CN103986707A - Modular network transmission data package filter method based on general protocol - Google Patents
Modular network transmission data package filter method based on general protocol Download PDFInfo
- Publication number
- CN103986707A CN103986707A CN201410204911.6A CN201410204911A CN103986707A CN 103986707 A CN103986707 A CN 103986707A CN 201410204911 A CN201410204911 A CN 201410204911A CN 103986707 A CN103986707 A CN 103986707A
- Authority
- CN
- China
- Prior art keywords
- packet
- module
- filtering
- rule
- network transmission
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Abstract
The invention discloses a modular network transmission data package filter method based on a general protocol. A device of a filter technology controls data inflow and outflow of the network, all packages of data flow in the network transmission process are checked through the rule of the general network transmission protocol, and the data packages are filtered effectively through effective rule matching. The method is modularly divided, and a data package processing module, a drive communication module, a user-defined filter rule module and a recording and alarming module are mainly included. The data package filter method can monitor the transmission safety of the data packages of the network transmission in real time by filtering and detecting all the inflow packages and the outflow packages.
Description
Technical field
The present invention relates to the safety protection field in network transmission process, and the application of packet filtering technology, be specifically related to a kind of based on puppy parc modular network transmission packet filtering method.
Background technology
We are bright, and to take several technology points be below background:
Packet filtering technology: its principle be to utilize router to monitor and screen transmitting procedure in inflow and the outflow of packet, and refusal sends suspicious packet, due to network and network in being connected maximum use be router, so router is that of internal-external network communication must be through port, as the filter method of this packet, main is on router, to do corresponding setting for position.
Packet is the data unit in ICP/IP protocol communication transportation, structure for packet, mainly contain several as follows: version, long, COS, parcel overall length etc., but for content, mainly by target ip address, source IP address, only carry several parts such as data and form.It is very similar that the structure of packet and we write letter usually, and object IP address is that this packet of explanation is whose to be issued, and is equivalent to receiver's address; Source IP address is to illustrate that this packet, from where, is equivalent to addresser address; And only carry the content that data are equivalent to mail.Exactly because packet has such structure, installed between the computer of ICP/IP protocol and could intercom mutually.We are when the network using based on ICP/IP protocol, and what in network, in fact transmit is exactly packet.Understand packet, for the network security of network management, there is vital meaning.
ICP/IP protocol is one of the most basic agreement of Internet, is also the basis of Internet Internet, the IP agreement of network layer and the Transmission Control Protocol of transport layer, consists of.TCP/IP has defined electronic equipment and how to be connected into internet, and the standard how to transmit between them of data.Agreement has adopted the hierarchical structure of 4 layers, and the agreement that every one deck is all called out its lower one deck to be provided completes the demand of oneself.Briefly: TCP is responsible for finding the problem of transmission, if there is there being problem just to send signal, require transmission again, until all data securities are correctly transferred to destination.And IP is each address of computer regulation to internet.
Development along with network, also more and more higher for the degree of dependence of network in daily life and work, in the face of the safety problem such as website attack, poisoning intrusion and leakage of personal information, Internet Transmission aspect, for the filtration of packet, be the key modules of Protection of Network Security; For how to solve, in network transmission process, in data flow, wrap that dragons and fishes jumbled together, how bag credible and that oneself need is filtered, to not needing or incredible bag is refused the problem sending, the present invention has completed the solution based on puppy parc modular network transmission Packet Filtering.
Summary of the invention
The weak point existing for prior art, the invention provides a kind of based on puppy parc modular network transmission packet filtering method.
The invention provides a kind of based on puppy parc modular network transmission packet filtering method, its technical scheme that solve the technical problem employing is as follows: this transmission of data packet filter method, device by filtering technique is controlled data inflow and the outflow of network, by the rule of universal network host-host protocol, all bags to data flow in network transmission process check, by effective rule match, packet is effectively filtered; The present invention has carried out modular division for method, contribute to for the fractionation of function and supplement, this packet filtering method mainly by processing data packets module, drive communication module, self-defined filtering rule module, record and alarm module four parts to form; Wherein:
The Data Stream Processing module that described processing data packets module is the method, as the nucleus module of the method, is responsible for the filtration coupling of packet and the intercepting and capturing of packet;
Whether the driver that described driving communication module is the method and interapplication communications module, be responsible for notification application and packet judged accept or forgo data bag;
Described self-defined filtering rule module is the method filtering rule setting module, is responsible for according to variety of network environments, and self-defined change and setting to rule rule, solve different filtered models;
Described record and alarm module are the output of the method and show logging modle, are responsible for the processing daily record in packet filtering process and various warning setting to carry out unified management, and the method for management and the storage of log information is provided.
In addition, this packet filtering method, by filtration and detection to all inflows and outflow bag, is accomplished the transmission safety of the packet of real-time monitor network transmission; By record and alarm module, can effectively to the problem occurring in filter process, carry out visual analyzing, help the safety of better monitor network; By the setting of self-defined filtering rule module, can accomplish, according to different networks and environment, to customize in real time and efficiently exclusive filtering scheme, solve Internet Transmission problem.
Beneficial effect based on puppy parc modular network transmission packet filtering method disclosed by the invention is:
By transmitting packet filtering method based on puppy parc modular network, solved in network transmission process the real-time monitoring of packet and the function of filtration, the definition of innovating in design process self-defined filtering rule module and record and alarm module, be used for, according to complicated and changeable network environment is carried out effective self-defining counte-rplan, having improved fail safe and the flexibility of Internet Transmission; In addition, data filter method in network transmission process has been done to some optimizations to the impact of efficiency of transmission, for packet capturing in Internet Transmission and analysis package, have some to optimize, web transfer of data and processing aspect for the Internet, have boundless development prospect.
Accompanying drawing explanation
Accompanying drawing 1 is packet cut-away view;
Accompanying drawing 2 is our bright filter method workflow diagram.
Embodiment
Below by accompanying drawing, to of the present invention, a kind ofly based on puppy parc modular network transmission packet filtering method, be described in further details, do not cause limitation of the present invention.
We are bright in network transmission process; for some confined or undesired bags, carry out certain filtration; make it can not pass through smoothly port; be a kind of mode of effective protected data transmission security, and the safety problem in network transmission process is carried out to an effective solution.By mainly solving following several problem based on puppy parc modular network transmission packet filtering method, the first, in network transmission process, for some confined or undesired bags, carry out certain filtration, make it not pass through smoothly port, find a kind of mode of effective protected data transmission security; The second, due to the variation with rapid changepl. never-ending changes and improvements of network, for mode and the rule of filtering, also can change accordingly at any time, how can according to the needs of oneself, effectively change fast, be also the important module of filter method total solution; Three, for daily record or the record of the unknown or known processing problem, how effectively to manage and to store, and can therefrom excavate more valuable key issue, analyze the variation of current network environment, be also one of problem of solving of the present invention;
In addition, for transmitting packet filtering method based on puppy parc modular network, in to bag processing procedure, driving is important one with communicating by letter of application program, for packet, obtain and filter interception, how accomplishing in guaranteed performance and intercepting efficiency, not have influence on normal data communication, is also the problem solving.
To achieve these goals, what we were bright transmits packet filtering method based on puppy parc modular network, device by filtering technique is controlled data inflow and the outflow of network, by the rule of universal network host-host protocol, all bags to data flow in network transmission process check, for the part of packet inspection, only relate to source address, destination address and the TCP/IP port numbers etc. of packet, by effective rule match, packet is effectively filtered; The present invention has carried out modular division for method, contributes to for the fractionation of function and supplements, and this packet filtering method mainly contains processing data packets module, drives communication module, self-defined filtering rule module, record and alarm module four parts compositions; Wherein:
The Data Stream Processing module that described processing data packets module is the method, as the nucleus module of the method, is responsible for the filtration coupling of packet and the intercepting and capturing of packet;
Whether the driver that described driving communication module is the method and interapplication communications module, be responsible for notification application and packet judged accept or forgo data bag;
Described self-defined filtering rule module is the method filtering rule setting module, is responsible for according to variety of network environments, and self-defined change and setting to rule rule, solve different filtered models;
Described record and alarm module are the output of the method and show logging modle, are responsible for the processing daily record in packet filtering process and various warning setting to carry out unified management, and the method for management and the storage of log information is provided.
In addition, this packet filtering method, by filtration and detection to all inflows and outflow bag, is accomplished the transmission safety of the packet of real-time monitor network transmission; By record and alarm module, can effectively to the problem occurring in filter process, carry out visual analyzing, help the safety of better monitor network; By the setting of self-defined filtering rule module, can accomplish, according to different networks and environment, to customize in real time and efficiently exclusive filtering scheme, solve Internet Transmission problem.
As shown in Figure 2, the our bright concrete implementation step based on puppy parc modular network transmission packet filtering method is as follows:
Step 1, first capture packet, intranet and extranet packet is filtered one by one and checked, need to realize by processing data packets module, take packet and process;
After step 2, processing data packets module are taken packet, call the matching check that self-defined filtering rule module is carried out filtering rule, and carry out filtration and the parsing of packet;
Step 3, call and drive communication module notification application to judge packet, feed back this packet and whether accept or abandon;
Step 4, when packet by time (all flow processs pass by after), need to carry out a log recording to whole filter process, if there is problem, need to report to the police, these complete by recording with alarm module; Otherwise, if packet does not pass through, return to step 2 and carry out.
Within the spirit and principles in the present invention all, any modification of doing, be equal to replacement, improvement etc., within all should being included in protection scope of the present invention.
Claims (5)
1. one kind transmits packet filtering method based on puppy parc modular network, it is characterized in that, this transmission of data packet filter method, device by filtering technique is controlled data inflow and the outflow of network, by the rule of universal network host-host protocol, all bags to data flow in network transmission process check, by effective rule match, packet are effectively filtered; This transmission of data packet filter method has carried out modular division, mainly processing data packets module, driving communication module, self-defined filtering rule module, record and alarm module four parts, consists of; Wherein:
The Data Stream Processing module that described processing data packets module is the method, as the nucleus module of the method, is responsible for the filtration coupling of packet and the intercepting and capturing of packet;
Whether the driver that described driving communication module is the method and interapplication communications module, be responsible for notification application and packet judged accept or forgo data bag;
Described self-defined filtering rule module is the method filtering rule setting module, is responsible for according to variety of network environments, and self-defined change and setting to rule rule, solve different filtered models;
Described record and alarm module are the output of the method and show logging modle, are responsible for the processing daily record in packet filtering process and various warning setting to carry out unified management, and the method for management and the storage of log information is provided.
2. according to claim 1ly based on puppy parc modular network transmission packet filtering method, it is characterized in that, this packet filtering method is to all inflows and flow out bag and filter and detect, and the packet of Internet Transmission is accomplished to real-time monitoring.
3. according to claim 1ly based on puppy parc modular network transmission packet filtering method, it is characterized in that, by described record and alarm module, can effectively to the problem occurring in filter process, carry out visual analyzing.
4. according to claim 1 based on puppy parc modular network transmission packet filtering method, it is characterized in that, by the setting of described self-defined filtering rule module, can, according to different networks and environment, customize in real time and efficiently exclusive filtering scheme.
5. according to claim 1ly based on puppy parc modular network transmission packet filtering method, it is characterized in that, the concrete implementation step of this packet filtering method is as follows:
Step 1, by processing data packets module, intranet and extranet packet filtered one by one and checked, and taking packet and process;
After step 2, processing data packets module are taken packet, call the matching check that self-defined filtering rule module is carried out filtering rule, and carry out filtration and the parsing of packet;
Step 3, call and drive communication module notification application to judge packet, feed back this packet and whether accept or abandon;
If step 4 is worked as packet, pass through, by record and alarm module, whole filter process is carried out to a log recording, while going wrong, report to the police; Otherwise, if packet does not pass through, return to step 2 and carry out.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201410204911.6A CN103986707A (en) | 2014-05-15 | 2014-05-15 | Modular network transmission data package filter method based on general protocol |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201410204911.6A CN103986707A (en) | 2014-05-15 | 2014-05-15 | Modular network transmission data package filter method based on general protocol |
Publications (1)
Publication Number | Publication Date |
---|---|
CN103986707A true CN103986707A (en) | 2014-08-13 |
Family
ID=51278532
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201410204911.6A Pending CN103986707A (en) | 2014-05-15 | 2014-05-15 | Modular network transmission data package filter method based on general protocol |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN103986707A (en) |
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN111988328A (en) * | 2020-08-26 | 2020-11-24 | 中国电力科学研究院有限公司 | Safety guarantee method and system for acquiring terminal data of power generation unit of new energy plant station |
CN113053493A (en) * | 2019-12-27 | 2021-06-29 | 无锡祥生医疗科技股份有限公司 | Data processing platform |
Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20070050846A1 (en) * | 2005-08-30 | 2007-03-01 | Fortinet, Inc. | Logging method, system, and device with analytical capabilities for the network traffic |
CN101656634A (en) * | 2008-12-31 | 2010-02-24 | 暨南大学 | Intrusion detection system and method based on IPv6 network environment |
CN102523309A (en) * | 2009-07-31 | 2012-06-27 | 同方威视技术股份有限公司 | Method and equipment for responding request of client side and acquiring and returning real-time data |
CN102970306A (en) * | 2012-12-18 | 2013-03-13 | 中国科学院计算机网络信息中心 | Intrusion detection system under Internet protocol version 6 (IPv6) network environment |
-
2014
- 2014-05-15 CN CN201410204911.6A patent/CN103986707A/en active Pending
Patent Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20070050846A1 (en) * | 2005-08-30 | 2007-03-01 | Fortinet, Inc. | Logging method, system, and device with analytical capabilities for the network traffic |
CN101656634A (en) * | 2008-12-31 | 2010-02-24 | 暨南大学 | Intrusion detection system and method based on IPv6 network environment |
CN102523309A (en) * | 2009-07-31 | 2012-06-27 | 同方威视技术股份有限公司 | Method and equipment for responding request of client side and acquiring and returning real-time data |
CN102970306A (en) * | 2012-12-18 | 2013-03-13 | 中国科学院计算机网络信息中心 | Intrusion detection system under Internet protocol version 6 (IPv6) network environment |
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN113053493A (en) * | 2019-12-27 | 2021-06-29 | 无锡祥生医疗科技股份有限公司 | Data processing platform |
CN111988328A (en) * | 2020-08-26 | 2020-11-24 | 中国电力科学研究院有限公司 | Safety guarantee method and system for acquiring terminal data of power generation unit of new energy plant station |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US10397277B2 (en) | Dynamic data socket descriptor mirroring mechanism and use for security analytics | |
CN105429963B (en) | Intrusion detection analysis method based on Modbus/Tcp | |
CN102594625B (en) | White data filtering method in a kind of APT intelligent detection and analysis platform and system | |
CN109558366B (en) | Firewall based on multiprocessor architecture | |
CN108848067A (en) | The OPC protocol security means of defence of intelligence learning and preset read-only white list rule | |
US8891546B1 (en) | Protocol splitter | |
CN102055674B (en) | Internet protocol (IP) message as well as information processing method and device based on same | |
CN109766695A (en) | A kind of network security situational awareness method and system based on fusion decision | |
CN102739473A (en) | Network detecting method using intelligent network card | |
CN101197715B (en) | Method for centrally capturing mobile data service condition | |
CN101521578B (en) | Method for detecting computer illegal external connection in closed network | |
CN102801659A (en) | Implementation method and device for security gateway based on stream strategy | |
KR20150037285A (en) | Apparatus and method for intrusion detection | |
CN101136797A (en) | Detection of inside and outside network physical connection, on-off control method and device for using the same | |
CN106647675A (en) | Industrial control system configuration file and configuration data real-time monitoring method | |
CN104660552A (en) | Wireless local area network (WLAN) intrusion detection system | |
CN103618720B (en) | A kind of Trojan network communication detects and evidence collecting method and system | |
CN109922048A (en) | One kind serially dispersing concealed threat Network Intrusion detection method and system | |
CN103634166B (en) | Equipment survival detection method and equipment survival detection device | |
CN103986707A (en) | Modular network transmission data package filter method based on general protocol | |
CN102694815A (en) | Safety protection method, control unit and industrial control system | |
Kalnoor et al. | Detection of intruder using KMP pattern matching technique in wireless sensor networks | |
CN202979014U (en) | Network isolation device | |
Chi | Intrusion detection system based on snort | |
CN107733941A (en) | A kind of realization method and system of the data acquisition platform based on big data |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
WD01 | Invention patent application deemed withdrawn after publication |
Application publication date: 20140813 |
|
WD01 | Invention patent application deemed withdrawn after publication |