Intelligent protocol parsing method and device

A technology of protocol analysis and intelligent analysis, applied in digital transmission systems, electrical components, transmission systems, etc., can solve problems such as protocol in-depth analysis errors, difficulty in accurate protocol analysis, and inability to match, so as to improve accuracy and strong versatility of the method , the effect of high accuracy

Inactive Publication Date: 2007-09-12
BEIJING VENUS INFORMATION TECH
View PDF0 Cites 52 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

In this case, IDS / IPS products cannot correctly identify the protocol type of the message or the specific software usage according to the port mapping table or specific field pattern matching, which brings great trouble to some specific requirements. This requires intelligent identification of the protocol type of the message according to the operating behavior characteristics of the network protocol, otherwise the in-depth analysis of the protocol will cause many errors
In addition, for the protocols used by some proprietary software, different encapsulation formats and commands (field length adjustment or offset change) will appear in different driver versions, which brings additional difficulties to the accurate analysis of the protocol , different parsing implementations must be implemented for different versions

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Intelligent protocol parsing method and device
  • Intelligent protocol parsing method and device
  • Intelligent protocol parsing method and device

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0051] Embodiment 1 (BitTorrent protocol static feature):

[0052] %13BitTorrent%20Protocol can identify the BitTorrent protocol or the BitTorrent message type in the software communication process using the BitTorrent protocol, which can be used as a static identification rule for the BitTorrent protocol;

[0053] Create BITTORRENT protocol static identification rule set:

[0054] The text must contain the string "Bittorrent";

[0055] etc., as the actual packet sample is:

[0056] GET / announce? info_hash=%OD%40_%F3%0A%269%81%94%B9 / %B80%5EC%8A%8

[0057] A%9A%9C%E5&peer_id=Plus---tL3l5oWGtwZ9o&port=9096&uploaded=0&dow

[0058] nloaded=0&left=28742712&event=started HTTP / 1.0..Host: btfans.332

[0059] 2.org:8000..Accept-encoding:gzip..User-agent:BitTorrent / Plus!

[0060] II 1.02 RC1....

[0061] However, it is difficult to judge the specific software or version in some cases. For example, if an IP packet is found to carry the protocol static feature "HTTP", it is very l...

Embodiment 2

[0062] Embodiment 2 (BitTorrent protocol behavior characteristics):

[0063] First use the track HTTP protocol to interact with the tracker server:

[0064] 1) The client sends an HTTP GET request to the tracker

[0065] The feature of this step is: GET / announce.....HTTP / 1.0 sends a GET request to Tracker, including the keyword Bittorent:

[0066] 2) The tracker returns the information of the downloader of the same file to the other party. The feature of this step is: the address and port of the dictionary list Peers encoded with bencoded.

[0067] 3) The BitTorrent client sends a connection request according to the obtained peer list. The feature of this step is: the connection request for each peer includes the keyword "BitTorrent".

[0068] Protocol feature extraction; feature extraction is mainly divided into two steps, the first is static feature extraction of protocol data packets. This part mainly relies on a single data packet to make a preliminary judgment on the ...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention relates to smart agreement analytical methods and devices used for intruding detection defense (IDS / IPS) and audit products. The purpose of the invention is to provide an agreement not to rely solely on the static ports and matching agreement characteristics of intelligent field protocol analysis technology and analytical format of the agreement is automatically adjusted in different versions of the software and gives accurate results, which enhanced the accuracy of the analysis of the agreement. The invention consists of three major steps: the establishment of agreements features model; agreement recognition; intelligent analysis of that agreement. This invention solved the traditional IDS / IPS products for the non-standard ports or did not have static characteristics of field data packet network protocol identification of problems but for some applications or different versions of the agreement, such as the reasons for the analytical results can provide automated error rectification work.

Description

technical field [0001] An intelligent protocol analysis method and device of the present invention relate to a network with switching as a function, and is a communication control / processing method and device characterized by protocol, preventing data from being fetched from a data transmission channel without permission. It is an intelligent protocol analysis method and device in an intrusion detection / protection system (Intrusion Detection / Protection System, IDS / IPS) and an audit product. Background technique [0002] As an important means of network security protection, intrusion detection / prevention system (IDS / IPS) is usually deployed at the entrance of the key network / network boundary, and captures the packet data flow in the network or in and out of the network in real time and conducts intelligent comprehensive analysis to detect possible intrusion behavior and block it in real time. Application layer protocol deep analysis technology is widely used in current mains...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
IPC IPC(8): H04L29/02H04L29/06H04L12/26H04L12/24H04L12/56
Inventor 孙海波骆拥政龚晟叶润国
Owner BEIJING VENUS INFORMATION TECH
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap