CN102045195A - Traffic identification method and system based on relatedness command control information - Google Patents
Traffic identification method and system based on relatedness command control information Download PDFInfo
- Publication number
- CN102045195A CN102045195A CN 201010562392 CN201010562392A CN102045195A CN 102045195 A CN102045195 A CN 102045195A CN 201010562392 CN201010562392 CN 201010562392 CN 201010562392 A CN201010562392 A CN 201010562392A CN 102045195 A CN102045195 A CN 102045195A
- Authority
- CN
- China
- Prior art keywords
- control information
- stream
- target protocol
- message
- order control
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Landscapes
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention discloses a traffic identification method and a system based on relatedness command control information, and the method comprises the following steps of: S1) analyzing the initial handshake interaction process of target protocol traffic to obtain a command control information set contained in a load and a relatedness set taking interaction as the main characteristic among the command control information; S2) dividing the traffic to be identified into a plurality of streams according to quintuple; S3) judging whether the stream to be identified can carry out message recombination of target protocol or not according to the set of enlightening conditions for the message recombination of the target protocol; S4) checking whether items in the command control information set are contained in a message of the steam to be identified or not; and S5) judging whether the items in the relatedness set are contained in the command control information of the message of the stream to be identified or not. The method and the system are effective and fast, and have better expandability.
Description
Technical field
The present invention relates to information security and monitoring technique field, relate in particular to a kind of method for recognizing flux and system based on relevance order control information.
Background technology
Network flow classification and agreement recognition technology are the core technologies in information security and the monitoring field.Its main task is to go out the affiliated procotol classification of stream according to the information Recognition that message in network flow and the stream comprises.Along with high speed internet technology and Development of Multimedia Technology, effective management of network becomes and more and more is rich in challenge.Traffic classification is the basis of network management, also is the solution network congestion, determines that key service, organization network are attacked, the basis of tracking illegitimate traffic.
Classification of existing network flow and agreement recognition technology comprise: based on the technology in packet header, based on the technology of agreement with based on the technology of behavior.Classification and recognition methods mainly contain: based on the method for pattern matching, based on the method for adding up with based on the method for machine learning.
Pass through the field analysis in the load in the bag is obtained the fixed mode of specific fields in the target protocol based on the technology of packet header and agreement, and the method for application model coupling is carried out agreement identification.This class methods recognition speed is fast, the accuracy rate height, but it is bigger to upgrade cost, can't discern encipher flux and agreement.
Mainly utilize the transport behavior feature of target protocol in network based on the technology of behavior, the method for applied statistics and machine learning is carried out network flow classification and identification.These class methods recognition speed and accuracy rate generally speaking all is inferior to matching process based on packet header and agreement.But these class methods do not need to analyze the content in the load, therefore can discern encipher flux.
Although traditional based on port the traffic classification method and based on the traffic classification method of constantly acting load feature still in a large amount of uses, increasing dynamic protocol and cryptographic protocol make the traffic classification method validity based on bag constantly reduce.
Summary of the invention
(1) technical problem that will solve
Technical problem to be solved by this invention is: the speed, validity and the scope of application that improve stream identification.
(2) technical scheme
For addressing the above problem, the invention provides a kind of method for recognizing flux based on relevance order control information, the method comprising the steps of:
S1. the initial handshake reciprocal process of target protocol flow is analyzed, is obtained the order control information set that comprises in the load, and between the described order control information being the set of the association of principal character alternately;
S2. according to five-tuple flow to be identified is divided into many streams;
S3. according to the enlightening set of circumstances of the message of target protocol reorganization, judge whether stream to be identified can carry out the message reorganization of target protocol, if can not, then be written into next bar stream, and execution in step S3 again, if energy, then execution in step S4;
S4. check item that whether comprises in the message of stream to be identified in the described order control information set,, judge that then this stream is non-described target protocol flow, be written into next bar and flow, and return step S3 if do not comprise, as if comprising, execution in step S5 then;
Whether the order control information of S5. judging the message of stream to be identified meets the item in the described relation integration, if do not meet, judge that then described stream is non-described target protocol flow, be written into next bar stream, and return step S3, if meet, judge that then described stream is described target protocol flow, be written into next bar stream, and return step S3.
Wherein, further comprise at step S1:
S1.1 grasps the pure flow of target protocol;
S1.2 carries out the five-tuple shunting to the pure flow of described target protocol;
S1.3 defines the message of described target protocol, obtains the enlightening condition of the message reorganization of described target protocol;
S1.4 carries out the message reorganization with each stream in the pure flow of described target protocol according to definition among the step S1.3 and enlightening condition, acquisition is positioned at the order control information set of the selected reciprocal process of flow of load starting position, and to described order control information according to be the association of carrying out of principal character alternately;
S1.5 carries out similarity cluster and simplification to described association, obtains the set of the association between the order control information.
Wherein, among the step S1.1, grasping means is to pass through fire compartment wall and packet catcher in virtual machine, moves described target protocol software, grasps the pure flow of described target protocol.
Wherein, described five-tuple is: source IP, purpose IP, source port, destination interface and protocol number.
Wherein, the message of the described target protocol of definition further comprises among the step S1.3:
The stream of S1.31 objective definition agreement, the ordered set of forming for the bag that in setting-up time, has identical five-tuple;
The message of S1.32 objective definition agreement is one in the stream of target protocol interactive step independently, and a message comprises one or more described bags.
Wherein, among the step S1.4, the effective attribute that is comprised in each message comprises: order, length, whether comprise the transmission data.
Wherein, the method for the similarity cluster among the step S1.5 is the k-means clustering algorithm.
The present invention also provides a kind of flux recognition system based on relevance order control information, this system comprises: analysis module, be used for the initial handshake reciprocal process of target protocol flow is analyzed, obtain the order control information set that comprises in the load, and between the described order control information being the set of the association of principal character alternately; Diverter module is used for according to five-tuple flow to be identified being divided into many streams; First identification module is used for the enlightening set of circumstances according to the message reorganization of target protocol, judges whether stream to be identified can carry out the message reorganization of target protocol; Second identification module, whether the message that is used for checking stream to be identified comprises the item in the described order control information set; The 3rd identification module is used for judging whether the order control information of the message of stream to be identified meets the item of described relation integration, if do not meet, judges that then described stream is non-described target protocol flow if meet, and judges that then described stream is described target protocol flow.
Wherein, described quick analysis module further comprises: placement unit is used to grasp the pure flow of target protocol; Dividing cell is used for the pure flow of described target protocol is carried out the five-tuple shunting; Definition unit is used to define the message of described target protocol, obtains the enlightening condition of the message reorganization of described target protocol; The message recomposition unit, each stream in the pure flow of described target protocol is carried out the message reorganization according to definition in the definition unit and enlightening condition, acquisition is positioned at the order control information set of the selected reciprocal process of flow of load starting position, and to described order control information according to be the association of carrying out of principal character alternately; Cluster cell is used for similarity cluster and simplification are carried out in described association, obtains the set of the association between the order control information.
(3) beneficial effect
Method and system of the present invention at first come the target protocol flow is analyzed and learnt by message reorganization and clustering technique, obtain the set of the association between order control information set and the order control information, adopt then based on stream come flow is discerned and classified at message, order control information and related real-time on-line system thereof, these method and system are effectively, fast and extensibility preferably arranged.
Description of drawings
Fig. 1 is the method for recognizing flux flow chart based on relevance order control information according to one embodiment of the present invention;
Fig. 2 be according to one embodiment of the present invention based in the method for recognizing flux of relevance order control information to the quick analysis process figure of target protocol flow;
Fig. 3 is the state relation process schematic diagram of two crucial reciprocal processes of http protocol;
Fig. 4 (a) is the state relation process schematic diagram of QQ text chat agreement idle condition and chat state;
Fig. 4 (b) is the state relation process schematic diagram of QQ text chat agreement logging status.
Embodiment
For method for recognizing flux and system based on relevance order control information proposed by the invention, describe in detail in conjunction with the accompanying drawings and embodiments.
Method of the present invention is a kind of novel stream recognition method based on stream, and it can carry out distinguishing effectively fast to polytype protocol traffic, comprises standard agreement (as http protocol etc.), the agreement of dynamic encryption (as the instant messaging agreement etc.).The inventive method mainly is to seek the association process of the order control information in the communication, and in the ordinary course of things, stream is the frequent reciprocal process of shaking hands of this agreement always at first.The present invention at first carries out based on the agility analysis of ordering the control information association the initial handshake reciprocal process of target protocol flow, the message of objective definition agreement, and the pure flow of the target protocol that grasps carried out the reorganization cluster of message, finally obtain representing the order control information relation integration (embodying) of selected crucial reciprocal process with state transition diagram and state machine form.In online real-time grading process, utilize the order control information then and order that control information is related judges whether stream to be identified belongs to target protocol.Method of the present invention has advantages such as quick, effective, applied widely.
As shown in Figure 1, the method for recognizing flux based on relevance order control information according to one embodiment of the present invention comprises:
S1. the initial handshake reciprocal process of target protocol flow is carried out agility and analyzes, obtain the order control information that comprises in the load, and between the described order control information being the set of the association of principal character alternately;
As shown in Figure 2, step S1 further comprises:
S1.1 grasps the pure flow of magnanimity target protocol, promptly all be the flow of target protocol, and grasping means is not have or do not enabling the network application that other can produce flow as far as possible, be to pass through fire compartment wall in the clean virtual machine, packet catcher etc., operational objective software, the pure flow of extracting target protocol;
S1.2 to the pure flow of target protocol by<source IP, purpose IP, source port, destination interface, protocol number>five-tuple shunting;
S1.3 according to the observation and analyze, the message of objective definition agreement, and according to the definition of the message of target protocol, find out the enlightening condition of the message reorganization of target protocol can effectively be carried out stream the message reorganization according to these enlightening conditions;
In this step, at first provide the definition of stream, flow for have in a period of time identical five-tuple<source IP, purpose IP, source port, destination interface, protocol number>the ordered set formed of bag, promptly flow S=<P
1, P
2..., P
n>, P wherein
i(i=1,2 ... n) be continuous bag in the stream.Interactive step independently in the message representative stream, a message is made up of one or more bags, and a kind of message definition of agreement is M (a
1, a
2..., a
i), promptly this message comprises i attribute, and these attributes generally include effective attribute: command string, length, whether comprise transmission data etc., a stream can be expressed as S=<M
1, M
2..., M
m>, m<n wherein.
S1.4 is reassembled as a plurality of message with each stream of target protocol by above-mentioned definition and enlightening condition, acquisition is positioned at the set of the order control information of the selected crucial reciprocal process of the flow of load starting position, and the order control information is carried out association according to reciprocal process;
S1.5 according to the command string that is comprised in each message, length, whether comprise attribute such as transmission data etc. and carry out the similarity cluster, it is the transfer process set of message, it is simplified, the final set that obtains the association between the order control information, be crucial reciprocal process state machine set K, wherein order the set of control information to be set C.
In cluster process, preferably use the k-means clustering algorithm, N bar stream is promptly arranged in the pure flow of target protocol, be expressed as S
i=<M
I1, M
I2..., M
Im>, i=1 wherein, 2 ..., N.Provide initial cluster state set C with experience according to the observation
0={ c
1(1), c
2(1) ..., c
k(1) }, will flow S
iCluster is to nearest cluster state c
iIn.Iteration is carried out cluster successively, up to final set convergence, i.e. C
i=<MC
I1, MC
I2..., MC
iM
i>, (i=1,2 ..., k).Because communication protocol always has certain immanent structure, therefore in most cases use k-means clustering algorithm result all to restrain.
Continue as shown in Figure 1:
S2. to flow to be identified, at first shunt, according to<source IP, purpose IP, source port, destination interface, protocol number>this five-tuple be divided into many streams with flow;
S3. be that unit discerns with stream, the message that at first whether can be divided into target protocol according to the enlightening condition judgment stream to be identified of target protocol, if not all right then this stream is judged as non-target protocol flow, be written into next bar stream to be judged, go to step S3, if can carry out next step;
S4. check the item that whether comprises in the message wait to judge stream in the order control information set, promptly belong to the order control information of gathering C, if do not comprise, then this stream is judged as non-target protocol flow, be written into next bar stream to be judged, go to step S3, carry out next step if comprise;
Whether the order control information of S5. judging the message of stream to be identified comprises the item in the described relation integration, it is certain the state transitions process among the crucial reciprocal process set K, if do not meet, then this stream is judged as non-target protocol flow, be written into next bar stream to be judged, go to step S3,, go to the judgement that S3 carries out next bar stream if meet then illustrate that stream to be identified belongs to sudden peal of thunder flow.
In said process, general tens to tens bags that only need to check a stream, and several leading ten to 100 left and right sides bytes that each bag only needs to check load get final product, the total N bar stream of flow that our hypothesis is to be classified supposes that every stream needs to check an A bag, and each bag needs to check a B byte, computation complexity O (the N)=AbN of discriminator like this, integral body ONLINE RECOGNITION system is very succinct, and complexity is also lower, can effectively be applied in the actual flow recognition system.
In addition, Xuan Ding crucial reciprocal process is according to the difference of target protocol and difference.
The present invention also provides a kind of flux recognition system based on order control information association, this system comprises: analysis module, be used for the initial handshake reciprocal process of target protocol flow is analyzed, obtain the order control information set that comprises in the load, and between the described order control information being the set of the association of principal character alternately; Diverter module is used for according to five-tuple flow to be identified being divided into many streams; First identification module is used for the enlightening set of circumstances according to the message reorganization of target protocol, judges whether stream to be identified can carry out the message reorganization of target protocol; Second identification module, whether the message that is used for checking stream to be identified comprises the item in the described order control information set; The 3rd identification module is used for judging whether the order control information of the message of stream to be identified meets the item of described relation integration, if do not meet, judges that then described stream is non-described target protocol flow if meet, and judges that then described stream is described target protocol flow.
Wherein, described quick analysis module further comprises: placement unit is used to grasp the pure flow of target protocol; Dividing cell is used for the pure flow of described target protocol is carried out the five-tuple shunting; Definition unit is used to define the message of described target protocol, obtains the enlightening condition of the message reorganization of described target protocol; The message recomposition unit, each stream in the pure flow of described target protocol is carried out the message reorganization according to definition in the definition unit and enlightening condition, acquisition is positioned at the order control information set of the selected reciprocal process of flow of load starting position, and to described order control information according to be the association of carrying out of principal character alternately; Cluster cell is used for similarity cluster and simplification are carried out in described association, obtains the set of the association between the order control information.
Embodiment 1
Present embodiment is an example with the http protocol, and technical scheme of the present invention is described.Wherein two selected crucial reciprocal processes in the set of the association between the order control information of http protocol (solicited status (Request) and responsive state (Response)) as shown in Figure 3.The method for recognizing flux based on relevance order control information of present embodiment comprises step:
S1.1 grasps the pure flow of magnanimity HTTP, and grasping means is to pass through fire compartment wall in clean virtual machine, packet catcher etc., operational objective software, the pure flow of extracting target protocol;
S1.2 to the pure flow of target protocol by<source IP, purpose IP, source port, destination interface, protocol number>five-tuple shunting;
S1.3 according to the observation and analyze, the message of objective definition agreement according to the definition of the message of http protocol, is found out the enlightening condition of the message reorganization of http protocol, inspires row conditions can effectively object flow be carried out the message reorganization according to these;
The message definition of agreement is M (order, whether length comprises data, version), and a stream can be expressed as S=<M
1, M
2..., M
m>.The enlightening condition of http protocol message reorganization is mainly: because HTTP order limited amount and comparatively fixing, so according to HTTP order divide HTTP message be fast also more accurately.
S1.4 is divided into a plurality of message with each stream of http protocol by above-mentioned definition and enlightening condition, extracts the order control information then, obtains order control information set C, comprising: Request order: GET, Post, Options, HEAD, PUT, DELETE, CONNECT, TRACE; And Response order: Informational 1xx, Successful 2xx, Redirection 3xx, Client Error 4xx, Server Error 5xx; After obtaining control command information, can carry out preliminary association to these control command information according to the reciprocal process of message.
After S1.5 obtains preliminary association results, need carry out cluster and simplification to it, that finally obtain is exactly the set K that orders the association between the control information;
In cluster process, use the k-means clustering algorithm, N bar stream is promptly arranged in the pure flow of http protocol, be expressed as Si=<Mi1, Mi2 ..., Mim>, i=1 wherein, 2 ..., N.Provide initial cluster state set C0={c1 (1) with experience according to the observation, c2 (1) ..., ck (1) }, will flow the Si cluster in nearest cluster state ci.Iteration is carried out cluster successively, up to final set convergence, i.e. and Ci=<MCi1, MCi2 ..., MCiMi>, (i=1,2 ..., k).Because communication protocol always has certain immanent structure, therefore in most cases use k-means clustering algorithm result all to restrain.
S2. to flow to be identified, at first shunt, according to<source IP, purpose IP, source port, destination interface, protocol number>this five-tuple be divided into many streams with flow;
S3. be that unit discerns with stream, at first whether can carry out the reorganization of HTTP message according to the observable enlightening condition judgment of http protocol stream to be identified, if not all right then this stream is judged as non-http protocol flow, be written into next bar stream to be judged, go to step S3, if can carry out next step;
S4. check in the message of stream to be identified whether comprise the order control information, promptly belong to the order of gathering C, if do not comprise, then this stream is judged as non-http protocol flow, is written into next bar stream to be judged, goes to step S3, carries out next step if comprise;
S5. the message of judging stream to be identified constitutes certain the state transitions process among the relation integration K whether meet the order control information, if do not meet, then this stream is judged as non-http protocol flow, be written into next bar stream to be judged, go to step S3, if meet then illustrate that stream to be identified belongs to the HTTP flow, go to the judgement that step S3 carries out next bar stream.
Embodiment 2
Present embodiment is an example with QQ text chat agreement, and technical scheme of the present invention is described.The step that the method for recognizing flux based on quick flow analysis of present embodiment comprises is identical with embodiment 1, wherein three the selected crucial reciprocal processes (idle condition, logging status and chat state) in the set of the association between the order control information of QQ text chat agreement as shown in Figure 5, wherein the state relation process of idle condition and chat state is shown in Fig. 5 (a), and the state relation process of logging status is shown in Fig. 5 (b).The enlightening condition of its message reorganization is mainly:
(1) side QQ version is fixed in the stream;
(2) version of all message should belong to a kind of in the version that QQ gone out;
(3) order of QQ is comparatively fixing, and limited amount can be used for distinguishing.
In said process, general tens to tens bags that only need to check a stream, and several leading ten to 100 left and right sides bytes that each bag only needs to check load get final product, suppose the total N bar stream of flow to be classified, suppose that every stream needs to check an A bag, each bag needs to check a B byte, computation complexity O (the N)=AbN of discriminator like this, integral body ONLINE RECOGNITION system is very succinct, and complexity is also lower, can effectively be applied in the actual flow recognition system.
The order control information set C that obtains in the real process:
C={Keep_Alive (S0 among Fig. 5 (a)), Keep_Alive_Resp (S1 among Fig. 5 (a)), Touch (S0 among Fig. 5 (b)), Successful (S1 among Fig. 5 (b)), Token Request (S2 among Fig. 5 (b)), Token Response (S3 among Fig. 5 (b)), Captchas Request (S4 among Fig. 5 (b)), Captchas Response (S5 among Fig. 5 (b)), Password Verifying Request (S6 among Fig. 5 (b)), PasswordVerifying Successful (S7 among Fig. 5 (b)), Login Request (S8 among Fig. 5 (b)), Login Successful (S9 among Fig. 5 (b)), Send Friend Message (S0 among Fig. 5 (c)), Receive Friend Message (S1 among Fig. 5 (c)) }
Above execution mode only is used to illustrate the present invention; and be not limitation of the present invention; the those of ordinary skill in relevant technologies field; under the situation that does not break away from the spirit and scope of the present invention; can also make various variations and modification; therefore all technical schemes that are equal to also belong to category of the present invention, and scope of patent protection of the present invention should be defined by the claims.
Claims (9)
1. method for recognizing flux based on relevance order control information is characterized in that the method comprising the steps of:
S1. the initial handshake reciprocal process of target protocol flow is analyzed, is obtained the order control information set that comprises in the load, and between the described order control information being the set of the association of principal character alternately;
S2. according to five-tuple flow to be identified is divided into many streams;
S3. according to the enlightening set of circumstances of the message of target protocol reorganization, judge whether stream to be identified can carry out the message reorganization of target protocol, if can not, then be written into next bar stream, and execution in step S3 again, if energy, then execution in step S4;
S4. check item that whether comprises in the message of stream to be identified in the described order control information set,, judge that then this stream is non-described target protocol flow, be written into next bar and flow, and return step S3 if do not comprise, as if comprising, execution in step S5 then;
Whether the order control information of S5. judging the message of stream to be identified meets the item in the described relation integration, if do not meet, judge that then described stream is non-described target protocol flow, be written into next bar stream, and return step S3, if meet, judge that then described stream is described target protocol flow, be written into next bar stream, and return step S3.
2. the method for recognizing flux based on relevance order control information as claimed in claim 1 is characterized in that S1 further comprises in step:
S1.1 grasps the pure flow of target protocol;
S1.2 carries out the five-tuple shunting to the pure flow of described target protocol;
S1.3 defines the message of described target protocol, obtains the enlightening condition of the message reorganization of described target protocol;
S1.4 carries out the message reorganization with each stream in the pure flow of described target protocol according to definition among the step S1.3 and enlightening condition, acquisition is positioned at the order control information set of the selected reciprocal process of flow of load starting position, and to described order control information according to be the association of carrying out of principal character alternately;
S1.5 carries out similarity cluster and simplification to described association, obtains the set of the association between the order control information.
3. the method for recognizing flux based on relevance order control information as claimed in claim 2, it is characterized in that among the step S1.1, grasping means is by fire compartment wall and packet catcher in virtual machine, move described target protocol software, grasp the pure flow of described target protocol.
4. the method for recognizing flux based on relevance order control information as claimed in claim 2 is characterized in that, described five-tuple is: source IP, purpose IP, source port, destination interface and protocol number.
5. the method for recognizing flux based on relevance order control information as claimed in claim 2 is characterized in that, the message of the described target protocol of definition further comprises among the step S1.3:
The stream of S1.31 objective definition agreement, the ordered set of forming for the bag that in setting-up time, has identical five-tuple;
The message of S1.32 objective definition agreement is one in the stream of target protocol interactive step independently, and a message comprises one or more described bags.
6. the method for recognizing flux based on relevance order control information as claimed in claim 2 is characterized in that, among the step S1.4, the effective attribute that is comprised in each message comprises: order, length, whether comprise the transmission data.
7. the method for recognizing flux based on relevance order control information as claimed in claim 2 is characterized in that, the method for the similarity cluster among the step S1.5 is the k-means clustering algorithm.
8. the flux recognition system based on relevance order control information is characterized in that, this system comprises:
Analysis module is used for the initial handshake reciprocal process of target protocol flow is analyzed, and obtains the order control information set that comprises in the load, and between the described order control information being the set of the association of principal character alternately;
Diverter module is used for according to five-tuple flow to be identified being divided into many streams;
First identification module is used for the enlightening set of circumstances according to the message reorganization of target protocol, judges whether stream to be identified can carry out the message reorganization of target protocol;
Second identification module, whether the message that is used for checking stream to be identified comprises the item in the described order control information set;
The 3rd identification module is used for judging whether the order control information of the message of stream to be identified meets the item of described relation integration, if do not meet, judges that then described stream is non-described target protocol flow if meet, and judges that then described stream is described target protocol flow.
9. the flux recognition system based on relevance order control information as claimed in claim 8 is characterized in that, described quick analysis module further comprises:
Placement unit is used to grasp the pure flow of target protocol;
Dividing cell is used for the pure flow of described target protocol is carried out the five-tuple shunting;
Definition unit is used to define the message of described target protocol, obtains the enlightening condition of the message reorganization of described target protocol;
The message recomposition unit, each stream in the pure flow of described target protocol is carried out the message reorganization according to definition in the definition unit and enlightening condition, acquisition is positioned at the order control information set of the selected reciprocal process of flow of load starting position, and to described order control information according to be the association of carrying out of principal character alternately;
Cluster cell is used for similarity cluster and simplification are carried out in described association, obtains the set of the association between the order control information.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2010105623922A CN102045195B (en) | 2010-11-23 | 2010-11-23 | Traffic identification method and system based on related command control information |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2010105623922A CN102045195B (en) | 2010-11-23 | 2010-11-23 | Traffic identification method and system based on related command control information |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN102045195A true CN102045195A (en) | 2011-05-04 |
| CN102045195B CN102045195B (en) | 2012-07-25 |
Family
ID=43911009
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN2010105623922A Active CN102045195B (en) | 2010-11-23 | 2010-11-23 | Traffic identification method and system based on related command control information |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN102045195B (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN111181802A (en) * | 2019-12-10 | 2020-05-19 | 中移(杭州)信息技术有限公司 | Protocol data simulation method, device and computer readable storage medium |
Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101714952A (en) * | 2009-12-22 | 2010-05-26 | 北京邮电大学 | Method and device for identifying traffic of access network |
| CN101854295A (en) * | 2010-05-04 | 2010-10-06 | 北京星网锐捷网络技术有限公司 | Method, device and equipment for controlling flow |
-
2010
- 2010-11-23 CN CN2010105623922A patent/CN102045195B/en active Active
Patent Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101714952A (en) * | 2009-12-22 | 2010-05-26 | 北京邮电大学 | Method and device for identifying traffic of access network |
| CN101854295A (en) * | 2010-05-04 | 2010-10-06 | 北京星网锐捷网络技术有限公司 | Method, device and equipment for controlling flow |
Non-Patent Citations (1)
| Title |
|---|
| 《计算机工程与应用》 20071210 李雪 等 一种适用于大规模特征集的快速匹配算法 168-170,212 1-9 , 第34期 * |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN111181802A (en) * | 2019-12-10 | 2020-05-19 | 中移(杭州)信息技术有限公司 | Protocol data simulation method, device and computer readable storage medium |
| CN111181802B (en) * | 2019-12-10 | 2022-02-25 | 中移(杭州)信息技术有限公司 | Protocol data simulation method, device and computer readable storage medium |
Also Published As
| Publication number | Publication date |
|---|---|
| CN102045195B (en) | 2012-07-25 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN110753064B (en) | Machine learning and rule matching fused security detection system | |
| CN101714952B (en) | Method and device for identifying traffic of access network | |
| CN103078897B (en) | A kind of system realizing Web service fine grit classification and management | |
| CN102315974A (en) | Stratification characteristic analysis-based method and apparatus thereof for on-line identification for TCP, UDP flows | |
| CN102035698B (en) | HTTP tunnel detection method based on decision tree classification algorithm | |
| CN104052639B (en) | Real-time multi-application network flow identification method based on support vector machine | |
| CN101841440B (en) | Peer-to-peer network flow identification method based on support vector machine and deep packet inspection | |
| CN107181724A (en) | A kind of recognition methods for cooperateing with stream, system and the server using this method | |
| WO2011050545A1 (en) | Automatic analysis method for unknown application layer protocols | |
| CN102571946B (en) | Realization method of protocol identification and control system based on P2P (peer-to-peer network) | |
| CN106936667A (en) | A kind of main frame real-time identification method based on application rs traffic distributed analysis | |
| CN102932203B (en) | Method and device for inspecting deep packets among heterogeneous platforms | |
| CN104468567B (en) | A kind of system and method for the identification of network multimedia Business Stream and mapping | |
| CN102835090A (en) | Method and apparatus for identifying application protocol | |
| Chen et al. | A CNN-based Packet Classification of eMBB, mMTC and URLLC Applications for 5G | |
| CN106559407A (en) | A kind of Network traffic anomaly monitor system based on SDN | |
| CN107360145A (en) | A kind of multinode honey pot system and its data analysing method | |
| CN105516020A (en) | Parallel network traffic classification method based on ontology knowledge inference | |
| CN110034966A (en) | A kind of method for classifying data stream and system based on machine learning | |
| CN104657747A (en) | Online game stream classifying method based on statistical characteristics | |
| CN114866485A (en) | Network traffic classification method and system based on aggregation entropy | |
| CN108055166A (en) | A kind of the state machine extraction system and its extracting method of the application layer protocol of nesting | |
| CN101984635B (en) | Method and system for flow identification of point to point (P2P) protocol | |
| Min et al. | Online Internet traffic identification algorithm based on multistage classifier | |
| CN102045195B (en) | Traffic identification method and system based on related command control information |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| TR01 | Transfer of patent right |
Effective date of registration: 20171227 Address after: 210042 Xuanwu District, Xuanwu District, Jiangsu, Nanjing, No. 699-22, building 18 Patentee after: CERTUSNET CORP. Address before: 100084 Beijing Haidian District Tsinghua Yuan 100084-82 mailbox Patentee before: Tsinghua University |
|
| TR01 | Transfer of patent right |