CN101924769A - Payload characteristic identification based method for identifying Sohu dragon oath game service - Google Patents
Payload characteristic identification based method for identifying Sohu dragon oath game service Download PDFInfo
- Publication number
- CN101924769A CN101924769A CN2010102605119A CN201010260511A CN101924769A CN 101924769 A CN101924769 A CN 101924769A CN 2010102605119 A CN2010102605119 A CN 2010102605119A CN 201010260511 A CN201010260511 A CN 201010260511A CN 101924769 A CN101924769 A CN 101924769A
- Authority
- CN
- China
- Prior art keywords
- game
- oath
- dragon
- packet
- game service
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Landscapes
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention relates to a payload characteristic identification based method for identifying Sohu dragon oath game service, which identifies the service through verifying characteristic words of a game data packet. The identification method comprises the following steps of: firstly receiving game data by utilizing software, extracting a representative value in the data packet, verifying by using a characteristic value of the dragon oath game, and therefore, identifying whether the service is the dragon oath game service or not. If the verified result is the game service, the subsequent data packets are all dragon oath game data packets. The method has favorable expandability and accuracy and is easy to butt an application interface related to an operator.
Description
Technical field
A online game the semi-gods and the semi-devils that The present invention be directed to current popular carries out the research of traffic identification, how main research detects effective recognition network game service based on the DPI pay load deep, and the model of cognition and the method for network game service have been designed, belong to the technical field of network new business flow identification, and relate to the protocal analysis field.
Technical background
Along with the development of Internet technology with popularize, increasing people will spend on the internet free time, network can provide various services such as news, video, live, shopping online, along with development of internet technology, online game is also very fast to be popularized, and the picture of nowadays playing is very smooth, of a great variety, change has also taken place in people's entertainment way, and the recreation of traditional practical operation is replaced by online game.Most of popular recreation are games on-line of multiple person cooperational operation, and a plurality of clients are linked to recreation simultaneously on the server, and most recreation all are timely, require operation to make an immediate response, time-delay must not surpass half second, so higher to the designing requirement of network portion, response speed is faster.
Online game not only brings people's amusement and recreation, can also take exercise the player team collaboration's ability, can also train for a long time concentrate on, the coordination ability that a plurality of incident is carried out simultaneously.But do not get rid of the possibility of indulging in recreation yet.The client of online game is more and more, also corresponding some safety problems of having brought, as scatter unhealthy information by online game, there are plug-in means, may attach virus during resource downloading and propagate, part player uses steal-number and hack tool etc., brings unsafe hidden danger to network, therefore correct recognition network game service, it is particularly important that the supervisory user behavior seems.
The identification game service also exists the deficiency of technology, and existing technological deficiency mainly contains:
Privately owned during the communication protocol of first recreation, and wherein the part signaling has been used cryptographic algorithm.
The version of second recreation is many, and it is more frequent upgrade, and with most software portion same be that the upgrading of its client often is accompanied by agreement and changes accordingly.
The 3rd recreation provides business such as text, data, and the session characteristics of miscellaneous service is all different, and therefore " cruelty " shutoff to server ip address is not the basic method of dealing with problems, and this can cause can't using of normal game.
Summary of the invention
Technical problem: the objective of the invention is to set up a kind of dragon oath game recognition methods based on the identification of payload characteristic word, and design its model and algorithm, by identification to dragon oath game service, the IP address of analysis user, destination address, source port, destination interface, protocol type, thereby the behavior and the purpose of further analysis user.
Technical scheme: the invention provides the technological frame of effective identification dragon oath game service, and detailed design recognizer, as shown in Figure 1.As can be seen from the figure, as can be seen from the figure, system is divided into four levels, is followed successively by from top to bottom: data collection layer, protocal analysis layer, flow identification (professional perception) layer and game service presentation layer.
Here a clear and definite notion, all the game interaction behaviors after the so-called gaming session general reference user login, reciprocal process such as comprise user's login, authentication, text chat, game process, withdraw from.The corresponding gaming session business of GID.
The key method of this paper is at the flow identification layer, and this layer main method is the semi-gods and the semi-devils session recognition methods.By test and data analysis, find that gaming session possesses certain payload characteristic, FPDP is 3731 in recreation login process or the linking request process, payload characteristic is divided into two kinds: a kind of payload length is 20 bytes, and header byte is 0x9A, 0x00,0x04,0x00,0x00; Another kind of payload length is 31 bytes, and header byte is 0x31,0x02, and 0x19,0x00,0x00).And the packet flag of each bag is push|ack, identifies the grouping of gaming session by DPI pay load deep testing mechanism, according to request login token, identifies the GID in the packet, to indicate a gaming session again.
Yet the change of game version or the change of agreement all can bring the variation of recreation payload characteristic, therefore also will inevitably make above-mentioned recognition methods that certain variation takes place.How can not change system and be a major challenge of algorithm with regard to the adaptation of finishing recreation new business feature by simple configuration, regular expression is an extraordinary solution just, this method adopts regular expression to show the session characteristics of recreation, therefore change or feature when changing when game version, the feature configuration file that this algorithm only needs simply to revise regular expression gets final product, and need not to remodify code and method and promptly accomplishes rapidly and efficiently renewal.
Below introduce each aspect and the recognition methods thereof of this design in detail.
1, data collection layer
Function: this aspect provides for the data acquisition of different links or reproduction technology, as the collection or the reproduction technology of 100/1000MFE, ATM, SDH different rates, to ensure data integrity, to be sent to last layer face---protocal analysis layer reliably.Interface: the interface of this aspect and last layer face is a bitstream data, provides various grouping informations to the upper strata.
2, protocal analysis layer
Function: this aspect provides the protocol analysis for the TCP/IP data, purpose is for enough IP packet header and the header information of TCP/UDP and the packet payload information of necessity thereof is provided to the upper strata, to satisfy identification and the perception of last layer surface current amount identification layer to business.
Interface: the protocal analysis degree of depth of this aspect should be analyzed to the 4th layer of the ICP/IP protocol stack, i.e. transport layer.The interface that its upper strata provides is stream (flow).Stream should be determined by a five-tuple, i.e. flow=(source IP, purpose IP, source port, destination interface, protocol type).Protocol type herein refers to TCP or UDP.If necessary, but storage part payload also in this stream, and the payload size of catching is configurable.
3, flow identification (professional perception) layer
Function: this aspect is the core aspect of whole framework, and main is that features such as the header information of the IP packet header that provides of protocal analysis layer and TCP/UDP and payload information thereof effectively identify game service according to lower floor is provided, and the grouping that it fails to match then abandons.
Interface: the interface that provides to application should be a five-tuple, i.e. source IP, purpose IP, source port, destination interface, protocol type.
4, game service application layer and presentation layer
Identification for game service has very wide significance and using value.Mainly can be applied in:
Traffic statistics of ★ game service and analysis;
The performance evaluation of ★ game service;
★ recreation flow control and information trace;
★ recreation Traffic Anomaly detects;
★ network and information spy.
Embodiment
System adopts the beam split mode that the 10G flow load balance is branched on some the traffic identification processors, and the traffic identification processor is finished the realization of core algorithm, extracts from the grouping of numerous and complicated, analyzes, identification and the related game service that goes out.
The game service supervisory control system is divided into entities such as light-dividing device, game service watch-dog, core database server and application server.The 10G flow is divided toward some game monitor server apparatus by light-dividing device, the flow of every game monitor server apparatus carrying gigabit identifies after the service traffics, and business information is sent to core database in real time, and by application server issue, access topology.
System's access way is divided into two kinds: a kind of for series model, and be about to the game monitor system and connect and implement to detect and control in the backbone network; Another kind is a paralleling model, promptly adopts the mode of monitoring to finish and detects and control.Series model can influence whole network topology, and more or less can therefore more recommend the parallel access that legacy network is had no effect for legacy network brings hidden danger.
The light-dividing device of system is after real-time beam split is got off from the 10G link, it is divided into the several flow points to some watch-dogs, watch-dog adopts high performance flow collection technology to receive all flows, and call game service identification engine automatically flow is carried out real-time identification, and control according to user-defined strategy, as shutoff, interference or clearance etc.
Claims (1)
1. dragon oath game service recognition methods based on payload characteristic identification is characterized in that this method carries out verification with the unique characteristic of dragon oath game packet, and concrete steps are:
1) initialization Hash table: this Hash table is used to store dragon oath game session sign, be gaming session ID, this sign is represented with recreation register account number and its IP address tuple, GID can only corresponding IP address, the all elements of Hash table are initialized as 0, and promptly the IP address of all GID correspondences is initialized as 0;
2) receive the recreation tcp data bag that will detect;
Whether, to judge this packet be dragon oath game packet, judge whether this grouping is the request login token data bag of dragon oath game again according to the dragon oath game payload characteristic if 3) carrying out DPI and detecting; In this way, then obtain GID, change step 4); If it fails to match, packet discard changes step 2);
4) judge whether this session is present in the Hash table, in this way, then packet discard changes step 2); As not being the commentaries on classics step 5);
5) preserve this game medium stream packets sign, this sign is made up of dragon oath game number of the account and login IP address two tuples;
6) dragon oath game is discerned successfully, finishes.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2010102605119A CN101924769A (en) | 2010-08-24 | 2010-08-24 | Payload characteristic identification based method for identifying Sohu dragon oath game service |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2010102605119A CN101924769A (en) | 2010-08-24 | 2010-08-24 | Payload characteristic identification based method for identifying Sohu dragon oath game service |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN101924769A true CN101924769A (en) | 2010-12-22 |
Family
ID=43339413
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN2010102605119A Pending CN101924769A (en) | 2010-08-24 | 2010-08-24 | Payload characteristic identification based method for identifying Sohu dragon oath game service |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN101924769A (en) |
Cited By (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103023670A (en) * | 2011-09-20 | 2013-04-03 | 中兴通讯股份有限公司 | Message service type identifying method and message service type identifying device based on data processing installation (DPI) |
| CN107925611A (en) * | 2015-08-05 | 2018-04-17 | 高通股份有限公司 | Deep packet for moving CDN inspects instruction |
| CN108282517A (en) * | 2017-12-21 | 2018-07-13 | 福建天泉教育科技有限公司 | A kind of method and terminal of web services upgrading |
| CN110465094A (en) * | 2019-08-19 | 2019-11-19 | 福建天晴在线互动科技有限公司 | A kind of plug-in detection method of game based on IP port diagnostic |
| CN112769816A (en) * | 2021-01-04 | 2021-05-07 | 烽火通信科技股份有限公司 | Power supply monitoring high-speed CAN message processing method and system |
| CN112887289A (en) * | 2021-01-19 | 2021-06-01 | 恒安嘉新(北京)科技股份公司 | Network data processing method and device, computer equipment and storage medium |
-
2010
- 2010-08-24 CN CN2010102605119A patent/CN101924769A/en active Pending
Cited By (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103023670A (en) * | 2011-09-20 | 2013-04-03 | 中兴通讯股份有限公司 | Message service type identifying method and message service type identifying device based on data processing installation (DPI) |
| CN103023670B (en) * | 2011-09-20 | 2017-09-08 | 中兴通讯股份有限公司 | Message traffic kind identification method and device based on DPI |
| CN107925611A (en) * | 2015-08-05 | 2018-04-17 | 高通股份有限公司 | Deep packet for moving CDN inspects instruction |
| US11444879B2 (en) | 2015-08-05 | 2022-09-13 | Qualcomm Incorporated | Deep packet inspection indication for a mobile CDN |
| CN108282517A (en) * | 2017-12-21 | 2018-07-13 | 福建天泉教育科技有限公司 | A kind of method and terminal of web services upgrading |
| CN110465094A (en) * | 2019-08-19 | 2019-11-19 | 福建天晴在线互动科技有限公司 | A kind of plug-in detection method of game based on IP port diagnostic |
| CN112769816A (en) * | 2021-01-04 | 2021-05-07 | 烽火通信科技股份有限公司 | Power supply monitoring high-speed CAN message processing method and system |
| CN112769816B (en) * | 2021-01-04 | 2022-06-21 | 烽火通信科技股份有限公司 | Power supply monitoring high-speed CAN message processing method and system |
| CN112887289A (en) * | 2021-01-19 | 2021-06-01 | 恒安嘉新(北京)科技股份公司 | Network data processing method and device, computer equipment and storage medium |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN110753064B (en) | Machine learning and rule matching fused security detection system | |
| CN101924769A (en) | Payload characteristic identification based method for identifying Sohu dragon oath game service | |
| CN103428261B (en) | Pass through the method for hardware aid in treatment http header | |
| CN105389193B (en) | Accelerated processing method, device and system, the server of application | |
| KR101269671B1 (en) | Game grammar based packet capture analyzing apparatus for game testing and its method | |
| CN102724317B (en) | A kind of network traffic data sorting technique and device | |
| CN110168499A (en) | The context service abundant based on attribute is executed on host | |
| CN105162626B (en) | Network flow depth recognition system and recognition methods based on many-core processor | |
| CN102664789B (en) | The processing method of a kind of large-scale data and system | |
| CN107431663A (en) | Net flow assorted | |
| CN105847078B (en) | A kind of HTTP flow fining recognition methods based on DPI self-study mechanism | |
| CN103701783B (en) | Preprocessing unit, data processing system consisting of same, and processing method | |
| CN110519177A (en) | A kind of network flow identification method and relevant device | |
| CN105634835B (en) | A kind of cloud auditing method of Internet data, system and audit router | |
| CN105491444B (en) | A kind of data identifying processing method and device | |
| CN113591085B (en) | Android malicious application detection method, device and equipment | |
| CN106330584A (en) | Identification method and identification device of business flow | |
| CN110213124A (en) | Passive operation system identification method and device based on the more sessions of TCP | |
| CN106972985A (en) | Accelerate the method and DPI equipment of the processing of DPI device datas and forwarding | |
| CN106789242A (en) | A kind of identification application intellectual analysis engine based on mobile phone client software behavioral characteristics storehouse | |
| CN104994016A (en) | Method and apparatus for packet classification | |
| CN108289093A (en) | The construction method and structure system in App application condition codes library | |
| CN104657747A (en) | Online game stream classifying method based on statistical characteristics | |
| CN105207997B (en) | A kind of message forwarding method and system of attack protection | |
| CN106559498A (en) | Air control data collection platform and its collection method |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| DD01 | Delivery of document by public notice |
Addressee: Wuxi Kaichuang Information Technology Co., Ltd Document name: Notification of before Expiration of Request of Examination as to Substance |
|
| C02 | Deemed withdrawal of patent application after publication (patent law 2001) | ||
| WD01 | Invention patent application deemed withdrawn after publication |
Application publication date: 20101222 |