Eureka AIR delivers breakthrough ideas for toughest innovation challenges, trusted by R&D personnel around the world.

Multiple application protocol identification method and device

A technology for protocol identification and protocol application, applied in digital transmission systems, electrical components, transmission systems, etc.

Inactive Publication Date: 2014-09-10
BEIJING TOPSEC TECH +2
View PDF4 Cites 52 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0003] Due to the complexity of application traffic composition and the diversity of application protocol features and traffic behavior characteristics in the next-generation high-speed network, especially the concealment of traffic transparent transmission, masquerade, fragmentation and encryption, the design of application protocol identification engines is facing severe challenges. challenge
On the one hand, the traditional port-based application protocol identification method can no longer meet the needs of accurate classification of application traffic. It is necessary to introduce a deep packet inspection method based on feature keywords and a deep flow inspection method based on application traffic behavior characteristics. At the same time, it should support Port features, IP features, single-keyword features, multiple-keyword features, regular expression features, channel association features, packet length features, packet direction features, and packet location features; on the other hand, in order to achieve a high recognition rate of application traffic , it is necessary to comprehensively use the above-mentioned multiple application protocol identification methods and support multiple detection and identification models such as single-packet matching, multi-packet matching, strong / weak association matching, channel extraction matching, and algorithm decryption matching.

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Multiple application protocol identification method and device
  • Multiple application protocol identification method and device
  • Multiple application protocol identification method and device

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0073] The present invention will be further described in detail below in conjunction with the accompanying drawings and embodiments. It should be understood that the specific methods, functions, structures and devices disclosed in the present invention can be implemented independently or combined in various ways. invention, and is not intended to limit the scope of the invention.

[0074] figure 1 The data packet characteristics provided by the embodiment of the present invention are given 101 and channel associated actions 136 and a schematic diagram of the method it describes.

[0075] Such as figure 1 As shown, the packet characteristics 101 Signed by Keyword Basic Features 102 and the basic characteristics of packet length signature 128, and the id attribute specifies its number as 1, the logrel attribute specifies logical AND, the flowdir attribute specifies the bidirectional flow direction, the pktpos attribute specifies the unfixed packet position -1, an...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention discloses a multiple application protocol identification method and an application protocol identification engine. According to the multiple application protocol identification method, characteristic conditions, decryption suite conditions, application protocol characteristics, application protocol hit action, various detection identification modules and corresponding rule description methods are provided on the basis of XM language; the application protocol identification engine comprises identification modules, such as a strong correlation identification module, a single packet identification module, a multi-packet identification module, an algorithm decryption and identification module and a channel extraction and identification module; a configuration module; and an application protocol characteristic matching unit, a full-flow table storage unit, a half-flow association table storage unit, and a rule base storage unit. By the use of the multiple application protocol identification method and the application protocol identification engine, flexible rule description configuration mechanisms and online, accurate and comprehensive identification of application protocols and encrypted traffic are achieved.

Description

technical field [0001] The invention belongs to the technical field of network application traffic identification and classification, and in particular relates to a multiple application protocol identification method and device. Background technique [0002] The identification and classification of network application traffic is the basis for content filtering, traffic analysis, bandwidth management, secure communication, and Internet supervision and operation and maintenance. In the field of network security, network application traffic to be identified and classified can be divided into common application traffic, intrusion / attack / penetration traffic, virus / Trojan horse / worm / botnet abnormal traffic, anonymous communication traffic, etc. It is divided into plaintext traffic, encrypted traffic, Web traffic, and P2P traffic. [0003] Due to the complexity of application traffic composition and the diversity of application protocol features and traffic behavior characteristic...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
IPC IPC(8): H04L12/26H04L12/24H04L29/08
Inventor 高长喜
Owner BEIJING TOPSEC TECH
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Eureka Blog
Learn More
PatSnap group products