Processing method of parent-child connection in full-flow storage backtracking analysis system

A technology of analysis system and processing method, which is applied in the processing field of parent-child connection in full-traffic storage backtracking analysis system, can solve problems such as load imbalance, cache miss, and affect performance, and achieve the effect of no false negatives and accurate traffic identification.

Active Publication Date: 2021-12-28
北京金睛云华科技有限公司 +1
View PDF8 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

However, this design scheme will increase process switching and message flow between threads, and will also cause cache misses, thus affecting performance
[0006] Due to the disadvantages of separating the capture thread from the analysis thread, another practice in the industry is to capture the thread for analysis and processing at the same time, that is, the two are combined into one, but it is necessary to ensure that the parent-child connection is received by the same capture thread, which requires hardware capture. Packet-driven configuration, so that the same (sip, dip) or the same sip or the same dip packets are received by the same capture thread, but this can easily cause load imbalance, thus affecting the robustness of the system

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Processing method of parent-child connection in full-flow storage backtracking analysis system
  • Processing method of parent-child connection in full-flow storage backtracking analysis system
  • Processing method of parent-child connection in full-flow storage backtracking analysis system

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0046]In order to make the object, technical solution and advantages of the present invention clearer, the present invention will be further described in detail below in conjunction with the accompanying drawings and embodiments. It should be understood that the specific embodiments described here are only used to explain the present invention, not to limit the present invention.

[0047] In order to solve the timing problem that is easy to occur in the parent-child connection in the full-flow storage backtracking analysis system, and optimize the design of the parent-child connection, the present invention provides a processing method for the parent-child connection in the full-flow storage backtracking analysis system, including the following steps:

[0048] refer to figure 1 :

[0049] 1) Determine the port range of each worker thread, and establish the mapping relationship between each worker thread and port;

[0050] For example, assuming that only 10 worker threads are...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The present invention relates to the technical field of data analysis and processing, and specifically provides a method for processing parent-child connections in a full-flow storage backtracking analysis system, including the following steps: determining the port range of each worker thread, and establishing a mapping relationship between each worker thread and the port ;Based on the above-mentioned mapping relationship, configure two directions of traffic, one direction selects the source port configuration, and the other direction selects the destination port configuration; builds a local data connection hash mapping table for each worker thread; Connections and storage threads are processed. The present invention ensures the accuracy of the application identification of the parent-child connection message, and at the same time avoids the robustness problem caused by the load balancing caused by the allocation of the same ip address to the same thread, and can also improve the overall high concurrent performance.

Description

technical field [0001] The invention relates to the technical field of data analysis and processing, and specifically provides a method for processing parent-child connections in a full flow storage backtracking analysis system. Background technique [0002] For security vendors, although firewalls and full-traffic storage backtracking analysis systems both analyze and process traffic, their processing logic for data connection packets is different. This is because systems such as firewalls can guarantee the packet timing of control connections and data connections, while the full-flow storage backtracking analysis system is a mirror image processing of the packets. The thread cannot guarantee that the control connection and the data connection are received by the same worker thread, and there is no guarantee that the control connection will be processed before the data connection. For the traffic analysis system, the data connection needs to rely on the control connection ...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Patents(China)
IPC IPC(8): H04L12/803H04L12/851H04L12/743H04L29/08
CPCH04L47/125H04L47/2483H04L45/7453H04L67/06
Inventor 曲武
Owner 北京金睛云华科技有限公司
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap