摘要
提出了一种基于多模式匹配的状态检测方案,借助网络处理器PowerPC MPC8572E的模式匹配模块及其状态规则引擎,能够针对包含多种特征信息的协议,检测出协议所包含的所有特征模式,判断模式间的关联关系与建立的状态规则库是否一致,从而有效的识别该类协议数据。以FTP协议为例,分析了协议的各个状态,从实验结果可以看到,检测方案能够有效检测出FTP的状态转移过程。对于不同的协议,检测方案可以设定不同的状态规则,捕获协议的复杂状态迁移过程,从而有效监控数据流的交互过程,判断协议数据的合法性。
This paper puts forward a method of the stateful inspection based on the multi-pattern matching.For some protocols with multiple features,all the feature patterns can be detected with the aid of the pattern match module and its stateful rule engine,which below to the network processor MPC8572E.Through comparing the association in the patterns with the established stateful rule base,data of some protocol can be inspected effectively.In this paper,it takes the FTP as an example to analyze all the states of the protocol.The experiment shows that the method mentioned has detected the process of FTP state transition effectively.For different protocols,different stateful rules can be set to capture the complex state transition of some protocol.In this way,it can monitor the interactive process data flow,and judge the validity.
出处
《电子测量技术》
2010年第11期98-101,共4页
Electronic Measurement Technology
基金
上海市重点学科建设基金资助项目(S30108)
