CN103248606A - Network virus detection method and system for IPv4 (Internet Protocol Version 4) and IPv6 (Internet Protocol Version 6) - Google Patents
Network virus detection method and system for IPv4 (Internet Protocol Version 4) and IPv6 (Internet Protocol Version 6) Download PDFInfo
- Publication number
- CN103248606A CN103248606A CN2012100226672A CN201210022667A CN103248606A CN 103248606 A CN103248606 A CN 103248606A CN 2012100226672 A CN2012100226672 A CN 2012100226672A CN 201210022667 A CN201210022667 A CN 201210022667A CN 103248606 A CN103248606 A CN 103248606A
- Authority
- CN
- China
- Prior art keywords
- protocol
- packet
- ipv6
- ipv4
- identification
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Abstract
The invention provides a network virus detection method and system for IPv4 (Internet Protocol Version 4) and IPv6 (Internet Protocol Version 6). The method comprises the steps as follows: network data packages are captured; protocol identification for the network layer and the IP (internet protocol) layer is performed on data packages using an IPv4 protocol or an IPv6 protocol; data packages provided with the same transmission control protocol (TCP) tetrad are reorganized; an application layer protocol of a data stream is identified, data packages in the data stream are realigned sequentially and reduced into a correct realignment order of a file; protocol analysis is performed on the data stream using the IPv4 protocol or the IPv6 protocol, and the data stream comprising a file transfer behavior is reduced into a file according to a protocol analysis result; the data steam is sent to a detection engine for network virus detection, and a detection report is generated; and the detection report is provided for an external processing program. The invention further provides a network virus detection system for the IPv4 and the IPv6. With the adoption of the network virus detection method and system, the problem that network security is difficult to control in a conventional transport process from the IPv4 to the IPv6 is effectively solved.
Description
Technical field
The present invention relates to network security and detect management domain, particularly a kind of internet worm detection method and system towards IPv4 and IPv6.
Background technology
Along with the fast development of the Internet, because the opening of IP network environment and IPv4 lack comprehensive consideration to safety problem the designer, traditional IPv4 exposes increasing shortcoming, IP network security situation sternness at present.Spreading unchecked of virus, malicious code is attacked, and assault makes that whole network is more and more dangerous, and IEIF has proposed new internet address solution IPv6 for this reason, and through development in a few years, the IPv6 technology is day by day ripe, is called the standard of Next Generation Internet.
As next generation network layer protocol standard, IPv6 certainly will obtain promotion and application widely from now on, in this case, how to realize becoming current problem towards the safe practice of IPv6.
Summary of the invention
The invention provides a kind of internet worm detection method and system towards IPv4 and IPv6, effectively broken off relations the problem that existing IPv4 network security in the IPv6 transition process is difficult to monitor.
A kind of internet worm detection method towards IPv4 and IPv6 comprises:
Catch network packet;
Carry out network layer protocol identification, judgment data bag IP address protocol if packet uses the IPv4 agreement, then carries out the identification of IPv4 network layer protocol, if packet uses the IPv6 agreement, then carries out the identification of IPv6 network layer protocol;
Carry out the IP protocol-decoding according to the employed protocol type of packet, obtain the TCP four-tuple of packet, if packet uses the IPv4 agreement, then use the IPv4IP layer decoder, if packet uses the IPv6 agreement, then use the IPv6IP layer decoder; Source address, destination address, source port and destination interface that described TCP four-tuple is packet.
To have the packet reorganization of identical TCP four-tuple, and make discrete packet pool data flow;
Application layer protocol to each data flow is identified, and identifies the application layer protocol that the file transfer behavior takes place;
According to the application layer protocol recognition result, packet sequence in the data flow is rearranged, be reduced to correctly putting in order of file;
Data stream is carried out protocol analysis, and according to protocol stack, judgment data flows employed protocol type, if the IPv4 agreement is then used the IPv4 protocol analysis, if the IPv6 agreement is then used the IPv6 protocol analysis;
According to the protocol analysis result, the data flow of include file transport behavior is reduced to file, the data flow of non-file transfer behavior is not handled;
According to the content type of packet, packet is sent to default correspondence detection engine carry out the internet worm detection, and generate examining report;
Examining report is sent to the external treatment program.
In the described method, described network layer protocol identification comprises the identification of TCP/IP, ARP and RARP agreement at least.
In the described method, the content type of described packet comprises at least: the data flow of file and non-file content.
A kind of internet worm detection system towards IPv4 and IPv6 comprises:
Catch the bag module, be used for catching network packet;
The network layer identification module is used for carrying out network layer protocol identification, and judgment data bag IP address protocol if packet uses the IPv4 agreement, then carries out the identification of IPv4 network layer protocol, if packet uses the IPv6 agreement, then carries out the identification of IPv6 network layer protocol;
IP layer identification module is used for carrying out the IP protocol-decoding according to the employed protocol type of packet, obtains the TCP four-tuple of packet, if packet uses the IPv4 agreement, then use the IPv4IP layer decoder, if packet uses the IPv6 agreement, then use the IPv6IP layer decoder;
The stream convergence module, the packet reorganization that is used for having identical TCP four-tuple makes discrete packet pool data flow;
The application protocol identification module is used for the application layer protocol of each data flow is identified, and identifies the application layer protocol that the file transfer behavior takes place;
The stream recovery module is used for according to the application layer protocol recognition result, and packet sequence in the data flow is rearranged, and is reduced to correctly putting in order of file;
The protocol analysis module is used for data stream is carried out protocol analysis, and according to protocol stack, the judgment data stream protocol type that uses is if the IPv4 agreement is then used the IPv4 protocol analysis, if the IPv6 agreement is then used the IPv6 protocol analysis;
The file recovery module is used for according to the protocol analysis result, and the data flow of include file transport behavior is reduced to file, and the data flow of non-file transfer behavior is not handled;
Detect engine modules, be used for the content type according to packet, packet is sent to default correspondence detection engine carry out the internet worm detection, and generate examining report;
The response interface module is used for examining report is sent to the external treatment program.
In the described system, described network layer identification module comprises the identification of TCP/IP, ARP and RARP agreement at least to the identification of network layer protocol.
In the described system, the content type of described packet comprises at least: the data flow of file and non-file content.
The present invention can carry out protocol analysis respectively according to the difference of the employed IP address resolution protocol of transfer of data, and the network security threats event in can the effective monitoring net provides the security postures report towards monitoring the whole network.
The invention provides a kind of internet worm detection method and system towards IPv4 and IPv6, method comprises: catch network packet; The packet that uses IPv4 agreement or IPv6 agreement is carried out network layer and the identification of IP layer protocol respectively; The packet reorganization that will have identical TCP four-tuple; Application layer protocol identification to data flow rearranges packet sequence in the data flow, is reduced to correctly putting in order of file; The data flow of using IPv4 agreement or IPv6 agreement is carried out protocol analysis, follow according to the protocol analysis result, the data flow of include file transport behavior is reduced to file; Data flow is sent to the detection engine carry out the internet worm detection, and generate examining report; Examining report is offered the external treatment program.The present invention also provides a kind of internet worm detection system towards IPv4 and IPv6, by method and system of the present invention, efficiently solves the problem that existing IPv4 network security in the IPv6 transition process is difficult to monitor, and timely and effective prevention threatens and spreads.
Description of drawings
In order to be illustrated more clearly in the present invention or technical scheme of the prior art, to do to introduce simply to the accompanying drawing of required use in embodiment or the description of the Prior Art below, apparently, the accompanying drawing that describes below only is some embodiment that put down in writing among the present invention, for those of ordinary skills, under the prerequisite of not paying creative work, can also obtain other accompanying drawing according to these accompanying drawings.
Fig. 1 is a kind of internet worm detection method flow chart towards IPv4 and IPv6;
Fig. 2 is a kind of internet worm detection system structural representation towards IPv4 and IPv6.
Embodiment
In order to make those skilled in the art person understand technical scheme in the embodiment of the invention better, and above-mentioned purpose of the present invention, feature and advantage can be become apparent more, below in conjunction with accompanying drawing technical scheme among the present invention is described in further detail.
The invention provides a kind of internet worm detection method and system towards IPv4 and IPv6, effectively broken off relations the problem that existing IPv4 network security in the IPv6 transition process is difficult to monitor.
A kind of internet worm detection method towards IPv4 and IPv6 comprises:
S101: catch network packet;
The network data packet function is caught in realization can use PCAP(packet capture library, the packet capturing storehouse) catch bag, zero duplication technology is caught bag, and special-purpose network interface card catches modes such as bag, uses the pcap mode to catch bag, then the adaptability of system is relatively good, but performance is not high; Use zero duplication technology to catch bag, have higher performance; Use special-purpose network interface card to catch bag, have very high-performance and stability; Native system is by revising the driving of network interface card, and network data is directly write to user's space in the mode of DMA, realizes that zero-copy obtains network data;
S102: carry out network layer protocol identification, judgment data bag IP address protocol if packet uses the IPv4 agreement, is then carried out S103, if packet uses the IPv6 agreement, then carries out S104;
S103: carry out the identification of IPv4 network layer protocol, and carry out S105;
S104: carry out the identification of IPv6 network layer protocol, and carry out S106;
S105: use the IPv4IP layer decoder, to the IP protocol-decoding of packet, obtain the TCP four-tuple of packet;
S106: use the IPv6IP layer decoder, to the IP protocol-decoding of packet, obtain the TCP four-tuple of packet;
Source address, destination address, source port and destination interface that described TCP four-tuple is packet.
S107: will have the packet reorganization of identical TCP four-tuple, and make discrete packet pool data flow;
S108: the application layer protocol to each data flow is identified, and identifies the application layer protocol that the file transfer behavior takes place; Finish the identification that the agreement of file transfer may take place to various;
S109: according to the application layer protocol recognition result, packet sequence in the data flow is rearranged, be reduced to correctly putting in order of file; By rearranging of packet in the data flow, data flow is reassembled as a data flow correct, that do not have redundant data;
S110: data stream is carried out protocol analysis, and according to protocol stack, judgment data flows employed protocol type, if the IPv4 agreement is then carried out S111, if the IPv6 agreement is then carried out S112;
S111: use the IPv4 protocol analysis;
S112: use the IPv6 protocol analysis;
S113: according to the protocol analysis result, the data flow of include file transport behavior is reduced to file, the data flow of non-file transfer behavior is not dealt with;
S114: according to the content type of packet, packet is sent to default correspondence detection engine carry out the internet worm detection, and generate examining report;
S115: examining report is sent to the external treatment program.
In the described method, described network layer protocol identification comprises the identification of agreements such as TCP/IP, ARP and RARP at least.
In the described method, the content type of described packet comprises at least: the data flow of file and non-file content.This method adopts the mode of operations that detect engine more, adopts suitable detection engine at data of different types, thereby reaches the efficient detection to internet worm, detects engine as behavior and directly packet is detected, and obtains testing result; The request data package of HTTP is called URL detection engine and is detected, and obtains suspicious URL record; For incomplete file, wait after byte-sized to be restored meets the demands, call non-partial data stream engine, send into non-partial data stream and detect engine and detect etc.
A kind of internet worm detection system towards IPv4 and IPv6 comprises:
Network layer identification module 202 is used for carrying out network layer protocol identification, and judgment data bag IP address protocol if packet uses the IPv4 agreement, then carries out the identification of IPv4 network layer protocol, if packet uses the IPv6 agreement, then carries out the identification of IPv6 network layer protocol;
IP layer identification module 203 is used for carrying out the IP protocol-decoding according to the employed protocol type of packet, obtains the TCP four-tuple of packet, if packet uses the IPv4 agreement, then use the IPv4IP layer decoder, if packet uses the IPv6 agreement, then use the IPv6IP layer decoder;
Application protocol identification module 205 is used for the application layer protocol of data flow is identified, and identifies the application layer protocol that the file transfer behavior takes place;
Detect engine modules 209, be used for the content type according to packet, packet is sent to default correspondence detection engine carry out the internet worm detection, and generate examining report;
In the described system, described network layer identification module comprises the identification of TCP/IP, ARP and RARP agreement at least to the identification of network layer protocol.
In the described system, the content type of described packet comprises at least: the data flow of file and non-file content.
The present invention can carry out protocol analysis respectively according to the difference of the employed IP address resolution protocol of transfer of data, and the network security threats event in can the effective monitoring net provides the security postures report towards monitoring the whole network.
The invention provides a kind of internet worm detection method and system towards IPv4 and IPv6, method comprises: catch network packet; The packet that uses IPv4 agreement or IPv6 agreement is carried out network layer and the identification of IP layer protocol respectively; The packet reorganization that will have identical TCP four-tuple; Application layer protocol identification to data flow rearranges packet sequence in the data flow, is reduced to correctly putting in order of file; The data flow of using IPv4 agreement or IPv6 agreement is carried out protocol analysis, follow according to the protocol analysis result, the data flow of include file transport behavior is reduced to file; Data flow is sent to the detection engine carry out the internet worm detection, and generate examining report; Examining report is offered the external treatment program.The present invention also provides a kind of internet worm detection system towards IPv4 and IPv6, by method and system of the present invention, efficiently solves the problem that existing IPv4 network security in the IPv6 transition process is difficult to monitor, and timely and effective prevention threatens and spreads.
Each embodiment in this specification all adopts the mode of going forward one by one to describe, and identical similar part is mutually referring to getting final product between each embodiment, and each embodiment stresses is difference with other embodiment.Especially, for system embodiment, because it is substantially similar in appearance to method embodiment, so description is fairly simple, relevant part gets final product referring to the part explanation of method embodiment.
Though described the present invention by embodiment, those of ordinary skills know, the present invention has many distortion and variation and do not break away from spirit of the present invention, wish that appended claim comprises these distortion and variation and do not break away from spirit of the present invention.
Claims (6)
1. the internet worm detection method towards IPv4 and IPv6 is characterized in that, comprising:
Catch network packet;
Carry out network layer protocol identification, judgment data bag IP address protocol if packet uses the IPv4 agreement, then carries out the identification of IPv4 network layer protocol, if packet uses the IPv6 agreement, then carries out the identification of IPv6 network layer protocol;
Carry out the IP protocol-decoding according to the employed protocol type of packet, obtain the TCP four-tuple of packet, if packet uses the IPv4 agreement, then use the IPv4IP layer decoder, if packet uses the IPv6 agreement, then use the IPv6IP layer decoder;
To have the packet reorganization of identical TCP four-tuple, and make discrete packet pool data flow;
Application layer protocol to each data flow is identified, and identifies the application layer protocol that the file transfer behavior takes place;
According to the application layer protocol recognition result, packet sequence in the data flow is rearranged, be reduced to correctly putting in order of packet;
Data stream is carried out protocol analysis, and according to protocol stack, judgment data flows employed protocol type, if the IPv4 agreement is then used the IPv4 protocol analysis, if the IPv6 agreement is then used the IPv6 protocol analysis;
According to the protocol analysis result, the data flow of include file transport behavior is reduced to file, the data flow of non-file transfer behavior is not dealt with;
According to the content type of packet, packet is sent to default correspondence detection engine carry out the internet worm detection, and generate examining report;
Examining report is sent to the external treatment program.
2. the method for claim 1 is characterized in that, described network layer protocol identification comprises the identification of TCP/IP, ARP and RARP agreement at least.
3. the method for claim 1 is characterized in that, the content type of described packet comprises at least: the data flow of file and non-file content.
4. the internet worm detection system towards IPv4 and IPv6 is characterized in that, comprising:
Catch the bag module, be used for catching network packet;
The network layer identification module is used for carrying out network layer protocol identification, and judgment data bag IP address protocol if packet uses the IPv4 agreement, then carries out the identification of IPv4 network layer protocol, if packet uses the IPv6 agreement, then carries out the identification of IPv6 network layer protocol;
IP layer identification module is used for carrying out the IP protocol-decoding according to the employed protocol type of packet, obtains the TCP four-tuple of packet, if packet uses the IPv4 agreement, then use the IPv4IP layer decoder, if packet uses the IPv6 agreement, then use the IPv6IP layer decoder;
The stream convergence module, the packet reorganization that is used for having identical TCP four-tuple makes discrete packet pool data flow;
The application protocol identification module is used for the application layer protocol of each data flow is identified, and identifies the application layer protocol that the file transfer behavior takes place;
The stream recovery module is used for according to the application layer protocol recognition result, and packet sequence in the data flow is rearranged, and is reduced to correctly putting in order of packet;
The protocol analysis module is used for data stream is carried out protocol analysis, and according to protocol stack, judgment data flows employed protocol type, if the IPv4 agreement is then used the IPv4 protocol analysis, if the IPv6 agreement is then used the IPv6 protocol analysis;
The file recovery module is used for according to the protocol analysis result, and the data flow of include file transport behavior is reduced to file, and the data flow of non-file transfer behavior is not handled;
Detect engine modules, be used for the content type according to packet, packet is sent to default correspondence detection engine carry out the internet worm detection, and generate examining report;
The response interface module is used for examining report is sent to the external treatment program.
5. system as claimed in claim 4 is characterized in that, described network layer identification module comprises the identification of TCP/IP, ARP and RARP agreement at least to the identification of network layer protocol.
6. system as claimed in claim 4 is characterized in that, the content type of described packet comprises at least: the data flow of file and non-file content.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2012100226672A CN103248606A (en) | 2012-02-02 | 2012-02-02 | Network virus detection method and system for IPv4 (Internet Protocol Version 4) and IPv6 (Internet Protocol Version 6) |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2012100226672A CN103248606A (en) | 2012-02-02 | 2012-02-02 | Network virus detection method and system for IPv4 (Internet Protocol Version 4) and IPv6 (Internet Protocol Version 6) |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN103248606A true CN103248606A (en) | 2013-08-14 |
Family
ID=48927830
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN2012100226672A Pending CN103248606A (en) | 2012-02-02 | 2012-02-02 | Network virus detection method and system for IPv4 (Internet Protocol Version 4) and IPv6 (Internet Protocol Version 6) |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN103248606A (en) |
Cited By (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103281291A (en) * | 2013-02-19 | 2013-09-04 | 电子科技大学 | Application layer protocol identification method based on Hadoop |
| CN103634306A (en) * | 2013-11-18 | 2014-03-12 | 北京奇虎科技有限公司 | Security detection method and security detection server for network data |
| CN103780610A (en) * | 2014-01-16 | 2014-05-07 | 绵阳师范学院 | Network data recovery method based on protocol characteristics |
| CN103905417A (en) * | 2013-11-12 | 2014-07-02 | 国家计算机网络与信息安全管理中心 | Device and method for authentication of network device files |
| CN106911527A (en) * | 2015-12-23 | 2017-06-30 | 北京奇虎科技有限公司 | A kind of flow monitoring device and method |
| CN110061955A (en) * | 2018-01-19 | 2019-07-26 | 北京盛世光明软件股份有限公司 | A kind of data convert system based on data flow |
| CN111343008A (en) * | 2020-02-13 | 2020-06-26 | 中国科学院信息工程研究所 | Comprehensive measurement method and system for discovering IPv6 accelerated deployment state |
| CN112039904A (en) * | 2020-09-03 | 2020-12-04 | 福州林科斯拉信息技术有限公司 | Network traffic analysis and file extraction system and method |
| CN116599780A (en) * | 2023-07-19 | 2023-08-15 | 国家计算机网络与信息安全管理中心江西分中心 | Analysis and test method for IPv6 network data flow monitoring technology |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US6275937B1 (en) * | 1997-11-06 | 2001-08-14 | International Business Machines Corporation | Collaborative server processing of content and meta-information with application to virus checking in a server network |
| CN1529248A (en) * | 2003-10-20 | 2004-09-15 | 北京启明星辰信息技术有限公司 | Network invasion related event detecting method and system |
| CN1909488A (en) * | 2006-08-30 | 2007-02-07 | 北京启明星辰信息技术有限公司 | Virus detection and invasion detection combined method and system |
-
2012
- 2012-02-02 CN CN2012100226672A patent/CN103248606A/en active Pending
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US6275937B1 (en) * | 1997-11-06 | 2001-08-14 | International Business Machines Corporation | Collaborative server processing of content and meta-information with application to virus checking in a server network |
| CN1529248A (en) * | 2003-10-20 | 2004-09-15 | 北京启明星辰信息技术有限公司 | Network invasion related event detecting method and system |
| CN1909488A (en) * | 2006-08-30 | 2007-02-07 | 北京启明星辰信息技术有限公司 | Virus detection and invasion detection combined method and system |
Cited By (12)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103281291A (en) * | 2013-02-19 | 2013-09-04 | 电子科技大学 | Application layer protocol identification method based on Hadoop |
| CN103281291B (en) * | 2013-02-19 | 2016-04-20 | 电子科技大学 | A kind of application protocol recognition method based on Hadoop |
| CN103905417A (en) * | 2013-11-12 | 2014-07-02 | 国家计算机网络与信息安全管理中心 | Device and method for authentication of network device files |
| CN103634306A (en) * | 2013-11-18 | 2014-03-12 | 北京奇虎科技有限公司 | Security detection method and security detection server for network data |
| CN103634306B (en) * | 2013-11-18 | 2017-09-15 | 北京奇虎科技有限公司 | The safety detection method and safety detection server of network data |
| CN103780610A (en) * | 2014-01-16 | 2014-05-07 | 绵阳师范学院 | Network data recovery method based on protocol characteristics |
| CN106911527A (en) * | 2015-12-23 | 2017-06-30 | 北京奇虎科技有限公司 | A kind of flow monitoring device and method |
| CN110061955A (en) * | 2018-01-19 | 2019-07-26 | 北京盛世光明软件股份有限公司 | A kind of data convert system based on data flow |
| CN111343008A (en) * | 2020-02-13 | 2020-06-26 | 中国科学院信息工程研究所 | Comprehensive measurement method and system for discovering IPv6 accelerated deployment state |
| CN112039904A (en) * | 2020-09-03 | 2020-12-04 | 福州林科斯拉信息技术有限公司 | Network traffic analysis and file extraction system and method |
| CN116599780A (en) * | 2023-07-19 | 2023-08-15 | 国家计算机网络与信息安全管理中心江西分中心 | Analysis and test method for IPv6 network data flow monitoring technology |
| CN116599780B (en) * | 2023-07-19 | 2023-10-27 | 国家计算机网络与信息安全管理中心江西分中心 | Analysis and test method for IPv6 network data flow monitoring technology |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN103248606A (en) | Network virus detection method and system for IPv4 (Internet Protocol Version 4) and IPv6 (Internet Protocol Version 6) | |
| JP6714314B2 (en) | Detection of infected network devices through analysis of unresponsive outgoing network traffic | |
| US8095973B2 (en) | Apparatus and method for detecting network attack | |
| US8806189B2 (en) | Apparatus for analyzing traffic | |
| WO2015188579A1 (en) | Distributed virtual firewall apparatus and method, and firewall controller | |
| WO2009093226A3 (en) | A method and apparatus for fingerprinting systems and operating systems in a network | |
| CN102739473A (en) | Network detecting method using intelligent network card | |
| CN1968074A (en) | Network flow/stream simulation method | |
| CN101834866A (en) | CC (Communication Center) attack protective method and system thereof | |
| JP2016513944A (en) | System and method for extracting and maintaining metadata for network communication analysis | |
| CN103905415A (en) | Method and system for preventing remote control type Trojan viruses | |
| CN103988478A (en) | Intelligent connectors integrating magnetic modular jacks and intelligent physical layer devices | |
| KR101498696B1 (en) | System and method for detecting harmful traffic | |
| CN103618720B (en) | A kind of Trojan network communication detects and evidence collecting method and system | |
| CN106789728A (en) | A kind of voip traffic real-time identification method based on NetFPGA | |
| CN103746869A (en) | Data/mask and regular expression combined multistage deep packet detection method | |
| CN101867578B (en) | Method and device for detecting counterfeit network equipment | |
| CN105337797A (en) | Data capturing method of network protocol of complex electronic information system | |
| CN111131180B (en) | Distributed deployed HTTP POST (hyper text transport protocol) interception method in large-scale cloud environment | |
| CN102316074A (en) | HTTP (hyper text transfer protocol) multithreading restoration method based on libnids | |
| CN113453278B (en) | TCP packet segmentation packaging method based on 5G UPF and terminal | |
| CN103685320A (en) | Feature matching method and device of network data package | |
| CN109981529A (en) | Receive message method, apparatus, system and computer storage medium | |
| CN105516096A (en) | Botnet network discovery technology and apparatus | |
| CN103095723A (en) | Network security monitoring method and system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20130814 |