Method and equipment for recognizing messages under mass flow

A message and traffic technology, applied in the field of network security, can solve the problems of inefficient monitoring methods, low access ports and access traffic, and inability to monitor malicious messages, so as to improve efficiency, improve efficiency, and reduce performance consumption. Effect

Pending Publication Date: 2021-03-26
WUHAN GREENET INFORMATION SERVICE
View PDF0 Cites 11 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0005] Aiming at the above defects or improvement needs of the prior art, the present invention solves the inability to detect malicious messages in the current network monitoring system due to the huge network traffic but less access ports and access traffic, but the existing monitoring methods are inefficient. Issues with comprehensive monitoring

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Method and equipment for recognizing messages under mass flow
  • Method and equipment for recognizing messages under mass flow
  • Method and equipment for recognizing messages under mass flow

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0052] At present, the bandwidth of Internet access is increasing, and the rapid growth of network traffic is growing, and the number of network attacks is growing, and complexity is constantly improving. Therefore, there is a need for a rapid and large number of packets under mass flow to find malicious messages that may exist. In this embodiment, the DPDK is combined with HyPerscan while satisfying large flow data acquisition and efficient feature string matching, which improves the processing efficiency of large traffic.

[0053] Such as figure 1 As shown, the specific steps of different types of packet identification blocks in a massive flow provided in the embodiments of the present invention are as follows:

[0054] Step 101: Call DPDK, allocate the regular business processing cores and special business processing cores of the CPU.

[0055] The method for packets identified in this embodiment is introduced into the network interface layer (network card driver) and the monit...

Embodiment 2

[0138] Based on the methods identified by the packets of the above-described Embodiment 1, the present invention also provides a device that can be used to achieve a massive flow rate of the above method, such as Figure 10 As shown, it is a schematic diagram of the apparatus architecture of the embodiment of the present invention. The apparatus recognized by the local volume of this embodiment includes one or more processor 21 and a memory 22. among them, Figure 10 Taking a processor 21 as an example.

[0139] The processor 21 and the memory 22 can be connected by a bus or other means. Figure 10 In connection with the bus connection.

[0140] Memory 22 is a non-volatile computer readable storage medium as a massive flow, which can be used to store non-volatile software programs, non-volatile computer executables, and modules, as massive in Example 1. Document recognition method under traffic. The processor 21 performs various functional applications and data processing of the appa...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention relates to the field of network safety, in particular to a method and equipment for recognizing messages under mass flow. The method comprises the following steps: calling dpdk, and distributing a conventional service processing core and a special service processing core of a CPU; loading a monitoring strategy rule file and a service feature file, and converting the files into a ruledatabase and a service feature database in a Hyperscan mode; calling dpdk to complete data access, distinguishing conventional services and special services by the service feature database and keys of hash values of the data quintuples, and putting each data quintuple into a data queue of a corresponding CPU kernel; decoding the data quintuples to generate a data message corresponding to each data quintuple; According to the rule database and the service database of the Hyperscan, respectively scanning and matching the data messages in the corresponding queues by using the corresponding CPU cores to obtain malicious messages, and processing the malicious messages. According to the method, the performance consumption in Hyperscan application recognition is reduced, and the high efficiencyof fusion of the dpdk technology and the Hyperscan technology is improved.

Description

[Technical field] [0001] The present invention relates to the field of network security, and more particularly to a method and apparatus for packet recognition under massive flow. 【Background technique】 [0002] With the rapid development of the Internet business, the bandwidth of Internet access is increasing, and the rapid growth of network traffic, the number of network attacks is growing, and complexity is constantly improving. In order to ensure that the Internet system can create a safe and stable use environment to the user, it must be strictly paid to the operating state of the network system service platform, identify malicious packets in data packets of massive traffic, and block the malicious packets And reporting and other processing. [0003] However, in the current network environment, the international entrance and export traffic is increasing, and the system cannot achieve full-current access. Most inter-inter-provincial entrances are constantly adjusting the netw...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): G06F8/30G06F8/41G06F16/22G06F16/2457G06F16/28H04L29/06
CPCG06F8/37G06F8/41G06F16/2255G06F16/24578G06F16/284H04L63/1441
Inventor 王赟曾伟
Owner WUHAN GREENET INFORMATION SERVICE
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap