CN102315979A - Method and device for monitoring network flow - Google Patents
Method and device for monitoring network flow Download PDFInfo
- Publication number
- CN102315979A CN102315979A CN2010102190267A CN201010219026A CN102315979A CN 102315979 A CN102315979 A CN 102315979A CN 2010102190267 A CN2010102190267 A CN 2010102190267A CN 201010219026 A CN201010219026 A CN 201010219026A CN 102315979 A CN102315979 A CN 102315979A
- Authority
- CN
- China
- Prior art keywords
- network address
- binary tree
- node
- network
- flow
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Landscapes
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention discloses a method and a device for monitoring a network flow. The sequencing efficiency of first N websites with maximum flows is improved greatly. According to the technical scheme of the method and the device, a binary tree is constructed; in a process of constructing the binary tree each round, a top node of the whole binary tree is a maximum value which is searched currently; and after N rounds of circulation, the first N websites with the maximum flows sequenced from a big one to a small one can be found out.
Description
Technical field
The present invention relates to the monitoring method of network traffics, relate in particular to the monitoring method that the network traffics to network address sort.
Background technology
Packet header sampling is one of main traffic monitoring technology of IP backbone, and this technology is a kind of workable, technology that cost performance is good.IETF has released the IPFIX standard to this application specific; But because the flow collection data volume is generally all very big; The ageing requirement that adds network flow monitoring is than higher; So the performance issue that adopts software to realize is more outstanding, the TOP N of the buffer memory that is mainly reflected in image data during this two aspects that sort with fast access, initial data statistical analysis.
In the IP network flow monitoring, need to understand the traffic statistics situation of each dimensions such as internet, applications, purpose website, source IP address, procotol usually.Give an example, which IP address (source IP address) we need understand flow distribution in network from, which IP address of whereabouts (purpose IP address), the flow distribution situation and the ranking of each source IP address or purpose IP address.But the quantity maximum of IP address can reach 2
32Individual, be unpractical so the flow rank is carried out in all IP addresses, and in most of the cases; We only need to understand to the maximum a collection of IP address of web influence; Be the earlier IP address of network traffics rank, our usually said TOP N rank that Here it is is promptly carried out rank to the network traffics of preceding N position; The N value usually between 10~100, the big again or littler practical application meaning that all lost.
In computerized algorithm, traditional all kinds of sort algorithms also can satisfy this demand in theory, but exist very big performance deficiency in actual use, and main cause is that traditional sort algorithm is full sort algorithm.Traditional sort algorithm means and will the flow that the extremely huge IP address of quantity in the network produces be sorted one by one; And we pay close attention in fact only is the IP address of N position before the wherein very little flow rank; Sorting for the mass data after the N position there is no need in fact, and the result who brings is quality time of labor in vain.
Summary of the invention
The objective of the invention is to address the above problem, a kind of network traffics monitoring method is provided, significantly improve ordering efficient the network address of top n maximum stream flow.
Another object of the present invention has provided a kind of network traffics monitoring device.
Technical scheme of the present invention is: the present invention has disclosed a kind of network traffics monitoring method, in network, searches the maximum network address of top n flow and this N network address is sorted according to the flow size, and wherein N is a natural number, and this monitoring method comprises:
N network address numbered: D1, D2 ..., Dn, wherein n is natural number and n>N;
With the input of this n network address D1~Dn as the structure binary tree; Wherein per two two node as the binary tree subtree; Left child node and right child node are compared; The big person of numerical value is as the father node of this binary tree subtree, if certain subtree has only a node, then with this child node directly as the father node of this subtree;
With the new input of all father nodes that produce in the last step as the structure binary tree, building method is identical with a last step, repeats this step up to the top node that produces whole binary tree, and this top node is the maximum network address of flow in this n network address;
The node of peaked network address once before the deletion from whole binary tree; The position of once peaked network address node begins in the past; Arrive the top node of whole binary tree from bottom to top according to the production method in the last step; After repeating this step N-1 time, the top node of N the binary tree that produces in regular turn is the top n network address of arranging from big to small based on flow in this n network address.
According to an embodiment of network traffics monitoring method of the present invention, in the 2nd step, this n network address is in regular turn as the child node of binary tree, and the network address of odd-numbered is the left child node of binary tree, and the network address of even-numbered is the right child node of binary tree.
According to an embodiment of network traffics monitoring method of the present invention, the span of N is between 10~100.
According to an embodiment of network traffics monitoring method of the present invention, this n network address is n the network address that in the network traffics observation process, receives at first.
The present invention has also disclosed a kind of network traffics monitoring device, in network, searches the maximum network address of top n flow and this N network address is sorted according to the flow size, and wherein N is a natural number, and this monitoring device comprises:
The numbering module, n network address numbered: D1, D2 ..., Dn, wherein n is natural number and n>N;
The binary tree initialization module; With the input of this n network address D1~Dn as the initialization binary tree; Wherein per two network address compare left child node and right child node as two node of binary tree subtree, and the big person of numerical value is as the father node of this binary tree subtree; If certain subtree has only a node, then with this child node directly as the father node of this subtree;
The maximum network address generation module of flow; All father nodes that this binary tree initialization module is produced are as the new input of structure binary tree; Building method is identical with this binary tree initialization module; Repeat this building method up to the top node that produces whole binary tree, this top node is the maximum network address of flow in this n network address;
The maximum network address generation module of present flow rate; The node of peaked network address once before the deletion from whole binary tree; The position of once peaked network address node begins in the past; Arrive the top node of whole binary tree from bottom to top according to the production method in the maximum network address generation module of this flow, repeats N-1 time after, together with this flow maximum network address generation module in regular turn the top node of N binary tree of generation be the top n network address of arranging from big to small based on flow in this n network address.
Embodiment according to network traffics monitoring device of the present invention; In this binary tree initialization module; This n network address is in regular turn as the child node of binary tree, and the network address of odd-numbered is the left child node of binary tree, and the network address of even-numbered is the right child node of binary tree.
According to an embodiment of network traffics monitoring device of the present invention, the span of N is between 10~100.
According to an embodiment of network traffics monitoring device of the present invention, this n network address is n the network address that in the network traffics observation process, receives at first.
The present invention contrasts prior art has following beneficial effect: the present invention constructs binary tree; In the process of each wheel construction binary tree; The top node of whole binary tree is exactly the maximum that current search arrives, through just finding the maximum network address of top n flow of arranging from big to small after the circulation of N wheel.The contrast prior art, operational efficiency of the present invention is higher.
Description of drawings
Fig. 1 is the flow chart of an embodiment of network traffics monitoring method of the present invention.
Fig. 2~Fig. 5 is the sketch map of structure binary tree of the present invention.
Fig. 6 is the schematic diagram of an embodiment of network traffics monitoring device of the present invention.
Embodiment
Below in conjunction with accompanying drawing and embodiment the present invention is done further description.
The embodiment of network traffics monitoring method
Fig. 1 shows the flow process of the embodiment of network traffics monitoring method of the present invention.Please participate in Fig. 1, be the detailed description of each step of the network traffics monitoring method of present embodiment below.
Step S10: the network address to needs monitoring flow is numbered, and constitutes a unordered ordered series of numbers.
The network address of the needs monitoring flow here for example is n the network address that receives at first in the observation process; For example; In 5 minutes of network flow monitoring, receive from n IP address (IP1, IP2, IP3 ..., IPn), their flow be respectively D1, D2, D3 ..., Dn.We need therefrom choose N maximum IP address of flow, and sort facing to this N address from big to small according to flow.Obviously, n and N are natural number and n>N, and the span of N is between 10~100 usually, and for example getting the n value is 20, and the N value is 10.Wherein D1, D2, D3 ..., Dn constitutes a unordered ordered series of numbers.
Step S12: unordered ordered series of numbers is carried out the binary tree initialization.
The initialized concrete steps of binary tree are following:
See also Fig. 2: (a) with D1, D2 ..., adjacent two items of Dn are as two node of binary tree subtree, wherein are designated as the conduct left side child node of odd number down, the right child node of the conduct of even numbers.(b) left child node and right child node are compared, the big person of numerical value is as the father node of this subtree, if certain sub-tree has only a node, then this child node is directly as father node.(c) with all father nodes that produce in the step (b) as a new unordered ordered series of numbers, repeat (a) and (b) two steps, up to the top node of the whole binary tree of generation.In the example of Fig. 2, for example be D5.After the binary tree initialization is accomplished, also just obtained first maximum D5 (this numerical value also is the maximum in all IP flow sequences).
Step S14: the maximum that once obtains before from unordered ordered series of numbers, removing.
In fact, step S12 is the selection of the first round, and the election of the first round has obtained first maximum D5, also is the maximum in all IP flow sequences.
In this example, see also Fig. 3, because D5 has been selected, so D5 is removed from the binary tree of the bottom, this moment, D6 became unique node of this subtree.
Step S16: begin from last maximum position, bottom-up election is up to arriving top node.Get back to step S14 then, owing to also need draw N-1 value, so the election round of step S14~S16 has N-1 time.
With the above-mentioned example that is exemplified as, D6 has become unique node of this subtree, directly with D6 as father node, as shown in Figure 4.In the 2nd layer reciprocal, D6 and D8 are a pair of node of subtree, so D6 and D8 are compared, suppose D8 greater than D6, and then D8 gets into next round relatively as father node, up to top node.In this election process, relatively the path is shown in the dotted line among Fig. 5.Fig. 5 shows the epicycle election and has obtained current maximum D8.
So repeat this election process, after the election of N-1 wheel, obtained N-1 maximum, first maximum when adding initialization step S12 can obtain TOP N ordered sequence.
According to the election sequence arrangement, the subscript according to correspondence finds IP address entry then with this N numerical value, is exactly the IP address of preceding N position and the flow list of these IP addresses.
The embodiment of network traffics monitoring device
Fig. 6 shows the embodiment of network traffics monitoring device of the present invention.See also Fig. 6, the network traffics monitoring device 1 of present embodiment comprises: numbering module 10, binary tree initialization module 12, the maximum network address generation module 14 of flow and the maximum network address generation module 16 of present flow rate.Connect in regular turn between these modules.
In numbering module 10, n network address numbered: D1, D2 ..., Dn, wherein n is natural number and n>N, embodiment is the same with method, N generally gets between 10~100.Wherein this n network address is n the network address that in the network traffics observation process, receives at first.
In binary tree initialization module 12, with the input of this n network address D1~Dn as the initialization binary tree, i.e. the child node of binary tree, the conduct of odd number left side child node wherein, the right child node of the conduct of even numbers.With left child node and right child node relatively, the big person of numerical value is as the father node of binary tree subtree, if certain subtree has only a node, then with it directly as the father node of corresponding subtree.
In the maximum network address generation module 14 of flow; All father nodes that binary tree initialization module 12 is produced are as the new input of structure binary tree; Building method is identical with binary tree initialization module 12; Repeat this building method up to the top node that produces whole binary tree, this top node is exactly the maximum network address of flow in n the network address.
In the maximum network address generation module 16 of present flow rate; The node of peaked network address once before the deletion from whole binary tree; The position of once peaked network address node begins in the past; Arrive the top node of whole binary tree from bottom to top according to the production method in the maximum network address generation module 14 of flow, the top node of this moment is exactly the maximum network address of present flow rate.After this mode repeated N-1 time, the maximum network address of flow in n the network address that the result who obtains is each time produced together with the maximum network address generation module 14 of flow was according to the top n network address of arranging from big to small based on flow in n the network address of order formation that produces.
The basis of network traffics monitoring method of the present invention is based on the TOP N ordering of heapsort, and its efficient than the conventional stack ordering is high, specifies as follows:
The time complexity of conventional stack ordering:
As everyone knows, the time complexity of heapsort is O (nlog
2N), that is to say the same nlog of time that n ordered series of numbers ordering consumes
2N is directly proportional.
The time complexity on basis of the present invention " based on the TOP N ordering of heapsort ":
For n sequence, the degree of depth of tree is log
2N+1, the number of comparisons of the needs of the initial tree of structure is
Construct initial tree, also just obtained first maximum.Up to N maximum, obtaining each peaked number of comparisons is log from second maximum
2N, so total number of comparisons is:
It is thus clear that, be O (n) based on the time complexity of the TOP N of heapsort ordering, promptly, obviously be superior to heapsort with being directly proportional by order item n.
The foregoing description provides to those of ordinary skills and realizes or use of the present invention; Those of ordinary skills can be under the situation that does not break away from invention thought of the present invention; The foregoing description is made various modifications or variation; Thereby protection scope of the present invention do not limit by the foregoing description, and should be the maximum magnitude that meets the inventive features that claims mention.
Claims (8)
1. network traffics monitoring method is searched the maximum network address of top n flow and this N network address is sorted according to the flow size in network, wherein N is a natural number, and this monitoring method comprises:
N network address numbered: D1, D2 ..., Dn, wherein n is natural number and n>N;
With the input of this n network address D1~Dn as the structure binary tree; Wherein per two two node as the binary tree subtree; Left child node and right child node are compared; The big person of numerical value is as the father node of this binary tree subtree, if certain subtree has only a node, then with this child node directly as the father node of this subtree;
With the new input of all father nodes that produce in the last step as the structure binary tree, building method is identical with a last step, repeats this step up to the top node that produces whole binary tree, and this top node is the maximum network address of flow in this n network address;
The node of peaked network address once before the deletion from whole binary tree; The position of once peaked network address node begins in the past; Arrive the top node of whole binary tree from bottom to top according to the production method in the last step; After repeating this step N-1 time, the top node of N the binary tree that produces in regular turn is the top n network address of arranging from big to small based on flow in this n network address.
2. network traffics monitoring method according to claim 1; It is characterized in that in the 2nd step, this n network address is in regular turn as the child node of binary tree; And the network address of odd-numbered is the left child node of binary tree, and the network address of even-numbered is the right child node of binary tree.
3. network traffics monitoring method according to claim 1 is characterized in that the span of N is between 10~100.
4. network traffics monitoring method according to claim 1 is characterized in that, this n network address is n the network address that in the network traffics observation process, receives at first.
5. network traffics monitoring device is searched the maximum network address of top n flow and this N network address is sorted according to the flow size in network, wherein N is a natural number, and this monitoring device comprises:
The numbering module, n network address numbered: D1, D2 ..., Dn, wherein n is natural number and n>N;
The binary tree initialization module; With the input of this n network address D1~Dn as the initialization binary tree; Wherein per two network address compare left child node and right child node as two node of binary tree subtree, and the big person of numerical value is as the father node of this binary tree subtree; If certain subtree has only a node, then with this child node directly as the father node of this subtree;
The maximum network address generation module of flow; All father nodes that this binary tree initialization module is produced are as the new input of structure binary tree; Building method is identical with this binary tree initialization module; Repeat this building method up to the top node that produces whole binary tree, this top node is the maximum network address of flow in this n network address;
The maximum network address generation module of present flow rate; The node of peaked network address once before the deletion from whole binary tree; The position of once peaked network address node begins in the past; Arrive the top node of whole binary tree from bottom to top according to the production method in the maximum network address generation module of this flow, repeats N-1 time after, together with this flow maximum network address generation module in regular turn the top node of N binary tree of generation be the top n network address of arranging from big to small based on flow in this n network address.
6. network traffics monitoring device according to claim 5; It is characterized in that in this binary tree initialization module, this n network address is in regular turn as the child node of binary tree; And the network address of odd-numbered is the left child node of binary tree, and the network address of even-numbered is the right child node of binary tree.
7. network traffics monitoring device according to claim 5 is characterized in that the span of N is between 10~100.
8. network traffics monitoring device according to claim 5 is characterized in that, this n network address is n the network address that in the network traffics observation process, receives at first.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2010102190267A CN102315979A (en) | 2010-07-05 | 2010-07-05 | Method and device for monitoring network flow |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2010102190267A CN102315979A (en) | 2010-07-05 | 2010-07-05 | Method and device for monitoring network flow |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN102315979A true CN102315979A (en) | 2012-01-11 |
Family
ID=45428816
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN2010102190267A Pending CN102315979A (en) | 2010-07-05 | 2010-07-05 | Method and device for monitoring network flow |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN102315979A (en) |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104270384A (en) * | 2014-10-20 | 2015-01-07 | 山石网科通信技术有限公司 | Fire wall policy redundancy detection method and device |
| CN105187279A (en) * | 2015-09-28 | 2015-12-23 | 广东睿江科技有限公司 | Traffic statistical and real-time ranking method |
| CN109815232A (en) * | 2018-12-27 | 2019-05-28 | 厦门市美亚柏科信息股份有限公司 | A kind of method and system of retrieval, the data processing of the data rank using binary search tree |
Citations (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101505244A (en) * | 2009-03-27 | 2009-08-12 | 北京星网锐捷网络技术有限公司 | Bandwidth measurement method and apparatus |
-
2010
- 2010-07-05 CN CN2010102190267A patent/CN102315979A/en active Pending
Patent Citations (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101505244A (en) * | 2009-03-27 | 2009-08-12 | 北京星网锐捷网络技术有限公司 | Bandwidth measurement method and apparatus |
Non-Patent Citations (2)
| Title |
|---|
| 王华: "软件实现Netflow流量处理的关键技术和算法", 《计算机工程》 * |
| 秦亮曦,史忠植: "基于冰山查询的网络流量关联规则挖掘", 《计算机工程》 * |
Cited By (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104270384A (en) * | 2014-10-20 | 2015-01-07 | 山石网科通信技术有限公司 | Fire wall policy redundancy detection method and device |
| CN104270384B (en) * | 2014-10-20 | 2017-10-03 | 山石网科通信技术有限公司 | Firewall policy redundant detecting method and device |
| CN105187279A (en) * | 2015-09-28 | 2015-12-23 | 广东睿江科技有限公司 | Traffic statistical and real-time ranking method |
| CN105187279B (en) * | 2015-09-28 | 2019-01-15 | 广东睿江云计算股份有限公司 | A kind of method of traffic statistics and real-time ranking |
| CN109815232A (en) * | 2018-12-27 | 2019-05-28 | 厦门市美亚柏科信息股份有限公司 | A kind of method and system of retrieval, the data processing of the data rank using binary search tree |
| CN109815232B (en) * | 2018-12-27 | 2022-03-18 | 厦门市美亚柏科信息股份有限公司 | Method and system for retrieving and processing data ranking by using binary search tree |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| Sen et al. | Small-world properties of the Indian railway network | |
| Kleinberg et al. | Short paths in expander graphs | |
| Schuetz et al. | Efficient modularity optimization by multistep greedy algorithm and vertex mover refinement | |
| Peleg et al. | The token distribution problem | |
| CN103379158B (en) | The method and system of commending friends information in a kind of social networks | |
| Huang et al. | Sampling based algorithms for quantile computation in sensor networks | |
| CN104579974A (en) | Hash Bloom filter (HBF) for name lookup in NDN and data forwarding method | |
| Sun et al. | Multiple constraints QoS multicast routing optimization algorithm in MANET based on GA | |
| CN107948060A (en) | A kind of new routing table is established and IP method for searching route and device | |
| Chittoor et al. | Coded caching via projective geometry: A new low subpacketization scheme | |
| CN102315979A (en) | Method and device for monitoring network flow | |
| CN104572757A (en) | Microblog group processing method and device | |
| US9485179B2 (en) | Apparatus and method for scalable and flexible table search in a network switch | |
| CN105119834A (en) | Source address and destination address combined searching method based on composite trie tree structure | |
| Mardini et al. | Genetic algorithm for friendship selection in social IoT | |
| Carmi et al. | Searching complex networks efficiently with minimal information | |
| CN109753797A (en) | For the intensive subgraph detection method and system of streaming figure | |
| CN111708981A (en) | Graph triangle counting method based on bit operation | |
| CN101540061B (en) | Topological and ordering matching method for disordered images based on simulated annealing | |
| Song et al. | The correlation study for parameters in four tuples | |
| CN107016080A (en) | A kind of high-efficiency network packet classification method | |
| CN104125146B (en) | A kind of method for processing business and device | |
| CN101515900B (en) | Binary IP route searching method based on prefix cover grade | |
| Yang et al. | Cost-effective user monitoring for popularity prediction of online user-generated content | |
| Malpani et al. | A note on practical construction of maximum bandwidth paths |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C02 | Deemed withdrawal of patent application after publication (patent law 2001) | ||
| WD01 | Invention patent application deemed withdrawn after publication |
Application publication date: 20120111 |