CN101572663B - Depth message scanning method using trust sampling in peer-to-peer network - Google Patents

Depth message scanning method using trust sampling in peer-to-peer network Download PDF

Info

Publication number
CN101572663B
CN101572663B CN200910062417XA CN200910062417A CN101572663B CN 101572663 B CN101572663 B CN 101572663B CN 200910062417X A CN200910062417X A CN 200910062417XA CN 200910062417 A CN200910062417 A CN 200910062417A CN 101572663 B CN101572663 B CN 101572663B
Authority
CN
China
Prior art keywords
sampling rate
peer
address
network
belief
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Expired - Fee Related
Application number
CN200910062417XA
Other languages
Chinese (zh)
Other versions
CN101572663A (en
Inventor
王春枝
陈宏伟
周昕
尤方萍
欧阳勇
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Hubei University of Technology
Original Assignee
Hubei University of Technology
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Hubei University of Technology filed Critical Hubei University of Technology
Priority to CN200910062417XA priority Critical patent/CN101572663B/en
Publication of CN101572663A publication Critical patent/CN101572663A/en
Application granted granted Critical
Publication of CN101572663B publication Critical patent/CN101572663B/en
Expired - Fee Related legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Abstract

The invention discloses a depth message scanning method using trust sampling in peer-to-peer network which relates to application of computers in the peer-to-peer network and is adapted to identification of high-speed backbone network peer-to-peer network flow. In the invention, trust mechanism is introduced while combining sampling strategy and depth message detection, and the sampling rate is regulated according to the level of trust so that the depth message scanning is more pointed, thereby improving the detection efficiency, reducing hardware load and reducing network time delay under thepremise of ensuring higher accuracy rate.

Description

In peer-to-peer network, adopt the depth message scanning method of trust sampling
Technical field
The present invention relates to the application of computer network, relate in particular to the application of computer peer-to-peer network, be mainly used in identification peer-to-peer network flow.
Background technology
Peer-to-peer network is the new distribution type network that is different from server/customer end (C/S) structure, and there is not Centroid (or central server) in this network.Be in all nodes server each other in this network, client each other again, these shared resources can be by the directly visit and need not through central server of other equity points.Participant in this network is resource (service and content) supplier, is again that resource (service and content) obtains taker.At present, peer-to-peer network is widely used in aspects such as file-sharing, Streaming Media, online game and collaborative work, and its network traffics have become the main flow of the Internet.
In the peer-to-peer network, because All hosts all is reciprocity, so its flow has very big symmetry, and arbitrary node is when connecting with other nodes simultaneously, tend to adopt a large amount of broadcast modes, this has caused very big influence to the network system under traditional Web application traffic.Especially on network performance (QoS), being extensive use of of peer-to-peer network software, the network data flow of its generation makes the originally not rich network bandwidth have too many difficulties to cope with especially.Therefore no matter be Network Provider or enterprise network management person, all wish and the peer-to-peer network flow can be carried out effective recognition, thereby be convenient to the planning and the management of network.
At present, the detection method of identification peer-to-peer network flow mainly contains following several:
1, port diagnostic identification.After peer-to-peer network application software (P2P software) was installed, acquiescence can be opened corresponding port, and by this port and extraneous communication, as sudden peal of thunder default port 3077,3076, electric mule default port 4662,4661,4242 etc.By detecting the port information in the packet, can differentiate whether this bit stream is peer-to-peer network stream, and the peer-to-peer network application type.But the peer-to-peer network application software of a new generation is used dynamic random port number, makes this recognition methods no longer accurate.
2, connection mode identification.Its basic thought is: based on the connection mode of observing source and destination IP address.Some patterns are that peer-to-peer network is exclusive, therefore can directly peer-to-peer network stream be identified thus; The other pattern is used common by peer-to-peer network and other minority, at this moment can adopt heuristic to reduce probability of miscarriage of justice.Two kinds of heuristics are arranged at present: source and destination IP address between use TCP and udp protocol simultaneously, and do not have to use the port numbers of using commonly used; Have in the peer-to-peer network data flow of identical address and port numbers, the IP number of addresses of opposite end and port numbers number equate.This method treatment effeciency height, but, therefore can't distinguish the application type of each peer-to-peer network owing to do not relate to concrete data.
3, traffic characteristic identification.For the traditional Internet service traffics, peer-to-peer network stream shows following characteristics: high-speed transfer, data volume is big, line duration is long, up-downgoing flow symmetry, service point are widely distributed.By analyzing the flow characteristics of different application, can realize discerning the purpose of peer-to-peer network stream.And this method does not need the particular content of data flow is checked that therefore the restriction that not whether encrypted by data has enlarged its scope of application.But owing to need the information of every data flow of record, this method has all proposed bigger requirement to memory headroom and processing speed.Simultaneously, the accuracy rate of this method is still waiting further raising.
4, deep message detects (DPI).All carry specific message information in the data flow of every kind of application, for example, message printed words such as GET, PUT, POST can occur in the http protocol message.Similar with it, in various peer-to-peer network application protocols, also have similar information.The analysis that deep message detects packet is deep into content, fully understands the Changing Pattern and the flow process of each field of payload of various application protocols.This method has high accuracy rate when identification peer-to-peer network flow, but because this method need be caught complete message and just can be analyzed, therefore requires with high velocity analysis, detects and re-assembly and use stream, uses with exempt from customs examination and brings time-delay.
5, peak value sampling deep message detects.Owing to be subjected to the restriction of hardware condition, can't all information in the network be detected one by one, can only take sampling identification, the Sampling Strategies of this method is: set general sampling rate, use at network and to improve sampling rate peak period, use low-valley interval to reduce sampling rate at network, the sampling rate of each node in the peer-to-peer network is all identical; The sample that extracts is discerned with deep message detection method.This method improves detection efficiency to improving the accuracy rate of identification peer-to-peer network stream, reduces hardware burden, reduces network delay and has played certain effect; Its weak point is, because it is inequality that each node uses the frequency and the length of service time of peer-to-peer network, take identical sampling rate as the node that peer-to-peer network frequency of utilization height, service time are grown with the node that does not use peer-to-peer network substantially, this will make that the node omission of frequency of utilization height, time length is a lot, and obsolete substantially node is carried out too much detection, then be the waste resource, increase hardware burden and network delay.
Summary of the invention
The objective of the invention is: a kind of depth message scanning method that adopts trust sampling in peer-to-peer network is provided.This method is introduced faith mechanism when adopting the detection of Sampling Strategies and deep message to combine, according to the height of degree of belief, regulate sampling rate, under the prerequisite that guarantees than high-accuracy, has improved detection efficiency, has reduced hardware burden, has reduced network delay.
In order to achieve the above object, the present invention adopts following technical scheme:
Adopt the depth message scanning method of trust sampling in peer-to-peer network, this method is introduced faith mechanism when adopting the detection of Sampling Strategies and deep message to combine, according to the height of degree of belief, regulate sampling rate, and this method follows these steps to carry out:
1), making has the IP address, trust value, benchmark sampling rate, sampling rate upper limit threshold, sampling rate lower threshold, the trusted policy table of degree of belief cycle six fields; Benchmark sampling rate C is set 0, sampling rate upper limit threshold C S, sampling rate lower threshold Cx, degree of belief period T minute (be generally 30 minutes to 60 minutes, but also can increase voluntarily as the case may be or the minimizing time), be R with the trust value assignment; Benchmark sampling rate, sampling rate upper and lower limit threshold value are greater than 0 less than 1 real number;
2), newfound IP address in the network traffics scanning is stored in the IP address field of trusted policy table, be the trust value R assignment of this IP address 0, degree of belief cycle assignment is T, and beginning degree of belief cycle timing;
3), the sampling rate C of each IP address is calculated as follows in the trusted policy table:
When C 0 ( 1 - R N ) ≤ C x The time, C=C x
When C 0 ( 1 - R N ) ≥ Cs The time, C=C S
Other, C = C 0 ( 1 - R N )
Wherein: R is the trust value of this IP address in the trusted policy table, C 0Be the benchmark sampling rate in the trusted policy table, N is the positive integer more than or equal to 2, the maximum effectively span of this value decision R, when the absolute value of R greater than N, its C that calculates will be by Cx or C SReplace, make degree of belief no longer influence the value of C, that is, N is big more, and more little to the IP address punishment dynamics of detected peer-to-peer network discharge record each time, N is more little, and then the IP address punishment dynamics to detected peer-to-peer network discharge record each time is big more;
4), extract the message information sample of each IP address according to the determined sampling rate C of step 3);
5), adopt deep message to detect to the message information sample that is drawn into, if detect the peer-to-peer network discharge record, then the trust value with this IP address in the trusted policy table deducts 1;
6), the degree of belief period expires of an IP address, change the next degree of belief cycle automatically over to, if this IP address does not have the peer-to-peer network discharge record in degree of belief in the cycle, then the trust value with its next degree of belief cycle adds 1, otherwise trust value is constant;
7), when the sampling rate of certain IP address benchmark sampling rate greater than twice, i.e. (1-R/N)>2 o'clock can give this IP addressing warning or limit the punishment of its network traffics; Sampling rate when certain IP address reaches the sampling rate upper limit threshold, can give this IP address grave warning or the strict punishment that limits its network traffics;
8), return step 2.
Because the present invention is when adopting the detection of Sampling Strategies and deep message to combine, introduce faith mechanism, height according to degree of belief, regulate sampling rate, therefore, the present invention has under the prerequisite that guarantees than high-accuracy, has improved detection efficiency, reduce hardware burden, reduced advantages such as network delay.
Embodiment
Below be that the present invention is further illustrated.
Benchmark sampling rate in the trusted policy table of technical solution of the present invention can adopt at times that mode is provided with, and is about to be divided into several periods in one day 24 hours, and each period is provided with a benchmark sampling rate; Perhaps press the peak flow setting, be about to flow and be divided into several flow intervals, each flow interval is provided with a benchmark sampling rate; Be to be divided into 3 periods below, perhaps flow be divided into three embodiment in 3 flow intervals one day 24 hours.
Embodiment one
Adopt the depth message scanning method of trust sampling in peer-to-peer network, this method follows these steps to carry out:
1, is manufactured with the Sampling Strategies table of ten fields, these ten fields are: the general time period, general time period benchmark sampling rate, low ebb time period, low ebb time period benchmark sampling rate, rush hour section, the accurate sampling rate of segment base in rush hour, basic point flow threshold, basic point flow benchmark sampling rate, the peak flow threshold value, peak flow benchmark sampling rate; General time period t is set 0--T 0, general time period benchmark sampling rate C t o, the low ebb time period t 1--T 1, low ebb time period benchmark sampling rate C t 1, rush hour section t 2--T 2, the accurate sampling rate C of segment base in rush hour t 2, basic point flow threshold L 1, basic point flow benchmark sampling rate C L 1, peak flow threshold value L 2, peak flow benchmark sampling rate C L 2Each time period zero lap, each benchmark sampling rate are greater than 0 less than 1 real number;
2, making has the IP address, trust value, sampling rate upper limit threshold, sampling rate lower threshold, the trusted policy table of degree of belief cycle five fields; Sampling rate upper limit threshold C is set S, sampling rate lower threshold Cx, degree of belief period T minute, be R with the trust value assignment; Sampling rate upper and lower limit threshold value is greater than 0 less than 1 real number;
3, carrying out network traffics scanning, newfound IP address is stored in the IP address field of trusted policy table, is 0 with the trust value R assignment of this IP address, and degree of belief cycle assignment is T, and beginning degree of belief cycle timing;
4, extract the message information sample with extraction of example mode at times, perhaps extract the message information sample by flow extraction of example mode;
4.1, the method that extracts the message information sample with extraction of example mode at times carries out according to the following step:
4.1a, determine the IP address of the message information obtained;
4.1b, determine time of network traffics scanning;
4.1c, when the general time period of time in the Sampling Strategies table of network traffics scanning, sampling rate C is:
When C t o ( 1 - R N ) ≤ C x The time, C=C x
When C t o ( 1 - R N ) ≥ Cs The time, C=C S
Other, C = C t o ( 1 - R N )
When the low ebb time period of time in the Sampling Strategies table of network traffics scanning, sampling rate C is:
When C t 1 ( 1 - R N ) ≤ C x The time, C=C x
When C t 1 ( 1 - R N ) ≥ Cs The time, C=C S
Other, C = C t 1 ( 1 - R N )
When the rush hour section of time in the Sampling Strategies table of network traffics scanning, sampling rate C is:
When C t 2 ( 1 - R N ) ≤ C x The time, C=C x
When C t 2 ( 1 - R N ) ≥ C s The time, C=C S
Other, C = C t 2 ( 1 - R N )
R in this step be in the trusted policy table by the trust value R of the determined IP of step 4.1a address, N is the integer more than or equal to 2;
4.1d, randomly draw message information sample from the determined IP of step 4.1a address, number of samples is: the integer part of this IP address message information content product that the sampling rate C that is obtained by step 4.1c and scanning are obtained;
4.2, the method that extracts the message information sample by flow extraction of example mode carries out according to the following step:
4.2a, determine network traffics;
4.2b, when network traffics less than basic point flow threshold L 1The time, do not sample;
4.2c, when network traffics more than or equal to basic point flow threshold L 1The time, the IP address of definite message information that is obtained;
4.2d, when network traffics more than or equal to basic point flow threshold L 1And less than peak flow threshold value L 2The time, sampling rate C is:
When C L 1 ( 1 - R N ) ≤ C x The time, C=C x
When C L 1 ( 1 - R N ) ≥ C s The time, C=C S
Other, C = C L 1 ( 1 - R N )
When network traffics more than or equal to peak flow threshold value L 2The time, sampling rate C is:
When C L 2 ( 1 - R N ) ≤ C x The time, C=C x
When C L 2 ( 1 - R N ) ≥ C s The time, C=C S
Other, C = C L 2 ( 1 - R N )
R in this step be in the trusted policy table by the trust value R of the determined IP of step 4.2c address, N is smaller or equal to 10 integer more than or equal to 2;
4.2e, randomly draw message information sample from the determined IP of step 4.2c address, number of samples is: the integer part of this IP address message information content product that the sampling rate C that is obtained by step 4.2d and scanning are obtained;
5, the message information sample that step 4 is drawn into adopts deep message to detect, if detect the peer-to-peer network discharge record, then the trust value with this IP address in the trusted policy table subtracts 1;
6, the degree of belief period expires of an IP address, if this IP address does not have the peer-to-peer network discharge record in this degree of belief cycle, then changing next degree of belief automatically over to during the cycle, the trust value of this IP address trusted policy table is added 1, otherwise in that to change the trust value of next degree of belief during the cycle automatically over to constant;
7, when the sampling rate of certain the IP address benchmark sampling rate greater than twice, i.e. (1-R/N)>2 o'clock can give this IP addressing warning or limit the punishment of its network traffics; Sampling rate when certain IP address reaches the sampling rate upper limit threshold, can give this IP address grave warning or the strict punishment that limits its network traffics;
8, return step 3.
Embodiment two
Adopt the depth message scanning method of trust sampling in peer-to-peer network, this method follows these steps to carry out:
1, is manufactured with the Sampling Strategies table of ten fields, these ten fields are: the general time period, general time period benchmark sampling rate, low ebb time period, low ebb time period benchmark sampling rate, rush hour section, the accurate sampling rate of segment base in rush hour, basic point flow threshold, basic point flow benchmark sampling rate, the peak flow threshold value, peak flow benchmark sampling rate; The general time period is 8:00-18:00, general time period benchmark sampling rate 1/20, the low ebb time period is 0:00-8:00, low ebb time period benchmark sampling rate 1/50, rush hour, section was 18:00-24:00, the accurate sampling rate 1/10 of segment base in rush hour, basic point flow threshold 5mb/s, basic point flow benchmark sampling rate is 1/60, peak flow threshold value 60mb/s, and peak flow benchmark sampling rate is 1/15;
2, making has the IP address, trust value, sampling rate upper limit threshold, sampling rate lower threshold, the trusted policy table of degree of belief cycle five fields; Sampling rate upper limit threshold 1/3, sampling rate lower threshold 1/100,60 minutes degree of belief cycles are set, and are R with the trust value assignment;
3, carrying out network traffics scanning, newfound IP address is stored in the IP address field of trusted policy table, is 0 with the trust value R assignment of this IP address, and degree of belief cycle assignment is 60 minutes, and beginning degree of belief cycle timing;
4, extract the message information sample with extraction of example mode at times, step is as follows:
4.1a, determine the IP address of the message information obtained;
4.1b, determine time of network traffics scanning;
4.1c, when time of network traffics scanning in the 8:00-18:00 time period, sampling rate C is:
When 1 20 ( 1 - R 4 ) ≤ 1 100 The time, C=1/100
When 1 20 ( 1 - R 4 ) ≥ 1 3 The time, C=1/3
Other, C = 1 20 ( 1 - R 4 )
When time of network traffics scanning in the 0:00-8:00 time period, sampling rate C is:
When 1 50 ( 1 - R 4 ) ≤ 1 100 The time, C=1/100
When 1 50 ( 1 - R 4 ) ≥ 1 3 The time, C=1/3
Other, C = 1 50 ( 1 - R 4 )
When time of network traffics scanning in the 18:00-24:00 time period, sampling rate C is:
When 1 10 ( 1 - R 4 ) ≤ 1 100 The time, C=1/100
When 1 10 ( 1 - R 4 ) ≥ 1 3 The time, C=1/3
Other, C = 1 10 ( 1 - R 4 )
R in this step is by the trust value R of the determined IP of step 4.1a address in the trusted policy table;
4.1d, randomly draw message information sample from the determined IP of step 4.1a address, number of samples is: the integer part of this IP address message information content product that the sampling rate C that is obtained by step 4.1c and scanning are obtained;
5, adopt deep message to detect to the message information sample, if detect the peer-to-peer network discharge record, then the trust value with this IP address in the trusted policy table subtracts 1;
6, the degree of belief period expires of an IP address, if this IP address does not have the peer-to-peer network discharge record in this degree of belief cycle, then changing next degree of belief automatically over to during the cycle, the trust value of this IP address trusted policy table is added 1, otherwise in that to change the trust value of next degree of belief during the cycle automatically over to constant;
7, when the sampling rate of certain the IP address benchmark sampling rate greater than twice, i.e. (1-R/4)>2 o'clock can give this IP addressing warning or limit the punishment of its network traffics;
When the sampling rate of certain IP address is 1/3, can give this IP address grave warning or the strict punishment that limits its network traffics;
8, return step 3.
Embodiment three
Adopt the depth message scanning method of trust sampling in peer-to-peer network, this method follows these steps to carry out:
1, is manufactured with the Sampling Strategies table of ten fields, these ten fields are: the general time period, general time period benchmark sampling rate, low ebb time period, low ebb time period benchmark sampling rate, rush hour section, the accurate sampling rate of segment base in rush hour, basic point flow threshold, basic point flow benchmark sampling rate, the peak flow threshold value, peak flow benchmark sampling rate; The general time period is 8:00-18:00, general time period benchmark sampling rate 1/20, the low ebb time period is 0:00-8:00, low ebb time period benchmark sampling rate 1/80, rush hour, section was 18:00-24:00, the accurate sampling rate 1/10 of segment base in rush hour, basic point flow threshold 5mb/s, basic point flow benchmark sampling rate is 1/50, peak flow threshold value 80mb/s, and peak flow benchmark sampling rate is 1/10;
2, making has the IP address, trust value, sampling rate upper limit threshold, sampling rate lower threshold, the trusted policy table of degree of belief cycle five fields; Sampling rate upper limit threshold 1/6, sampling rate lower threshold 1/120,45 minutes degree of belief cycles are set, and are R with the trust value assignment;
3, carrying out network traffics scanning, newfound IP address is stored in the IP address field of trusted policy table, is 0 with the trust value R assignment of this IP address, and degree of belief cycle assignment is 45 minutes, and beginning degree of belief cycle timing;
4, extract the message information sample by network traffics extraction of example mode, step is as follows:
4.2a, determine network traffics;
4.2b, when network traffics during less than basic point flow threshold 5mb/s, do not sample;
4.2c, when network traffics during more than or equal to basic point flow threshold 5mb/s, determine the IP address of the message information that obtained;
4.2d, when network traffics during more than or equal to basic point flow threshold 5mb/s and less than peak flow threshold value 80mb/s, sampling rate C is:
When 1 50 ( 1 - R 5 ) ≤ 1 120 The time, C=1/120
When 1 50 ( 1 - R 5 ) ≥ 1 6 The time, C=1/6
Other, C = 1 50 ( 1 - R 5 )
When network traffics during more than or equal to peak flow threshold value 80mb/s, sampling rate C is:
When 1 10 ( 1 - R 5 ) ≤ 1 120 The time, C=1/120
When 1 10 ( 1 - R 5 ) ≥ 1 6 The time, C=1/6
Other, C = 1 10 ( 1 - R 5 )
R in this step is by the trust value R of the determined IP of step 4.2c address in the trusted policy table;
4.2e, randomly draw message information sample from the determined IP of step 4.2c address, number of samples is: the integer part of this IP address message information content product that the sampling rate C that is obtained by step 4.2d and scanning are obtained;
5, adopt deep message to detect to the message information sample, if detect the peer-to-peer network discharge record, then the trust value with this IP address in the trusted policy table subtracts 1;
6, the degree of belief period expires of an IP address, if this IP address does not have the peer-to-peer network discharge record in this degree of belief cycle, then changing next degree of belief automatically over to during the cycle, the trust value of this IP address trusted policy table is added 1, otherwise in that to change the trust value of next degree of belief during the cycle automatically over to constant;
7, when the sampling rate of certain the IP address benchmark sampling rate greater than twice, i.e. (1-R/5)>2 o'clock can give this IP addressing warning or limit the punishment of its network traffics; When the sampling rate of certain IP address reaches 1/6, can give this IP address grave warning or the strict punishment that limits its network traffics;
8, return step 3.

Claims (4)

1. adopt the depth message scanning method of trust sampling in peer-to-peer network, this method follows these steps to carry out:
1), making has the IP address, trust value, benchmark sampling rate, sampling rate upper limit threshold, sampling rate lower threshold, the trusted policy table of degree of belief cycle six fields; Benchmark sampling rate C is set 0, sampling rate upper limit threshold C S, sampling rate lower threshold Cx, degree of belief period T minute, be R with the trust value assignment;
2), newfound IP address in the network traffics scanning is stored in the IP address field of trusted policy table, be the trust value R assignment of this IP address 0, degree of belief cycle assignment is T, and beginning degree of belief cycle timing;
3), the sampling rate C of each IP address is calculated as follows in the trusted policy table:
When C 0 ( 1 - R N ) ≤ C x The time, C=C x
When C 0 ( 1 - R N ) ≥ Cs The time, C=C S
Other, C = C 0 ( 1 - R N )
Wherein: R is the trust value of this IP address in the trusted policy table, C 0Be the benchmark sampling rate in the trusted policy table, N is the positive integer more than or equal to 2;
4), extract the message information sample of each IP address according to the determined sampling rate C of step 3);
5), adopt deep message to detect to the message information sample that is drawn into, if detect the peer-to-peer network discharge record, then the trust value with this IP address in the trusted policy table deducts 1;
6), the degree of belief period expires of an IP address, change the next degree of belief cycle automatically over to, if this IP address does not have the peer-to-peer network discharge record in degree of belief in the cycle, then the trust value with its next degree of belief cycle adds 1, otherwise trust value is constant;
7), return step 2.
2. the depth message scanning method that in peer-to-peer network, adopts trust sampling according to claim 1, it is characterized in that, benchmark sampling rate in the described trusted policy table adopts at times, and mode is provided with, soon be divided into several periods in one day 24 hours, each period is provided with a benchmark sampling rate.
3. the depth message scanning method that in peer-to-peer network, adopts trust sampling according to claim 1, it is characterized in that, benchmark sampling rate in the described trusted policy table adopts presses the peak flow setting, be about to flow and be divided into several flow intervals, each flow interval is provided with a benchmark sampling rate.
4. according to claim 1 or the 2 or 3 described depth message scanning methods that in peer-to-peer network, adopt trust sampling, it is characterized in that, when the sampling rate of certain IP address during, give this IP addressing warning or limit the punishment of its network traffics greater than the benchmark sampling rate of twice; When the sampling rate of certain IP address reaches the sampling rate upper limit threshold, give this IP address grave warning or the strict punishment that limits its network traffics.
CN200910062417XA 2009-06-03 2009-06-03 Depth message scanning method using trust sampling in peer-to-peer network Expired - Fee Related CN101572663B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN200910062417XA CN101572663B (en) 2009-06-03 2009-06-03 Depth message scanning method using trust sampling in peer-to-peer network

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN200910062417XA CN101572663B (en) 2009-06-03 2009-06-03 Depth message scanning method using trust sampling in peer-to-peer network

Publications (2)

Publication Number Publication Date
CN101572663A CN101572663A (en) 2009-11-04
CN101572663B true CN101572663B (en) 2011-04-13

Family

ID=41231902

Family Applications (1)

Application Number Title Priority Date Filing Date
CN200910062417XA Expired - Fee Related CN101572663B (en) 2009-06-03 2009-06-03 Depth message scanning method using trust sampling in peer-to-peer network

Country Status (1)

Country Link
CN (1) CN101572663B (en)

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103078772A (en) * 2013-02-26 2013-05-01 南京理工大学常熟研究院有限公司 Depth packet inspection (DPI) sampling peer-to-peer (P2P) flow detection system based on credibility

Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101184002A (en) * 2007-12-14 2008-05-21 国家广播电影电视总局广播科学研究院 Point-to-point flux deepness monitoring method and equipment

Patent Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101184002A (en) * 2007-12-14 2008-05-21 国家广播电影电视总局广播科学研究院 Point-to-point flux deepness monitoring method and equipment

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
余浩等.P2P流检测技术研究综述.《清华大学学报(自然科学版)》.2009,第49卷(第4期),616-620. *

Also Published As

Publication number Publication date
CN101572663A (en) 2009-11-04

Similar Documents

Publication Publication Date Title
Bujlow et al. A method for classification of network traffic based on C5. 0 Machine Learning Algorithm
CN107733851A (en) DNS tunnels Trojan detecting method based on communication behavior analysis
CN100563168C (en) application traffic statistical method and device
Tammaro et al. Exploiting packet‐sampling measurements for traffic characterization and classification
CN107592312A (en) A kind of malware detection method based on network traffics
CN100553206C (en) Internet, applications method for recognizing flux based on packet sampling and application signature
CN105429950B (en) A kind of network flow identifying system and method based on dynamic data packet sampling
EP2530874A1 (en) Method and apparatus for detecting network attacks using a flow based technique
RU2013155980A (en) HOME GATEWAY AND METHOD FOR ANALYSIS OF ONLINE BEHAVIOR OF THE USER AND MONITORING THE QUALITY OF NETWORK SERVICES
CN103312565A (en) Independent learning based peer-to-peer (P2P) network flow identification method
EP2587751A1 (en) Method and arrangement for data clustering
CN106878314B (en) Network malicious behavior detection method based on credibility
Cai et al. An analysis of UDP traffic classification
CN108173705A (en) First packet recognition methods, device, equipment and the medium of flow drainage
CN107145779B (en) Method and device for identifying offline malicious software log
CN114124463A (en) Method and system for identifying hidden network encryption application service based on network behavior characteristics
CN106850658B (en) The network malicious act detection method of real-time online study
CN110868409A (en) Passive operating system identification method and system based on TCP/IP protocol stack fingerprint
CN101572663B (en) Depth message scanning method using trust sampling in peer-to-peer network
CN108282414B (en) Data stream guiding method, server and system
Qin et al. MUCM: multilevel user cluster mining based on behavior profiles for network monitoring
CN105323206B (en) Ip defence method
CN107948022B (en) Identification method and identification device for peer-to-peer network traffic
CN101459695B (en) P2P service recognition method and apparatus
CN109818782A (en) The method that a kind of pair of server is classified

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
C14 Grant of patent or utility model
GR01 Patent grant
CF01 Termination of patent right due to non-payment of annual fee

Granted publication date: 20110413

Termination date: 20160603