analyzing method and system supporting custom rules, and belongs to the technical field of network information security. The system comprises a system initialization module, a message capture module, a rule analysis module, a message analysis module, a message matching module and a result split charging and formatting output module. The method comprises the following steps: analyzing user-defined rules, optimizing matching conditions, and compiling the matching conditions into a tree-shaped matching search library; analyzing the captured message layer by layer, extracting a protocol field, and carrying out packet mode matching in a matching search library; caching and recombining the TCP message, extracting stream data, andperforming stream mode matching in a matching search library; and outputting the hit message after formatting and packaging the hit message according to the response action. According to the invention, network message monitoring of a self-defined rule is realized, flow mode analysis and matching based on data flow caching and flow recombination are provided, and security event monitoring requirements in different scenes can be met.

Description

technical field [0001] The invention relates to the field of network information security, in particular to a method and system that support self-defined rules and can process message monitoring and analysis at high speed. Background technique [0002] With the continuous expansion of the scale of modern networks, the explosive growth of business traffic in the network, and the increasingly diverse and complex means of network attacks, the traditional packet monitoring and analysis system is facing great challenges. In order to improve the monitoring capability of the message system, it is not only necessary to accurately monitor the traditional specification protocol fields, but also need the system to be able to conduct more in-depth and accurate monitoring of the message by parsing custom rules such as complex filter expressions. [0003] Ordinary message monitoring systems often perform business processing in the following ways: [0004] (1) According to the fields in t...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
IPC IPC(8): H04L12/26H04L29/06G06F16/33G06F9/50
CPCG06F9/5027G06F16/3331H04L43/026H04L69/22
Inventor 杜飞李国静张兴睿尹天阳
Owner BEIJING RUICHI XINAN TECH
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap