Automatic protocol recognition method and system

A protocol identification and protocol technology, applied in the network field, can solve the problems of false negatives, false positives of IDS/IPS products, and inability to correctly identify the protocol type to which the packets belong, and achieve the effect of high accuracy and fast protocol identification.

Inactive Publication Date: 2006-10-11
BEIJING VENUS INFORMATION TECH +1
View PDF0 Cites 37 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

In this case, the IDS/IPS product cannot correctly identify the protocol type of the packet according to the port mapping table, but needs to intelligently identify the prot

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Automatic protocol recognition method and system
  • Automatic protocol recognition method and system
  • Automatic protocol recognition method and system

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0039] Embodiment 1; The protocol identification process method of the present invention comprises two working phases: early stage agreement sample feature extraction phase and online agreement identification phase, each phase step is as follows (see figure 1 ):

[0040] A. Protocol sample feature extraction stage;

[0041] According to the protocol fingerprint extraction method, the protocol fingerprint of this type of protocol is extracted from the protocol type sample (each type of protocol generally has multiple protocol fingerprints), and the corresponding verification rule set of this type of protocol is established.

[0042] The extracted protocol fingerprints and corresponding protocol verification rule sets are respectively stored in the protocol fingerprint library and the protocol verification rule library, which are used by the fingerprint matching engine and the protocol verification engine in the protocol identification stage.

[0043] B. On-line protocol identi...

Embodiment 2

[0064] Embodiment 2; The method for automatic protocol identification co-contains the following steps;

[0065] Protocol fingerprint extraction;

[0066] All protocols are divided into three categories: 1) text command format protocol; 2) fixed header format protocol; 3) no fixed format protocol. The fingerprint extraction methods of these three types of protocols are described below.

[0067] Text command format protocol;

[0068] In the text command format protocol, all messages may be described in the form of {command + parameter}. The commands here include not only the usual protocol commands, but also the status code of the server response. There are many examples of text command format protocols, including POP3, SMTP, FTP, HTTP, etc. For such protocols, it is only necessary to extract protocol commands and protocol response status codes as protocol fingerprints. For example, for the HTTP protocol, the extracted HTTP protocol fingerprint set is {GET, POST, HEAD, HTTP / ...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses an automatic protocol identification method and system used in inbreak defense detect (IDS/IPS) product. Wherein, it can automatically identify the protocol type according to the initial report character in the initial period of network protocol communication, and use protocol check rule to check the protocol identified result. Said method comprises two steps as initial protocol sample character extraction and on-line protocol identification, while the first step comprises: the protocol fingerprint extraction of protocol type sample and building relative protocol check rule; the second step comprises: protocol fingerprint quick matching and protocol identification result quick check. The inventive protocol identification system comprises protocol sample character base, protocol fingerprint match engine and protocol check engine, while the protocol fingerprint match engine is based on quick Haxi list method, and the protocol check engine is based on high-efficiency virtual mode.

Description

technical field [0001] The invention relates to an automatic protocol identification method and system that can be used in intrusion detection and defense (IDS / IPS) products, which can intelligently identify the type of protocol it belongs to according to the characteristics of the message in the network data flow, and belongs to the field of network technology. Background technique [0002] As an important means of network security protection, intrusion detection / protection system (Intrusion Detection / Protection System, IDS / IPS) is usually deployed at the entrance of key network interior / network boundary, and captures the packet data flow in or in and out of the network in real time and conducts Intelligent comprehensive analysis, discover possible intrusion behavior and block it in real time. Application layer protocol deep analysis technology is widely used in current mainstream IDS / IPS products, and can be used to implement intrusion detection based on protocol attack ch...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
IPC IPC(8): G06F7/08G06F11/30H04L9/32
Inventor 叶润国王洋何云程李铮铮李博华东骆拥政焦玉峰
Owner BEIJING VENUS INFORMATION TECH
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap