CN101582791B - Method and system for monitoring real-time messaging session - Google Patents
Method and system for monitoring real-time messaging session Download PDFInfo
- Publication number
- CN101582791B CN101582791B CN2008101117905A CN200810111790A CN101582791B CN 101582791 B CN101582791 B CN 101582791B CN 2008101117905 A CN2008101117905 A CN 2008101117905A CN 200810111790 A CN200810111790 A CN 200810111790A CN 101582791 B CN101582791 B CN 101582791B
- Authority
- CN
- China
- Prior art keywords
- session
- information
- related information
- message
- time
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Expired - Fee Related
Links
Images
Landscapes
- Computer And Data Communications (AREA)
Abstract
The invention discloses a method and a system for monitoring a real-time messaging session. The method comprises the following steps: (1) making protocol analysis on a data message captured in real time, if a current message load is identified to be the IM applied session message related to initialization and termination of the session, determining an IM applied type of the message and extracting information related to the session; and (2) according to a session state and the extracted information related to the session, updating the information of the stored corresponding session, and counting the number of current IM applied sessions in various types; for the session newly initialized, storing the information related to the session, and increasing the number of current IM applied sessions to which the session belongs; for the session which is about to be terminated immediately and of which the related information is stored, deleting the information of the session, and correspondinglydecreasing the number of current IM applied sessions to which the session belongs; and unnecessarily processing the session of which the related information is not stored and which is about to be ter minated. The method and the system are used for realizing the macro monitoring of the IM applied sessions and improving the monitoring range.
Description
Technical field
The present invention relates to network management, more specifically, relate to the method and system of in the use that a kind of IM of being used for (Instant Messaging, real-time communication) class uses session being monitored.
Background technology
IM class software has more and more obtained user's use in the middle of the present network environment, and along with the development of software, the online chat function that various IM class softwares are all provided convenience.The chat feature of improving day by day and increasing provides good communicative channel for people's study, life, work, but thereupon some drawbacks also occurred.This is mainly reflected on the abuse of IM software, such as the work hours chat, leakage inside is secret, take Internet resources or the like.
The at present consideration and the imperfection of the concrete monitoring of using for IM, a lot of products only provide some basic service monitoring functions of some IM class software, for example the monitoring of concrete network behavior such as the chat of MSN, file transfer.But mostly lack the monitoring of a kind of macroscopical direction that IM class in the middle of the network is used, use session number such as MSN in the middle of the current network environment, use session number of qq or the like, these information can better be held the IM applicable cases in the middle of the overall network environment, reach with convenient unitized management and carry out concrete business monitoring targetedly.The session of mentioning in the literary composition is not traditional TCP connection session, but the session channel that chat is set up between two clients in the middle of the Internet chat process.Except holding the IM class number of sessions that IM applicable cases in the middle of the network environment can also write down different user on the whole, such as session number of Zhang San MSN session number, QQ or the like, this helps company or organization internal better to grasp its member's IM class software operating position, avoids too much taking the operating time.
In addition, differing from daily operating position if find a certain class IM number of sessions or certain user's IM number of sessions in the middle of monitor procedure, also may be that user client exists virus or attacked the automatic initiation session that causes.At present, also there is not a kind of method and system that can monitor the above-mentioned information of IM class session.
The monitoring of above-mentioned IM session can be applicable in the method and product of Network audit, the Network auditing system is used increasingly extensive at present, important means as network safety prevention, it is by resolving the network activity of trusted people in the operation system, record, analysis is planned prevention to help administrative staff in advance, monitoring in real time in the thing, unlawful practice stops and traces the network operation accident afterwards, thereby help the user to strengthen inside and outside network behavior supervision, avoid the core asset loss, ensureing the normal operation of client's operation system, is the best practices that enterprise realizes IT management and control.
Summary of the invention
The technical problem to be solved in the present invention provides a kind of method for supervising and system of real-time messaging session, in order to realize the macroscopic view monitoring to session in the IM application, improves monitoring range.
The applicant is when the agreement that all kinds of IM softwares are used is analyzed and researched, find all can send the data message with obvious sign when most of IM classes are applied in a new session of initiation or stop an already-existing session, it is possible to avoid the abuse problem that this explanation is better carried out effective monitoring to the use of IM class software.
In order to address the above problem, the invention provides a kind of method for supervising of real-time messaging session, comprising:
(1) data message of catching is in real time carried out protocol analysis, as discern the session message of the real-time communication IM application that current message load is with session is initiated and termination is relevant, determine the IM application type of this message and extract session related information;
(2) according to the session related information of session status and extraction, information to the corresponding session of preserving is upgraded, and add up the current sessions quantity that all kinds of IM use, then preserve this session related information for the session of new initiation, and the current sessions quantity that IM uses under this session of corresponding increase; Store for the session and this session related information that are about to stop, then delete this session information, and the current sessions quantity that IM uses under this session of corresponding minimizing; The session that is about to stop of not preserving for session related information need not to handle.
Further, described session related information comprises session both sides' user ID;
In the described step (2), also according to described session both sides' user ID and session status, carry out the statistics of all kinds of IM utility cession quantity of its use at each user in the current network, session for new initiation, then according to described session both sides' user ID, the user that corresponding increase participates in this session uses the current sessions quantity that IM uses under this session; Store for the session and this session related information that are about to stop, then according to described session both sides' user ID, corresponding minimizing participates in the current sessions quantity that this session subscriber uses the affiliated IM of this session to use.
Further, in the described step (2), the message of initiation session of system time also will catch to(for) the session of new initiation is recorded as the session initiation time, store for the session and this session related information that are about to stop, also record this moment, system time was the session termination time, and initiated the time and the termination time is calculated this session online hours according to session.
Further, described session related information also comprises source port and the destination interface that session is used;
In the described step (2), for the session that is about to stop, search in the session related information of preserving according to source port and destination interface that session both sides' user ID and session are used, determine whether this session related information is preserved, if do not find respective entries, illustrate that the IM application of this session and preservation is irrelevant, need not to do any processing, if find respective entries during inquiry, then delete these clauses and subclauses.
Further, described step (2) also comprises afterwards: (3) carry out control and treatment according to ongoing IM session case and each session related information in the middle of the current network that counts in conjunction with the control strategy of setting.
In order to address the above problem, the present invention also provides the professional multifile transmission of a kind of real-time communication recombination system, comprise: real-time communication IM uses identifier, session message selector, session information extractor, session information manager, session information memory and session monitor, wherein
Described IM uses identifier, be used for the data message of catching is in real time carried out protocol analysis, session message to the IM application, determine the IM application type of current use according to the identification characteristics of all kinds of IM application data messages, session message and type information thereof that IM is used send to session message selector;
Described session message selector, be used for mating according to all data messages that the IM that the feature of IM session message is sent IM application identifier uses, select and session initiation and the relevant message of termination, the message of selecting is sent to the session information extractor, the state and the IM application type information thereof of this session is sent to the session information manager;
Described session information extractor extracts session related information, and sends to the session information manager from the message of receiving with session is initiated and termination is relevant;
Described session information manager is used for upgrading according to the session information that described session related information is preserved the session information memory, and the work of triggering session watch-dog is also indicated this session status;
Described session information memory is used to preserve the session related information of affiliated IM application type information of session and extraction;
Described session monitor comprises: IM utility cession quantity statistics unit, and after being used to be triggered, when being designated as initiation as session status, the current sessions quantity that IM uses under this session of corresponding increase; Be designated as termination as session status, the current sessions quantity that IM uses under this session of corresponding minimizing; The session that is about to stop of not preserving for session related information need not to handle.
Further, described session monitor, also comprise: user conversation quantity statistics unit, after being used to be triggered, when being designated as initiation, according to this session both sides' user totem information as session status, corresponding increase associated user's current sessions quantity, be designated as termination as session status, according to this session both sides' user totem information, corresponding minimizing associated user's current sessions quantity;
Described session information manager, the session for initiating also triggers user conversation quantity statistics unit and indicates this session status; Session for stopping if inquire the session related information of preserving this session in the session information memory, then triggers user conversation quantity statistics unit and indicates this session status.
Further, described session monitor also comprises: session duration calculation unit is used for calculating this session online hours according to session initiation time and termination time;
Described session information manager, the session for initiating also is saved in the session information memory with the session initiation time; For the session that stops, the time that then will delete the session related information of this session in the session information memory is recorded as the session termination time, and the initiation and termination time of this session sent to session duration calculation unit.
Further, described session information manager for the session of initiating, is saved in the session information memory with the session related information of IM application type information and extraction under this session; Session for stopping arrives first the session information memory query and whether has preserved the session related information of this session, as preserving, then deletes the session related information of this session in the session information memory.
Further, the professional multifile transmission of described real-time communication IM recombination system, also comprise: described session control processing unit, be used for according to ongoing IM session case and each session related information in the middle of the current network that counts, carry out control corresponding in conjunction with the control strategy of setting and handle.
Compared with prior art, the invention solves the deficiency that IM software is lacked the monitoring of overall applicability situation.IM applicable cases from whole network environment, IM software operating position to integral body is monitored, both can add up the ongoing number of sessions of various IM softwares in the middle of the current network environment accurately according to IM software classification, also can monitor the situation that each user uses IM software accurately according to different users, make things convenient for the network management personnel that the IM in the whole network environment is used and carry out whole planning, help to improve the network management system, and have the virus of detecting to a certain extent or attack the function that takes place.In addition, system has taken into full account the problem of autgmentability in design, only need add concrete session RM for emerging IM software, need not existing system is carried out big change, therefore also have good flexibility and extensibility, but in the extensive use network audit product.
Description of drawings
Fig. 1 is the flow chart of embodiment of the invention IM monitoring session method;
Fig. 2 is the structure chart of embodiment of the invention IM conversation monitor system.
Embodiment
The present invention is in order to solve the drawback that conventional solution exists, further set forth the method for supervising and the system of a kind of real-time messaging session of the present invention by following specific embodiment, below embodiment is described in detail, but not as a limitation of the invention.
As shown in Figure 1, be the handling process of embodiment of the invention IM monitoring session method after capturing data message, comprise following steps:
Step 100 is caught data message in real time;
Step 101, the identification of IM application class, promptly the data message to actual acquisition adopts the protocol analysis technology to carry out the stratification parsing, determines the IM application type of current use according to the identification characteristics of all kinds of IM application data messages;
Step 102, the session message characteristic of using according to this IM mates, and judges this data message data message whether session is initiated and stopped being correlated with, if then execution in step 103, if not, then abandon the message of being caught, finish;
Step 103, session information extracts, and promptly extracts session related information from the data message that session is initiated or termination is relevant, just can write down simultaneously and initiate the time in the session of initiation session;
Step 104, session information upgrades, promptly the session information of preserving is upgraded according to the session related information that extracts, if this session related information is then preserved in the new session of initiating and but recording conversation is initiated the time, if the session that be about to stop and the session related information of this session store, but then delete the session related information and the recording conversation termination time of this session;
Step 105, session is added up, and promptly carries out the statistics of the whole operating position of IM session in the current network environment, as: according to the current sessions quantity of IM application type and session status (as initiating or termination) all kinds of IM application of statistics; The number of sessions that the IM that uses according to session related information that extracts and session status statistics current network user uses; Also can initiate the time and the termination time is calculated these session online hours etc. according to session;
Step 106, session control according to ongoing IM session case and each session related information in the middle of the current network that counts, is carried out control and treatment in conjunction with the control strategy of setting, as implementing blocking-up, session audit etc.
Above-mentioned session information upgrades, the session statistics can be come parallel processing by different threads with session control, and do not required fixing sequencing.
In step 101, be that network message with actual acquisition is sample, the data message is resolved and carries out the differentiation of IM application type according to the identification characteristics that has in the middle of the data message that transmits in the middle of this software communication process according to features such as protocol format that uses in the various IM software communication processes or fixed ports.
For example MSN software uses the data message of fixing 1863 ports and transmission with feature keyword " MSG " beginning in the middle of use, below is actual MSN protocol massages content.And for example the data message of transmission below is a Yahoo Expert protocol massages content with feature keyword " YMSG " beginning in the middle of Yahoo Expert software is using.Be dependent on the IM software type of our at first unique settled really preceding use of corresponding message characteristic.After the type, the message characteristic that has during according to foundation in the dissimilar IM software communication processes or termination session is that pattern is filtered all current I M application data messages under having determined various IM application data messages.
In step 102, carry out the session ASSOCIATE STATISTICS and only need keep the session that comprises session related information and initiate and stop relevant part message and get final product.
For example in the use of MSN agreement, server can at first send the data message that is designated XFR to client and distributes employed transfer server address when initiating a new session.This client is carried out authentication with the message that is designated USR to transfer server subsequently.Send the conference call request with the data message that is designated CAL to transfer server subsequently.When server returns with the data message that is designated JOI, identify this session connection and successfully set up.Sample is as follows:
Table 1
0000 00?e0?4d?a6?cc?1a?00?17?df?ba?4c?00?08?00?45?00 ..M.......L...E
0010 00?7d?99?7c?40?00?6b?06?5a?82?cf?2e?6f?4b?c0?a8 .}.|@.k.Z...oK..
0020 1c?5a?07?47?0f?2e?70?b3?16?3a?11?38?fe?28?50?18 .Z.G..p....8.(P.
0030 ff?f4?1b?b0?00?00?58?46?52?20?33?37?20?53?42?20 ......XFR?37?SB
0040 32?30?37?2e?34?36?2e?32?36?2e?31?36?37?3a?31?38 207.46.26.167:18
0050 36?33?20?43?4b?49?20?31?33?30?37?30?38?38?31?38 63?CKI?130708818
0060 37?2e?31?33?37?38?30?32?34?33?2e?31?35?31?33?30 7.13780243.15130
0070 31?36?32?20?55?20?6d?65?73?73?65?6e?67?65?72?2e 162?U?messenger.
0080 6d?73?6e?2e?63?6f?6d?20?31?0d?0a msn.com?1..
0000 00?17?df?ba?4c?00?00?e0?4d?a6?cc?1a?08?00?45?00 ....L...M.....E.
0010 00?60?66?53?40?00?80?06?cd?6c?c0?a8?1c?5a?cf?2e .fS@....1...Z..
0020 1a?a7?0f?43?07?47?eb?e6?dd?dd?49?3d?9f?d3?50?18 ...C.G....I=..P.
0030 ff?ff?9f?89?00?00?55?53?52?20?32?20?68?73?75?6e ......USR?2?hsun
0040 40?69?73?2e?69?73?63?61?73?2e?61?63?2e?63?6e?20 @is.iscas.ac.cn
0050 31?33?30?37?30?38?38?31?38?37?2e?31?33?37?38?30 1307088187.13780
0060 32?34?33?2e?31?35?31?33?30?31?36?32?0d?0a 243.15130162..
0000 00?17?df?ba?4c?00?00?e0?4d?a6?cc?1a?08?00?45?00 ....L...M.....E.
0010 00?4b?66?54?40?00?80?06?cd?80?c0?a8?1c?5a?cf?2e .KfT@........Z..
0020 1a?a7?0f?43?07?47?eb?e6?de?15?49?3d?a0?07?50?18 ...C.G....I=..P.
0030 ff?cb?90?a8?00?00?43?41?4c?20?33?20?63?61?72?69?......CAL?3?cari
0040 6e?61?66?75?62?61?69?6c?69?6e?67?40?68?6f?74?6d?nafubailing@hotm
0050 61?69?6c?2e?63?6f?6d?0d?0a ail.com..
0000 00?e0?4d?a6?cc?1a?00?17?df?ba?4c?00?08?00?45?00?..M.......L...E.
0010 00?5e?c9?6f?40?00?6b?06?7f?52?cf?2e?1a?a7?c0?a8?
o@.1k..R......
0020 1c?5a?07?47?0f?43?49?3d?a0?21?eb?e6?de?38?50?18?.Z.G.CI=.!...8P.
0030 ff?a4?d9?3f?00?00?4a?4f?49?20?63?61?72?69?6e?61?...?..JOI?carina
0040 66?75?62?61?69?6c?69?6e?67?40?68?6f?74?6d?61?69?fubailing@hotmai
0050 6c?2e?63?6f?6d?20?e5?b0?8f?e4?ba?ba?e9?b1?bc?20?1.com.........
0060 31?39?38?35?38?35?39?36?32?38?0d?0a 1985859628..
Then in this sample, this stage step need extract these data messages carries out session related information for the session information extraction stage and extracts and use.
In step 103,, in the filtered data message, carry out information extraction according to the initiation and the termination sign of the data message that provides in the previous step and this IM utility cession.Can extract the relevant information that sessions such as the source port of session initiator ID, promoter IP, session both sides' such as session recipient ID, recipient IP identification information and use and destination interface are initiated to initiation session; Can extract the relevant information that sessions such as the source port of session initiator IP, session recipient IP and use and destination interface stop to stopping session.Certainly, also session promoter ID and session recipient ID can be extracted.
In addition, the session related information that can be each group needs to keep is provided with a unique session identification, to help through the ASSOCIATE STATISTICS of this session.
Here, utilize the respective data field the inside of protocol analysis technology in the middle of data message to extract these session related informations equally.Sample message among the still above embodiment is an example explanation extracting method.The transfer server address of using as can be known in being designated the data message of XFR is that session recipient IP is 207.46.26.167, can extract session initiator ID in being designated the data message of USR is hsun@is.iscas.ac.cn, extracting session recipient ID in being designated the data message of CAL is carinafubailing@hotmail.com, and this session is set up as can be known in being designated the data message of JOI.Initiate the time with the system time of catching this data message as session.Can effectively extract the employed port of current sessions according to these data messages in addition.
Extraction for the relevant information that stops session is comparatively simple, and the IM that carries out the session statistics uses (or claiming IM software) mainly with the Transmission Control Protocol load, and these are applied in only need close this TCP session connection and get final product when closing session.Therefore as long as in the middle of network environment, catch the i.e. session of this session for being about to stop as can be known of data message of closing the TCP connection, extract source IP, purpose IP (being exactly session initiator IP, session recipient IP), source port, the destination interface of this connection.
In the step 104, after extracting newly-built session or stopping the session related information of session, should set up the initiation time that new session information store items also can write down this session for the session related information of newly-built session; For the session related information that stops session need (be source IP according to above-mentioned four-tuple, purpose IP, source port, destination interface) in the session related information of preserving, searches, determine whether this session related information is preserved, if do not find respective entries, the IM that this session and preservation are described uses irrelevant, need not to do any processing, if find respective entries during inquiry, then should delete these clauses and subclauses, record this moment, system time was the session termination time simultaneously, and this termination time is initiated time and the Query Result foundation as real-time statistics together with the session of this session of record.
In the step 105, the current sessions quantity that all kinds of IM use is added up according to IM application type information and session state information under the session; In addition, can carry out the situation statistics of all kinds of IM application of its use at each user in the current network further according to the session related information of record.
If what receive is that association message is initiated in session, then the IM applicating category current sessions number under this message is added 1, for example the user initiates the MSN session, then increases by 1 on the MSN session statistical magnitude in the current network environment.Simultaneously, according to session initiation source IP, session initiation source ID and session recipient IP, session recipient ID the user who participates in this session is added 1 for the number of sessions that MSN uses.Source IP is initiated in session and the unique user of the common sign of source ID is initiated in session, the unique user of the common sign of session recipient IP and session recipient ID.
If what receive is that session stops association message, the Query Result that then needs waiting step 104 to provide is if confirm that it not is that the IM class of having preserved is used that this session stops, and does not then do any change.If confirm that this session terminates as certain the class IM that has preserved and uses, then need the number of sessions that this IM in the current network environment uses is subtracted 1.Simultaneously, session initiation source IP, session initiation source ID and session recipient IP, the session recipient ID according to this session subtracts 1 to the user who participates in this session for the number of sessions that such IM uses use.(when not having session initiator ID and session recipient ID in the information of extraction, can finding) from the session related information of preserving
In addition, the initiation and the termination time of the Query Result that can also provide according to step 104 and this session of record are calculated this session persistence, as the result for this session statistics.
In the step 106, ongoing IM class session case and each session related information carry out session control and handle in the middle of the current network that provides according to the session statistic procedure.For example, then can use audit more accurately dynamics or management strategy to these two kinds of IM when finding to use the ratio of MSN or QQ to use in the middle of the current network environment apparently higher than other IM classes.And for example if find kind that certain user uses IM software too much, indivedual IM utility cession quantity are unusual or session persistence longly then can take to manage targetedly the strategy that connects as blocking part accordingly.
If only need to add up, step 106 is optional.In addition, also can not carry out the session number quantitative statistics that the current use of user IM uses.
In another embodiment, if need not add up the session persistence duration, then need not the initiation time and the termination time of recording conversation.For following apparatus also is so, and this moment, each functional module need not to carry out session initiation and record and the calculating of termination time.
Shown in Figure 2 is the supervisory control system of the real-time messaging session that provides of present embodiment, comprise: IM uses identifier 200, session message selector 201, session information extractor 202, session information manager 203, session information memory 204, session monitor 205 and session control processing unit 206, and session monitor 205 further comprises IM utility cession quantity statistics unit, user conversation quantity statistics unit and session duration calculation unit; Wherein:
IM uses identifier 200, be used for the data message of catching is in real time carried out protocol analysis, abandon the session message that non-IM uses, session message to the IM application, determine the IM application type of current use according to the identification characteristics of all kinds of IM application data messages, session message and type information thereof that IM is used send to session message selector 201.
Session message selector 201, be used for mating according to all data messages that the IM that the feature of IM session message is sent IM application identifier 200 uses, select and session initiation and the relevant message of termination, the message of selecting is sent to session information extractor 202, the state and the IM application type information thereof of this session is sent to session information manager 203.
Session information extractor 202 extracts session related information from the message of receiving with session is initiated and termination is relevant, as session both sides' the identification information and the port information of use, but recording conversation is initiated the time simultaneously.These information are sent to session information manager 203;
Session information manager 203, for the session of initiating, the session related information and the session initiation time of IM application type information, extraction under this session are saved in session information memory 204, trigger IM utility cession quantity statistics unit and user conversation quantity statistics unit and indicate this session status; For the session that stops, arrive first 204 inquiries of session information memory and whether preserved the session related information of this session, as preserving, then delete the session related information and the recording conversation termination time of this session in the session information memory 204, trigger IM utility cession quantity statistics unit and user conversation quantity statistics unit and indicate this session status, and the initiation and the termination time of this session sent to session duration calculation unit.
Session information memory 204, temporal information is initiated in the session related information and the session that are used to preserve IM application type information under the session, extraction.
Session monitor 205 further comprises:
IM utility cession quantity statistics unit, after being used to be triggered, when being designated as initiation as session status, the current sessions quantity that IM under this session is used adds 1; Be designated as termination as session status, the current sessions quantity that IM under it is used subtracts 1.
User conversation quantity statistics unit after being used to be triggered, is designated as when initiating as session status, according to this session subscriber identification information associated user's current sessions quantity is added 1, is designated as termination as session status, and associated user's current sessions quantity is subtracted 1.
Session duration calculation unit is used for calculating this session online hours according to session initiation time and termination time.
Session control processing unit 206, be used for statistic behavior is detected,, carry out control corresponding in conjunction with the control strategy of setting and handle according to ongoing IM session case and each session related information in the middle of the current network that counts, as implement to block session audit etc.
Certainly; the present invention also can have other various embodiments; under the situation that does not deviate from spirit of the present invention and essence thereof; those of ordinary skill in the art can make various corresponding changes and distortion according to the present invention, but these corresponding changes and distortion all should belong to the protection range of the appended claim of the present invention.
Claims (8)
1. the method for supervising of a real-time messaging session is characterized in that, comprising:
(1) data message of catching is in real time carried out protocol analysis, as discern the session message of the real-time communication IM application that current message load is with session is initiated and termination is relevant, determine the IM application type of this message and extract session related information;
(2) according to the session related information of session status and extraction, information to the corresponding session of preserving is upgraded, and add up the current sessions quantity that all kinds of IM use, then preserve this session related information for the session of new initiation, and the current sessions quantity that IM uses under this session of corresponding increase; Store for the session and this session related information that are about to stop, then delete this session information, and the current sessions quantity that IM uses under this session of corresponding minimizing; The session that is about to stop of not preserving for session related information need not to handle;
(3) according to ongoing IM session case and each session related information in the middle of the current network that counts, carry out control and treatment in conjunction with the control strategy of setting.
2. the method for claim 1 is characterized in that,
Described session related information comprises session both sides' user ID;
In the described step (2), also according to described session both sides' user ID and session status, carry out the statistics of all kinds of IM utility cession quantity of its use at each user in the current network, session for new initiation, then according to described session both sides' user ID, the user that corresponding increase participates in this session uses the current sessions quantity that IM uses under this session; Store for the session and this session related information that are about to stop, then according to described session both sides' user ID, corresponding minimizing participates in the current sessions quantity that this session subscriber uses the affiliated IM of this session to use.
3. method as claimed in claim 2 is characterized in that,
In the described step (2), the message of initiation session of system time also will catch to(for) the session of new initiation is recorded as the session initiation time, store for the session and this session related information that are about to stop, also record this moment, system time was the session termination time, and initiated the time and the termination time is calculated this session online hours according to session.
4. method as claimed in claim 3 is characterized in that,
Described session related information also comprises source port and the destination interface that session is used;
In the described step (2), for the session that is about to stop, search in the session related information of preserving according to source port and destination interface that session both sides' user ID and session are used, determine whether this session related information is preserved, if do not find respective entries, illustrate that the IM application of this session and preservation is irrelevant, need not to do any processing, if find respective entries during inquiry, then delete these clauses and subclauses.
5. the professional multifile transmission of a real-time communication recombination system is characterized in that comprise: real-time communication IM uses identifier, session message selector, session information extractor, session information manager, session information memory and session monitor, wherein,
Described IM uses identifier, be used for the data message of catching is in real time carried out protocol analysis, session message to the IM application, determine the IM application type of current use according to the identification characteristics of all kinds of IM application data messages, session message and type information thereof that IM is used send to session message selector;
Described session message selector, be used for mating according to all data messages that the IM that the feature of IM session message is sent IM application identifier uses, select and session initiation and the relevant message of termination, the message of selecting is sent to the session information extractor, the state and the IM application type information thereof of this session is sent to the session information manager;
Described session information extractor extracts session related information, and sends to the session information manager from the message of receiving with session is initiated and termination is relevant;
Described session information manager is used for upgrading according to the session information that described session related information is preserved the session information memory, and the work of triggering session watch-dog is also indicated this session status;
Described session information memory is used to preserve the session related information of affiliated IM application type information of session and extraction;
Described session monitor, comprise: IM utility cession quantity statistics unit, after being used to be triggered, when being designated as initiation as session status, the current sessions quantity that IM uses under this session of corresponding increase, be designated as termination as session status, the current sessions quantity that IM uses under this session of corresponding minimizing, the session that is about to stop of not preserving for session related information need not to handle;
The session control processing unit is used for according to ongoing IM session case and each session related information in the middle of the current network that counts, and carries out control corresponding in conjunction with the control strategy of setting and handles.
6. system as claimed in claim 5 is characterized in that,
Described session monitor, further comprise: user conversation quantity statistics unit, after being used to be triggered, when being designated as initiation as session status, according to this session both sides' user totem information, corresponding increase associated user's current sessions quantity is designated as termination as session status, according to this session both sides' user totem information, corresponding minimizing associated user's current sessions quantity;
Described session information manager, the session for initiating also triggers user conversation quantity statistics unit and indicates this session status; Session for stopping if inquire the session related information of preserving this session in the session information memory, then triggers user conversation quantity statistics unit and indicates this session status.
7. system as claimed in claim 6 is characterized in that,
Described session monitor further comprises: session duration calculation unit is used for calculating this session online hours according to session initiation time and termination time;
Described session information manager, for the session of initiating, also the session initiation time is saved in the session information memory, for the session that stops, the time that then will delete the session related information of this session in the session information memory is recorded as the session termination time, and the initiation and termination time of this session sent to session duration calculation unit.
8. system as claimed in claim 7 is characterized in that,
Described session information manager for the session of initiating, is saved in the session information memory with the session related information of IM application type information and extraction under this session; Session for stopping arrives first the session information memory query and whether has preserved the session related information of this session, as preserving, then deletes the session related information of this session in the session information memory.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2008101117905A CN101582791B (en) | 2008-05-16 | 2008-05-16 | Method and system for monitoring real-time messaging session |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2008101117905A CN101582791B (en) | 2008-05-16 | 2008-05-16 | Method and system for monitoring real-time messaging session |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN101582791A CN101582791A (en) | 2009-11-18 |
| CN101582791B true CN101582791B (en) | 2011-08-10 |
Family
ID=41364766
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN2008101117905A Expired - Fee Related CN101582791B (en) | 2008-05-16 | 2008-05-16 | Method and system for monitoring real-time messaging session |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN101582791B (en) |
Families Citing this family (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102202007B (en) * | 2010-03-25 | 2015-02-18 | 腾讯科技(深圳)有限公司 | Method and device for automatically counting instant messaging behaviors |
| CN102025729A (en) * | 2010-11-25 | 2011-04-20 | 武汉钢铁(集团)公司 | Steelmaking big pot dispatching analog and stimulation device and method |
| CN104469711B (en) * | 2013-09-23 | 2019-06-11 | 中兴通讯股份有限公司 | Unstructured supplementary data traffic monitoring method and device |
| CN106452967B (en) * | 2016-11-02 | 2019-09-10 | 四川秘无痕科技有限责任公司 | A method of it is monitored for Fetion network data |
| CN109213599A (en) * | 2018-09-03 | 2019-01-15 | 郑州云海信息技术有限公司 | A kind of BMC service management, device, terminal and storage medium |
| CN110009950B (en) * | 2019-03-26 | 2021-05-18 | 乐佰科(深圳)教育科技有限公司 | Online cooperative coding code synchronization method and system |
| CN112714517B (en) * | 2019-10-25 | 2023-01-24 | 佛山市顺德区美的电热电器制造有限公司 | Electromagnetic heating apparatus and control method thereof |
| CN112612670B (en) * | 2020-12-02 | 2023-04-11 | 北京东土军悦科技有限公司 | Session information statistical method, device, exchange equipment and storage medium |
Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1972286A (en) * | 2006-12-05 | 2007-05-30 | 苏州国华科技有限公司 | A defense method aiming at DDoS attack |
| CN101018118A (en) * | 2007-02-09 | 2007-08-15 | 浪潮电子信息产业股份有限公司 | Network security monitoring method based on the network life frequency spectrum |
-
2008
- 2008-05-16 CN CN2008101117905A patent/CN101582791B/en not_active Expired - Fee Related
Patent Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1972286A (en) * | 2006-12-05 | 2007-05-30 | 苏州国华科技有限公司 | A defense method aiming at DDoS attack |
| CN101018118A (en) * | 2007-02-09 | 2007-08-15 | 浪潮电子信息产业股份有限公司 | Network security monitoring method based on the network life frequency spectrum |
Non-Patent Citations (1)
| Title |
|---|
| 刘彬等.即时通信协议分析与监控技术研究.《计算机应用研究》.2007,第24卷(第9期), * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN101582791A (en) | 2009-11-18 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN101582791B (en) | Method and system for monitoring real-time messaging session | |
| AU2018301643B2 (en) | Fraud detection system and method | |
| CN103139315A (en) | Application layer protocol analysis method suitable for home gateway | |
| US7979585B2 (en) | System and method to associate a private user identity with a public user identity | |
| CN101119321B (en) | Network flux classification processing method and apparatus | |
| EP2446411B1 (en) | Real-time spam look-up system | |
| CN100553206C (en) | Internet, applications method for recognizing flux based on packet sampling and application signature | |
| CN108809808A (en) | Information processing method, device, equipment and storage medium | |
| CN103516586A (en) | Online user behavior analysis system of instant messaging system | |
| CN106201739A (en) | A kind of remote invocation method of Storm based on Redis | |
| CN105490872A (en) | Real-time monitoring system and monitoring method of internet instant messaging information | |
| CN102185723A (en) | Session management method and device | |
| CN101945006B (en) | Detection method of abnormal call | |
| CN100362802C (en) | Method for combatting rejection service attack | |
| CN110620849B (en) | Centralized sorting method and system for IMS telephone terminal call records | |
| CN101883054B (en) | Multicast message processing method and device and equipment | |
| CN108769016A (en) | A kind of processing method and processing device of service message | |
| CN109951847A (en) | The automatic identifying method and device of a kind of pair of IMS business free call on sb. else's expense through illegal means international long-distance | |
| CN101321097A (en) | Tencent network living broadcast business recognition method based on payload depth detection | |
| CN101072174A (en) | Tencent voice identifying method based on pay load deep detection and session correlating technology | |
| CN109067782A (en) | IMS network session abnormal interrupt attack detecting device and method | |
| CN110404267A (en) | A kind of plug-in detection method of game based on HTTP flow HOST field feature | |
| CN102932373A (en) | Zombie network detection method and device | |
| CN110224932A (en) | A kind of method and system of data fast-forwarding | |
| CN101286903A (en) | Method for enhancing integrity of sessions in network audit field |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20110810 Termination date: 20170516 |
|
| CF01 | Termination of patent right due to non-payment of annual fee |