CN116939669A - Network element identification method, system, equipment and readable medium based on IP learning table - Google Patents
Network element identification method, system, equipment and readable medium based on IP learning table Download PDFInfo
- Publication number
- CN116939669A CN116939669A CN202311196115.8A CN202311196115A CN116939669A CN 116939669 A CN116939669 A CN 116939669A CN 202311196115 A CN202311196115 A CN 202311196115A CN 116939669 A CN116939669 A CN 116939669A
- Authority
- CN
- China
- Prior art keywords
- network element
- data packet
- information
- learning table
- network
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000000034 method Methods 0.000 title claims abstract description 72
- 238000012545 processing Methods 0.000 claims abstract description 35
- 230000002159 abnormal effect Effects 0.000 claims description 18
- 238000004590 computer program Methods 0.000 claims description 11
- 230000008569 process Effects 0.000 claims description 11
- 230000006870 function Effects 0.000 description 7
- 238000005516 engineering process Methods 0.000 description 6
- 238000010586 diagram Methods 0.000 description 5
- 230000003287 optical effect Effects 0.000 description 5
- 230000006399 behavior Effects 0.000 description 3
- 238000005457 optimization Methods 0.000 description 3
- 230000005540 biological transmission Effects 0.000 description 2
- 230000008859 change Effects 0.000 description 2
- 238000007796 conventional method Methods 0.000 description 2
- 239000000284 extract Substances 0.000 description 2
- 238000007689 inspection Methods 0.000 description 2
- 238000013507 mapping Methods 0.000 description 2
- 230000000644 propagated effect Effects 0.000 description 2
- 230000009286 beneficial effect Effects 0.000 description 1
- 238000004891 communication Methods 0.000 description 1
- 230000010485 coping Effects 0.000 description 1
- 238000013461 design Methods 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 230000002708 enhancing effect Effects 0.000 description 1
- 239000000835 fiber Substances 0.000 description 1
- 239000013307 optical fiber Substances 0.000 description 1
- 230000004044 response Effects 0.000 description 1
- 239000004065 semiconductor Substances 0.000 description 1
- 230000006641 stabilisation Effects 0.000 description 1
- 238000011105 stabilization Methods 0.000 description 1
- 230000003068 static effect Effects 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W24/00—Supervisory, monitoring or testing arrangements
- H04W24/02—Arrangements for optimising operational condition
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L43/00—Arrangements for monitoring or testing data switching networks
- H04L43/02—Capturing of monitoring data
- H04L43/028—Capturing of monitoring data by filtering
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L45/00—Routing or path finding of packets in data switching networks
- H04L45/74—Address processing for routing
- H04L45/745—Address table lookup; Address filtering
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/08—Access security
- H04W12/088—Access security using filters or firewalls
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/12—Detection or prevention of fraud
- H04W12/121—Wireless intrusion detection systems [WIDS]; Wireless intrusion prevention systems [WIPS]
- H04W12/122—Counter-measures against attacks; Protection against rogue devices
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/60—Context-dependent security
- H04W12/67—Risk-dependent, e.g. selecting a security level depending on risk profiles
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W24/00—Supervisory, monitoring or testing arrangements
- H04W24/08—Testing, supervising or monitoring using real traffic
Abstract
The application provides a network element identification method, a system, equipment and a medium based on an IP learning table, wherein the method comprises the steps of obtaining a data packet of network flow, and analyzing the data packet by DPI to obtain IP address information of the data packet; inquiring an IP learning table according to the IP address information; when the IP learning table has network element information corresponding to the IP address information, submitting the data packet to a corresponding processing module according to the network element information; when the network element information corresponding to the IP address information does not exist in the IP learning table, extracting the path information of the data packet, transmitting the path information to a rule engine to obtain the network element information corresponding to the data packet, updating the IP learning table according to the network element information, and transmitting the data packet to a corresponding processing module.
Description
Technical Field
The present application relates to the field of communications technologies, and in particular, to a method, a system, an apparatus, and a readable medium for identifying a network element based on an IP learning table.
Background
With the rapid development and wide application of 5G networks, the need for efficient network element identification methods and accuracy is becoming urgent. However, existing network element identification methods have some problems and challenges that limit their application and performance in complex network environments.
Firstly, the traditional network element identification method relies on complex topology mapping and manual configuration, so that the network element identification process is low in efficiency, manual updating and configuration are tedious and error-prone for a large-scale 5G network, and the requirements of real-time performance and automation of network management cannot be met. Secondly, the conventional method has a certain limitation in accuracy, and the method of matching the fixed rule and the table with the IP address and the network element is easy to generate errors, and particularly in a complex network environment, the specific network element is more difficult to accurately identify along with the change of the network topology and the dynamically allocated IP address. In addition, the existing method lacks intelligence and self-adaptability, and cannot dynamically identify network elements according to real-time network states and changes, so that flexibility and response capability of network management are limited, and changes and requirements of a network cannot be adapted in time. Finally, the complexity of 5G networks also presents challenges for network element identification, and the highly complex topology and diversified device types make conventional methods difficult to handle, resulting in reduced accuracy and reliability of network element identification.
Therefore, in order to solve the above-mentioned problems, new technologies and methods need to be developed to improve the efficiency, accuracy and intelligence of network element identification so as to meet the requirements of 5G network management and optimization.
Disclosure of Invention
An object of the present application is to provide a network element identification method, system, device and readable medium based on an IP learning table, at least for making the method capable of improving efficiency, accuracy and intelligence of network element identification, so as to meet requirements of 5G network management and optimization.
To achieve the above object, some embodiments of the present application provide a network element identification method based on an IP learning table, the method including: acquiring a data packet of network traffic, and analyzing the data packet by DPI to obtain IP address information of the data packet; inquiring an IP learning table according to the IP address information; when the IP learning table has network element information corresponding to the IP address information, submitting the data packet to a corresponding processing module according to the network element information; and when the network element information corresponding to the IP address information does not exist in the IP learning table, extracting path information of the data packet, transmitting the path information to a rule engine to obtain the network element information corresponding to the data packet, updating the IP learning table according to the network element information, and transmitting the data packet to a corresponding processing module.
Further, the method further comprises: network element path information in the network is collected, including paths between the core network and edge devices, according to network specifications and network architecture.
Further, the method further comprises: defining rules according to the network element path information, wherein the rules are used for describing the network element information corresponding to the network element path information.
Further, the rule engine processes path matching and rule execution according to the rule and the path information, and determines network element information corresponding to the data packet.
Further, the method further comprises: when the network element information corresponding to the IP address information exists in the IP learning table, judging whether the network element information is normal network element information or not; if the network element information is normal network element information, submitting the data packet to a corresponding processing module; if the network element information is abnormal network element information, the processing is not performed.
Further, the method further comprises: when the IP learning table does not contain network element information corresponding to the IP address information, judging whether the path information of the data packet is in the rule engine or not; if the path information of the data packet is in the rule engine, marking the network element information determined by the rule engine according to the path information of the data packet as normal network element information, and updating the IP learning table; if the path information of the data packet is not in the rule engine, recording the data packet as abnormal flow information, marking the IP of the data packet as abnormal network element information, and updating a learning table.
Some embodiments of the present application further provide a network element identification system based on an IP learning table, where the system includes: the flow acquisition module is used for acquiring a data packet of network flow, and analyzing the data packet through DPI to obtain IP address information of the data packet; and the network element identification module is used for inquiring an IP learning table according to the IP address information and carrying out network element identification on the data packet according to the IP learning table and the rule engine.
Some embodiments of the present application further provide a laser frequency stabilization device in a near ultraviolet band, where the device includes: one or more processors; and a memory storing computer program instructions that, when executed, cause the processor to perform the method as described above.
Some embodiments of the application also provide a computer readable medium having stored thereon computer program instructions executable by a processor to implement the IP learning table based network element identification method.
Compared with the prior art, in the scheme provided by the embodiment of the application, the network element identification method based on the IP learning table captures the data packet needing network element identification from the network, analyzes the data packet through DPI (deep data packet inspection) technology, and extracts IP address information in the data packet; inquiring a pre-constructed IP learning table according to the IP address information obtained by analysis, wherein the IP learning table is a table for recording the identified IP address and the corresponding network element information; when the network element information corresponding to the IP address information obtained by analysis exists in the IP learning table, the data packet is directly submitted to the corresponding processing module according to the network element information, so that redundant network element identification process can be avoided, and the processing efficiency is improved; when the network element information corresponding to the IP address information obtained by analysis does not exist in the IP learning table, the network element corresponding to the IP address is described as not being identified, the path information is extracted from the data packet of the unidentified network element, the extracted path information is transmitted to a rule engine, the network element information of the source IP and the target IP in the data packet is determined, the network element information is updated to the IP learning table, the network element information contains the newly identified network element information, and then the data packet is submitted to a corresponding processing module to continue the subsequent processing flow. Through the steps, the method can realize rapid, accurate and intelligent network element identification based on the IP learning table, and the problems of low efficiency, low accuracy, lack of intelligence, difficulty in coping with complex network environments and the like in the traditional method are avoided.
Drawings
Fig. 1 is a flow chart of a network element identification method based on an IP learning table according to an embodiment of the present application;
fig. 2 is a flow chart of another network element identification method based on an IP learning table according to an embodiment of the present application;
fig. 3 is a schematic structural diagram of a network element identification device based on an IP learning table according to an embodiment of the present application.
Detailed Description
For the purpose of making the objects, technical solutions and advantages of the embodiments of the present application more apparent, the technical solutions of the embodiments of the present application will be clearly and completely described below with reference to the accompanying drawings in the embodiments of the present application, and it is apparent that the described embodiments are some embodiments of the present application, but not all embodiments of the present application. All other embodiments, which can be made by those skilled in the art based on the embodiments of the application without making any inventive effort, are intended to be within the scope of the application.
Existing network element identification methods often rely on complex topology mapping and manual configuration, resulting in inefficient and error-prone network element identification processes. In order to improve accuracy and automation degree of network element identification, the application aims to provide a network element identification method based on an IP learning table, as shown in fig. 1, wherein the core of the identification method is as follows: acquiring a data packet of network traffic, and analyzing the data packet by DPI to obtain IP address information of the data packet; inquiring an IP learning table according to the IP address information; when the IP learning table has network element information corresponding to the IP address information, submitting the data packet to a corresponding processing module according to the network element information; and when the network element information corresponding to the IP address information does not exist in the IP learning table, extracting path information of the data packet, transmitting the path information to a rule engine to obtain the network element information corresponding to the data packet, updating the IP learning table according to the network element information, and transmitting the data packet to a corresponding processing module.
Acquiring transmitted data packets from a 5G network, wherein the data packets contain information required to be identified by network elements; analyzing the acquired data packet by using a Deep Packet Inspection (DPI) technology, and extracting IP address information comprising a source IP address and a target IP address; inquiring a pre-constructed IP learning table according to the IP address information obtained by analysis, wherein the table records the identified IP address and the corresponding network element information; if the IP learning table has network element information corresponding to the IP address information obtained by analysis, the data packet is submitted to a corresponding processing module for further processing according to the network element information; if the IP learning table does not contain network element information corresponding to the IP address information obtained by analysis, indicating that the network element corresponding to the IP address is not identified, extracting path information from the data packet aiming at the data packet of the unidentified network element, wherein the path information comprises nodes or network element sequences through which the data packet passes in a network, transmitting the extracted path information to a rule engine designed and realized in advance, analyzing the path information and executing rule matching by the rule engine according to a predefined rule set to obtain the network element information of a source IP and a target IP in the data packet; and updating the network element information obtained by the rule engine into an IP learning table to enable the network element information to contain the newly identified network element information, and then submitting the data packet to a corresponding processing module to carry out a subsequent processing flow.
Through the embodiment, the method can efficiently and accurately identify the network elements corresponding to the source IP and the target IP in the data packet, and submit the data packet to the corresponding processing module according to the identification result. The method realizes a rapid, accurate and intelligent network element identification process through the inquiry and updating of the IP learning table and the use of a rule engine, thereby improving the efficiency and accuracy of network management.
In some embodiments of the application, the method further comprises: network element path information in the network is collected, including paths between the core network and edge devices, according to network specifications and network architecture.
Related network specifications and network architecture of 5G networks, such as 3GPP standards and network topologies. According to the analysis results of the network specification and the network architecture, collecting path information between each network element, wherein the path information comprises a transmission path of data between a core network and edge equipment, and different network nodes and equipment can be covered. The collected network element path information is recorded for the subsequent network element identification process, and the recording can be performed in a data structure or database mode, so that the high efficiency and reliability of the storage and retrieval of the path information are ensured.
In some embodiments of the application, the method further comprises: defining rules according to the network element path information, wherein the rules are used for describing the network element information corresponding to the network element path information.
Rule definition: according to the collected network element path information, a series of rules are defined to describe the network element information corresponding to each path. Rules may be based on matching conditions, configuration parameters, behavior, etc. of the paths.
Example rule 1:
rule name: npcf_smpolicycontrol_create
Rule description: path rule with SMF as source IP and PCF as destination IP
Rule condition: npcf_smpolicycontrol_create flow path information
Rule behavior: source IP network element type: SMF destination IP network element type: PCF (PCF)
Example rule 2:
rule name: nausf_UEAuthentication
Rule description: path rule with source IP as AMF and destination IP as AUSF
Rule condition: nausf_UEAuthority flow path information
Rule behavior: source IP network element type: AMF destination IP network element type: AUSF (AUSF)
More rules can be defined according to specific network element paths and requirements, and accuracy of network element identification can be improved by constructing a complete rule set. Each rule describes network element information corresponding to a specific path, so that corresponding network elements can be accurately identified and configured.
In some embodiments of the present application, the rule engine processes path matching and rule execution according to the rule and the path information, and determines network element information corresponding to the data packet.
Rule engine design: a rule engine is designed and implemented for parsing and executing rule sets. The rule engine should be able to handle the logic of path matching and rule execution in order to quickly and accurately identify a particular network element.
Path matching: the rule engine first extracts path information for the data packet. It then matches the path information according to the rule definitions in the rule set. The rules engine will examine the rules one by one to determine which rule matches the path information of the packet.
Rule execution: once a rule matching the path information is found, the rules engine performs the operations defined by the rule. These operations may include updating the network element information of the data packet, setting the network element type of the source IP and the destination IP, etc.
Network element information determination: and determining the network element information corresponding to the data packet through path matching and rule execution processes of the rule engine. According to the result of the rule engine execution, the network element types of the source IP and the destination IP in the data packet can be accurately identified.
The method of the application can rapidly and accurately determine the network element information corresponding to the data packet according to the rule and the path information. The rule engine can process complex network environment through logic of path matching and rule execution, and accurately identify and configure network elements of the data packet according to rules defined in a rule set. Therefore, the accuracy and reliability of network element identification can be improved, and the method is suitable for the continuously-changing 5G network requirements.
In some embodiments of the application, the method further comprises: when the network element information corresponding to the IP address information exists in the IP learning table, judging whether the network element information is normal network element information or not; if the network element information is normal network element information, submitting the data packet to a corresponding processing module; if the network element information is abnormal network element information, the processing is not performed.
Inquiring an IP learning table according to the IP address information, and judging whether network element information corresponding to the IP learning table exists or not; if the network element information corresponding to the IP address information exists in the IP learning table, whether the network element information is normal network element information needs to be further judged; judging the network element information through predefined rules or logics, and determining whether the network element information is normal network element information or not, wherein the rules or logics can be based on specific network element types, network states or other relevant factors; if the network element information is judged to be normal network element information, the data packet is submitted to a corresponding processing module for further processing, and the processing module can execute corresponding operations, such as route forwarding, policy processing and the like, according to the network element information; if the network element information is judged to be abnormal network element information, the data packet is not processed, and discarding or other specific processing strategies can be selected.
By judging the network element information in the IP learning table, the method can further screen out the normal network element information, thereby ensuring that only the normal network element information can enter the subsequent processing module. This helps to improve the security and reliability of the system and prevents the potential risk or interference of abnormal network element information to the network.
In some embodiments of the application, the method further comprises: when the IP learning table does not contain network element information corresponding to the IP address information, judging whether the path information of the data packet is in the rule engine or not; if the path information of the data packet is in the rule engine, marking the network element information determined by the rule engine according to the path information of the data packet as normal network element information, and updating the IP learning table; if the path information of the data packet is not in the rule engine, recording the data packet as abnormal flow information, marking the IP of the data packet as abnormal network element information, and updating a learning table.
Inquiring an IP learning table according to the IP address information, and judging whether network element information corresponding to the IP learning table exists or not; if the network element information corresponding to the IP address information does not exist in the IP learning table, further judging whether the path information of the data packet exists in a rule engine or not; matching the path information of the data packet with rules in a rule engine, and judging whether a corresponding path rule exists; if the path information of the data packet has a corresponding rule in a rule engine, determining network element information corresponding to the data packet according to the matched rule, and marking the network element information as normal network element information; updating the IP address information and the determined normal network element information into an IP learning table so as to facilitate the subsequent network element identification process; if the path information of the data packet does not have a corresponding rule in the rule engine, recording the data packet as abnormal traffic information, and marking the network element information determined by the rule engine according to the path information of the data packet as abnormal network element information.
By carrying out path information matching on the data packet without network element information in the IP learning table and determining the network element information according to the rule engine, the method can judge whether the data packet is of normal flow or not and carry out corresponding marking and updating operations. The method is beneficial to improving the accuracy of network element identification, identifying potential abnormal traffic conditions and further enhancing the safety and reliability of the network.
The implementation details of the network element identification method based on the IP learning table according to the embodiment of the present application are specifically described below with reference to a specific application example, and the following details are provided only for understanding, and are not necessary for implementing the present embodiment.
As shown in fig. 2, the data packets in the network are analyzed and processed according to the 3GPP standard and network topology of the 5G network.
S1, DPI captures network traffic data, which data packets are derived from traffic in the network.
S2, judging whether the flow exists, if so, extracting source IP and destination IP information in the data packet; if there is no flow, the operation is ended.
S3, inquiring the IP address information in the IP learning table, and if the network element information corresponding to the IP address information exists, further judging whether the network element is a normal network element IP:
if the network element is the normal network element IP, submitting the data packet to a corresponding processing module for further processing, and returning to the step S2;
if the network element IP is not the normal network element IP, the next step of judgment is needed:
if the network element information corresponding to the IP address information does not exist in the IP learning table, extracting the path information of the data packet, and then transmitting the path information to a rule engine for path matching:
if the rule corresponding to the path information exists in the rule engine, marking the network element information corresponding to the data packet as normal network element information, updating an IP learning table, submitting the data packet to a corresponding processing module for further processing, and returning to the step S2;
if the rule engine does not have the rule corresponding to the path information, recording the data packet as abnormal flow information, marking the network element information determined by the rule engine according to the path information as abnormal network element information, updating the IP learning table, and returning to the step S2.
Thus, through the specific application example, the analysis, the network element identification and the processing of the network traffic data can be realized, so that the management and the optimization of the network are realized.
The embodiment of the application provides a network element identification system based on an IP learning table, which comprises the following components: the flow acquisition module is used for acquiring a data packet of network flow, and analyzing the data packet through DPI to obtain IP address information of the data packet; and the network element identification module is used for inquiring an IP learning table according to the IP address information and carrying out network element identification on the data packet according to the IP learning table and the rule engine.
It should be noted that, in the embodiment of the present application, a system embodiment corresponding to a method embodiment, details of implementation of the embodiment of the present application have been set forth in the system embodiment, and in order to avoid repetition, details are not repeated herein.
In addition, the embodiment of the application further provides a network element identification device based on an IP learning table, the structure of which is shown in fig. 3, and the device includes a memory 90 for storing computer readable instructions and a processor 100 for executing the computer readable instructions, where the computer readable instructions when executed by the processor trigger the processor to execute the virtual content distribution method.
The methods and/or embodiments of the present application may be implemented as a computer software program. For example, embodiments of the present disclosure include a computer program product comprising a computer program embodied on a computer readable medium, the computer program comprising program code for performing the method shown in the flowcharts. The above-described functions defined in the method of the application are performed when the computer program is executed by a processing unit.
The computer readable medium according to the present application may be a computer readable signal medium or a computer readable storage medium, or any combination of the two. The computer readable medium can be, for example, but not limited to, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device, or a combination of any of the foregoing. More specific examples of the computer-readable storage medium may include, but are not limited to: an electrical connection having one or more wires, a portable computer diskette, a hard disk, a Random Access Memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or flash memory), an optical fiber, a portable compact disc read-only memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing. In the context of this document, a computer readable medium may be any tangible medium that can contain, or store a program for use by or in connection with an instruction execution system, apparatus, or device.
In the present application, however, the computer-readable signal medium may include a data signal propagated in baseband or as part of a carrier wave, with the computer-readable program code embodied therein. Such a propagated data signal may take any of a variety of forms, including, but not limited to, electro-magnetic, optical, or any suitable combination of the foregoing. A computer readable signal medium may also be any computer readable medium that is not a computer readable storage medium and that can communicate, propagate, or transport a program for use by or in connection with an instruction execution system, apparatus, or device. Program code embodied on a computer readable medium may be transmitted using any appropriate medium, including but not limited to: wireless, wire, fiber optic cable, RF, etc., or any suitable combination of the foregoing.
Computer program code for carrying out operations of the present application may be written in any combination of one or more programming languages, including an object oriented programming language such as Java, smalltalk, C ++ and conventional procedural programming languages, such as the "C" programming language or similar programming languages. The program code may execute entirely on the user's computer, partly on the user's computer, as a stand-alone software package, partly on the user's computer and partly on a remote computer or entirely on the remote computer or server. In the case of a remote computer, the remote computer may be connected to the user's computer through any kind of network, including a Local Area Network (LAN) or a Wide Area Network (WAN), or may be connected to an external computer (for example, through the Internet using an Internet service provider).
The flowchart or block diagrams in the figures illustrate the architecture, functionality, and operation of possible implementations of devices, methods and computer program products according to various embodiments of the present application. In this regard, each block in the flowchart or block diagrams may represent a module, segment, or portion of code, which comprises one or more executable instructions for implementing the specified logical function(s). It should also be noted that, in some alternative implementations, the functions noted in the block may occur out of the order noted in the figures. For example, two blocks shown in succession may, in fact, be executed substantially concurrently, or the blocks may sometimes be executed in the reverse order, depending upon the functionality involved. It will also be noted that each block of the block diagrams and/or flowchart illustration, and combinations of blocks in the block diagrams and/or flowchart illustration, can be implemented by special purpose hardware-based systems which perform the specified functions or acts, or combinations of special purpose hardware and computer instructions.
As another aspect, the embodiment of the present application also provides a computer-readable medium that may be contained in the apparatus described in the above embodiment; or may be present alone without being fitted into the device. The computer readable medium carries one or more computer readable instructions executable by a processor to perform the steps of the methods and/or aspects of the various embodiments of the application described above.
In one exemplary configuration of the application, the terminal, the devices of the services network each include one or more processors (CPUs), input/output interfaces, network interfaces, and memory.
The memory may include volatile memory in a computer-readable medium, random Access Memory (RAM) and/or nonvolatile memory, such as Read Only Memory (ROM) or flash memory (flash RAM). Memory is an example of computer-readable media.
Computer-readable media include both permanent and non-permanent, removable and non-removable media, and information storage may be implemented by any method or technology. The information may be computer readable instructions, data structures, modules of a program, or other data. Examples of storage media for a computer include, but are not limited to, phase change memory (PRAM), static Random Access Memory (SRAM), dynamic Random Access Memory (DRAM), other types of Random Access Memory (RAM), read Only Memory (ROM), electrically Erasable Programmable Read Only Memory (EEPROM), flash memory or other memory technology, compact disc read only memory (CD-ROM), digital Versatile Discs (DVD) or other optical storage, magnetic cassettes, magnetic tape storage or other magnetic storage devices, or any other non-transmission medium which can be used to store information that can be accessed by a computing device.
In addition, the embodiment of the application also provides a computer program which is stored in the computer equipment, so that the computer equipment executes the method for executing the control code.
It should be noted that the present application may be implemented in software and/or a combination of software and hardware, e.g., using Application Specific Integrated Circuits (ASIC), a general purpose computer or any other similar hardware device. In some embodiments, the software program of the present application may be executed by a processor to implement the above steps or functions. Likewise, the software programs of the present application (including associated data structures) may be stored on a computer readable recording medium, such as RAM memory, magnetic or optical drive or diskette and the like. In addition, some steps or functions of the present application may be implemented in hardware, for example, as circuitry that cooperates with the processor to perform various steps or functions.
It will be evident to those skilled in the art that the application is not limited to the details of the foregoing illustrative embodiments, and that the present application may be embodied in other specific forms without departing from the spirit or essential characteristics thereof. The present embodiments are, therefore, to be considered in all respects as illustrative and not restrictive, the scope of the application being indicated by the appended claims rather than by the foregoing description, and all changes which come within the meaning and range of equivalency of the claims are therefore intended to be embraced therein. Any reference sign in a claim should not be construed as limiting the claim concerned. Furthermore, it is evident that the word "comprising" does not exclude other elements or steps, and that the singular does not exclude a plurality. A plurality of units or means recited in the apparatus claims can also be implemented by means of one unit or means in software or hardware. The terms first, second, etc. are used to denote a name, but not any particular order.
Claims (8)
1. A network element identification method based on an IP learning table, the method comprising:
acquiring a data packet of network traffic, and analyzing the data packet by DPI to obtain IP address information of the data packet;
inquiring an IP learning table according to the IP address information;
when the IP learning table has network element information corresponding to the IP address information, submitting the data packet to a corresponding processing module according to the network element information;
when the network element information corresponding to the IP address information does not exist in the IP learning table, extracting path information of the data packet, transmitting the path information to a rule engine to obtain the network element information corresponding to the data packet, updating the IP learning table according to the network element information, and transmitting the data packet to a corresponding processing module;
judging whether the path information of the data packet is in the rule engine or not;
if the path information of the data packet is in the rule engine, marking the network element information determined by the rule engine according to the path information of the data packet as normal network element information, and updating the IP learning table;
if the path information of the data packet is not in the rule engine, recording the data packet as abnormal flow information, marking the IP of the data packet as abnormal network element information, and updating a learning table.
2. The network element identification method of claim 1, wherein the method further comprises:
network element path information in the network is collected, including paths between the core network and edge devices, according to network specifications and network architecture.
3. The network element identification method according to claim 2, characterized in that the method further comprises:
defining rules according to the network element path information, wherein the rules are used for describing the network element information corresponding to the network element path information.
4. A network element identification method according to claim 3, wherein said rule engine processes path matching and rule execution according to said rules and said path information, and determines network element information corresponding to said data packet.
5. The network element identification method according to any of claims 1-4, wherein the method further comprises:
when the network element information corresponding to the IP address information exists in the IP learning table, judging whether the network element information is normal network element information or not;
if the network element information is normal network element information, submitting the data packet to a corresponding processing module;
if the network element information is abnormal network element information, the processing is not performed.
6. A network element identification system based on an IP learning table, the system comprising:
the flow acquisition module is used for acquiring a data packet of network flow, and analyzing the data packet through DPI to obtain IP address information of the data packet;
the network element identification module is used for inquiring an IP learning table according to the IP address information and carrying out network element identification on the data packet according to the IP learning table and the rule engine;
the IP learning table module is used for judging whether the path information of the data packet is in the rule engine or not; if the path information of the data packet is in the rule engine, marking the network element information determined by the rule engine according to the path information of the data packet as normal network element information, and updating the IP learning table; if the path information of the data packet is not in the rule engine, recording the data packet as abnormal traffic information, marking the IP of the data packet as abnormal network element information, and updating the IP learning table.
7. A network element identification device based on an IP learning table, the device comprising:
one or more processors; and
a memory storing computer program instructions that, when executed, cause the processor to perform any of the methods of claims 1-5.
8. A computer readable medium having stored thereon computer program instructions executable by a processor to implement the method of any of claims 1-5.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202311196115.8A CN116939669B (en) | 2023-09-18 | 2023-09-18 | Network element identification method, system, equipment and readable medium based on IP learning table |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202311196115.8A CN116939669B (en) | 2023-09-18 | 2023-09-18 | Network element identification method, system, equipment and readable medium based on IP learning table |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN116939669A true CN116939669A (en) | 2023-10-24 |
| CN116939669B CN116939669B (en) | 2023-12-08 |
Family
ID=88388247
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202311196115.8A Active CN116939669B (en) | 2023-09-18 | 2023-09-18 | Network element identification method, system, equipment and readable medium based on IP learning table |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN116939669B (en) |
Citations (13)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US5917808A (en) * | 1997-01-17 | 1999-06-29 | Fluke Corporation | Method of identifying device types on a local area network using passive monitoring |
| US20040221041A1 (en) * | 2003-04-29 | 2004-11-04 | Bassam Tabbara | Method and apparatus for discovering network devices |
| US20140071832A1 (en) * | 2012-09-11 | 2014-03-13 | Telefonaktiebolaget L M Ericsson (Publ) | Network fault localization |
| US20170289188A1 (en) * | 2016-03-29 | 2017-10-05 | Paypal, Inc. | Device identification systems |
| US20180234418A1 (en) * | 2016-02-03 | 2018-08-16 | Averon Us, Inc. | Method and apparatus for facilitating access to publish or post utilizing frictionless two-factor authentication |
| CA3063090A1 (en) * | 2017-05-09 | 2018-11-15 | Cisco Technology, Inc. | Routing network traffic based on destination |
| CN109951354A (en) * | 2019-03-12 | 2019-06-28 | 北京奇虎科技有限公司 | A kind of terminal device recognition methods, system and storage medium |
| CN110996372A (en) * | 2019-11-11 | 2020-04-10 | 广州爱浦路网络技术有限公司 | Message routing method, device and system and electronic equipment |
| CN111901135A (en) * | 2019-05-05 | 2020-11-06 | 华为技术有限公司 | Data analysis method and device |
| CN115174414A (en) * | 2022-07-22 | 2022-10-11 | 科来网络技术股份有限公司 | Method, system and electronic device for automatically identifying devices and device paths in session |
| CN115277510A (en) * | 2022-07-28 | 2022-11-01 | 科来网络技术股份有限公司 | Method for automatically identifying equipment, equipment interface and equipment path in network session |
| WO2023066262A1 (en) * | 2021-10-22 | 2023-04-27 | 华为技术有限公司 | Communication method and apparatus |
| CN116418705A (en) * | 2023-02-08 | 2023-07-11 | 湖南华顺信安科技有限公司 | Network asset identification method, system, terminal and medium based on machine learning |
-
2023
- 2023-09-18 CN CN202311196115.8A patent/CN116939669B/en active Active
Patent Citations (13)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US5917808A (en) * | 1997-01-17 | 1999-06-29 | Fluke Corporation | Method of identifying device types on a local area network using passive monitoring |
| US20040221041A1 (en) * | 2003-04-29 | 2004-11-04 | Bassam Tabbara | Method and apparatus for discovering network devices |
| US20140071832A1 (en) * | 2012-09-11 | 2014-03-13 | Telefonaktiebolaget L M Ericsson (Publ) | Network fault localization |
| US20180234418A1 (en) * | 2016-02-03 | 2018-08-16 | Averon Us, Inc. | Method and apparatus for facilitating access to publish or post utilizing frictionless two-factor authentication |
| US20170289188A1 (en) * | 2016-03-29 | 2017-10-05 | Paypal, Inc. | Device identification systems |
| CA3063090A1 (en) * | 2017-05-09 | 2018-11-15 | Cisco Technology, Inc. | Routing network traffic based on destination |
| CN109951354A (en) * | 2019-03-12 | 2019-06-28 | 北京奇虎科技有限公司 | A kind of terminal device recognition methods, system and storage medium |
| CN111901135A (en) * | 2019-05-05 | 2020-11-06 | 华为技术有限公司 | Data analysis method and device |
| CN110996372A (en) * | 2019-11-11 | 2020-04-10 | 广州爱浦路网络技术有限公司 | Message routing method, device and system and electronic equipment |
| WO2023066262A1 (en) * | 2021-10-22 | 2023-04-27 | 华为技术有限公司 | Communication method and apparatus |
| CN115174414A (en) * | 2022-07-22 | 2022-10-11 | 科来网络技术股份有限公司 | Method, system and electronic device for automatically identifying devices and device paths in session |
| CN115277510A (en) * | 2022-07-28 | 2022-11-01 | 科来网络技术股份有限公司 | Method for automatically identifying equipment, equipment interface and equipment path in network session |
| CN116418705A (en) * | 2023-02-08 | 2023-07-11 | 湖南华顺信安科技有限公司 | Network asset identification method, system, terminal and medium based on machine learning |
Also Published As
| Publication number | Publication date |
|---|---|
| CN116939669B (en) | 2023-12-08 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN109144695B (en) | Method, device, equipment and medium for processing task topological relation | |
| US20150113646A1 (en) | Apparatus and method for improving detection performance of intrusion detection system | |
| US9093841B2 (en) | Power distribution network event correlation and analysis | |
| US20100262684A1 (en) | Method and device for packet classification | |
| US11195066B2 (en) | Automatic protocol discovery using text analytics | |
| CN111130883B (en) | Method and device for determining topological graph of industrial control equipment and electronic equipment | |
| US20190012346A1 (en) | Executing Graph Path Queries | |
| CN113271237B (en) | Industrial control protocol analysis method and device, storage medium and processor | |
| CN111949850A (en) | Multi-source data acquisition method, device, equipment and storage medium | |
| CN114911800A (en) | Fault prediction method and device for power system and electronic equipment | |
| CN112235262A (en) | Message analysis method and device, electronic equipment and computer readable storage medium | |
| CN113360521A (en) | Log query method, device, equipment and storage medium | |
| CN113391967B (en) | Packet filtering test method and device for firewall | |
| WO2024088025A1 (en) | Automated 5gc network element management method and apparatus based on multi-dimensional data | |
| CN116939669B (en) | Network element identification method, system, equipment and readable medium based on IP learning table | |
| CN113364703A (en) | Network application traffic processing method and device, electronic equipment and readable medium | |
| CN112383436A (en) | Network monitoring method and device | |
| CN116866047A (en) | Method, medium and device for determining malicious equipment in industrial equipment network | |
| CN113315769B (en) | Industrial control asset information collection method and device | |
| CN115604343A (en) | Data transmission method, system, electronic equipment and storage medium | |
| CN113595959B (en) | Network traffic data processing method and server | |
| CN111238510B (en) | Method, device and related equipment for determining and guiding special road type | |
| CN113138906A (en) | Call chain data acquisition method, device, equipment and storage medium | |
| CN113032341A (en) | Log processing method based on visual configuration | |
| CN113344214A (en) | Training method and device of data processing model, electronic equipment and storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |