[go: up one dir, main page]

CN102739473B - Network detection method applying intelligent network card - Google Patents

Network detection method applying intelligent network card Download PDF

Info

Publication number
CN102739473B
CN102739473B CN201210236470.9A CN201210236470A CN102739473B CN 102739473 B CN102739473 B CN 102739473B CN 201210236470 A CN201210236470 A CN 201210236470A CN 102739473 B CN102739473 B CN 102739473B
Authority
CN
China
Prior art keywords
intelligent network
data
network adapter
network card
network
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201210236470.9A
Other languages
Chinese (zh)
Other versions
CN102739473A (en
Inventor
周立
鲁松
邹昕
汪立东
张晓明
王维晟
王勇
孙浩
严伟
戴丽
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
NANJING SINOVATIO TECHNOLOGY CO LTD
National Computer Network and Information Security Management Center
Original Assignee
NANJING SINOVATIO TECHNOLOGY CO LTD
National Computer Network and Information Security Management Center
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by NANJING SINOVATIO TECHNOLOGY CO LTD, National Computer Network and Information Security Management Center filed Critical NANJING SINOVATIO TECHNOLOGY CO LTD
Priority to CN201210236470.9A priority Critical patent/CN102739473B/en
Publication of CN102739473A publication Critical patent/CN102739473A/en
Application granted granted Critical
Publication of CN102739473B publication Critical patent/CN102739473B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Landscapes

  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

A network detection method applying intelligent network card, the intelligent network card is connected in series at the exit of local area network or small enterprise network and stores ACL rule, firstly, network card management module is adopted to issue quintuple ACL rule of server end to intelligent network card storage module; then, the intelligent network card receives the network data and carries out stream restoration processing on the network data; and in a data processing module of the intelligent network card, matching the processed message with the existing ACL rule in the storage module, and taking corresponding actions of discarding, transmitting, labeling, sending the message or sending a log. The invention gives the analysis and detection actions of the server on the network data to the intelligent network card for processing, effectively reduces the burden of a background server CPU, provides various standard compatible interfaces, enables the existing related network processing programs to seamlessly use the intelligent network card, and further exerts the advantages of the intelligent network card on the analysis and detection of the network data. The method is suitable for various scenes such as network detection and the like.

Description

一种应用智能网卡的网络检测方法A network detection method using intelligent network card

技术领域 technical field

本发明涉及网络检测应用领域,尤其是一种应用智能网卡的网络检测方法。 The invention relates to the application field of network detection, in particular to a network detection method using an intelligent network card.

背景技术 Background technique

在局域网或小型企业网网内,ARP欺骗、IP欺骗、虚假IP、IP分片、虚假MAC、超大Ping包、格式错误数据、发包频率超标等协议病毒等一系列内网攻击都能导致内网掉线、卡滞等现象。这些内网攻击在网络中普遍存在。常用检测方法为后台服务器上的网络检测软件对出入子网的IP包内容进行扫描,根据特征字符串对敏感信息进行匹配,从而判断数据包是否为合法信息。这种网络检测方法无疑加重了后台服务器CPU的负担,降低了系统性能,当网络峰值出现时,应用程序无法快速处理接收数据,造成网卡数据丢弃的后果;同时,当入侵者将敏感信息拆分成多个IP分片时,检测软件无法从单个IP包中解析出非法信息。 In the local area network or small enterprise network, a series of intranet attacks such as ARP spoofing, IP spoofing, false IP, IP fragmentation, false MAC, oversized Ping packets, wrongly formatted data, excessive packet sending frequency, etc. Disconnected, stuck, etc. These intranet attacks are common in the network. The common detection method is that the network detection software on the background server scans the content of the IP packets entering and leaving the subnet, and matches the sensitive information according to the characteristic string, so as to judge whether the data packet is legal information. This network detection method undoubtedly increases the burden on the CPU of the background server and reduces system performance. When the network peak occurs, the application cannot quickly process the received data, resulting in the consequence of network card data discarding; at the same time, when the intruder splits sensitive information When it is divided into multiple IP fragments, the detection software cannot parse out illegal information from a single IP packet.

发明内容 Contents of the invention

本发明的目的是针对局域网或小型企业网网络检测中,采用后台服务器上的软件对网卡接收到的网络信息进行检测,所存在的后台服务器CPU的负担重,系统性能差,应用程序无法快速处理接收数据,网卡数据易丢弃以及无法从IP分片中探测出非法信息的问题,为了有效控制和阻止不良信息的传播、机密信息的泄露,完整的对局域网或小型企业网信息进行网络内容检测,提出一种智能网卡的网络检测方法。所述智能网卡对接收到的数据进行IP分片重组及TCP流重组,然后根据存储的ACL规则及具有的DPI功能对传入服务器的网络数据进行预处理,直接在智能网卡上对协议病毒等网络攻击包进行拦截和控制,检测范围拓展到局域网或小型企业网的网络出入口,实现对网络数据的分析与检测功能,并减轻了服务器CPU负担,提高了系统性能。 The purpose of the present invention is to use the software on the backstage server to detect the network information received by the network card in the network detection of local area network or small enterprise network. The burden of the existing backstage server CPU is heavy, the system performance is poor, and the application program cannot be processed quickly. Receiving data, network card data is easy to discard and illegal information cannot be detected from IP fragmentation. In order to effectively control and prevent the spread of bad information and the leakage of confidential information, complete network content detection of LAN or small enterprise network information, A network detection method for an intelligent network card is proposed. The smart network card performs IP fragmentation reorganization and TCP flow reorganization on the received data, and then preprocesses the network data incoming to the server according to the stored ACL rules and the DPI function, and directly detects protocol viruses, etc. on the smart network card. The network attack packet is intercepted and controlled, and the detection range is extended to the network entrance and exit of the LAN or small enterprise network, which realizes the analysis and detection function of network data, reduces the CPU burden of the server, and improves the system performance.

本发明的技术方案是: Technical scheme of the present invention is:

一种应用智能网卡的网络检测方法,所述的智能网卡中存储ACL规则,网络检测方法包括以下步骤: A network detection method using a smart network card, storing ACL rules in the smart network card, the network detection method comprising the following steps:

A、采用网卡管理模块将服务器端的五元组ACL规则下发到智能网卡存储模块中; A. Use the network card management module to send the quintuple ACL rules on the server side to the smart network card storage module;

B、智能网卡接收网络数据,并对接收到的数据进行IP分片重组及TCP流重组; B. The smart network card receives network data, and performs IP fragment reassembly and TCP stream reassembly on the received data;

C、在智能网卡的数据处理模块中,将接收到的报文与存储模块中已有的ACL规则进行匹配,并采取相应的丢弃、透传、打标签、发送报文或发送日志的动作。 C. In the data processing module of the smart network card, match the received message with the existing ACL rules in the storage module, and take corresponding actions of discarding, transparent transmission, labeling, sending a message or sending a log.

本发明的智能网卡包括存储模块、数据处理模块和数据收发模块;存储模块用于存储ACL规则;数据收发模块用于实现智能网卡到网络的数据接收和发送;数据处理模块实现将接收到的报文进行IP分片重组及TCP流重组后与已有的ACL规则的匹配;数据处理模块与存储模块、数据收发模块的对应信号端相连; The smart network card of the present invention includes a storage module, a data processing module and a data transceiver module; the storage module is used to store ACL rules; the data transceiver module is used to realize the data receiving and sending from the smart network card to the network; the data processing module realizes the received report The text is matched with the existing ACL rules after IP fragmentation reorganization and TCP flow reorganization; the data processing module is connected with the corresponding signal end of the storage module and the data transceiver module;

所述的服务器端配置网卡管理模块和智能网卡驱动模块;网卡管理模块用于实现对智能网卡ACL规则的添加、删除及查询功能的操作;智能网卡驱动模块用于实现智能网卡到服务器端的数据接收和发送。 The server end is configured with a network card management module and a smart network card driver module; the network card management module is used to realize the operation of adding, deleting and querying the smart network card ACL rules; the smart network card driver module is used to realize data reception from the smart network card to the server end and send.

本发明的智能网卡还包括DPI模块,用于对接收数据的深层包进行检测。 The intelligent network card of the present invention also includes a DPI module, which is used to detect the deep packet of the received data.

本发明的智能网卡提供多种标准或专用编程接口,将智能网卡网络数据分析、检测的功能开放给服务器端上层软件。 The intelligent network card of the present invention provides various standard or special programming interfaces, and opens the function of network data analysis and detection of the intelligent network card to the upper layer software of the server.

本发明的步骤C中: In step C of the present invention:

如果采用丢弃动作,智能网卡根据ACL规则将采用丢弃动作的报文忽略; If the discarding action is adopted, the intelligent network card will ignore the packet adopting the discarding action according to the ACL rule;

如果采用透传动作,将采用透传动作的指定的数据报文上传给后台服务器不同的流缓冲中,然后上层软件的不同线程再从对应的流缓冲中读取数据,并把数据发送到多个线程的数据队列中去; If the transparent transmission action is adopted, the specified data message adopting the transparent transmission action is uploaded to different stream buffers of the background server, and then different threads of the upper-layer software read data from the corresponding stream buffers and send the data to multiple Go to the data queue of a thread;

如果采用打标签动作,智能网卡按照ACL规则要求对命中规则的报文进行标记,并将其上传至服务器端; If the labeling action is adopted, the smart network card will mark the packets matching the rules according to the requirements of the ACL rules and upload them to the server;

如果采用发送报文动作,智能网卡按照匹配的ACL规则动作,发送带有TCP标志的报文。 If the action of sending packets is adopted, the iNIC will act according to the matching ACL rules and send packets with the TCP flag.

如果采用发送日志动作,智能网卡按照匹配的ACL规则动作,发送日志报文到日志服务器。 If the action of sending logs is adopted, the iNIC will act according to the matching ACL rules and send log packets to the log server.

本发明的五元组是指:源IP地址、目的IP地址、IP的协议号、TCP/UDP的源端口号、TCP/UDP的目的端口号。 The quintuple of the present invention refers to: source IP address, destination IP address, IP protocol number, source port number of TCP/UDP, destination port number of TCP/UDP.

本发明的有益效果: Beneficial effects of the present invention:

本发明的智能网卡的网络检测方法,该方法将服务器对网络数据的分析和检测动作交给智能网卡处理,直接在智能网卡上对网络攻击包进行拦截和控制,检测范围拓展到网络的最末端,完善对业务的管理,使网络可控、可管、可防,并且能够有效地降低后台服务器CPU负担;同时,提供了包括自定义的专用接口及libpcap、libnet、libnids等多种标准兼容接口,可以让现有的相关网络处理程序无缝的使用智能网卡,实现对网络数据包捕包分析等功能,进一步发挥智能网卡对网络数据的分析和检测的优势,该方法可用于网络检测等多种场所。 The network detection method of the smart network card of the present invention, in this method, the analysis and detection action of the network data by the server is handed over to the smart network card for processing, and the network attack packet is directly intercepted and controlled on the smart network card, and the detection range is extended to the end of the network , improve business management, make the network controllable, manageable, and preventable, and can effectively reduce the background server CPU burden; at the same time, it provides a variety of standard-compatible interfaces including custom dedicated interfaces and libpcap, libnet, libnids, etc. , can make the existing relevant network processing programs seamlessly use the smart network card, realize functions such as capturing and analyzing network data packets, and further exert the advantages of the smart network card in analyzing and detecting network data. This method can be used for network detection and many other kinds of places.

附图说明 Description of drawings

图1是本发明的智能网卡数据分析与检测示意图。 Fig. 1 is a schematic diagram of the smart network card data analysis and detection of the present invention.

具体实施方式 Detailed ways

下面结合附图和实施例对本发明作进一步的说明。 The present invention will be further described below in conjunction with the accompanying drawings and embodiments.

如图1所示,一种智能网卡的网络检测方法,所述的智能网卡中存储ACL规则,网络检测方法包括以下步骤: As shown in Figure 1, a kind of network detection method of smart network card, store ACL rule in described smart network card, network detection method comprises the following steps:

A、采用网卡管理模块将服务器端的五元组ACL规则下发到智能网卡存储模块中; A. Use the network card management module to send the quintuple ACL rules on the server side to the smart network card storage module;

B、智能网卡接收网络数据,并对接收到的数据进行IP分片重组及TCP流重组; B. The smart network card receives network data, and performs IP fragment reassembly and TCP stream reassembly on the received data;

C、在智能网卡的数据处理模块中,将接收到的报文与存储模块中已有的ACL规则进行匹配,并采取相应的丢弃、透传、打标签、发送报文或发送日志的动作; C. In the data processing module of the smart network card, match the received message with the existing ACL rules in the storage module, and take corresponding actions of discarding, transparent transmission, labeling, sending a message or sending a log;

如果采用丢弃动作,智能网卡根据ACL规则将采用丢弃动作的报文忽略; If the discarding action is adopted, the intelligent network card will ignore the packet adopting the discarding action according to the ACL rule;

如果采用透传动作,将采用透传动作的指定的数据报文上传给后台服务器不同的流缓冲中,然后上层软件的不同线程再从对应的流缓冲中读取数据,并把数据发送到多个线程的数据队列中去; If the transparent transmission action is adopted, the specified data message adopting the transparent transmission action is uploaded to different stream buffers of the background server, and then different threads of the upper-layer software read data from the corresponding stream buffers and send the data to multiple Go to the data queue of a thread;

如果采用打标签动作,智能网卡按照ACL规则要求对命中规则的报文进行标记,并将其上传至服务器端; If the labeling action is adopted, the smart network card will mark the packets matching the rules according to the requirements of the ACL rules and upload them to the server;

如果采用发送报文动作,智能网卡按照匹配的ACL规则动作,发送带有TCP标志的报文。 If the action of sending packets is adopted, the iNIC will act according to the matching ACL rules and send packets with the TCP flag.

如果采用发送日志动作,智能网卡按照匹配的ACL规则动作,发送日志报文到日志服务器。 If the action of sending logs is adopted, the iNIC will act according to the matching ACL rules and send log packets to the log server.

本发明的智能网卡包括存储模块、数据处理模块和数据收发模块;存储模块用于存储ACL规则;数据收发模块用于实现智能网卡到网络的数据接收和发送;数据处理模块实现将接收到的报文进行IP分片重组及TCP流重组后与已有的ACL规则的匹配;数据处理模块与存储模块、数据收发模块的对应信号端相连; The smart network card of the present invention includes a storage module, a data processing module and a data transceiver module; the storage module is used to store ACL rules; the data transceiver module is used to realize the data receiving and sending from the smart network card to the network; the data processing module realizes the received report The text is matched with the existing ACL rules after IP fragmentation reorganization and TCP flow reorganization; the data processing module is connected with the corresponding signal end of the storage module and the data transceiver module;

本发明的服务器端配置网卡管理模块和智能网卡驱动模块;网卡管理模块用于实现对智能网卡ACL规则的添加、删除及查询功能的操作;智能网卡驱动模块用于实现智能网卡到服务器端的数据接收和发送。 The server end of the present invention is configured with a network card management module and a smart network card driver module; the network card management module is used to realize the operation of adding, deleting and querying the ACL rules of the smart network card; the smart network card driver module is used to realize data reception from the smart network card to the server end and send.

本发明的智能网卡还包括检测模块,用于对接收数据的深层包进行检测。深层包进行检测不仅分析IP包的层4 以下的内容,包括源地址、目的地址、源端口、目的端口以及协议类型,而且还增加了应用层分析,识别各种应用及其内容。 The intelligent network card of the present invention also includes a detection module, which is used to detect the deep packet of the received data. Deep packet inspection not only analyzes the content below layer 4 of IP packets, including source address, destination address, source port, destination port and protocol type, but also adds application layer analysis to identify various applications and their contents.

本发明的智能网卡提供多种标准或专用编程接口,将智能网卡网络数据分析、检测的功能开放给服务器端上层软件。 The intelligent network card of the present invention provides various standard or special programming interfaces, and opens the function of network data analysis and detection of the intelligent network card to the upper layer software of the server.

具体实施时: When implementing it:

一种智能网卡的网络检测方法,智能网卡可以根据已有算法对接收到的IP包进行IP分片重组及TCP流重组,然后根据TCP/IP协议族的IP、TCP、UDP等基本协议和端口号来解析数据包,从而判断网络信息流量、经过的路由、数据包的大小、数据包的内容等等信息。 A network detection method for a smart network card. The smart network card can perform IP fragmentation reorganization and TCP flow reorganization on received IP packets according to existing algorithms, and then according to basic protocols such as IP, TCP, and UDP of the TCP/IP protocol family and port To analyze the data packet, so as to judge the network information flow, the route passed, the size of the data packet, the content of the data packet and so on.

智能网卡内部提供了对接收数据的深层包检测功能。 The smart network card internally provides a deep packet inspection function for received data.

智能网卡驱动在用户空间定制了一套网卡管理工具,实现对智能网卡ACL规则的添加、删除及查询功能等操作。所述方法包括如下步骤: The smart network card driver customizes a set of network card management tools in the user space to implement operations such as adding, deleting and querying ACL rules for the smart network card. The method comprises the steps of:

在步骤101中,用户使用智能网卡提供的网卡管理工具将五元组ACL规则下发到智能网卡内存中。五元组是指:源IP地址、目的IP地址、IP的协议号、TCP/UDP的源端口号、TCP/UDP的目的端口号。 In step 101, the user sends the five-tuple ACL rule to the memory of the smart network card by using the network card management tool provided by the smart network card. The quintuple refers to: source IP address, destination IP address, IP protocol number, TCP/UDP source port number, and TCP/UDP destination port number.

在步骤103中,智能网卡将接收到的报文与已有规则进行匹配,并采取丢弃、透传、打标签、发送报文、发送日志等动作; In step 103, the smart network card matches the received message with the existing rules, and takes actions such as discarding, transparent transmission, labeling, sending a message, and sending a log;

在步骤104中,智能网卡根据ACL规则将采用丢弃动作的报文忽略; In step 104, the intelligent network card ignores the message that adopts the discarding action according to the ACL rule;

在步骤105中,将采用透传动作的指定的数据报文上传给后台服务器,并把数据分发到需要的线程的数据队列中去; In step 105, the specified data message of the transparent transmission action is uploaded to the background server, and the data is distributed to the data queue of the required thread;

可以按照ACL规则要求发送带有TCP标志的报文(步骤106),; A message with a TCP flag can be sent according to the requirements of the ACL rule (step 106);

可以按照匹配的ACL规则动作,发送日志报文到日志服务器(步骤107); Can act according to the matching ACL rule, send the log message to the log server (step 107);

所述智能网卡在服务器用户空间封装了标准的API接口函数,最大化的开放智能网卡的功能,同时,进一步提供了对libpcap、libnet、libnids等多种标准兼容接口的支持,实现现有的相关网络处理程序无缝的使用智能网卡。 The smart network card encapsulates standard API interface functions in the server user space, maximizing the open function of the smart network card, and at the same time, further provides support for various standard compatible interfaces such as libpcap, libnet, libnids, etc., and realizes existing related Network handlers seamlessly use the SmartNIC.

使用智能网卡的专用接口或libpcap、libnet、libnids等工具可最大化的利用智能网卡的IP分片重组、TCP数据重组、ACL规则过滤、DPI等功能,实现数据捕捉处理、过滤处理和构造数据包外发等数据包的预处理。 Use the dedicated interface of the smart network card or libpcap, libnet, libnids and other tools to maximize the use of the smart network card's IP fragmentation reorganization, TCP data reorganization, ACL rule filtering, DPI and other functions to achieve data capture processing, filtering processing and structure data packets Preprocessing of outgoing and other data packets.

当利用网卡编程接口实现智能网卡捕包功能时,智能网卡按照服务器端的数据预处理要求,把数据通过网卡接口按照负载均衡的要求均匀的发送到多线程处理服务器的每个线程中。当利用网卡编程接口实现智能网卡过滤功能时,依照网卡驱动程序下发的规则对符合条件的数据流按照规则进行透传、丢弃等动作执行。 When the network card programming interface is used to realize the packet capture function of the smart network card, the smart network card sends the data evenly to each thread of the multi-thread processing server through the network card interface according to the requirements of load balancing according to the data preprocessing requirements of the server. When the network card programming interface is used to realize the intelligent network card filtering function, according to the rules issued by the network card driver, actions such as transparent transmission and discarding of qualified data streams are performed according to the rules.

本发明未涉及部分均与现有技术相同或可采用现有技术加以实现。 The parts not involved in the present invention are the same as the prior art or can be realized by adopting the prior art.

Claims (4)

1. apply a network detecting method for intelligent network adapter, it is characterized in that described intelligent network adapter is serially connected with local area network (LAN) or small-scale intranet exit, transparent transmission is done to all packets, simultaneously to by way of flow carry out analyzing and detect; Comprise the following steps:
The five-tuple acl rule of server end is issued in intelligent network adapter memory module by A, employing network interface card administration module;
B, intelligent network adapter receiving network data, and IP fragmentation restructuring and TCP flow restructuring are carried out to the data received;
C, in the data processing module of intelligent network adapter, the message reduced through overcurrent to be mated with acl rule existing in memory module, and take to abandon accordingly, transparent transmission, label, send message or send the action of daily record;
Described five-tuple refers to: the destination slogan of the protocol number of source IP address, object IP address, IP, the source port number of TCP/UDP, TCP/UDP;
Intelligent network adapter does protocal analysis and fragment restructuring the IP packet received, and then does the Protocol State Analysis of TCP layer and the splicing of packet;
In step C:
If adopt and abandon action, intelligent network adapter is ignored adopting the message abandoning action according to acl rule;
If adopt transparent transmission action, background server is uploaded to not in homogeneous turbulence buffering by adopting the data message of specifying of transparent transmission action, then the different threads of upper layer software (applications) reads data again from the stream of correspondence buffering, and data is sent in the data queue of multiple thread and goes;
If adopt the action that labels, intelligent network adapter requires to mark the message of hit rule according to acl rule, and the end that uploaded onto the server;
Send message action if adopted, intelligent network adapter, according to the acl rule action of coupling, sends the message with TCP mark;
Send diary action if adopted, intelligent network adapter, according to the acl rule action of coupling, sends daily record message to log server.
2. the network detecting method of application intelligent network adapter according to claim 1, is characterized in that:
Described intelligent network adapter comprises memory module, data processing module and data transmit-receive module; Memory module is for storing acl rule; Data transmit-receive module is for realizing the digital received and sent of intelligent network adapter to network; With the mating of existing acl rule after data processing module realizes the message received being carried out IP fragmentation restructuring and TCP flow restructuring;
Described server end configuration network interface card administration module and intelligent network adapter driver module; Network interface card administration module is for realizing the operation of interpolation to intelligent network adapter acl rule, deletion and query function; Intelligent network adapter driver module is for realizing the digital received and sent of intelligent network adapter to server end.
3. the network detecting method of application intelligent network adapter according to claim 1, is characterized in that, described intelligent network adapter also comprises DPI module, for detecting the deep layer bag receiving data.
4. the network detecting method of application intelligent network adapter according to claim 1, it is characterized in that, described intelligent network adapter provides multiple standards or special DLL (dynamic link library), by the function opening of intelligent network adapter network data analysis, detection to server end upper layer software (applications), upper layer software (applications) can catch bag analysis to the data of the portal.
CN201210236470.9A 2012-07-09 2012-07-09 Network detection method applying intelligent network card Active CN102739473B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201210236470.9A CN102739473B (en) 2012-07-09 2012-07-09 Network detection method applying intelligent network card

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201210236470.9A CN102739473B (en) 2012-07-09 2012-07-09 Network detection method applying intelligent network card

Publications (2)

Publication Number Publication Date
CN102739473A CN102739473A (en) 2012-10-17
CN102739473B true CN102739473B (en) 2015-06-24

Family

ID=46994302

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201210236470.9A Active CN102739473B (en) 2012-07-09 2012-07-09 Network detection method applying intelligent network card

Country Status (1)

Country Link
CN (1) CN102739473B (en)

Families Citing this family (24)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102904730A (en) * 2012-10-26 2013-01-30 曙光信息产业(北京)有限公司 Intelligent acceleration network card capable of filtering and picking traffic according to protocol, port and IP address
CN103856362A (en) * 2012-11-29 2014-06-11 腾讯科技(深圳)有限公司 Terminal application test method and terminal
CN103873356B (en) * 2012-12-11 2018-02-02 中国电信股份有限公司 Application and identification method, system and home gateway based on home gateway
CN104639335B (en) * 2015-01-30 2018-03-09 国家计算机网络与信息安全管理中心 Secondary development system driven by intelligent network card and method thereof
CN105337976A (en) * 2015-11-06 2016-02-17 西安交大捷普网络科技有限公司 Real-time high-efficiency database audit realization method
CN108200092A (en) * 2018-02-08 2018-06-22 赛特斯信息科技股份有限公司 Accelerate the method and system of message ACL matching treatments based on NFV technologies
CN109005194B (en) * 2018-09-04 2020-10-27 厦门安胜网络科技有限公司 No-port shadow communication method based on KCP protocol and computer storage medium
CN111064714A (en) * 2019-11-29 2020-04-24 苏州浪潮智能科技有限公司 Intelligent network card ACL updating device based on FPGA
CN111064750A (en) * 2019-12-31 2020-04-24 苏州浪潮智能科技有限公司 Network message control method and device of data center
CN110944023A (en) * 2019-12-31 2020-03-31 联想(北京)有限公司 Network security management equipment and network security management method
CN111555973B (en) * 2020-04-28 2022-11-15 深圳震有科技股份有限公司 Data packet forwarding method and device based on 5G data forwarding plane
CN111541789A (en) 2020-07-08 2020-08-14 支付宝(杭州)信息技术有限公司 Data synchronization method and device based on block chain all-in-one machine
CN112492002B (en) 2020-07-08 2023-01-20 支付宝(杭州)信息技术有限公司 Transaction forwarding method and device based on block chain all-in-one machine
CN111541726B (en) * 2020-07-08 2021-05-18 支付宝(杭州)信息技术有限公司 A method and device for replay transaction identification based on blockchain integrated machine
CN111539829B (en) 2020-07-08 2020-12-29 支付宝(杭州)信息技术有限公司 A method and device for identifying transactions to be filtered based on a blockchain integrated machine
CN111541784B (en) 2020-07-08 2021-07-20 支付宝(杭州)信息技术有限公司 A transaction processing method and device based on a blockchain integrated machine
CN112769804A (en) * 2020-12-31 2021-05-07 北京恒光信息技术股份有限公司 Internet security supervision method, system, computer equipment and readable storage medium
CN113360740B (en) * 2021-06-04 2022-10-11 上海天旦网络科技发展有限公司 Data packet labeling method and system
CN113709135B (en) * 2021-08-24 2023-02-07 杭州迪普科技股份有限公司 SSL flow audit acquisition system and method
CN114666368B (en) * 2022-03-28 2024-01-30 广东电网有限责任公司 Access control method, device, equipment and storage medium of electric power Internet of things
CN117240790A (en) * 2022-06-06 2023-12-15 华为技术有限公司 Flow table rule management method, traffic management method, system and storage medium
CN116192419B (en) * 2022-11-15 2023-09-26 中亿(深圳)信息科技有限公司 An application data security protection method and device based on Internet of Things cards
CN116527586B (en) * 2023-07-05 2023-09-19 北京亿赛通科技发展有限责任公司 Series proxy system based on multilink load balancing network
CN119449501A (en) * 2025-01-07 2025-02-14 山东华翼微电子技术股份有限公司 A network card with network message processing function

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1480857A (en) * 2003-06-05 2004-03-10 中国科学院计算技术研究所 Dual Optical Port Smart Gigabit Ethernet Card
CN101350840A (en) * 2007-07-17 2009-01-21 中兴通讯股份有限公司 A network card for Ethernet data collection and method for collecting Ethernet data
CN101582880A (en) * 2008-05-14 2009-11-18 北京启明星辰信息技术股份有限公司 Method and system for filtering messages based on audited object
US8037175B1 (en) * 2006-05-12 2011-10-11 Juniper Networks, Inc. Network device having service card for intercept and monitoring of packet flows

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1480857A (en) * 2003-06-05 2004-03-10 中国科学院计算技术研究所 Dual Optical Port Smart Gigabit Ethernet Card
US8037175B1 (en) * 2006-05-12 2011-10-11 Juniper Networks, Inc. Network device having service card for intercept and monitoring of packet flows
CN101350840A (en) * 2007-07-17 2009-01-21 中兴通讯股份有限公司 A network card for Ethernet data collection and method for collecting Ethernet data
CN101582880A (en) * 2008-05-14 2009-11-18 北京启明星辰信息技术股份有限公司 Method and system for filtering messages based on audited object

Also Published As

Publication number Publication date
CN102739473A (en) 2012-10-17

Similar Documents

Publication Publication Date Title
CN102739473B (en) Network detection method applying intelligent network card
CN101789931B (en) Network intrusion detection system and method based on data mining
US9973430B2 (en) Method and apparatus for deep packet inspection for network intrusion detection
US7623466B2 (en) Symmetric connection detection
US8917616B2 (en) Methods and apparatus for detection of a NAT device
US8547843B2 (en) System, method, and computer program product for controlling output port utilization
US7486673B2 (en) Method and system for reassembling packets prior to searching
US8045550B2 (en) Packet tunneling
US20110134932A1 (en) Marked packet forwarding
US8149705B2 (en) Packet communications unit
WO2021008028A1 (en) Network attack source tracing and protection method, electronic device and computer storage medium
CN101951378B (en) Protocol stack system structure for SSL VPN and data processing method
CN103166866B (en) Generate the method for list item, the method receiving message and related device and system
KR20160019397A (en) System and method for extracting and preserving metadata for analyzing network communications
CN103780610A (en) Network data recovery method based on protocol characteristics
US20090055930A1 (en) Content Security by Network Switch
CN103428224A (en) Method and device for intelligently defending DDoS attacks
CN102045209A (en) Network application monitoring method and system
CN107612890B (en) Network monitoring method and system
CN101997871A (en) Device for quickly capturing, filtering and forwarding data
CN103248606A (en) Network virus detection method and system for IPv4 (Internet Protocol Version 4) and IPv6 (Internet Protocol Version 6)
CN105245407A (en) Socket-Based Network Sniffer and Its Method
CN108206829B (en) Method for realizing network communication by GigE Vision protocol based on FPGA
CN101321097A (en) Recognition Method of Tencent Webcast Service Based on Payload Depth Detection
CN113453278B (en) TCP packet segmentation packaging method based on 5G UPF and terminal

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
C53 Correction of patent for invention or patent application
CB03 Change of inventor or designer information

Inventor after: Zhou Li

Inventor after: Dai Li

Inventor after: Lu Song

Inventor after: Zou Cuan

Inventor after: Wang Lidong

Inventor after: Zhang Xiaoming

Inventor after: Wang Weicheng

Inventor after: Wang Yong

Inventor after: Sun Hao

Inventor after: Yan Wei

Inventor before: Wang Lidong

Inventor before: Sun Bo

Inventor before: Yan Hanbing

Inventor before: Yuan Chunyang

Inventor before: Zhang Xiaoming

Inventor before: Dai Li

Inventor before: Sun Hao

Inventor before: Yan Wei

COR Change of bibliographic data

Free format text: CORRECT: INVENTOR; FROM: WANG LIDONG SUN BO YAN HANBING YUAN CHUNYANG ZHANG XIAOMING DAI LI SUN HAOYAN WEI TO: ZHOU LI LU SONG ZOU XIN WANG LIDONG ZHANG XIAOMING WANG WEISHENG WANG YONG SUN HAO YAN WEI DAI LI

C53 Correction of patent for invention or patent application
CB02 Change of applicant information

Address after: Yuhuatai District of Nanjing City, Jiangsu province 210012 Bauhinia Road No. 68

Applicant after: Nanjing Sinovatio Technology LLC

Applicant after: State Computer Network and Information Safety Management Center

Address before: Yuhuatai District of Nanjing City, Jiangsu province 210012 Bauhinia Road No. 68

Applicant before: Nanjing Zhongxing Special Software Co., Ltd.

Applicant before: State Computer Network and Information Safety Management Center

COR Change of bibliographic data

Free format text: CORRECT: APPLICANT; FROM: NANJING ZHONGXING SPECIAL SOFTWARE CO., LTD. TO: NANJING SINOVATIO TECHNOLOGY LLC

C14 Grant of patent or utility model
GR01 Patent grant
C56 Change in the name or address of the patentee
CP02 Change in the address of a patent holder

Address after: 210012 Yuhuatai, Jiangsu province tulip Road, No. 17, No.

Patentee after: Nanjing Sinovatio Technology LLC

Patentee after: State Computer Network and Information Safety Management Center

Address before: Yuhuatai District of Nanjing City, Jiangsu province 210012 Bauhinia Road No. 68

Patentee before: Nanjing Sinovatio Technology LLC

Patentee before: State Computer Network and Information Safety Management Center