CN103236940A - Method and device for content processing and network equipment - Google Patents
Method and device for content processing and network equipment Download PDFInfo
- Publication number
- CN103236940A CN103236940A CN201310109891XA CN201310109891A CN103236940A CN 103236940 A CN103236940 A CN 103236940A CN 201310109891X A CN201310109891X A CN 201310109891XA CN 201310109891 A CN201310109891 A CN 201310109891A CN 103236940 A CN103236940 A CN 103236940A
- Authority
- CN
- China
- Prior art keywords
- message
- data flow
- filtering
- packet
- audit
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000012545 processing Methods 0.000 title claims abstract description 37
- 238000000034 method Methods 0.000 title claims abstract description 19
- 238000001914 filtration Methods 0.000 claims abstract description 77
- 238000012550 audit Methods 0.000 claims abstract description 57
- 238000013507 mapping Methods 0.000 claims abstract description 22
- 238000003672 processing method Methods 0.000 claims description 17
- 230000000903 blocking effect Effects 0.000 claims description 9
- 238000000605 extraction Methods 0.000 claims description 2
- 238000010586 diagram Methods 0.000 description 6
- 238000007726 management method Methods 0.000 description 6
- 230000006399 behavior Effects 0.000 description 4
- 238000005516 engineering process Methods 0.000 description 3
- 238000012546 transfer Methods 0.000 description 3
- 238000013475 authorization Methods 0.000 description 2
- 230000003139 buffering effect Effects 0.000 description 2
- 230000007704 transition Effects 0.000 description 2
- 238000004458 analytical method Methods 0.000 description 1
- 238000004891 communication Methods 0.000 description 1
- 230000000694 effects Effects 0.000 description 1
- 230000006870 function Effects 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
Images
Landscapes
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention provides a method and a device for content processing and network equipment. The method includes receiving a message; inquiring mapping relations between data flow information and audit filtering strategy, and judging whether the message is sequence message or not if the audit filtering strategy matching with the data flow information of the message exists; and if yes, performing auditing and filtering processing to the content of the message. By the method and the device for the content processing and the network equipment, the problems that plenty of internal memory is taken up for caching messages in the prior art, processing speed of the network equipment is reduced due to the fact that delay of caching further increases forwarding delay of the messages, and users' experience degrees are deteriorated are solved.
Description
Technical Field
The present invention relates to communications technologies, and in particular, to a content processing method and apparatus, and a network device.
Background
At present, with the increasing size and complexity of networks, more and more network administrators of enterprises and universities need to perform fine management and classified authorization management on the networks, for example: enterprises need to control employees to entertain, purchase on-line or send out confidential information during working hours; schools need to control students to access unhealthy websites, release improper statements and the like, so that reasonable pre-authorization, in-process guidance and post-event tracing of employees or students on the internet can be achieved. The above needs require that the network device can manage and control the internet access behavior of the user, wherein auditing and filtering the content of the data stream are a key technology for implementing the management of the internet access behavior.
In the prior art, because the content of a data stream sent through a network is often dispersed in multiple messages, a network device needs to delay and cache a received message sequence belonging to the data stream in order to audit and filter the content of the data stream in a targeted manner, and after receiving all messages belonging to the data stream, performs TCP reassembly on the messages of the data stream, and then audits and filters the content in the reassembled messages of the data stream.
However, since a large amount of memory is required to be occupied as the message cache, and the delay cache also increases the message forwarding delay, the processing speed of the network device is reduced, and the user experience is deteriorated.
Disclosure of Invention
The invention provides a content processing method and device and network equipment, which are used for solving the problems that in the prior art, a large amount of memory is required to be occupied as a message cache, and the delay cache also increases the message forwarding delay, so that the processing speed of the network equipment is reduced and the user experience is poor.
A first aspect of the present invention provides a content processing method, including:
receiving a message;
inquiring the mapping relation between the data flow information and an audit filtering strategy, and if the audit filtering strategy matched with the data flow information in the message exists, judging whether the message is a sequential message;
and if the message is judged to be a sequential message, auditing and filtering the content in the message.
Another aspect of the present invention provides a content processing apparatus including:
the strategy module is used for storing the mapping relation between the data flow information and the audit filtering strategy;
the forwarding module is used for receiving the message, inquiring the mapping relation between the data flow information in the strategy module and an audit filtering strategy, and judging whether the message is a sequential message or not if the audit filtering strategy matched with the data flow information in the message exists;
and the identification module is used for auditing and filtering the content in the message if the forwarding module judges that the message is a sequential message.
Yet another aspect of the present invention provides a network device, including: the content processing apparatus as described above.
The invention has the technical effects that: by inquiring the mapping relation between the data flow information and the audit filtering strategy, if the audit filtering strategy matched with the data flow information in the received message exists, whether the message is a sequential message is judged, and when the message is judged to be the sequential message, the audit and the filtering processing are carried out on the content in the message.
Drawings
FIG. 1 is a flow chart of one embodiment of a content processing method of the present invention;
FIG. 2 is a flow chart of another embodiment of a content processing method of the present invention;
FIG. 3 is a flow chart of yet another embodiment of a content processing method of the present invention;
FIG. 4 is a schematic diagram of a content processing apparatus according to an embodiment of the present invention;
FIG. 5 is a diagram illustrating a mapping relationship between a multi-core processor and a management plane and a data plane;
fig. 6 is a schematic structural diagram of another embodiment of the content processing apparatus according to the present invention.
Detailed Description
Fig. 1 is a flowchart of an embodiment of a content processing method according to the present invention, and as shown in fig. 1, an execution main body of the embodiment is a content processing apparatus, and the content processing apparatus may be configured on a multi-core processor, and the method includes:
And 102, inquiring the mapping relation between the data flow information and the audit filtering strategy, and if the audit filtering strategy matched with the data flow information in the message exists, judging whether the message is a sequential message.
In this embodiment, the data flow information includes an IP port and/or a data flow type. It should be further noted that, if there is no audit filtering policy matching the data flow information in the packet, the packet is directly forwarded.
And 103, if the message is judged to be a sequential message, auditing and filtering the content in the message.
In this embodiment, preferably, a specific implementation manner of determining whether the packet is a sequential packet is as follows: and respectively comparing the serial number of the message with the expected serial number, and the TCP payload data length of the message with the size of the sliding window to judge whether the message is one of a repeated message, a sequential message, an out-of-order message and a message outside the sliding window. For example, when the sequence number of the message is smaller than the expected sequence number, the message is a duplicate message. When the serial number of the message is behind the expected serial number and the serial number plus the TCP payload data length of the message are within the range of the sliding window, the message is an out-of-order message; when the serial number of the message is equal to the expected serial number, the message is a sequential message; when the serial number of the message plus the TCP payload data length of the message is larger than the size of the sliding window, the message is the message outside the sliding window.
If the message is a sequential message, auditing and filtering the content in the message; if the message is an out-of-order message, namely a non-order message, the message can be forwarded after the out-of-order message copy is cached; if the message is a repeated message or a message outside a sliding window, namely a non-sequential message, the message can be directly forwarded. It should be noted that, for a partially repeated message, that is, the first half of the message belongs to the sent content, and the second half of the message belongs to the situation that no new content is sent, the new content may be intercepted and processed as a sequential message.
In this embodiment, by querying a mapping relationship between data stream information and an audit filtering policy, if an audit filtering policy matching the data stream information in a received message exists, it is determined whether the message is a sequential message, and when it is determined that the message is a sequential message, the content in the message is audited and filtered.
Fig. 2 is a flowchart of another embodiment of the content processing method of the present invention, and on the basis of the embodiment shown in fig. 1, as shown in fig. 2, a specific implementation manner of step 103 is:
step 103a, if the message is judged to be a sequential message, inquiring the mapping relation between the data flow information and the application categories, acquiring the application categories matched with the data flow information in the message, and extracting the fields needing auditing and filtering in the message according to the auditing characteristics in the matched application categories.
In this embodiment, the application categories include, but are not limited to: a website Uniform Resource Locator (URL), web browsing, a search engine, forum posting, mail, File Transfer Protocol (FTP), TELNET, and the like, wherein TELNET is a remote login Protocol. In addition, for example, for an application category of a search engine, its audit features are search keywords; for the application category of forum postings, the auditing characteristics include a posting title, a posting content and/or a posting attachment; for the application category of the mail, the auditing characteristics comprise a sender, a receiver, a copy, a secret transfer, a title, a body and/or an attachment; for the application category of web browsing, the auditing characteristics include URL, web title and/or web body, etc.
Step 103b, if the message is the first message of the data stream where the message is located, setting the current state of the Deterministic Finite Automaton (DFA) as the initial state of the data stream where the message is located.
In this embodiment, it should be noted that, if the message is not the header of the data flow in which the message is located, the current DFA state is set as the storage state of the data flow in which the message is located.
In addition, it should be noted that the DFA is an automaton capable of implementing state transition. For a given state belonging to the automaton and for a character belonging to the alphabet of the automaton, it is able to transition to the next state according to a transfer function given in advance. DFA is often used in a word filtering system, which does not require backtracking at all when scanning text, and has time complexity independent of the number and length of keywords to be matched, thus having stable and efficient keyword matching performance.
And 103c, judging whether the field needing auditing and filtering in the extracted message is matched with the feature code in the auditing and filtering strategy matched with the data flow information in the message by adopting DFA according to the current DFA state, and blocking the data flow of the message if the field needing auditing and filtering in the extracted message is matched with the feature code in the auditing and filtering strategy matched with the data flow information in the message.
It should be noted that, in the prior art, when the feature code segments are dispersed in a plurality of messages, the feature code segments can form a correct and complete feature code only after the messages are reassembled according to the sequence, so as to audit and filter the content in the messages. When the messages are not recombined according to the sequence, the content of the messages containing the feature codes cannot be accurately audited and filtered.
In this embodiment, because the DFA intermediate state storing technology can be combined and the single packet is audited and filtered according to the sequence, the influence that the feature code segments may be dispersed in a plurality of packets is avoided, so that the buffering and the reassembly of the packets in the data flow are avoided, and the forwarding delay caused by the packet buffering reassembly of the data flow is effectively reduced.
Further, in another embodiment of the present invention, on the basis of the embodiment shown in fig. 2, another specific implementation manner of the step 103b is:
and if the message is not the head message of the data flow in which the message is positioned, setting the current DFA state as the storage state of the data flow in which the message is positioned.
Fig. 3 is a flowchart of a content processing method according to another embodiment of the present invention, and as shown in fig. 3, the method of this embodiment includes:
And 204, inquiring the mapping relation between the data flow information and the application categories, acquiring the application categories matched with the data flow information in the message, and extracting fields needing auditing and filtering in the message according to the auditing characteristics in the matched application categories.
And step 206, setting the current DFA state as the initial state of the data flow where the message is located.
And step 208, blocking the data stream where the message is positioned, and ending.
It should be noted that the storage state of the data stream where the message is located exists, and belongs to the prior art, and details are not described here.
It should be noted that, when the next packet of the packet arrives, the saved state of the data flow may be restored to the initial state of the DFA of the next packet.
Step 212, cache the copy of the message and forward the message. And (6) ending.
Step 213, setting the current DFA state as the storage state of the data flow where the message is located, and executing step 207.
In this embodiment, only the out-of-order packet is cached, so the memory requirement of the packet cache is greatly reduced. In addition, when the message is a sequential message and the field needing audit filtering in the message is matched with the feature code in the audit filtering strategy matched with the data flow information in the message, the blocked message is a message containing the feature code; and when the message is a cached message and the field needing audit filtering in the message is matched with the feature code in the audit filtering strategy matched with the data flow information in the message, the blocked message is a prefix message of the cached message. No matter which message is blocked, the opposite side can discard the data stream because the opposite side can not receive the complete data stream, thereby effectively preventing the data stream from being sent or received and achieving the purposes of auditing and filtering. Therefore, the cached message is processed by sending first and then auditing and filtering, so that extra forwarding delay is avoided, and the data stream of the message can be effectively blocked when the field needing auditing and filtering in the message is matched with the feature code in the auditing and filtering strategy matched with the data stream information in the message.
Preferably, the method further comprises:
and recording fields needing audit filtering.
In this embodiment, whether the message is a forwarding message or a blocking message, the field that needs to be audited and filtered in the message may also be recorded, for example: and recording the fields needing audit filtering to a system database, a local disk, or synchronizing the fields to an external log server, and the like, so that a network administrator can perform classification query and analysis according to the fields needing audit filtering in the message, know the internet behavior state of the network user and reasonably monitor the internet behavior of the user.
Those of ordinary skill in the art will understand that: all or a portion of the steps of implementing the above-described method embodiments may be performed by hardware associated with program instructions. The program may be stored in a computer-readable storage medium. When executed, the program performs steps comprising the method embodiments described above; and the aforementioned storage medium includes: various media that can store program codes, such as ROM, RAM, magnetic or optical disks.
Fig. 4 is a schematic structural diagram of a content processing apparatus according to an embodiment of the present invention, and as shown in fig. 4, the content processing apparatus includes: a policy module 11, a forwarding module 12 and an identification module 13. The policy module 11 is configured to store a mapping relationship between data flow information and an audit filtering policy; the forwarding module 12 is configured to receive a message, query a mapping relationship between data flow information in the policy module 11 and an audit filtering policy, and if an audit filtering policy matching the data flow information in the message exists, determine whether the message is a sequential message; the identification module 13 is configured to perform audit and filtering processing on the content in the message if the forwarding module 12 determines that the message is a sequential message.
In the present embodiment, the policy module 11 is located on the management plane, and the forwarding module 12 and the identification module 13 are located on the data plane. In addition, it should be further noted that fig. 5 is a schematic diagram of a correspondence relationship between a multi-CORE processor and a management plane and a data plane, as shown in fig. 5, when the content processing apparatus may be a network device and is under an architecture of a multi-CORE processor having N +1 COREs, the data plane may operate on N COREs in parallel to perform packet forwarding, and each CORE (CORE) has an independent forwarding module 12 and an independent identification module 13, so that the number of the forwarding modules 12 and the identification modules 13 in this embodiment may be multiple, so that multiple data streams may be processed simultaneously in parallel, throughput and delay of data are ensured, and further, high processing performance is achieved. Wherein N is a positive integer.
In this embodiment, the content processing apparatus may execute the technical solution of the method embodiment shown in fig. 1, and the implementation principles thereof are similar, and are not described herein again.
In this embodiment, by querying a mapping relationship between data stream information and an audit filtering policy, if an audit filtering policy matching the data stream information in a received message exists, it is determined whether the message is a sequential message, and when it is determined that the message is a sequential message, the content in the message is audited and filtered.
Fig. 6 is a schematic structural diagram of another embodiment of the content processing apparatus according to the present invention, and on the basis of the embodiment shown in fig. 4, as shown in fig. 6, the apparatus further includes: and the content characteristic library module 14 is used for storing the mapping relation between the data stream information and the application categories.
The identification module 13 comprises: an extraction unit 131, a matching unit 133, and a blocking unit 134; the extracting unit 131 is configured to query a mapping relationship between the data stream information and the application categories in the content feature library module 14, obtain an application category matched with the data stream information in the packet, and extract fields to be audited and filtered in the packet according to audit features in the matched application category; the matching unit 133 is configured to determine, according to the DFA state of the current finite automata, whether a field to be audited and filtered in the extracted message matches a feature code in an audit filtering policy that matches data flow information in the message, by using the DFA; the blocking unit 134 is configured to block the data stream where the message is located if the matching unit 133 determines that the message is matched.
Preferably, the identification module further comprises: a setting unit 132, configured to set the current DFA state as an initial state of the data flow where the message is located if the message is a header message of the data flow where the message is located; or,
the setting unit 132 is further configured to set the current DFA state as the storage state of the data flow in which the packet is located, if the packet is not the header packet of the data flow in which the packet is located.
More preferably, the setting unit is further configured to set the storage state of the data flow where the message is located as a DFA state of end if the matching unit 133 determines that the field that needs to be audited and filtered in the extracted message is not matched with the feature code in the audit filtering policy that matches the data flow information in the message; the forwarding module 12 is also configured to forward the message.
More preferably, the apparatus further includes a cache module 15, configured to cache a copy of the packet when the forwarding module 12 determines that the packet is an out-of-order packet; the forwarding module 12 is further configured to forward the message after the caching module 15 caches the copy of the message.
More preferably, after blocking the data stream where the message is located or forwarding the message, the identification module 13 is further configured to determine whether a next message of the message exists in the cached message, and if so, perform audit and filtering processing on content in the next message of the message.
It should be noted that the processing procedure of the next message of the message is similar to that of the message, and is not described herein again.
More preferably, the apparatus may further include: and the auditing module 16 is used for recording the fields needing auditing and filtering.
The content processing apparatus of this embodiment may execute the technical solution of the method embodiment shown in fig. 2 or fig. 3, and the implementation principles thereof are similar, and are not described herein again.
The present invention further provides a network device, which includes a content processing apparatus, where the content processing apparatus may be any one of the content processing apparatuses shown in fig. 4 to 6, and executes any one of the content processing methods shown in fig. 1 to 3, and the implementation principles thereof are similar, and are not described herein again.
Preferably, the network device may be a gateway or a bridge.
Finally, it should be noted that: the above embodiments are only used to illustrate the technical solution of the present invention, and not to limit the same; while the invention has been described in detail and with reference to the foregoing embodiments, it will be understood by those skilled in the art that: the technical solutions described in the foregoing embodiments may still be modified, or some or all of the technical features may be equivalently replaced; and the modifications or the substitutions do not make the essence of the corresponding technical solutions depart from the scope of the technical solutions of the embodiments of the present invention.
Claims (15)
1. A method for processing content, comprising:
receiving a message;
inquiring the mapping relation between the data flow information and an audit filtering strategy, and if the audit filtering strategy matched with the data flow information in the message exists, judging whether the message is a sequential message;
and if the message is judged to be a sequential message, auditing and filtering the content in the message.
2. The content processing method according to claim 1, wherein the auditing and filtering the content in the message comprises:
inquiring the mapping relation between the data flow information and the application categories, acquiring the application categories matched with the data flow information in the message, and extracting fields needing auditing and filtering in the message according to auditing characteristics in the matched application categories;
and judging whether the field needing audit filtering in the extracted message is matched with a feature code in an audit filtering strategy matched with data flow information in the message or not by adopting DFA according to the DFA state of the current finite automaton, and blocking the data flow of the message if the field needing audit filtering in the extracted message is matched with the feature code in the audit filtering strategy matched with the data flow information in the message.
3. The content processing method according to claim 2, wherein before the determining, by using DFA according to the current DFA status, whether the extracted fields of the message that need to be audited and filtered match the feature codes in the audit filtering policy that matches the data flow information in the message, the method further comprises:
if the message is the first message of the data flow where the message is located, setting the current DFA state as the initial state of the data flow where the message is located; or,
and if the message is not the head message of the data flow in which the message is positioned, setting the current DFA state as the storage state of the data flow in which the message is positioned.
4. The content processing method according to claim 3, further comprising:
and if the field needing audit filtering in the extracted message is not matched with the feature code in the audit filtering strategy matched with the data flow information in the message, setting the storage state of the data flow in which the message is positioned as the finished DFA state, and forwarding the message.
5. The content processing method according to claim 1 or 4, further comprising:
if the message is judged to be the out-of-order message, the copy of the message is cached, and then the message is forwarded.
6. The content processing method according to claim 5, wherein after forwarding the packet, the method further comprises:
and judging whether the next message of the message exists in the cached messages, and if so, auditing and filtering the content in the next message of the message.
7. The content processing method according to claim 2, further comprising;
and recording the fields needing audit filtering.
8. A content processing apparatus characterized by comprising:
the strategy module is used for storing the mapping relation between the data flow information and the audit filtering strategy;
the forwarding module is used for receiving the message, inquiring the mapping relation between the data flow information in the strategy module and an audit filtering strategy, and judging whether the message is a sequential message or not if the audit filtering strategy matched with the data flow information in the message exists;
and the identification module is used for auditing and filtering the content in the message if the forwarding module judges that the message is a sequential message.
9. The content processing apparatus according to claim 8, further comprising:
the content characteristic library module is used for storing the mapping relation between the data stream information and the application categories;
the identification module comprises:
the extraction unit is used for inquiring the mapping relation between the data flow information and the application categories in the content feature library module, acquiring the application categories matched with the data flow information in the message, and extracting the fields needing audit filtering in the message according to the audit features in the matched application categories;
the matching unit is used for judging whether the fields needing auditing and filtering in the extracted message are matched with the feature codes in the auditing and filtering strategy matched with the data flow information in the message by adopting DFA according to the DFA state of the current finite automaton;
and the blocking unit is used for blocking the data stream where the message is located if the matching unit judges that the message is matched with the message.
10. The content processing apparatus according to claim 9, wherein the identification module further comprises:
a setting unit, configured to set the current DFA state as an initial state of a data flow in which the packet is located, if the packet is a first packet of the data flow in which the packet is located; or,
the setting unit is further configured to set the current DFA state as a storage state of the data flow where the packet is located, if the packet is not a header packet of the data flow where the packet is located.
11. The content processing apparatus according to claim 10, wherein the setting unit is further configured to set a storage state of a data flow in which the message is located as a DFA state of end if the matching unit determines that the field that needs to be audited and filtered in the extracted message does not match a feature code in an audit filtering policy that matches data flow information in the message;
the forwarding module is further configured to forward the packet.
12. The content processing apparatus according to claim 8 or 11, further comprising:
the cache module is used for caching the copy of the message when the forwarding module judges that the message is the out-of-order message;
the forwarding module is further configured to forward the packet after the cache module caches the copy of the packet.
13. The content processing apparatus according to claim 12, wherein after forwarding the packet, the identification module is further configured to determine whether a next packet of the packet exists in the cached packet, and if so, perform audit and filtering processing on content in the next packet of the packet.
14. The content processing apparatus according to claim 9, further comprising:
and the auditing module is used for recording the fields needing auditing and filtering.
15. A network device, comprising: a content processing apparatus according to any one of claims 8 to 14.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201310109891XA CN103236940A (en) | 2013-03-29 | 2013-03-29 | Method and device for content processing and network equipment |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201310109891XA CN103236940A (en) | 2013-03-29 | 2013-03-29 | Method and device for content processing and network equipment |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN103236940A true CN103236940A (en) | 2013-08-07 |
Family
ID=48884958
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201310109891XA Pending CN103236940A (en) | 2013-03-29 | 2013-03-29 | Method and device for content processing and network equipment |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN103236940A (en) |
Cited By (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103618733A (en) * | 2013-12-06 | 2014-03-05 | 北京中创信测科技股份有限公司 | Data filtering system and method applied to mobile internet |
| CN103684927A (en) * | 2013-12-27 | 2014-03-26 | 昆山中创软件工程有限责任公司 | Data packet monitoring method and device |
| CN105743728A (en) * | 2014-12-11 | 2016-07-06 | 杭州迪普科技有限公司 | Method and apparatus for guaranteeing sequence of data blocks |
| CN107733813A (en) * | 2016-08-12 | 2018-02-23 | 中兴通讯股份有限公司 | Message forwarding method and device |
| CN108171887A (en) * | 2017-12-20 | 2018-06-15 | 新华三技术有限公司 | A kind of method and device of electric energy tariff |
| CN108834059A (en) * | 2018-05-07 | 2018-11-16 | 深圳绿净网科技有限公司 | Behavior monitoring management method and system based on wireless network |
| CN116016399A (en) * | 2022-12-30 | 2023-04-25 | 北京天融信网络安全技术有限公司 | Message processing method, device, electronic device, and computer-readable storage medium |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101009660A (en) * | 2007-01-19 | 2007-08-01 | 杭州华为三康技术有限公司 | Universal method and device for processing the match of the segmented message mode |
| CN101252444A (en) * | 2008-04-03 | 2008-08-27 | 华为技术有限公司 | Message feature detection method and device |
| US20100177640A1 (en) * | 2004-01-16 | 2010-07-15 | Gordon Andrew Booman | Methods and apparatus for information processing and display for network management |
| CN101902461A (en) * | 2010-04-07 | 2010-12-01 | 北京星网锐捷网络技术有限公司 | Method and device for filtering data stream contents |
| CN102143151A (en) * | 2010-12-22 | 2011-08-03 | 华为技术有限公司 | Deep packet inspection based protocol packet spanning inspection method and deep packet inspection based protocol packet spanning inspection device |
-
2013
- 2013-03-29 CN CN201310109891XA patent/CN103236940A/en active Pending
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20100177640A1 (en) * | 2004-01-16 | 2010-07-15 | Gordon Andrew Booman | Methods and apparatus for information processing and display for network management |
| CN101009660A (en) * | 2007-01-19 | 2007-08-01 | 杭州华为三康技术有限公司 | Universal method and device for processing the match of the segmented message mode |
| CN101252444A (en) * | 2008-04-03 | 2008-08-27 | 华为技术有限公司 | Message feature detection method and device |
| CN101902461A (en) * | 2010-04-07 | 2010-12-01 | 北京星网锐捷网络技术有限公司 | Method and device for filtering data stream contents |
| CN102143151A (en) * | 2010-12-22 | 2011-08-03 | 华为技术有限公司 | Deep packet inspection based protocol packet spanning inspection method and deep packet inspection based protocol packet spanning inspection device |
Cited By (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103618733A (en) * | 2013-12-06 | 2014-03-05 | 北京中创信测科技股份有限公司 | Data filtering system and method applied to mobile internet |
| CN103684927A (en) * | 2013-12-27 | 2014-03-26 | 昆山中创软件工程有限责任公司 | Data packet monitoring method and device |
| CN105743728A (en) * | 2014-12-11 | 2016-07-06 | 杭州迪普科技有限公司 | Method and apparatus for guaranteeing sequence of data blocks |
| CN107733813A (en) * | 2016-08-12 | 2018-02-23 | 中兴通讯股份有限公司 | Message forwarding method and device |
| CN108171887A (en) * | 2017-12-20 | 2018-06-15 | 新华三技术有限公司 | A kind of method and device of electric energy tariff |
| CN108834059A (en) * | 2018-05-07 | 2018-11-16 | 深圳绿净网科技有限公司 | Behavior monitoring management method and system based on wireless network |
| CN116016399A (en) * | 2022-12-30 | 2023-04-25 | 北京天融信网络安全技术有限公司 | Message processing method, device, electronic device, and computer-readable storage medium |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US9912680B2 (en) | Detecting malicious HTTP redirections using user browsing activity trees | |
| US11863587B2 (en) | Webshell detection method and apparatus | |
| US8577817B1 (en) | System and method for using network application signatures based on term transition state machine | |
| EP3905622B1 (en) | Botnet detection method and system, and storage medium | |
| US10735379B2 (en) | Hybrid hardware-software distributed threat analysis | |
| US8494985B1 (en) | System and method for using network application signatures based on modified term transition state machine | |
| US8964548B1 (en) | System and method for determining network application signatures using flow payloads | |
| CN103236940A (en) | Method and device for content processing and network equipment | |
| CN101924757B (en) | Method and system for reviewing Botnet | |
| US10263868B1 (en) | User-specific policy enforcement based on network traffic fingerprinting | |
| Sija et al. | A survey of automatic protocol reverse engineering approaches, methods, and tools on the inputs and outputs view | |
| US20080144655A1 (en) | Systems, methods, and computer program products for passively transforming internet protocol (IP) network traffic | |
| Collins et al. | Network security through data analysis: building situational awareness | |
| CN108259425A (en) | The determining method, apparatus and server of query-attack | |
| US10237151B2 (en) | Attributing network address translation device processed traffic to individual hosts | |
| US20240179228A1 (en) | System and methods for automated computer security policy generation and anomaly detection | |
| CN107547310A (en) | A kind of user behavior association analysis method and system based on bypass audit device | |
| Kumar et al. | Light weighted CNN model to detect DDoS attack over distributed scenario | |
| CN115514537A (en) | Method and system for judging suspicious traffic in encrypted traffic | |
| Kuzniar et al. | Poiriot: Fingerprinting iot devices at tbps scale | |
| EP4293550A1 (en) | Traffic processing method and protection system | |
| Rana et al. | Automated fast-flux detection using machine learning and genetic algorithms | |
| Oudah et al. | Using burstiness for network applications classification | |
| JP2010239392A (en) | System, device and program for controlling service disabling attack | |
| KR20160120159A (en) | System and providing method for retroactive network inspection |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C12 | Rejection of a patent application after its publication | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20130807 |