Research On System Fingerprint Recognition Based On DPDK Platform

The rapid development of Internet technology makes the status of network security more and more important.However,due to the insecurity of the network itself,as well as the defects existing in the network,such as the possible vulnerabilities in the application layer protocol,software,operating system and equipment,it provides the opportunity for intruders to attack the network.Therefore,it has become an important research content in the field of network security to timely discover the potential security risks in the network,repair security loopholes and maximize the security of the network.It is a common method to scan the network to find possible vulnerabilities.The existing network scanning tools can be divided into active scanning and passive scanning.Active scanning tools such as ZMap,NMap,etc.,have powerful functions,but are easily shielded by the target network as an attack.Passive scanning tools,such as P0 F and Xprobe,can only scan the operating system,which is difficult to meet the current demand of network scanning.In view of the above shortcomings,this paper proposes a system fingerprint recognition based on DPDK platform by integrating four levels of scanning(service,operating system,software and equipment)and taking the passive scanning method as the starting point.This paper mainly includes the following contents:(1)Aiming at the single problem of fingerprint contained in the existing fingerprint identification tools,a fingerprint collection and update method is proposed.Fingerprint Collection the required fingerprint information,including service fingerprint,operating system fingerprint and service-based software and device fingerprint,is collected from third-party fingerprint identification tools to construct a variety of detailed fingerprint databases to meet the needs of multi-level network scanning.The fingerprint update method is responsible for completing the fingerprint update in the local fingerprint database according to the fingerprint changes in the third-party fingerprint recognition tool.(2)For fingerprints obtained in the fingerprint collection process,there may be the same type of fingerprints from different fingerprint identification tools.To ensure the uniqueness of fingerprint,a fingerprint fusion method is proposed..In this method,only one fingerprint is preserved or several fingerprints are combined into one fingerprint.According to different needs,two different fingerprint fusion strategies,precision fingerprint fusion and width fingerprint fusion,are proposed.Accuracy fingerprint fusion identification of higher accuracy data flow,the identification results of high accuracy but there is the omission of identification;Breadth fingerprint fusion identifies as much data stream as possible,but there is error identification.In addition,due to the different ways of fingerprint expression in different fingerprint tools,this paper proposes a fingerprint translation method,and uses Yara format to unify the fingerprint format.(3)The traditional packet processing method cannot meet the requirements of largescale traffic processing.In this paper,DPDK is introduced to monitor and forward packets to improve the performance of packet processing.Based on the above proposed method,the experimental verification of the fingerprint identification system is realized.The correctness of the fingerprint and the performance of the fingerprint identification system are respectively verified by measuring different data streams.The measurement results show the correctness of the fingerprint in the fingerprint database,and the performance of the data packet processing is also better.The system shows the identification results of various services,operating systems,software and equipment,and has strong practicability.