CN101741686B - Method applied to traffic identification and control of P2P network based on mathematical modeling technology - Google Patents
Method applied to traffic identification and control of P2P network based on mathematical modeling technology Download PDFInfo
- Publication number
- CN101741686B CN101741686B CN2008101718076A CN200810171807A CN101741686B CN 101741686 B CN101741686 B CN 101741686B CN 2008101718076 A CN2008101718076 A CN 2008101718076A CN 200810171807 A CN200810171807 A CN 200810171807A CN 101741686 B CN101741686 B CN 101741686B
- Authority
- CN
- China
- Prior art keywords
- flow
- address
- mathematical modeling
- session
- network
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Expired - Fee Related
Links
Images
Landscapes
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention discloses a method applied to traffic identification and control of a P2P network based on mathematical modeling technology, in particular a method for identifying the network traffic and performing control based on a user behavior by performing mathematical modeling on the traffic. The method comprises the following steps: serially connecting a gateway or a bridge device with the network to analyze the network traffic; analyzing active session condition of each IP address; comprehensively analyzing the distribution condition of the IP address at the opposite end in active connection with IP, the TCP/UDP port distribution condition of the active session, the session state information, and the like for mathematical modeling; and judging the P2P downloading behavior of a user through the model matching. The network traffic of an application layer is identified based on the mathematical model matching which is independent of traditional protocol resolution and keyword matching-based methods; and the efficiency of the traffic identification and the processing capacity of a traffic control device are greatly improved.
Description
Technical field
The present invention relates to the flow identification and the control technology of data communication field, relate in particular to a kind of based on flow mathematics Model Matching method identification P2P flow and control the method for P2P flow.
Background technology
Current; P2P has become internet, applications file transfer technology the most widely, and according to incomplete statistics, provider backbone bandwidth about 60% is the flow that P2P software produces; A large amount of P2P cause network congestion, bandwidth waste, cause whole communication network decrease in efficiency.Therefore, how discerning and control P2P is the current huge challenge that faces.
Based on the software of P2P technological development, have following several characteristic feature:
1, software type is very various, and the communication protocol that adopts is lack of standardization, nonstandard;
2, each main frame is a server, also is client, does not have tangible central control unit, and flow has netted connection features, is difficult to identification;
3, network is escaped operator etc. to the professional control of P2P, generally adopts technology such as encrypted transmission, frequent updating protocol characteristic, causes the identification control difficulty.
The identification of traditional P 2P flow, as: the open date is on March 22nd, 2006, and publication number is the invention application of CN1750538A, has disclosed the technology of utilizing condition code (keyword) to discern the P2P flow.But in case new P2P software occurs, perhaps the P2P software signatures upgrades, and perhaps P2P software is encrypted flow, just can't discern the P2P flow.
The open date is on October 10th, 2007, and publication number is the invention application of CN101051997A, has disclosed the technology of carrying out P2P identification greater than 1024 TCP/UDP port number of utilizing.But this method can't traffic differentiation P2P is professional and types such as TCP, DdoS attack come.
The open date is on November 15th, 2006, and publication number is the invention application of CN1863154A, and the quantity that has disclosed the Correspondent Node IP address that utilizes the connection of IP address is carried out the technology that P2P discerns.But this method can't be distinguished an IP address and whether belong to one for numerous users provide the equipment of server, and still a user connects at a large amount of P2P of initiation.
Summary of the invention
The present invention draws typical P2P discharge model through the analysis to the P2P technical characterictic, and through the extraction of aspect of model value, very high convenient is discerned them.
The present invention provides a kind of method that is applied to flow identification with the control of P2P network based on the mathematical modeling technology; Specifically may further comprise the steps: the communication session to each the IP address in the network carries out mathematical modeling; Gather peer IP address distribution, TCP/UDP port distribution and session state information that this IP address active session is connected, utilize the mathematical modeling technology to produce the Mathematical Modeling characteristic value; Mathematical Modeling characteristic value and preset P2P flow mathematical model parameter are mated; With the situation of P2P flow mathematical model parameter coupling under, judge that the current P2P technology of using in this IP address carries out transfer of data; According to pre-configured P2P flow control strategy, the flow that all of this IP address is met the P2P characteristic is controlled.
Above-mentioned preset P2P flow mathematical model parameter comprises minimum IP address diffusance Cip, minimum TCP/UDP port diffusance Mport, max-session call completing rate Cratemax and minimum session call completing rate Cratemin, and above-mentioned four parameters are configured in the Mathematical Modeling storehouse.
Aforesaid method is calculated its Mathematical Modeling characteristic value to each the movable IP in the network, comprises connective diffusance Xip, port diffusance Xport and the session call completing rate Xrate of each IP address.
Satisfy Xip when simultaneously>Cip, Xport>< Xrate is < during Cratemax for Mport and Cratemin; Judge the current P2P technology of using in this IP address; Utilizing token bucket algorithm (token bucket) that the P2P message is carried out message queuing afterwards handles; In order to the peak-peak of the P2P flow that limits this IP address, perhaps limit the total amount of data of the P2P flow that can transmit in this IP address unit interval, perhaps limit the session number of the P2P flow of this IP address.
The present invention is superior to the technology that three of background technology exemplified inventions are adopted and is embodied in:
1, the present invention does not rely on content of message is carried out keyword or condition code identification, and therefore, method of the present invention can be discerned with unknown emerging P2P flow the P2P that encrypts;
2, the present invention only relies on to add up being higher than 1024 TCP/UDP port, identification P2P, and it has avoided getting mixed up flows such as P2P flow and network sweep, DdoS attack.Therefore more accurate;
3, the present invention only relies on the peer IP address quantity that the IP address is connected to add up, and has therefore avoided obscuring the flow of P2P flow and Website server.
Description of drawings
Fig. 1 is the handling process when adopting the method for the invention to carry out P2P flow mathematics modeler model The matching analysis.
Fig. 2 adopts the method for the invention to carry out the flow chart of the communication equipment process IP message of identification of P2P flow and control.
Embodiment
For fear of the drawback that the recognition methods described in the background technology brings, we have studied the professional universal flow model of P2P, and there is following characteristic in it:
1, the flow of P2P software download, different with the flow that the traditional file server is downloaded.The P2P flow can initiatively be initiated request of data at least one hundred terminals;
2, P2P software generally can not use fixed port in order to escape the fire compartment wall interception, but the dynamic negotiation port;
3, the terminal of P2P software connection not necessarily is in active state, and the call completing rate of therefore communicating by letter does not ensure.One side is some communication request successfully, but also can fail a part.The session that its call completing rate produces greater than virus, attack is less than normal network communication.
Whether come to determine jointly can to identify the P2P flow in the network more accurately by the P2P flow through four parameters of comprehensive employing.
Comprehensive utilization of C ip, Mport, Cratemin, these 4 parameters of Cratemax can accomplish not rely on the P2P flow and whether encrypt, whether revise protocol fields, emerging P2P whether, the flow in the accurate recognition phase-split network.
Comprehensive these 4 parameters can be very accurately, accurate recognition P2P, avoided erroneous judgement, failed to judge, thereby accomplished accurate more flow control.
Fig. 1 is the handling process when adopting the method for the invention to carry out P2P flow mathematics modeler model The matching analysis, and concrete steps comprise:
Step S101, initialization Mathematical Modeling storehouse;
Step S102, the various parameter presets of P2P flow Mathematical Modeling are configured; Suppose the minimum Cip of being of IP address diffusance of P2P flow Mathematical Modeling; TCP/UDP port diffusance minimum is Mport; The session call completing rate is Cratemax to the maximum, minimum is Cratemin, with above-mentioned four parameter configuration in the Mathematical Modeling storehouse;
Step S103, gather peer IP address distribution, TCP/UDP port distribution, session state information that each IP address communication session is connected; Carry out mathematical modeling; Calculate the connective diffusance Xip of each IP address in the communication network in real time; Port diffusance Xport, session call completing rate Xrate;
Step S104, satisfy Xip when simultaneously>Cip, Xport>< Xrate < in the time of Cratemax, judges that this IP address flow meets P2P discharge model characteristic, as meets then execution in step S105, otherwise get into step 106 for Mport and Cratemin;
Step S105 utilizes the queue scheduling algorithm based on token bucket algorithm if the P2P flow starts the P2P flow control strategy that is provided with in advance, and the P2P flow is limited;
If step S106 does not meet P2P discharge model characteristic, according to normal IP message forwarding process.
In the network equipment of a reality, like gateway or the bridge equipment that series connection in network inserts, can utilize the software flow pattern of Fig. 2, realize accurate control to P2P:
Step S201, carry out conversation analysis, to described 3 the mathematics aspect of model values of each IP address computation step S103;
The parameter of step S202, the Mathematical Modeling characteristic value that step S201 is calculated and step S102 configuration compares, and analyzes each IP address and whether has the P2P flow;
Step S203, identify the IP address of using P2P transmission data, they are gathered, form unified statistical indicator;
Step S204, read the P2P flow control strategy in the flow-control equipment; Which kind of control strategy decision carries out to the P2P flow of these IP addresses; As limit the peak-peak of the P2P flow of these IP addresses; Perhaps limit the total amount of data of the P2P flow that can transmit in these IP address unit interval, perhaps limit the session number of the P2P flow of these IP addresses;
Step S205, utilize token bucket algorithm, the P2P flow is ranked, realize the concrete control of flow according to the P2P flow control strategy of confirming.
Claims (3)
1. method that is applied to flow identification with the control of P2P network based on the mathematical modeling technology is characterized in that:
Communication session to each the IP address in the network carries out mathematical modeling; Gather peer IP address distribution, TCP/UDP port distribution and session state information that this IP address communication session is connected; Utilize the mathematical modeling technology to produce the Mathematical Modeling characteristic value, said Mathematical Modeling characteristic value comprises connective diffusance Xip, port diffusance Xport and the session call completing rate Xrate of each IP address;
Mathematical Modeling characteristic value and preset P2P flow mathematical model parameter are mated; Said preset P2P flow mathematical model parameter comprises minimum IP address diffusance Cip, minimum TCP/UDP port diffusance Mport, max-session call completing rate Cratemax and minimum session call completing rate Cratemin, and above-mentioned four parameters are configured in the Mathematical Modeling storehouse;
With the situation of P2P flow mathematical model parameter coupling under, promptly when satisfying Xip>Cip, Xport>Mport and Cratemin<Xrate<Cratemax simultaneously, judge that the current P2P technology of using in said each IP address carries out transfer of data;
According to pre-configured P2P flow control strategy, the flow that all of said each IP address is met the P2P characteristic is controlled.
2. the method for claim 1 is characterized in that: if the P2P flow mathematical model parameter that does not match preset is carried out normal IP message forwarding process.
3. according to claim 1 or claim 2 method when judging that said each IP address is current and using the P2P technology, is utilized token bucket algorithm that the P2P message is carried out message queuing and is handled, and the P2P flow that limits said each IP address
Peak value perhaps limits the total amount of data of the P2P flow that can transmit in said each IP address unit interval, perhaps limits the session number of the P2P flow of said each IP address.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2008101718076A CN101741686B (en) | 2008-11-13 | 2008-11-13 | Method applied to traffic identification and control of P2P network based on mathematical modeling technology |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2008101718076A CN101741686B (en) | 2008-11-13 | 2008-11-13 | Method applied to traffic identification and control of P2P network based on mathematical modeling technology |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN101741686A CN101741686A (en) | 2010-06-16 |
| CN101741686B true CN101741686B (en) | 2012-05-30 |
Family
ID=42464607
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN2008101718076A Expired - Fee Related CN101741686B (en) | 2008-11-13 | 2008-11-13 | Method applied to traffic identification and control of P2P network based on mathematical modeling technology |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN101741686B (en) |
Families Citing this family (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101883030B (en) * | 2010-07-21 | 2012-11-21 | 华中科技大学 | Detection method of P2P nodes based on random measure of IP addresses |
| CN101984635B (en) * | 2010-11-23 | 2012-12-26 | 清华大学 | Method and system for flow identification of point to point (P2P) protocol |
| CN102130974A (en) * | 2011-04-29 | 2011-07-20 | 北京网御星云信息技术有限公司 | Method and device for recognizing P2P (Peer-to-Peer) data |
| CN103414600B (en) * | 2013-07-19 | 2017-03-08 | 华为技术有限公司 | Approximate adaptation method and relevant device and communication system |
| CN108366020B (en) * | 2018-02-02 | 2020-09-18 | 网宿科技股份有限公司 | Method and system for sending acquisition request of data resource |
| CN110445808A (en) * | 2019-08-26 | 2019-11-12 | 杭州迪普科技股份有限公司 | Abnormal flow attack guarding method, device, electronic equipment |
-
2008
- 2008-11-13 CN CN2008101718076A patent/CN101741686B/en not_active Expired - Fee Related
Also Published As
| Publication number | Publication date |
|---|---|
| CN101741686A (en) | 2010-06-16 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN101741686B (en) | Method applied to traffic identification and control of P2P network based on mathematical modeling technology | |
| CN109167798B (en) | Household Internet of things device DDoS detection method based on machine learning | |
| CN109257326B (en) | Method and device for defending against data stream attack, storage medium and electronic equipment | |
| CN110430096A (en) | A kind of gateway test method and equipment | |
| CN110071826B (en) | Internet of things terminal equipment and method for establishing TCP connection between Internet of things terminal equipment and remote management platform | |
| Hjelmvik et al. | Breaking and improving protocol obfuscation | |
| CN102201982A (en) | Application identification method and equipment thereof | |
| Huang et al. | Early identifying application traffic with application characteristics | |
| CN102957673B (en) | A kind of processing method of information, equipment and system | |
| CN101384013A (en) | Data processing apparatus and method applied on data collection platform | |
| CN101360090A (en) | Application protocol recognition method | |
| WO2011012004A1 (en) | Method and system for realizing network flow cleaning | |
| CN112702321B (en) | Distributed transaction current limiting method, device, equipment and storage medium | |
| CN111049780A (en) | Network attack detection method, device, equipment and storage medium | |
| KR20100024723A (en) | System and method for analyzing alternative internet traffic using routing based on policy | |
| JP2007228217A (en) | Traffic decision device, traffic decision method, and program therefor | |
| Freire et al. | On metrics to distinguish skype flows from http traffic | |
| US11595419B2 (en) | Communication monitoring system, communication monitoring apparatus, and communication monitoring method | |
| CN102480503B (en) | P2P (peer-to-peer) traffic identification method and P2P traffic identification device | |
| CN101494663B (en) | Active identification method and apparatus based on peer-to-peer network | |
| Alserhani et al. | Evaluating intrusion detection systems in high speed networks | |
| CN111277449A (en) | Safety testing method and device for voice service equipment | |
| CN109818973B (en) | Protocol fuzzy test method based on serial connection mode | |
| CN114363059A (en) | Attack identification method and device and related equipment | |
| CN112422474B (en) | Method for monitoring encrypted data stream, first electronic device and storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| CF01 | Termination of patent right due to non-payment of annual fee | ||
| CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20120530 Termination date: 20171113 |