CN114257456B - Control method and system for breakpoint continuous file transfer based on FTP protocol - Google Patents
Control method and system for breakpoint continuous file transfer based on FTP protocol Download PDFInfo
- Publication number
- CN114257456B CN114257456B CN202111635356.9A CN202111635356A CN114257456B CN 114257456 B CN114257456 B CN 114257456B CN 202111635356 A CN202111635356 A CN 202111635356A CN 114257456 B CN114257456 B CN 114257456B
- Authority
- CN
- China
- Prior art keywords
- file
- data
- virus
- uploaded
- value
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000000034 method Methods 0.000 title claims abstract description 30
- 238000012546 transfer Methods 0.000 title claims abstract description 10
- 241000700605 Viruses Species 0.000 claims abstract description 211
- 238000001514 detection method Methods 0.000 claims abstract description 101
- 238000007781 pre-processing Methods 0.000 claims abstract description 31
- 230000003993 interaction Effects 0.000 claims description 20
- 238000004891 communication Methods 0.000 claims description 2
- 230000005540 biological transmission Effects 0.000 abstract description 35
- 230000008569 process Effects 0.000 description 10
- 230000004083 survival effect Effects 0.000 description 6
- 238000012545 processing Methods 0.000 description 4
- 230000006870 function Effects 0.000 description 2
- 230000009385 viral infection Effects 0.000 description 2
- 230000002159 abnormal effect Effects 0.000 description 1
- 230000008859 change Effects 0.000 description 1
- 238000011217 control strategy Methods 0.000 description 1
- 238000001914 filtration Methods 0.000 description 1
- ZXQYGBMAQZUVMI-GCMPRSNUSA-N gamma-cyhalothrin Chemical compound CC1(C)[C@@H](\C=C(/Cl)C(F)(F)F)[C@H]1C(=O)O[C@H](C#N)C1=CC=CC(OC=2C=CC=CC=2)=C1 ZXQYGBMAQZUVMI-GCMPRSNUSA-N 0.000 description 1
- 238000012544 monitoring process Methods 0.000 description 1
- 238000002360 preparation method Methods 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1416—Event detection, e.g. attack signature detection
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
- H04L63/145—Countermeasures against malicious traffic the attack involving the propagation of malware through the network, e.g. viruses, trojans or worms
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/06—Protocols specially adapted for file transfer, e.g. file transfer protocol [FTP]
-
- Y—GENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y02—TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
- Y02D—CLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
- Y02D30/00—Reducing energy consumption in communication networks
- Y02D30/50—Reducing energy consumption in communication networks in wire-line communication networks, e.g. low power modes or reduced link rate
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Health & Medical Sciences (AREA)
- General Health & Medical Sciences (AREA)
- Virology (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The application provides a control method and a control system for breakpoint continuous transmission files based on an FTP (File transfer protocol), which are used for obtaining characteristic information by carrying out characteristic preprocessing on data files, and establishing index nodes to store the characteristic information so as to facilitate file pre-detection and data packet retransmission. The transmitted file length is compared with the virus file length in the virus library to preliminarily judge whether the data file is infected with viruses, and then the transmitted file md5 value is compared with the virus file md5 value in the virus library to further judge whether the data file is infected with viruses, so that the step of caching each uploaded file and then detecting the md5 value is avoided, and the cache space is saved. And retransmitting the final sub-data packet of the virus file by adopting a new data stream, importing the final sub-data packet by calling the data file name in the index node, and accurately controlling the retransmission data stream, thereby solving the problem that the uploading of the virus file by adopting a breakpoint continuous transmission mode cannot be controlled.
Description
Technical Field
The application relates to the field of network technical safety, in particular to a control method and a system for breakpoint continuous file transfer based on an FTP protocol.
Background
Computer viruses are a program that can act as a compromise to computer information or systems, where the transmission of internet viruses across a network results in more and more data carrying the viruses. In enterprises, FTP protocol is often used to upload and download data files to a data server, so that virus detection is required for the files.
The current method for detecting viruses of the data file in the uploading or downloading process is to monitor the md5 value of the data file and judge whether the data file carries viruses according to the md5 value. The operation process is that firstly, the data file is cached, after the completion of transmission is detected, the md5 value of the cached data file is calculated, if the md5 value of the data file is found to be abnormal, the current data file is judged to carry virus, and the data packet of the current data file is discarded.
The method for caching the file and then monitoring the md5 value can monitor whether the data file carries viruses or not, but needs larger cache space when downloading a large amount of data files, and has higher requirement on the performance of a computer. While buffer space congestion affects the operating speed of the computer.
Disclosure of Invention
The application provides a control method and a control system for breakpoint continuous file based on an FTP protocol, which are used for solving the problem that the running speed of a computer is reduced due to overlarge occupied memory when viruses are detected by a method of firstly caching data files and then detecting md5 values during data interaction.
The application provides a control method of breakpoint continuous transmission files based on an FTP protocol, which is used for a communication system in which a client adopts the FTP protocol and performs data interaction with a server in a breakpoint continuous transmission mode; the control method is characterized by comprising the following steps:
before the client performs data interaction with the server, the data file is subjected to characteristic preprocessing.
The feature preprocessing is used for extracting feature information of the data file, and the feature information comprises: user ip, server ip, name of the uploaded file, md5 value of the uploaded file and uploaded file data uploaded length. The user ip and the server ip are used for limiting a client and a server for data exchange. The name of the uploading file is used for calling the data packet in the virus detection process and the data packet uploading process. The uploaded file has an uploaded portion md5 value for virus detection of the data file. The uploaded file data has an uploaded length for virus pre-detection of the data file.
The virus detection device sets a timer to manage the index node for storing the feature preprocessing information.
The index node is used for storing the characteristic information of the data file, and a timer is set for controlling the existence time of the index node in order to not occupy the memory of the computer. The existence time of the index node is slightly longer than the transmission speed of the data file, and the index node can be deleted in advance according to the detection result after the data file is subjected to virus detection.
When the client side and the server perform data interaction, the virus detection equipment performs virus detection on the data file.
The virus detection is divided into file length pre-detection and md5 value detection. The file length pre-detection has the advantages that the file length is compared before md5 value operation is carried out, the data length of the file is inconsistent with the data length of the virus file in the virus library, the file can be judged to be a non-virus file, and the corresponding index node can be directly deleted and the current uploading file can be saved. If the length of the virus file is consistent with that of the virus file, the md5 virus detection is further carried out.
And deleting or storing the data file according to the virus detection result of the data file.
The virus detection result comprises: the data file is normal and infects viruses. And storing and managing the data file with the normal detection result by the server, and re-uploading the data file with the detection result of virus infection and deleting the current node.
Optionally, before the client performs data interaction with the server, the step of performing feature and processing on the data file includes:
an inode is created.
The index node is used for storing the characteristic information of the data file, the timer and the management module jointly control the existing time, and the index node is automatically deleted after virus detection is completed.
Adding node members to the index node, the node members comprising: user ip, server ip, name of the uploaded file, md5 value of the uploaded file and uploaded file data uploaded length.
The name of the uploading file is used for calling the data packet in the virus detection process and the data packet uploading process. The uploaded file has an uploaded portion md5 value for virus detection of the data file. The uploaded file data has an uploaded length for virus pre-detection of the data file.
The data package of the file to be uploaded is divided into a plurality of sub-data packages.
And dividing the data packet of the file into sub-data packets with equal size according to the transmission rule of breakpoint continuous transmission, and uploading the sub-data packets in sequence.
The client adds FIN tag to the final sub-packet.
And extracting the characteristics of the data file through characteristic preprocessing, and establishing an index node for storing characteristic information to provide a data calling basis for virus detection. Meanwhile, the data packet is divided into a plurality of sub-data packets with the same size, so that preparation is made for breakpoint continuous transmission of the data file, and the final sub-data packet is added with a FIN mark so as to facilitate identification of completion of uploading of the data file.
Optionally, the step of setting the timer by the virus detection device to manage the index node for storing the feature preprocessing information includes:
a node presence time threshold is set in a timer.
The time threshold is used for limiting the existence time of the index nodes, and different time thresholds are set for each index node according to the transmission speed of the data file.
And judging whether the node existence time exceeds the time threshold.
And if the node existence time exceeds the time threshold, deleting the node.
After feature preprocessing is carried out on the data file and a timer management index node is set, data interaction can be started, and virus detection is synchronously carried out. Optionally, when the client performs data interaction with the server, the step of performing virus detection on the data file by using the virus detection device includes:
and judging whether the current sub-data packet is a final sub-data packet or not.
And pre-detecting the uploaded file.
And detecting the md5 value of the uploaded file.
The server detects the FIN mark when receiving each sub-packet, and enters a virus detection stage when detecting that the sub-packet currently transmitted has the FIN mark. And pre-detecting the data file according to the file length so as to detect the md5 virus.
Optionally, the step of determining whether the current sub-packet is a final sub-packet includes:
it is identified whether the current sub-packet is marked with FIN.
If the current data packet has the FIN mark, the current sub data packet is judged to be the final sub data packet, and the file corresponding to the final sub data packet is pre-checked.
If the current data packet does not have the FIN mark, the value of the uploaded part md5 and the uploaded file data uploaded length in the index node are updated.
And confirming whether the currently transmitted sub-data packet is a final sub-data packet or not according to the FIN mark, and performing pre-detection operation until the final sub-data packet is found, and judging whether the current file is a suspected virus file or not by performing addition operation on the length of the uploaded file and the length of the file uploaded by the current final sub-data packet and matching the length of the virus file data in the virus library.
Optionally, the step of pre-detecting the uploaded file includes:
and carrying out summation operation on the uploaded file data in the index node and the data length of the final sub-data packet to obtain the total length of the data of the current uploaded file.
And comparing the total length of the data of the current uploading file with the data length of the virus files in the virus library, and detecting whether the length of the uploading file is equal to the data length of the virus files in the virus library.
Comparing the length of the current uploading file with the length of the virus files in the virus library, if the obtained lengths are equal, detecting md5 viruses, if the obtained lengths are not equal, directly judging the files as non-virus files, storing the current data files and deleting index nodes.
Optionally, the step of comparing the total length of data of the current uploaded file with the length of data of the virus files in the virus library to detect whether the length of the uploaded file is equal to the length of data of the virus files comprises:
if the values are not equal, judging the current uploading file as a non-virus file, directly deleting the current index node, exiting the pre-detection flow, and storing the current uploading file.
If the values are equal, judging that the current uploaded file is a suspected virus file, and continuing detecting the md5 value.
The md5 value is derived from the md5 message digest algorithm and is a cryptographic hash function that can generate a 128-bit hash value to ensure that the data file message transmissions are completely consistent. The md5 value of the data file carrying the virus will change, so that virus detection can be performed on the data file by checking that the md5 value of the data file matches with the md5 value of the existing virus file in the virus library.
Optionally, the step of detecting the md5 value of the uploaded file includes:
and calculating the md5 value of the uploaded part of the file and the md5 value of the final sub-data packet to obtain the md5 value of the current uploaded file.
And matching the md5 value of the current uploading file with the md5 value of the virus file in the virus library, and storing or deleting the current uploading file according to the matching result.
The original md5 value of the data file is stored in the index node, the md5 value of the data file after transmission is divided into the md5 value of the uploaded part and the md5 value of the final sub-data packet, the md5 value of the data file after transmission is calculated based on the md5 values of the two parts after transmission, the md5 value of the data file after transmission is compared with the md5 value of the virus file in the virus library, and if the md5 value of the data file after transmission is the virus file, the transmitted data file is the virus file.
Optionally, the step of deleting or saving the data file according to the virus detection result of the data file includes:
if the md5 value of the current uploading file is successfully matched with the md5 value of the virus file in the virus library, judging that the current uploading file is the virus file, and carrying out packet loss processing on the final sub-data packet.
The final sub-data packet is associated by using a new data stream in combination with the names of the user ip, the server ip and the uploaded file;
and uploading the final sub-data packet by using a new data stream, and detecting the md5 value again.
And if the value of md5 is not detected yet, discarding the uploading of the final sub-data packet.
If the md5 value of the current uploading file fails to match with the md5 value of the virus file in the virus library, judging that the current uploading file passes the virus detection, and storing and deleting the index node.
The new data stream is adopted to continuously upload the final sub-data packet, so that the virus threat of the old data stream can be avoided, meanwhile, the client limits the number of the new data streams, the number of times of uploading the final sub-data packet by the new data stream is limited, and the problem that the data stream uploads the virus file infinitely in the breakpoint continuous transmission process is avoided.
The application also provides a control system for breakpoint continuous file transmission based on the FTP protocol, which comprises: the device comprises a preprocessing module, a management module and an execution module;
the preprocessing module is used for carrying out characteristic preprocessing on the data file before the client side and the server carry out data interaction.
The management module is used for controlling the virus detection device to set a timer to manage the index node for storing the characteristic preprocessing information.
The management module is also used for controlling the virus detection equipment to detect viruses on the data file when the client side and the server interact data.
The execution module is used for deleting or storing the data file according to the virus detection result of the data file.
The application provides a control method and a control system for breakpoint continuous transmission files based on an FTP (File transfer protocol), which are used for obtaining characteristic information by carrying out characteristic preprocessing on data files, and establishing index nodes to store the characteristic information so as to facilitate file pre-detection and data packet retransmission. The transmitted file length is compared with the virus file length in the virus library to preliminarily judge whether the data file is infected with viruses, and then the transmitted file md5 value is compared with the virus file md5 value in the virus library to further judge whether the data file is infected with viruses, so that the step of caching each uploaded file and then detecting the md5 value is avoided, the cache space is saved, and meanwhile, the virus detection is more efficient. And retransmitting the final sub-data packet of the virus file by adopting a new data stream, importing the final sub-data packet by calling the data file name in the index node, limiting the using times of the new data stream, and avoiding the problem of infinitely uploading the virus file in the breakpoint continuous transmission process.
Drawings
In order to more clearly illustrate the technical solutions of the present application, the drawings that are needed in the embodiments will be briefly described below, and it will be obvious to those skilled in the art that other drawings can be obtained from these drawings without inventive effort.
FIG. 1 is a flow chart of a control method for breakpoint continuous file transfer based on an FTP protocol;
FIG. 2 is a flow chart of feature preprocessing of a data file before a client performs data interaction with a server;
FIG. 3 is a flowchart of the operations for deleting or saving the data file according to the virus detection result of the data file.
Detailed Description
Reference will now be made in detail to the embodiments, examples of which are illustrated in the accompanying drawings. When the following description refers to the accompanying drawings, the same numbers in different drawings refer to the same or similar elements, unless otherwise indicated. The embodiments described in the examples below do not represent all embodiments consistent with the present application. Merely as examples of systems and methods consistent with some aspects of the present application as detailed in the claims.
The application provides a control method of breakpoint continuous file based on an FTP protocol, which is described in detail below with reference to fig. 1, and includes:
before the client performs data interaction with the server, the data file is subjected to characteristic preprocessing.
The feature preprocessing is used for extracting feature information of the data file, and the feature information comprises: user ip, server ip, name of the uploaded file, value of the uploaded part md5 of the uploaded file, and uploaded length of the uploaded file data. The user ip and the server ip are used for limiting a client and a server for data exchange. The name of the uploading file is used for calling the data packet in the virus detection process and the data packet uploading process. The uploaded file has an uploaded portion md5 value for virus detection of the data file. The uploaded file data has an uploaded length for virus pre-detection of the data file.
The virus detection device sets a timer to manage the index node for storing the feature preprocessing information.
The index node is used for storing the characteristic information of the data file, and a timer is set for controlling the existence time of the index node in order to not occupy the memory of the computer. The existence time of the index node is slightly longer than the transmission speed of the data file, and the index node can be deleted in advance according to the detection result after the data file is subjected to virus detection.
When the client and the server perform data interaction, the virus detection equipment combines a virus library to perform virus detection on the data file.
The virus detection is divided into file length pre-detection and md5 value detection. The file length pre-detection has the advantages that the file length is compared before md5 value operation is carried out, the data length of the file is inconsistent with the data length of the virus file in the virus library, the file can be judged to be a non-virus file, and the corresponding index node can be directly deleted and the current uploading file can be saved. If the length of the virus file is consistent with that of the virus file, the md5 virus detection is further carried out.
The virus library is in a database form, can be used even if called, is internally provided with a virus file sample, and comprises virus file length and md5 value information. The virus library content is updated all the time to expand the virus detection range.
And deleting or storing the data file according to the virus detection result of the data file.
The virus detection result comprises: the data file is normal and infects viruses. And storing and managing the data file with the normal detection result by the server, and re-uploading the data file with the detection result of virus infection and deleting the current node.
Before the client performs data interaction with the server, the client performs feature preprocessing on the data file to be interacted to obtain feature information of the data file, and the following details of the steps of performing feature and processing on the data file before the client performs data interaction with the server are described with reference to fig. 2:
an inode is created.
The index node is used for storing the characteristic information of the data file, the timer and the management module jointly control the existing time, and the index node is automatically deleted after virus detection is completed.
Adding node members to the index node, the node members comprising: user ip, server ip, name of the uploaded file, md5 value of the uploaded file and uploaded file data uploaded length.
The name of the uploading file is used for calling the data packet in the virus detection process and the data packet uploading process. The uploaded file has an uploaded portion md5 value for virus detection of the data file. The uploaded file data has an uploaded length for virus pre-detection of the data file.
The data package of the file to be uploaded is divided into a plurality of sub-data packages.
And dividing the data packet of the file into sub-data packets with equal size according to the transmission rule of breakpoint continuous transmission, and uploading the sub-data packets in sequence.
The client adds FIN tag to the final sub-packet.
Creating an index node, adding node members for the index node, dividing a data file, adding FIN marks for preparing work before data file transmission, wherein the index node is a storage space, the file is disabled after transmission, survival time control is needed for the index node in order to prevent the index node from idling, the following steps of setting a timer for a virus detection device to manage the index node for storing characteristic preprocessing information are described, and the steps comprise:
a node presence time threshold is set in a timer.
The time threshold is the maximum value of the survival time of the index node, the survival time of the index node exceeds the time threshold or the data file is confirmed to be uploaded, and the index node is deleted.
And judging whether the node existence time exceeds the time threshold.
Recording the survival time of the index node after the data file is uploaded, comparing the survival time with a time threshold value, and deleting the index node when the survival time is greater than the time threshold value. The inode may be deleted until the time to live reaches a time threshold.
And if the node existence time exceeds the time threshold, deleting the node.
Establishing an index node, adding characteristic information to the index node, adopting a control strategy for the index node, namely starting to transmit the data file, and performing virus detection on the transmitted data file. The step of virus detection of the data file by the virus detection device comprises the following steps:
and judging whether the current sub-data packet is a final sub-data packet or not.
The final sub-packet marks that the data file is about to be transmitted, virus detection can be started, and whether the current sub-packet is the final sub-packet is judged by identifying the FIN mark.
And pre-detecting the uploaded file.
The pre-detection is used for preliminarily filtering the virus file, and the md5 value of each sub-data packet is not required to be calculated. The length of the transmitted data file is obtained only according to the uploaded length of the data file and the file length of the final sub-data packet, and the data file is compared with the length of the virus file in the virus library to preliminarily judge whether the data file carries viruses. If the transmitted file length is not consistent with the virus file length in the virus library, directly storing the current data file and deleting the index node.
And updating 1 time after the uploaded data file length is uploaded by 1 sub-data packet through breakpoint continuous uploading, storing the result into the index node, continuously accumulating until the final sub-data packet appears, and performing pre-detection together.
And detecting the md5 value of the uploaded file.
And detecting md5 as a final detection step of whether the file carries viruses or not, calculating the md5 value of the transmitted data file according to the md5 value of the sub-data packet of the uploaded data file and the md5 value of the final sub-data packet, and matching the md5 value with the md5 value of the virus file stored in the virus library, wherein if the matching is successful, the transmitted data file is the virus file.
Before pre-detection and md5 value detection, the current sub-packet needs to be confirmed as the final sub-packet, and the step of judging that the current sub-packet is the final sub-packet comprises the following steps:
it is identified whether the current sub-packet is marked with FIN.
And the server or the client synchronously detects the FIN mark when receiving the sub-data packet, and the detection of the FIN mark indicates that the transmission is completed.
If the current sub-data packet has the FIN mark, the current sub-data packet is judged to be a final sub-data packet, and the file corresponding to the final sub-data packet is pre-detected.
If the current data packet does not have the FIN mark, the value of the uploaded part md5 and the uploaded file data uploaded length in the index node are updated.
The steps of pre-detecting and md5 detecting, which need to pre-detect the uploaded file by calling the characteristic information stored in the index node and the characteristic information of the final sub-data packet, include:
and carrying out summation operation on the uploaded file data in the index node and the data length of the final sub-data packet to obtain the total length of the data of the current uploaded file.
And comparing the total length of the data of the current uploading file with the data length of the virus files in the virus library, and detecting whether the length of the uploading file is equal to the data length of the virus files in the virus library.
The numerical relationship is embodied as whether the data files are equal, and if so, the data files are suspected virus files, but the data files can be confirmed only by further virus detection. If the index nodes are not equal, the data files are indicated to be detected in advance, the current data files are directly stored, and the corresponding index nodes are deleted.
Optionally, the step of comparing the total length of data of the current uploaded file with the length of data of the virus files in the virus library to detect whether the length of the uploaded file is equal to the length of data of the virus files comprises:
if the values are not equal, judging the current uploading file as a non-virus file, directly deleting the current index node, exiting the pre-detection flow, and storing the current uploading file.
If the values are equal, judging that the current uploaded file is a suspected virus file, and continuing detecting the md5 value.
And starting md5 value detection, namely calling the md5 value of the uploaded file part stored in the index node and the md5 value of the current final sub-data packet to calculate the md5 value of the transmitted data file, and judging whether the data file carries viruses or not through md5 value matching.
Optionally, the step of detecting the md5 value of the uploaded file includes:
calculating the md5 value of the uploaded part of the file and the md5 value of the final sub-data packet to obtain the md5 value of the current uploaded file;
and matching the md5 value of the current uploading file with the md5 value of the virus file in the virus library, and storing or deleting the current uploading file according to the matching result.
Optionally, the steps of deleting or saving the data file according to the virus detection result of the data file are described with reference to fig. 3, where the steps include:
if the md5 value of the current uploading file is successfully matched with the md5 value of the virus file in the virus library, judging that the current uploading file is the virus file, and carrying out packet loss processing on the final sub-data packet.
And associating the final sub-data packet by using a new data stream in combination with the names of the user ip, the server ip and the uploaded file.
And uploading the final sub-data packet by using a new data stream, and detecting the md5 value again.
The new data stream transmission times are limited by the client or the server, so that the virus file can be prevented from being uploaded unrestricted in the breakpoint continuous transmission process and then blacked out by the gateway. And the characteristic information of the data file is used for associating a plurality of data streams to re-upload the data file, so that the problem that the virus file is repeatedly uploaded to influence the corresponding client to upload other data due to the limitation of single data stream is avoided. After the data stream is replaced, other data files can be transmitted by the data stream which is used for transmitting the virus file before, so that the transmission efficiency of breakpoint continuous transmission is improved.
And if the value of md5 is not detected yet, discarding the uploading of the final sub-data packet.
If the md5 value of the current uploading file fails to match with the md5 value of the virus file in the virus library, judging that the current uploading file passes the virus detection, and storing and deleting the index node.
The application also provides a control system for breakpoint continuous file transmission based on the FTP protocol, which comprises: the device comprises a preprocessing module, a management module and an execution module.
The preprocessing module is used for carrying out characteristic preprocessing on the data file before the client side and the server carry out data interaction.
The management module is used for controlling the virus detection equipment to set a timer and managing the index node used for storing the characteristic preprocessing information.
And the management module is used for controlling the virus detection equipment to combine the virus library to detect the viruses of the data file when the client side and the server perform data interaction.
The execution module is used for deleting or storing the data file according to the virus detection result of the data file.
To further illustrate the advantages of the present application, a detailed operation is described in conjunction with the examples:
the client uploads a file named Trojan.Win32.agent to the data server, the file needs 10 sub-data packets to be transmitted, the ip address of the client is 192.168.1.11, and the address of the data server is 192.168.2.11. When the client is detected to upload the file in the network flow, an index node1 is created, and the client ip address, the data server ip address, the file name and the file characteristic information are stored.
When the current 9 sub-data packets arrive at the data server for 9 times, respectively calculating md5 and updating the md5 value stored in the index node in real time, and assuming that the 9 th data packet arrives at the device, calculating the md5 value of the first 9 sub-data packets, wherein the calculated md5 value is 32cba0132c3d1e5b4f71526a70201207. And updating the file length information in the index node at the same time, and assuming that the length of each sub-data packet is 1k, the file length value stored in the node is 9k.
When the 10 th sub data packet arrives at the data server, the current sub data packet is found to have a FIN mark, the pre-detection of the data file is started, the lengths of the first 9 sub data packets and the length of the current final sub data packet are summed, the lengths of the first 9 sub data packets and the length of the virus file in the virus library are compared, and if the lengths are found to be consistent, the data file is suspected to be the virus file, and further virus detection is still needed.
Based on the md5 value 32cba0132c3d1e5b4f71526a70201207 of the first 9 sub-data packets, calculating the md5 value 6049301585d646772c2 aaa 19f5cb778 of the data file after transmission by combining the md5 value of the current final sub-data packet, matching the obtained md5 value with the md5 value of the virus file in the virus library, if the matching is successful, judging that the data file is the virus file, retransmitting the final sub-data packet by adopting a new data stream, and then pre-detecting and md5 detecting. And stopping transmitting the file until the number of times of adopting the new data stream reaches the limit number of times of the client so as to ensure that the client does not trigger a gateway alarm function.
The application provides a control method and a control system for breakpoint continuous transmission files based on an FTP (File transfer protocol), which are used for obtaining characteristic information by carrying out characteristic preprocessing on data files, and establishing index nodes to store the characteristic information so as to facilitate file pre-detection and data packet retransmission. The transmitted file length is compared with the virus file length in the virus library to preliminarily judge whether the data file is infected with viruses, and then the transmitted file md5 value is compared with the virus file md5 value in the virus library to further judge whether the data file is infected with viruses, so that the step of caching each uploaded file and then detecting the md5 value is avoided, the cache space is saved, and meanwhile, the virus detection is more efficient. And retransmitting the final sub-data packet of the virus file by adopting a new data stream, importing the final sub-data packet by calling the data file name in the index node, limiting the using times of the new data stream, and avoiding the problem of infinitely uploading the virus file in the breakpoint continuous transmission process.
The foregoing detailed description of the embodiments is merely illustrative of the general principles of the present application and should not be taken in any way as limiting the scope of the invention. Any other embodiments developed in accordance with the present application without inventive effort are within the scope of the present application for those skilled in the art.
Claims (5)
1. A control method for breakpoint continuous file based on FTP protocol is used in communication system where client uses FTP protocol and uses breakpoint continuous mode to interact data with server; the control method is characterized by comprising the following steps:
before the client performs data interaction with the server, performing feature preprocessing on the data file;
the virus detection equipment sets a timer to manage index nodes for storing the feature preprocessing information;
when the client side and the server perform data interaction, the virus detection equipment combines a virus library to enter the data file
Detecting row viruses; the virus detection step comprises the following steps: if the current sub-data packet contains a FIN mark, judging that the current sub-data packet is a final sub-data packet, and performing file length pre-detection and md5 detection on the uploaded file; if the current sub-data packet does not have the FIN mark, updating the md5 value of the uploaded part in the index node and the uploaded length of the uploaded file data; the step of pre-detecting the file length of the uploaded file comprises the following steps: summing the uploaded length of the uploaded file data in the index node and the data length of the final sub-data packet to obtain the total length of the data of the current uploaded file; comparing the total length of the data of the current uploading file with the length of the data of the virus files in the virus library, if the values are not equal, judging the current uploading file as a non-virus file, directly deleting the current index node, exiting the pre-detection flow, and storing the current uploading file; if the values are equal, judging that the current uploaded file is a suspected virus file, and continuing detecting the md5 value;
calculating the md5 value of the uploaded part of the file and the md5 value of the final sub-data packet to obtain the md5 value of the current uploaded file;
matching the md5 value of the current uploaded file with the md5 value of the virus file in the virus library;
if the matching is successful, deleting the current uploading file; if the matching is unsuccessful, the current uploading file is saved.
2. The method for controlling file transfer at break points based on FTP protocol as claimed in claim 1, wherein the step of performing feature preprocessing on the data file before the client performs data interaction with the server comprises:
creating an index node;
adding node members to the index node, the node members comprising: user ip, server ip, name of the uploaded file, md5 value of the uploaded part of the uploaded file, and uploaded file data length;
dividing a data packet of a file to be uploaded into a plurality of sub-data packets;
the client adds FIN tag to the final sub-packet.
3. The method for controlling file transfer at break points based on FTP protocol as claimed in claim 1, wherein the step of the virus detection device setting a timer to manage the index node for storing the feature preprocessing information comprises:
setting a node existence time threshold in a timer;
judging whether the node existence time exceeds the time threshold value;
and if the node existence time exceeds the time threshold, deleting the node.
4. The method for controlling file transfer at break points based on FTP according to claim 1, wherein,
the step of deleting or storing the data file according to the virus detection result of the data file comprises the following steps:
if the md5 value of the current uploading file is successfully matched with the md5 value of the virus file in the virus library, judging that the current uploading file is the virus file, and carrying out packet loss treatment on the final sub-data packet;
the final sub-data packet is associated by using a new data stream in combination with the names of the user ip, the server ip and the uploaded file;
uploading the final sub-data packet by using a new data stream, and detecting the md5 value again;
if the value of md5 is not detected yet, discarding the uploading of the final sub-packet;
if the md5 value of the current uploading file fails to match with the md5 value of the virus file in the virus library, judging that the current uploading file passes the virus detection, and storing and deleting the index node.
5. The utility model provides a control system of breakpoint continuous file based on FTP protocol which characterized in that includes: the device comprises a preprocessing module, a management module and an execution module;
the preprocessing module is used for carrying out characteristic preprocessing on the data file before the data interaction between the client and the server
And (3) managing;
the management module is used for controlling the virus detection equipment to set a timer to manage the index for storing the characteristic preprocessing information
A lead point;
the management module is used for controlling the virus detection equipment to combine when the client side and the server perform data interaction
The virus library carries out virus detection on the data file; the virus detection step comprises the following steps: if the current sub-data packet contains a FIN mark, judging that the current sub-data packet is a final sub-data packet, and performing file length pre-detection and md5 detection on the uploaded file; if the current sub-data packet does not have the FIN mark, updating the md5 value of the uploaded part in the index node and the uploaded length of the uploaded file data; the step of pre-detecting the file length of the uploaded file comprises the following steps: summing the uploaded length of the uploaded file data in the index node and the data length of the final sub-data packet to obtain the total length of the data of the current uploaded file; comparing the total length of the data of the current uploading file with the length of the data of the virus files in the virus library, if the values are not equal, judging the current uploading file as a non-virus file, directly deleting the current index node, exiting the pre-detection flow, and storing the current uploading file; if the values are equal, judging that the current uploaded file is a suspected virus file, and continuing detecting the md5 value;
the management module is also used for calculating the md5 value of the uploaded part of the file and the md5 value of the final sub-data packet to obtain the md5 value of the current uploaded file;
the management module is also used for matching the md5 value of the current uploaded file with the md5 value of the virus file in the virus library;
the execution module is used for deleting the current uploading file when the matching is successful;
the execution module is also used for storing the current uploading file when the module matching is unsuccessful.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111635356.9A CN114257456B (en) | 2021-12-29 | 2021-12-29 | Control method and system for breakpoint continuous file transfer based on FTP protocol |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111635356.9A CN114257456B (en) | 2021-12-29 | 2021-12-29 | Control method and system for breakpoint continuous file transfer based on FTP protocol |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN114257456A CN114257456A (en) | 2022-03-29 |
| CN114257456B true CN114257456B (en) | 2024-04-12 |
Family
ID=80795507
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202111635356.9A Active CN114257456B (en) | 2021-12-29 | 2021-12-29 | Control method and system for breakpoint continuous file transfer based on FTP protocol |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN114257456B (en) |
Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101626319A (en) * | 2009-08-03 | 2010-01-13 | 成都市华为赛门铁克科技有限公司 | Method, device and system for detecting gateway virus |
| CN102609326A (en) * | 2012-01-17 | 2012-07-25 | 大唐移动通信设备有限公司 | Data downloading processing method and data downloading processing device |
| CN109981629A (en) * | 2019-03-19 | 2019-07-05 | 杭州迪普科技股份有限公司 | Antivirus protection method, apparatus, equipment and storage medium |
| CN111259398A (en) * | 2020-02-25 | 2020-06-09 | 深信服科技股份有限公司 | Virus defense method, device, equipment and readable storage medium |
| CN112272212A (en) * | 2020-09-30 | 2021-01-26 | 新华三信息安全技术有限公司 | File transmission method and device |
| CN112580062A (en) * | 2019-09-27 | 2021-03-30 | 厦门网宿有限公司 | Data consistency checking method and data uploading and downloading device |
| CN113821796A (en) * | 2020-06-18 | 2021-12-21 | 深信服科技股份有限公司 | File virus checking and killing method and device, electronic equipment and storage medium |
Family Cites Families (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20210099432A1 (en) * | 2019-09-27 | 2021-04-01 | Xiamen Wangsu Co., Ltd. | Data consistency verification method, and data uploading and downloading device |
-
2021
- 2021-12-29 CN CN202111635356.9A patent/CN114257456B/en active Active
Patent Citations (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101626319A (en) * | 2009-08-03 | 2010-01-13 | 成都市华为赛门铁克科技有限公司 | Method, device and system for detecting gateway virus |
| CN102609326A (en) * | 2012-01-17 | 2012-07-25 | 大唐移动通信设备有限公司 | Data downloading processing method and data downloading processing device |
| CN109981629A (en) * | 2019-03-19 | 2019-07-05 | 杭州迪普科技股份有限公司 | Antivirus protection method, apparatus, equipment and storage medium |
| CN112580062A (en) * | 2019-09-27 | 2021-03-30 | 厦门网宿有限公司 | Data consistency checking method and data uploading and downloading device |
| WO2021056865A1 (en) * | 2019-09-27 | 2021-04-01 | 厦门网宿有限公司 | Data consistency checking method and data uploading/downloading apparatus |
| CN111259398A (en) * | 2020-02-25 | 2020-06-09 | 深信服科技股份有限公司 | Virus defense method, device, equipment and readable storage medium |
| CN113821796A (en) * | 2020-06-18 | 2021-12-21 | 深信服科技股份有限公司 | File virus checking and killing method and device, electronic equipment and storage medium |
| CN112272212A (en) * | 2020-09-30 | 2021-01-26 | 新华三信息安全技术有限公司 | File transmission method and device |
Non-Patent Citations (2)
| Title |
|---|
| 安全私有云有效应对勒索病毒的原理分析;蒋凡;魏弋翔;庄严;张静波;;信息网络安全;20170810(第08期);全文 * |
| 自动下载SEPM病毒定义文件;崔志云;;电脑编程技巧与维护;20180318(第03期);全文 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN114257456A (en) | 2022-03-29 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN1968074B (en) | Network flow/stream simulation method | |
| CN106815112B (en) | Massive data monitoring system and method based on deep packet inspection | |
| US8856884B2 (en) | Method, apparatus, signals, and medium for managing transfer of data in a data network | |
| US20200084141A1 (en) | Methods and systems for network security universal control point | |
| KR101715080B1 (en) | Node apparatus and method that prevent overflow of pending Interest table in network system of name base | |
| CN113055127B (en) | Data message duplicate removal and transmission method, electronic equipment and storage medium | |
| CN110166480B (en) | Data packet analysis method and device | |
| CN103179132A (en) | Method and device for detecting and defending CC (challenge collapsar) | |
| CN110708250A (en) | Method for improving data forwarding performance, electronic equipment and storage medium | |
| KR20110089179A (en) | Network intrusion protection | |
| WO2014094441A1 (en) | Virus detection method and device | |
| CN109922072B (en) | Distributed denial of service attack detection method and device | |
| US20180343182A1 (en) | Network traffic capture analysis | |
| CN108810008B (en) | Transmission control protocol flow filtering method, device, server and storage medium | |
| CN103457803B (en) | Device and method for recognizing P2P flow | |
| CN109981629A (en) | Antivirus protection method, apparatus, equipment and storage medium | |
| US10680922B2 (en) | Communication control apparatus and communication control method | |
| CN111756713B (en) | Network attack identification method and device, computer equipment and medium | |
| CN114257456B (en) | Control method and system for breakpoint continuous file transfer based on FTP protocol | |
| CN114338120A (en) | Segment scanning attack detection method, device, medium and electronic equipment | |
| CN115022069B (en) | IP fragment message recombination method and device for network attack detection | |
| WO2021084439A1 (en) | System and method for identifying exchanges of encrypted communication traffic | |
| JP2007537617A (en) | How to speed up execution file transit time via checkpoint | |
| JP3892322B2 (en) | Unauthorized access route analysis system and unauthorized access route analysis method | |
| CN112491871B (en) | TCP reorganization method, TCP reorganization device, electronic equipment and storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |