CN102340532B - P2P application identification method and device as well as P2P flow management method and device - Google Patents

P2P application identification method and device as well as P2P flow management method and device Download PDF

Info

Publication number
CN102340532B
CN102340532B CN201010238666.2A CN201010238666A CN102340532B CN 102340532 B CN102340532 B CN 102340532B CN 201010238666 A CN201010238666 A CN 201010238666A CN 102340532 B CN102340532 B CN 102340532B
Authority
CN
China
Prior art keywords
address
source
screening set
linking number
application
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Expired - Fee Related
Application number
CN201010238666.2A
Other languages
Chinese (zh)
Other versions
CN102340532A (en
Inventor
孙海波
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing Venus Information Security Technology Co Ltd
Beijing Venus Information Technology Co Ltd
Original Assignee
Beijing Venus Information Security Technology Co Ltd
Beijing Venus Information Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing Venus Information Security Technology Co Ltd, Beijing Venus Information Technology Co Ltd filed Critical Beijing Venus Information Security Technology Co Ltd
Priority to CN201010238666.2A priority Critical patent/CN102340532B/en
Publication of CN102340532A publication Critical patent/CN102340532A/en
Application granted granted Critical
Publication of CN102340532B publication Critical patent/CN102340532B/en
Expired - Fee Related legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Abstract

The invention discloses a P2P application identification method and device as well as a P2P flow management method and device, which respectively overcome the defect of unreasonable network resource distribution and the defect of single management mode of P2P application in the prior art. The P2P application identification method mainly comprises the following steps of: calculating the connection variance of each source IP (Internet Protocol) address in the connection; selecting part of the source IP addresses having connection variances equal to or greater than a preset connection variance threshold or selecting all the source IP addresses to form a primary screened set; screening the source IP addresses in the primary screened set for a second time according to a used connection protocol to form a secondary screened set; and determining whether the P2P application is carried out on the source IP addresses in the secondary screened set right now according to the connections of the source IP addresses in the secondary screened set, the number of ports used by connection ends and a preset port difference threshold. The technical scheme of the P2P application identification technology disclosed by the invention overcomes the defect of unreasonable network resource distribution in the prior art.

Description

P2P application and identification method and device, P2P flow managing method and device
Technical field
The administrative skill that the present invention relates to P2P (point-to-point) application, specifically, relates to a kind of P2P application and identification method and device, and a kind of P2P flow managing method and device.
Background technology
Network management system, as the important means of network safety prevention, is applied increasingly extensive at present.By network internal overall architecture and application are carried out to reasonable disposition, to reach optimum network service efficiency.Adjusting by the monitoring for current network running status and strategy, make Network be able to normal operation smoothly, avoid abuse and the waste of Internet resources, ensure the normal operation of network system, is the effective ways of realizing IT management and controlling.
Along with the development of network, in the middle of current network environment, there is the application of increasing P2P (point-to-point) class.P2P network configuration and application can improve the utilance of Internet resources, improve resource-sharing rate, are main trend of future network development.But owing to lacking unified standard and operating specification, the appearance of P2P application also brings a lot of drawbacks, this is mainly reflected on the abuse for Internet resources, such as the file-sharing based on P2P framework, video playback etc. application, occupied bandwidth is excessive, has a strong impact on use of other proper network business etc.Meanwhile, the modes such as encrypted transmission have been taked in various P2P application gradually, evade traditional detection and administrative skill, make P2P application to be effectively identified and effectively to manage.
Along with P2P, to apply the drawback of bringing day by day serious, and a lot of network security products is considered different measures, wishes that application is effectively managed for P2P.Most network management product is also relatively single to the way to manage of P2P application, such as the products such as fire compartment wall, intrusion prevention system (IPS), UTM (UTM) attempt to provide for P2P application block to solve current P2P the problem of abusing Internet resources.The network management product of most, for the identification of P2P class application, has adopted protocol analysis to add the mode of characteristic matching, detects the concrete application of P2P, as bit stream (BT), electric donkey (emule) etc. in network environment.
Gradually adopt encrypted transmission etc. to hide the P2P application of mode, although can evade traditional detection and management, but it is more and more difficult to have caused for the identification of P2P flow, and then had a strong impact on the consequence of P2P flow moderate management, this is unfavorable for that application is reasonably managed and guides to P2P on the contrary.
On the other hand, some network management technologys adopt the way of single limited flow or linking number (as limited flow rate threshold value or linking number threshold value etc.) to carry out the use of limiting P 2 P application, to avoid the interference of P2P business to normal Network, but this will certainly cause the waste of Internet resources.In general network environment, the Network of working period is busy, now should reduce the use of P2P as far as possible and even stop using, to retain enough bandwidth for regular traffic; And to time the bandwidth free time at night, can suitably improve the scope of application of P2P application, to accomplish the maximum utilization of Internet resources.
Therefore be necessary to develop a kind of can realization P2P application traffic is effectively identified and on this basis, carried out the effectively method of management, distribute unreasonable defect in order to overcome existing network system for resource, guarantee the maximum utilization of Internet resources.
Summary of the invention
Technical problem to be solved by this invention is that a kind of P2P application and identification method and device need to be provided, to overcome the prior art defect unreasonable to Resource Allocation in Networks.
In order to solve the problems of the technologies described above, the invention provides a kind of P2P application and identification method, comprise the steps:
Calculate the linking number variance of each source IP address in connecting;
Choose the part or all of source IP address that described linking number variance is more than or equal to default linking number variance threshold values, form primary screening set;
According to used connection protocol, the source IP address in described primary screening set is carried out to postsearch screening, form postsearch screening set;
According to the linking number of the source IP address in described postsearch screening set, port number that peer end of the connection uses and default port residual quantity threshold value, determine whether the source IP address in described postsearch screening set is carrying out P2P application.
Preferably, when getting in described primary screening set, connect the source IP address of same object IP address with transmission control protocol and user datagram protocol, form described postsearch screening set.
Preferably, add up the linking number that source IP address in described postsearch screening set connects different described object IP address, and the quantity of the destination interface that uses of each described object IP address; The difference of the quantity of described linking number and described destination interface and described port residual quantity threshold value are compared; Determine that the source IP address that described difference is less than or equal to described port residual quantity threshold value is carrying out P2P application.
In order to solve the problems of the technologies described above, the present invention also provides a kind of P2P application identification device, comprising:
Computing module, for calculating the linking number variance of the each source IP address of connection;
First selects module, is more than or equal to the part or all of source IP address of default linking number variance threshold values for choosing described linking number variance, forms primary screening set;
Second selects module, for the connection protocol according to used, the source IP address in described primary screening set is carried out to postsearch screening, forms postsearch screening set;
Identification module, for the port number that uses according to the linking number of the source IP address of described postsearch screening set, peer end of the connection and default port residual quantity threshold value, determines whether the source IP address in described postsearch screening set is carrying out P2P application.
Preferably, when described the first selection module is used for choosing described primary screening set, connect the source IP address of same object IP address with transmission control protocol and user datagram protocol, form described postsearch screening set.
Another technical problem to be solved by this invention is that a kind of P2P flow managing method and device need to be provided, to overcome the way to manage single defect of prior art to P2P application.
In order to solve the problems of the technologies described above, the invention provides a kind of P2P flow managing method, comprise the steps:
Calculate the linking number variance of each source IP address in described connection;
Get the part or all of source IP address that described linking number variance is more than or equal to default linking number variance threshold values, form primary screening set;
According to used connection protocol, the source IP address in described primary screening set is carried out to postsearch screening, form postsearch screening set;
According to the linking number of the source IP address in described postsearch screening set, port number that peer end of the connection uses and default port residual quantity threshold value, determine whether the source IP address in described postsearch screening set is carrying out P2P application;
To carrying out the source IP address of P2P application, according to the predefined time interval, the flow information of its all connections is added up, obtain the transmission speed being respectively connected in current time interval;
According to default flow management strategy and described transmission speed, with the unit of being connected to, each P2P application is carried out to traffic management.
Preferably, when getting in described primary screening set, connect the source IP address of same object IP address with transmission control protocol and user datagram protocol, form described postsearch screening set.
Preferably, add up the linking number that source IP address in described postsearch screening set connects different described object IP address, and the quantity of the destination interface that uses of each described object IP address; The difference of the quantity of described linking number and described destination interface and described port residual quantity threshold value are compared; Determine that the source IP address that described difference is less than or equal to described port residual quantity threshold value is carrying out P2P application.
In order to solve the problems of the technologies described above, the present invention also provides a kind of P2P traffic management device, comprising:
The first computing module, for calculating the linking number variance of the each source IP address of connection;
First selects module, is more than or equal to the part or all of source IP address of default linking number variance threshold values for choosing described linking number variance, forms primary screening set;
Second selects module, for the connection protocol according to used, the source IP address in described primary screening set is carried out to postsearch screening, forms postsearch screening set;
Identification module, for the port number that uses according to the linking number of the source IP address of described postsearch screening set, peer end of the connection and default port residual quantity threshold value, determines whether the source IP address in described postsearch screening set is carrying out P2P application;
The second computing module, for to the source IP address that carries out P2P application, according to the predefined time interval, adds up the flow information of its all connections, obtains the transmission speed being respectively connected in current time interval;
Administration module, for according to default flow management strategy and described transmission speed, carries out traffic management with the unit of being connected to each P2P application.
Preferably, when described the first selection module is used for choosing described primary screening set, connect the source IP address of same object IP address with transmission control protocol and user datagram protocol, form described postsearch screening set.
Technical scheme of the present invention is applicable to the application such as network management technology and network audit technology, compared with prior art:
P2P application identification technical scheme of the present invention overcomes the prior art defect unreasonable to Resource Allocation in Networks, and solved and apply for P2P the technical deficiency that can not accurately identify in traditional product, in real network environment, can carry out in real time P2P application identification.
P2P traffic management technical scheme of the present invention has solved the single technological deficiency of traffic management mode of applying for P2P at present, in real network environment, in real time P2P flow is carried out to tactical management, in the scope allowing at flow management strategy, avoid the waste of Internet resources, improved the flexibility of network management system for P2P application management.
Accompanying drawing explanation
Fig. 1 is the schematic flow sheet of a kind of P2P application and identification method of the embodiment of the present invention;
Fig. 2 is the schematic flow sheet of a kind of P2P flow managing method of the embodiment of the present invention;
Fig. 3 is the composition schematic diagram of a kind of P2P application identification device of the embodiment of the present invention;
Fig. 4 is the composition schematic diagram of a kind of P2P traffic management device of the embodiment of the present invention.
Embodiment
Describe embodiments of the present invention in detail below with reference to drawings and Examples, to the present invention, how application technology means solve technical problem whereby, and the implementation procedure of reaching technique effect can fully understand and implement according to this.
Embodiment mono-, a kind of P2P application and identification method
As shown in Figure 1, the present embodiment mainly comprises the steps:
Step S110, gathers the data on flows connecting;
Step S120, during calculating connects, the linking number variance of each source IP address, chooses the part or all of source IP address that described linking number variance is more than or equal to default linking number variance threshold values, forms primary screening set;
Step S130, carries out connection protocol statistics to the IP address in primary screening set, according to used connection protocol, the source IP address in primary screening set is carried out to postsearch screening, forms postsearch screening set;
Step S140, to the source IP address in postsearch screening set, the port number using according to its linking number, peer end of the connection and default port residual quantity threshold value, determine whether it is carrying out P2P application.
The present embodiment is added up screening according to IP linking number feature, connection protocol feature and IP address and port (IP, port) feature to data on flows, determines the P2P node in current network environment.
In a practical application of the present embodiment, the data on flows sample collecting comprises the transport layer protocol that each message uses, source IP, object IP, source port, destination interface and the flow (byte number, take kilobit (KB) as unit) of this message.For example, the data on flows sample format using in this practical application is as follows:
Table 1, data on flows sample
No. Agreement Source IP Object IP Source port Destination interface Flow (KB)
1 TCP 20.115.16.172 202.102.224.136 1100 1900 56.99
2 UDP 20.115.16.172 169.20.108.159 4357 6200 8467.19
3 TCP 20.115.16.172 169.20.108.159 3476 6843 634.87
4 TCP 202.116.47.48 211.196.1.233 4338 433 64.87
5 UDP 20.115.16.172 202.102.224.136 3256 5987 0.64
Carry out source IP linking number statistics according to above-mentioned data on flows sample, the linking number that for example in upper table, source IP address is 20.115.16.172 is 4, and the linking number that source IP address is 202.116.47.48 is 1.Calculate the linking number variance of each source IP address according to following expression:
Y = ( x 1 - x * ) 2 + ( x 2 - x * ) 2 + . . . + ( x n - x * ) 2 nx * Formula (1)
For same source IP address, x 1... x nrespectively the linking number of this source IP address, x *represent x 1... x naverage, Y represents linking number variance;
This Y value and predefined linking number variance threshold values are compared, if Y value is more than or equal to this linking number variance threshold values, linking number unusual condition has been described, now get Y value higher than the linking number of this threshold value front m source IP address from big to small as primary screening set; Also choose the part or all of source IP address that Y value is more than or equal to this linking number variance threshold values, as this primary screening set.
In this practical application, the detailed process of above-mentioned steps S130 can be,
Judge in the middle of the IP address in primary screening set whether have IP address to exist and be connected simultaneously with same object IP address with transmission control protocol (TCP) and user datagram protocol (UDP) respectively as source IP; For example, in table 1, source IP address 20.115.16.172 is to object IP address 202.102.224.136 and 169.20.108.159 has respectively TCP to connect and UDP connects existence, now retain such source IP address as the element in postsearch screening set, and abandon the IP address that does not meet this condition.
In this practical application, the detailed process of above-mentioned steps S140 can be,
Source IP address in statistics postsearch screening set connects the number of connection of different object IP address, and the quantity of the destination interface that in the middle of these connections, object IP address is used, and the two is contrasted to statistics; If the quantity of number of connection and destination interface differs in the port residual quantity threshold value (this practical application is 10) default (being less than or equal to port residual quantity threshold value), think that this source IP address is carrying out P2P application, be applied as non-P2P application otherwise can think that this source IP address is ongoing; For example, in the middle of 4 connections of the source IP address 20.115.16.172 in table 1, used 4 different destination interfaces, to differ be zero for its number of connection and port number, now can judge that this source IP address is that the node of 20.115.16.172 is carrying out P2P application.
Embodiment bis-, a kind of P2P flow managing method
The object of the present embodiment using the recognition result in above-described embodiment one as P2P flow analysis.As shown in Figure 2, the present embodiment mainly comprises the steps:
Step S210, gathers the data on flows connecting;
Step S220, during calculating connects, the linking number variance of each source IP address, chooses the part or all of source IP address that described linking number variance is more than or equal to default linking number variance threshold values, forms primary screening set;
Step S230, carries out connection protocol statistics to the source IP address in primary screening set, according to used connection protocol, the source IP address in primary screening set is carried out to postsearch screening, forms postsearch screening set;
Step S240, to the source IP address in postsearch screening set, the port number using according to its linking number, peer end of the connection and default port residual quantity threshold value, determine whether it is carrying out P2P application;
Step S250, to carrying out the source IP address of P2P application, according to the predefined time interval, the flow information of all connections to this IP address is added up, and obtains the transmission speed being respectively connected in current time interval;
Step S260, according to default flow management strategy and be respectively connected to the transmission speed in current time interval, carries out traffic management with the unit of being connected to each P2P application.
Continue step S250 and the step S260 of explanation the present embodiment as an example of the aforesaid practical application of embodiment mono-example.
In above-mentioned steps S250, for IP address 20.115.16.172, follow the tracks of the unidirectional connection of the Servers-all end of this IP address in predetermined time interval to client, and the length characteristic of adding up adjacent 150 data messages in these unidirectional connections; When the length difference of two default adjacent data messages is greater than length difference threshold value (this practical application is 500k), counter increases by 1 accordingly, and in the time that length difference is less than this length difference threshold value (500k), counter is not added up.
Obtain thus test result as described in Table 2:
A test result of table 2, this practical application
Figure BSA00000208479400081
That is to say, apply for P2P class, the value of counter every 150 data messages in statistic processes can exceed 15, therefore to set in this step the value of counter be 15 in this practical application, be 20.115.16.172 for IP address, the value of each connection corresponding counts device take this IP address as destination address is greater than at 15 o'clock, assert that this is connected to P2P and connects.
Be connected to basis with the P2P filtering out afterwards, add up the flow information that in each time interval, each P2P connects; The data on flows of for example receiving in current time interval is as shown in table 3:
The data on flows of receiving in table 3, current time interval
No. Agreement Source IP Object IP Source port Destination interface Flow (KB)
1 TCP 202.102.224.136 20.115.16.172 1100 1900 56.99
2 UDP 169.20.108.159 20.115.16.172 4357 6200 8467.19
3 TCP 169.20.108.159 20.115.16.172 3476 6843 634.87
4 TCP 202.116.47.48 20.115.16.172 4338 433 64.87
5 UDP 202.102.224.136 20.115.16.172 3256 5987 0.64
6 TCP 169.20.108.159 20.115.16.172 6843 3476 293.50
7 UDP 202.102.224.136 20.115.16.172 5987 3256 420.89
Calculate the transmission speed of each unidirectional connection, the time interval using in this practical application is 30 seconds, and the transmission speed that calculates each connection is as table 4:
The flow information of table 4, unidirectional connection
No. Agreement Source IP Object IP Source port Destination interface Speed (KB/ second)
1 TCP 202.102.224.136 20.115.16.172 1100 1900 1.9
2 UDP 169.20.108.159 20.115.16.172 4357 6200 282.2
3 TCP 169.20.108.15 920.115.16.172 3476 6843 21.2
4 UDP 202.102.224.136 20.115.16.172 3256 5987 0.02
5 TCP 202.116.47.48 20.115.16.172 4338 433 2.2
6 TCP 169.20.108.159 20.115.16.172 6843 3476 9.8
7 UDP 202.102.224.136 20.115.16.172 5987 3256 14.1
In above-mentioned steps S260, after receiving the transmission speed of each connection, according to predefined flow management strategy, can carry out the enforcement of P2P traffic management.
In aforesaid practical application, flow management strategy is while being limited to every connection 10kb/ second on P2P connection traffic.Being numbered 2,3,7 connection and will being terminated in table 4, will be retained and be numbered 1,4,5,6 connection, not limit; If the flow management strategy of now setting is (guarantee linking number as far as possible less time) while being limited to 30kb/ second in unidirectional connection total flow simultaneously, in table 4, being numbered 1,3,4,5 connection will be retained, and will be terminated and be numbered 2,6,7 connection.Similarly, this step can, according to for heterogeneous networks situation and predefined flow management strategy, be processed each connection of P2P application, to reach predefined traffic policy accordingly.
Embodiment tri-, a kind of P2P application identification device,
As shown in Figure 3, the recognition device of the present embodiment mainly comprises acquisition module 310, computing module 320, the first selection module 330, the second selection module 340 and identification module 350, wherein:
Acquisition module 310, for gathering the data on flows of connection;
Computing module 320, is connected with acquisition module 310, for calculating the linking number variance of the each source IP address of described connection;
First selects module 330, is connected with computing module 320, is more than or equal to the part or all of source IP address of default linking number variance threshold values for choosing described linking number variance, forms primary screening set;
Second selects module 340, is connected with the first selection module 330, for the connection protocol according to used, the source IP address in described primary screening set is carried out to postsearch screening, forms postsearch screening set;
Identification module 350, be connected with the second selection module 340, for the port number that uses according to the linking number of the source IP address of described postsearch screening set, peer end of the connection and default port residual quantity threshold value, determine whether the source IP address in described postsearch screening set is carrying out P2P application.
Above-mentioned first selects module 330 to connect the source IP address of same object IP address for choosing described primary screening set when with transmission control protocol and user datagram protocol, forms described postsearch screening set.
Embodiment tetra-, a kind of P2P traffic management device
As shown in Figure 4, the management devices of the present embodiment mainly comprises acquisition module 410, the first computing module 420, the first selection module 430, the second selection module 440, identification module 450, the second computing module 460 and administration module 470, wherein:
Acquisition module 410, for gathering the data on flows of connection;
The first computing module 420, is connected with acquisition module 410, for calculating the linking number variance of the each source IP address of described connection;
First selects module 430, is connected with the first computing module 420, is more than or equal to the part or all of source IP address of default linking number variance threshold values for choosing described linking number variance, forms primary screening set;
Second selects module 440, is connected with the first selection module 430, for the connection protocol according to used, the source IP address in described primary screening set is carried out to postsearch screening, forms postsearch screening set;
Identification module 450, be connected with the second selection module 440, for the port number that uses according to the linking number of the source IP address of described postsearch screening set, peer end of the connection and default port residual quantity threshold value, determine whether the source IP address in described postsearch screening set is carrying out P2P application;
The second computing module 460, is connected with identification module 450, for to the source IP address that carries out P2P application, according to the predefined time interval, the flow information of its all connections is added up, and obtains the transmission speed being respectively connected in current time interval;
Administration module 470, is connected with the second computing module 460, for according to default flow management strategy and described transmission speed, with the unit of being connected to, each P2P application is carried out to traffic management.
Above-mentioned first selects module 430 to connect the source IP address of same object IP address for choosing described primary screening set when with transmission control protocol and user datagram protocol, forms described postsearch screening set.
P2P application identification technical scheme of the present invention has solved and has applied for P2P the technological deficiency that can not accurately identify in traditional product, P2P traffic management technical scheme of the present invention has solved the single technological deficiency of traffic management mode of applying for P2P at present, realize respectively and in real network environment, carried out in real time P2P application identification and carry out tactical management for P2P flow, there is the fast and advantage such as accurate flexibly of speed simultaneously.
P2P traffic management technical scheme of the present invention can guarantee the use of other proper network business (non-P2P application), the use of carrying out P2P business in the scope that also can allow at flow management strategy, to avoid the waste of Internet resources, has improved the flexibility of network management system for P2P application management.

Claims (4)

1. a P2P application and identification method, comprises the steps:
Calculate the linking number variance of each source IP address in connecting;
Choose the part or all of source IP address that described linking number variance is more than or equal to default linking number variance threshold values, form primary screening set;
According to used connection protocol, source IP address in described primary screening set is carried out to postsearch screening, form postsearch screening set, wherein, the source IP address that connects same object IP address when getting in described primary screening set with transmission control protocol and user datagram protocol, forms described postsearch screening set;
According to the linking number of the source IP address in described postsearch screening set, port number that peer end of the connection uses and default port residual quantity threshold value, determine whether the source IP address in described postsearch screening set is carrying out P2P application, wherein, add up the linking number that source IP address in described postsearch screening set connects different described object IP address, and the quantity of the destination interface that uses of each described object IP address; The difference of the quantity of described linking number and described destination interface and described port residual quantity threshold value are compared; Determine that the source IP address that described difference is less than or equal to described port residual quantity threshold value is carrying out P2P application.
2. a P2P flow managing method, comprises the steps:
Calculate the linking number variance of each source IP address in connecting;
Get the part or all of source IP address that described linking number variance is more than or equal to default linking number variance threshold values, form primary screening set;
According to used connection protocol, source IP address in described primary screening set is carried out to postsearch screening, form postsearch screening set, wherein, the source IP address that connects same object IP address when getting in described primary screening set with transmission control protocol and user datagram protocol, forms described postsearch screening set;
According to the linking number of the source IP address in described postsearch screening set, port number that peer end of the connection uses and default port residual quantity threshold value, determine whether the source IP address in described postsearch screening set is carrying out P2P application, wherein, add up the linking number that source IP address in described postsearch screening set connects different described object IP address, and the quantity of the destination interface that uses of each described object IP address; The difference of the quantity of described linking number and described destination interface and described port residual quantity threshold value are compared; Determine that the source IP address that described difference is less than or equal to described port residual quantity threshold value is carrying out P2P application;
To carrying out the source IP address of P2P application, according to the predefined time interval, the flow information of its all connections is added up, obtain the transmission speed being respectively connected in current time interval;
According to default flow management strategy and described transmission speed, with the unit of being connected to, each P2P application is carried out to traffic management.
3. a P2P application identification device, comprising:
Computing module, for calculating the linking number variance of the each source IP address of connection;
First selects module, is more than or equal to the part or all of source IP address of default linking number variance threshold values for choosing described linking number variance, forms primary screening set;
Second selects module, be used for according to used connection protocol, source IP address in described primary screening set is carried out to postsearch screening, form postsearch screening set, wherein, the source IP address that connects same object IP address when choosing in described primary screening set with transmission control protocol and user datagram protocol, forms described postsearch screening set;
Identification module, for the port number that uses according to the linking number of the source IP address of described postsearch screening set, peer end of the connection and default port residual quantity threshold value, determine whether the source IP address in described postsearch screening set is carrying out P2P application, wherein, add up the linking number that source IP address in described postsearch screening set connects different described object IP address, and the quantity of the destination interface that uses of each described object IP address; The difference of the quantity of described linking number and described destination interface and described port residual quantity threshold value are compared; Determine that the source IP address that described difference is less than or equal to described port residual quantity threshold value is carrying out P2P application.
4. a P2P traffic management device, comprising:
The first computing module, for calculating the linking number variance of the each source IP address of connection;
First selects module, is more than or equal to the part or all of source IP address of default linking number variance threshold values for choosing described linking number variance, forms primary screening set;
Second selects module, be used for according to used connection protocol, source IP address in described primary screening set is carried out to postsearch screening, form postsearch screening set, wherein, the source IP address that connects same object IP address when choosing in described primary screening set with transmission control protocol and user datagram protocol, forms described postsearch screening set;
Identification module, for the port number that uses according to the linking number of the source IP address of described postsearch screening set, peer end of the connection and default port residual quantity threshold value, determine whether the source IP address in described postsearch screening set is carrying out P2P application, wherein, add up the linking number that source IP address in described postsearch screening set connects different described object IP address, and the quantity of the destination interface that uses of each described object IP address; The difference of the quantity of described linking number and described destination interface and described port residual quantity threshold value are compared; Determine that the source IP address that described difference is less than or equal to described port residual quantity threshold value is carrying out P2P application;
The second computing module, for to the source IP address that carries out P2P application, according to the predefined time interval, adds up the flow information of its all connections, obtains the transmission speed being respectively connected in current time interval;
Administration module, for according to default flow management strategy and described transmission speed, carries out traffic management with the unit of being connected to each P2P application.
CN201010238666.2A 2010-07-26 2010-07-26 P2P application identification method and device as well as P2P flow management method and device Expired - Fee Related CN102340532B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201010238666.2A CN102340532B (en) 2010-07-26 2010-07-26 P2P application identification method and device as well as P2P flow management method and device

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201010238666.2A CN102340532B (en) 2010-07-26 2010-07-26 P2P application identification method and device as well as P2P flow management method and device

Publications (2)

Publication Number Publication Date
CN102340532A CN102340532A (en) 2012-02-01
CN102340532B true CN102340532B (en) 2014-05-14

Family

ID=45516030

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201010238666.2A Expired - Fee Related CN102340532B (en) 2010-07-26 2010-07-26 P2P application identification method and device as well as P2P flow management method and device

Country Status (1)

Country Link
CN (1) CN102340532B (en)

Families Citing this family (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110166447B (en) * 2019-05-16 2021-11-12 广西电网有限责任公司 PON gateway-based application identification system and identification method thereof
CN114827097B (en) * 2022-04-21 2023-10-17 咪咕文化科技有限公司 Communication network construction method and device and computer equipment

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1708947A (en) * 2002-10-30 2005-12-14 奥帕雷克斯公司 Method and arrangement to reserve resources in an IP network
CN101431473A (en) * 2008-12-31 2009-05-13 深圳市迅雷网络技术有限公司 Method and apparatus for implementing network speed limit
CN101741608A (en) * 2008-11-10 2010-06-16 北京启明星辰信息技术股份有限公司 Traffic characteristic-based P2P application identification system and method

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP5228936B2 (en) * 2009-01-20 2013-07-03 沖電気工業株式会社 Overlay traffic detection system and traffic monitoring / control system

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1708947A (en) * 2002-10-30 2005-12-14 奥帕雷克斯公司 Method and arrangement to reserve resources in an IP network
CN101741608A (en) * 2008-11-10 2010-06-16 北京启明星辰信息技术股份有限公司 Traffic characteristic-based P2P application identification system and method
CN101431473A (en) * 2008-12-31 2009-05-13 深圳市迅雷网络技术有限公司 Method and apparatus for implementing network speed limit

Non-Patent Citations (4)

* Cited by examiner, † Cited by third party
Title
"Impact of P2P Traffic on IP Communication Networks’ Performances";M. Fras等;《IEEE Conference Publications》;20080628;第205-208页 *
"基于流量模式的P2P流量识别方法综述";孙美凤等;《计算机应用研究》;20091031;第3625-3628页 *
M. Fras等."Impact of P2P Traffic on IP Communication Networks’ Performances".《IEEE Conference Publications》.2008,
孙美凤等."基于流量模式的P2P流量识别方法综述".《计算机应用研究》.2009,

Also Published As

Publication number Publication date
CN102340532A (en) 2012-02-01

Similar Documents

Publication Publication Date Title
US7904597B2 (en) Systems and processes of identifying P2P applications based on behavioral signatures
EP2241058B1 (en) Method for configuring acls on network device based on flow information
Lee et al. Network monitoring: Present and future
CN108737447B (en) User datagram protocol flow filtering method, device, server and storage medium
CN104954367A (en) Internet omnidirectional cross-domain DDoS (distributed denial of service) attack defense method
CN101834785B (en) Method and device for realizing stream filtration
CN104853001A (en) Address resolution protocol (ARP) message processing method and device
CN101902365B (en) Method for monitoring P2P traffic of wide area network and system thereof
CN114363739B (en) Service application method and device based on optical service unit
US7908369B2 (en) Method of collecting descriptions of streams pertaining to streams relating to at least one client network attached to an interconnection network
CN102340532B (en) P2P application identification method and device as well as P2P flow management method and device
CN107222403A (en) A kind of data transmission method, system and electronic equipment
CN104348749B (en) A kind of flow control methods, apparatus and system
CN106230741A (en) A kind of method and apparatus that message is carried out speed limit
CN107147585B (en) Flow control method and device
CN101883001A (en) Method and system for traffic identification and management of P2P application in small network
CN102480503B (en) P2P (peer-to-peer) traffic identification method and P2P traffic identification device
He et al. Fine-grained P2P traffic classification by simply counting flows
CN104348675A (en) Bidirectional service data flow identification method and device
CN102904914A (en) Method and device for processing service requests
Gad et al. Header field based partitioning of network traffic for distributed packet capturing and processing
Ito et al. A bandwidth allocation scheme to improve fairness and link utilization in data center networks
KR20110071774A (en) Smart border router and method for transmitting flow using the same
CN107222299A (en) A kind of data transmission method, system and electronic equipment
Bassi et al. Online peer-to-peer traffic identification. based on complex events processing of traffic event signatures

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
C14 Grant of patent or utility model
GR01 Patent grant
CF01 Termination of patent right due to non-payment of annual fee

Granted publication date: 20140514

Termination date: 20190726

CF01 Termination of patent right due to non-payment of annual fee