CN108667921B - Bank business recommendation information generation method and system based on network bypass - Google Patents

Bank business recommendation information generation method and system based on network bypass Download PDF

Info

Publication number
CN108667921B
CN108667921B CN201810391660.5A CN201810391660A CN108667921B CN 108667921 B CN108667921 B CN 108667921B CN 201810391660 A CN201810391660 A CN 201810391660A CN 108667921 B CN108667921 B CN 108667921B
Authority
CN
China
Prior art keywords
data packet
service
network
bypass
packet
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201810391660.5A
Other languages
Chinese (zh)
Other versions
CN108667921A (en
Inventor
张海峰
郭建根
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Agricultural Bank of China
Original Assignee
Agricultural Bank of China
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Agricultural Bank of China filed Critical Agricultural Bank of China
Priority to CN201810391660.5A priority Critical patent/CN108667921B/en
Publication of CN108667921A publication Critical patent/CN108667921A/en
Application granted granted Critical
Publication of CN108667921B publication Critical patent/CN108667921B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/50Network services
    • H04L67/55Push-based network services
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L49/00Packet switching elements
    • H04L49/20Support for services
    • H04L49/208Port mirroring
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/14Session management
    • H04L67/141Setup of application sessions

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The application discloses a banking business recommendation information generation method and system based on network bypass, wherein the method comprises the following steps: the method comprises the steps of obtaining a network layer IP data packet based on a network flow bypass technology, sending the IP data packet to a bypass analysis server, rebuilding TCP connection, obtaining an application layer message corresponding to the network layer IP data packet, analyzing the application layer message to obtain a service element, sending the service element to a marketing system, and generating service recommendation information based on the service element by the marketing system. According to the method and the device, the network packet of the business transaction can be directly acquired from the network layer based on the network flow bypass technology, the business message of the transaction is analyzed and restored through the protocol, and therefore the banking business recommendation information is acquired.

Description

Bank business recommendation information generation method and system based on network bypass
Technical Field
The application relates to the technical field of data processing, in particular to a banking business recommendation information generation method and system based on network bypass.
Background
The marketing of bank market is an important means for bank business expansion, and the main form is that when a client goes to bank to handle business, business personnel recommend targeted bank business products according to the characteristics of the client. In order to quickly identify whether a current client is a valuable marketing object, related information needs to be quickly collected and sent to a marketing background, the current method needs to modify the existing business system, and an information acquisition and sending module is bound in the business system so as to ensure real-time data acquisition.
Therefore, how to effectively acquire the banking recommendation information is an urgent problem to be solved.
Disclosure of Invention
In view of this, the present application provides a method for generating banking recommendation information based on a network bypass, which can directly obtain a network packet of a business transaction from a network layer based on a network traffic bypass technology, and recover a business message of the transaction through protocol analysis, so as to obtain banking recommendation information.
The application provides a banking business recommendation information generation method based on network bypass, which comprises the following steps:
acquiring a network layer IP data packet based on a network flow bypass technology;
sending the IP data packet to a bypass analysis server;
reconstructing TCP connection to obtain an application layer message corresponding to the network layer IP data packet;
analyzing the application layer message to obtain a service element, and sending the service element to a marketing system;
and the marketing system generates service recommendation information based on the service elements.
Preferably, the acquiring a network layer IP data packet based on the network traffic bypass technology includes:
configuring a network switch corresponding to the service system;
and copying the network layer IP data packet of the service system from the mirror image port of the network switch.
Preferably, the sending the IP packet to the bypass analysis server includes:
recombining the fragmented IP data packet based on the IP data packet identifier, the fragmentation mark and the guaranteed internal offset to restore the fragmented IP data packet into an original IP data packet;
filtering the original IP data packet to obtain a filtered IP data packet;
and sending the filtered IP data packet to the bypass analysis server.
Preferably, the reestablishing the TCP connection includes:
the bypass analysis server reconstructs a transport layer session of each service request/response based on a quadruple in a network packet header, wherein the quadruple in the network packet header comprises: source IP, destination IP, source port, and destination port.
Preferably, the analyzing the application layer packet to obtain the service element includes:
and analyzing the application layer message to obtain a service element based on the annular buffer area message queue of the lock-free algorithm.
A banking business recommendation information generation system based on network bypass comprises:
the acquisition module is used for acquiring a network layer IP data packet based on a network flow bypass technology;
the sending module is used for sending the IP data packet to a bypass analysis server;
the reconstruction module is used for reconstructing TCP connection to obtain an application layer message corresponding to the network layer IP data packet;
the analysis module is used for analyzing the application layer message to obtain a service element and sending the service element to a marketing system;
and the generation module is used for generating service recommendation information based on the service elements by the marketing system.
Preferably, the obtaining module includes:
the configuration unit is used for configuring a network switch corresponding to the service system;
and the copying unit is used for copying the network layer IP data packet of the service system from the mirror image port of the network switch.
Preferably, the sending module includes:
the recombination unit is used for recombining the fragmented IP data packet based on the IP data packet identifier, the fragmentation mark and the guaranteed internal offset and reducing the fragmented IP data packet into an original IP data packet;
the filtering unit is used for filtering the original IP data packet to obtain a filtered IP data packet;
and the sending unit is used for sending the filtered IP data packet to the bypass analysis server.
Preferably, the reconstruction module is specifically configured to:
the bypass analysis server reconstructs a transport layer session of each service request/response based on a quadruple in a network packet header, wherein the quadruple in the network packet header comprises: source IP, destination IP, source port, and destination port.
Preferably, the parsing module is specifically configured to:
and analyzing the application layer message to obtain a service element based on the annular buffer area message queue of the lock-free algorithm, and sending the service element to a marketing system.
In summary, the application discloses a bank service recommendation information generation method based on a network bypass, which includes the steps of firstly obtaining a network layer IP data packet based on a network flow bypass technology, then sending the IP data packet to a bypass analysis server, rebuilding TCP connection, obtaining an application layer message corresponding to the network layer IP data packet, analyzing the application layer message to obtain a service element, sending the service element to a marketing system, and finally generating service recommendation information based on the service element by the marketing system. The network packet of the business transaction can be directly obtained from the network layer based on the network flow bypass technology, the business message of the transaction is analyzed and restored through the protocol, and therefore the banking business recommendation information is obtained.
Drawings
In order to more clearly illustrate the embodiments of the present application or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below, it is obvious that the drawings in the following description are only some embodiments of the present application, and for those skilled in the art, other drawings can be obtained according to the drawings without creative efforts.
Fig. 1 is a flowchart of an embodiment 1 of a banking business recommendation information generation method based on network bypass disclosed in the present application;
fig. 2 is a flowchart of an embodiment 2 of a banking business recommendation information generation method based on network bypass disclosed in the present application;
fig. 3 is a schematic structural diagram of an embodiment 1 of a banking business recommendation information generating system based on network bypass disclosed in the present application;
fig. 4 is a schematic structural diagram of an embodiment 2 of a banking recommendation information generating system based on network bypass disclosed in the present application.
Detailed Description
The technical solutions in the embodiments of the present application will be clearly and completely described below with reference to the drawings in the embodiments of the present application, and it is obvious that the described embodiments are only a part of the embodiments of the present application, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present application.
As shown in fig. 1, a flowchart of an embodiment 1 of a banking business recommendation information generation method based on network bypass disclosed in the present application includes:
s101, acquiring a network layer IP data packet based on a network flow bypass technology;
when the bank business recommendation information for bank marketing is required to be acquired, firstly, the business terminal network layer flow, namely a network layer IP data packet, is acquired according to the network flow bypass technology. The network flow bypass technology is a technology for acquiring service system messages without influencing the existing service system by directly acquiring related network layer data packets from a network layer through a port mirror image function of network equipment such as a switch and the like and restoring transmission layer messages such as TCP, UDP and the like.
S102, sending the IP data packet to a bypass analysis server;
and after the network layer IP data packet is obtained, transmitting the obtained IP data packet to a bypass analysis server.
S103, reestablishing TCP connection to obtain an application layer message corresponding to the network layer IP data packet;
and the bypass analysis server carries out TCP connection reconstruction to obtain an application layer message of the whole service terminal service transaction.
S104, analyzing the application layer message to obtain a service element, and sending the service element to a marketing system;
after obtaining the application layer message of the whole service terminal service transaction, the application layer message comprises two parts of a service request and a response, the bypass analysis server locates to the corresponding service message specification according to the monitored service system IP address and the port as key values, extracts service elements such as a transaction account, a client number, a transaction mechanism, a terminal number for initiating the transaction and the like from the request/response message according to the service message specification, and sends the service elements to a marketing system.
And S105, generating service recommendation information based on the service elements by the marketing system.
After receiving business elements such as a transaction account, a client number, a transaction mechanism, a terminal number for initiating transaction and the like, a market marketing system background retrieves information such as the asset combination condition, transaction preference and the like of a business client in the local bank according to information such as the transaction account number, the client number and the like, generates related business recommendation information according to the information, pushes the business recommendation information to a business terminal according to the sent business terminal number, and reminds a teller handling business to carry out product marketing on the client.
To sum up, in the above embodiments, a network layer IP data packet is first obtained based on a network traffic bypass technology, then the IP data packet is sent to a bypass analysis server, a TCP connection is reestablished, an application layer packet corresponding to the network layer IP data packet is obtained, the application layer packet is analyzed to obtain a service element, the service element is sent to a marketing system, and finally the marketing system generates service recommendation information based on the service element. The network packet of the business transaction can be directly obtained from the network layer based on the network flow bypass technology, the business message of the transaction is analyzed and restored through the protocol, and therefore the banking business recommendation information is obtained.
As shown in fig. 2, a flowchart of an embodiment 2 of a banking business recommendation information generation method based on network bypass disclosed in the present application includes:
s201, configuring a network switch corresponding to a service system;
when the bank business recommendation information for bank marketing needs to be acquired, a network switch corresponding to a business system is configured at first.
S202, copying a network layer IP data packet of the service system from a mirror image port of a network switch;
the network layer IP packets of the service system are then copied from the mirror port of the network switch.
S203, recombining the fragmented IP data packet based on the IP data packet identifier, the fragmentation mark and the guaranteed internal offset, and restoring the fragmented IP data packet into an original IP data packet;
when the IP data packet is sent to the bypass analysis server, the network layer traffic (IP data packet) of the service system may be copied from the mirror port of the network switch to one (or several) physical network cards of the bypass analysis server, the bypass analysis server may read the IP data packet from the network cards by setting the network cards to a hybrid mode, and the IP data packet is received through an IP data packet reassembly process.
Because the MTUs of different network cards on a network link may be different, it is possible that a received IP data packet is fragmented, fragmentation reassembly is required in the case, and the bypass analysis server reassembles the fragmented IP packet according to the IP packet identifier, fragmentation flag, and guaranteed offset, and restores the original IP packet to be subjected to subsequent processing.
S204, filtering the original IP data packet to obtain a filtered IP data packet;
the IP packets mirrored on the network switch usually copy the traffic of the whole network segment, the mirrored IP packets need to be filtered to screen out the really needed traffic packets, the bypass analysis server uses a BPF (burley packet filter) to implement the filtering of the IP packets, for example, the IP packets of the service system with an IP address of 192.168.2.1and a port of 4100or 4200 need to be obtained, the BPF can be used to express "host 192.168.2.1and (port 4100or port 4200)" to screen out the IP packets of the service system, the BPF expressions of different IP addresses and port numbers correspond to different service systems, and the bypass analysis server implements the dynamic monitoring of different service systems.
S205, sending the filtered IP data packet to a bypass analysis server;
s206, the bypass analysis server reconstructs a transport layer session of each service request/response based on a quadruple in the network packet header to obtain an application layer packet corresponding to the network layer IP packet, where the quadruple in the network packet header includes: a source IP, a destination IP, a source port and a destination port;
TCP connection re-establishment, which is the most important step of the bypass analysis server, re-establishes each "service request/response" transport layer session according to the (source IP, destination IP, source port, destination port) quadruplet in the network packet header.
The method comprises the steps of organizing TCP sessions of service requests/responses in a quadruplet Hash Table + linked list mode, dividing each TCP session into two parts of requests/responses according to a Client-Server role, storing request/response data messages respectively, copying data parts of a continuous series of TCP messages to a data area according to the sequence of SEQ fields of the TCP messages in the session direction, and receiving and confirming FIN according to a TCP state machine at the request/response side to obtain application layer messages of the whole service transaction.
S207, analyzing the application layer message to obtain a service element based on the annular buffer area message queue of the lock-free algorithm, and sending the service element to a marketing system;
after obtaining the application layer message of the whole service terminal service transaction, the application layer message comprises two parts of a service request and a response, the bypass analysis server locates to the corresponding service message specification according to the monitored service system IP address and the port as key values, extracts service elements such as a transaction account, a client number, a transaction mechanism, a terminal number for initiating the transaction and the like from the request/response message according to the service message specification, and sends the service elements to a marketing system.
Because the network flow of banking business is very large, in order to timely and effectively process the bypassed flow and avoid packet loss by using multithread asynchronous processing based on a message queue, in the traditional network data packet decoding logic, a packet capturing thread puts a data packet which is just captured into a shared queue each time and a data packet restoring thread acquires the data packet from the shared queue each time, a mutual exclusion lock is required. Therefore, the packet capturing thread is always blocked with a certain probability, the data packet flowing through the network card in the blocking process of the packet capturing thread cannot be captured, and when the data amount flowing through the network card is large, the packet loss rate of the whole network decoding system is high.
In order to solve the above problem, this embodiment uses a len-length lock-free ring buffer queue to replace the original shared queue with mutex result. Wherein, the absolute position of the recording read pointer needs to contain an offset rof of a 32-bit integer variable record in a circular buffer queue and a 64-bit long integer variable rcy of which the number of turns has been rotated; the absolute position of the write pointer is recorded to include an offset wfof the 32-bit integer variable recorded in the circular buffer queue and a 64-bit long integer variable wcy that has been rotated through turns. In the actual process, because the execution speed of the data decoding thread is found to be much higher than the packet grabbing speed of the packet grabbing thread, the situation that the absolute position of a write pointer exceeds the distance of a read pointer by one len length is not considered when the packet grabbing thread writes data into the circular buffer queue, so that only wfo and wcy need to be declared as a vollatile variable, and even though the wcyred and the wffered read by the packet grabbing thread are not the latest values of the system, the actual wcyred + wmyred > wcyred + wofered, so that only wcyred + wofered > rcy + rof is needed to ensure that the circular buffer has readable data. Since wcy and rcy are both long integer variables of 64 bits, the problem of overflow of wcy and rcy values is basically not considered within tens of years as long as the appropriate len is set. The following describes in detail the detailed steps of the packet grabbing thread writing data packets into the ring buffer queue and the packet unpacking thread reading data packets from the ring buffer queue:
A. when the packet capturing thread needs to write a data packet into the ring buffer queue:
step 1, if wfof +1, jumping to step 2;
step 2, wcy ═ wcy +1, wfof ═ 0.
B. When the unpacking thread needs to read a data packet from the ring buffer queue:
step 1. read wcy the value wcyread and wfof the value of wfofread.
Step 1, if wcyread len + wffered > rcy len + rof, skipping to step 2, otherwise, no data can be read;
step 2, taking out a data packet from the ring buffer queue, wherein rof is rof +1, and if rof is len, jumping to step 3;
and 3, rcy + 1and rof being 0.
And S208, the marketing system generates service recommendation information based on the service elements.
After receiving business elements such as a transaction account, a client number, a transaction mechanism, a terminal number for initiating transaction and the like, a market marketing system background retrieves information such as the asset combination condition, transaction preference and the like of a business client in the local bank according to information such as the transaction account number, the client number and the like, generates related business recommendation information according to the information, pushes the business recommendation information to a business terminal according to the sent business terminal number, and reminds a teller handling business to carry out product marketing on the client.
In summary, in the above embodiment, in the marketing based on the network traffic bypass, since the network packet of the business transaction is acquired from the network layer, and the marketing elements such as the account number, the client number, the operation terminal and the like are acquired in a manner of analyzing and restoring the business message of the transaction by the protocol, compared with the traditional bank marketing system, the marketing system has two significant advantages, and the first is completely transparent to the business system, so that the risk and the large manpower cost caused by the modification of the business system are avoided; and secondly, the coupling degree of the marketing system and the business system is reduced, so that the marketing system is used as an independent system, the dependency on a specific business system is reduced, and various marketing activities can be conveniently developed.
As shown in fig. 3, a schematic structural diagram of an embodiment 1 of a banking recommendation information generating system based on network bypass disclosed in the present application includes:
an obtaining module 301, configured to obtain a network layer IP data packet based on a network traffic bypass technology;
when the bank business recommendation information for bank marketing is required to be acquired, firstly, the business terminal network layer flow, namely a network layer IP data packet, is acquired according to the network flow bypass technology. The network flow bypass technology is a technology for acquiring service system messages without influencing the existing service system by directly acquiring related network layer data packets from a network layer through a port mirror image function of network equipment such as a switch and the like and restoring transmission layer messages such as TCP, UDP and the like.
A sending module 302, configured to send an IP data packet to a bypass analysis server;
and after the network layer IP data packet is obtained, transmitting the obtained IP data packet to a bypass analysis server.
A reestablishment module 303, configured to reestablish a TCP connection to obtain an application layer packet corresponding to the network layer IP packet;
and the bypass analysis server carries out TCP connection reconstruction to obtain an application layer message of the whole service terminal service transaction.
The analysis module 304 is used for analyzing the application layer message to obtain a service element and sending the service element to a marketing system;
after obtaining the application layer message of the whole service terminal service transaction, the application layer message comprises two parts of a service request and a response, the bypass analysis server locates to the corresponding service message specification according to the monitored service system IP address and the port as key values, extracts service elements such as a transaction account, a client number, a transaction mechanism, a terminal number for initiating the transaction and the like from the request/response message according to the service message specification, and sends the service elements to a marketing system.
And a generating module 305, configured to generate the service recommendation information based on the service element by the marketing system.
After receiving business elements such as a transaction account, a client number, a transaction mechanism, a terminal number for initiating transaction and the like, a market marketing system background retrieves information such as the asset combination condition, transaction preference and the like of a business client in the local bank according to information such as the transaction account number, the client number and the like, generates related business recommendation information according to the information, pushes the business recommendation information to a business terminal according to the sent business terminal number, and reminds a teller handling business to carry out product marketing on the client.
To sum up, in the above embodiments, a network layer IP data packet is first obtained based on a network traffic bypass technology, then the IP data packet is sent to a bypass analysis server, a TCP connection is reestablished, an application layer packet corresponding to the network layer IP data packet is obtained, the application layer packet is analyzed to obtain a service element, the service element is sent to a marketing system, and finally the marketing system generates service recommendation information based on the service element. The network packet of the business transaction can be directly obtained from the network layer based on the network flow bypass technology, the business message of the transaction is analyzed and restored through the protocol, and therefore the banking business recommendation information is obtained.
As shown in fig. 4, a schematic structural diagram of an embodiment 2 of a banking recommendation information generating system based on network bypass disclosed in the present application includes:
a configuration unit 401, configured to configure a network switch corresponding to the service system;
when the bank business recommendation information for bank marketing needs to be acquired, a network switch corresponding to a business system is configured at first.
A copying unit 402, configured to copy a network layer IP packet of the service system from a mirror port of the network switch;
the network layer IP packets of the service system are then copied from the mirror port of the network switch.
A reassembly unit 403, configured to reassemble the fragmented IP data packet based on the IP data packet identifier, the fragmentation flag, and the guaranteed internal offset, and restore the fragmented IP data packet to an original IP data packet;
when the IP data packet is sent to the bypass analysis server, the network layer traffic (IP data packet) of the service system may be copied from the mirror port of the network switch to one (or several) physical network cards of the bypass analysis server, the bypass analysis server may read the IP data packet from the network cards by setting the network cards to a hybrid mode, and the IP data packet is received through an IP data packet reassembly process.
Because the MTUs of different network cards on a network link may be different, it is possible that a received IP data packet is fragmented, fragmentation reassembly is required in the case, and the bypass analysis server reassembles the fragmented IP packet according to the IP packet identifier, fragmentation flag, and guaranteed offset, and restores the original IP packet to be subjected to subsequent processing.
A filtering unit 404, configured to filter the original IP data packet to obtain a filtered IP data packet;
the IP packets mirrored on the network switch usually copy the traffic of the whole network segment, the mirrored IP packets need to be filtered to screen out the really needed traffic packets, the bypass analysis server uses a BPF (burley packet filter) to implement the filtering of the IP packets, for example, the IP packets of the service system with an IP address of 192.168.2.1and a port of 4100or 4200 need to be obtained, the BPF can be used to express "host 192.168.2.1and (port 4100or port 4200)" to screen out the IP packets of the service system, the BPF expressions of different IP addresses and port numbers correspond to different service systems, and the bypass analysis server implements the dynamic monitoring of different service systems.
A sending unit 405, configured to send the filtered IP data packet to the bypass analysis server;
a rebuilding module 406, configured to rebuild, by the bypass analysis server, the transport layer session of each service request/response based on a quadruple in the network packet header, to obtain an application layer packet corresponding to the network layer IP data packet, where the quadruple in the network packet header includes: a source IP, a destination IP, a source port and a destination port;
TCP connection re-establishment, which is the most important step of the bypass analysis server, re-establishes each "service request/response" transport layer session according to the (source IP, destination IP, source port, destination port) quadruplet in the network packet header.
The method comprises the steps of organizing TCP sessions of service requests/responses in a quadruplet Hash Table + linked list mode, dividing each TCP session into two parts of requests/responses according to a Client-Server role, storing request/response data messages respectively, copying data parts of a continuous series of TCP messages to a data area according to the sequence of SEQ fields of the TCP messages in the session direction, and receiving and confirming FIN according to a TCP state machine at the request/response side to obtain application layer messages of the whole service transaction.
The analysis module 407 is configured to analyze the application layer packet based on a circular buffer message queue of a lock-free algorithm to obtain a service element, and send the service element to a marketing system;
after obtaining the application layer message of the whole service terminal service transaction, the application layer message comprises two parts of a service request and a response, the bypass analysis server locates to the corresponding service message specification according to the monitored service system IP address and the port as key values, extracts service elements such as a transaction account, a client number, a transaction mechanism, a terminal number for initiating the transaction and the like from the request/response message according to the service message specification, and sends the service elements to a marketing system.
Because the network flow of banking business is very large, in order to timely and effectively process the bypassed flow and avoid packet loss by using multithread asynchronous processing based on a message queue, in the traditional network data packet decoding logic, a packet capturing thread puts a data packet which is just captured into a shared queue each time and a data packet restoring thread acquires the data packet from the shared queue each time, a mutual exclusion lock is required. Therefore, the packet capturing thread is always blocked with a certain probability, the data packet flowing through the network card in the blocking process of the packet capturing thread cannot be captured, and when the data amount flowing through the network card is large, the packet loss rate of the whole network decoding system is high.
In order to solve the above problem, this embodiment uses a len-length lock-free ring buffer queue to replace the original shared queue with mutex result. Wherein, the absolute position of the recording read pointer needs to contain an offset rof of a 32-bit integer variable record in a circular buffer queue and a 64-bit long integer variable rcy of which the number of turns has been rotated; the absolute position of the write pointer is recorded to include an offset wfof the 32-bit integer variable recorded in the circular buffer queue and a 64-bit long integer variable wcy that has been rotated through turns. In the actual process, because the execution speed of the data decoding thread is found to be much higher than the packet grabbing speed of the packet grabbing thread, the situation that the absolute position of a write pointer exceeds the distance of a read pointer by one len length is not considered when the packet grabbing thread writes data into the circular buffer queue, so that only wfo and wcy need to be declared as a vollatile variable, and even though the wcyred and the wffered read by the packet grabbing thread are not the latest values of the system, the actual wcyred + wmyred > wcyred + wofered, so that only wcyred + wofered > rcy + rof is needed to ensure that the circular buffer has readable data. Since wcy and rcy are both long integer variables of 64 bits, the problem of overflow of wcy and rcy values is basically not considered within tens of years as long as the appropriate len is set. The following describes in detail the detailed steps of the packet grabbing thread writing data packets into the ring buffer queue and the packet unpacking thread reading data packets from the ring buffer queue:
A. when the packet capturing thread needs to write a data packet into the ring buffer queue:
step 1, if wfof +1, jumping to step 2;
step 2, wcy ═ wcy +1, wfof ═ 0.
B. When the unpacking thread needs to read a data packet from the ring buffer queue:
step 1. read wcy the value wcyread and wfof the value of wfofread.
Step 1, if wcyread len + wffered > rcy len + rof, skipping to step 2, otherwise, no data can be read;
step 2, taking out a data packet from the ring buffer queue, wherein rof is rof +1, and if rof is len, jumping to step 3;
and 3, rcy + 1and rof being 0.
And the generating module 408 is used for generating the service recommendation information based on the service elements by the marketing system.
After receiving business elements such as a transaction account, a client number, a transaction mechanism, a terminal number for initiating transaction and the like, a market marketing system background retrieves information such as the asset combination condition, transaction preference and the like of a business client in the local bank according to information such as the transaction account number, the client number and the like, generates related business recommendation information according to the information, pushes the business recommendation information to a business terminal according to the sent business terminal number, and reminds a teller handling business to carry out product marketing on the client.
In summary, in the above embodiment, in the marketing based on the network traffic bypass, since the network packet of the business transaction is acquired from the network layer, and the marketing elements such as the account number, the client number, the operation terminal and the like are acquired in a manner of analyzing and restoring the business message of the transaction by the protocol, compared with the traditional bank marketing system, the marketing system has two significant advantages, and the first is completely transparent to the business system, so that the risk and the large manpower cost caused by the modification of the business system are avoided; and secondly, the coupling degree of the marketing system and the business system is reduced, so that the marketing system is used as an independent system, the dependency on a specific business system is reduced, and various marketing activities can be conveniently developed.
The embodiments in the present description are described in a progressive manner, each embodiment focuses on differences from other embodiments, and the same and similar parts among the embodiments are referred to each other. The device disclosed by the embodiment corresponds to the method disclosed by the embodiment, so that the description is simple, and the relevant points can be referred to the method part for description.
Those of skill would further appreciate that the various illustrative elements and algorithm steps described in connection with the embodiments disclosed herein may be implemented as electronic hardware, computer software, or combinations of both, and that the various illustrative components and steps have been described above generally in terms of their functionality in order to clearly illustrate this interchangeability of hardware and software. Whether such functionality is implemented as hardware or software depends upon the particular application and design constraints imposed on the implementation. Skilled artisans may implement the described functionality in varying ways for each particular application, but such implementation decisions should not be interpreted as causing a departure from the scope of the present application.
The steps of a method or algorithm described in connection with the embodiments disclosed herein may be embodied directly in hardware, in a software module executed by a processor, or in a combination of the two. A software module may reside in Random Access Memory (RAM), memory, Read Only Memory (ROM), electrically programmable ROM, electrically erasable programmable ROM, registers, hard disk, a removable disk, a CD-ROM, or any other form of storage medium known in the art.
The previous description of the disclosed embodiments is provided to enable any person skilled in the art to make or use the present application. Various modifications to these embodiments will be readily apparent to those skilled in the art, and the generic principles defined herein may be applied to other embodiments without departing from the spirit or scope of the application. Accordingly, the application is not intended to be limited to the embodiments shown herein,
but is to be accorded the widest scope consistent with the principles and novel features disclosed herein.

Claims (6)

1. A bank service recommendation information generation method based on network bypass is characterized by comprising the following steps:
acquiring a network layer IP data packet based on a network flow bypass technology;
the IP data packet is recombined, restored and filtered, and the processed IP data packet is sent to a bypass analysis server;
reconstructing TCP connection to obtain an application layer message corresponding to the network layer IP data packet;
analyzing the application layer message to obtain a service element, and sending the service element to a marketing system; the bypass analysis server takes the IP address and the port of the monitored service system as key values, positions the key values to the corresponding service message specification, extracts service elements from the request/response message according to the service message specification, and sends the service elements to a marketing system;
the marketing system searches based on the service elements and generates service recommendation information according to the search result without modifying a banking system;
the reestablishing the TCP connection includes:
the bypass analysis server reconstructs a transport layer session of each service request/response based on a quadruple in a network packet header, wherein the quadruple in the network packet header comprises: a source IP, a destination IP, a source port and a destination port;
the method comprises the steps that TCP sessions of service requests/responses are organized in a quadruplet Hash Table + linked list mode, each TCP session is divided into two parts of requests/responses according to a Client-Server role, the data messages of the requests/responses are stored respectively, the data parts of a continuous series of TCP messages are copied to a data area according to the sequence of SEQ fields of the TCP messages in the session direction, and meanwhile, application layer messages of the whole service transaction are obtained after a TCP state machine receives and confirms FIN (file identifier) at the request/response party;
wherein, the obtaining of the network layer IP data packet based on the network traffic bypass technology includes:
configuring a network switch corresponding to the service system;
and copying the network layer IP data packet of the service system from the mirror image port of the network switch.
2. The method of claim 1, wherein the recombining, restoring, and filtering the IP data packet, and sending the processed IP data packet to a bypass analysis server comprises:
recombining the fragmented IP data packet based on the IP data packet identifier, the fragmentation mark and the guaranteed internal offset to restore the fragmented IP data packet into an original IP data packet;
filtering the original IP data packet to obtain a filtered IP data packet;
and sending the filtered IP data packet to the bypass analysis server.
3. The method according to claim 1, wherein the parsing the application layer packet to obtain the service element comprises:
and analyzing the application layer message to obtain a service element based on the annular buffer area message queue of the lock-free algorithm.
4. A banking business recommendation information generation system based on network bypass is characterized by comprising:
the acquisition module is used for acquiring a network layer IP data packet based on a network flow bypass technology;
the sending module is used for carrying out recombination, reduction and filtering processing on the IP data packet and sending the processed IP data packet to the bypass analysis server;
the reconstruction module is used for reconstructing TCP connection to obtain an application layer message corresponding to the network layer IP data packet;
the analysis module is used for analyzing the application layer message to obtain a service element and sending the service element to a marketing system; the bypass analysis server takes the IP address and the port of the monitored service system as key values, positions the key values to the corresponding service message specification, extracts service elements from the request/response message according to the service message specification, and sends the service elements to a marketing system;
the generating module is used for the marketing system to search based on the business elements and generate business recommendation information according to a search result without modifying a banking system;
the reconstruction module is specifically configured to:
the bypass analysis server reconstructs a transport layer session of each service request/response based on a quadruple in a network packet header, wherein the quadruple in the network packet header comprises: a source IP, a destination IP, a source port and a destination port;
the method comprises the steps that TCP sessions of service requests/responses are organized in a quadruplet Hash Table + linked list mode, each TCP session is divided into two parts of requests/responses according to a Client-Server role, the data messages of the requests/responses are stored respectively, the data parts of a continuous series of TCP messages are copied to a data area according to the sequence of SEQ fields of the TCP messages in the session direction, and meanwhile, application layer messages of the whole service transaction are obtained after a TCP state machine receives and confirms FIN (file identifier) at the request/response party;
wherein the acquisition module comprises:
the configuration unit is used for configuring a network switch corresponding to the service system;
and the copying unit is used for copying the network layer IP data packet of the service system from the mirror image port of the network switch.
5. The system of claim 4, wherein the sending module comprises:
the recombination unit is used for recombining the fragmented IP data packet based on the IP data packet identifier, the fragmentation mark and the guaranteed internal offset and reducing the fragmented IP data packet into an original IP data packet;
the filtering unit is used for filtering the original IP data packet to obtain a filtered IP data packet;
and the sending unit is used for sending the filtered IP data packet to the bypass analysis server.
6. The system of claim 4, wherein the parsing module is specifically configured to:
and analyzing the application layer message to obtain a service element based on the annular buffer area message queue of the lock-free algorithm, and sending the service element to a marketing system.
CN201810391660.5A 2018-04-27 2018-04-27 Bank business recommendation information generation method and system based on network bypass Active CN108667921B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201810391660.5A CN108667921B (en) 2018-04-27 2018-04-27 Bank business recommendation information generation method and system based on network bypass

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201810391660.5A CN108667921B (en) 2018-04-27 2018-04-27 Bank business recommendation information generation method and system based on network bypass

Publications (2)

Publication Number Publication Date
CN108667921A CN108667921A (en) 2018-10-16
CN108667921B true CN108667921B (en) 2021-12-14

Family

ID=63780355

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201810391660.5A Active CN108667921B (en) 2018-04-27 2018-04-27 Bank business recommendation information generation method and system based on network bypass

Country Status (1)

Country Link
CN (1) CN108667921B (en)

Families Citing this family (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109446200B (en) * 2018-10-30 2021-04-16 ***股份有限公司 Data processing method and device
CN111294798B (en) * 2018-12-07 2023-04-28 ***通信集团陕西有限公司 Data interaction method, device, terminal equipment and medium
CN111064770B (en) * 2019-11-12 2021-11-05 国网辽宁省电力有限公司信息通信分公司 Method and system for capturing and synchronizing data bypass of power grid system
CN111818154B (en) * 2020-07-06 2022-11-18 桦蓥(上海)信息科技有限责任公司 Service pushing system and method based on network layer message analysis
CN112565111A (en) * 2020-11-24 2021-03-26 重庆农村商业银行股份有限公司 Service visualization method and system based on hardware bypass

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101296256A (en) * 2008-06-19 2008-10-29 中国电信股份有限公司 Method and system for implementing accurate information propelling by internet
CN101556609A (en) * 2009-05-19 2009-10-14 杭州信杨通信技术有限公司 Customer behavior analysis and service system based on web contents
CN105337976A (en) * 2015-11-06 2016-02-17 西安交大捷普网络科技有限公司 Real-time high-efficiency database audit realization method
CN105376092A (en) * 2015-11-19 2016-03-02 杭州当虹科技有限公司 HLS flow real-time monitoring and alarming system based on switch port mirroring
CA3010757A1 (en) * 2015-12-31 2017-07-06 Hughes Network Systems, Llc Method and system of providing carrier grade nat (cgn) to a subset of a subscriber base

Family Cites Families (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7680115B2 (en) * 2007-01-19 2010-03-16 Harris Corporation Internet protocol based encryptor/decryptor bypass device
US9419889B2 (en) * 2014-03-07 2016-08-16 Nicira, Inc. Method and system for discovering a path of network traffic
CN105119756B (en) * 2015-09-10 2019-04-09 深圳市网誉科技有限公司 A kind of network monitoring system and method based on network management platform and data analysis

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101296256A (en) * 2008-06-19 2008-10-29 中国电信股份有限公司 Method and system for implementing accurate information propelling by internet
CN101556609A (en) * 2009-05-19 2009-10-14 杭州信杨通信技术有限公司 Customer behavior analysis and service system based on web contents
CN105337976A (en) * 2015-11-06 2016-02-17 西安交大捷普网络科技有限公司 Real-time high-efficiency database audit realization method
CN105376092A (en) * 2015-11-19 2016-03-02 杭州当虹科技有限公司 HLS flow real-time monitoring and alarming system based on switch port mirroring
CA3010757A1 (en) * 2015-12-31 2017-07-06 Hughes Network Systems, Llc Method and system of providing carrier grade nat (cgn) to a subset of a subscriber base

Also Published As

Publication number Publication date
CN108667921A (en) 2018-10-16

Similar Documents

Publication Publication Date Title
CN108667921B (en) Bank business recommendation information generation method and system based on network bypass
JP6882474B2 (en) Systems and methods for detecting replay attacks
US9906630B2 (en) Processing data packets in performance enhancing proxy (PEP) environment
US8996728B2 (en) Obfuscating network traffic from previously collected network traffic
JP6905059B2 (en) Systems and methods for detecting replay attacks
AU2008239682B2 (en) A system and method for creating a list of shared information on a peer-to-peer network
US9210090B1 (en) Efficient storage and flexible retrieval of full packets captured from network traffic
US7206862B2 (en) Method and apparatus for efficiently matching responses to requests previously passed by a network node
CN112039904A (en) Network traffic analysis and file extraction system and method
JP2006279930A (en) Method and device for detecting and blocking unauthorized access
US20090129400A1 (en) Parsing and flagging data on a network
US11463383B2 (en) Multi-destination packet redaction
KR20080102505A (en) System and method detection of a file
CN112468416A (en) Network flow mirroring method and device, computer equipment and storage medium
JP5163398B2 (en) Packet identification program, packet identification method, packet identification apparatus, and control program
Las-Casas et al. A big data architecture for security data and its application to phishing characterization
CN111641589A (en) Advanced sustainable threat detection method, system, computer and storage medium
EP3718284B1 (en) Extending encrypted traffic analytics with traffic flow data
WO2019240054A1 (en) Communication device, packet processing method, and program
CN108650229A (en) A kind of network application behavior parsing restoring method and system
JP5287898B2 (en) Flow monitoring apparatus, flow monitoring method and program
CN113179251A (en) Front-end file processing method, device, equipment and machine-readable storage medium
CN112565217A (en) Protocol-based confusion communication method, client terminal, server and storage medium
JP4235907B2 (en) Worm propagation monitoring system
EP4319094A1 (en) Control method and apparatus, and computing device

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant