CN101854366B - Peer-to-peer network flow-rate identification method and device - Google Patents
Peer-to-peer network flow-rate identification method and device Download PDFInfo
- Publication number
- CN101854366B CN101854366B CN201010199464.1A CN201010199464A CN101854366B CN 101854366 B CN101854366 B CN 101854366B CN 201010199464 A CN201010199464 A CN 201010199464A CN 101854366 B CN101854366 B CN 101854366B
- Authority
- CN
- China
- Prior art keywords
- network traffics
- doubtful
- network
- data flow
- type
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Expired - Fee Related
Links
Abstract
The invention discloses a peer-to-peer (P2P) network flow-rate identification method and a device. Length of data stream packets of a given quantity is measured, the data stream packets are divided into two types according to a set length threshold value, the typical proportion of the two types of packets is calculated, if the typical proportion of the packet is more than the upper limit of the typical threshold value interval, the data stream is deemed as a peer-to-peer network flow rate. By adopting the method and the device, through the typical proportion of the packet, the data stream can be rapidly and effectively classified so as to rapidly and effectively identify the P2P network flow rate, so the identification efficiency and accuracy can be improved, and the system expenditure caused by the flow-rate detection solution can be greatly reduced.
Description
Technical field
The present invention relates to network traffics recognition technology, particularly a kind of equity (P2P, Peer-to-Peer) network traffics know method for distinguishing and device.
Background technology
P2P network is proposed in 1969 by Steve Crocker the earliest, it is a kind of distributed network, the participant of network shares a part of hardware resource that they have, as: disposal ability, storage capacity, network-connectivity, printer etc., these shared resources need by network offering services and content, directly can be accessed and without the need to through intermediate entities by other peer node.Participant in this network is that namely resource serves and the supplier of content (Server), be also resource obtain taker (Client).With traditional client/server (C/S) network unlike: the status of each node in network is reciprocity, and each node both served as server, for other nodes provide service, also enjoys the service that other nodes provide simultaneously.
At present, P2P technology has been widely used in the fields such as download, instant messaging, the networking telephone, Web TV, online game, financial service and information retrieval, P2P changes existing network application mode, also for the development of future network provides a kind of new networking thinking.But, in all advantage behinds of P2P technology, there is a lot of problem:
The application of present employing P2P technology is a lot, as: bit stream (BitTorrent), electricity donkey (eDonkey), electricity mule (eMule), simple network exchange file software (Gnutella) easily again, Web TV (PPLive), Streaming Media (PPStream), network real-time phonetic communication (Skype) etc., the sum of P2P user is in millions upon millions of, so, cause the huge consumption of the network bandwidth, even cause network congestion, greatly reduce network performance, deteriorate network service quality, hamper carrying out of normal network traffic and popularizing of key business.Meanwhile, along with the broadcasting in privacy of a large amount of unauthorized content, provide conveniently also to illegal piracy and internet worm, accelerate their growth, bring huge impact to the protection of network security and intellectual property.
According to statistics, P2P network traffics have occupied the 60%-70% of whole network traffics, even 80%-90% is reached under extreme case, become genuine " bandwidth killer ", cause the sharply decline of congested and other conventional Internet traffic service quality (QoS, Quality of Service) of operator, enterprise network, campus network critical link.People especially telecom operators recognize more and more significantly and are necessary to carry out deep understanding and analysis to P2P network traffics and network behavior, for monitoring and management P2P provides technical support, in order to complete this target, top priority is exactly effectively identify the P2P network traffics on network.
In prior art, the scheme one applied P2P network traffics is employing port identification method: apply the early stage of rise at P2P, what great majority applied use is all fixed port, such as, Gnutella uses 346-6347 port, and BitTorrent uses 6881-6889 port etc.In this case, identical with identifying the mode that common application is divided into groups to the RM of its flow: to divide into groups needing passive collection in the network of monitoring, then the transport layer header message of grouping is checked, if port numbers is mated with some specific port numbers, then illustrate that this grouping is the grouping of P2P network traffics, according to the action preset, it can be processed.The maximum advantage of this recognition methods is exactly simple, and it does not need to carry out complicated packet transaction and can reach a conclusion; Port identification method seems very effectively simple at the initial stage that P2P application occurs, but along with the development of P2P technology, the method becomes no longer applicable gradually, the technology such as port-hopping, random port, Information hiding are widely used employing by P2P, simply by the coupling of stiff end slogan None-identified go out the existence of this kind of P2P network traffics.
Adopt based on the recognition methods of Application signature to P2P network traffics application scheme two: use random port or camouflage port because Most current P2P applies, simply by the port information analyzing packet header None-identified go out the existence of this kind of application.But, all carry specific message information in the grouping of often kind of application, such as, in http protocol message, there will be the message printed words such as GET, PUT, POST.Similar with it, in various P2P application protocol, also there is similar information.Therefore, the load information that people propose to be carried by inspection packets inner carries out the method for packet identification, that is: based on the recognition technology of Application signature---deep-packet detection (DPI, Deep Packet Inspection) technology.DPI technology is checking network network layers and transport layer data header not only, and detects the content part packaged by net load (payload) of packet in application layer.This technology deeply detects the application rs traffic of packet or data flow, and the net load according to packet makes a decision on how to handle it to packet.Because P2P agreement introduces dynamic port, P2P datagram can only be found out by scanning upper-layer protocol, by carrying out Deep content detection to each P2P message through the network equipment, mark attribute and the recognition result of each data message, to carry out next step flow control policy.Technique uses net load (payload) feature database to store payload characteristic information, and namely the datagram meeting payload feature is considered as P2P datagram.The most crucial technology of DPI technology recognition methods is the selection of string matching algorithm, and efficient string matching algorithm can improve the response performance of program.Conventional several string matching algorithms have: simple string matching algorithm, Krap-Rabin algorithm, string matching automaton and KMP algorithm etc.The shortcoming of DPI technology is: all whole IP datagram will be untied the analysis carrying out agreement one deck, amount of calculation is larger, and speed is slow at every turn.To the detection that new P2P applies, there is hysteresis quality, that is: new P2P application cannot be detected before non-upgrade feature storehouse, effectively could detect this application implementation after the payload feature of new opplication must be found.Very limited to the detectability of encryption P2P application.Algorithm performance is relevant with the complexity of payload feature, and payload feature is more complicated, then detect cost higher, algorithm performance is poorer.
Recognition methods based on transport layer flow behavioural characteristic to the scheme three of P2P network traffics application: based on the recognition methods of the behavioural characteristic of transport layer with all belong to probabilistic classification method based on the recognition methods of transport layer stream statistics, be all by macroscopic analysis transport layer header information, and do not carry out any detection relating to application layer data; Difference is, based on stream statistics P2P basis of characterization be P2P stream data package size, transmission byte number, the attributive character of the stream such as Mean Speed and duration, the P2P network traffics identification based on transport layer behavioural characteristic is then identify according to the IP address of P2P connection and the feature such as the connection features of port numbers and P2P network diameter.The shortcoming of this technology is: flow rate mode identification needs the information recording every bar stream, and, the recognition result of flow rate mode has uncertainty, it is the result based on probability, precision because of the method depends on that the significance degree of P2P network flow characteristic and heuristic rule are to the covering power of this feature, and often finds the universals of P2P network traffics to be very difficult.
Summary of the invention
In view of this, main purpose of the present invention is the method and the device that provide a kind of peer-to-peer network Traffic identification, identifies P2P network traffics fast and accurately.
For achieving the above object, technical scheme of the present invention is achieved in that
The invention provides a kind of method of peer-to-peer network Traffic identification, the method comprises:
Data stream packet is divided into two classes by the length threshold according to arranging, and calculates the type ratio of this two class grouping, and described packet type is prescribed a time limit than the upper of type threshold interval being greater than setting, thinks that described data flow is P2P network traffics.
In such scheme, the method also comprises: arrange two counter smallCount and LargeCount, if block length is less than or equal to set length threshold, then counter smallCount is from increasing 1; If block length is greater than set length threshold, then counter LargeCount is from increasing 1;
The type ratio of described two class groupings is specially: the ratio of counter smallCount and LargeCount count value.
In such scheme, the method also comprises: when described packet type is prescribed a time limit than the lower of type threshold interval being less than setting, then think that this data flow is non-P2P network traffics; When described packet type ratio is within the scope of type threshold interval, then think that this data flow is doubtful P2P network traffics.
In such scheme, described length threshold is set to any integer value between [500,1000] Byte interval range; Described type threshold interval is set to [0.8,1.2].
In such scheme, when thinking that this data flow is doubtful P2P network traffics, the method also comprises: doubtful P2P network traffics identified by comparison algorithm and adopt fixed port to carry out the P2P network traffics that communicate, and by unidentified go out doubtful P2P network traffics enter traffic characteristic and detect.
In such scheme, traffic characteristic detect in, doubtful P2P network traffics are identified P2P network traffics by traffic characteristic detection method, and by unidentified go out doubtful P2P network traffics enter feature field detect.
In such scheme, feature field detect in, doubtful P2P network traffics are identified P2P network traffics by pattern matching algorithm, and by unidentified go out doubtful P2P network traffics enter current limliting detect.
In such scheme, in current limliting detects, when doubtful P2P network traffics are greater than set flow threshold, then think that this data flow is P2P network traffics, otherwise, think that this data flow is non-P2P network traffics.
In such scheme, described data stream packet is divided into two classes after, the method also comprises: when total number packets is greater than the total threshold value of setting, calculate this two class grouping type ratio.
Present invention also offers a kind of device of peer-to-peer network Traffic identification, this device comprises: packet type compares identification module, for data stream packet being divided into two classes according to the length threshold arranged, and calculate the type ratio of this two class grouping, described packet type is prescribed a time limit than the upper of type threshold interval being greater than setting, then think that this data flow is P2P network traffics.
In such scheme, described packet type comprises than identification module: counter smallCount sum counter LargeCount; Wherein,
Counter smallCount, for when the length of data stream packet is less than or equal to set length threshold, counter smallCount is from increasing 1;
Counter LargeCount, for when the length of data stream packet is greater than set length threshold, counter LargeCount is from increasing 1;
The type ratio of described two class groupings is specially: the ratio of counter smallCount and LargeCount count value.
In such scheme, described packet type, than identification module, also for prescribing a time limit than the lower of type threshold interval being less than setting when described packet type, then thinks that this data flow is non-P2P network traffics; When described packet type ratio is within the scope of type threshold interval, then think that this data flow is doubtful P2P network traffics.
In such scheme, this device also comprises: port detecting module, traffic characteristic detection module, feature field detection module, current limliting detection module; Wherein,
Port detecting module, for the P2P data flow in the fixed port database in doubtful P2P network traffics and port detecting module is contrasted, being identified by comparison algorithm adopts fixed port to carry out the P2P network traffics that communicate, and by unidentified go out doubtful P2P network traffics enter traffic characteristic detection module;
Traffic characteristic detection module, it is right for source destination address in doubtful P2P network traffics and source port are formed, if form to not in traffic characteristic detection module in static port mapping table, then think that this data flow is P2P network traffics, and by unidentified go out doubtful P2P network traffics enter feature field detection module;
Feature field detection module, for by pattern matching algorithm by character string corresponding in doubtful P2P network traffics compared with the character string of P2P software in dead load (payload) database, identify P2P network traffics, and by unidentified go out doubtful P2P network traffics enter current limliting detection module;
Current limliting detection module, in setting-up time, when doubtful P2P network traffics are greater than set flow threshold, then thinks that this data flow is P2P network traffics, otherwise, think that this data flow is non-P2P network traffics.
P2P network traffics provided by the present invention know method for distinguishing and device, measure the data stream packet length of some, data stream packet is divided into two classes by the length threshold according to arranging, and calculate the type ratio of this two class grouping, if described packet type than the upper limit of type threshold interval being greater than setting, then thinks that this data flow is P2P network traffics.So, the present invention, by judging packet type ratio, can make data flow be divided rapidly and effectively, thus identify P2P network traffics fast and effectively.
Because comparison algorithm, traffic characteristic detection method and feature field detection method are combined identification P2P data flow by the present invention, and only adopt comparison algorithm, traffic characteristic detection method or feature field detection method to identify part P2P data flow, therefore, the shortcoming being used alone said method can be avoided, improve recognition efficiency and accuracy; In addition, the present invention identifies P2P network traffics by the mode of packet type ratio, reduces the overhead that flow detection scheme is brought to a great extent.
Accompanying drawing explanation
Fig. 1 is the method flow diagram of the P2P network traffics identification of the embodiment of the present invention;
Fig. 2 is the structure drawing of device of the P2P network traffics identification of the embodiment of the present invention.
Embodiment
The basic thought of technical solution of the present invention is: the data stream packet length measuring some, data stream packet is divided into two classes by the length threshold according to arranging, and calculate the type ratio of this two class grouping, if described packet type than the upper limit of type threshold interval being greater than setting, then thinks that this data flow is P2P network traffics.
In the process of transfer of data, the network equipment can receive IP traffic, and is stored in by IP traffic in the inner buffer of self, and carries out respective handling to packet data streams.
The P2P network traffics that the embodiment of the present invention provides know method for distinguishing, as shown in Figure 1, comprise the following steps:
Step 101:IP data flow enters the inner buffer of the network equipment;
In this step, according to transmission control protocol/Internet Protocol (TCP/IP, TransmissionControl Protocol/Internet Protocol) IP traffic is divided into groups, and make IP traffic enter the inner buffer of First Input First Output in the network equipment (FIFO, First Input First Output) form in the form of packets.
Step 102: the type distinguishing the data stream packet in inner buffer, and when total number packets is greater than the total threshold value m of setting, perform step 103; Otherwise, return step 101;
In this step, first, arrange two counters smallCount, LargeCount and length threshold t, and measure the length of each data stream packet, if block length is less than or equal to set length threshold t, then counter smallCount is from increasing 1; If block length is greater than set length threshold t, then counter LargeCount is from increasing 1; Like this, data stream packet in inner buffer two types are distinguished into: the grouping number that block length is less than or equal to length threshold t is recorded in counter smallCount, and the grouping number that block length is greater than length threshold t is recorded in counter LargeCount; Wherein, length threshold t can be arranged according to the physical length of data stream packet, generally, block length is between [500,1000] grouping number of Byte interval range is considerably less, so preferably, is set between [500 by length threshold t, 1000] any integer value of Byte interval range, can reach the object distinguishing packet type preferably;
Secondly, total threshold value m is set, and calculates total number packets, total number packets is the count value sum of two counters, when total number packets is less than total threshold value m, then again reads in a grouping, and recalculate total number packets, until total number packets is greater than total threshold value m, perform step 103; Wherein, arranging of total threshold value m can be determined according to network condition, when the sum divided into groups reaches some, method of the present invention can be made to have more general applicability, generally can be set to 100000.
Step 103: calculate packet type ratio, is defined as P2P network traffics by packet type than the data flow higher than the type threshold interval k upper range arranged, and this part P2P network traffics is carried out P2P network flow management, terminates current process; Packet type is defined as doubtful P2P network traffics than the data flow within the scope of type threshold interval k, performs step 104; Packet type is defined as non-P2P network traffics than the data flow lower than the type threshold interval k lower range arranged, and terminates current process.
In this step, packet type is than the ratio for counter smallCount and LargeCount count value; Set type threshold interval k can determine according to network condition, the present invention is according to a large amount of experiments, 100000 data flow samples are utilized to reach a conclusion: when packet type ratio is greater than 1.2, data flow is P2P network traffics, and when packet type ratio is less than 0.8, data flow is non-P2P network traffics, therefore preferably, arrange type threshold interval k to get [0.8,1.2]; By the P2P network flow identification method in this step, the accuracy rate of identification can reach more than 50%, and identifying is rapid.
Step 104: identified by comparison algorithm and adopt fixed port to carry out the P2P network traffics that communicate, and the P2P network traffics identified are carried out P2P network flow management, by unidentified go out doubtful P2P network traffics traffic feature detection;
In this step, by comparison algorithm of the prior art, the P2P data flow of the fixed port database in doubtful P2P data flow and the network equipment is carried out detailed comparisons, identify and adopt fixed port to carry out the P2P network traffics communicated, after this part P2P network traffics being marked, enter P2P network flow management module; And by all the other unidentified go out doubtful P2P network traffics traffic feature detection, perform step 105.
Step 105: identify P2P network traffics by traffic characteristic detection method, and the P2P network traffics identified are carried out P2P network flow management, by unidentified go out doubtful P2P network traffics execution pattern matching detection;
In this step, analyze the protocol header in data flow, source destination address, source port, place destination address and egress mouth, source destination address in doubtful P2P network traffics and source port are formed (pair), as long as use Transmission Control Protocol and User Datagram Protocol (UDP simultaneously, User Datagram Protocol), and source destination address and source port be not in the network device in existing static port mapping table, then determine that this data flow is P2P network traffics, P2P network flow management is carried out after this part P2P network traffics being marked, and by unidentified go out doubtful P2P network traffics perform feature field and detect, perform step 106, wherein, the identifying in this step is by existing techniques in realizing.
Step 106: detected by feature field and identify P2P network traffics, and the P2P network traffics identified are carried out P2P network flow management, by unidentified go out doubtful P2P network traffics perform current limliting and detect;
In this step, by pattern matching algorithm by character string corresponding in doubtful P2P network traffics compared with the character string of P2P software in payload database, and then identify P2P network traffics; And enter P2P network flow management module after the P2P network traffics identified being marked, by unidentified go out doubtful P2P network traffics perform current limliting and detect; Wherein, described pattern matching algorithm can adopt the classic algorithm KMP algorithm in pattern recognition, and the detailed process of this algorithm is not described in detail at this.
Here, can comprise current domestic popular P2P software in payload database, wherein, character string characteristic sequence can comprise :+21 ,-13 ,+0 ,-134 ,-75 ,+18 ,-0 ,+68 ,+80 ,-80 ,+95 ,-95, E3, C5, D4.
In most of the cases, the identification of P2P network traffics substantially can be completed by this step.
Step 107: if doubtful P2P network traffics are greater than set flow threshold in setting-up time, then think that this data flow is P2P network traffics, identified P2P network traffics are carried out P2P network flow management, by unidentified go out data flow all can be considered non-P2P data flow.
In this step, threshold value set here should be determined according to the network bandwidth and congestion situation, such as: when flowing exceed 1Mb/s (mbit), thinks that data flow is P2P data flow.
The present invention identifies P2P network traffics according to the degree consuming time of the complexity detected or detection, P2P network traffics can be identified rapidly by said method, decrease the recognition time of P2P network traffics, make P2P network traffics carry out P2P network flow management in time, improve recognition efficiency and precision.
For realizing said method, present invention also offers the device of a kind of P2P network traffics identification, as shown in Figure 2, this device comprises:
Packet type compares identification module, for measuring the data stream packet length of some, according to set length threshold, data stream packet is divided into two classes, and calculate the type ratio of this two class grouping, if described packet type is than the upper limit being greater than set type threshold interval, then think that this data flow is P2P network traffics.
Wherein, described length threshold can be arranged according to the physical length of data stream packet, and preferably, length threshold is set to any integer value between [500,1000] Byte interval range; Described type threshold interval can be determined according to network condition, and preferably, type threshold interval is set to [0.8,1.2].
Described packet type, than identification module, comprises counter smallCount sum counter LargeCount; Wherein, counter smallCount, for when the length of data stream packet is less than or equal to set length threshold, counter smallCount is from increasing 1;
Counter LargeCount, for when the length of data stream packet is greater than set length threshold, counter LargeCount is from increasing 1.
The number ratio of described two class groupings is specially: the ratio of counter smallCount and LargeCount count value.
Described packet type, than identification module, also for when described packet type is than the lower limit being less than set type threshold interval, then thinks that this data flow is non-P2P network traffics; When described packet type ratio is within the scope of type threshold interval, then think that this data flow is doubtful P2P network traffics.
This device also comprises: port detecting module, traffic characteristic detection module, feature field detection module, current limliting detection module; Wherein,
Port detecting module, for the P2P data flow in the fixed port database in doubtful P2P network traffics and port detecting module is contrasted, being identified by comparison algorithm adopts fixed port to carry out the P2P network traffics that communicate, and by unidentified go out doubtful P2P network traffics enter traffic characteristic detection module;
Traffic characteristic detection module, it is right for source destination address in doubtful P2P network traffics and source port are formed, if form to not in traffic characteristic detection module in static port mapping table, then think that this data flow is P2P network traffics, and by unidentified go out doubtful P2P network traffics enter feature field detection module;
Feature field detection module, for by pattern matching algorithm by character string corresponding in doubtful P2P network traffics compared with the character string of P2P software in dead load (payload) database, identify P2P network traffics, and by unidentified go out doubtful P2P network traffics enter current limliting detection module;
Current limliting detection module, in setting-up time, when doubtful P2P network traffics are greater than set flow threshold, then thinks that this data flow is P2P network traffics, otherwise, think that this data flow is non-P2P network traffics.
The above, be only preferred embodiment of the present invention, be not intended to limit protection scope of the present invention, and all any amendments done within the spirit and principles in the present invention, equivalent replacement and improvement etc., all should be included within protection scope of the present invention.
Claims (6)
1. reciprocity P2P network traffics know a method for distinguishing, and it is characterized in that, the method comprises:
Data stream packet is divided into two classes by the length threshold according to arranging, and calculates the type ratio of this two class grouping, and described packet type is prescribed a time limit than the upper of type threshold interval being greater than setting, thinks that described data flow is P2P network traffics; Described packet type is prescribed a time limit than the lower of type threshold interval being less than setting, thinks that this data flow is non-P2P network traffics; When described packet type ratio is within the scope of type threshold interval, think that this data flow is doubtful P2P network traffics;
When thinking that this data flow is doubtful P2P network traffics, the method also comprises: doubtful P2P network traffics identified by comparison algorithm and adopt fixed port to carry out the P2P network traffics that communicate, and by unidentified go out doubtful P2P network traffics enter traffic characteristic and detect; Traffic characteristic detect in, doubtful P2P network traffics are identified P2P network traffics by traffic characteristic detection method, and by unidentified go out doubtful P2P network traffics enter feature field detect; Feature field detect in, doubtful P2P network traffics are identified P2P network traffics by pattern matching algorithm, and by unidentified go out doubtful P2P network traffics enter current limliting detect; In current limliting detects, when doubtful P2P network traffics are greater than set flow threshold, then think that this data flow is P2P network traffics, otherwise, think that this data flow is non-P2P network traffics.
2. method according to claim 1, is characterized in that, the method also comprises: arrange two counter smallCount and LargeCount, if block length is less than or equal to set length threshold, then counter smallCount is from increasing 1; If block length is greater than set length threshold, then counter LargeCount is from increasing 1;
The type ratio of described two class groupings is specially: the ratio of counter smallCount and LargeCount count value.
3. method according to claim 1, is characterized in that, described length threshold is set to any integer value between [500,1000] Byte interval range; Described type threshold interval is set to [0.8,1.2].
4. the method according to any one of claims 1 to 3, is characterized in that, described data stream packet is divided into two classes after, the method also comprises: when total number packets is greater than the total threshold value of setting, calculate this two class grouping type ratio.
5. the device of a peer-to-peer network Traffic identification, it is characterized in that, this device comprises: packet type compares identification module, for data stream packet being divided into two classes according to the length threshold arranged, and calculate the type ratio of this two class grouping, described packet type is prescribed a time limit than the upper of type threshold interval being greater than setting, then think that this data flow is P2P network traffics; Described packet type is prescribed a time limit than the lower of type threshold interval being less than setting, thinks that this data flow is non-P2P network traffics; When described packet type ratio is within the scope of type threshold interval, think that this data flow is doubtful P2P network traffics;
This device also comprises: port detecting module, traffic characteristic detection module, feature field detection module, current limliting detection module; Wherein,
Port detecting module, for the P2P data flow in the fixed port database in doubtful P2P network traffics and port detecting module is contrasted, being identified by comparison algorithm adopts fixed port to carry out the P2P network traffics that communicate, and by unidentified go out doubtful P2P network traffics enter traffic characteristic detection module;
Traffic characteristic detection module, it is right for source destination address in doubtful P2P network traffics and source port are formed, if form to not in traffic characteristic detection module in static port mapping table, then think that this data flow is P2P network traffics, and by unidentified go out doubtful P2P network traffics enter feature field detection module;
Feature field detection module, for by pattern matching algorithm by character string corresponding in doubtful P2P network traffics compared with the character string of P2P software in dead load (payload) database, identify P2P network traffics, and by unidentified go out doubtful P2P network traffics enter current limliting detection module;
Current limliting detection module, in setting-up time, when doubtful P2P network traffics are greater than set flow threshold, then thinks that this data flow is P2P network traffics, otherwise, think that this data flow is non-P2P network traffics.
6. device according to claim 5, is characterized in that, described packet type comprises than identification module: counter smallCount sum counter LargeCount; Wherein,
Counter smallCount, for when the length of data stream packet is less than or equal to set length threshold, counter smallCount is from increasing 1;
Counter LargeCount, for when the length of data stream packet is greater than set length threshold, counter LargeCount is from increasing 1;
The type ratio of described two class groupings is specially: the ratio of counter smallCount and LargeCount count value.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201010199464.1A CN101854366B (en) | 2010-06-10 | 2010-06-10 | Peer-to-peer network flow-rate identification method and device |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201010199464.1A CN101854366B (en) | 2010-06-10 | 2010-06-10 | Peer-to-peer network flow-rate identification method and device |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN101854366A CN101854366A (en) | 2010-10-06 |
| CN101854366B true CN101854366B (en) | 2015-04-01 |
Family
ID=42805631
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201010199464.1A Expired - Fee Related CN101854366B (en) | 2010-06-10 | 2010-06-10 | Peer-to-peer network flow-rate identification method and device |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN101854366B (en) |
Families Citing this family (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102098346B (en) * | 2011-02-23 | 2013-01-23 | 北京邮电大学 | Method for identifying flow of P2P (peer-to-peer) stream media in unknown flow |
| CN102932199B (en) * | 2012-09-19 | 2018-07-27 | 邦讯技术股份有限公司 | A kind of method and system of multiple nucleus system detection P2P streams |
| CN104243225B (en) * | 2013-06-19 | 2017-08-08 | 北京思普崚技术有限公司 | A kind of method for recognizing flux based on deep-packet detection |
| CN104283699A (en) * | 2013-07-01 | 2015-01-14 | 中兴通讯股份有限公司 | Method and device for determining service types |
| CN109067665B (en) | 2018-09-25 | 2022-01-11 | 华为技术有限公司 | Congestion control method and network equipment |
Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101459546A (en) * | 2007-12-11 | 2009-06-17 | 华为技术有限公司 | Recognition method and apparatus for peer-to-peer node flow |
| CN101505314A (en) * | 2008-12-29 | 2009-08-12 | 成都市华为赛门铁克科技有限公司 | P2P data stream recognition method, apparatus and system |
-
2010
- 2010-06-10 CN CN201010199464.1A patent/CN101854366B/en not_active Expired - Fee Related
Patent Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101459546A (en) * | 2007-12-11 | 2009-06-17 | 华为技术有限公司 | Recognition method and apparatus for peer-to-peer node flow |
| CN101505314A (en) * | 2008-12-29 | 2009-08-12 | 成都市华为赛门铁克科技有限公司 | P2P data stream recognition method, apparatus and system |
Also Published As
| Publication number | Publication date |
|---|---|
| CN101854366A (en) | 2010-10-06 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| EP1764951B1 (en) | Statistical trace-based method, apparatus, node and system for real-time traffic classification | |
| Alcock et al. | Libprotoident: traffic classification using lightweight packet inspection | |
| CN101714952B (en) | Method and device for identifying traffic of access network | |
| Tammaro et al. | Exploiting packet‐sampling measurements for traffic characterization and classification | |
| Qin et al. | Robust application identification methods for P2P and VoIP traffic classification in backbone networks | |
| KR100997182B1 (en) | Flow information restricting apparatus and method | |
| CN102724317A (en) | Network data flow classification method and device | |
| CN101854366B (en) | Peer-to-peer network flow-rate identification method and device | |
| US7903657B2 (en) | Method for classifying applications and detecting network abnormality by statistical information of packets and apparatus therefor | |
| JP2013526804A (en) | Method and apparatus for identifying an application protocol | |
| Wang et al. | Using entropy to classify traffic more deeply | |
| CN102571946A (en) | Realization method of protocol identification and control system based on P2P (peer-to-peer network) | |
| Limmer et al. | Improving the performance of intrusion detection using dialog-based payload aggregation | |
| Ubik et al. | Evaluating application-layer classification using a Machine Learning technique over different high speed networks | |
| CN101984635B (en) | Method and system for flow identification of point to point (P2P) protocol | |
| CN101510878A (en) | Method, device and equipment for monitoring peer-to-peer network | |
| Gonzalez et al. | Enhancing network intrusion detection with integrated sampling and filtering | |
| CN115174961A (en) | Multi-platform video flow early identification method facing high-speed network | |
| Zhang et al. | UDP traffic classification using most distinguished port | |
| CN101459546A (en) | Recognition method and apparatus for peer-to-peer node flow | |
| Li et al. | MP-ROOM: Optimal matching on multiple PDUs for fine-grained traffic identification | |
| Yoon et al. | Header signature maintenance for Internet traffic identification | |
| Li et al. | Composite lightweight traffic classification system for network management | |
| Li et al. | HMC: a novel mechanism for identifying encrypted P2P thunder traffic | |
| Lu et al. | Comparison and analysis of flow features at the packet level for traffic classification |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| C41 | Transfer of patent application or patent right or utility model | ||
| TR01 | Transfer of patent right |
Effective date of registration: 20170224 Address after: 561102 Guiyang science and Technology Industrial Park, Jinyang hi tech Zone, Guizhou, China, B527 Patentee after: Guizhou Kai Tong Tong Technology Co., Ltd. Address before: 518057 Nanshan District Guangdong high tech Industrial Park, South Road, science and technology, ZTE building, Ministry of Justice Patentee before: ZTE Corporation |
|
| CF01 | Termination of patent right due to non-payment of annual fee | ||
| CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20150401 Termination date: 20170610 |