Distributed network traffic retrieval method and device

A distributed network and network traffic technology, applied in the field of distributed network traffic retrieval methods and devices, can solve the problems of high I/O access, query time loss, lack of IPV6 query mask retrieval, range retrieval Payload retrieval, etc. Reduce I/O requirements, improve performance, and improve storage effectiveness

Active Publication Date: 2021-11-19
北京金睛云华科技有限公司 +1
View PDF12 Cites 3 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

However, there are the following problems. This application is not suitable for large traffic or multi-branch scenarios. These scenarios require multiple nodes to form a cluster, and the index algorithm proposed in this application is a single-host algorithm.
In addition, the index of this application is stored on the SSD array, which is mainly cold data, imported into memory on demand, and lacks the design of cold and hot separation, resulting in high I / O access to the index when the user's search changes, and a certain degree of query time. loss
Finally, the application also has certain limitations in terms of retrieval, such as the lack of capabilities such as IP V6 query, mask retrieval, range retrieval, and Payload retrieval.
[0006] Due to the shortcomings of the above methods in real-time storage and retrieval of network traffic, these methods cannot be really applied to high-bandwidth links and multi-branch user environments.

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Distributed network traffic retrieval method and device
  • Distributed network traffic retrieval method and device
  • Distributed network traffic retrieval method and device

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0085] In order to achieve the purpose in the background technology, the present invention provides a distributed network traffic data retrieval method, the flow chart of which is as follows figure 1 shown, including the following steps:

[0086] Step 1), data collection, obtain real-time network traffic packets from the switch mirror port or splitter and send them to the network adapter of the host, and the traffic processing engine captures the network traffic packets in real time from the network adapter;

[0087] Step 2), session reassembly & metadata extraction, the traffic processing engine performs session reassembly on the received data packets according to the session definition, and extracts relevant session metadata information including quintuples, and uses the session ID generation algorithm IDSession to generate session_id;

[0088] Step 3) Put the session into the disk, write the session into the pre-allocated SPCAP disk file of the specified size, and at the s...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention belongs to the technical field of real-time capture, storage and retrieval of network traffic, and particularly relates to a distributed network traffic retrieval method and device. The method comprises: acquiring data; recombining a session and extracting metadata; writing the session into a disk; and performing a distributed retrieval algorithm DSearch and data storage. The invention provides a distributed index establishment algorithm DIndex and a distributed retrieval algorithm DSearch, which can support distributed real-time high-speed network full-traffic storage, indexing and retrieval services, and satisfy the use requirements of users for high bandwidth and multiple branches.

Description

technical field [0001] The invention belongs to the technical field of real-time capture, storage and retrieval of network traffic, and in particular relates to a distributed network traffic retrieval method and device. Background technique [0002] In recent years, with the rapid development of the Internet, network bandwidth has increased dramatically, and the development of the Internet has brought more challenges to network security. Similar to surveillance cameras and surveillance video storage, query, and forensics equipment, real-time monitoring, storage analysis, and source traceability of network traffic have become a key method to ensure network security. In this way, network administrators can retrospectively analyze the abnormal network behavior and application communication data that have occurred, which is widely used in financial transactions, network forensics, network security and other fields. [0003] For the field of real-time network traffic storage and...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): G06F16/22G06F16/245G06F16/2455G06F16/2458G06F16/27G06F16/903G06F16/13G06F16/174G06F21/62G06F21/60H04L29/08
CPCG06F16/2237G06F16/2282G06F16/2477G06F16/24553G06F16/24569G06F16/27G06F16/90344G06F16/134G06F16/1744G06F21/6218G06F21/602H04L67/1097H04L67/02G06F2221/2107
Inventor 曲武
Owner 北京金睛云华科技有限公司
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap