CN103763320A - Method and system for merging flow records - Google Patents
Method and system for merging flow records Download PDFInfo
- Publication number
- CN103763320A CN103763320A CN201410028727.0A CN201410028727A CN103763320A CN 103763320 A CN103763320 A CN 103763320A CN 201410028727 A CN201410028727 A CN 201410028727A CN 103763320 A CN103763320 A CN 103763320A
- Authority
- CN
- China
- Prior art keywords
- discharge record
- discharge
- record
- website
- application
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Abstract
The invention provides a method and system for merging flow records. The method for merging the flow records comprises the steps that part of flow records generated in a network are selected to be recognized, and the website to which the recognized flow records belong or the application of the recognized flow records is determined; the relevancy, on the aspect of the networking protocol, the IP address and the URL, between flow records to be recognized and the recognized flow records is judged; flow records to be recognized with high relevancy are assigned to the website or the application; the multiple flow records assigned to the website or the application are merged. By the adoption of the method and system for the merging flow records, the flow records, belonging to the same website or application, in the network can be merged easily, conveniently and accurately.
Description
Technical field
The present invention relates to discharge record and merge field, relate in particular to a kind of merging method and combination system of discharge record.
Background technology
In the Internet, discharge record is to generate according to each independent session, such as generating a discharge record by a user's a HTTP request and response; Or a flow media session by a user generates a discharge record, if the flow media session time is longer, is subject to the restriction of equipment internal layer, conventionally can represent this flow media session by several discharge records.As can be seen here, the discharge record of storing in the Internet not only data volume is large but also mixed and disorderly.
For the ease of discharge record is analyzed, reduce the difficulty of storage, need to carry out similar merging to the discharge record in the Internet.
The mode that existing discharge record merges, mainly comprises following several mode:
1,, according to certain identical parameters comprising in discharge record, as protocol type, IP address (or address field), user name sign, URL etc., merge;
2, several records that unification user continued in time merge
There is following defect in above-mentioned discharge record merging mode:
Using the single parameter in discharge record as merging foundation, the data precision merging is not high, and poor operability, this is because have a lot of elements on actual webpage, these elements may be from different domain names and URL(uniform resource locator) (URL), the fields such as IP, the URL recording between multiple discharge records that therefore, access same web site or application generate or domain name are all inconsistent;
In addition; user is when online; usually can open alternately in time multiple websites; also likely in web page browsing, open music client, automatic software updating program etc.; if therefore merge discharge record with time order and function order, be difficult to guarantee that the discharge record merging belongs to identical website or application.
Summary of the invention
The invention provides a kind of merging method and combination system of discharge record, technical problem how easy to solve, that exactly the discharge record that belongs to same web site or application in network is merged.
For solving the problems of the technologies described above, the invention provides a kind of discharge record merging method, described method comprises:
The discharge record producing from network, selected part discharge record is identified, and determines its ownership website or application;
Discharge record to be identified and the discharge record identifying are carried out to the degree of correlation judgement of procotol, IP address and URL;
The discharge record to be identified high degree of correlation is attributed to described website or application;
Many discharge records that are attributed to described website or application are merged.
Further, discharge record to be identified and the discharge record identifying are carried out to the degree of correlation judgement of procotol, IP address and URL, comprising:
According to the discharge record identifying, obtain the general features that identifies the discharge record of website or application described in ownership;
Discharge record to be identified and described general features are carried out to the degree of correlation judgement of procotol, IP address and URL.
Further, the discharge record that described basis identifies obtains the general features that identifies the discharge record of website or application described in ownership, comprising:
According to the high discharge record of procotol, IP address and the URL discharge record degree of correlation that find and that identify;
From multiple discharge records that find, pick out and compare between two the discharge record with the same high degree of correlation;
The common trait that the discharge record identifying and the discharge record of picking out are possessed is as the general features that identifies the discharge record of website or application described in ownership.
Further, described method also comprises:
Picking out and compare between two after the discharge record with the same high degree of correlation from multiple discharge records that find, the prior probability of the discharge record that calculating is picked out, continue to select the discharge record that prior probability is greater than 1/2, the common trait that the discharge record identifying and the discharge record of picking out are possessed is as the general features that identifies the discharge record of website or application described in ownership.
Further, described method also comprises:
When identifying the discharge record of multiple ownership different web sites or application, if judge discharge record to be identified by prior probability, can belong to the website of identifying or apply not only one, described discharge record to be identified is obtained to the website of identifying that maximum prior probability is corresponding or applies ownership website or the application as this discharge record to be identified.
For solving the problems of the technologies described above, the present invention also provides a kind of discharge record combination system, and described system comprises that reference flow records acquisition module, and discharge record identification module and discharge record merge module, wherein,
Described reference flow records acquisition module, for the discharge record selected part discharge record producing from network, identifies, and determines its ownership website or application, and the discharge record identifying is sent to discharge record identification module;
Described discharge record identification module, for carrying out discharge record to be identified and the discharge record identifying the degree of correlation judgement of procotol, IP address and URL; The discharge record to be identified high degree of correlation is attributed to described website or application, the discharge record of ownership same web site or application is sent to discharge record and merges module;
Described discharge record merges module, for many discharge records of ownership same web site or application are merged.
Further, described discharge record identification module, for discharge record to be identified and the discharge record identifying being carried out to the degree of correlation judgement of procotol, IP address and URL, comprising:
According to the discharge record identifying, obtain the general features that identifies the discharge record of website or application described in ownership; Discharge record to be identified and described general features are carried out to the degree of correlation judgement of procotol, IP address and URL.
Further, described discharge record identification module, for obtain the general features that identifies the discharge record of website or application described in ownership according to the discharge record that identifies, comprising:
According to the high discharge record of procotol, IP address and the URL discharge record degree of correlation that find and that identify; From multiple discharge records that find, pick out and compare between two the discharge record with the same high degree of correlation; The common trait that the discharge record identifying and the discharge record of picking out are possessed is as the general features that identifies the discharge record of website or application described in ownership.
Further,
Described discharge record identification module, also for picking out and comparing between two the discharge record with the same high degree of correlation from multiple discharge records that find, the prior probability of the discharge record that calculating is picked out, continue to select the discharge record that prior probability is greater than 1/2, the common trait that the discharge record identifying and the discharge record of picking out are possessed is as the general features that identifies the discharge record of website or application described in ownership.
Further,
Described discharge record identification module, also for when recording acquisition module from reference flow and receive the discharge record of multiple ownership different web sites or application, if judge discharge record to be identified by prior probability, can belong to the website of identifying or apply not only one, described discharge record to be identified is obtained to the website of identifying that maximum prior probability is corresponding or applies ownership website or the application as this discharge record to be identified.
Technique scheme is carried out degree of correlation judgement according to procotol, IP address and URL by discharge record to be identified and the discharge record of knowing ownership website or application, with this, determine ownership website or the application of discharge record to be identified, relatively prior art is with the characteristic parameter of single discharge record or judge ownership website or the application of discharge record to be identified continuous time, more accurate.
Accompanying drawing explanation
Fig. 1 is the merging method flow diagram of the discharge record of the present embodiment;
Fig. 2 is the combination system composition diagram of the discharge record of the present embodiment.
Embodiment
For making the object, technical solutions and advantages of the present invention clearer, hereinafter in connection with accompanying drawing, embodiments of the invention are elaborated.It should be noted that, in the situation that not conflicting, the combination in any mutually of the feature in embodiment and embodiment in the application.
Fig. 1 is the merging method flow diagram of the discharge record of the present embodiment.
The discharge record that S101 produces from network, selected part discharge record is identified, and determines its ownership website or application;
Can identify by the feature field in discharge record (procotol, IP address, traffic characteristic character string etc.), the feature field that this recognition methods need judge is many, determination methods complexity, each discharge record being not suitable for recording in network is all determined its ownership website or application by this recognition methods;
S102 obtains discharge record to be identified, discharge record to be identified and the discharge record identifying is carried out to the degree of correlation judgement of procotol, IP address and URL;
The computing formula of degree of correlation R can be expressed as:
R=aRp+bRip+cRurl, wherein, Rp represents the correlation of procotol, and Rip represents the correlation of IP address, and Rurl represents the correlation of URL, and above-mentioned correlation can calculate and normalization realization according to character string similitude algorithm; A, b, c is weight coefficient, a, the value of b and c can be set according to actual conditions; As, when there is no URL in discharge record, establish a=0.6, b=0.4, c=0; When having URL in discharge record, establish a=0.4, b=0, c=0.6;
In order to simplify discharge record to be identified, judge complexity with the degree of correlation of the discharge record identifying, can be first according to the discharge record identifying, obtain the general features that identifies the discharge record of website/application described in ownership, the degree of correlation of discharge record to be identified and described general features being carried out to procotol, IP address and URL judges;
The method of the general features of the website of identifying described in calculating ownership or the discharge record of application comprises:
Calculating is according to the high discharge record of procotol, IP address and the URL discharge record degree of correlation that find and that identify, the record that occurs in the discharge record surrounding time section (as 200ms) identifying as chosen, carries out degree of correlation judgement with the discharge record identifying respectively by the discharge record of choosing; From multiple discharge records that find, pick out and compare between two the discharge record with the same high degree of correlation; The common trait that the discharge record identifying and the discharge record of picking out are possessed is as the general features that identifies the discharge record of website or application described in ownership;
For the discharge record of further guaranteeing to pick out belongs to the website or the application that identify, picking out and compare between two after the discharge record with the same high degree of correlation from multiple discharge records that find, can to the discharge record of picking out, carry out again the judgement of prior probability, retain the discharge record that wherein prior probability is greater than 1/2, then the common trait discharge record identifying and the discharge record retaining being possessed is as the general features that identifies the discharge record of website or application described in ownership, do like this can by with the procotol of the discharge record identifying, IP address and the URL degree of correlation are high, but the discharge record that does not belong to identification discharge record ownership website or application is rejected,
When not going out the discharge record of multiple ownership different web sites or application, if judge the assignable website of identifying of discharge record to be identified or apply not only one by prior probability, described discharge record to be identified can be obtained to the website of identifying that maximum prior probability is corresponding or apply ownership website or the application as this discharge record to be identified;
S103 is attributed to described website or application by the discharge record to be identified high degree of correlation;
When the degree of correlation is greater than preset value (as 0.8), can think that both degrees of correlation are high;
If when certain discharge record cannot be attributed to any website or application, this discharge record is misremembered;
S104 merges many discharge records that are attributed to described website or application.
The present embodiment also provides and has detected whether effective method of above-mentioned flow merging method:
Method one, the frequency average thresholding of each application and website records mistake discharge record is set, if the frequency average of physical record error log is greater than this thresholding, above-mentioned flow merging method validity low (being that flow amalgamation result accuracy is low) is described, need to modifies to above-mentioned flow merging method;
Method two, the discharge record that calculates every website/application merges number, and merge record number is done to normal approach, when error of fitting is larger, illustrates that above-mentioned flow merging method validity is low, need to modify to above-mentioned flow merging method.
The method that above-mentioned flow merging method is modified comprises: adjust the weight in degree of correlation R computing formula; Again select the general features of discharge record sample acquisition discharge record etc.
Above-described embodiment carries out degree of correlation judgement according to procotol, IP address and URL by discharge record to be identified and the discharge record of knowing ownership website or application, with this, determine ownership website or the application of discharge record to be identified, relatively prior art is with the characteristic parameter of single discharge record or judge ownership website or the application of discharge record to be identified continuous time, more accurate.
Fig. 2 is the combination system composition diagram of the discharge record of the present embodiment.
This system comprises that reference flow records acquisition module, and discharge record identification module and discharge record merge module, wherein,
Described reference flow records acquisition module, for the discharge record selected part discharge record producing from network, identifies, and determines its ownership website or application, and the discharge record identifying is sent to discharge record identification module;
Described discharge record identification module, for carrying out discharge record to be identified and the discharge record identifying the degree of correlation judgement of procotol, IP address and URL; The discharge record to be identified high degree of correlation is attributed to described website or application, the discharge record of ownership same web site or application is sent to discharge record and merges module;
In order to simplify discharge record to be identified, judge complexity with the degree of correlation of the discharge record identifying, above-mentioned discharge record identification module, when the degree of correlation of discharge record to be identified and the discharge record that identifies being carried out to procotol, IP address and URL judges, can obtain the general features that identifies the discharge record of website or application described in ownership according to the discharge record identifying; Discharge record to be identified and described general features are carried out to the degree of correlation judgement of procotol, IP address and URL;
The method of the general features of the website of identifying described in calculating ownership or the discharge record of application comprises:
Calculating is according to the high discharge record of procotol, IP address and the URL discharge record degree of correlation that find and that identify, the record that occurs in the discharge record surrounding time section (as 200ms) identifying as chosen, carries out degree of correlation judgement with the discharge record identifying respectively by the discharge record of choosing; From multiple discharge records that find, pick out and compare between two the discharge record with the same high degree of correlation; The common trait that the discharge record identifying and the discharge record of picking out are possessed is as the general features that identifies the discharge record of website or application described in ownership;
For the discharge record of further guaranteeing to pick out belongs to the website or the application that identify, above-mentioned discharge record identification module picking out and compare between two after the discharge record with the same high degree of correlation from multiple discharge records that find, can to the discharge record of picking out, carry out again the judgement of prior probability, retain the discharge record that wherein prior probability is greater than 1/2, then the common trait discharge record identifying and the discharge record retaining being possessed is as the general features that identifies the discharge record of website or application described in ownership, do like this can by with the procotol of the discharge record identifying, IP address and the URL degree of correlation are high, but the discharge record that does not belong to identification discharge record ownership website or application is rejected,
In addition, above-mentioned discharge record identification module also can be when recording acquisition module and receive the discharge record of multiple ownership different web sites or application from reference flow, if judge the assignable website of identifying of discharge record to be identified or apply not only one by prior probability, described discharge record to be identified is obtained to the website of identifying that maximum prior probability is corresponding or applies ownership website or the application as this discharge record to be identified;
If when certain discharge record cannot be attributed to any website or application, above-mentioned flow identification module also can misremember this discharge record;
Described discharge record merges module, for many discharge records of ownership same web site or application are merged.
The combination system of discharge record that above-described embodiment is recorded also can comprise that a flow merges effective detection module, and for detection of by reference to discharge record acquisition module, whether discharge record identification module and discharge record merge the discharge record of block merging effective.This module can arrange the frequency average thresholding of each application and website records mistake discharge record, if judge the frequency average of physical record error log, is greater than this thresholding, and the discharge record accuracy that detects merging is low; Or calculate the discharge record merging number of every website/application, and merge record number is done to normal approach, when error of fitting is larger, the discharge record accuracy that detects merging is low.
Above-described embodiment carries out degree of correlation judgement according to procotol, IP address and URL by discharge record to be identified and the discharge record of knowing ownership website or application, with this, determine ownership website or the application of discharge record to be identified, relatively prior art is with the characteristic parameter of single discharge record or judge ownership website or the application of discharge record to be identified continuous time, more accurate.
One of ordinary skill in the art will appreciate that all or part of step in said method can carry out instruction related hardware by program and complete, described program can be stored in computer-readable recording medium, as read-only memory, disk or CD etc.Alternatively, all or part of step of above-described embodiment also can realize with one or more integrated circuits, and correspondingly, the each module/unit in above-described embodiment can adopt the form of hardware to realize, and also can adopt the form of software function module to realize.The present invention is not restricted to the combination of the hardware and software of any particular form.
It should be noted that; the present invention also can have other various embodiments; in the situation that not deviating from spirit of the present invention and essence thereof; those of ordinary skill in the art can make according to the present invention various corresponding changes and distortion, but these corresponding changes and distortion all should belong to the protection range of the appended claim of the present invention.
Claims (10)
1. a discharge record merging method, is characterized in that, described method comprises:
The discharge record producing from network, selected part discharge record is identified, and determines its ownership website or application;
Discharge record to be identified and the discharge record identifying are carried out to the degree of correlation judgement of procotol, IP address and URL;
The discharge record to be identified high degree of correlation is attributed to described website or application;
Many discharge records that are attributed to described website or application are merged.
2. the method for claim 1, is characterized in that, discharge record to be identified and the discharge record identifying is carried out to the degree of correlation judgement of procotol, IP address and URL, comprising:
According to the discharge record identifying, obtain the general features that identifies the discharge record of website or application described in ownership;
Discharge record to be identified and described general features are carried out to the degree of correlation judgement of procotol, IP address and URL.
3. method as claimed in claim 2, is characterized in that, the discharge record that described basis identifies obtains the general features that identifies the discharge record of website or application described in ownership, comprising:
According to the high discharge record of procotol, IP address and the URL discharge record degree of correlation that find and that identify;
From multiple discharge records that find, pick out and compare between two the discharge record with the same high degree of correlation;
The common trait that the discharge record identifying and the discharge record of picking out are possessed is as the general features that identifies the discharge record of website or application described in ownership.
4. method as claimed in claim 3, is characterized in that, described method also comprises:
From multiple discharge records that find, pick out and compare between two after the discharge record with the same high degree of correlation, the prior probability of the discharge record that calculating is picked out, continue to select the discharge record that prior probability is greater than 1/2, the common trait that the discharge record identifying and the discharge record of picking out are possessed is as the general features that identifies the discharge record of website or application described in ownership.
5. method as claimed in claim 4, is characterized in that, described method also comprises:
When identifying the discharge record of multiple ownership different web sites or application, if judge discharge record to be identified by prior probability, can belong to the website of identifying or apply not only one, described discharge record to be identified is obtained to the website of identifying that maximum prior probability is corresponding or applies ownership website or the application as this discharge record to be identified.
6. a discharge record combination system, is characterized in that, described system comprises that reference flow records acquisition module, and discharge record identification module and discharge record merge module, wherein,
Described reference flow records acquisition module, for the discharge record selected part discharge record producing from network, identifies, and determines its ownership website or application, and the discharge record identifying is sent to discharge record identification module;
Described discharge record identification module, for carrying out discharge record to be identified and the discharge record identifying the degree of correlation judgement of procotol, IP address and URL; The discharge record to be identified high degree of correlation is attributed to described website or application, the discharge record of ownership same web site or application is sent to discharge record and merges module;
Described discharge record merges module, for many discharge records of ownership same web site or application are merged.
7. system as claimed in claim 6, is characterized in that, described discharge record identification module, for discharge record to be identified and the discharge record identifying being carried out to the degree of correlation judgement of procotol, IP address and URL, comprising:
According to the discharge record identifying, obtain the general features that identifies the discharge record of website or application described in ownership; Discharge record to be identified and described general features are carried out to the degree of correlation judgement of procotol, IP address and URL.
8. system as claimed in claim 7, is characterized in that, described discharge record identification module, for obtain the general features that identifies the discharge record of website or application described in ownership according to the discharge record that identifies, comprising:
According to the high discharge record of procotol, IP address and the URL discharge record degree of correlation that find and that identify; From multiple discharge records that find, pick out and compare between two the discharge record with the same high degree of correlation; The common trait that the discharge record identifying and the discharge record of picking out are possessed is as the general features that identifies the discharge record of website or application described in ownership.
9. system as claimed in claim 8, is characterized in that,
Described discharge record identification module, also for picking out and comparing between two the discharge record with the same high degree of correlation from multiple discharge records that find, the prior probability of the discharge record that calculating is picked out, continue to select the discharge record that prior probability is greater than 1/2, the common trait that the discharge record identifying and the discharge record of picking out are possessed is as the general features that identifies the discharge record of website or application described in ownership.
10. system as claimed in claim 9, is characterized in that,
Described discharge record identification module, also for when recording acquisition module from reference flow and receive the discharge record of multiple ownership different web sites or application, if judge discharge record to be identified by prior probability, can belong to the website of identifying or apply not only one, described discharge record to be identified is obtained to the website of identifying that maximum prior probability is corresponding or applies ownership website or the application as this discharge record to be identified.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410028727.0A CN103763320B (en) | 2014-01-21 | 2014-01-21 | Method and system for merging flow records |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410028727.0A CN103763320B (en) | 2014-01-21 | 2014-01-21 | Method and system for merging flow records |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN103763320A true CN103763320A (en) | 2014-04-30 |
| CN103763320B CN103763320B (en) | 2017-01-25 |
Family
ID=50530480
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201410028727.0A Active CN103763320B (en) | 2014-01-21 | 2014-01-21 | Method and system for merging flow records |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN103763320B (en) |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110138638A (en) * | 2019-05-16 | 2019-08-16 | 恒安嘉新(北京)科技股份公司 | A kind of processing method and processing device of network flow |
| CN113271263A (en) * | 2020-02-17 | 2021-08-17 | 华为技术服务有限公司 | Data processing method and equipment thereof |
Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| EP1804454A1 (en) * | 2005-12-29 | 2007-07-04 | Telefonaktiebolaget LM Ericsson (publ) | A method for consolidating data records |
| CN101741608A (en) * | 2008-11-10 | 2010-06-16 | 北京启明星辰信息技术股份有限公司 | Traffic characteristic-based P2P application identification system and method |
| CN102143085A (en) * | 2011-04-27 | 2011-08-03 | 北京网御星云信息技术有限公司 | Multi-dimensional network situation awareness method, equipment and system |
| US8185534B1 (en) * | 2009-02-05 | 2012-05-22 | Google Inc. | Consolidated record generation with stable identifiers for data integration systems |
| CN102694802A (en) * | 2012-05-22 | 2012-09-26 | 中国联合网络通信集团有限公司 | Method and device for recording network access information |
| CN102833241A (en) * | 2012-08-20 | 2012-12-19 | 中国联合网络通信集团有限公司 | Streaming media service traffic record merged-processing method and device |
-
2014
- 2014-01-21 CN CN201410028727.0A patent/CN103763320B/en active Active
Patent Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| EP1804454A1 (en) * | 2005-12-29 | 2007-07-04 | Telefonaktiebolaget LM Ericsson (publ) | A method for consolidating data records |
| CN101741608A (en) * | 2008-11-10 | 2010-06-16 | 北京启明星辰信息技术股份有限公司 | Traffic characteristic-based P2P application identification system and method |
| US8185534B1 (en) * | 2009-02-05 | 2012-05-22 | Google Inc. | Consolidated record generation with stable identifiers for data integration systems |
| CN102143085A (en) * | 2011-04-27 | 2011-08-03 | 北京网御星云信息技术有限公司 | Multi-dimensional network situation awareness method, equipment and system |
| CN102694802A (en) * | 2012-05-22 | 2012-09-26 | 中国联合网络通信集团有限公司 | Method and device for recording network access information |
| CN102833241A (en) * | 2012-08-20 | 2012-12-19 | 中国联合网络通信集团有限公司 | Streaming media service traffic record merged-processing method and device |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110138638A (en) * | 2019-05-16 | 2019-08-16 | 恒安嘉新(北京)科技股份公司 | A kind of processing method and processing device of network flow |
| CN113271263A (en) * | 2020-02-17 | 2021-08-17 | 华为技术服务有限公司 | Data processing method and equipment thereof |
| CN113271263B (en) * | 2020-02-17 | 2023-01-06 | 华为技术服务有限公司 | Data processing method and equipment thereof |
Also Published As
| Publication number | Publication date |
|---|---|
| CN103763320B (en) | 2017-01-25 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN103209174B (en) | A kind of data prevention method, Apparatus and system | |
| CN109802953B (en) | Industrial control asset identification method and device | |
| CN108062202A (en) | A kind of file block storage method and system | |
| WO2015051720A1 (en) | Method and device for detecting suspicious dns, and method and system for processing suspicious dns | |
| CN105141605B (en) | Session method, Website server and browser | |
| CN102685145A (en) | Domain name server (DNS) data packet-based bot-net domain name discovery method | |
| CN107342913B (en) | Detection method and device for CDN node | |
| CN105635064B (en) | CSRF attack detection method and device | |
| KR102061833B1 (en) | Apparatus and method for investigating cyber incidents | |
| CN111756724A (en) | Detection method, device and equipment for phishing website and computer readable storage medium | |
| CN110995684B (en) | Vulnerability detection method and device | |
| TWI656778B (en) | Malicious domain detection method combining network information and network traffic | |
| CN103327036B (en) | The identification method of internet browsing equipment and Cookie server | |
| CN113301155B (en) | Data routing method, device, equipment and storage medium | |
| CN113067802B (en) | User identification method, device, equipment and computer readable storage medium | |
| CN103763320A (en) | Method and system for merging flow records | |
| CN107592299B (en) | Proxy internet access identification method, computer device and computer readable storage medium | |
| CN116776390A (en) | Method, device, storage medium and equipment for monitoring data leakage behavior | |
| CN105812204A (en) | Recursion domain name server online identification method based on connectivity estimation | |
| CN107948022B (en) | Identification method and identification device for peer-to-peer network traffic | |
| CN107995167B (en) | Equipment identification method and server | |
| CN110830501A (en) | Website asset detection method based on DNS traffic | |
| CN103701821B (en) | File type identification method and device | |
| CN113766046B (en) | Iterative traffic tracking method, DNS server and computer readable storage medium | |
| CN112367340B (en) | Intranet asset risk assessment method, device, equipment and medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant |