CN101094234A - Method and system of accurate recognition in P2P protocol based on behavior characteristics - Google Patents
Method and system of accurate recognition in P2P protocol based on behavior characteristics Download PDFInfo
- Publication number
- CN101094234A CN101094234A CN 200710119333 CN200710119333A CN101094234A CN 101094234 A CN101094234 A CN 101094234A CN 200710119333 CN200710119333 CN 200710119333 CN 200710119333 A CN200710119333 A CN 200710119333A CN 101094234 A CN101094234 A CN 101094234A
- Authority
- CN
- China
- Prior art keywords
- agreement
- state
- behavioural characteristic
- protocol
- module
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Landscapes
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
In the network protocol communication process, the invention can extracts the behavior feature from the information carried by the captured message, and based on the behavior feature, realizes the accurate identification to P2P protocol. The method comprises behavior feature model base, protocol state location multi mode match module, protocol state migration module, attach detection/audit module. Said protocol behavior feature model base is used to create the matching feature of protocol dedicated state; the protocol state location module is used to use multi mode matching approach to realize the location for protocol state of data message; the protocol state migration module is used to realize the migration tracing for the protocol running state; the attack detection/auditing module is used to call the relevant detection or auditing function according to the pre-stage output result.
Description
Technical field
The present invention relates to can be used for a kind of accurate recognition methods of P2P agreement and the system of the accurate recognition methods of P2P agreement in intrusion detection defence (IDS/IPS) and the audit product based on behavioural characteristic, it carries out the accurate identification and the audit of P2P agreement and software according to the employed P2P agreement of message in network data flow behavioural characteristic, belongs to networking technology area.
Background technology
Intrusion detection/system of defense (Intrusion Detection/Protection System, IDS/IPS) as the important means of network safety prevention, usually be deployed in key network inside/network boundary porch, catch in the network in real time or the message data stream of turnover network and carry out the intelligent comprehensive analysis, find possible intrusion behavior and block in real time.Thereby the audit product generally obtains the identification and the record of user's specific behavior by the data flow analysis for the turnover network.Exhausted at present speak more greatly intrusion detection or auditing system employing port locations (for example Emule uses 4662 ports, BT to use 6881-6889 port etc.) or quiesce protocol feature are (as product L7-filter, Cisco ' s PDML, systems such as Juniper ' s netscreen-IDP) thus identification mode carry out the identification of agreement and further detect or audit.But development along with network communication protocol, increasingly sophisticatedization of design of agreement, employed technology is more and more diversified, the simple dependence port locations or the mode of quiesce protocol feature identification often can't accurate recognition network service in the middle of employed protocol type and the concrete application behavior state that uses this agreement, it is particularly evident that this shows in the middle of this emerging network communication mode structure of P2P.For example the employed agreement of sudden peal of thunder software that has been widely used at present is a standard http agreement, and it uses the http protocol specification and the port of standard to download and use, and this has brought unprecedented difficulty for accurately detection and audit.Although and for example some IM communication software has used privately owned agreement, do not have any obvious characteristics in its packet and can supply identification, and used the protocol port (beginning to support to use 80 ports) of standard as the qq2006 version.These all make accurate identification for the behavior of the P2P agreement difficulty that becomes.Rely on merely in this case port locations or static message characteristic often accurately the concrete running status of identification protocol or agreement bring unnecessary burden for accurate intrusion detection or audit.As may be only in P2P downloads to carry out intrusion detection or virus scan and some extra control information does not need to carry out this coupling scanning to tcp data segment, and in fact may and be indifferent to for tcp data segment in the audit process, the concrete state that therefore traditional agreement identification can't accurate in locating P2P be used has also just brought the added burden on the efficient to system.
The P2P of present increasingly extensive use uses the trend that has become the future network development, and the use of central P2P agreement of present network and software has occupied increasing part in the middle of the real network flow.A lot of users and enterprises and institutions have proposed very high requirement for the accurate identification and the audit of P2P agreement and software use, and this makes and becomes inaccurate based on original port locations or the identification of static message characteristic coupling.The central identification for the P2P agreement of at present common employed most of intrusion detections or auditing system all is based on port locations or static message characteristic coupling, lacks very much and have the perfect product of the accurate recognition function of P2P agreement flexibly.Notice that simultaneously no matter being based on centre type still is that P2P network configuration data transmission procedure except reality in the process of using of non-central type also comprises a lot of control informations.As the Connection Service device, obtain present enabled node state or the like, these information be based on all that the P2P use principle has seldom along with concrete application software or agreement and change.Therefore, except depending on port and static message characteristic, depend on the accurate identification that some behavioural characteristics of these control informations of exchange carries out agreement and become possibility.Thereby guarantee to carry out the accurate identification of P2P application behavior and the performance that audit function further improves system thereby be necessary to develop the independent accurate recognition technology of P2P agreement that is easy to expand flexibly.The accurate recognition technology of this P2P agreement must satisfy following requirement:
The use of P2P agreement or software and the corresponding concrete behavior state of using are to improve the accuracy of intrusion detection or auditing system in the accurate identification communication process as much as possible;
Have good expandability, have extensibility flexibly for the new application of some new P2P agreement or the software and the existing protocol software and detect or the scope of audit to enlarge;
Have very high P2P agreement recognition efficiency, algorithm is realized simple as far as possible.
Summary of the invention
In order to overcome existing deficiency, the invention provides a kind of accurate recognition methods of P2P agreement and system based on behavioural characteristic for P2P agreement and software application recognition technology.
The technical solution adopted for the present invention to solve the technical problems is:
A kind of accurate recognition methods of P2P agreement based on behavioural characteristic comprises:
The step of the foundation of agreement behavioural characteristic model;
Concrete running status localization step;
The step of behavior model state transition;
The step of intrusion detection.
The step of agreement behavioural characteristic modelling comprises that mainly concrete P2P application protocol behavioural characteristic is extracted and the foundation of protocol running state model;
Concrete running status localization step mainly is to judge that this P2P at present uses the agreement used and mate with the behavior model of having set up and then determine that present agreement moves state of living in by the transmission data obtained in the real network communication process or control message information;
The step of behavior model state transition, according to predetermined behavior model to agreement next step behavior judge and rely on the packet information of further obtaining and carry out corresponding state transition (see figure 2);
The step of intrusion detection determines whether to carry out corresponding intrusion detection and audit according to employed P2P application of the interpretation of result of state transition and concrete usage behavior.
A kind of accurate recognition system of P2P agreement based on behavioural characteristic comprises:
Store the feature rule that comprises according to each step in the middle of the concrete agreement of actual P2P application fetches or the software running process and generated the behavioural characteristic model library of the state transition tree that corresponding P2P uses automatically,
Be responsible for locating the protocol running state location matching module of current message position in the middle of residing state and the corresponding state transition tree in the middle of this P2P session according to the packet of behavioural characteristic model of setting up and actual acquisition,
Be responsible for reaching the transferring protocol state algoritic module that the state transition condition that comprises in the message of further receiving is determined state transition direction and corresponding state transition according to the residing state of current message,
Carry out the intrusion detection module or the audit module of corresponding intrusion detection and session behavior audit according to the message information of exporting in the middle of the state transition process;
Described protocol running state behavioural characteristic storehouse is connected with protocol running state location matching module; Described protocol running state location matching module is connected with the actual detected rule base with detection keyword phase library; Detecting the keyword phase library is connected with the transferring protocol state module; The transferring protocol state module is connected with intrusion detection module or audit module.(see figure 1)
The invention has the beneficial effects as follows, the invention solves in conventional I DS/IPS or the audit product and only depend on the accuracy problem that port locations or static message characteristic carry out pattern matching for the P2P applying portion.Use the scope of the accuracy that can improve agreement identification or behavior audit greatly for some multiplexing disclosure agreement port, the P2P that uses dynamic port or do not possess obvious static message characteristic.On the basis of accurate identification protocol running status, judge whether carry out deep intrusion detection or audit simultaneously.This external P2P that carries out uses the central unified form description standard that adopts of behavioural characteristic modeling process, make and expand suitable simple and convenience for new P2P agreement, software or new application, when carrying out interpolation of behavioural characteristic model and expansion, need not system is carried out big change, can be widely used in the network security products such as IDS/IPS, audit.
Description of drawings
Fig. 1 is the accurate recognition system overall flow of P2P agreement behavioural characteristic figure;
Fig. 2 is P2P protocol running state location and state transition module workflow diagram;
Fig. 3 is that electric donkey protocol client connects message status characteristic pattern (client connection message);
Fig. 4 is the popo of Netease behavioural characteristic model example figure.
The present invention is further described below in conjunction with drawings and Examples.
Embodiment
Embodiment 1:
A kind of accurate recognition methods of P2P agreement based on behavioural characteristic comprises:
The step of the foundation of agreement behavioural characteristic model;
Concrete running status localization step;
The step of behavior model state transition;
The step of intrusion detection.
Described agreement behavioural characteristic modelling phase step comprises that mainly concrete P2P application protocol behavioural characteristic is extracted and the foundation of protocol running state model;
Concrete running status location mainly is to judge that this P2P at present uses the agreement used and mate with the behavior model of having set up and then determine that present agreement moves state of living in by transmission data of obtaining in the real network communication process or control message information;
Behavior model state migration phase according to predetermined behavior model to agreement next step behavior judge and rely on the packet information of further obtaining and carry out corresponding state transition;
Determine whether to carry out corresponding intrusion detection and audit in the intrusion detection stage according to employed P2P application of the interpretation of result of state transition and concrete usage behavior.
The method for building up of agreement behavioural characteristic model is as follows:
At first extract the feature mode that each step state has in the running for known P2P protocol application, these features are used the decision rule of particular step as this P2P of identification.And set up the behavioural characteristic model that this P2P uses on this basis.The feature mode that can extract in the message in the middle of the actual corresponding communication process in this stage is as standard, guarantee can be unique according to the message of actual acquisition the behavioural characteristic model of using corresponding to this P2P in a certain step.
Concrete running status positioning stage has the following steps (see figure 2):
With the communication message of actual acquisition as input, be combined in the concrete steps behavioural characteristic of agreement behavioural characteristic modelling phase foundation, adopt multi-pattern matching algorithm to locate this packet residing state in this P2P uses, and the state position that this packet of unique identification has in the state model of correspondence.
The behavior model state transition stage:
Depend on the direction that further packet that state positioning combination that state transition tree that the agreement behavioural characteristic modelling phase provides and concrete running status positioning stage make catches is determined state transition in the agreement behavior model state transition stage in the middle of this session next, and carry out state transition according to the message of actual acquisition, upgrade present P2P and be applied in residing state in the middle of this session.Necessity that the last behavioural characteristic model of setting up according to this P2P application judges whether to carry out deep detection or audit.
The intrusion detection stage:
Carry out in the middle of the process of behavior state migration can output needs in the middle of the process of each step state transition simultaneously the result carry out corresponding Data Detection or behavior audit.For example in actual P2P downloading process, can carry out inbreak detection rule coupling or AV virus scan in the specified data transmission state stage.Can carry out user's audit or the like and return the result who detects and audit in entry stage.
Embodiment 2:
Protocol format abnormality detection process of the present invention mainly comprises the foundation of agreement behavioural characteristic model, concrete running status location, behavior model state transition, reaches and detect four working stages.The following (see figure 1) of each stage step:
The establishment stage of agreement behavioural characteristic model:
The behavioural characteristic of a certain step in the middle of the concrete P2P running that has in conjunction with existing port locations and mining data message, this stage comprise this all P2P operations control information, use the feature (as specific fields length or the like) that comprises in port, the concrete data message.
The P2P software action characteristic extraction step of Edonkey2000:
1) Edonkey2000 uses the UDP message of a lot of 6 byte longs to come send server state request data package (client-requested server state steps characteristic illustrates that this connection is in this state).
2) the general length of using is that the bag of 25 bytes is realized locating function in the Edonkey2000 use, therefore can think in the actual session with length to be that 25 Edonkey2000 packet is as the sign of searching state.
Can send a large amount of UDP messages when 3) client connects in the network other node in the Edonkey2000 use, wherein this client is mainly used two ports, and one of them is used for being connected with server end, and another transmission connection request is to other equal clients.See Fig. 3.Therefore can set this status flag and be in the unit interval same source IP uses a certain udp port to send a large amount of UDP messages to surpass a certain threshold value to other a large amount of different purpose IP and then be judged as the P2P connection request.
Be similar to each step application state that the foregoing description can use for each P2P and extract the behavioural characteristic of corresponding steps, and set up the behavioural characteristic state model that corresponding P2P uses with this according to its message characteristic and control information:
Concrete running status positioning stage:
After setting up related protocol behavioural characteristic model, these behavioural characteristic models are stored in the corresponding model library.In the practical communication stage, adopt multi-pattern matching algorithm to carry out pattern matching by the behavior characteristic information that comprises in the middle of the real network message of catching and come the concrete P2P agreement of unique definite operation and the current state in the middle of this message actual session of living in.For example in the middle of the use of BT agreement, comprise the UDP message that mails to various objectives IP address in a large number by identical source IP address in the data message of find intercepting and capturing, and these messages meet a certain step in the BT behavioural characteristic model feature (as packet comprise field BitTrrent and a large amount of field " peer:xxx.xxx.xxx.xxx) then can to locate this packet be that BT uses and is in client at present and connects other effective client phase.And next step behavior is file transfer probably.
The behavior model state transition stage:
Obtaining state transition in the middle of the behavioural characteristic model that the state information of using according to the concrete P2P of location on last stage can be set up from the phase I can getable next step state set.The purpose in this stage mainly is can't extract under the situation of effective status feature and can judge subsequent packet state of living in according to the state transition model of safeguarding for some.The model of state transition simultaneously can be at some to determine that state phase draws the behavior state that has taken place, and the BT that for example ought audit application is in the file transfer state and can concludes that then initial client Connection Service device end behavior takes place.Simultaneously, predict that next step possible state transition can help the intrusion detection stage to formulate respective rule, as blocking-up specific user's specific behavior action.
Intrusion detection/audit phase:
At intrusion detection/audit phase mainly is formulation, detection or the audit activities that carries out rule according to state location and possible state transition.For example can call the IDS intrusion detection engine data load is partly carried out intrusion detection or virus scan detecting data phase that BT uses or be about to enter data transfer phase according to the prediction of state transition tree.Carry out behavior audit or the like in user's entry stage.Also can set simultaneously and detect rule, as blocking-up user's P2P download behavior according to the probable behavior that state transition is predicted.
The algorithm that adopts in the native system:
1. multi-pattern matching algorithm;
Adopt multi-pattern matching algorithm to use each state behavioural characteristic in the middle of the behavioural characteristic model according to the P2P that has set up carrying out protocol status positioning stage this method as match pattern, packet with actual acquisition carries out multi-mode coupling, P2P agreement and current application state of living in that the packet of accurate in locating actual acquisition adopts as the sample that mates.
2. state transition algorithm;
Adopting the state transition algorithm in behavior model state migration phase is input with current state and transition condition, the different succeeding state set that algorithm output drives with different transition conditions.Here require for each input state and well-determined state transition condition, the output state of algorithm also is well-determined.Algorithm require for a certain P2P that determines concrete use according to current state and corresponding transition condition can be unique move to NextState.
Embodiment 3: the popo of Netease entry stage behavioural characteristic state model establishment step: (see figure 4)
1) client and server end carry out TCP and shake hands and be connected (generally being 220.181.28.238:443)
2) (client is sent a Clienth*llo and is initiated to shake hands to use the session key that uses in the ssl protocol negotiation communication after this, this message the inside has comprised the message of own attainable algorithm list and some other needs, the server end of SSL can be responded a Serverh*llo, here determine the needed algorithm of current communication, sent out over oneself certificate (the inside has comprised identity and the PKI of oneself) then.Client can generate a classified information after receiving this message, with biography behind the public key encryption of SSL server in the past, after the private key deciphering of SSL server end with oneself, the session key agreement success, both sides can be with having communicated by letter with a session key.
3) server end is informed client available server address list (being generally 220.181.28.238)
4) client connects available server acquisition related service.
Claims (7)
1. accurate recognition methods of P2P agreement based on behavioural characteristic is characterized in that comprising:
The step of the foundation of agreement behavioural characteristic model;
Concrete running status localization step;
The step of behavior model state transition;
The step of intrusion detection.
2. a kind of accurate recognition methods of P2P agreement based on behavioural characteristic as claimed in claim 1 is characterized in that: the step of agreement behavioural characteristic modelling comprises that mainly concrete P2P application protocol behavioural characteristic is extracted and the foundation of protocol running state model;
Concrete running status localization step mainly is to judge that this P2P at present uses the agreement used and mate with the behavior model of having set up and then determine that present agreement moves state of living in by the transmission data obtained in the real network communication process or control message information;
The step of behavior model state transition, according to predetermined behavior model to agreement next step behavior judge and rely on the packet information of further obtaining and carry out corresponding state transition;
The step of intrusion detection determines whether to carry out corresponding intrusion detection and audit according to employed P2P application of the interpretation of result of state transition and concrete usage behavior.
3. a kind of accurate recognition methods of P2P agreement as claimed in claim 2 based on behavioural characteristic, it is characterized in that: the step of agreement behavioural characteristic modelling: at first extract the behavioural characteristic of special P 2 P agreement specific run state, and set up agreement behavioural characteristic model according to the behavioural characteristic of a running step in conjunction with the control information of carrying in the middle of port locations and the actual data packet etc.
4. a kind of accurate recognition methods of P2P agreement based on behavioural characteristic as claimed in claim 2 is characterized in that: concrete running status localization step: depend on the agreement behavioural characteristic model of having set up and adopt the affiliated agreement of data message of multi-pattern matching algorithm location actual acquisition to reach at agreement state of living in service.
5. a kind of accurate recognition methods of P2P agreement based on behavioural characteristic as claimed in claim 2 is characterized in that: the step of behavior model state transition: the agreement behavioural characteristic of carrying in current state that utilization has been located and the subsequent captured message is determined next step affiliated state of agreement.
6. a kind of accurate recognition methods of P2P agreement based on behavioural characteristic as claimed in claim 2 is characterized in that: the step of intrusion detection: determine relevant detection or audit operation and rule is carried out in follow-up possible state transition set according to oriented current protocol status.
7. plant the accurate recognition system of P2P agreement based on behavioural characteristic, it is characterized in that comprising: stored the feature rule that comprises according to each step in the middle of the concrete agreement of actual P2P application fetches or the software running process and generated the behavioural characteristic model library of the state transition tree that corresponding P2P uses automatically
Be responsible for locating the protocol running state location matching module of current message position in the middle of residing state and the corresponding state transition tree in the middle of this P2P session according to the packet of behavioural characteristic model of setting up and actual acquisition,
Be responsible for reaching the transferring protocol state algoritic module that the state transition condition that comprises in the message of further receiving is determined state transition direction and corresponding state transition according to the residing state of current message,
Carry out the intrusion detection module or the audit module of corresponding intrusion detection and session behavior audit according to the message information of exporting in the middle of the state transition process;
Described protocol running state behavioural characteristic storehouse is connected with protocol running state location matching module; Described protocol running state location matching module is connected with the actual detected rule base with detection keyword phase library; Detecting the keyword phase library is connected with the transferring protocol state module; The transferring protocol state module is connected with intrusion detection module or audit module.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN 200710119333 CN101094234A (en) | 2007-07-20 | 2007-07-20 | Method and system of accurate recognition in P2P protocol based on behavior characteristics |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN 200710119333 CN101094234A (en) | 2007-07-20 | 2007-07-20 | Method and system of accurate recognition in P2P protocol based on behavior characteristics |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN101094234A true CN101094234A (en) | 2007-12-26 |
Family
ID=38992260
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN 200710119333 Pending CN101094234A (en) | 2007-07-20 | 2007-07-20 | Method and system of accurate recognition in P2P protocol based on behavior characteristics |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN101094234A (en) |
Cited By (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101834760A (en) * | 2010-05-20 | 2010-09-15 | 杭州华三通信技术有限公司 | IPS (Intrusion Prevention System)device based attack detecting method and IPS device |
| CN102118320A (en) * | 2011-04-18 | 2011-07-06 | 北京神州数码思特奇信息技术股份有限公司 | Method for protocol identification and flow control |
| CN102164182A (en) * | 2011-04-18 | 2011-08-24 | 北京神州绿盟信息安全科技股份有限公司 | Device and method for identifying network protocol |
| CN101459695B (en) * | 2009-01-09 | 2011-12-07 | 中国人民解放军信息工程大学 | P2P service recognition method and apparatus |
| CN102420830A (en) * | 2010-12-16 | 2012-04-18 | 北京大学 | Peer-to-peer (P2P) protocol type identification method |
| CN103220329A (en) * | 2013-03-07 | 2013-07-24 | 汉柏科技有限公司 | P2P protocol identification method based on protocol content identification and behavior identification |
| CN103840971A (en) * | 2014-02-18 | 2014-06-04 | 汉柏科技有限公司 | Method and system for processing cloud cluster abnormities caused by private cloud viruses |
| CN107209829A (en) * | 2015-01-16 | 2017-09-26 | 三菱电机株式会社 | Data judging device, data judging method and program |
| CN111614633A (en) * | 2020-04-30 | 2020-09-01 | 武汉思普崚技术有限公司 | Auditing method and system for L2TP protocol |
-
2007
- 2007-07-20 CN CN 200710119333 patent/CN101094234A/en active Pending
Cited By (13)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101459695B (en) * | 2009-01-09 | 2011-12-07 | 中国人民解放军信息工程大学 | P2P service recognition method and apparatus |
| CN101834760A (en) * | 2010-05-20 | 2010-09-15 | 杭州华三通信技术有限公司 | IPS (Intrusion Prevention System)device based attack detecting method and IPS device |
| CN102420830A (en) * | 2010-12-16 | 2012-04-18 | 北京大学 | Peer-to-peer (P2P) protocol type identification method |
| CN102118320A (en) * | 2011-04-18 | 2011-07-06 | 北京神州数码思特奇信息技术股份有限公司 | Method for protocol identification and flow control |
| CN102164182A (en) * | 2011-04-18 | 2011-08-24 | 北京神州绿盟信息安全科技股份有限公司 | Device and method for identifying network protocol |
| CN102164182B (en) * | 2011-04-18 | 2014-08-06 | 北京神州绿盟信息安全科技股份有限公司 | Device and method for identifying network protocol |
| CN103220329B (en) * | 2013-03-07 | 2017-02-08 | 汉柏科技有限公司 | P2P protocol identification method based on protocol content identification and behavior identification |
| CN103220329A (en) * | 2013-03-07 | 2013-07-24 | 汉柏科技有限公司 | P2P protocol identification method based on protocol content identification and behavior identification |
| CN103840971A (en) * | 2014-02-18 | 2014-06-04 | 汉柏科技有限公司 | Method and system for processing cloud cluster abnormities caused by private cloud viruses |
| CN103840971B (en) * | 2014-02-18 | 2018-01-02 | 汉柏科技有限公司 | Cloud cluster caused by a kind of virus to private clound abnormal processing method and system |
| CN107209829A (en) * | 2015-01-16 | 2017-09-26 | 三菱电机株式会社 | Data judging device, data judging method and program |
| CN107209829B (en) * | 2015-01-16 | 2019-09-06 | 三菱电机株式会社 | Data judging device and data judging method |
| CN111614633A (en) * | 2020-04-30 | 2020-09-01 | 武汉思普崚技术有限公司 | Auditing method and system for L2TP protocol |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN101094234A (en) | Method and system of accurate recognition in P2P protocol based on behavior characteristics | |
| Xu et al. | Am I eclipsed? A smart detector of eclipse attacks for Ethereum | |
| CN110213212A (en) | A kind of classification method and device of equipment | |
| CN103607399A (en) | Special IP network safety monitor system and method based on hidden network | |
| CN105554009B (en) | A method of passing through Network Data Capture device operating system information | |
| US20180285397A1 (en) | Entity-centric log indexing with context embedding | |
| JP7045050B2 (en) | Communication monitoring system and communication monitoring method | |
| CN114448654B (en) | Block chain-based distributed trusted audit security evidence storing method | |
| CN103401883A (en) | Single sign-on method and system | |
| CN102025567A (en) | Sharing access detection method and related device | |
| CN103036732A (en) | Method, system and device for network monitoring process | |
| Pandey | Implementation of DNA cryptography in cloud computing and using Huffman algorithm, socket programming and new approach to secure cloud data | |
| Fei et al. | The abnormal detection for network traffic of power iot based on device portrait | |
| CN101442519B (en) | Method and system for monitoring P2P software | |
| Shin et al. | SmartX Multi-Sec: a visibility-centric multi-tiered security framework for multi-site cloud-native edge clusters | |
| WO2012041029A1 (en) | Method and device for server processing service | |
| CN111200543A (en) | Encryption protocol identification method based on active service detection engine technology | |
| CN108833525B (en) | Fiddler-based HTTPS flow content auditing method | |
| CN116458120A (en) | Protecting network resources from known threats | |
| CN105099930A (en) | Method and device for controlling traffic of encrypted data flow | |
| CN109617866A (en) | Industrial control system host session data filtering method and device | |
| Su et al. | Mobile traffic identification based on application's network signature | |
| CN113132381B (en) | Computer network information safety controller | |
| EP4270907A1 (en) | Attack success identification method and protection device | |
| CN115913824B (en) | Virtual server communication method and system crossing VPC |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C02 | Deemed withdrawal of patent application after publication (patent law 2001) | ||
| WD01 | Invention patent application deemed withdrawn after publication |
Open date: 20071226 |