CN103281291A - Application layer protocol identification method based on Hadoop - Google Patents
Application layer protocol identification method based on Hadoop Download PDFInfo
- Publication number
- CN103281291A CN103281291A CN2013100538240A CN201310053824A CN103281291A CN 103281291 A CN103281291 A CN 103281291A CN 2013100538240 A CN2013100538240 A CN 2013100538240A CN 201310053824 A CN201310053824 A CN 201310053824A CN 103281291 A CN103281291 A CN 103281291A
- Authority
- CN
- China
- Prior art keywords
- application layer
- layer protocol
- characteristic value
- feature string
- feature
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Landscapes
- Data Exchanges In Wide-Area Networks (AREA)
- Computer And Data Communications (AREA)
Abstract
The invention discloses an application layer protocol identification method based on Hadoop. According to the method, an HBase database is used for storing character value tables 0 and 1, the two tables sufficiently utilize the characteristics of multiple dimensions and column storage orientation of the HBase database, in addition, the first four characters of the first character field in the table 0 are stored in a clustering mode, so the character values are more efficiently selected, and meanwhile, the types of the application layer protocol can be accurately identified on the basis of the application layer protocol data packet character string identification method.
Description
Technical field
The invention belongs to application layer protocol recognition technology field, more specifically say, relate to a kind of application protocol recognition method based on Hadoop.
Background technology
Along with rapid development of Internet, some new demands have appearred in the Internet.Be accompanied by these demands, serious day by day network information security problem occurred, for example: the propagation of network intrusions, violence and reaction content, the propagation of malice virus etc.Application layer protocol type in the recognition network exactly to carrying out intrusion detection, flow control, improves network service quality and has great importance.
The method of identification application layer protocol mainly contains: based on the identification of port, based on the identification of load, based on the identification of estimating with based on the identification of application layer feature field.Become the main stream approach of agreement identification at present based on the recognition technology of application layer feature field.
The prediction of Cisco company, by 2016, the whole world will produce the network traffics of 1.3ZB, was 4 times of global network flow in 2011, and the average network speed in the whole world will be brought up to 34Mbps from present 9Mbps.CERNET2NOC director's Wang Jilong is write the CNGI-CERNET2 outlet in " rise of CNGI-CERNET2 backbone network flow " of " Chinese education network " 07 phase in 2012 inbound traffics moon peak value is 5.792Gbps, the peak value of outflow every day is a little more than inbound traffics, and a month peak value is 6.331Gbps.In the face of the network data that increases day by day, we need handle the network data of these magnanimity more efficiently, wherein, just need the application layer protocol type in the recognition network accurately and efficiently, handle laying a good foundation for follow-up network data.
Summary of the invention
The objective of the invention is to overcome the deficiencies in the prior art, a kind of application protocol recognition method based on Hadoop is provided, to identify application layer protocol efficiently and accurately.
For achieving the above object, the present invention is based on the application protocol recognition method of Hadoop, it is characterized in that may further comprise the steps:
(1), the feature string of known application layer protocol packet is put into the HBase database, the form of described feature string be feature field 1, side-play amount 1, feature field 2, side-play amount 2 ..., feature field n, side-play amount n, wherein, side-play amount i is that character pair field i is with respect to the deviation post of application layer protocol packet initial, i=1,2,, n, n are the quantity of the feature field that comprises of feature string, separate with separator between feature field and the side-play amount, in order to distinguish;
If first feature field of feature string is the side-play amount of feature field 1 is 0, then the explanation that belongs to the sort of application layer protocol of this feature string and feature string is put into the table 0 of HBase database, concrete deposit form for preceding 2 characters of first feature field as row family, the 3rd, 4 characters are as line unit, simultaneously, adopt the row modifier that this feature string is numbered, wherein, row modifier numbering is since 1, to distinguish the identical feature string of preceding four characters, the explanation that belongs to the sort of application layer protocol of full feature string and feature string is put into row family as characteristic value, in the form of line unit and row modifier correspondence;
Otherwise, the explanation that belongs to the sort of application layer protocol of full feature string and feature string is put into the table 1 of HBase database;
(2), at first with the Map function of Hadoop platform the packet of catching from network is carried out preliminary treatment, extract the application layer protocol packet, then the application layer protocol packet that extracts is carried out cluster, the same application-level packet is identified as a packet, reduced the time of whole procedure operation like this;
(3), identify with the Reduce function of the Hadoop platform application layer protocol packet after to cluster:
Extract preceding 4 characters of the application layer protocol packet after the cluster, as being listed as family, the 3rd, 4 character extracts characteristic value as line unit from the table 0 of HBase database, and leaves 1 li of set A in preceding 2 characters of these 4 characters;
If set A 1 is not empty, then with the application layer protocol packet after the cluster successively with set A 1 in the feature string of characteristic value mate, if each feature field of the feature string of characteristic value finds in the application layer protocol packet according to its side-play amount, the match is successful then to think the feature string, in case the match is successful then the feature string of characteristic value is belonged to returning of the sort of application layer protocol for the feature string; Otherwise think that feature string coupling is unsuccessful;
If set A 1 is that sky or set A 1 are for sky but feature string coupling is unsuccessful, then from the table 1 of HBase database, extract characteristic value, and leave in the set A 2, then with the application layer protocol packet after the cluster successively with set A 2 in the feature string of characteristic value mate, if each feature field of the feature string of characteristic value finds in the application layer protocol packet according to its side-play amount, the match is successful then to think the feature string, in case the match is successful then the feature string of characteristic value is belonged to returning of the sort of application layer protocol for the feature string; Otherwise think that feature string coupling is unsuccessful, the application layer protocol packet that returns after the cluster can not be identified.
Goal of the invention of the present invention is achieved in that
The present invention is based on the application protocol recognition method of Hadoop, the feature string of known application layer protocol packet is put into two of HBase and is table i.e. table 0 and table 1, it is 0 feature string that table 0 is deposited first feature field side-play amount, deposit form for preceding 2 characters of first feature field as row family, 3rd, 4 characters are as line unit, for distinguishing the identical feature string of preceding four characters, from 1 open numbering, the form of row family, line unit and row modifier correspondence is put in the explanation of full feature string and feature string as characteristic value then with row modifier numbering; It is not 0 feature string and the explanation of feature string that table 1 is deposited first feature field side-play amount.Utilize the Map function of Hadoop platform, the application layer protocol packet and the cluster that from the packet that network is caught, extract, identify then: according to preceding 4 characters of application layer protocol data, from table 0, obtain corresponding characteristic value collection, mate with the feature string in the characteristic value collection, if set is for empty or it fails to match then obtain characteristic value collection from table 1, mate with the feature string in the characteristic value collection, the feature string that explanation has now in the HBase database if current set is empty or it fails to match can not be identified this application layer protocol packet, and the application layer protocol packet of failing to identify is put into unidentified protocol data APMB package.If the match is successful for one of this application layer protocol packet and table 0, table 1, just identify successfully, the recognition data bag is put into identification protocol packet file.
The present invention's HBase database storage feature value table 0 and 1, these two tables have fully used the various dimensions of HBase database, characteristics towards the row storage, and the mode with preceding 4 character clusters of first feature field in the table 0 is deposited, more efficiently characteristic value is chosen like this, simultaneously based on the recognition methods of application layer protocol packet feature string, can accurate recognition go out the type of application layer protocol.
Description of drawings
Fig. 1 is a kind of The general frame of embodiment that the present invention is based on the application protocol recognition method of Hadoop;
Fig. 2 is conceptual view and the Physical View of table 0 in the HBase database shown in Figure 1;
Fig. 3 is the conceptual view of table 1 in the HBase database shown in Figure 1;
Fig. 4 is the Physical View of table 1 in the HBase database shown in Figure 1;
Fig. 5 is the detail flowchart of agreement identification step shown in Figure 1;
Fig. 6 is a kind of embodiment flow chart of feature string coupling shown in Figure 1.
Embodiment
Below in conjunction with accompanying drawing the specific embodiment of the present invention is described, so that those skilled in the art understands the present invention better.What need point out especially is that in the following description, when perhaps the detailed description of known function and design can desalinate main contents of the present invention, these were described in here and will be left in the basket.
The application protocol recognition method that the present invention is based on Hadoop is based on Hadoop platform and HBsae database, has mainly utilized the various dimensions of Map, Reduce function and HBase, towards the row memory model, identifies using the layer protocol packet.In the concrete overload of implementing, Map function and Reduce function are rewritten, make it satisfy data processing requirements of the present invention.
Fig. 1 is a kind of The general frame of embodiment that the present invention is based on the application protocol recognition method of Hadoop.
In the present embodiment, as shown in Figure 1, the application protocol recognition method that the present invention is based on Hadoop may further comprise the steps:
1, makes up the HBase database
Two tables that the feature string of depositing known application layer protocol packet is arranged in the HBase database, table 0 are that Table0 and table 1 are Table1.
Among the Table0 in the storage feature string first feature field side-play amount be 0 characteristic value, the concrete form of depositing is: preceding 2 characters of first feature field are as row family, 3rd, 4 characters are as line unit, the row modifier belongs to the explanation of the sort of application layer protocol as value from 1 open numbering with full feature string and feature string.
For example known application layer protocol is that the feature string of application layer protocol packet of the get requesting method of HTTP1.1 agreement is 47455420_0_20485454502f312e31_a, wherein first feature field is 47455420, side-play amount is 0, second feature field is 20485454502f312e31, side-play amount a represents there is not fixing side-play amount, namely the position of this feature field in the application layer protocol bag is unfixing, so in table 0, family is 47 at row, line unit is 45, the row modifier is to be on the position in 1 the form, be 47455420_0_20485454502f312e31_a_GET HTTP/1.1 with characteristic value, wherein GET HTTP/1.1 is the explanation that this feature string is belonged to the sort of application layer protocol.Between feature field, feature field side-play amount and the explanation with separator _ separate.
Among the Table1 in the storage feature string first feature field side-play amount be not 0 characteristic value, for with Table0 in row family and line unit inequality, adopt h1 as row family, hhh is as line unit, the h1 here and hhh only play the effect of difference, the row modifier is put into the explanation that belongs to the sort of application layer protocol of full feature string and feature string in the table 1 of HBase database from 1 open numbering.
For example: the feature string of X1 application layer protocol is 323638_4_565845_a, and the row family of this feature string is h1 so, and line unit is hhh, and the row modifier is 1, and characteristic value is 323638_4_565845_a_X1.
In order more to understand Table0 and Table1, provide conceptual view and the Physical View of two tables respectively for some examples.
The characteristic value of table 0 has:
47455420_0_20485454502f312e31_a_GET?HTTP/1.1
485454502f312e3120323030_0_HTTP/1.1200
485454502f312e3120323031_0_HTTP/1.1201
53544154_0_FTP?STAT
The characteristic of table 1 has:
323638_4_565845_a_X1
333837_10_3e5446_a_X2
The conceptual view of table 0 is shown in Fig. 2 (a), and the corresponding physical view is shown in Fig. 2 (b)-(c).Because preceding four characters of feature string 485454502f312e3120323030_0, feature string 485454502f312e3120323031_0 are identical, therefore in table 0, the row in the row family 53 are respectively 48:1,48:2, and wherein 1,2 is the row modifier.For not having the feature string identical with preceding four characters of feature string 53544154_0, therefore, classify 53:1 at row as in the family 53,1 is the row modifier.
The conceptual view of table 1 as shown in Figure 3, the corresponding physical view because table 1 has only row family and a line unit, so its conceptual view is identical with Physical View, for different feature strings, adopts the row modifier to distinguish as shown in Figure 4.
2, the packet of catching is carried out preliminary treatment
Map function with the Hadoop platform carries out preliminary treatment to the packet of catching from network, extract the application layer protocol packet, then the application layer protocol packet that extracts is carried out cluster, the same application-level packet is identified as a packet, reduced the time of whole procedure operation like this
3, application layer protocol identification
In the present embodiment, the detailed process of application layer protocol identification as shown in Figure 5, utilize preceding 2 conduct row families of preceding 4 characters of handling back application layer protocol packet, the back 2 as line unit, from the table 0 of HBase database, extract and have same column family and the strong characteristic value of row, and these characteristic values are left in the set A 1, whether pair set A1 is that sky is judged, if set A 1 does not have same column family and the strong characteristic value of row for having in the empty i.e. table 0, so application layer protocol packet and set A 1 are carried out feature string coupling; If each feature field of the feature string of characteristic value finds in the application layer protocol packet according to its side-play amount, the match is successful then to think the feature string, in case the match is successful then the feature string of characteristic value is belonged to returning of the sort of application layer protocol for the feature string, application layer protocol is identified successfully, otherwise thinks that feature string coupling is unsuccessful.
If set A 1 is that sky or set A 1 are for sky but feature string coupling is unsuccessful, illustrate that then application layer protocol also is not identified, then from the table 1 of HBase database, extract characteristic value, and leave in the set A 2, then with the application layer protocol packet after the cluster successively with set A 2 in the feature string of characteristic value mate, if each feature field of the feature string of characteristic value finds in the application layer protocol packet according to its side-play amount, the match is successful then to think the feature string, in case the match is successful then the feature string of characteristic value is belonged to returning of the sort of application layer protocol for the feature string; Otherwise think that feature string coupling is unsuccessful, the application layer protocol packet that returns after the cluster can not be identified.
The detailed process of feature string coupling as shown in Figure 6, with the application layer protocol packet successively with characteristic value collection A1 or A2(for convenience of description, all represent with characteristic value collection A) in the feature string of characteristic value mate, need in each feature field in the feature string that all the match is successful, this feature string thinks that just the match is successful, is specially:
1) be 0 to the variable i assignment;
2), whether judgment variable i be characteristic value quantity greater than the scope of characteristic value collection, if greater than, then it fails to match for the feature string, if be not more than, then carries out step 3);
3), get i the characteristic value of characteristic value collection A;
4), characteristic value is separated according to separator, obtain feature field 1, side-play amount 1, feature field 2, side-play amount 2 ..., feature field n, side-play amount n and feature string belong to the explanation of the sort of application layer protocol, and deposit in successively among the array vals;
5), be 0 to variable j assignment, be false to variable b assignment;
6), whether judgment variable j is greater than array vals number of elements-2; If, represent then that this characteristic value has been mated to finish, enter step 7), otherwise enter step 8);
7), whether the value of judgment variable b be true, be then the feature string the match is successful, the feature string of characteristic value is belonged to returning of the sort of application layer protocol; Otherwise it is i=i+1 that variable i is added 1, returns step 2);
8), judge that j+1 element of array is vals[j+1] be a?
If, then in the application layer protocol packet, search, see whether there is element vals[j+1], exist, then variable b assignment is true, and variable j adds 2, returns step 6), does not exist, then variable b assignment is false, and variable i adds 1, returns step 2), namely carry out next feature string coupling;
If not, then judge element vals[j] side-play amount in the application layer protocol packet whether with element vals[j+1] equate, equate that then variable b assignment is true, variable j adds 2, return step 6), unequal, then variable b assignment is false, and variable i adds 1, return step 2), namely carry out next feature string coupling.
Shown in Fig. 1,5, recognition result is for generating identification protocol file, is used for application layer protocol packet that storage identified and the explanation of application layer protocol, generates unidentified document of agreement, is used for the unrecognized protocol data bag of storage.
Example 1
Packet on the network is caught, in this example, the characteristic that only contains HTTP and two kinds of agreements of FTP in the HBase database, therefore, therefrom select HTTP, FTP and three kinds of application layer protocol packets of OICQ from the packet of catching, size is 12.9MB, has 28111 packets and tests.
The application layer protocol recognition result that table 1 is.
Table 1
Application layer protocol recognition data in the his-and-hers watches 1 describes:
313530204865726520636f6d657320746865206469726563746f7279 206c69737 4696e672e0d0a_FTP150, among the 1343_identified:
313530204865726520636f6d657320746865206469726563746f7279 206c697374696e672e0d0a is the application layer protocol packet after the preliminary treatment, FTP150 represents packet corresponding protocols type, 1343 these application layer protocol packets of expression have occurred 1343 times at whole 28111 application layer protocol packets for example, identified represents that this packet is successfully identified, and unidentified represents that this packet is unrecognized.
