WO2019228192A1

WO2019228192A1 - Method and device for traffic detection and computer-readable storage medium

Info

Publication number: WO2019228192A1
Application number: PCT/CN2019/087218
Authority: WO
Inventors: Yang Xu
Original assignee: Guangdong Oppo Mobile Telecommunications Corp., Ltd.
Priority date: 2018-05-30
Filing date: 2019-05-16
Publication date: 2019-12-05
Also published as: CN110710187A; CN110710187B

Abstract

A method and device for traffic detection and computer-readable storage medium are provided. The method includes: sending, by a terminal device, an application identifier and an indicator to a network side device through control-plane signaling; and adding, by the terminal device, the indicator into a user-plane data packet of a traffic of an application, and sending, by the terminal device, the user-plane data packet with the indicator to the network side device, wherein the indicator is used for the network side device to determine the application to which the traffic belongs based on the application identifier associated with the indicator in the user-plane data packet.

Description

Method and Device for Traffic Detection and Computer-Readable Storage Medium

Cross-Reference to Related Application

The present disclosure claims priority to American Provisional Application No. 62677756 filed on May 30, 2018, the entire content of which is hereby incorporated by reference.

Technical Field

Implementations of the present disclosure relate to the communication field, and more particularly, to methods and devices for traffic detection and computer-readable storage mediums.

Background

It is a trend to use HTTP (Hyper Text Transfer Protocol) together with TLS (Transport Layer Security Protocol) in the future, and more and more HTTP traffic will be encrypted. Currently in operator’s network, there is a need to know what kind of certain service the encrypted traffic from UE belongs to.

Generally, SNI (Server Name Indication) is used to identify what kind of certain service the encrypted traffic belongs to in the art. However, SNI is easy to be faked by attackers.

Therefore, there is a requirement to provide a new method for traffic detection between UE and network.

Summary

The present disclosure provides methods and devices for traffic detection and computer-readable storage mediums.

In a first aspect, a method for traffic detection is provided. The method includes: sending, by a terminal device, an application identifier and an indicator associated with the application identifier to a network side device through control-plane signaling; and adding, by the terminal device, the indicator into a user-plane data packet of a traffic of an application, and sending, by the terminal device, the user-plane data packet with the indicator to the network side device, wherein the indicator is used to indicate the application to which the traffic belongs.

In a second aspect, a terminal device is provided. The terminal device includes: a sending module, used for sending an application identifier and an indicator associated with the application identifier to a network side device through control-plane signaling, and sending a user-plane data packet of a traffic of an application to the network side device; an adding module, used for adding the indicator into the user-plane data packet of the traffic; wherein the indicator is used to indicate the application to which the traffic belongs.

In a third aspect, a method for traffic detection is provided. The method includes: receiving, by a network side device, an application identifier and an indicator associated with the application identifier from a terminal device through control-plane signaling; and receiving, by the network side device, a user-plane data packet of a traffic of an application; detecting, by the network side device, the indicator contained in the user-plane data packet, and determining, by the network side device, the application to which the traffic belongs based on the application identifier associated with the indicator.

In a fourth aspect, a network side device is provided. The network side device includes: a receiving module, used for receiving an application identifier and an indicator from a terminal device through control-plane signaling, and receiving a user-plane data packet of a traffic of an application from the terminal device; a detecting module, used for detecting the indicator in the user-plane data packet and determining the application to which the traffic belongs based on the application identifier associated with the indicator.

In a fifth aspect, a terminal device is provided. The terminal device includes: a processor and a memory, wherein a computer program is stored in the memory, and when the computer program is executed by the processor, the processor performs actions of: sending an application identifier and an indicator associated with the application identifier to a network side device through control-plane signaling; and adding the indicator into a user-plane data packet of a traffic of an application, and sending the user-plane data packet with the indicator to the network side device, wherein the indicator is used to indicate the application to which the traffic belongs.

In a sixth aspect, a network side device is provided. The network device includes a processor and a memory, wherein a computer program is stored in the memory, and when the computer program is executed by the processor, the processor performs actions of: receiving an application identifier and an indicator associated with the application identifier from a terminal device through control-plane signaling, receiving a user-plane data packet of a traffic of an application from the terminal device, detecting the indicator contained in the user-plane data packet, and determining the application to which the traffic belongs based on the application identifier associated with the indicator.

In a seventh aspect, a non-transitory computer-readable storage medium is provided. The non-transitory computer-readable storage medium includes a computer program that is executable by a processor to perform actions of the method for traffic detection in the first aspect.

In an eighth aspect, a non-transitory computer-readable storage medium is provided. The non-transitory computer-readable storage medium includes a computer program that is executable by a processor to perform actions of the method for traffic detection in the third aspect.

In a ninth aspect, a computer program product is provided. The computer program product contains instructions which, when being executed by a computer, causes the computer to implement the method for traffic detection of the first aspect or the third aspect.

According to the implementations of the present disclosure, an application identifier and an indicator associated with the application identifier are transmitted from the terminal device to the network side device, so that the user-plane data packets of a traffic transmitted by the terminal device could be detected by the network side device based on the indicator added into the user-plane data packets and the network side device could determine the application to which the traffic belongs based on the application identifier associated with the indicator.

Brief Description of Drawings

FIG. 1 is a schematic flowchart of a method for traffic detection according to an implementation of the present disclosure

FIG. 2 is a schematic flowchart of a method for traffic detection according to another implementation of the present disclosure.

FIG. 3 is a block diagram of terminal device according to an implementation of the present disclosure.

FIG. 4 is a block diagram of a network side device according to an implementation of the present disclosure.

FIG. 5 is terminal device according to yet another implementation of the present disclosure.

FIG. 6 is a network side device according to yet another implementation of the present disclosure.

FIG. 7 is a schematic diagram of an application example of the method for traffic detection of the present disclosure.

Detailed Description

The technical solutions in the implementations of the present disclosure will be described clearly and completely in the following with reference to the drawings in the implementations of the present disclosure.

The technical solutions of the implementations of the present disclosure may be applied to various communication systems, such as a Global System of Mobile communication (GSM) system, a Code Division Multiple Access (CDMA) system, a Wideband Code Division Multiple Access (WCDMA) system, a General Packet Radio Service (GPRS) , a long term evolution (LTE) system, a LTE Frequency Division Duplex (FDD) system, a LTE Time Division Duplex (TDD) system, a Universal Mobile Telecommunication System (UMTS) or a Worldwide Interoperability for Microwave Access (WiMAX) communication system, a 5G system, or a new radio (NR) system.

In implementations of the present disclosure, the terms "network" and "system" are often used interchangeably, but those skilled in the art can understand their meaning. The terminal device involved in the implementations of the present disclosure may include various handheld devices with wireless communication functions, vehicle-mounted devices, wearable devices, computing devices or other processing devices connected to wireless modems, as well as various forms of user equipment (UE) , mobile stations (MS) , or mobile terminals, etc. For convenience of description, in implementations of the present disclosure, the above-mentioned devices are collectively referred to as terminal device. In the implementations of the present disclosure, applications are installed on the terminal device.

In implementations of the present disclosure, a network side device may be a device for communicating with the terminal device, and may be a core network control plane entity such as SMF (Session Management Function) , PGW-C (Packet Data Network Gateway-Control Plane) , and may also be a core network user plane entity such as UPF (User Plane Function) , PGW-U (Packet Data Network Gateway-User Plane) , an OTT (Over The Top) server, and may also be a network side device in a future 5G network, or a network side device in a future evolved public land mobile network (PLMN) , etc.

The network side device may also include a service server or other entities of a third Party providing the application. The third party could communicate with the core network devices or the terminal device, and may notify the terminal device or the core network devices of the application identifier and the indicator related information.

Also, the network side device may be a single device or combination of a plurality of devices. For example, one network side device detects the user-plane data packets of traffic and determines the application to which the traffic belongs, that is, the traffic is generated by the application, but another network side device plays the role of configuring the terminal device with related information.

FIG. 1 is a schematic flowchart of a method for traffic detection according to an implementation of the present disclosure. As shown in FIG. 1, the method 100 includes S110 and S120.

In S110, a terminal device sends an application identifier and an indicator associated with the application identifier to a network side device through control-plane signaling.

In S120, the terminal device adds the indicator into a user-plane data packet of traffic of an application, and sends the user-plane data packet with the indicator to the network side device, wherein the indicator is used to indicate the application to which the traffic belongs. For example, the indicator could be used for the network side device to determine the application to which the traffic is based on the application identifier associated with the indicator in the user-plane data packet.

Application identifier is used to identify an application. For example, the application identifier is used to make the terminal device or the network side device to distinguish one application from another. Usually, each application has a unique identifier (ID) , and the third party such as the service provider that provides the application knows the application identifier and could communicate with the terminal device or the network side device about the application ID.

An indicator contains a symbol to indicate a specific user-plane data packet. For example, the indicator can be a Token. The indicator is generated by the terminal device based on indicator related information, which may be obtained by communicating with the third party or received from the network side device. For example, the third party such as the service provider takes information related to the application or other specific information as the indicator related information, and notifies the terminal device of the indicator related information. Alternatively, the third party provides the indicator related information to the network side device, and then the network side device configures the terminal with the indicator related information. Alternatively, the terminal device can be configured with the indicator related information by its manufacturer. The terminal device can be configured with an indicator generation function through a software or hardware structure, and can be configured by its manufacturer or the network side device.

The control-plane signaling may be a NAS message, or other control plane messages which could realize the functions of transmitting the application identifier and the indicator to the network side device. Free bits or newly extended bits in the control-plane signaling can be used to carry the application identifier and the indicator.

In an example of the present disclosure, optionally, the terminal device further sends an association of the indicator with the application identifier through the control-plane signaling. The association of the indicator with the application identifier contains the corresponding relationship between the indicator and the application identifier, for example, each indicator has its corresponding application identifier. The control-plane signaling may be the same one as the control-plane signaling for transmitting the application identifier and the indicator, or another signaling. There is also a probability that the association is encoded into the indicator, so that the network side device could know the association based on the indicator itself.

In an example of the present disclosure, optionally, the terminal device obtains the application identifier and indicator related information from the network side device, and the terminal device generates the indicator based on the indicator related information. Herein the network side device can be the third Party such as the service provider providing the application, and the third Party may notify the terminal device or the core network device of the application identifier and the indicator related information. In a possible implementation, after receiving the application identifier and the indicator related information, the core network device could transmit the application identifier and the indicator related information to the terminal device. The terminal device generates the indicator based on the indicator related information from the third Party or the core network device. In an example, the terminal device transmits the generated indicator to the core network device. Alternatively, the terminal device may transmit the indicator to the third Party, and then the indicator is transmitted by the third Party to the core network device.

In an example of the present disclosure, optionally, the terminal device could negotiate with the network side device about the application to be detected and/or the indicator and/or a position where the indicator is added into the user-plane data packet through the control-plane signaling. For example, the protocol header of the user-plane data packet is determined to carry the indicator. Then, further specific position can be negotiated. For example, the user plane position in the protocol header of the user-plane data packet can be determined to carry the indicator. Other specific bits or bytes can be determined as the position to carry the indicator.

In an example of the present disclosure, optionally, the terminal device may negotiate with the network side device about the application to be detected and/or the indicator and/or the position in the following way: receiving, by the terminal device, an information about the application to be detected and/or the indicator and/or the position from the network side device, and replying to the network side device; and/or sending, by the terminal device, a message containing the application to be detected and/or the indicator and/or the position to the network side device, and receiving a response from the network side device. Herein, the reply or response could be ACK or NACK, or other indication.

In an example of the present disclosure, optionally, during negotiation, the terminal device may receive an application list from the network side device, and adds the indicator into the user-plane data packet of the traffic of the application when the application identifier of the application is in the application list. Herein, the application list may be configured by the network side device dynamically. When the application list is updated, the network side device transmits the updated application list to the terminal device. In an alternative way, the application list may be fixed. In this occasion, the application list may be preconfigured in the terminal device. For example, the application list may be burned into the SIM card of the terminal device. Also, the fixed application list could be configured by the network side device.

In an example of the present disclosure, optionally, the action of adding the indicator into the user-plane data packet of the traffic of the application when the application identifier of the application is in the application list may include: determining another application list based on the application list from the network side device according to a predetermined indicator adding policy, and adding the indicator into the user-plane data packet of the traffic of the application when the application identifier of the application is in the another application list. Herein, after the application list (named list I to be convenient for description) from the network side device is received, the terminal device could generate another application list with application identifiers selected from the list I according to the predetermined indicator adding policy. For example, the terminal device selects application identifiers based on the applications installed on the terminal device. If an application is not installed on the terminal device, the terminal device would not add the identifier of this application into the generated another application list. The predetermined indicator adding policy could include other policies, which is not limited here.

In an example of the present disclosure, optionally, the action of the terminal device sending a message containing the application to be detected to the network side device includes: sending, by the terminal device, an application set containing application identifiers to the network side device. The action of receiving a response from the network side device includes: receiving the response on the application set from the network side device. The action of the terminal device adding the indicator into the user-plane data packet of the traffic of the application includes: adding the indicator into the user-plane data packet of the traffic of the application when the application identifier of the application is in the application set and the response indicates that the application set is allowed by the network side device. Herein, the application set is similar to the application list stated above and could be configured dynamically based on the applications installed on the terminal device or fixedly for example by the manufacturer.

In an example of the present disclosure, optionally, the action of the terminal device sending a message containing the application to be detected to the network side device includes: sending, by the terminal device, an application set containing application identifiers to the network side device. The action of receiving a response from the network side device includes: receiving another application set containing application identifiers selected by the network side device. The action of the terminal device adding the indicator into the user-plane data packet of the traffic of the application includes: adding the indicator into the user-plane data packet of the traffic of the application when the application identifier of the application is in the another application set. In an example of the present disclosure, optionally, the application identifier and the indicator are authenticated firstly. For example, when the terminal device registers in the network, the network side device authenticates whether the terminal device is legal. After receiving the application identifier and the indicator, the network side device checks whether the terminal device is a legal device, if so, the network device determines that the terminal device is trustable, and the application identifier and the indicator are also trustable, that is, the authentication is passed. The authentication between the terminal device and the network side device can also be performed during PDU (Protocol Data Unit) session procedure or another procedure before the terminal device adds the indicator into the user-plane data packet. The authentication may also be done by the terminal device on the network side device, that is, the terminal device determines whether the network side device is legal, if yes, the application identifier and the indicator are sent to the network side device, otherwise, the terminal device does not send the application identifier and the indicator. The authentication may also be done by other polices to improve the security of communication, which is not limited here.

In an example of the present disclosure, optionally, the terminal device adds the indicator into first predetermined number of user-plane data packets of the traffic, such as first one or a plurality of user-plane data packets of the traffic. For example, the indicator is added into only the first one user-plane data packet of the traffic. After receiving the user-plane data packet, the network side device detects the indicator only in the first one user-plane data packet, and the network side device determines that the traffic belongs to a certain application associated to the indicator in the first one user-plane data packet. The network side device further extracts the IP address or MAC address in the first one user-plane data packet, and establishes a filter according to the IP address or MAC address, so that distinguishes later user-plane data packets of the traffic from other user-plane data packets based on the IP address or MAC address in the later user-plane data packets. When the IP address or the MAC address of the terminal device is changed, for example, the terminal device may change its IP address or MAC address when the terminal device is a mobile phone and switches to a new base station, the terminal device adds the indicator into following one or a plurality of user-plane data packets to be sent of the traffic, so that the network side device could detect the indicator and establishes a new filter according to the changed IP address or the MAC address of the terminal device. Optionally, the terminal could notify the network side device about the change of IP address or MAC address.

By the method for traffic detection listed above, the application identifier and the indicator are transmitted from the terminal device to the network side device, so that the user-plane data packets of a traffic transmitted by the terminal device could be detected by the network side device based on the indicator added into the user-plane data packets and the network side device could determine the application to which the traffic belongs. Therefore, a new method for traffic detection between the terminal device and network is provided.

The method for traffic detection according to the implementation of the present disclosure has been described in detail above from the terminal device side in conjunction with FIG. 1, and a method for traffic detection according to an implementation of the present disclosure will be described in detail below from a network device side in conjunction with FIG. 2. It will be understood that the interaction between the network side device and the terminal device described from the terminal device side is the same as that described from the network side, and some relevant descriptions are omitted as appropriate in order to avoid duplication.

FIG. 2 is a schematic flowchart of a method for traffic detection according to another implementation of the present disclosure. As shown in FIG. 2, the method 200 includes S210 and S220.

In S210, a network side device receives an application identifier and an indicator associated with the application identifier from terminal device through control-plane signaling.

In S220, the network side device receives a user-plane data packet of traffic of an application.

In S230, the network side device detects the indicator contained in the user-plane data packet, and determines the application to which the traffic belongs based on the application identifier associated with the indicator.

In an example of the present disclosure, optionally, the network side device further receives an association of the indicator with the application identifier through the control-plane signaling. This control-plane signaling may be the same one as the control-plane signaling for receiving the application identifier and the indicator, or another signaling. There is also a probability that the association is encoded into the indicator, so that the network side device could know the association based on the indicator itself and thus the association is not needed to transmit.

In an example of the present disclosure, optionally, the action of the network side device detecting the indicator contained in the user-plane data packet includes: detecting, by the network side device, the indicator contained in first one or a plurality of user-plane data packets of the traffic. In an example of the present disclosure, the following actions are also included: extracting, by the network side device, an characteristic information in the first one or the plurality of user-plane data packets, establishing a filter according to the characteristic information, detecting the following user-plane data packets by using the filter, and determining the application to which the traffic belongs. In an example of the present disclosure, the characteristic information includes at least one of the following: Source/destination IP address or IPv6 prefix, Source /destination port number, Protocol ID of the protocol above IP/Next header type, Type of Service (TOS) (IPv4) /Traffic class (IPv6) and Mask, Flow Label (IPv6) , Security parameter index, Packet Filter direction, Source/destination MAC address, Ethertype (e.g. as defined in IEEE 802.3 [yy] ) , Customer-VLAN tag (C-TAG) and/or Service-VLAN tag (S-TAG) VID fields (e.g. as defined in IEEE 802.1Q) , Customer-VLAN tag (C-TAG) and/or Service-VLAN tag (S-TAG) PCP/DEI fields (e.g. as defined in IEEE 802.1Q) , IP Packet Filter Set (e.g. in the case that Ethertype indicates IPv4/IPv6 payload) , and Packet Filter direction.

In an example of the present disclosure, optionally, the network side device negotiates with the terminal device about the application to be detected and/or the indicator and/or a position where the indicator is added into the user-plane data packet through the control-plane signaling. For example, the protocol header of the user-plane data packet is determined to carry the indicator. Then, further specific position can be negotiated. For example, the user plane position in the protocol header of the user-plane data packet can be determined to carry the indicator. Other specific bits or bytes can be determined as the position to carry the indicator.

In an example of the present disclosure, optionally, the action of negotiating, by the network side device, with the terminal device about the application to be detected and/or the indicator and/or a position includes: sending, by the network side device, an information about the application to be detected and/or the indicator and/or the position to the terminal device, and receiving a reply from the terminal device; and/or receiving, by the network side device, a message containing the application to be detected and/or the indicator and/or the position from the terminal device, and sending a response to the terminal device.

In an example of the present disclosure, optionally, the network side device sends an application list to the terminal device to indicate which application requires to be detected by the network side device. Herein, the application list may be configured by the network side device dynamically. When the application list is updated, the network side device transmits the updated application list to the terminal device.

In an example of the present disclosure, optionally, the action of receiving, by the network side device, a message containing the application to be detected from the terminal device, and sending a response to the terminal device includes: receiving, by the network side device, an application set containing application identifiers from the terminal device, and sending the response to the terminal device. Herein, the response could indicate whether the application set is allowed by the network side device.

In an example of the present disclosure, optionally, the action of receiving, by the network side device, a message containing the application to be detected from the terminal device, and sending a response to the terminal device includes: receiving, by the network side device, an application set containing application identifiers from the terminal device, and determining another application set by selecting applications from the application set, and sending the another application set to the terminal device.

In an example of the present disclosure, optionally, the application identifier and the indicator are authenticated firstly. For example, when the terminal device registers in the network, the network side device authenticates whether the terminal device is legal. After receiving the application identifier and indicator, the network side device checks whether the terminal device is a legal device, if so, the network device determines that the terminal device is trustable, and the application identifier and indicator are trustable, that is, the authentication is passed. The authentication between the terminal device and the network side device can be performed during the registration of the terminal device or PDU session procedure.

In an example of the present disclosure, optionally, the indicator is added into first predetermined number of user-plane data packets of the traffic, such as the first one or a plurality of user-plane data packets. In an example, the indicator is added into only the first one user-plane data packet of the traffic. After receiving the user-plane data packet, the network side device detects the indicator only in the first one user-plane data packet, and the network side device determines that the traffic belongs to a certain application associated to the indicator in the first one user-plane data packet. The network side device further extracts the IP address or MAC address in the first user-plane data packet, and establishes a filter according to the IP address or MAC address, then detects the IP address or MAC address in later user-plane data packets, and determines the application to which the traffic belongs based on the IP address or MAC address in the later user-plane data packets. When the IP address or the MAC address of the terminal device is changed, the terminal device adds the indicator into following one or a plurality of user-plane data packets to be sent of the traffic, so that the network side device could detect the indicator and establishes a new filter according to the changed IP address or the MAC address of the terminal device. Optionally, the network side could decide to detect the indicator in the user-plane data packets after receiving a notification of the change of the IP address or MAC address of the terminal device. Optionally, for each received user-plane data packet, the network side device could firstly detect the indicator in the user-plane data packet, if there is no indicator, the network side device extracts the IP address or MAC address of the user-plane data packet and determines the application to which the traffic belongs based on the IP address or MAC address according to the filter. Optionally, after the filer based on the IP address or MAC address is established, the network side device stops detecting the indicator and directly determines the application to which the traffic belongs based on the IP address or MAC address in later user-plane data packets. If there is no application corresponding to the IP address or MAC address in the later user-plane data packets, then the network side device detects the indicator in the user-plane data packets, and establishes a new filer based on the new IP address or MAC address in the user-plane data packets containing the indicator. Therefore, when the IP address or MAC address of the terminal device is changed but the traffic of the application is not stopped, the network side device could still determine the application to which the traffic belongs.

Based on the same one inventive concept as the above stated methods, the terminal device according to an implementation of the present disclosure will be described in detail below in conjunction with FIG. 3. The details performed by the terminal device above could also be performed by the following corresponding modules of the terminal device, and some descriptions are omitted as appropriate in order to avoid duplication.

FIG. 3 is a block diagram of the terminal device according to an implementation of the present disclosure. As shown in FIG. 3, the terminal device 300 includes a sending module 310 and an adding module 320.

The sending module 310 is used for sending an application identifier and an indicator associated with the application identifier to a network side device through control-plane signaling, and sending a user-plane data packet of a traffic of an application to the network side device.

The adding module 320 is used for adding the indicator into the user-plane data packet of the traffic; wherein the indicator is used to indicate the application to which the traffic belongs.

Therefore, according to the terminal device of the implementation of the present disclosure, the application identifier and indicator are transmitted from the terminal device to the network side device, so that the user-plane data packets of a traffic transmitted by the terminal device could be detected by the network side device based on the indicator added into the user-plane data packets and the network side device could determine the application to which the traffic belongs.

In an example of the present disclosure, optionally, the sending module 310 is further used for sending an association of the indicator with the application identifier through the control-plane signaling. This control-plane signaling may be the same one as the control-plane signaling for transmitting the application identifier and indicator, or another signaling. There is also a probability that the association is encoded into the indicator, so that the network side device could know the association based on the indicator.

In an example of the present disclosure, optionally, the terminal device further includes an obtaining module 330, used for obtaining the application identifier and indicator related information from the network side device, and a generation module 340, used for generating the indicator based on the indicator related information.

In an example of the present disclosure, optionally, the terminal device further includes a negotiating module 350, used for negotiating with the network side device about the application to be detected and/or the indicator and/or a position where the indicator is added in the user-plane data packet through the control-plane signaling. For example, the protocol header of the user-plane data packet is determined to carry the indicator. Then, further specific position can be negotiated. For example, the user plane position in the protocol header of the user-plane data packet can be determined to carry the indicator. Other specific bits or bytes can be determined as the position to carry the indicator.

In an example of the present disclosure, optionally, the negotiating module 350 is used for: receiving an information about the application to be detected and/or the indicator and/or the position from the network side device, and replying to the network side device, and/or sending a message containing the application to be detected and/or the indicator and/or the position to the network side device, and receiving a response from the network side device.

In an example of the present disclosure, optionally, the negotiating module 350 is used for receiving an application list from the network side device; and the adding module 320 is used for adding the indicator into the user-plane data packet of the traffic of the application when the application identifier of the application is in the application list. Herein, the application list may be configured by the network side device dynamically based on conditions such as time period or new service requirements. When the application list is updated, the network side device transmits the updated application list to the terminal device. In an alternative way, the application list may be fixed, and may be preconfigured in the terminal device. For example, the application list may be burned into the SIM card of the terminal device.

In an example of the present disclosure, optionally, the adding module 320 is used for determining another application list based on the application list from the network side device according to a predetermined indicator adding policy, and adding the indicator into the user-plane data packet of the traffic of the application when the application identifier of the application is in the another application list.

In an example of the present disclosure, optionally, the negotiating module 350 is used for sending an application set containing application identifiers to the network side device, and receiving a response indicating whether the application set is allowed from the network side device. The adding module 320 is used for adding the indicator into the user-plane data packet of the traffic of the application when the application identifier of the application is in the application set and the response indicating that the application set is allowed from the network side device.

In an example of the present disclosure, optionally, the negotiating module 350 is used for sending an application set containing application identifiers to the network side device, and receiving another application set containing application identifiers selected by the network side device. The adding module 320 is used for adding the indicator into the user-plane data packet of the traffic of the application when the application identifier of the application is in the another application set.

In an example of the present disclosure, optionally, the adding module 320 is further used for receiving an authenticating result of the application identifier from the network side device, and adding the indicator into the user-plane data packet of the traffic when the application identifier is successfully authenticated. In an example of the present disclosure, optionally, the adding module 320 is specifically used for adding the indicator into first predetermined number of user-plane data packets of the traffic, such as first one or a plurality of user-plane data packets. In an example, the indicator is added into only the first one user-plane data packet of the traffic. After receiving the user-plane data packet, the network side device detects the indicator only in the first one user-plane data packet, and the network side device determines that the traffic belongs to a certain application associated to the indicator in the first one user-plane data packet. The network side device further extracts the IP address or MAC address in the first one user-plane data packet, and establishes a filter according to the IP address or MAC address, so that distinguishes later user-plane data packets of the traffic from other user-plane data packets based on the IP address or MAC address in the later user-plane data packets. The adding module 320 is further used for adding the indicator into following one or a plurality of user-plane data packets to be sent of the traffic when an IP address or MAC address of the terminal device is changed. For example, the terminal device may change its IP address or MAC address when the terminal device is a mobile phone and switches to a new base station, the adding module 320 adds the indicator into following one or a plurality of user-plane data packets to be sent of the traffic, so that the network side device could detect the indicator and establishes a new filter according to the changed IP address or the MAC address of the terminal device. Optionally, the terminal device could notify the network side device about the change of IP address or MAC address.

By the terminal device according to the implementation of the present disclosure, the application identifier and the indicator are transmitted from the terminal device to the network side device, so that the user-plane data packets of a traffic transmitted by the terminal device could be detected by the network side device based on the indicator added into the user-plane data packets and the network side device could determine the application to which the traffic belongs.

Based on the same one inventive concept as the above stated methods, the network side device according to an implementation of the present disclosure will be described in detail below in conjunction with FIG. 4. FIG. 4 is a block diagram of a network side device according to an implementation of the present disclosure. The details performed by the network side device above could also be performed by the following corresponding modules of the network side device, and some descriptions are omitted as appropriate in order to avoid duplication.

As shown in FIG. 4, the network side device 400 includes a receiving module 410 and a detecting module 420.

The receiving module 410 is used for receiving an application identifier and an indicator associated with the application identifier from a terminal device through control-plane signaling, and receiving a user-plane data packet of a traffic of an application from the terminal device.

The detecting module 420 is used for detecting the indicator in the user-plane data packet and determining the application to which the traffic belongs based on the application identifier associated with the indicator.

Therefore, according to the network side device of the implementation of the present disclosure, the network device receives the application identifier and the indicator from the terminal device, and then could detect the user-plane data packets of a traffic transmitted by the terminal device based on the indicator added into the user-plane data packets, and the network side device could determine the application to which the traffic belongs.

In an example of the present disclosure, optionally, the receiving module 410 is further used for receiving an association of the indicator with the application identifier through the control-plane signaling. This control-plane signaling may be the same one as the control-plane signaling for receiving the application identifier and the indicator, or another signaling. There is also a probability that the association is encoded into the indicator, so that the network side device could know the association based on the indicator itself and the association is not needed to transmit. In an example of the present disclosure, optionally, the detecting module 420 is used for detecting the indicator in first one or a plurality of user-plane data packets of the traffic.

In an example of the present disclosure, optionally, the network side device further includes an establishing module 430, used for extracting an characteristic information in the first one or the plurality of user-plane data packets, and establishing a filter (e.g. IP Packet Filter or Ethernet Packet Filter) according to the characteristic information; and the detecting module 420 is used for detecting the following user-plane data packets by using the filter and determining the application to which the traffic belongs. Optionally, the characteristic information includes at least one of the following: Source/destination IP address or IPv6 prefix, Source /destination port number, Protocol ID of the protocol above IP/Next header type, Type of Service (TOS) (IPv4) /Traffic class (IPv6) and Mask, Flow Label (IPv6) , Security parameter index, Packet Filter direction, Source/destination MAC address, Ethertype (e.g. as defined in IEEE 802.3 [yy] ) , Customer-VLAN tag (C-TAG) and/or Service-VLAN tag (S-TAG) VID fields (e.g. as defined in IEEE 802.1Q) , Customer-VLAN tag (C-TAG) and/or Service-VLAN tag (S-TAG) PCP/DEI fields (e.g. as defined in IEEE 802.1Q) , IP Packet Filter Set (e.g. in the case that Ethertype indicates IPv4/IPv6 payload) , and Packet Filter direction.

In an example of the present disclosure, optionally, the network side device further includes a negotiation module 440, used for negotiating with the terminal device about the application to be detected and/or the indicator and/or a position where the indicator is added in the user-plane data packet through the control-plane signaling. For example, the protocol header of the user-plane data packet is determined to carry the indicator. Then, further specific position can be negotiated. For example, the user plane position in the protocol header of the user-plane data packet can be determined to carry the indicator. Other specific bits or bytes can be determined as the position to carry the indicator.

In an example of the present disclosure, optionally, the negotiation module 440 is used for: sending an information about the application to be detected and/or the indicator and/or the position to the terminal device, and receiving a reply from the terminal device; and/or receiving a message containing the application to be detected and/or the indicator and/or the position from the terminal device, and sending a response to the terminal device.

In an example of the present disclosure, optionally, the negotiation module 440 is used for sending an application list to the terminal device to indicate which application requires to be detected by the network side device. In an example of the present disclosure, optionally, the application list is configured dynamically, and the negotiation module 440 is used for sending an updated application list to the terminal device when the application list is updated.

In an example of the present disclosure, optionally, the negotiation module 440 is used for receiving an application set containing application identifiers from the terminal device, and sending a response indicating whether the application set is allowed to the terminal device.

In an example of the present disclosure, optionally, the negotiation module 440 is used for receiving an application set containing application identifiers from the terminal device, determining another application set by selecting applications from the application set, and sending the another application set to the terminal device.

In an example of the present disclosure, optionally, the network side device further includes an authentication module 450, used for authenticating the application identifier and the indicator. For example, when the terminal device registers in the network, the authentication module 450 authenticates whether the terminal device is legal. After receiving the application identifier and indicator, the authentication module 450 checks whether the terminal device is a legal device, if so, the authentication module 450 determines that the terminal device is trustable, and the application identifier and the indicator are trustable, that is, the authentication is passed. The authentication between the terminal device and the network side device can be performed during the registration of the terminal device or PDU session procedure.

In an example of the present disclosure, optionally, the indicator is added into only the first predetermined number of user-plane data packets of the traffic, such as the first one or a plurality of user-plane data packets. After receiving the user-plane data packet of the traffic, the detecting module 420 of the network side device detects the indicator only in the first one or a plurality of user-plane data packets. The establishing module 430 is used for extracting the IP address or MAC address in the first one or a plurality of user-plane data packets, and establishing a filter according to the IP address or MAC address, and then the detecting module 420 is used for detecting the IP address or MAC address in later user-plane data packets and determining the application to which the traffic belongs based on the IP address or MAC address in the later user-plane data packets. Optionally, when a notification of the change of the IP address or MAC address of the terminal device is received, or there is no application identifier mapping to the IP address or MAC address in the later user-plane data packets, the detecting module 420 detects the following predetermined number of user-plane data packets of the traffic, such as the following one or a plurality of user-plane data packets.

By the network side device according to the implementation of the present disclosure, application identifier and indicator are transmitted from the terminal device to the network side device, so that the user-plane data packets of a traffic transmitted by the terminal device could be detected by the network side device based on the indicator added into the user-plane data packets and the network side device could determine the application to which the traffic belongs.

FIG. 5 is the terminal device according to yet another implementation of the present disclosure. As shown in FIG. 5, the terminal device 500 includes a processor 510 and memory 520. Optionally, the terminal device 500 may further include a transceiver 530, and a bus system 540. The processor 510, the memory 520 and the transceiver 530 may be connected through the bus system 540. The memory 520 may be used for storing computer programs, and the processor 510 is used for executing the computer programs stored in the memory 520 to control the transceiver 530 to send or receive information. It should be understood that all the actions listed in the method in combination with FIG. 1 and the actions performed by the modules in the terminal device 30 recited above in combination with FIG. 3 may be performed by the processor 510 under the indication of programs in the terminal device 500, and some detailed descriptions are omitted as appropriate in order to avoid duplication.

Specifically, when the computer programs are performed by the processor 510, the processor 510 is used for sending an application identifier and an indicator associated with the application identifier to a network side device through control-plane signaling, adding the indicator into a user-plane data packet of a traffic of an application, and sending the user-plane data packet with the indicator to the network side device, wherein the indicator is used to indicate the application to which the traffic belongs by the application identifier associated with the indicator.

Optionally, when the computer program is executed by the processor, the processor 510 further performs an action of: sending an association of the indicator with the application identifier to the network side device through the control-plane signaling.

Optionally, when the computer program is executed by the processor, the processor 510 further performs an action of: obtaining the application identifier and indicator related information from the network side device, and generating the indicator based on the indicator related information.

Optionally, when the computer program is executed by the processor, the processor 510 further performs an action of: negotiating with the network side device about the application to be detected and/or the indicator and/or a position where the indicator is added in the user-plane data packet through the control-plane signaling.

Optionally, when the computer program is executed by the processor, the processor 510 further performs an action of: receiving an information about the application to be detected and/or the indicator and/or the position from the network side device, and replying to the network side device; and/or sending a message containing the application to be detected and/or the indicator and/or the position to the network side device, and receiving a response from the network side device.

Optionally, when the computer program is executed by the processor, the processor 510 further performs an action of: receiving an application list from the network side device, and adding the indicator into the user-plane data packet of the traffic of the application when the application identifier of the application is in the application list.

Optionally, when the computer program is executed by the processor, the processor 510 further performs an action of: determining another application list based on the application list from the network side device according to a predetermined indicator adding policy, and adding the indicator into the user-plane data packet of the traffic of the application when the application identifier of the application is in the another application list.

Optionally, when the computer program is executed by the processor, the processor 510 further performs an action of: sending an application set containing application identifiers to the network side device, receiving the response on the application set from the network side device, and adding the indicator into the user-plane data packet of the traffic of the application when the application identifier of the application is in the application set and the response indicates that the application set is accepted by the network side device.

Optionally, when the computer program is executed by the processor, the processor 510 further performs an action of: sending an application set containing application identifiers to the network side device, receiving another application set containing application identifiers selected by the network side device, and adding the indicator into the user-plane data packet of the traffic of the application when the application identifier of the application is in the another application set.

Optionally, when the computer program is executed by the processor, the processor 510 further performs an action of: receiving an authenticating result of the application identifier and the indicator from the network side device; and adding the indicator into the user-plane data packet of the traffic when the authenticating result indicates that an authentication on the application identifier and the indicator is passed.

Optionally, when the computer program is executed by the processor, the processor 510 further performs an action of: adding the indicator into first one or a plurality of user-plane data packets of the traffic. Optionally, when the computer program is executed by the processor, the processor 510 further performs an action of: adding the indicator into following one or a plurality of user-plane data packets to be sent of the traffic when an IP address or MAC address of the terminal device is changed.

FIG. 6 is a network side device according to yet another implementation of the present disclosure. As shown in FIG. 6, the network side device 600 includes a processor 610 and memory 620. Optionally, the network side device 600 may further include a transceiver 630, and a bus system 640. The processor 610, the memory 620 and the transceiver 630 may be connected through the bus system 640. The memory 620 may be used for storing computer programs, and the processor 610 is used for executing the computer programs stored in the memory 620 to control the transceiver 630 to send or receive information. It should be understood that all the actions listed in the method in combination with FIG. 2 and the actions performed by the modules in the network side device 40 recited above in combination with FIG. 4 may be performed by the processor 610 under the indication of programs in the network side device 600, and some detailed descriptions are omitted as appropriate in order to avoid duplication.

Specifically, when the computer programs are performed by the processor 610, the processor 610 is used for receiving an application identifier and an indicator from a terminal device through control-plane signaling, receiving a user-plane data packet of a traffic of an application from the terminal device, detecting the indicator contained in the user-plane data packet, and determining the application to which the traffic belongs based on the application identifier associated with the indicator in the user-plane data packet.

Optionally, when the computer program is executed by the processor, the processor 610 further performs an action of: receiving an association of the indicator with the application identifier from the terminal device through the control-plane signaling. This control-plane signaling may be the same one as the control-plane signaling for receiving the application identifier and indicator, or another signaling.

Optionally, when the computer program is executed by the processor, the processor 610 further performs an action of: detecting the indicator contained in first one or a plurality of user-plane data packets of the traffic.

Optionally, when the computer program is executed by the processor, the processor 610 further performs an action of: extracting an characteristic information in the first one or the plurality of user-plane data packets, establishing a filter according to the characteristic information, detecting the following user-plane data packets by using the filter, and determining the application to which the traffic belongs. In an example of the present disclosure, the characteristic information includes at least one of the following: Source/destination IP address or IPv6 prefix, Source /destination port number, Protocol ID of the protocol above IP/Next header type, Type of Service (TOS) (IPv4) /Traffic class (IPv6) and Mask, Flow Label (IPv6) , Security parameter index, Packet Filter direction, Source/destination MAC address, Ethertype as defined in IEEE 802.3 [yy] , Customer-VLAN tag (C-TAG) and/or Service-VLAN tag (S-TAG) VID fields as defined in IEEE 802.1Q, Customer-VLAN tag (C-TAG) and/or Service-VLAN tag (S-TAG) PCP/DEI fields as defined in IEEE 802.1Q, IP Packet Filter Set, for example in the case that Ethertype indicates IPv4/IPv6 payload, Packet Filter direction.

Optionally, when the computer program is executed by the processor, the processor 610 further performs an action of: negotiating with the terminal device about the application to be detected and/or the indicator and/or a position where the indicator is added into the user-plane data packet through the control-plane signaling. For example, the protocol header of the user-plane data packet is determined to carry the indicator. Then, further specific position can be negotiated. For example, the user plane position in the protocol header of the user-plane data packet can be determined to carry the indicator. Other specific bits or bytes can be determined as the position to carry the indicator.

Optionally, when the computer program is executed by the processor, the processor 610 further performs an action of: sending an information about the application to be detected and/or the indicator and/or the position to the terminal device, and receiving a reply from the terminal device; and/or receiving a message containing the application to be detected and/or the indicator and/or the position from the terminal device, and sending a response to the terminal device.

Optionally, when the computer program is executed by the processor, the processor 610 further performs an action of: sending an application list to the terminal device to indicate which application requires to be detected by the network side device.

Optionally, when the computer program is executed by the processor, the processor 610 further performs an action of: receiving an application set containing application identifiers from the terminal device, and sending the response to the terminal device. Herein, the response could indicate whether the application set is allowed by the network side device.

Optionally, when the computer program is executed by the processor, the processor 610 further performs an action of: receiving an application set containing application identifiers from the terminal device, and determining another application set by selecting applications from the application set, and sending the another application set to the terminal device.

Optionally, when the computer program is executed by the processor, the processor 610 further performs an action of: authenticating the application identifier and indicator.

Herein, a computer readable medium is also provided. The computer readable medium is used for storing a computer program that includes instructions for performing the method for traffic detection as recited above in combination with FIG. 1 and its all examples.

Herein, another computer readable medium is also provided. The computer readable medium is used for storing a computer program that includes instructions for performing the method for traffic detection as recited above in combination with FIG. 2 and its all examples.

Herein, a computer program product is also provided. The computer program product contains instructions, which, when being executed by the computer, causes the computer to implement the method for traffic detection as recited above in combination with FIG. 1 and its all examples.

Herein, another computer program product is also provided. The computer program product contains instructions, which, when being executed by the computer, causes the computer to implement the method for traffic detection as recited above in combination with FIG. 2 and its all examples.

In the following, a specific application example of the method for traffic detection is provided in combination with FIG. 7. In this application example, the terminal device is UE, the network side includes RAN (Radio Access Network) , CN-UP (Core Network –User Plane) entity such as SMF and PGW-C, etc., CN-CP (Core network –Control Plane) entity such as UPF and PGW-U, etc., and there may also be a subscription or policy device. It is noted that the CN-UP, CN-CP, and the subscription or policy device could be known collectively as the network side device, and they may be different devices or their functions are achieved by a single device. For example, the network side device could be the SMF, PGW, or UPF.

In this application example, Token is taken as the indicator. The method for traffic detection includes actions S710 to S750.

In this example, UE may receive an Encrypted Traffic Detection Rules (ETDR) from the CN-CP which may obtain the ETDR from the subscription or policy device during registration of the UE into the network or during PDU session procedure. The UE could obtain the ETDR in other ways. For example, the UE may be configured with the ETDR by its manufacturer. The ETDR could be an application list showing which application requires the Token to be added in user-plane data packets. Also, the ETDR could include the position where the Token would be added into the user-plane data packets.

In S710, UE sends the application identifier and Token related to the application identifier to the CN-CP through a NAS message.

In S720, the CN-CP authenticates the application identifier and Token, when the authentication is passed, S730 is performed.

In S730, the CN-CP communicates with CN-UP to establish a filer with Token.

In S740, UE sends user-plane data packets of traffic of an application with the Token added in the first one or more user-plane data packets to the network.

In S750, CN-UP detects the Token in the first one or more user-plane data packets by the filter, determines the application to which the traffic belongs based on the application identifier associated with the Token in the user-plane data packets.

In S760, CN-UP extracts the IP address such as IP-Tuple or MAC address in the user-plane data packets with the Token and uses the extracted IP address or MAC address to install another filter to detect the later user-plane data packets and determine the application to which the later user-plane data packets belong based on the IP address or MAC address.

It is noted that S720 and S750 are optional. S750 may be not needed when Token is added into every user-plane data packet. An interaction between CN-UP and CN-CP may be performed to update the policy for the application identifier. S750-S760 may happen multiple times, whenever the network side device detects the token, it will install the filter using the detected packets’ IP-Tuple and/or MAC address to detect the traffic.

It is noted that the ETDR may be updated dynamically, so part or all the actions of S710-S750 may change multiple times during a transmission of user-plane data packets of the traffic of an application. For example, the UE transmits user-plane data packets of the traffic of a positioning application, and adds the Token into the user-plane data packets. Then an updated ETDR is sent to the UE and indicates that this positioning application is removed from the application list, so the UE will not add the Token into the user-plane data packets any more. In another example, UE moves and its IP address or MAC address is changed, so new IP address or MAC address needs to be extracted and new filter needs to be installed in the network side. Optionally, every time the UE accesses into the network, UE adds Token into newly transmitted user-plane data packets, and the network side device extracts the IP address or MAC address in the user-plane data packets with the Token and installs a new filter by the IP address or MAC address.

According to the implementations and possible examples of the present disclosure, an application identifier and an indicator associated with the application identifier are transmitted from the terminal device to the network side device, so that the user-plane data packets of a traffic transmitted by the terminal device could be detected by the network side device based on the indicator added into the user-plane data packets and the network side device could determine the application to which the traffic belongs based on the application identifier associated with the indicator in the user-plane data packet.

It should be understood that in the above implementations of the present disclosure, the processor may be a central processing unit (CPU) , or the processor may be other general purpose processor, digital signal processor (DSP) , application specific integrated circuit (ASIC) , off-the-shelf programmable gate array (FPGA) or other programmable logic device, discrete gate or transistor logic device, discrete hardware component, etc. The general purpose processor may be a microprocessor or the processor may be any conventional processor or the like.

The memory may include a read only memory and a random access memory, and provide instructions and data to the processor. A portion of the memory may also include a non-volatile random access memory. For example, the memory may also store device type information.

In the process, the actions of the method implementations described above may be accomplished by integrated logic circuits of hardware in the processor or instructions in the form of software. The acts of the method disclosed in connection with the implementation of the present disclosure can be directly embodied by the execution of the hardware processor or by the execution of the combination of hardware and software modules in the processor. The software modules may be located in a storage medium commonly used in the art, such as a random access memory, flash memory, read-only memory, programmable read-only memory or electrically erasable programmable memory, or register. The storage medium is located in the memory, and the processor reads the information in the memory and accomplishes the acts of the above method in combination with its hardware. In order to avoid repetition, it will not be described in detail here.

It should be understood that references throughout the specification to "one implementation" or "an implementation" mean that a particular feature, structure, or characteristic related to the implementation is included in at least one implementation of the present disclosure. Therefore, "in one implementation" or "in an implementation" appearing throughout this specification may not necessarily refer to the same implementation. Furthermore, these particular features, structures, or characteristics may be combined in any suitable manner in one or more implementations.

It should be understood that in various implementations of the present disclosure, the values of the sequence numbers in the above-mentioned processes do not indicate the order of execution, and the order of execution of various processes should be determined by its function and internal logic, and should not constitute any limitation on the process of the implementations of the present disclosure.

Those of ordinary skill in the art will recognize that the method steps and units described in connection with the implementations disclosed herein can be implemented in electronic hardware, computer software, or a combination of the two. In order to clearly illustrate the interchangeability of hardware and software, the acts and components of the implementations have been described in a functional general manner in the above description. Whether these functions are implemented in hardware or software depends on the specific application and design constraints of the technical solution. One skilled in the art may use different methods to implement the described functions for each particular application, but such implementation should not be considered to be beyond the scope of the present disclosure.

The methods or steps described in connection with the implementations disclosed herein may be implemented in hardware, a software program executable by a processor, or a combination of the hardware and the soft program executable by the processor. The software program may be placed in a random access memory (RAM) , a memory, a read-only memory (ROM) , an electrically programmable read-only memory (EPROM) , an electrically erasable programmable read-only memory (EEPROM) , a register, a hard disk, a removable disk, a compact disc read-only memory (CD-ROM) , or any other form of storage medium known in the art.

In several implementations provided by the present disclosure, it should be understood that the disclosed systems, devices and methods may be implemented in other ways. For example, the device implementations described above are only illustrative, for example, the division of the units is only a logical function division, and there may be other division manners in actual implementation, for example, multiple units or components may be combined or integrated into another system, or some features may be ignored or not executed.

The unit described as a separate unit may or may not be physically separated, and the component shown as a unit may or may not be a physical unit, i.e., it may be located in one place or may be distributed over multiple network units. Some or all of the units can be selected according to actual needs to achieve the purpose of the implementations.

In addition, various functional units in various implementations of the present disclosure may be integrated in one processing unit, or the units may be physically present separately, or two or more units may be integrated in one unit.

Although the present disclosure has been described in detail with reference to the accompanying drawings and in connection with preferred implementations, the present disclosure is not limited thereto. Those skilled in the art may make various equivalent modifications or substitutions to the implementations of the present disclosure without departing from the spirit and essence of the present disclosure, and such modifications or substitutions are intended to be within the scope of the present disclosure.

Claims

A method for traffic detection, comprising:

sending, by a terminal device, an application identifier and an indicator associated with the application identifier to a network side device through control-plane signaling; and

adding, by the terminal device, the indicator into a user-plane data packet of a traffic of an application, and sending, by the terminal device, the user-plane data packet with the indicator to the network side device, wherein the indicator is used to indicate the application to which the traffic belongs.
The method according to claim 1, wherein the terminal device further sends an association of the indicator with the application identifier to the network side device through the control-plane signaling.
The method according to claims 1 or 2, further comprising:

obtaining, by the terminal device, the application identifier and indicator related information from the network side device, and

generating, by the terminal device, the indicator based on the indicator related information.
The method according to any one of claims 1 to 3, further comprising:

negotiating, by the terminal device, with the network side device about the application to be detected and/or the indicator and/or a position where the indicator is added into the user-plane data packet through the control-plane signaling.
The method according to claim 4, wherein the negotiating, by the terminal device, with the network side device about the application to be detected and/or the indicator and/or the position comprises:

receiving, by the terminal device, an information about the application to be detected and/or the indicator and/or the position from the network side device, and replying to the network side device, and/or

sending, by the terminal device, a message containing the application to be detected and/or the indicator and/or the position to the network side device, and receiving a response from the network side device.
The method according to claims 4 or 5, wherein the position is a user plane position in a protocol header of the user-plane data packet.
The method according to claim 5, wherein the receiving, by the terminal device, an information about the application to be detected comprises: receiving, by the terminal device, an application list from the network side device, and

the adding, by the terminal device, the indicator into the user-plane data packet of the traffic of the application comprises: adding the indicator into the user-plane data packet of the traffic of the application when the application identifier of the application is in the application list.
The method according to claim 7, wherein, the adding the indicator into the user-plane data packet of the traffic of the application when the application identifier of the application is in the application list comprises:

determining another application list based on the application list from the network side device according to a predetermined indicator adding policy, and

adding the indicator into the user-plane data packet of the traffic of the application when the application identifier of the application is in the another application list.
The method according to claims 5, 7 or 8 wherein,

the sending, by the terminal device, a message containing the application to be detected to the network side device comprises: sending, by the terminal device, an application set containing application identifiers to the network side device,

the receiving a response from the network side device comprises: receiving the response on the application set from the network side device,

the adding, by the terminal device, the indicator into the user-plane data packet of the traffic of the application comprises: adding the indicator into the user-plane data packet of the traffic of the application when the application identifier of the application is in the application set and the response indicates that the application set is allowed by the network side device.
The method according to claim 5, 7 or 8, wherein,

the sending, by the terminal device, a message containing the application to be detected to the network side device comprises: sending, by the terminal device, an application set containing application identifiers to the network side device,

the receiving a response from the network side device comprises: receiving another application set containing application identifiers selected by the network side device,

the adding, by the terminal device, the indicator into the user-plane data packet of the traffic of the application comprises: adding the indicator into the user-plane data packet of the traffic of the application when the application identifier of the application is in the another application set.
The method according to any one of claims 1 to 10, further comprising: receiving, by the terminal device, an authenticating result of the application identifier from the network side device; and

the adding, by the terminal device, the indicator into the user-plane data packet of the traffic of the application comprising: adding, by the terminal device, the indicator into the user-plane data packet of the traffic when the application identifier is successfully authenticated.
The method according to any one of claims 1 to 11, wherein the adding, by the terminal device, the indicator into the user-plane data packet of the traffic of the application comprises:

adding, by the terminal device, the indicator into first one or a plurality of user-plane data packets of the traffic.
The method according to claim 12, wherein when an IP address or MAC address of the terminal device is changed, the terminal device adds the indicator into following one or a plurality of user-plane data packets to be sent of the traffic.
A terminal device, comprising:

a sending module, used for sending an application identifier and an indicator associated with the application identifier to a network side device through control-plane signaling, and sending a user-plane data packet of a traffic of an application to the network side device;

an adding module, used for adding the indicator into the user-plane data packet of the traffic; wherein the indicator is used to indicate the application to which the traffic belongs.
The terminal device according to claim 14, wherein the sending module is further used for sending an association of the indicator with the application identifier to the network side device through the control-plane signaling.
The terminal device according to claims 14 or 15, further comprising:

an obtaining module, used for obtaining the application identifier and indicator related information from the network side device; and

a generation module, used for generating the indicator based on the indicator related information.
The terminal device according to any one of claims 14 to 16, further comprising a negotiating module, used for negotiating with the network side device about the application to be detected and/or the indicator and/or a position where the indicator is added into the user-plane data packet through the control-plane signaling.
The terminal device according to claim 17, the negotiating module is used for:

receiving an information about the application to be detected and/or the indicator and/or the position from the network side device, and replying to the network side device, and/or

sending a message containing the application to be detected and/or the indicator and/or the position to the network side device, and receiving a response from the network side device.
The terminal device according to claim 18, wherein

the negotiating module is used for receiving an application list from the network side device; and

the adding module is used for adding the indicator into the user-plane data packet of the traffic of the application when the application identifier of the application is in the application list.
The terminal device according to claim 19, wherein the adding module is used for:

determining another application list based on the application list from the network side device according to a predetermined indicator adding policy, and

adding the indicator into the user-plane data packet of the traffic of the application when the application identifier of the application is in the another application list.
The terminal device according to any one of claims 17-19, wherein

the negotiating module is used for sending an application set containing application identifiers to the network side device, and receiving a response indicating whether the application set is allowed from the network side device;

the adding module is used for adding the indicator into the user-plane data packet of the traffic of the application when the application identifier of the application is in the application set and the response indicating that the application set is allowed is received from the network side device.
The terminal device according to any one of claims 17-19, wherein

the negotiating module is used for sending an application set containing application identifiers to the network side device, and receiving another application set containing application identifiers selected by the network side device;

the adding module is used for adding the indicator into the user-plane data packet of the traffic of the application when the application identifier of the application is in the another application set.
The terminal device according to claim any one of claims 14 to 22, the adding module is further used for receiving an authenticating result of the application identifier from the network side device, and adding the indicator into the user-plane data packet of the traffic when the application identifier is successfully authenticated.
The terminal device according to claim any one of claims 14 to 23, the adding module is used for adding the indicator into first one or a plurality of user-plane data packets of the traffic.
The terminal device according to claim 24, the adding module is further used for adding the indicator into following one or a plurality of user-plane data packets to be sent of the traffic when an IP address or MAC address of the terminal device is changed.
A method for traffic detection, comprising:

receiving, by a network side device, an application identifier and an indicator associated with the application identifier from a terminal device through control-plane signaling; and

receiving, by the network side device, a user-plane data packet of a traffic of an application from the terminal device;

detecting, by the network side device, the indicator contained in the user-plane data packet, and determining, by the network side device, the application to which the traffic belongs based on the application identifier associated with the indicator.
The method according to claim 26, wherein the network side device further receives an association of the indicator with the application identifier from the terminal device through the control-plane signaling.
The method according to claims 26 or 27, wherein the detecting, by the network side device, the indicator contained in the user-plane data packet comprises:

detecting, by the network side device, the indicator contained in first one or a plurality of user-plane data packets of the traffic.
The method according to claim 28, further comprising:

extracting, by the network side device, an characteristic information in the first one or the plurality of user-plane data packets, establishing a filter according to the characteristic information, detecting the following user-plane data packets by using the filter, and determining the application to which the traffic belongs.
The network side device according to claim 29, the characteristic information comprises at least one of the following:

Source/destination IP address or IPv6 prefix,

Source /destination port number,

Protocol ID of the protocol above IP/Next header type,

Type of Service (TOS) (IPv4) /Traffic class (IPv6) and Mask,

Flow Label (IPv6) ,

Security parameter index,

Packet Filter direction,

Source/destination MAC address,

Ethertype,

Customer-VLAN tag (C-TAG) and/or Service-VLAN tag (S-TAG) VID fields,

Customer-VLAN tag (C-TAG) and/or Service-VLAN tag (S-TAG) PCP/DEI fields,

IP Packet Filter Set,

Packet Filter direction.
The method according to any one of claims 26 to 30, further comprising:

negotiating, by the network side device, with the terminal device about the application to be detected and/or the indicator and/or a position where the indicator is added into the user-plane data packet through the control-plane signaling.
The method according to claim 31, wherein the negotiating, by the network side device, with the terminal device about the application to be detected and/or the indicator and/or a position comprises:

sending, by the network side device, an information about the application to be detected and/or the indicator and/or the position to the terminal device, and receiving a reply from the terminal device; and/or

receiving, by the network side device, a message containing the application to be detected and/or the indicator and/or the position from the terminal device, and sending a response to the terminal device.
The method according to claim 32, wherein the sending, by the network side device, an information about the application to be detected to the terminal device comprises:

sending, by the network side device, an application list to the terminal device to indicate which application requires to be detected by the network side device.
The method according to claim 33, wherein, the application list is configured by the network side device dynamically.
The method according to claim 32, wherein the receiving, by the network side device, a message containing the application to be detected from the terminal device, and sending a response to the terminal device comprises:

receiving, by the network side device, an application set containing application identifiers from the terminal device, and

sending a response indicating whether the application set is allowed to the terminal device.
The method according to claim 32, wherein the receiving, by the network side device, a message containing the application to be detected from the terminal device, and sending a response to the terminal device comprises:

receiving, by the network side device, an application set containing application identifiers from the terminal device, and

determining another application set by selecting applications from the application set, and sending the another application set to the terminal device.
The method according to any one of claims 26 to 36, further comprising:

authenticating, by the network side device, the received application identifier, and sending an authentication result to the terminal device.
A network side device, comprising:

a receiving module, used for receiving an application identifier and an indicator associated with the application identifier from a terminal device through control-plane signaling, and receiving a user-plane data packet of a traffic of an application from the terminal device;

a detecting module, used for detecting the indicator in the user-plane data packet and determining the application to which the traffic belongs based on the application identifier associated with the indicator.
The network side device according to claim 38, wherein, the receiving module is further used for receiving an association of the indicator with the application identifier from the terminal device through the control-plane signaling.
The network side device according to claims 38 or 39, the detecting module is used for detecting the indicator in first one or a plurality of user-plane data packets of the traffic.
The network side device according to claim 40, further comprising an establishing module, used for extracting an characteristic information in the first one or the plurality of user-plane data packets, and establishing a filter according to the characteristic information; and

the detecting module is used for detecting the following user-plane data packets by using the filter and determining the application to which the traffic belongs.
The network side device according to claim 41, the characteristic information comprises at least one of the following:

Source/destination IP address or IPv6 prefix,

Source /destination port number,

Protocol ID of the protocol above IP/Next header type,

Type of Service (TOS) (IPv4) /Traffic class (IPv6) and Mask,

Flow Label (IPv6) ,

Security parameter index,

Packet Filter direction,

Source/destination MAC address,

Ethertype,

Customer-VLAN tag (C-TAG) and/or Service-VLAN tag (S-TAG) VID fields,

Customer-VLAN tag (C-TAG) and/or Service-VLAN tag (S-TAG) PCP/DEI fields,

IP Packet Filter Set, and

Packet Filter direction.
The network side device according to any one of claims 38 to 42, further comprising a negotiation module, used for negotiating with the terminal device about the application to be detected and/or the indicator and/or a position where the indicator is added into the user-plane data packet through the control-plane signaling.
The network side device according to claim 43, wherein the negotiation module is used for:

sending an information about the application to be detected and/or the indicator and/or the position to the terminal device, and receiving a reply from the terminal device; and/or

receiving a message containing the application to be detected and/or the indicator and/or the position from the terminal device, and sending a response to the terminal device.
The network side device according to claim 44, wherein the negotiation module is used for sending an application list to the terminal device to indicate which application requires to be detected by the network side device.
The network side device according to claim 44, wherein the negotiation module is used for receiving an application set containing application identifiers from the terminal device, and sending a response indicating whether the application set is allowed to the terminal device.
The network side device according to claim 44, wherein the negotiation module is used for receiving an application set containing application identifiers from the terminal device, determining another application set by selecting applications from the application set, and sending the another application set to the terminal device.
The network side device according to claim 45, wherein the application list is configured dynamically, and the negotiation module is used for sending an updated application list to the terminal device when the application list is updated.
The network side device according to any one of claims 38 to 48, further comprising an authentication module, used for authenticating the application identifier.
A non-transitory computer-readable storage medium, comprising a computer program that is executable by a processor to perform actions according to any one of claims 1-13.
A non-transitory computer-readable storage medium, comprising a computer program that is executable by a processor to perform actions according to any one of claims 26-37.