CN103973688B - The filter method and defecator of network traffics - Google Patents
The filter method and defecator of network traffics Download PDFInfo
- Publication number
- CN103973688B CN103973688B CN201410193821.1A CN201410193821A CN103973688B CN 103973688 B CN103973688 B CN 103973688B CN 201410193821 A CN201410193821 A CN 201410193821A CN 103973688 B CN103973688 B CN 103973688B
- Authority
- CN
- China
- Prior art keywords
- packet
- relief area
- address information
- instruction
- interface card
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Landscapes
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The present invention discloses a kind of filter method of network traffics and defecator.The method includes:Receive the instruction filtered by network traffics;The outgoing route that relief area is closed according to instruction keeps the input path of relief area to open simultaneously, and the input path connection network interface card of relief area, to be stored in the packet of network interface card transmission;Judge whether the quantity of the packet that relief area is stored in reaches predetermined threshold, if reaching predetermined threshold, extract the currently IP address information of the packet of relief area to be deposited and IP address information is write default filter table, while opening the outgoing route of relief area;After by data packet discarding currently to be deposited, the IP address information of the packet that network interface card is subsequently sent is compared with the IP address information in filter table, if identical, abandons follow-up packet, if it is not the same, follow-up packet is stored in relief area then.Implement the present invention can in the case where network traffics attribute is unknown accurate filtering of network traffic.
Description
Technical field
The present invention relates to network traffic analysis technical field, more particularly to a kind of filter method of network traffics, further relate to
A kind of defecator of network traffics.
Background technology
In network data analysis, network traffics are divided into background traffic and prospect flow, and background traffic is for analysis object
For, it is extra, unnecessary, incoherent, prospect flow exactly needs the object that analyzes.But in network traffics, background stream
Amount proportion is sizable, therefore when network data analysis are carried out, needs the background traffic in filtering of network traffic, with
Elimination noise data is reached, the purpose of subsequent data analysis efficiency is improved.
But in the prior art, condition that network traffics are filtered be background traffic attribute known to or characteristic
, it is known that therefore, prior art is only applicable to the background traffic for recognizing several known attributes under simultaneously filtration experiment room environmental, and right
When background traffic in actual environment is identified and filters, accuracy is low, so the limitation of prior art is larger.
Content of the invention
The technical problem to be solved is to provide a kind of filter method of network traffics and defecator, Neng Gou
Accurate filtering of network traffic in the case that network traffics attribute is unknown.
In order to solve above-mentioned technical problem, a kind of technical scheme that the present invention is adopted is to provide a kind of filtration of network traffics
Method, the filter method include:Receive the instruction filtered by network traffics;The defeated of relief area is closed according to the instruction
Outbound path keeps the input path of relief area to open simultaneously, and wherein, the input path connection network interface card of the relief area, to be stored in
State the packet of network interface card transmission;Judge whether the quantity of the packet that the relief area is stored in reaches predetermined threshold, if reached
Predetermined threshold, extracts the currently IP address information of the packet of relief area to be deposited and writes the IP address information default
Filter table, while open the outgoing route of the relief area;After by data packet discarding currently to be deposited, will be follow-up for the network interface card
The IP address information of the packet of transmission is compared with the IP address information in the filter table, if identical, abandons institute
Follow-up packet is stated, if it is not the same, the follow-up packet is stored in relief area then.
Wherein, maximum size of the predetermined threshold for relief area.
Wherein, the IP ground in entering to be about to the IP address information of packet of the follow-up transmission of the network interface card and the filter table
Before the step of location information is compared, the filter method also includes:Judge whether the instruction is cancelled, if the finger
Order is not cancelled, then the IP address information of the packet for subsequently sending the network interface card is believed with the IP address in the filter table
Breath is compared, if described instruction be cancelled, empty the filter table go forward side by side be about to the follow-up packet be stored in slow
The step of rushing area.
Wherein, if the instruction is not cancelled, the IP address information of the packet that the network interface card is subsequently sent
The step of being compared with the IP address information in the filter table is specifically included:If the instruction is not cancelled, judge
Whether the relief area is empty, if the relief area is not for sky, the IP address of the packet that the network interface card is subsequently sent
Information is compared with the IP address information in the filter table, if the relief area is sky, empties the filter table simultaneously
The step of entering to be about to the follow-up packet and be stored in relief area.
Wherein, the IP address information includes source IP address and purpose IP address.
In order to solve above-mentioned technical problem, another kind of technical scheme that the present invention is adopted is to provide a kind of mistake of network traffics
Filter device, the defecator include receiver module, respond module, extraction module and comparing module, wherein, the receiver module
For receiving the instruction filtered by network traffics;The respond module is used for the output for closing relief area according to the instruction
Path keeps the input path of relief area to open simultaneously, and wherein, the input path connection network interface card of the relief area is described to be stored in
The packet that network interface card sends;The extraction module is used for judging whether the quantity of packet that the relief area is stored in reaches predetermined
Threshold value, if reaching predetermined threshold, extracts the currently IP address information of the packet of relief area to be deposited and by the IP address
Information writes default filter table, while opening the outgoing route of the relief area;The comparing module is used for currently being waited to deposit
IP address after the data packet discarding for entering, in the IP address information of the packet that the network interface card is subsequently sent and the filter table
Information is compared, if identical, abandons the follow-up packet, if it is not the same, then by the follow-up packet
It is stored in relief area.
Wherein, maximum size of the predetermined threshold for relief area.
Wherein, the comparing module be additionally operable to the IP address information in the packet for subsequently sending the network interface card with described
Before IP address information in filter table is compared, judge whether the instruction is cancelled, if the instruction is not taken
Disappear, then the IP address information of the packet for subsequently sending the network interface card is compared with the IP address information in the filter table
Right, if the instruction is cancelled, empties the filter table and the follow-up packet is stored in relief area.
Wherein, if the instruction is not cancelled, the comparing module is additionally operable to judge whether the relief area is sky,
If the relief area is for sky, in the IP address information of the packet that the network interface card is subsequently sent and the filter table
IP address information is compared, if the relief area is sky, empties the filter table and deposits the follow-up packet
Enter relief area.
Wherein, the IP address information includes source IP address and purpose IP address.
In sum, as a result of above-mentioned technical proposal, the invention has the beneficial effects as follows:The network traffics of the present invention
, by closing the outgoing route of relief area, the quantity of the packet for allowing relief area to be stored in reaches predetermined for filter method and defecator
Threshold value, while the IP address information of the packet of relief area to be deposited is extracted, by the IP address information and follow-up packet
IP address information is contrasted, if identical, abandoned follow-up packet, is reached the purpose of filtration.It is stored in due to relief area
The quantity of packet can make the occurrence law of the background traffic in network traffics meet the law of large numbers when reaching predetermined threshold former
Reason, can recognize whether network traffics are background traffic exactly, need not learn the attribute of network traffics.So as in network
Accurate filtering of network traffic in the case that flow attribution is unknown, can effectively improve network traffic analysis efficiency, expand application model
Enclose.
Description of the drawings
Examples of the present invention will be described by way of reference to the accompanying drawings, wherein:
Fig. 1 is the schematic flow sheet of the filter method first embodiment of inventive network flow;
Fig. 2 is the schematic flow sheet of the filter method second embodiment of inventive network flow;
Fig. 3 is the structural representation of one embodiment of defecator of inventive network flow.
Specific embodiment
All features disclosed in this specification, or disclosed all methods or during the step of, except mutually exclusive
Feature and/or step beyond, can combine by any way.
Any feature disclosed in this specification, unless specifically stated otherwise, can be equivalent or with similar purpose by other
Alternative features are replaced.I.e., unless specifically stated otherwise, each feature is an example in a series of equivalent or similar characteristics
?.
Fig. 1 is referred to, is the schematic flow sheet of the filter method first embodiment of inventive network flow.Network traffics
Filter method is comprised the following steps:
S11:Receive the instruction filtered by network traffics.
Wherein, the instruction can be sent manually by operator, it is also possible to be set to system and sent automatically.The present embodiment is excellent
The process that the time is system peak hours/period, i.e. system that sends of choosing instruction is not carried out reading relief area.
S12:The outgoing route that relief area is closed according to instruction keeps the input path of relief area to open simultaneously, wherein, delays
The input path connection network interface card in area is rushed, to be stored in the packet of network interface card transmission.
Wherein, network interface card is connected to network, receives network traffics from network, and carries out packet receiving process to network traffics.Network interface card
After collecting packet, packet is sent to relief area by the input path of relief area.The outgoing route of relief area is closed
After closing, in relief area, stored packet can not be exported, i.e., can not be read by other equipment.Due to exporting road
Footpath is closed, and relief area is stored in the data packet number of network interface card transmission will be increased.
S13:Judge whether the quantity of the packet that relief area is stored in reaches predetermined threshold, if reaching predetermined threshold, carry
Take the IP address information of the currently packet of relief area to be deposited and IP address information is write default filter table, while opening
The outgoing route of relief area.
Wherein, there is law of large numbers principle in theory of probability, the law of large numbers is the philosophy in probability statistics, is to beg for
By the law that the arithmetic mean of instantaneous value of sequence of random variables is restrained to constant, it is not empirical law, but by Strict Proof
Theorem.A lot of random events be regular, these " regular random events " under conditions of repeating in a large number, often
Assume almost surely statistical property.When being applied in network traffic analysis.If the network bandwidth is occupied full, then regularly right
Network traffics carry out snapshot, and the network traffics that takes pictures are 1 for the probability convergence of background traffic.However, in actual applications, net
The probability very little that network bandwidth is occupied full, in order to meet law of large numbers principle, using relief area as " bandwidth ", so as to relief area in
Data packet number when reaching predetermined threshold, it is believed that be that bandwidth is occupied.In order to improve accuracy, in the present embodiment, in advance
Determine the maximum size that threshold value is preferably relief area.
After the packet of relief area reaches predetermined threshold, from the foregoing, the network traffics of current relief area to be deposited
Probability for background traffic is very big, it is believed that the network traffics are background traffic, and the attribute of the network traffics is to background
The identification of flow has no effect on.After the IP address information of the network traffics is extracted, it is stored in default filter table.Filter table can
To be one-dimension array, IP (Internet Protocol, Internet protocol) address information can be source IP address and purpose IP ground
Location.
Consider about 20 kinds of the species of the background traffic of network traffics in practical application, the IP address information that extracts
Just about 20 kinds, so the memory length scope of filter table could be arranged to 1-20.After the outgoing route of relief area is opened, and slow
The data fetch equipment for rushing the outgoing route connection in area can start read data packet.
S14:After by data packet discarding currently to be deposited, the IP address information and mistake of the packet that network interface card is subsequently sent
IP address information in filter table is compared, if identical, abandons follow-up packet, if it is not the same, then will be follow-up
Packet is stored in relief area.
Wherein, packet currently to be deposited needs to abandon due to belonging to background traffic.
IP address information of the IP address information in due to filter table for background traffic, then with the IP address in filter table
Information identical packet, all thinks to belong to background traffic, will complete to filter after the data packet discarding.If the IP ground of packet
Location information is differed with the IP address information in filter table, then the packet belongs to prospect flow, is to need subsequent analysis
Object, it is therefore desirable to be stored in relief area and wait subsequent treatment.
By the way, the filter method of the network traffics of the embodiment of the present invention closes buffering according to the instruction for receiving
The outgoing route in area, when the data packet number that relief area is stored in reaches predetermined threshold, according to law of large numbers principle, number to be deposited
Background traffic is according to bag, the IP address information the IP address by its packet subsequently sent with network interface card of the packet is extracted
Information is compared, if identical, abandons follow-up packet, if it is not the same, follow-up packet is stored in buffering then
Area, due to learning the attribute of background traffic such that it is able to unknown in network traffics attribute when background traffic is recognized
In the case of accurate filtering of network traffic, effectively improve network traffic analysis efficiency, for any actual environment can be suitable for, from
And range of application can be expanded.
Fig. 2 is referred to, is the schematic flow sheet of the filter method second embodiment of inventive network flow.Network traffics
Filter method is comprised the following steps:
S21:Receive the instruction filtered by network traffics.
Wherein, the instruction can be sent manually by operator, it is also possible to be set to system and sent automatically.The present embodiment is excellent
The process that the time is system peak hours/period, i.e. system that sends of choosing instruction is not carried out reading relief area.
S22:The outgoing route that relief area is closed according to instruction keeps the input path of relief area to open simultaneously, wherein, delays
The input path connection network interface card in area is rushed, to be stored in the packet of network interface card transmission.
Wherein, network interface card is connected to network, receives network traffics from network, and carries out packet receiving process to network traffics.Network interface card
After collecting packet, packet is sent to relief area by the input path of relief area.The outgoing route of relief area is closed
After closing, in relief area, stored packet can not be exported, i.e., can not be read by other equipment.Due to exporting road
Footpath is closed, and relief area is stored in the data packet number of network interface card transmission will be increased.
S23:Judge whether the quantity of the packet that relief area is stored in reaches predetermined threshold, if reaching predetermined threshold, enter
Row step S24, if being not reaching to predetermined threshold, carries out step S22.
Wherein, according to law of large numbers principle, after the packet of relief area reaches predetermined threshold, current relief area to be deposited
Network traffics very big for the probability of background traffic, it is believed that the network traffics are background traffic, and the network traffics
Attribute is had no effect on to the identification of background traffic.
S24:Extract the currently IP address information of the packet of relief area to be deposited and IP address information is write default
Filter table, while open the outgoing route of relief area.
Wherein, it is contemplated that in practical application, the species of the background traffic of network traffics is about 20 kinds, the IP ground for extracting
Just about 20 kinds of location information, so the memory length scope of filter table could be arranged to 1-20.The outgoing route of relief area is opened
Afterwards, the data fetch equipment being connected with the outgoing route of relief area can start read data packet.
S25:After by data packet discarding currently to be deposited, whether decision instruction is cancelled, if instruction is not cancelled,
Step S26 is carried out, if instruction is cancelled, step S27 is carried out.
Wherein, packet currently to be deposited needs to abandon due to belonging to background traffic.
The instruction filtered by network traffics is cancelled, then need to be stored in overall network flow in relief area.The present invention
When the opportunity of embodiment cancellation instruction is preferably the system free time, i.e., the process of system is being read out the operation of relief area.
S26:Judge whether relief area is empty, if relief area is not sky, carry out step S28, if relief area is sky, enter
Row step S27.
Wherein, if instruction is not cancelled, but relief area is sky, then possible user reads relief area manually,
It is also considered as system this when idle.
S27:Empty filter table.
Wherein, the IP address information in filter table will be cleared, in case re-write IP address information next time.
S28:The IP address information of the packet that network interface card is subsequently sent is compared with the IP address information in filter table,
If identical, step S29 is carried out, if it is not the same, carrying out step S30.
Wherein, due to filter table in IP address information for background traffic IP address information, then in filter table
IP address information identical packet, all thinks to belong to background traffic.If in the IP address information of packet and filter table
IP address information is differed, then the packet belongs to prospect flow, is the object for needing subsequent analysis.
S29:Abandon follow-up packet.
S30:Follow-up packet is stored in relief area.
In some other application scenarios, if relief area is sky in step S26, step S27 can not be carried out.Or this
The filter method of embodiment can not include step S26, i.e., instruct in step s 25 when not being cancelled, directly carry out step
S28.
Fig. 3 is referred to, is the structural representation of one embodiment of defecator of inventive network flow.Also show in the lump in figure
Anticipate network interface card and relief area.The defecator 30 of network traffics includes receiver module 31, respond module 32, extraction module 33 and ratio
To module 34.
Receiver module 31 is used for receiving the instruction for filtering network traffics.Wherein, the instruction can be by operator
Send manually, it is also possible to be set to system and send automatically.What the present embodiment was preferably instructed sends the time for system peak hours/period, i.e.,
The process of system is not carried out reading relief area.
The outgoing route that respond module 32 is used for closing relief area according to instruction keeps the input path of relief area to open simultaneously
Open, wherein, the input path connection network interface card of relief area, to be stored in the packet of network interface card transmission.Wherein, network interface card is connected to network,
Network traffics are received from network, and packet receiving process is carried out to network traffics.After network interface card collects packet, by packet by slow
The input path for rushing area is sent to relief area.After the outgoing route of relief area is closed, stored packet in relief area
Can not export, i.e., can not be read by other equipment.As outgoing route is closed, relief area is stored in the number of network interface card transmission
To increase according to bag quantity.
Extraction module 33 is used for whether the quantity of the packet for judging that relief area is stored in reach predetermined threshold, if reached pre-
Determine threshold value, extract the currently IP address information of the packet of relief area to be deposited and IP address information is write default filtration
Table, while open the outgoing route of relief area.Wherein, there is law of large numbers principle in theory of probability, the law of large numbers is probability system
The philosophy in learning is counted, is the law that the arithmetic mean of instantaneous value of discussion sequence of random variables is restrained to constant, it is not experience rule
Rule, but the theorem by Strict Proof.A lot of random events are regular, and these " regular random events " are a large amount of
Under conditions of repeating, often assume almost surely statistical property.When being applied in network traffic analysis.If network
Bandwidth is occupied full, then regularly carry out snapshot to network traffics, and the network traffics that takes pictures for the probability convergence of background traffic are
1.However, in actual applications, the probability very little that the network bandwidth is occupied full, in order to meet law of large numbers principle, by relief area
As " bandwidth ", so as to relief area in data packet number when reaching predetermined threshold, it is believed that be that bandwidth is occupied.In order to improve
Accuracy, in the present embodiment, predetermined threshold is preferably the maximum size of relief area.Packet in relief area reaches predetermined threshold
After value, from the foregoing, currently the network traffics of relief area to be deposited are very big for the probability of background traffic, it is believed that the net
Network flow is background traffic, and the attribute of the network traffics is had no effect on to the identification of background traffic.The IP ground of the network traffics
After location information is extracted, it is stored in default filter table.Filter table can be one-dimension array, and IP address information can be source IP ground
Location and purpose IP address.Consider about 20 kinds of the species of the background traffic of network traffics in practical application, the IP for extracting
Just about 20 kinds of address information, so the memory length scope of filter table could be arranged to 1-20.The outgoing route of relief area is opened
Qi Hou, the data fetch equipment being connected with the outgoing route of relief area can start read data packet.
After comparing module 34 is used for data packet discarding currently to be deposited, the IP ground of the packet that network interface card is subsequently sent
Location information is compared with the IP address information in filter table, if identical, abandons follow-up packet, if it is not the same,
Follow-up packet is stored in relief area then.Wherein, packet currently to be deposited needs to abandon due to belonging to background traffic.
IP address information of the IP address information in due to filter table for background traffic, then identical with the IP address information in filter table
Packet, all think to belong to background traffic, will complete to filter after the data packet discarding.If the IP address information of packet with
IP address information in filter table is differed, then the packet belongs to prospect flow, is the object for needing subsequent analysis, therefore
Need to be stored in relief area wait subsequent treatment.
Continuing with referring to Fig. 3, in an alternative embodiment of the invention, comparing module 34 is additionally operable to subsequently sending network interface card
Before IP address information in the IP address information of packet and filter table is compared, whether decision instruction is cancelled, if
Instruction is not cancelled, then the IP address information of the packet for subsequently sending network interface card is carried out with the IP address information in filter table
Compare, if instruction is cancelled, empties filter table and follow-up packet is stored in relief area.Wherein, network traffics are entered
The instruction that row is filtered is cancelled, then need to be stored in overall network flow in relief area.The embodiment of the present invention cancels the opportunity of instruction
When preferably system is idle, i.e., the process of system is being read out the operation of relief area.
Further, if instruction is not cancelled, comparing module 34 is additionally operable to judge whether relief area is empty, if slow
Area is rushed not for sky, then the IP address information of the packet for subsequently sending network interface card is compared with the IP address information in filter table
Right, if relief area is sky, empties filter table and follow-up packet is stored in relief area.Wherein, if instruction not by
Cancel, but relief area is sky, then possible user reads relief area manually, is also considered as system this when idle.Filter
After IP address information in table is cleared, IP address information can be once re-write upper.
In sum, output road of the filter method and defecator of network traffics of the invention by closing relief area
Footpath, the packet accumulation for allowing relief area to be stored in change the maximum size that predetermined threshold is preferably relief area, so as to net to predetermined threshold
The probability of occurrence of the background traffic in network flow will meet law of large numbers principle, just now have not been entered into the packet of relief area
Belong to background traffic, subsequently background traffic is belonged to the IP address information identical packet of the packet such that it is able to
Accurate filtering of network traffic in the case that network traffics attribute is unknown, can effectively improve network traffic analysis efficiency, and expanding should
Use scope.
The invention is not limited in aforesaid specific embodiment.The present invention is expanded to and any is disclosed in this manual
New feature or any new combination, and the arbitrary new method that discloses or the step of process or any new combination.
Claims (10)
1. a kind of filter method of network traffics, it is characterised in that the filter method includes:
Receive the instruction filtered by network traffics;
The outgoing route that relief area is closed according to the instruction keeps the input path of relief area to open simultaneously, wherein, described slow
The input path connection network interface card in area is rushed, to be stored in the packet that the network interface card sends;
Judge whether the quantity of the packet that the relief area is stored in reaches predetermined threshold, if reaching predetermined threshold, extract and work as
The IP address information is simultaneously write default filter table by the IP address information of the packet of front relief area to be deposited, while opening
The outgoing route of the relief area;
After by data packet discarding currently to be deposited, the IP address information and the mistake of the packet that the network interface card is subsequently sent
IP address information in filter table is compared, if identical, abandons the follow-up packet, if it is not the same, then by institute
State follow-up packet and be stored in relief area.
2. filter method according to claim 1, it is characterised in that maximum size of the predetermined threshold for relief area.
3. filter method according to claim 1 and 2, it is characterised in that entering to be about to the number that the network interface card subsequently sends
Before the step of comparing according to the IP address information in IP address information and the filter table of bag, the filter method is also wrapped
Include:
Judge whether the instruction is cancelled, if the instruction is not cancelled, the data that the network interface card is subsequently sent
The IP address information of bag is compared with the IP address information in the filter table, if the instruction is cancelled, empties institute
State filter table to go forward side by side the step of being about to the follow-up packet and be stored in relief area.
4. filter method according to claim 3, it is characterised in that if the instruction is not cancelled, will be described
The step of IP address information in the IP address information of the packet that network interface card subsequently sends and the filter table is compared is concrete
Including:
If the instruction is not cancelled, judge whether the relief area is empty, if the relief area is not sky, by institute
The IP address information for stating the packet that network interface card subsequently sends is compared with the IP address information in the filter table, if described
Relief area is sky, then empty the filter table and go forward side by side the step of being about to the follow-up packet and be stored in relief area.
5. filter method according to claim 1, it is characterised in that the IP address information includes source IP address and purpose
IP address.
6. a kind of defecator of network traffics, it is characterised in that the defecator includes receiver module, respond module, carries
Delivery block and comparing module, wherein,
The receiver module is used for receiving the instruction for filtering network traffics;
The respond module is used for closing the outgoing route of relief area according to the instruction while keeping the input path of relief area
Open, wherein, the input path connection network interface card of the relief area, to be stored in the packet that the network interface card sends;
The extraction module is used for whether the quantity of the packet for judging that the relief area is stored in reach predetermined threshold, if reached
Predetermined threshold, extracts the currently IP address information of the packet of relief area to be deposited and writes the IP address information default
Filter table, while open the outgoing route of the relief area;
After the comparing module is used for data packet discarding currently to be deposited, the IP of the packet that the network interface card is subsequently sent
Address information is compared with the IP address information in the filter table, if identical, abandons the follow-up packet, such as
Fruit differs, then the follow-up packet is stored in relief area.
7. defecator according to claim 6, it is characterised in that maximum size of the predetermined threshold for relief area.
8. the defecator according to claim 6 or 7, it is characterised in that the comparing module is additionally operable to by the net
Before IP address information in the IP address information of the follow-up packet for sending of card and the filter table is compared, judge described
Whether instruction is cancelled, if the instruction is not cancelled, the IP address letter of the packet that the network interface card is subsequently sent
Breath is compared with the IP address information in the filter table, if the instruction is cancelled, empties the filter table and incites somebody to action
The follow-up packet is stored in relief area.
9. defecator according to claim 8, it is characterised in that if the instruction is not cancelled, the comparison
Module is additionally operable to judge whether the relief area is empty, if the relief area is not sky, the network interface card is subsequently sent
The IP address information of packet is compared with the IP address information in the filter table, if the relief area is sky, clearly
The follow-up packet is simultaneously stored in relief area by the empty filter table.
10. defecator according to claim 6, it is characterised in that the IP address information includes source IP address and mesh
IP address.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410193821.1A CN103973688B (en) | 2014-05-09 | 2014-05-09 | The filter method and defecator of network traffics |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410193821.1A CN103973688B (en) | 2014-05-09 | 2014-05-09 | The filter method and defecator of network traffics |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN103973688A CN103973688A (en) | 2014-08-06 |
| CN103973688B true CN103973688B (en) | 2017-03-15 |
Family
ID=51242734
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201410193821.1A Active CN103973688B (en) | 2014-05-09 | 2014-05-09 | The filter method and defecator of network traffics |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN103973688B (en) |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1336058A (en) * | 1998-12-10 | 2002-02-13 | 诺基亚网络有限公司 | System and method for pre-filtering low priority packets |
| CN101035011A (en) * | 2006-03-10 | 2007-09-12 | 中国科学院软件研究所 | Filtering method and system for Ethernet driving bottom layer |
| CN101616129A (en) * | 2008-06-27 | 2009-12-30 | 成都市华为赛门铁克科技有限公司 | The methods, devices and systems of anti-network attack flow overload protection |
| CN102223308A (en) * | 2011-07-06 | 2011-10-19 | 北京航空航天大学 | Network area traffic compressing and distributing system based on virtual link exchange |
Family Cites Families (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US7725934B2 (en) * | 2004-12-07 | 2010-05-25 | Cisco Technology, Inc. | Network and application attack protection based on application layer message inspection |
| US8140665B2 (en) * | 2005-08-19 | 2012-03-20 | Opnet Technologies, Inc. | Managing captured network traffic data |
-
2014
- 2014-05-09 CN CN201410193821.1A patent/CN103973688B/en active Active
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1336058A (en) * | 1998-12-10 | 2002-02-13 | 诺基亚网络有限公司 | System and method for pre-filtering low priority packets |
| CN101035011A (en) * | 2006-03-10 | 2007-09-12 | 中国科学院软件研究所 | Filtering method and system for Ethernet driving bottom layer |
| CN101616129A (en) * | 2008-06-27 | 2009-12-30 | 成都市华为赛门铁克科技有限公司 | The methods, devices and systems of anti-network attack flow overload protection |
| CN102223308A (en) * | 2011-07-06 | 2011-10-19 | 北京航空航天大学 | Network area traffic compressing and distributing system based on virtual link exchange |
Also Published As
| Publication number | Publication date |
|---|---|
| CN103973688A (en) | 2014-08-06 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN104270392B (en) | A kind of network protocol identification method learnt based on three grader coorinated trainings and system | |
| CN102882881B (en) | Special data filtering method for eliminating denial-of-service attacks to DNS (domain name system) service | |
| CN108123931A (en) | Ddos attack defence installation and method in a kind of software defined network | |
| CN109600317B (en) | Method and device for automatically identifying traffic and extracting application rules | |
| CN109768981B (en) | Network attack defense method and system based on machine learning under SDN architecture | |
| CN108696543B (en) | Distributed reflection denial of service attack detection and defense method based on deep forest | |
| CN102315974A (en) | Stratification characteristic analysis-based method and apparatus thereof for on-line identification for TCP, UDP flows | |
| CN103441946A (en) | CPU-protecting mass-flow attack identification method and device | |
| CN101911614A (en) | Systems and processes of identifying p2p applications based on behavioral signatures | |
| CN104994076A (en) | Machine-learning-based daily access model implementation method and system | |
| CN102073684A (en) | Method and device for excavating search log and page search method and device | |
| CN111935063A (en) | System and method for monitoring abnormal network access behavior of terminal equipment | |
| CN104122464B (en) | Record and the method for analytical data in a kind of electric protection device | |
| CN106921507A (en) | The method and apparatus being predicted to customer complaint within a wireless communication network | |
| CN104092588B (en) | A kind of exception flow of network detection method combined based on SNMP with NetFlow | |
| CN107248252A (en) | A kind of efficient forest fire detecting system | |
| CN106936621A (en) | A kind of work order storm control method, apparatus and system | |
| CN105376247A (en) | Method and device for identifying abnormal flow based on frequent algorithm | |
| CN103973688B (en) | The filter method and defecator of network traffics | |
| CN106803813A (en) | A kind of recognition methods of intelligent home device control command field | |
| CN103780460A (en) | System for realizing hardware filtering of TAP device through FPGA | |
| CN107064159A (en) | A kind of apparatus and system that growth tendency is judged according to the detection of plant yellow leaf | |
| CN110266603A (en) | Authentication business network flow analysis system and method based on http protocol | |
| CN107070748A (en) | A kind of processing system and method for the big data that communicates | |
| CN109831428B (en) | SDN network attack detection and defense method and device |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant |