CN108449226B - Method and system for quickly classifying information - Google Patents
Method and system for quickly classifying information Download PDFInfo
- Publication number
- CN108449226B CN108449226B CN201810166123.0A CN201810166123A CN108449226B CN 108449226 B CN108449226 B CN 108449226B CN 201810166123 A CN201810166123 A CN 201810166123A CN 108449226 B CN108449226 B CN 108449226B
- Authority
- CN
- China
- Prior art keywords
- transaction
- rule condition
- rule
- condition set
- transaction data
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L43/00—Arrangements for monitoring or testing data switching networks
- H04L43/02—Capturing of monitoring data
- H04L43/026—Capturing of monitoring data using flow identification
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L43/00—Arrangements for monitoring or testing data switching networks
- H04L43/02—Capturing of monitoring data
- H04L43/028—Capturing of monitoring data by filtering
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L2101/00—Indexing scheme associated with group H04L61/00
- H04L2101/60—Types of network addresses
- H04L2101/695—Types of network addresses using masks or ranges of addresses
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Information Retrieval, Db Structures And Fs Structures Therefor (AREA)
Abstract
The invention provides a method and a system for quickly classifying information, which relate to the technical field of algorithms for rule matching and comprise the following steps: defining classification rule conditions for the monitored first transaction data to obtain a rule condition set; classifying the rule condition set to obtain rule condition nodes; and marking the newly acquired second transaction data according to the rule condition set and the rule condition node. The invention can distribute the rules in the corresponding nodes quickly through the quick matching algorithm supported by the special data structure, and only matches the rule set of the nodes of the corresponding IP addresses without performing all matching in the transaction data rule matching process, thereby reducing the matching times and improving the efficiency.
Description
Technical Field
The invention relates to the technical field of algorithms for rule matching, in particular to a method and a system for quickly classifying information.
Background
In the prior art, when information is classified, the information is filtered and matched with all rules, so that which rule classifications the information belongs to is obtained.
In this case, when the information rule containing the IP address matches, a major disadvantage of the prior art is that all the rules need to be matched once, which is inefficient and computationally expensive, and thus, the real-time performance of the application system is also affected.
Disclosure of Invention
In view of this, the present invention provides a method and a system for quickly classifying information, in which rules can be quickly distributed in corresponding nodes through a quick matching algorithm supported by a special data structure, and in a transaction data rule matching process, all matching is not performed, but only a rule set of nodes of corresponding IP addresses is matched, so that matching times are reduced, and efficiency is improved.
In a first aspect, an embodiment of the present invention provides a method for quickly classifying information, including:
defining classification rule conditions for the monitored first transaction data to obtain a rule condition set;
classifying the rule condition set to obtain rule condition nodes;
marking the newly collected second transaction data according to the rule condition set and the rule condition node.
With reference to the first aspect, an embodiment of the present invention provides a first possible implementation manner of the first aspect, where the defining a rule condition for classifying the monitored first transaction data to obtain a rule condition set includes:
defining transaction token attributes for the first transaction data in the monitored application system;
and carrying out logic combination on the transaction mark attributes to obtain the rule condition set.
With reference to the first possible implementation manner of the first aspect, an embodiment of the present invention provides a second possible implementation manner of the first aspect, where the defining a transaction flag attribute for the first transaction data in the monitored application system includes:
defining a positioning attribute, a transaction attribute and a performance index for the first transaction data in the monitored application system.
With reference to the second possible implementation manner of the first aspect, an embodiment of the present invention provides a third possible implementation manner of the first aspect, where the location attribute includes an IP address, a TCP port, a geographic location, an organization, a department, and a person of both parties of a transaction; the transaction attribute comprises the name, the category, the transaction parameter and the transaction return parameter of the transaction; the performance indicators include transaction occurrence time, transaction response time, data volume information, packet transmission delay, and abnormal packet information.
With reference to the first possible implementation manner of the first aspect, an embodiment of the present invention provides a fourth possible implementation manner of the first aspect, where the logically combining the transaction attribute to obtain the rule condition set includes:
defining classification rule conditions for the transaction tag attributes using mathematical comparison operators and set operators;
and combining the classification rule conditions by using a logical operator to obtain the rule condition set.
With reference to the first aspect, an embodiment of the present invention provides a fifth possible implementation manner of the first aspect, where the rule condition node is a set of rule conditions stored in a data structure, and the classifying the rule condition set to obtain the rule condition node includes:
defining a top level node as a classified entry node;
generating a data structure for storing the rule condition set through an IP address and an IP mask, wherein the data structure comprises a first-level data structure and a second-level data structure, and the first-level data structure and the second-level data structure both comprise a left side and a right side;
after the rule condition set is stored, converting the classification rule conditions in the rule condition set to obtain a converted rule condition set;
generating a long value for each of the IP address and the IP mask in the translated rule condition set;
and finding a unique storage position according to the long value and the IP mask to form the rule condition node.
With reference to the first aspect, an embodiment of the present invention provides a sixth possible implementation manner of the first aspect, where the marking newly acquired second transaction data according to the rule condition set and the rule condition node includes:
finding a source IP address or a destination IP address in the second transaction data;
searching the rule condition node according to the source IP address or the destination IP address;
and after the rule condition node is found, extracting all the rule condition sets on the rule condition node, and marking the second transaction data according to the classification rule conditions in the rule condition sets.
With reference to the first aspect, an embodiment of the present invention provides a seventh possible implementation manner of the first aspect, where the first transaction data and the second transaction data are requests and responses sent by the user to the application system or between nodes inside the application system.
With reference to the first aspect, an embodiment of the present invention provides an eighth possible implementation manner of the first aspect, wherein the marking process of the second transaction data is real-time marking during the acquisition process or batch marking after the acquisition is finished.
In a first aspect, an embodiment of the present invention provides a system for quickly classifying information, including:
the defining unit is used for defining the classification rule condition of the monitored first transaction data to obtain a rule condition set;
the classification unit is used for classifying the rule condition set to obtain rule condition nodes;
and the marking unit is used for marking the newly acquired second transaction data according to the rule condition set and the rule condition node.
The invention provides a method and a system for quickly classifying information, which relate to the technical field of algorithms for rule matching and comprise the following steps: defining classification rule conditions for the monitored first transaction data to obtain a rule condition set; classifying the rule condition set to obtain rule condition nodes; and marking the newly acquired second transaction data according to the rule condition set and the rule condition node. The invention can distribute the rules in the corresponding nodes quickly through the quick matching algorithm supported by the special data structure, and only matches the rule set of the nodes of the corresponding IP addresses without performing all matching in the transaction data rule matching process, thereby reducing the matching times and improving the efficiency.
Additional features and advantages of the invention will be set forth in the description which follows, and in part will be obvious from the description, or may be learned by practice of the invention. The objectives and other advantages of the invention will be realized and attained by the structure particularly pointed out in the written description and claims hereof as well as the appended drawings.
In order to make the aforementioned and other objects, features and advantages of the present invention comprehensible, preferred embodiments accompanied with figures are described in detail below.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below, and it is obvious that the drawings in the following description are some embodiments of the present invention, and other drawings can be obtained by those skilled in the art without creative efforts.
Fig. 1 is a flowchart of a method for quickly classifying information according to an embodiment of the present invention;
FIG. 2 is a flowchart of a method of step S101 according to an embodiment of the present invention;
FIG. 3 is a flowchart of a method of step S102 according to an embodiment of the present invention;
fig. 4 is a flowchart of a method of step S103 according to an embodiment of the present invention;
FIG. 5 is a diagram illustrating a data structure provided by an embodiment of the present invention;
fig. 6 is a schematic diagram of a system for quickly classifying information according to an embodiment of the present invention.
Icon:
10-a definition unit; 20-a classification unit; 30-marking units.
Detailed Description
To make the objects, technical solutions and advantages of the embodiments of the present invention clearer, the technical solutions of the present invention will be clearly and completely described below with reference to the accompanying drawings, and it is apparent that the described embodiments are some, but not all embodiments of the present invention. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
In the prior art, when information is classified, the information is filtered and matched with all rules, so that which rule classifications the information belongs to is obtained. In this case, when the information rule containing the IP address matches, a major disadvantage of the prior art is that all the rules need to be matched once, which is inefficient and computationally expensive, and thus, the real-time performance of the application system is also affected. Based on this, the method and system for quickly classifying information provided by the embodiment of the invention can quickly distribute the rules in the corresponding nodes through the quick matching algorithm supported by the special data structure, and only match the rule set of the nodes of the corresponding IP addresses without performing all matching in the transaction data rule matching process, thereby reducing the matching times and improving the efficiency.
For the convenience of understanding the embodiment, the method for quickly classifying information disclosed by the embodiment of the present invention is first described in detail.
The first embodiment is as follows:
fig. 1 is a flowchart of a method for quickly classifying information according to an embodiment of the present invention.
Referring to fig. 1, a method of rapidly classifying information includes a flow definition, a flow classification, and a flow label. Here, the term flow means a set of some rule conditions. The following describes in detail a method for rapidly classifying information, the method comprising:
step S101, defining classification rule conditions for the monitored first transaction data to obtain a rule condition set;
step S102, classifying the rule condition set to obtain rule condition nodes;
and step S103, marking the newly acquired second transaction data according to the rule condition set and the rule condition node.
Specifically, the term node is a set of storage rules in the data structure, and stores IP and rule information; the term transaction data is a request/response sent by a user to an application system, or between two nodes within an application system. A first step S101, defining conditions and criteria for classifying monitored data; a second step S102, classifying the result defined in the step S101 so that the transaction data can quickly find the flow set to be matched when being matched; the third step S103 is to apply the result defined in S101 to each transaction of the collected application system and mark the result on the transaction record.
Further, referring to fig. 2, step S101 includes:
step S201, defining transaction mark attribute for first transaction data in a monitored application system;
step S202, the transaction mark attributes are logically combined to obtain a rule condition set.
Specifically, markable attributes of a transaction are first defined for a monitored application system; the tagged attributes of the transactions are then logically combined to define classification conditions and criteria for the flow. Thus, in the flow definition process, embodiments of the present invention are defined by markable attributes based on transactions.
Further, step S201 includes:
a positioning attribute, a transaction attribute, and a performance index are defined for first transaction data in a monitored application system.
Further, the positioning attributes comprise IP addresses of both transaction parties, TCP ports, geographic positions, institutions, departments and personnel; the transaction attribute comprises the name, the category, the transaction parameter and the transaction return parameter of the transaction; the performance indicators include transaction occurrence time, transaction response time, data volume information, packet transmission delay, and exception packet information.
Specifically, the transaction parameters are any parameters in the transaction, including account number of a receiver of the transfer transaction, amount and the like, and the transaction return parameters include response codes and the like; the data volume information includes the data volume (number of bytes and number of data packets) from the client to the server and from the server back to the client, and the abnormal data packet information includes the number of abnormal data packets (retransmission packets, out-of-order packets, zero window packets, etc.).
Further, step S202 includes:
defining classification rule conditions for transaction marking attributes by using a mathematical comparison operator and a set operator;
and combining the classification rule conditions by using a logical operator to obtain a rule condition set.
Specifically, a classification condition is defined for a certain markable attribute, and a mathematical comparison operator and a set operator can be used; the classification conditions may be combined using logical operators to define new classification conditions.
Further, the rule condition node is a set of rule conditions stored in the data structure, and referring to fig. 3, step S102 includes:
step S301, as shown in FIG. 5, defining the top node as a classified entry node;
step S302, generating a data structure for storing a rule condition set through an IP address and an IP mask, wherein the data structure comprises a first-level data structure and a second-level data structure, and the first-level data structure and the second-level data structure both comprise a left side and a right side;
specifically, a data structure for storing the stream is generated by an IP address and an IP mask, and the first level of the structure indicates whether the stream contains IP or all, with IP on the left and all on the right. The second stage on the left is used to distinguish between a source IP and a destination IP, with the source IP on the left and the destination IP on the right. The data structure is schematically shown in table 1.
Table 1 data structure diagram
Step S303, after the rule condition set is stored, converting the classification rule conditions in the rule condition set to obtain a converted rule condition set;
specifically, after the storage rule is defined, the rule about the IP in the stream is converted into a specific IP set. For example, representing a range of IPs, embodiments of the present invention would return all IP sets within that range.
Step S304, generating a long value for each IP address and each IP mask in the converted rule condition set;
specifically, each IP and mask in the set we will be converted to a long value, a total of 64 bits of binary, with the highest bit being whether there is an IP, then either the source IP or the destination IP, followed by a binary of 32 bits of IP, followed by 30 bits without processing, and the mask requires + 2.
And step S305, finding a unique storage position according to the long value and the IP mask to form a rule condition node.
Specifically, based on the generated long value and the mask, a unique storage location is found. The embodiment of the invention applies a rapid storage query method in the process of flow classification.
Further, referring to fig. 4, step S103 includes:
step S401, finding a source IP address or a destination IP address in the second transaction data;
step S402, searching the rule condition node according to the source IP address or the destination IP address;
step S403, after finding the rule condition node, extracting all rule condition sets on the rule condition node, and marking the second transaction data according to the classification rule conditions in the rule condition sets.
Specifically, in the process of flow marking, the embodiment of the present invention applies a data searching and matching method. Firstly, a source IP address or a destination IP address in transaction data is found; then, finding out the node according to the IP; after a node is found, all flows of the node can be taken, and according to conditions and standards defined by the flows, the conforming flows are marked on the transaction data. Note the non-uniqueness of the flow marker: each transaction record may be marked as zero or more streams. These cases must be handled simultaneously in step S103.
Further, the first transaction data and the second transaction data are requests and responses sent by the user to the application system or between nodes inside the application system.
Further, the marking process of the second transaction data is real-time marking during the acquisition process or batch marking after the acquisition is finished.
The invention provides a method for quickly classifying information, which relates to the technical field of algorithms for rule matching and comprises the following steps: defining classification rule conditions for the monitored first transaction data to obtain a rule condition set; classifying the rule condition set to obtain rule condition nodes; and marking the newly acquired second transaction data according to the rule condition set and the rule condition node. The invention can distribute the rules in the corresponding nodes quickly through the quick matching algorithm supported by the special data structure, and only matches the rule set of the nodes of the corresponding IP addresses without performing all matching in the transaction data rule matching process, thereby reducing the matching times. The calculation times of the transaction data during flow matching are greatly reduced, so that the efficiency is improved, the application program has higher real-time performance, and the value information is provided earlier.
Example two:
fig. 6 is a schematic diagram of a system for quickly classifying information according to an embodiment of the present invention.
Referring to fig. 6, the system for rapidly classifying information includes:
the defining unit 10 is configured to define a classification rule condition for the monitored first transaction data to obtain a rule condition set;
a classifying unit 20, configured to classify the rule condition set to obtain rule condition nodes;
and the marking unit 30 is used for marking the newly acquired second transaction data according to the rule condition set and the rule condition node.
The system for quickly classifying information provided by the embodiment of the invention has the same technical characteristics as the method for quickly classifying information provided by the embodiment, so that the same technical problems can be solved, and the same technical effects can be achieved.
The computer program product of the method and system for quickly classifying information provided in the embodiments of the present invention includes a computer-readable storage medium storing a program code, where instructions included in the program code may be used to execute the method described in the foregoing method embodiments, and specific implementation may refer to the method embodiments, and will not be described herein again.
It is clear to those skilled in the art that, for convenience and brevity of description, the specific working processes of the system and the apparatus described above may refer to the corresponding processes in the foregoing method embodiments, and are not described herein again.
The functions, if implemented in the form of software functional units and sold or used as a stand-alone product, may be stored in a computer readable storage medium. Based on such understanding, the technical solution of the present invention may be embodied in the form of a software product, which is stored in a storage medium and includes instructions for causing a computer device (which may be a personal computer, a server, or a network device) to execute all or part of the steps of the method according to the embodiments of the present invention. And the aforementioned storage medium includes: a U-disk, a removable hard disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), a magnetic disk or an optical disk, and other various media capable of storing program codes.
Furthermore, the terms "first," "second," and "third" are used for descriptive purposes only and are not to be construed as indicating or implying relative importance.
Finally, it should be noted that: the above-mentioned embodiments are only specific embodiments of the present invention, which are used for illustrating the technical solutions of the present invention and not for limiting the same, and the protection scope of the present invention is not limited thereto, although the present invention is described in detail with reference to the foregoing embodiments, those skilled in the art should understand that: any person skilled in the art can modify or easily conceive the technical solutions described in the foregoing embodiments or equivalent substitutes for some technical features within the technical scope of the present disclosure; such modifications, changes or substitutions do not depart from the spirit and scope of the embodiments of the present invention, and they should be construed as being included therein. Therefore, the protection scope of the present invention shall be subject to the protection scope of the claims.
Claims (8)
1. A method for quickly classifying information is characterized by comprising the following steps:
defining classification rule conditions for the monitored first transaction data to obtain a rule condition set;
classifying the rule condition set to obtain rule condition nodes;
marking newly acquired second transaction data according to the rule condition set and the rule condition node, wherein the node is a set of rules stored in a data structure, stores IP (Internet protocol) and rule information, and the transaction data is sent to an application system by a user or a request/response between two nodes in the application system;
applying the defined rule condition set to each collected transaction of the application system, and marking the classification result on a transaction record;
the defining of the classification rule condition on the monitored first transaction data to obtain a rule condition set comprises:
defining transaction token attributes for the first transaction data in the monitored application system;
performing logic combination on the transaction mark attributes to obtain the rule condition set;
the defining transaction token attributes for the first transaction data in the monitored application system comprises:
defining a positioning attribute, a transaction attribute and a performance index for the first transaction data in the monitored application system.
2. The method for rapidly classifying information according to claim 1, wherein the positioning attributes comprise IP addresses of both parties of the transaction, TCP ports, geographical locations, institutions, departments, and personnel; the transaction attribute comprises the name, the category, the transaction parameter and the transaction return parameter of the transaction; the performance indicators include transaction occurrence time, transaction response time, data volume information, packet transmission delay, and abnormal packet information.
3. The method for rapidly classifying information according to claim 1, wherein said logically combining the transaction tag attributes to obtain the rule condition set comprises:
defining classification rule conditions for the transaction tag attributes using mathematical comparison operators and set operators;
and combining the classification rule conditions by using a logical operator to obtain the rule condition set.
4. The method for rapidly classifying information according to claim 1, wherein the rule condition node is a set of rule conditions stored in a data structure, and the classifying the rule condition set to obtain the rule condition node comprises:
defining a top level node as a classified entry node;
generating a data structure for storing the rule condition set through an IP address and an IP mask, wherein the data structure comprises a first-level data structure and a second-level data structure, and the first-level data structure and the second-level data structure both comprise a left side and a right side;
after the rule condition set is stored, converting the classification rule conditions in the rule condition set to obtain a converted rule condition set;
generating a long value for each of the IP address and the IP mask in the translated rule condition set;
and finding a unique storage position according to the long value and the IP mask to form the rule condition node.
5. The method for rapid categorization of information as claimed in claim 1 wherein said tagging newly collected second transaction data according to said set of rule conditions and said set of rule conditions nodes comprises:
finding a source IP address or a destination IP address in the second transaction data;
searching the rule condition node according to the source IP address or the destination IP address;
and after the rule condition node is found, extracting all the rule condition sets on the rule condition node, and marking the second transaction data according to the classification rule conditions in the rule condition sets.
6. The method for rapid classification of information according to claim 1, wherein the first transaction data and the second transaction data are requests and responses sent by the user to the application system or between nodes within the application system.
7. The method for rapidly classifying information according to claim 1, wherein the marking process of the second transaction data is real-time marking during the collection process or batch marking after the collection is finished.
8. A system for rapid classification of information, comprising:
the defining unit is used for defining the classification rule condition of the monitored first transaction data to obtain a rule condition set;
the classification unit is used for classifying the rule condition set to obtain rule condition nodes;
the marking unit is used for marking the newly acquired second transaction data according to the rule condition set and the rule condition node, wherein the node is a set of rules stored in a data structure, stores IP (Internet protocol) and rule information, and sends the transaction data to an application system for a user or a request/response between two nodes in the application system;
the marking unit is also used for applying the defined rule condition set to each collected transaction of the application system and marking the classification result on a transaction record;
the defining unit is further used for defining transaction marking attributes for the first transaction data in the monitored application system; performing logic combination on the transaction mark attributes to obtain the rule condition set;
the defining unit is further configured to define a positioning attribute, a transaction attribute, and a performance index for the first transaction data in the monitored application system.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201810166123.0A CN108449226B (en) | 2018-02-28 | 2018-02-28 | Method and system for quickly classifying information |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201810166123.0A CN108449226B (en) | 2018-02-28 | 2018-02-28 | Method and system for quickly classifying information |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN108449226A CN108449226A (en) | 2018-08-24 |
| CN108449226B true CN108449226B (en) | 2021-07-23 |
Family
ID=63192712
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201810166123.0A Active CN108449226B (en) | 2018-02-28 | 2018-02-28 | Method and system for quickly classifying information |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN108449226B (en) |
Families Citing this family (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110569360A (en) * | 2019-09-06 | 2019-12-13 | 成都深思科技有限公司 | Method for labeling and automatically associating network session data |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101345707A (en) * | 2008-08-06 | 2009-01-14 | 北京邮电大学 | Method and apparatus for implementing IPv6 packet classification |
| CN102281196A (en) * | 2011-08-11 | 2011-12-14 | 中兴通讯股份有限公司 | Decision tree generating method and equipment, decision-tree-based message classification method and equipment |
| CN102437950A (en) * | 2011-11-08 | 2012-05-02 | 西安电子科技大学 | High efficient and extensible IP data packet classification method |
Family Cites Families (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US8374958B2 (en) * | 2002-08-29 | 2013-02-12 | Alcatel Lucent | Method and apparatus for the payment of internet content |
| CN101500012B (en) * | 2009-02-27 | 2012-08-22 | 中国人民解放军信息工程大学 | Packet classification method and system |
| CN101556464A (en) * | 2009-05-22 | 2009-10-14 | 天津大学 | Auto recommending method of urban power load forecasting module based on associative rules |
| US9680748B2 (en) * | 2013-09-15 | 2017-06-13 | Nicira, Inc. | Tracking prefixes of values associated with different rules to generate flows |
| CN105096174A (en) * | 2014-04-16 | 2015-11-25 | 阿里巴巴集团控股有限公司 | Transaction matching method and transaction matching system |
| CN104809238B (en) * | 2015-05-12 | 2018-02-23 | 国家电网公司 | Data processing method and device for data collecting system |
-
2018
- 2018-02-28 CN CN201810166123.0A patent/CN108449226B/en active Active
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101345707A (en) * | 2008-08-06 | 2009-01-14 | 北京邮电大学 | Method and apparatus for implementing IPv6 packet classification |
| CN102281196A (en) * | 2011-08-11 | 2011-12-14 | 中兴通讯股份有限公司 | Decision tree generating method and equipment, decision-tree-based message classification method and equipment |
| CN102437950A (en) * | 2011-11-08 | 2012-05-02 | 西安电子科技大学 | High efficient and extensible IP data packet classification method |
Also Published As
| Publication number | Publication date |
|---|---|
| CN108449226A (en) | 2018-08-24 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN109617927B (en) | Method and device for matching security policy | |
| US20210152444A1 (en) | Aggregation of select network traffic statistics | |
| CN106878262B (en) | Message detection method and device, and method and device for establishing local threat information library | |
| CN103530334B (en) | Based on the data matching system and method for comparing template | |
| WO2012095971A1 (en) | Classification rule generation device, classification rule generation method, classification rule generation program and recording medium | |
| US9595003B1 (en) | Compiler with mask nodes | |
| US10313377B2 (en) | Universal link to extract and classify log data | |
| CN107547671A (en) | A kind of URL matching process and device | |
| WO2015154484A1 (en) | Traffic data classification method and device | |
| WO2017157335A1 (en) | Message identification method and device | |
| WO2015024476A1 (en) | A method, server, and computer program product for managing ip address attributions | |
| WO2023093100A1 (en) | Method and apparatus for identifying abnormal calling of api gateway, device, and product | |
| CN112347501A (en) | Data processing method, device, equipment and storage medium | |
| CN106100997B (en) | Network traffic information processing method and device | |
| CN115189914A (en) | Application Programming Interface (API) identification method and device for network traffic | |
| CN108449226B (en) | Method and system for quickly classifying information | |
| Tang et al. | HSLF: HTTP header sequence based LSH fingerprints for application traffic classification | |
| CN114338600A (en) | Equipment fingerprint selection method and device, electronic equipment and medium | |
| CN111953552A (en) | Data flow classification method and message forwarding equipment | |
| CN112769739A (en) | Database operation violation processing method, device and equipment | |
| US8219667B2 (en) | Automated identification of computing system resources based on computing resource DNA | |
| CN111131072B (en) | Bury-free data acquisition method, device and storage medium | |
| US20200081875A1 (en) | Information Association And Suggestion | |
| CN111753162A (en) | Data crawling method, device, server and storage medium | |
| CN110138723A (en) | The determination method and system of malice community in a kind of mail network |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| CB02 | Change of applicant information |
Address after: 100083 Room 802, 8 / F, shining building, 35 Xueyuan Road, Haidian District, Beijing Applicant after: FUSIONSKYE (BEIJING) SOFTWARE Co.,Ltd. Address before: 100029 room 1005, Jin Ji Ye building, No. 2, Sheng Gu Road, anzhen bridge, Chaoyang District, Beijing Applicant before: FUSIONSKYE (BEIJING) TECHNOLOGY Co.,Ltd. |
|
| CB02 | Change of applicant information | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |