File restoration method and device for http multi-session in DPI scene

A multi-session and scene technology, applied to electrical components, transmission systems, etc., can solve the problems of large memory consumption, inability to restore file detection and processing in real time, and low timeliness, so as to relieve memory pressure, reduce the length of linked lists, and improve restoration efficiency Effect

Active Publication Date: 2020-02-25
WUHAN GREENET INFORMATION SERVICE
View PDF7 Cites 9 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0003] For the case where multiple GET requests are included in a TCP session, although multiple http files can be restored by reorganizing the entire TCP session after obtaining the entire stream, this method is not time-efficient and cannot restore files in real time for subsequent detection and processing. And the entire TCP session data needs to be cached, and the concurrent memory consumption is large

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • File restoration method and device for http multi-session in DPI scene
  • File restoration method and device for http multi-session in DPI scene
  • File restoration method and device for http multi-session in DPI scene

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0051] Embodiment 1 of the present invention provides a file restoration method of http multi-session in a DPI scene, which is characterized in that the Response response messages corresponding to multiple Get requests are monitored, such as figure 2 As shown, the reduction method includes:

[0052] In step 201, Ack values ​​in Response response messages of multiple Get requests are acquired.

[0053] Such as image 3 As shown, an http request data or http response data can be restored under the same Ack (such as Ack1, Ack2 or Ack3 in the figure), wherein pkt1, pkt2, etc. are carried in the Response response message, And after receiving the Response response message, there may be out-of-order and / or overflow data to be reorganized; http Get request files are in the response data, Post session files are in the request data, and different http sessions are in different linked lists Processing under the node does not interfere with each other, and can process out-of-order pack...

Embodiment 2

[0075] The embodiment of the present invention demonstrates the main method process in Embodiment 1 of the present invention with an intuitive example, as shown in the figure, as Figure 5 As shown, the methods include:

[0076] In step 401, for the TCP stream reassembly of the same quintuple, the data packets with payload length greater than 0 are processed, and the Response response packets without payload do not need to be reassembled.

[0077] In step 402, the sequence number A of seq is acquired with reference to the first Response message processed (whether the message is an out-of-sequence message or not).

[0078] In step 403, an offset value offset0 is obtained by using the fixed four-byte N-A. Among them, regarding the value of N (that is, the preset set in Embodiments 1 and 2 of the present invention): if the maximum value of the difference between the out-of-order seqs of two messages is M, and the value of N is larger than M, this The difference M is generally n...

Embodiment 3

[0109] Such as Figure 8 As shown, it is a schematic structural diagram of an http multi-session file restoration device in a DPI scenario according to an embodiment of the present invention. The http multi-session file restoration device in the DPI scenario of this embodiment includes one or more processors 21 and memory 22 . in, Figure 8 A processor 21 is taken as an example.

[0110] Processor 21 and memory 22 can be connected by bus or other means, Figure 8 Take connection via bus as an example.

[0111] The memory 22, as a non-volatile computer-readable storage medium, can be used to store non-volatile software programs and non-volatile computer-executable programs, such as the http multi-session file restoration method in Embodiment 1. The processor 21 executes the http multi-session file restoration method in the DPI scenario by running the non-volatile software programs and instructions stored in the memory 22 .

[0112] The memory 22 may include a high-speed ra...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention relates to the technical field of data packet recombination, and provides a file restoration method and device for http multi-session in a DPI scene. The method comprises the following steps: acquiring Ack values in Response response messages of a plurality of Get requests; matching out one or more Response response messages of which the Ack values are the same as the summation result of the serial number field value seq0 and the load length dlen carried in the target Get request; wherein the Ack values are carried in the Response response messages respectively; and restoring a response file of the target Get request according to the serial number field value seq1 carried in each Response response message. According to the invention, a plurality of http sessions in the TCP session can be processed in real time, disorder or retransmission interference among different http sessions is eliminated, and the restoration efficiency is improved.

Description

【Technical field】 [0001] The invention relates to the technical field of data packet reassembly, in particular to a file restoration method and device for HTTP multi-session in a DPI scene. 【Background technique】 [0002] In the field of network information security, it is often necessary to use DPI technology to detect whether there are sensitive keywords in the web pages transmitted in the HTTP protocol or whether the transmitted files are malicious files such as viruses and Trojans. In this case, it is necessary to be able to process them in real time. The http message traffic restores the files transmitted in it. Traditional http file restoration extracts the files in the session through the TCP reassembly of the same quintuple. For a flow with multiple get requests or multiple post requests, the restoration needs to collect the complete flow to pass the reassembly of the entire TCP session and then from it Analyze and split http sessions, extract multiple http transfer...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): H04L29/08
CPCH04L67/02H04L67/06H04L67/146
Inventor 李小坤刘锋叶志钢黄华桥程波
Owner WUHAN GREENET INFORMATION SERVICE
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap