CN106789728A - A kind of voip traffic real-time identification method based on NetFPGA - Google Patents

A kind of voip traffic real-time identification method based on NetFPGA Download PDF

Info

Publication number
CN106789728A
CN106789728A CN201710055949.5A CN201710055949A CN106789728A CN 106789728 A CN106789728 A CN 106789728A CN 201710055949 A CN201710055949 A CN 201710055949A CN 106789728 A CN106789728 A CN 106789728A
Authority
CN
China
Prior art keywords
voip
netfpga
stream
udp
data
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201710055949.5A
Other languages
Chinese (zh)
Inventor
杨婉霞
唐善玉
吴方照
冯全
王咏梅
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Gansu Agricultural University
Original Assignee
Gansu Agricultural University
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Gansu Agricultural University filed Critical Gansu Agricultural University
Priority to CN201710055949.5A priority Critical patent/CN106789728A/en
Publication of CN106789728A publication Critical patent/CN106789728A/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L47/00Traffic control in data switching networks
    • H04L47/10Flow control; Congestion control
    • H04L47/24Traffic characterised by specific attributes, e.g. priority or QoS
    • H04L47/2483Traffic characterised by specific attributes, e.g. priority or QoS involving identification of individual flows
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L43/00Arrangements for monitoring or testing data switching networks
    • H04L43/08Monitoring or testing based on specific metrics, e.g. QoS, energy consumption or environmental parameters
    • H04L43/0876Network utilisation, e.g. volume of load or congestion level
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L47/00Traffic control in data switching networks
    • H04L47/50Queue scheduling
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L69/00Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
    • H04L69/22Parsing or analysis of headers

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • Environmental & Geological Engineering (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The invention discloses a kind of voip traffic real-time identification method based on NetFPGA, method includes:Hardware/Software Collaborative Design based on NetFPGA, builds the network interface card model of NetFPGA first, on this basis the hardware design module of extension NetFPGA, such as voip traffic trapping module, makes it have the function of serving voip traffic capture identification;Software section, by software and hardware combining, realizes the real-time capture to VoIP communication streams based on network data Packet capturing function library libpcap, and quick identification reappears and caches.

Description

A kind of voip traffic real-time identification method based on NetFPGA
Technical field
The present invention relates to network security and traffic management field, in particular it relates to a kind of voip traffic based on NetFPGA Real-time identification method.
Background technology
VoIP, using flexible, it is easy to the features such as extending, since appearance, has been quickly grown due to low cost.Current its stream Amount turned into a part that be can not ignore in internet traffic, and its flow is increased rapidly so that traditional Model of network traffic is received To influence, new challenge is brought to network management and monitoring.Making analysis, monitoring and the management of network traffics becomes more complicated And difficulty.Its flow is accurately identified, an of great value research topic is had become.
Secondly, accurately identifying for any Network all will be for intrusion detection provides facility.Will be substantial amounts of in network Legitimate traffic accurately identifies, contributes to intrusion detection to formulate more reliable legitimate traffic rule set.
Finally, the VoIP flow media presence environment safer for Information hiding is provided, the instantaneity of Streaming Media is caused Attacker is difficult to the presence for having sufficient time to detect covert communications during Streaming Media instantaneous transmission.
So the identification of VoIP voice flows has a very strong realistic meaning, and traditional method for recognizing flux accuracy, Real-time and versatility aspect are increasingly difficult to reach requirement.Currently VoIP voice flows are made accurately, reliable identification is one It is individual it is rich challenge and problem demanding prompt solution.In traditional flow identification technology, packet extraction rate is always subjected to PCI biographies The limitation of defeated speed, the phenomenon of packet loss happens occasionally.The acquisition modes for being primarily due to this packet be by LibPcap or Packet in person WinPcap extracts function and realizes, so to realize that quick network traffics identification classification is not only software The problem of technology is also related to hardware technology.
The content of the invention
It is an object of the present invention to regarding to the issue above, propose a kind of voip traffic Real time identification side based on NetFPGA Method, to solve the technical problem of prior art presence.
To achieve the above object, the technical solution adopted by the present invention is:A kind of voip traffic based on NetFPGA is known in real time Other method, mainly includes:
Step 1:Configuration Net FPGA, are then configured to network interface card model by Net FPGA, based on the framework of the network interface card model, extension VoIP flow trapping module, quick and precisely identification module and stream reappear and cache module, and user data passes through DMA data transfer control Device processed and PCI control functions module carry out data exchange with subscriber's main station;
Step 2:Using the packet capture BPF of Libpcap, the capture of VoIP is realized;
Step 3:Using bag rule of similarity and with reference to DFI technologies, the quick and precisely identification of VoIP flow is realized;
Step 4:Reproduction and the caching of VoIP data table are realized using Hash modes, Net FPGA hardware speeds are adapted to.
Further, in step 1, configuration Net FPGA include installing Cent OS operating systems, configuration driven program, peace Holding tool software.
Further, step 2 is specifically included, and after packet reaches the network adapter of hardware layer, is driven by changing network interface card It is dynamic, make trawl performance and kernel shared buffer, reduce the copy number of times to internal storage data;Then the network in Libpcap divides Stream device will distribute to filter after data copy, filter is matched according to the filtering rule that user sets to message, if Buffering area is then put into success, the message is otherwise abandoned, finally consigns to the application program of User space to be further analysed.
Further, step 3 is specifically included, the UDP flow that network probe is captured, according to UDP and Real-time Transport Protocol rule Match somebody with somebody, and judged according to its Run length property, be i.e. the several RTP bags of Continuous Observation, identify RTP packet stream amounts;With reference to high speed DFI skills Art, that is, combine the length of bag, and up-downgoing traffic characteristic, bag time interval feature quickly confirms rtp streaming.
Further, step 4 is specifically included, and will set up hash index by five-tuple by the VoIP flow for confirming, that is, distribute One stream ID, is put into the static Hashing table based on generation, is that each stream sets up one with the key assignments of its Hash table of stream ID correspondence Unique list item, when each list item contains traffic identifier, next list item pointer, state, data packet count, flow queue pointer and activity Between, traffic identifier is used to indicate a unique stream that next list item pointer to point to next stream of same key assignments using five-tuple List item, each stream distribution one is formed a team row caching and data packet count, and the activity time is used to identify the stream last packet The time of arrival, if certain does not have new data to reach after flowing certain timeout time, then it is assumed that the stream has terminated, so as to release Put the list item.
Further, the five-tuple includes source IP address, purpose IP address, source port, destination interface and agreement.
Further, it is described according to UDP and Real-time Transport Protocol rule match, including according to UDP port number, the length of UDP bags Domain, the Version rule match of RTP bags;
The UDP port number is used to indicate the port for two-way communication;
The length field of the UDP bags, is total length of the load data plus UDP packet header domain, and UDP packet header length is 8 bytes, RTP Fixed packet length is 12 bytes, and the contribution source identifier of RTP bags, length is 4 bytes, and the UDP packet lengths thresholding is more than CC*4+ 12+8;
The Version domains of the RTP bags, the version for indicating current RTP agreement, this thresholding is 2;
Further, the length according to bag, up-downgoing traffic characteristic, bag time interval feature quickly confirms rtp streaming, specifically Whether it is identical according to the size of VoIP data bag, whether the up-downgoing assignment of traffic gap of VoIP is very big, and bag time interval is The interval of no relative other network applications is relative small.
A kind of voip traffic real-time identification method based on NetFPGA of various embodiments of the present invention, including:It is based on The Hardware/Software Collaborative Design of NetFPGA, builds the network interface card model of NetFPGA first, and the hardware of NetFPGA is extended on this basis Design, makes it have the function of serving network traffics capture identification;Software section is with network data Packet capturing function library Based on libpcap, by software and hardware combining, the real-time capture to VoIP communication streams is realized, quick identification reappears and caches.
Other features and advantages of the present invention will be illustrated in the following description, also, the partly change from specification Obtain it is clear that or being understood by implementing the present invention.
Below by drawings and Examples, technical scheme is described in further detail.
Brief description of the drawings
Accompanying drawing is used for providing a further understanding of the present invention, and constitutes a part for specification, with reality of the invention Applying example is used to explain the present invention together, is not construed as limiting the invention.In the accompanying drawings:
Fig. 1 is the system hardware expander graphs of the voip traffic real-time identification method based on NetFPGA described in the embodiment of the present invention;
Fig. 2 is the traffic capture structure chart of the voip traffic real-time identification method based on NetFPGA described in the embodiment of the present invention;
Fig. 3 is that the network of the voip traffic real-time identification method based on NetFPGA described in the embodiment of the present invention cuts bag flow chart;
Fig. 4 is that the VoIP flow of the voip traffic real-time identification method based on NetFPGA described in inventive embodiments is quick and precisely known Other flow chart.
Specific embodiment
The preferred embodiments of the present invention are illustrated below in conjunction with accompanying drawing, it will be appreciated that preferred reality described herein Apply example to be merely to illustrate and explain the present invention, be not intended to limit the present invention.
Specifically, a kind of voip traffic real-time identification method based on NetFPGA, it is with reference to accompanying drawing 1- accompanying drawings 4 including following Step:
S1:Net FPGA are configured first, that is, Cent OS operating systems, configuration driven program, installation tool software are installed.Its It is secondary that NetFPGA is configured to network interface card model, based on this framework, VoIP flow trapping module is extended, quick and precisely identification module, stream weight Now and cache module, user data is exchanged by DMA data transfer controller and PCI control function modules with main frame.Its system Hardware expanding is as shown in Figure 1.
S2:VoIP flow capture is realized:Using the packet capture BPF technologies of Libpcap, its system architecture is as shown in Figure 2. After packet reaches the network adapter of hardware layer, by changing trawl performance, make trawl performance and kernel shared buffer, drop The low copy number of times to internal storage data.Then the network shunt device in Libpcap will distribute to filter, mistake after data copy Filter is matched according to the filtering rule that user sets to message, and buffering area is put into if the match is successful, otherwise abandons the report Text, finally consigns to the application program of User space to be further analysed.
Further:The network card adapter to be monitored is first turned on, and is checked Link State and is obtained netmask, its stream Journey is as shown in Figure 3.Then configuration Kernel Filtering device is " ip and udp ", so that, only submit UDP message bag to.Because VoIP flow Mainly it is encapsulated in the UDP message sections of RTP packets.Then, filter is implanted kernel, directly logical with network interface Letter, it is not necessary to packet is parsed by client layer, so as to efficiently filter out other unrelated packets.Kernel passes through a series of times Letter of transfer number provides I/O operation for client layer, by this call-back manner, application layer program just can access UDP bags it is whole with Too frame, performs the functions such as Packet analyzing, filtering, classification and caching.
S3:The quick and precisely identification of VoIP flow.The UDP flow that network probe is captured, according to UDP and Real-time Transport Protocol(Such as UDP Port numbers, the length field of UDP bags, Version domains of RTP bags etc.) rule match, and judged according to its Run length property, i.e., The several RTP bags of Continuous Observation, identify RTP packet stream amounts;Spy combines high speed DFI technologies, that is, the length wrapped, up-downgoing flow is special Levy, bag time interval feature quickly confirms rtp streaming.
Detailed process is:Main protocol rule is matched according to as follows.
UDP port number.UDP port number is used to indicate the port for two-way communication that common udp port to be all even number end Mouthful, its odd-numbered port for adding 1 is generally used for its matching used rtcp protocol port.
The length field of UDP bags.It is total length of the load data plus UDP packet header domain.UDP packet header length is 8 bytes, RTP Fixed packet length is 12 bytes, the contribution source identifier (Contributing Source Identifiers, CSRC) of RTP bags Length is 4 bytes.Therefore, UDP packet lengths thresholding have to be larger than CC*4+12+8.
The Version domains of RTP bags.This domain is used to indicate the version of current RTP agreement, and this thresholding should be 2.
Using bag similarity analysis rule, i.e., by the observation to continuous multiple bags, the similitude according to multiple bags enters one Step confirms RTP bags, is set to 5 continuous data bags, if all meeting described matching and detection, it is possible to determine that it is VoIP Stream.
Bag similarity analysis rule is specifically:Five-tuple (source IP address, purpose IP ground will be pressed by the stream of matching judgment Location, source port, destination interface and agreement) carry out setting up hash index, and be cached, have confirmed that follow-up multiple bags belong to same Individual VoIP streams.
PT domains.Load type domain (Payload Type) is used to indicate the compression speech-encoded format of present communications.For VoIP flow, PT domains must be a definite value.
SSRC domains.Synchronous source identifier (Synchronization Source Identifier, SSRC) domain is used to mark Know the source of this rtp streaming.Each rtp streaming has a unique SSRC, is a definite value.
Sequence number and timestamp domain.In RTP bags, sequence number (Sequence Number) be used to identify speech frame Transmission is sequentially.Timestamp (Timestamp) is used to write the transmission time of current bag.
Run length.5 continuous data bags are set to after experiment, if matching and Runs-test before all meeting, can To determine that it is VoIP flow.
Using the method for recognizing flux of DFI technologies, VoIP flow is more accurately differentiated.
The length of bag:
The size of VoIP data bag is essentially identical.(The essentially identical Size Error that refers to of the size of packet is in 0-100 words herein In section encloses)
Up-downgoing traffic characteristic:
The up-downgoing flow difference of VoIP is little, and other stream up-downgoing assignment of traffic have a long way to go(Up-downgoing flow herein Difference less, does not have a strict quantized data, it is existing in the judgement of upper down-off be to be judged according to overall data according to artificial).
Bag time interval feature:
Because networking telephone requirement real-time is higher, the interval of relative other network applications in interval of its bag is relative small, has More obvious distribution characteristics.
S4:Five-tuple (source IP address, purpose IP address, source port, destination interface and association will be pressed by the VoIP flow for confirming View) carry out setting up hash index, that is, a stream ID is distributed, the static Hashing table based on generation is put into, with its Hash of stream ID correspondence The key assignments of table, is that each stream sets up a unique list item.Each list item contains traffic identifier, next list item pointer, state, number According to bag counting, flow queue pointer and activity time.Traffic identifier is used to indicate a unique stream using five-tuple.Next list item refers to Pin points to the list item of next stream of same key assignments.Each stream distribution one forms a team to arrange caching and data packet count.Activity time Time for identifying the stream last packet arrival, if certain does not have new data to reach after flowing certain timeout time, Just it is believed that the stream has terminated, so as to discharge the list item.Reproduction and the caching of VoIP data table are solved using Hash modes, Adapt to the requirement of Net FPGA hardware speeds
Hardware/Software Collaborative Design of the invention based on NetFPGA, builds the network interface card model of NetFPGA first, extends on this basis The hardware design of NetFPGA, makes it have the function of serving network traffics capture identification;Software section is caught with network packet Based on obtaining function library libpcap, by software and hardware combining, realize the real-time capture to VoIP communication streams, quick identification, reappear and Caching.
Software-hardware synergism, improves efficiency, not packet loss.Voip traffic identification based on NetFPGA, can be compiled using NetFPGA The hardware of journey realizes the extraction and collection of data packet flow information, ensure that not packet loss, and software section only processes identification classification Work, it is ensured that recognition efficiency higher.
Method using bag similarity analysis are combined with traffic behavior (DFI) feature, not only solves tradition and is based on The identification of encryption stream and the dynamic session set up based on random port number that Host behavior method cannot be tackled, simultaneously because need not The application layer data of flowing of access, so as to protect the privacy of user data.Particularly application upgrade of the algorithm to VoIP Or new VoIP applications, still can efficiently identify its flow.
Finally it should be noted that:The preferred embodiments of the present invention are the foregoing is only, are not intended to limit the invention, Although being described in detail to the present invention with reference to the foregoing embodiments, for a person skilled in the art, it still may be used Modified with to the technical scheme described in foregoing embodiments, or equivalent is carried out to which part technical characteristic. All any modification, equivalent substitution and improvements within the spirit and principles in the present invention, made etc., should be included in of the invention Within protection domain.

Claims (8)

1. a kind of voip traffic real-time identification method based on NetFPGA, it is characterised in that comprise the following steps,
Step 1:Configuration Net FPGA, are then configured to network interface card model by Net FPGA, based on the framework of the network interface card model, extension VoIP flow trapping module, quick and precisely identification module and stream reappear and cache module, and user data passes through DMA data transfer control Device processed and PCI control functions module carry out data exchange with subscriber's main station;
Step 2:Using the packet capture BPF of Libpcap, the capture of VoIP is realized;
Step 3:Using bag rule of similarity and with reference to DFI technologies, the quick and precisely identification of VoIP flow is realized;
Step 4:Reproduction and the caching of VoIP data table are realized using Hash modes, Net FPGA hardware speeds are adapted to.
2. the voip traffic real-time identification method based on NetFPGA according to claim 1, it is characterised in that step 1 In, configuration Net FPGA include installing Cent OS operating systems, configuration driven program, installation tool software.
3. a kind of voip traffic real-time identification method based on NetFPGA according to claim 2, it is characterised in that step Rapid 2 specifically include, and after packet reaches the network adapter of hardware layer, by changing trawl performance, make trawl performance and kernel Shared buffer, reduces the copy number of times to internal storage data;Then the network shunt device in Libpcap will be distributed after data copy To filter, filter is matched according to the filtering rule that user sets to message, and buffering area is put into if the match is successful, no The message is then abandoned, finally consigns to the application program of User space to be further analysed.
4. a kind of voip traffic real-time identification method based on NetFPGA according to claim 3, it is characterised in that step Rapid 3 specifically include, the UDP flow that network probe is captured, and according to UDP and Real-time Transport Protocol rule match, and are entered according to its Run length property Row judgement, the i.e. several RTP bags of Continuous Observation, identify RTP packet stream amounts;Using the method for recognizing flux of DFI technologies, more accurately Differentiate VoIP flow, i.e., according to the length of bag, up-downgoing traffic characteristic, bag time interval feature quickly confirms rtp streaming.
5. a kind of voip traffic real-time identification method based on NetFPGA according to claim 3, it is characterised in that step Rapid 4 specifically include, and will set up hash index by five-tuple by the VoIP flow for confirming, that is, distribute a stream ID, are put into based on life Into static Hashing table, with stream ID correspondence its Hash table key assignments, be that each stream sets up a unique list item, each list item Containing traffic identifier, next list item pointer, state, data packet count, flow queue pointer and activity time, traffic identifier utilizes five-tuple For indicating a unique stream, next list item pointer points to the list item of next stream of same key assignments, each stream distribution one Form a team to arrange caching and data packet count, the activity time is used to identify the time of the stream last packet arrival, if certain flows Certain does not have new data to reach after the timeout times, then it is assumed that the stream has terminated, so as to discharge the list item.
6. a kind of voip traffic real-time identification method based on NetFPGA according to claim 5, it is characterised in that institute Stating five-tuple includes source IP address, purpose IP address, source port, destination interface and agreement.
7. a kind of voip traffic real-time identification method based on NetFPGA according to claim 4, it is characterised in that institute State according to UDP and Real-time Transport Protocol rule match, including according to UDP port number, the length field of UDP bags, the Version rules of RTP bags Matching;
The UDP port number is used to indicate the port for two-way communication;
The length field of the UDP bags, is total length of the load data plus UDP packet header domain, and UDP packet header length is 8 bytes, RTP Fixed packet length is 12 bytes, and the contribution source identifier of RTP bags, length is 4 bytes, and the UDP packet lengths thresholding is more than CC*4+ 12+8;
The Version domains of the RTP bags, the version for indicating current RTP agreement, this thresholding is 2.
8. a kind of voip traffic real-time identification method based on NetFPGA according to claim 4, it is characterised in that institute The length according to bag is stated, up-downgoing traffic characteristic, bag time interval feature quickly confirms rtp streaming, specially according to VoIP data Whether the size of bag is identical, and whether the up-downgoing assignment of traffic gap of VoIP is very big, and whether bag time interval is with respect to other networks The interval of application is relative small.
CN201710055949.5A 2017-01-25 2017-01-25 A kind of voip traffic real-time identification method based on NetFPGA Pending CN106789728A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201710055949.5A CN106789728A (en) 2017-01-25 2017-01-25 A kind of voip traffic real-time identification method based on NetFPGA

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201710055949.5A CN106789728A (en) 2017-01-25 2017-01-25 A kind of voip traffic real-time identification method based on NetFPGA

Publications (1)

Publication Number Publication Date
CN106789728A true CN106789728A (en) 2017-05-31

Family

ID=58942265

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201710055949.5A Pending CN106789728A (en) 2017-01-25 2017-01-25 A kind of voip traffic real-time identification method based on NetFPGA

Country Status (1)

Country Link
CN (1) CN106789728A (en)

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108833195A (en) * 2018-09-26 2018-11-16 河南大学 A kind of network data flow analysis method based on process
CN108989151A (en) * 2018-07-20 2018-12-11 北京云杉世纪网络科技有限公司 For network or the flow collection method of application performance management
CN109756389A (en) * 2018-11-28 2019-05-14 南京知常容信息技术有限公司 A kind of 10,000,000,000 network covert communications detection systems
CN110417675A (en) * 2019-07-29 2019-11-05 广州竞远安全技术股份有限公司 The network shunt method, apparatus and system of high-performance probe under a kind of SOC
CN115297082A (en) * 2022-08-03 2022-11-04 江苏新质信息科技有限公司 ARP protocol processing method and system based on cooperation of FPGA and eBPF

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1909489A (en) * 2006-08-30 2007-02-07 中国科学院计算技术研究所 Method for distinguishing RTP/RTCP flow capacity
CN103763154A (en) * 2014-01-11 2014-04-30 浪潮电子信息产业股份有限公司 Network flow detection method
CN104158767A (en) * 2014-09-03 2014-11-19 吕书健 Network access device and network access method
CN105337976A (en) * 2015-11-06 2016-02-17 西安交大捷普网络科技有限公司 Real-time high-efficiency database audit realization method
US20160142931A1 (en) * 2014-11-13 2016-05-19 Telefonaktiebolaget L M Ericsson (Publ) AUTOMATED MEASUREMENT AND ANALYSIS OF END-TO-END PERFORMANCE OF VoLTE SERVICE
CN105847250A (en) * 2016-03-22 2016-08-10 甘肃农业大学 VoIP stream media multi-dimensional information steganography real time detection method

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1909489A (en) * 2006-08-30 2007-02-07 中国科学院计算技术研究所 Method for distinguishing RTP/RTCP flow capacity
CN103763154A (en) * 2014-01-11 2014-04-30 浪潮电子信息产业股份有限公司 Network flow detection method
CN104158767A (en) * 2014-09-03 2014-11-19 吕书健 Network access device and network access method
US20160142931A1 (en) * 2014-11-13 2016-05-19 Telefonaktiebolaget L M Ericsson (Publ) AUTOMATED MEASUREMENT AND ANALYSIS OF END-TO-END PERFORMANCE OF VoLTE SERVICE
CN105337976A (en) * 2015-11-06 2016-02-17 西安交大捷普网络科技有限公司 Real-time high-efficiency database audit realization method
CN105847250A (en) * 2016-03-22 2016-08-10 甘肃农业大学 VoIP stream media multi-dimensional information steganography real time detection method

Cited By (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108989151A (en) * 2018-07-20 2018-12-11 北京云杉世纪网络科技有限公司 For network or the flow collection method of application performance management
CN108989151B (en) * 2018-07-20 2020-08-28 北京云杉世纪网络科技有限公司 Flow collection method for network or application performance management
CN108833195A (en) * 2018-09-26 2018-11-16 河南大学 A kind of network data flow analysis method based on process
CN108833195B (en) * 2018-09-26 2021-08-10 河南大学 Process-based network data flow analysis method
CN109756389A (en) * 2018-11-28 2019-05-14 南京知常容信息技术有限公司 A kind of 10,000,000,000 network covert communications detection systems
CN110417675A (en) * 2019-07-29 2019-11-05 广州竞远安全技术股份有限公司 The network shunt method, apparatus and system of high-performance probe under a kind of SOC
CN110417675B (en) * 2019-07-29 2020-12-01 广州竞远安全技术股份有限公司 Network shunting method, device and system of high-performance probe under SOC (System on chip)
CN115297082A (en) * 2022-08-03 2022-11-04 江苏新质信息科技有限公司 ARP protocol processing method and system based on cooperation of FPGA and eBPF
CN115297082B (en) * 2022-08-03 2023-08-25 江苏新质信息科技有限公司 ARP protocol processing method and system based on FPGA and eBPF cooperation

Similar Documents

Publication Publication Date Title
CN106789728A (en) A kind of voip traffic real-time identification method based on NetFPGA
CN102739457B (en) Network flow recognition system and method based on DPI (Deep Packet Inspection) and SVM (Support Vector Machine) technology
US8149705B2 (en) Packet communications unit
CN102739473B (en) Network detecting method using intelligent network card
CN103312565B (en) A kind of peer-to-peer network method for recognizing flux based on autonomous learning
KR101295708B1 (en) Apparatus for capturing traffic and apparatus, system and method for analyzing traffic
US9356844B2 (en) Efficient application recognition in network traffic
CN110401624A (en) The detection method and system of source net G system mutual message exception
CN106330584B (en) A kind of recognition methods of Business Stream and identification device
CN102307123A (en) NAT (Network Address Translation) flow identification method based on transmission layer flow characteristic
CN106416171A (en) Method and device for feature information analysis
CN106034056A (en) Service safety analysis method and system thereof
CN107645398A (en) A kind of method and apparatus of diagnostic network performance and failure
CN103139315A (en) Application layer protocol analysis method suitable for home gateway
CN103428224A (en) Method and device for intelligently defending DDoS attacks
CN101714952A (en) Method and device for identifying traffic of access network
CN107666486A (en) A kind of network data flow restoration methods and system based on message protocol feature
CN105847250B (en) VoIP flow media various dimensions information steganography real-time detection method
CN109039775A (en) Quality of service monitoring method, apparatus and system
JP5916877B2 (en) Method, system, and computer program for testing a DIAMETER routing node
CN107204965A (en) The hold-up interception method and system of a kind of password cracking behavior
CN104243237A (en) P2P flow detection method and device
CN102571946A (en) Realization method of protocol identification and control system based on P2P (peer-to-peer network)
TW202127834A (en) Threat detection system for mobile communication system, and global device and local device thereof
CN100493065C (en) Method for using immediate information software by data detection network address switching equipment

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication

Application publication date: 20170531

RJ01 Rejection of invention patent application after publication