CN102624726A - Multi-core intelligent network card platform-based ultrahigh-bandwidth network security audit method - Google Patents
Multi-core intelligent network card platform-based ultrahigh-bandwidth network security audit method Download PDFInfo
- Publication number
- CN102624726A CN102624726A CN2012100588230A CN201210058823A CN102624726A CN 102624726 A CN102624726 A CN 102624726A CN 2012100588230 A CN2012100588230 A CN 2012100588230A CN 201210058823 A CN201210058823 A CN 201210058823A CN 102624726 A CN102624726 A CN 102624726A
- Authority
- CN
- China
- Prior art keywords
- intelligent network
- application
- network adapter
- audit
- auditing
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 22
- 238000012550 audit Methods 0.000 title claims abstract description 18
- 238000004458 analytical method Methods 0.000 claims abstract description 6
- 238000001514 detection method Methods 0.000 claims description 21
- 238000012546 transfer Methods 0.000 claims description 9
- 230000006835 compression Effects 0.000 claims description 6
- 238000007906 compression Methods 0.000 claims description 6
- 230000005540 biological transmission Effects 0.000 claims description 5
- 238000004422 calculation algorithm Methods 0.000 claims description 3
- 238000001914 filtration Methods 0.000 claims description 3
- 238000005516 engineering process Methods 0.000 abstract description 10
- 238000012545 processing Methods 0.000 abstract description 8
- 238000012544 monitoring process Methods 0.000 abstract description 2
- 230000011664 signaling Effects 0.000 abstract description 2
- 238000007689 inspection Methods 0.000 abstract 2
- 230000001133 acceleration Effects 0.000 abstract 1
- 230000006870 function Effects 0.000 description 6
- 230000006399 behavior Effects 0.000 description 3
- 230000006837 decompression Effects 0.000 description 2
- 238000005206 flow analysis Methods 0.000 description 2
- 230000010354 integration Effects 0.000 description 2
- 238000007726 management method Methods 0.000 description 2
- 230000008521 reorganization Effects 0.000 description 2
- 230000015572 biosynthetic process Effects 0.000 description 1
- 238000006243 chemical reaction Methods 0.000 description 1
- 238000007635 classification algorithm Methods 0.000 description 1
- 238000003066 decision tree Methods 0.000 description 1
- 238000013461 design Methods 0.000 description 1
- 238000003745 diagnosis Methods 0.000 description 1
- 238000010586 diagram Methods 0.000 description 1
- 238000012423 maintenance Methods 0.000 description 1
- 230000035800 maturation Effects 0.000 description 1
- 238000005070 sampling Methods 0.000 description 1
- 230000005641 tunneling Effects 0.000 description 1
Images
Landscapes
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention relates to the field of computer network security, in particular to a multi-core intelligent network card platform-based ultrahigh-bandwidth network security audit method. The method is characterized in that the method includes the following steps that: a multi-core intelligent network card platform is configured; raw messages are received and processed by the multi-core intelligent network card platform; the deep inspection and audit of application data are carried out; and subsequent processing is carried out after audit. Adopting the multi-core intelligent network card platform, the method provides an effective acceleration scheme for a variety of fields, such as network security, flow monitoring, service analysis and signaling test, and can be applied in 100G ultrahigh bandwidth; meanwhile, the mode of shunting the service process is adopted, the application strategy is secure and highly reliable, the deep inspection technology is adopted as well, and thereby the method realizes the functional requirements of network application level security audit, flow control, enterprise level application security policy implementation and the like.
Description
Technical field
The present invention relates to computer network security field, a kind of superelevation broadband network method for auditing safely of saying so especially based on the intelligent network adapter multi-core platform.
Background technology
Along with network application is more and more; Also when the river rises the boat goes up for the demand of bandwidth; Proposed challenge for thus the actual solution of software and hardware of security audit, how at any sacrifice in performance not or the security audit of paying realization enterprise application on the basis of less performance cost for becoming emphasis of design.
The technology of depth detection mainly is that the technology of application state detection fire compartment wall is closed with the technology of application layer traffic-the identification mutually; Identify the various application on the network efficiently; And through thereby the detection of using flow data is realized other security audit of network application level; Flow control, the security strategy of enterprise-level application is implemented, the functional requirement of high reliability etc.The practical solution of depth detection technology runs into the challenge of many realizations, such as the encryption of application program, tunneling technique.
It is more and more wide in range that the security gateway series products is used, and expands to UTM, IPS, online flow analysis watch-dog, online flow management apparatus, web Access Management Access equipment or the like from the fire compartment wall of classics.These use existing powerful abundant message analysis and flow analysis function; Also need transmit processing efficiently to flow through this equipment; General character from the security gateway series products; Though their application scenarioss are different, all need powerful CPU disposal ability and come to guarantee simultaneously analytical work and forwarding work, and the restriction of CPU disposal ability often make forwarding work tie up the required resource of analytical work; The product application developer expensive energy on the balance choice problem of performance and function of having to, network performance problems even become the restriction function further to enrich perfect bottleneck.
Look back typical security gateway application software and realize having following 'bottleneck' restrictions network performance and promote based on the X86 system:
(1) bus;
(2) interrupt;
(3) message conversion and checking treatment;
(4) routing table, status table;
(5) traffic classification algorithm;
(6) traffic sampling, statistics and scheduling.
To these problems; Technology such as ASIC chip, network processing unit, polycaryon processor occur in succession; And from the solution more or less of different aspect different angles the problems referred to above; Yet, to compare with very fast lifting, the abundant very fast demand growth speed of business function of network performance, these frameworks are not popularized fast; To still there being no small leap distance the application product of maturation, this distance has restricted above-mentioned proprietary hardware structure popular and universal in the security gateway field from outstanding chip ability.
Summary of the invention
The present invention adopts intelligent ten thousand Broadcom multi-core platforms; Subpackage and assembling with packet; The identification of basic agreement and application protocol is handled, and compression, decompression are encrypted; The shunting of functions such as deciphering is handled by the multi-core platform of intelligent network adapter; And the processing of the audit operations flow process PCI-EXPRESS bus through high bandwidth is diverted to X86 CPU platform processes, such solution integration system resource in the short period of time satisfies user's bandwidth control, the functional requirement of basic security strategy control of using etc.
In order to achieve the above object, the present invention has designed a kind of superelevation broadband network method for auditing safely based on the intelligent network adapter multi-core platform, it is characterized in that adopting following steps:
A. dispose the intelligent network adapter multi-core platform: comprise DPI engine configuration, the setting of filtration set of keywords, application protocol configuration, encrypting and decrypting setting, compression algorithm configuration;
B. the intelligent network adapter multi-core platform receives and handles original message: through PCI allocation-EXPRESS bus transfer; The intelligent network adapter multi-core platform is handled the primitive network data message, and the application data after will handling is via the CPU platform of PCI-EXPRESS bus transfer to X86;
C. the depth detection of application data and audit: application data carries out auditing after the depth detection, the BPM interface configurations of the CPU platform through X86;
D. the subsequent treatment after auditing: the auditing result according to application data is carried out subsequent treatment.
In step C, the depth detection of said application data mainly comprises pattern feature identification, user behavior analysis, dynamic application identification.
In step C, the audit of said application data mainly comprises flow control, security control.
In step D, described subsequent treatment mainly comprises the transmission alert message, and restriction or blocking-up data flow generate statistical report form.
The present invention adopts the intelligent network adapter multi-core platform, for multiple business fields such as network security, flow monitoring, business diagnosis, signaling detection provide effective speeding scheme, can be applied in the superelevation bandwidth of 100G; Adopt the mode of shunting operation flow simultaneously, application strategy safety, good reliability adopt the depth detection technology simultaneously, thereby realize the functional requirement to the security strategy enforcement of other security audit of network application level, flow control, enterprise-level application etc.
Description of drawings
Fig. 1 is the step schematic flow diagram of the inventive method.
The structural representation that Fig. 2 handles for service distributing of the present invention.
Fig. 3 is the process chart of packet in the depth detection of the present invention.
Fig. 4 is for the transfer of data between host CPU among the present invention and the intelligent network adapter multi-core platform and handle sketch map.
Embodiment
Combine accompanying drawing that the present invention is described further at present.
As shown in Figure 1, the present invention uses following steps:
A. dispose the intelligent network adapter multi-core platform: comprised the DPI engine configuration, the setting of filter set of keywords, application protocol configuration, encrypting and decrypting setting, compression algorithm configuration;
B. the intelligent network adapter multi-core platform receives and handles original message: through PCI allocation-EXPRESS bus transfer; The intelligent network adapter multi-core platform is handled the primitive network data message; Its processing comprises packet reorganization, deciphering, depth detection, information filtering, classification etc.; And the application data after will handling is via the CPU platform of PCI-EXPRESS bus transfer to X86, referring to Fig. 2;
C. the depth detection of application data and audit: application data carries out auditing after the depth detection, the BPM interface configurations of the CPU platform through X86;
D. the subsequent treatment after auditing: the auditing result according to application data is carried out subsequent treatment.
In step C, the depth detection of application data mainly comprises pattern feature identification, user behavior analysis, dynamic application identification.Referring to Fig. 3; Wherein a kind of detection is for handling the packet after the compression; Its handling process is following: packet carries out depth detection after getting into the DPI engine, and adopts the user behavior analysis technology of depth detection, packet is carried out the classification of decision tree; Sorted data based different priorities formation is sorted, and promptly accomplishes the processing of packet.
In step C, the audit of application data mainly comprises flow control, security control.
In step D, subsequent treatment mainly comprises the transmission alert message, and restriction or blocking-up data flow generate statistical report form.
Be illustrated in figure 4 as among the present invention the transfer of data between the host CPU and intelligent network adapter multi-core platform and handle sketch map; The host CPU of X86 is through PCI allocation-EXPRESS bus and adopt data channel transmission primitive network data message to the intelligent network adapter multi-core platform; The polycaryon processor of intelligent network adapter multi-core platform is handled the primitive network data message and it is arranged as hardware maintenance I/O priority query, and the application data after the processing is via the host CPU of PCI-EXPRESS bus transfer to X86; Wherein, host CPU and intelligent network adapter multi-core platform all can be saved to data among the internal memory Memory, and the intelligent network adapter multi-core platform can also be provided with network interface, are connected the transmission data with other hardware.
The present invention adopts intelligent ten thousand Broadcom multi-core platforms; With the subpackage and the reorganization of packet, the identification of the degree of depth of basic agreement and application protocol is handled, compression, decompression; Encrypt; Functions such as deciphering shuntings is handled by the multi-core platform of intelligent network adapter, and the processing of the audit operations flow process PCI-EXPRESS bus through high bandwidth is diverted to X86 CPU platform processes, and such solution integration system resource in the short period of time satisfies user's bandwidth control; The functional requirement of basic security strategy control of using etc. can be applied in the superelevation bandwidth such as 50G, 100G; Adopt depth detection technology simultaneously, thereby realize the security strategy enforcement of other security audit of network application level, flow control, enterprise-level application etc., good reliability.
Claims (4)
1. superelevation broadband network method for auditing safely based on the intelligent network adapter multi-core platform is characterized in that adopting following steps:
A. dispose the intelligent network adapter multi-core platform: comprise DPI engine configuration, the setting of filtration set of keywords, application protocol configuration, encrypting and decrypting setting, compression algorithm configuration;
B. the intelligent network adapter multi-core platform receives and handles original message: through PCI allocation-EXPRESS bus transfer; The intelligent network adapter multi-core platform is handled the primitive network data message, and the application data after will handling is via the CPU platform of PCI-EXPRESS bus transfer to X86;
C. the depth detection of application data and audit: application data carries out auditing after the depth detection, the BPM interface configurations of the CPU platform through X86;
D. the subsequent treatment after auditing: the auditing result according to application data is carried out subsequent treatment.
2. the superelevation broadband network method for auditing safely based on the intelligent network adapter multi-core platform according to claim 1; It is characterized in that: in step C; The depth detection of said application data mainly comprises pattern feature identification, user behavior analysis, dynamic application identification.
3. the superelevation broadband network method for auditing safely based on the intelligent network adapter multi-core platform according to claim 1 and 2, it is characterized in that: in step C, the audit of said application data mainly comprises flow control, security control.
4. the superelevation broadband network method for auditing safely based on the intelligent network adapter multi-core platform according to claim 1, it is characterized in that: in step D, described subsequent treatment mainly comprises the transmission alert message, restriction or blocking-up data flow generate statistical report form.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2012100588230A CN102624726A (en) | 2012-03-07 | 2012-03-07 | Multi-core intelligent network card platform-based ultrahigh-bandwidth network security audit method |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2012100588230A CN102624726A (en) | 2012-03-07 | 2012-03-07 | Multi-core intelligent network card platform-based ultrahigh-bandwidth network security audit method |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN102624726A true CN102624726A (en) | 2012-08-01 |
Family
ID=46564411
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN2012100588230A Pending CN102624726A (en) | 2012-03-07 | 2012-03-07 | Multi-core intelligent network card platform-based ultrahigh-bandwidth network security audit method |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN102624726A (en) |
Cited By (13)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102811127A (en) * | 2012-08-23 | 2012-12-05 | 深圳乌托邦系统集成有限公司 | Acceleration network card for cloud computing application layer |
| CN103067218A (en) * | 2012-12-14 | 2013-04-24 | 华中科技大学 | High speed network data package content analysis device |
| CN104486253A (en) * | 2014-12-11 | 2015-04-01 | 北京百度网讯科技有限公司 | Network bandwidth scheduling method and system |
| CN106230612A (en) * | 2016-07-12 | 2016-12-14 | 杭州迪普科技有限公司 | Process the method and device of message |
| CN109218308A (en) * | 2018-09-14 | 2019-01-15 | 上海赋华网络科技有限公司 | A kind of data high-speed secure exchange method based on intelligent network adapter |
| CN111367582A (en) * | 2020-03-06 | 2020-07-03 | 上海赋华网络科技有限公司 | High-performance file type identification method |
| CN111541726A (en) * | 2020-07-08 | 2020-08-14 | 支付宝(杭州)信息技术有限公司 | Replay transaction identification method and device based on block chain all-in-one machine |
| CN114531285A (en) * | 2022-04-01 | 2022-05-24 | 杭州立思辰安科科技有限公司 | Intelligent detection method for firewall multi-core architecture |
| US11444783B2 (en) | 2020-07-08 | 2022-09-13 | Alipay (Hangzhou) Information Technology Co., Ltd. | Methods and apparatuses for processing transactions based on blockchain integrated station |
| US11463553B2 (en) | 2020-07-08 | 2022-10-04 | Alipay (Hangzhou) Information Technology Co., Ltd. | Methods and apparatuses for identifying to-be-filtered transaction based on blockchain integrated station |
| US11665234B2 (en) | 2020-07-08 | 2023-05-30 | Alipay (Hangzhou) Information Technology Co., Ltd. | Methods and apparatuses for synchronizing data based on blockchain integrated station |
| US11783339B2 (en) | 2020-07-08 | 2023-10-10 | Alipay (Hangzhou) Information Technology Co., Ltd. | Methods and apparatuses for transferring transaction based on blockchain integrated station |
| CN117119462A (en) * | 2023-10-25 | 2023-11-24 | 北京派网科技有限公司 | Security audit system and method of 5G mobile communication network based on distributed dip engine heterogeneous diagram architecture |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1547353A (en) * | 2003-12-05 | 2004-11-17 | 浩 李 | A high-performance multi-service network security processing equipment |
| CN1567808A (en) * | 2003-06-18 | 2005-01-19 | 联想(北京)有限公司 | A network security appliance and realizing method thereof |
| CN1610335A (en) * | 2004-11-25 | 2005-04-27 | 上海复旦光华信息科技股份有限公司 | Safety filtering current shunt of exchange structure based on network processor and CPU array |
| US20080022401A1 (en) * | 2006-07-21 | 2008-01-24 | Sensory Networks Inc. | Apparatus and Method for Multicore Network Security Processing |
| CN101483649A (en) * | 2009-02-10 | 2009-07-15 | 浪潮电子信息产业股份有限公司 | Network safe content processing card based on FPGA |
-
2012
- 2012-03-07 CN CN2012100588230A patent/CN102624726A/en active Pending
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1567808A (en) * | 2003-06-18 | 2005-01-19 | 联想(北京)有限公司 | A network security appliance and realizing method thereof |
| CN1547353A (en) * | 2003-12-05 | 2004-11-17 | 浩 李 | A high-performance multi-service network security processing equipment |
| CN1610335A (en) * | 2004-11-25 | 2005-04-27 | 上海复旦光华信息科技股份有限公司 | Safety filtering current shunt of exchange structure based on network processor and CPU array |
| US20080022401A1 (en) * | 2006-07-21 | 2008-01-24 | Sensory Networks Inc. | Apparatus and Method for Multicore Network Security Processing |
| CN101483649A (en) * | 2009-02-10 | 2009-07-15 | 浪潮电子信息产业股份有限公司 | Network safe content processing card based on FPGA |
Non-Patent Citations (1)
| Title |
|---|
| 田俊峰等: ""基于误用和异常技术相结合的入侵检测系统的设计与研究"", 《电子与信息学报》 * |
Cited By (19)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102811127A (en) * | 2012-08-23 | 2012-12-05 | 深圳乌托邦系统集成有限公司 | Acceleration network card for cloud computing application layer |
| CN103067218A (en) * | 2012-12-14 | 2013-04-24 | 华中科技大学 | High speed network data package content analysis device |
| CN103067218B (en) * | 2012-12-14 | 2016-03-02 | 华中科技大学 | A kind of express network packet content analytical equipment |
| CN104486253A (en) * | 2014-12-11 | 2015-04-01 | 北京百度网讯科技有限公司 | Network bandwidth scheduling method and system |
| CN104486253B (en) * | 2014-12-11 | 2017-08-08 | 北京百度网讯科技有限公司 | network bandwidth dispatching method and system |
| CN106230612A (en) * | 2016-07-12 | 2016-12-14 | 杭州迪普科技有限公司 | Process the method and device of message |
| CN106230612B (en) * | 2016-07-12 | 2019-09-06 | 杭州迪普科技股份有限公司 | Handle the method and device of message |
| CN109218308A (en) * | 2018-09-14 | 2019-01-15 | 上海赋华网络科技有限公司 | A kind of data high-speed secure exchange method based on intelligent network adapter |
| CN111367582A (en) * | 2020-03-06 | 2020-07-03 | 上海赋华网络科技有限公司 | High-performance file type identification method |
| CN111367582B (en) * | 2020-03-06 | 2023-08-25 | 上海赋华网络科技有限公司 | Method for identifying file type in high performance |
| CN111541726A (en) * | 2020-07-08 | 2020-08-14 | 支付宝(杭州)信息技术有限公司 | Replay transaction identification method and device based on block chain all-in-one machine |
| US11336660B2 (en) | 2020-07-08 | 2022-05-17 | Alipay (Hangzhou) Information Technology Co., Ltd. | Methods and apparatuses for identifying replay transaction based on blockchain integrated station |
| US11444783B2 (en) | 2020-07-08 | 2022-09-13 | Alipay (Hangzhou) Information Technology Co., Ltd. | Methods and apparatuses for processing transactions based on blockchain integrated station |
| US11463553B2 (en) | 2020-07-08 | 2022-10-04 | Alipay (Hangzhou) Information Technology Co., Ltd. | Methods and apparatuses for identifying to-be-filtered transaction based on blockchain integrated station |
| US11665234B2 (en) | 2020-07-08 | 2023-05-30 | Alipay (Hangzhou) Information Technology Co., Ltd. | Methods and apparatuses for synchronizing data based on blockchain integrated station |
| US11783339B2 (en) | 2020-07-08 | 2023-10-10 | Alipay (Hangzhou) Information Technology Co., Ltd. | Methods and apparatuses for transferring transaction based on blockchain integrated station |
| CN114531285A (en) * | 2022-04-01 | 2022-05-24 | 杭州立思辰安科科技有限公司 | Intelligent detection method for firewall multi-core architecture |
| CN117119462A (en) * | 2023-10-25 | 2023-11-24 | 北京派网科技有限公司 | Security audit system and method of 5G mobile communication network based on distributed dip engine heterogeneous diagram architecture |
| CN117119462B (en) * | 2023-10-25 | 2024-01-26 | 北京派网科技有限公司 | Security audit system and method of 5G mobile communication network based on distributed DPI engine heterogeneous diagram architecture |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN102624726A (en) | Multi-core intelligent network card platform-based ultrahigh-bandwidth network security audit method | |
| CN104683352B (en) | A kind of industrial communication isolation gap with binary channels ferry-boat | |
| JP2005229573A (en) | Network security system and operation method thereof | |
| CN106161395A (en) | A kind of prevent the method for Brute Force, Apparatus and system | |
| CN106953855A (en) | A method of intrusion detection for IEC61850 digital substation GOOSE message | |
| CN103237036A (en) | Device for realizing physical partition of internal and external networks | |
| Hwoij et al. | SIEM architecture for the Internet of Things and smart city | |
| CN116455649A (en) | An import and export trade data exchange system | |
| Nazakat et al. | Intrusion detection system for in-vehicular communication | |
| CN107204918A (en) | A kind of Yunan County's full gateway and cloud security system | |
| Abdallah et al. | Identifying intrusion attempts on connected and autonomous vehicles: A survey | |
| CN111046405B (en) | Data processing method, device, equipment and storage medium | |
| CN115865526A (en) | Industrial internet security detection method and system based on cloud edge cooperation | |
| CN101202756A (en) | A message processing method and device | |
| CN108696390A (en) | A kind of software-defined network safety equipment and method | |
| CN101815015A (en) | Network flow quick security check engine facing content | |
| CN103036879A (en) | Method for auditing QQ chat contents | |
| CN104618323B (en) | Operation system transmission safety encryption based on networks filter driver | |
| CN109195160B (en) | Tamper-proof storage system and control method for network device resource exploration information | |
| CN114928486B (en) | Industrial control protocol security ferrying method, device and system based on digital certificate and storage medium | |
| Rosell et al. | A frequency-based data mining approach to enhance in-vehicle network intrusion detection | |
| CN108206826A (en) | A kind of lightweight intrusion detection method towards Integrated Electronic System | |
| CN109788249B (en) | Video monitoring control method based on industrial internet operating system | |
| CN113961432A (en) | Method and device for generating data report, electronic equipment and storage medium | |
| CN205249272U (en) | Multistage information encapsulation encryption device |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C02 | Deemed withdrawal of patent application after publication (patent law 2001) | ||
| WD01 | Invention patent application deemed withdrawn after publication |
Application publication date: 20120801 |