As can be seen from Table 1, the result data of the example that employing the present invention obtains can be identified protocol type accurately.
Although above the illustrative embodiment of the present invention is described; so that those skilled in the art understand the present invention; but should be clear; the invention is not restricted to the scope of embodiment; to those skilled in the art; as long as various variations appended claim limit and the spirit and scope of the present invention determined in, these variations are apparent, all utilize innovation and creation that the present invention conceives all at the row of protection.
Claims (2)
1. application protocol recognition method based on Hadoop is characterized in that may further comprise the steps:
(1), the feature string of known application layer protocol packet is put into the HBase database, the form of described feature string be feature field 1, side-play amount 1, feature field 2, side-play amount 2 ..., feature field n, side-play amount n, separate with separator between feature field and the side-play amount, in order to distinguish;
If first feature field of feature string is the side-play amount of feature field 1 is 0, then the explanation that belongs to the sort of application layer protocol of this feature string and feature string is put into the table 0 of HBase database, concrete deposit form for preceding 2 characters of first feature field as row family, the 3rd, 4 characters are as line unit, simultaneously, adopt the row modifier that this feature string is numbered, wherein, row modifier numbering is since 1, to distinguish the identical feature string of preceding four characters, the explanation that belongs to the sort of application layer protocol of full feature string and feature string is put into row family as characteristic value, in the form of line unit and row modifier correspondence;
Otherwise, the explanation that belongs to the sort of application layer protocol of full feature string and feature string is put into the table 1 of HBase database;
(2), at first with the Map function of Hadoop platform the packet of catching from network is carried out preliminary treatment, extract the application layer protocol packet, then the application layer protocol packet that extracts is carried out cluster, the same application-level packet is identified as a packet, reduced the time of whole procedure operation like this;
(3), identify with the Reduce function of the Hadoop platform application layer protocol packet after to cluster:
Extract preceding 4 characters of the application layer protocol packet after the cluster, as being listed as family, the 3rd, 4 character extracts characteristic value as line unit from the table 0 of HBase database, and leaves 1 li of set A in preceding 2 characters of these 4 characters;
If set A 1 is not empty, then with the application layer protocol packet after the cluster successively with set A 1 in the feature string of characteristic value mate, if each feature field of the feature string of characteristic value finds in the application layer protocol packet according to its side-play amount, the match is successful then to think characteristic value, in case the match is successful then the feature string of characteristic value is belonged to returning of the sort of application layer protocol for characteristic value; Otherwise think that the characteristic value coupling is unsuccessful;
If set A 1 is that sky or set A 1 are for sky but the characteristic value coupling is unsuccessful, then from the table 1 of HBase database, extract characteristic value, and leave in the set A 2, then with the application layer protocol packet after the cluster successively with set A 2 in the feature string of characteristic value mate, if each feature field of the feature string of characteristic value finds in the application layer protocol packet according to its side-play amount, the match is successful then to think characteristic value, in case the match is successful then the feature string of characteristic value is belonged to returning of the sort of application layer protocol for characteristic value; Otherwise think that characteristic value coupling is unsuccessful, the application layer protocol packet that returns after the cluster can not be identified.
2. application protocol recognition method according to claim 1 is characterized in that, described feature string coupling is:
1) be 0 to the variable i assignment;
2), whether judgment variable i be characteristic value quantity greater than the scope of characteristic value collection, if greater than, then it fails to match for the feature string, if be not more than, then carries out step 3);
3), get i the characteristic value of characteristic value collection A;
4), characteristic value is separated according to separator, obtain feature field 1, side-play amount 1, feature field 2, side-play amount 2 ..., feature field n, side-play amount n and feature string belong to the explanation of the sort of application layer protocol, and deposit in successively among the array vals;
5), be 0 to variable j assignment, be false to variable b assignment;
6), whether judgment variable j is greater than array vals number of elements-2; If, represent then that this characteristic value has been mated to finish, enter step 7), otherwise enter step 8);
7), whether the value of judgment variable b be true, be then the feature string the match is successful, the feature string of characteristic value is belonged to returning of the sort of application layer protocol; Otherwise it is i=i+1 that variable i is added 1, returns step 2);
8), judge that j+1 element of array is vals[j+1] be a?
If, then in the application layer protocol packet, search, see whether there is element vals[j+1], exist, then variable b assignment is true, and variable j adds 2, returns step 6), does not exist, then variable b assignment is false, and variable i adds 1, returns step 2), namely carry out next feature string coupling;
If not, then judge element vals[j] side-play amount in the application layer protocol packet whether with element vals[j+1] equate, equate that then variable b assignment is true, variable j adds 2, return step 6), unequal, then variable b assignment is false, and variable i adds 1, return step 2), namely carry out next feature string coupling.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201310053824.0A CN103281291B (en) | 2013-02-19 | 2013-02-19 | A kind of application protocol recognition method based on Hadoop |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201310053824.0A CN103281291B (en) | 2013-02-19 | 2013-02-19 | A kind of application protocol recognition method based on Hadoop |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN103281291A true CN103281291A (en) | 2013-09-04 |
| CN103281291B CN103281291B (en) | 2016-04-20 |
Family
ID=49063739
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201310053824.0A Expired - Fee Related CN103281291B (en) | 2013-02-19 | 2013-02-19 | A kind of application protocol recognition method based on Hadoop |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN103281291B (en) |
Cited By (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103746867A (en) * | 2013-12-23 | 2014-04-23 | 中国电子科技集团公司第三十六研究所 | Primary function-based network protocol analyzing method |
| CN103761167A (en) * | 2014-01-23 | 2014-04-30 | 浪潮(北京)电子信息产业有限公司 | Method and device for achieving data center backup |
| CN104159232A (en) * | 2014-09-01 | 2014-11-19 | 电子科技大学 | Method of recognizing protocol format of binary message data |
| CN106777387A (en) * | 2017-02-16 | 2017-05-31 | 江苏海平面数据科技有限公司 | A kind of Internet of Things big data access method based on HBase |
| CN106850349A (en) * | 2017-02-08 | 2017-06-13 | 杭州迪普科技股份有限公司 | The extracting method and device of a kind of characteristic information |
| CN113053085A (en) * | 2021-02-04 | 2021-06-29 | 北京戴纳实验科技有限公司 | Hospital refrigerator supervisory systems |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20060053229A1 (en) * | 2002-11-25 | 2006-03-09 | Korea Electronics Technology Institute | Common protocol layer architecture and methods for transmitting data between different network protocols and a common protocol packet |
| US20080259956A1 (en) * | 2004-03-31 | 2008-10-23 | Lg Electronics Inc. | Data Processing Method for Network Layer |
| CN101547207A (en) * | 2009-05-07 | 2009-09-30 | 杭州迪普科技有限公司 | Protocol identification control method and equipment based on application behavior mode |
| CN103248606A (en) * | 2012-02-02 | 2013-08-14 | 哈尔滨安天科技股份有限公司 | Network virus detection method and system for IPv4 (Internet Protocol Version 4) and IPv6 (Internet Protocol Version 6) |
-
2013
- 2013-02-19 CN CN201310053824.0A patent/CN103281291B/en not_active Expired - Fee Related
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20060053229A1 (en) * | 2002-11-25 | 2006-03-09 | Korea Electronics Technology Institute | Common protocol layer architecture and methods for transmitting data between different network protocols and a common protocol packet |
| US20080259956A1 (en) * | 2004-03-31 | 2008-10-23 | Lg Electronics Inc. | Data Processing Method for Network Layer |
| CN101547207A (en) * | 2009-05-07 | 2009-09-30 | 杭州迪普科技有限公司 | Protocol identification control method and equipment based on application behavior mode |
| CN103248606A (en) * | 2012-02-02 | 2013-08-14 | 哈尔滨安天科技股份有限公司 | Network virus detection method and system for IPv4 (Internet Protocol Version 4) and IPv6 (Internet Protocol Version 6) |
Non-Patent Citations (1)
| Title |
|---|
| 陈亮等: "《基于特征串的应用层协议识别》", 《计算机工程与应用》 * |
Cited By (11)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103746867A (en) * | 2013-12-23 | 2014-04-23 | 中国电子科技集团公司第三十六研究所 | Primary function-based network protocol analyzing method |
| CN103746867B (en) * | 2013-12-23 | 2016-09-21 | 中国电子科技集团公司第三十六研究所 | A kind of network protocol analysis method based on basic function |
| CN103761167A (en) * | 2014-01-23 | 2014-04-30 | 浪潮(北京)电子信息产业有限公司 | Method and device for achieving data center backup |
| CN103761167B (en) * | 2014-01-23 | 2017-04-05 | 浪潮(北京)电子信息产业有限公司 | A kind of method and apparatus for realizing data center backup |
| CN104159232A (en) * | 2014-09-01 | 2014-11-19 | 电子科技大学 | Method of recognizing protocol format of binary message data |
| CN104159232B (en) * | 2014-09-01 | 2015-06-03 | 电子科技大学 | Method of recognizing protocol format of binary message data |
| CN106850349A (en) * | 2017-02-08 | 2017-06-13 | 杭州迪普科技股份有限公司 | The extracting method and device of a kind of characteristic information |
| CN106850349B (en) * | 2017-02-08 | 2020-01-03 | 杭州迪普科技股份有限公司 | Feature information extraction method and device |
| CN106777387A (en) * | 2017-02-16 | 2017-05-31 | 江苏海平面数据科技有限公司 | A kind of Internet of Things big data access method based on HBase |
| CN106777387B (en) * | 2017-02-16 | 2020-10-30 | 江苏海平面数据科技有限公司 | HBase-based Internet of things big data access method |
| CN113053085A (en) * | 2021-02-04 | 2021-06-29 | 北京戴纳实验科技有限公司 | Hospital refrigerator supervisory systems |
Also Published As
| Publication number | Publication date |
|---|---|
| CN103281291B (en) | 2016-04-20 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN103281291B (en) | A kind of application protocol recognition method based on Hadoop | |
| US9627063B2 (en) | Ternary content addressable memory utilizing common masks and hash lookups | |
| CN104243315B (en) | Device and method for uniquely enumerating the path in analytic tree | |
| CN102377664B (en) | TCAM (ternary content addressable memory)-based range matching device and method | |
| US9432284B2 (en) | Method and apparatus for compiling search trees for processing request keys based on a key size supported by underlying processing elements | |
| CN102722726B (en) | Multi-class support vector machine classification method based on dynamic binary tree | |
| US20170053012A1 (en) | High-performance bloom filter array | |
| CN104579940B (en) | Search the method and device of accesses control list | |
| CN104012063A (en) | Controller for flexible and extensible flow processing in software-defined networks | |
| CN103051725A (en) | Application identification method, data mining method, device and system | |
| CN104579941A (en) | Message classification method in OpenFlow switch | |
| CN1881950A (en) | Packet classification acceleration using spectral analysis | |
| CN104348716A (en) | Message processing method and equipment | |
| CN106982150A (en) | A kind of mobile Internet user behavior analysis method based on Hadoop | |
| US9268855B2 (en) | Processing request keys based on a key size supported by underlying processing elements | |
| US11327974B2 (en) | Field variability based TCAM splitting | |
| CN103248573A (en) | Centralization management switch for OpenFlow and data processing method of centralization management switch | |
| CN103763198A (en) | Data packet classification method | |
| CN105471670A (en) | Flow data classification method and device | |
| CN105099918A (en) | Method and apparatus for data searching and matching | |
| CN103324886A (en) | Method and system for extracting fingerprint database in network intrusion detection | |
| Luo et al. | Acceleration of decision tree searching for IP traffic classification | |
| CN105550208B (en) | Similitude design Storage method based on spectrum Hash | |
| CN101764754B (en) | Sample acquiring method in business identifying system based on DPI and DFI | |
| US20050262294A1 (en) | Method for policy matching using a hybrid TCAM and memory-based scheme |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20160420 Termination date: 20190219 |
|
| CF01 | Termination of patent right due to non-payment of annual fee |