Unlock instant, AI-driven research and patent intelligence for your innovation.

Network filtering method, device, equipment and system

A filtering method and filtering device technology, applied in the field of information security, can solve the problems of large resource consumption and high complexity, and achieve the effect of reducing the implementation complexity and resource consumption

Pending Publication Date: 2021-08-24
ALIBABA GRP HLDG LTD
View PDF0 Cites 2 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0005] This application provides a network filtering system to solve the problems of high complexity and large resource consumption in the prior art

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Network filtering method, device, equipment and system
  • Network filtering method, device, equipment and system

Examples

Experimental program
Comparison scheme
Effect test

no. 1 example

[0053] Please refer to figure 2 , which is a schematic flowchart of an embodiment of the network filtering method of the present application. The execution subject of the method includes a network filtering device, and the device can be deployed in a cloud product instance. In this embodiment, the method may include the following steps:

[0054] Step S201: For a data packet flowing out from a network port opened for use by a target process, determine the process information of the data packet through an operating system filter.

[0055] A process is an operation of a program in a computer on a certain data set. It is the basic unit for system resource allocation and scheduling, and the basis of the operating system structure. The target process can be a certain process, including but not limited to: the process of the cloud product instance on the cloud product server (referred to as the cloud product process), or it can be a program on other devices (such as e-commerce pla...

no. 2 example

[0072] In the foregoing embodiments, a network filtering method is provided, and correspondingly, the present application also provides a network filtering device. The device corresponds to the embodiment of the above-mentioned method. Since the device embodiment is basically similar to the method embodiment, the description is relatively simple, and for relevant parts, please refer to part of the description of the system embodiment. The device embodiments described below are illustrative only.

[0073] The present application additionally provides a network filtering device, including:

[0074] A process information determining unit, configured to determine the process information of the data packets through the operating system filter for the data packets flowing out from the network port opened for use by the target process;

[0075] The process information transmission unit is used for the operating system filter to transmit the process information to the network driver...

no. 3 example

[0078] In the foregoing embodiments, a network filtering method is provided, and correspondingly, the present application also provides an electronic device. The device corresponds to an embodiment of the method described above. Since the device embodiment is basically similar to the method embodiment, the description is relatively simple, and for relevant parts, refer to the part of the description of the system embodiment. The device embodiments described below are illustrative only.

[0079] The present application additionally provides an electronic device, including:

[0080] processor and memory;

[0081] The memory is used to store a program for implementing the network filtering method, and the device is powered on and runs the program for the method through the processor.

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention discloses a network filtering method, device, system and equipment. According to the method, the characteristics of an operating system filter and an ND IS filter are combined, hierarchical network filtering of using the operating system filter and an NDIS filter on different levels of a network protocol is achieved, and the operating system filter and the NDIS filter are made to communicate through a data packet marking mechanism. Information such as a process identifier and a process path of an inflow data packet is transmitted to the ND IS filter from the operating system filter, so that the NDIS filter can obtain the process context of the network data packet, and after the ND IS filter is associated with the process information, the illegal process can be prevented from abusing a network port, so that the effect that the network port is only allowed to be used by the legal process is achieved. The processing mode does not need to construct an IRP request, does not need to additionally allocate memory resources and maintain resource states, and does not need to consider to release resources at a proper opportunity, so that the implementation complexity and resource consumption can be effectively reduced.

Description

technical field [0001] The present application relates to the technical field of information security, in particular to a network filtering method, device and system, and electronic equipment. Background technique [0002] With the rapid development and popularization of computer and network technology, more and more users store data information in the computer, including some important data related to survival and development. Protecting computer systems from external intrusion and important data from internal leakage is an important part of the construction of an information security system. [0003] In practical applications, usually only a small number of network ports are opened for necessary data transmission, but hackers and malicious software often obtain open ports through scanning, and use these ports to conduct illegal operations. Traditional network firewalls cannot distinguish network data packets at the process level, and cannot block illegal data transmission...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Applications(China)
IPC IPC(8): G06F21/53H04L29/06
CPCG06F21/53H04L63/0227
Inventor 彭成李波郑晓龙欣
Owner ALIBABA GRP HLDG LTD
Features
  • R&D
  • Intellectual Property
  • Life Sciences
  • Materials
  • Tech Scout
Why Patsnap Eureka
  • Unparalleled Data Quality
  • Higher Quality Content
  • 60% Fewer Hallucinations
Social media
Patsnap Eureka Blog
Learn More

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2025 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com