CN104079493A - Flow recognition method and equipment and management and control method and equipment based on names of downloaded resources - Google Patents
Flow recognition method and equipment and management and control method and equipment based on names of downloaded resources Download PDFInfo
- Publication number
- CN104079493A CN104079493A CN201410257677.3A CN201410257677A CN104079493A CN 104079493 A CN104079493 A CN 104079493A CN 201410257677 A CN201410257677 A CN 201410257677A CN 104079493 A CN104079493 A CN 104079493A
- Authority
- CN
- China
- Prior art keywords
- downloaded resources
- request message
- title
- identification
- management
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Landscapes
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention discloses a network flow recognition method, recognition equipment, a management and control method and management and control equipment based on names of downloaded resources. The network flow recognition method includes the steps that a request message is received; a downloaded resource link in the request message is recognized; if recognition is successful, the request message is analyzed, and the names of the downloaded resources are extracted. Because the names of the downloaded resources are extracted from network flow, the network flow can be managed and controlled according to the names of the downloaded resources. The network flow recognition method, the recognition equipment, the management and control method and the management and control equipment have the function of recognizing and refining the downloading flow, the fineness of the recognition granularity is improved, and therefore a user can audit, manage and control the downloading flow more finely and extract information of the downloading flow at a deeper level.
Description
Technical field
The invention belongs to network application flow recognition and classification technical field, particularly relate to a kind of network flow identification method, identification equipment, management-control method and management and control devices based on downloaded resources title.
Background technology
Along with the fast development of Internet technology, network has become indivisible part in people's life.Along with the appearance of the network technologies such as P2P, a series of new problems such as network security, bandwidth occupancy, content charging, information security have also been brought simultaneously.For the management to network traffics, flow recognition technology is initially located in very important position at present, and it is many-sided bases such as information filtering in network, flow analysis, Bandwidth Management, secure communication and the Internet supervision and O&M.The identification of so-called flow refers to and utilizes some information (such as protocol characteristic, fingerprint, signature etc.) of message in stream and stream that the stream on network (for example: the technology stream of various application types) is divided into set some classifications; Wherein stream refers in a certain section of Fixed Time Interval by IP (the Internet Protocol of an observation station on network, network interconnection agreement) set of message, these messages have identical five-tuple (source IP, source port, object IP, destination interface and protocol type) sign; One of them stream belongs to a part for flow.
The mode of current flux identification mainly comprises: the flow RM based on port mapping, IP address-based flow RM, based on DPI (Deep Packet Inspection, deep-packet detection) flow RM and the flow RM based on DFI (Deep Flow Inspection, deep stream detects).Flow recognition technology or product that at present each macroreticular device fabrication business releases have been used deep packet inspection technical (DPI) mostly, and except in performance and precision to some extent difference, its technological essence is identical.
The recognition result granularity of DPI is excessively thick at present, all be limited to application layer, for example use sudden peal of thunder software to download a glittering > > of film < < Red Star, each large equipment manufacturer all can be identified as to present flow rate " sudden peal of thunder download ", can not be identified as the glittering > > of < < Red Star.First present case can cause user cannot obtain the specifying information of downloading flow in network, cannot add up mass data.If secondly user to company's network settings flow control strategy, user cannot carry out download management for classification or the keyword of resource, so network fluidic device is very restricted for the monitoring of downloading flow.
Summary of the invention
In view of this, the invention provides a kind of network traffics identification and management and control scheme based on downloaded resources title, there is the function for downloading flow identification refinement, the fineness of identification granularity is strengthened, can make user meticulousr to the audit of downloading flow and management and control, downloading flow is had to deeper information extraction.
In order to solve the problems of the technologies described above, one aspect of the present invention provides a kind of recognition methods of network traffics, and the method comprises the following steps: receive request message; Downloaded resources link in identification described request message; If identified successfully, resolve described request message, extract downloaded resources title.Can also further extract downloaded resources type.
Further, utilize after above-mentioned recognition methods extracted downloaded resources title from network traffics, just can carry out according to downloaded resources title management and the control of network traffics.
Second aspect present invention provides a kind of identification equipment of network traffics.This equipment comprises receiving element, for receiving request message; Recognition unit, for identifying the downloaded resources link of described request message; Resolution unit, identifies for successfully resolved the request message that downloaded resources links, and therefrom extracts downloaded resources title.Can also further extract downloaded resources type.
Further, utilize after above-mentioned identification equipment extracted downloaded resources title from network traffics, network flow management unit just can carry out according to downloaded resources title management and the control of network traffics.
Beneficial effect:
(1) the invention provides more fine-grained recognition result, when using sudden peal of thunder software, download a glittering > > of film < < Red Star, adopt the present invention program can be identified as the glittering > > of < < Red Star, and be not only " sudden peal of thunder download ".So, there is the recognition result of the present invention just can be in network traffics management and control, mass data is added up more targetedly, setting be take and downloaded the flow control strategy that resource name is target, thereby make user to carry out download management for Resource Key, for example forbid that user downloads the resource of specific names, thereby greatly widened the monitoring function of network fluidic device for downloading flow.
(2) the present invention resolves request message by signature, and signature is resolved readable high, be easy to reader understanding, and resolution speed is fast, is convenient to Quick and takes out the resource name information needing.
The present invention identifies that fineness is high, realizability is strong, can be used as network Flow Control functions of the equipments and realizes, and the network application can be used in strategy is controlled, and monitoring can carry out network application time.
Accompanying drawing explanation
Fig. 1 is the application scenarios of embodiment of the present invention downloading flow equipment;
Fig. 2 is the recognition methods flow chart of embodiment of the present invention downloading flow;
Fig. 3 is the identification equipment structure chart of embodiment of the present invention downloading flow.
Embodiment
Below in conjunction with the accompanying drawing embodiment that develops simultaneously, describe the present invention.
Fig. 1 is the application scenarios of embodiment of the present invention downloading flow identification equipment.As shown in Figure 1, customer end A is by network flow monitoring equipment B access remote server C.C is downloaded resources server, and it constantly monitors the request from A client.Once connect and to set up, customer end A will be to the request message of downloading Resource Server C and send downloaded resources, downloaded resources server C with that return data as response.Finally, connect and be just released.
Mutual information between the forwarding of network Flow Control equipment B monitor client A and downloaded resources server C.By customer end A, to downloading request message that Resource Server C sends, identify this and be linked as downloaded resources and link.
Fig. 2 is the flow chart of the network flow identification method based on downloaded resources title in the embodiment of the present invention.The method comprising the steps of 1-3.In under this part Yi Baidu, downloading QQ2013 is example.
Step 1: receive request message.
In step 1, when user clicks the download link of middle QQ2013 under Baidu by the browser of customer end A, customer end A can send HTTP request message to Baidu's server by network Flow Control equipment B.Customer end A is as follows to the HTTP request message of downloading Resource Server C transmission by network Flow Control equipment B:
GET/sw-search-sp/gaosu/2014_03_13_16/bind1/12350/QQ2013SP6.2288047051.exe?HTTP/1.1
Host:dlsw.baidu.com
User-Agent:Mozilla/5.0(Windows?NT6.1;WOW64;rv:24.0)Gecko/20100101Firefox/24.0
Accept:text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language:zh-cn,zh;q=0.8,en-us;q=0.5,en;q=0.3
Accept-Encoding:gzip,deflate
Request mode is to downloading Resource Server C, to carry out request of data in the mode of " GET ", server address is " dlsw.baidu.com ", "/sw-search-sp/gaosu/2014_03_13_16/bind1/12350/ " is a relative address, the file of representative storage downloaded resources." QQ2013SP6.2288047051.exe " is exactly the concrete resource name that user downloads, and this is the executable program file of a QQ.
Step 2: the downloaded resources link in identification described request message.
In step 2, network Flow Control equipment B will be identified sending the request message coming to.During concrete identification, a feature database is set in network Flow Control equipment B, in this feature database, comprises a plurality of features.By the downloaded resources in the feature identification described request message in feature database, link.Feature is that the analysis by the downloaded resources request message to different application, can obtain individual features information for identifying the information of downloaded resources.Different application characteristic of correspondence is different.For example QQ, a sudden peal of thunder have just adopted different characteristic informations to represent that message belongs to download connection request message.
In practice, on the basis of condition code identification, can also add DPI identification, thereby realize the flow identification of application.DPI is identified in this place and does not do too much statement.
Take HTTP request message as example, for example, in feature database, have a following feature:
Name:baidu_xiaba:
Signature-1:BigEndian:4:String:”.exe”
Signature-1:BigEndian:20:String:”Host:dlsw.baidu.com”
In above-mentioned feature, baidu_xiaba representative feature title; Field Signature-1:BigEndian:4:String: " .exe " the representative search character string " .exe " that bag (1), large syllable sequence (BigEndian) length are 4 entirely; Field Signature-1:BigEndian:20:String: " Host:dlsw.baidu.com " character string " Host:dlsw.baidu.com " that the full bag of representative search (1), large syllable sequence (BigEndian) length are 20, before two Signature, be " and " relation.The words that the flow that enters into network Flow Control equipment B meets above-mentioned feature will be thought and identified downloaded resources link.HTTP request message and above-mentioned feature in step 2 contrast, and meet condition for identification completely, so connection can be identified as downloaded resources link.
In order to make rear end equipment know flowing through whether flow is downloaded resources link, after identifying downloaded resources link, also need on stream information, stamp respective identification ID.Whether be download link to mark by sign ID if can indicate, when different sign ID being set for different characteristic, can also distinguish the download link of different application.
If step 2 has identified downloaded resources link, can skip to step 3, otherwise continue subsequent request message to identify.
Step 3: resolve HTTP request message, extract downloaded resources title, further, can also extract downloaded resources type.
Particularly, when network Flow Control equipment B, successfully identify HTTP request message and belong to downloaded resources when link, extract downloaded resources metamessage, wherein extracting downloaded resources metamessage comprises and extracts the title of downloaded resources and the type of downloaded resources, for different download requests, have the logic of different extraction metamessages, such as sudden peal of thunder download has the metamessage extraction logic that a sudden peal of thunder is corresponding, under Baidu, have metamessage extraction logic corresponding under Baidu.
Take under Baidu is example, and the logic of extracting metamessage is:
For common HTTP, download, the method for extracting metamessage can be simpler a little.When download is connected to step 2 and has identified, just can get the type of downloaded resources, because its matching characteristic " Signature-1:BigEndian:4:String: " .exe " " wherein " .exe " be exactly the type of resource.For common HTTP, download, can be with the file of downloaded resources and the file name of downloaded resources "/sw-search-sp/gaosu/2014_03_13_16/bind1/12350/QQ2013SP6.2 288047051.exe " according to processing logic after its request mode, first can find from back to front last "/", be filename " QQ2013SP6.2288047051.exe " after last "/".
The present invention is by signing request message is resolved in signature storehouse, and signature is resolved readable high, be easy to reader understanding, and resolution speed is fast, is convenient to Quick and takes out the resource name information needing.The present embodiment has designed a set of signature basic format, specific as follows:
:signame?signature_name
:mapid?ID
: type: " filename " start=" * * * (corresponding start field) " end=" (corresponding trailer field) "
In above-mentioned signature, the title of field signature_name by procuration.This title can self-defining.In field ": mapid ID ", ID is a mark value, connects the mark value in corresponding its feature database for the downloaded resources of mark application.When download resource link is identified as this mark value, this signature will be resolved the request message of this link.Field type: the type in " filename " start=" * * * * (corresponding start field) " end=" (corresponding trailer field) ": downloaded resources title is extracted in " filename " representative; Field start=" * * * * (corresponding start field) " end=" (corresponding trailer field) " representative starts with certain field (* * * *), with certain field (* * *), finishes, and the information of middle intercepting is downloaded resources title.Still take "/sw-search-sp/gaosu/2014_03_13_16/bind1/12350/QQ2013SP6.2 288047051.exe " be example, type field should be written as type: " filename " start="/" end=" .exe/r/n ".Wherein ,/r/n represents carriage-return character, or replaces with 0d0a.
Above-mentioned flow process has completed the extraction of downloaded resources title.
From network traffics, extract after downloaded resources title, rear end equipment just can utilize downloaded resources title to carry out management and the control of network traffics.For example, by the information of extracting, with the formal output of daily record in the interface of network fluidic device, or take and download resource name and carry out download statistics as granularity, or can be according to downloaded resources type and the downloaded resources title extracted, link is carried out to corresponding management and control measure, for example the resource of some keyword does not allow to download, or the resource of certain type does not allow download etc.
Fig. 3 is the identification equipment structure chart of embodiment of the present invention downloaded resources.Shown in the figure of institute, this equipment comprises receiving element, recognition unit and resolution unit.
Receiving element, for receiving request message.When user clicks certain download link by client, client can send request message to downloading Resource Server by network fluidic device, now, the receiving element in this downloaded resources identification equipment receives the link information of relevant downloaded resources in request message.
Recognition unit, for identifying the downloaded resources link of this request message.
The downloaded resources of the request message that particularly, recognition unit is received by receiving element by the feature identification in feature database links.The corresponding sign ID of each feature in feature database, to comprising the request message mark respective identification ID of downloaded resources link, for indicating and difference download link.
Resolution unit, for analysis request message, extracts downloaded resources title, and further extracts downloaded resources type.
Particularly, when recognition unit is successfully identified downloaded resources when link of request message, by resolution unit by specific resolution logic, resolve this request message, extraction downloaded resources title and type.
Identification equipment extracts after downloaded resources title from network traffics, and the network flow management unit of rear end just can utilize downloaded resources title to carry out management and the control of network traffics.
In sum, these are only preferred embodiment of the present invention, be not intended to limit protection scope of the present invention.Within the spirit and principles in the present invention all, any modification of doing, be equal to replacement, improvement etc., within all should being included in protection scope of the present invention.
Claims (10)
1. the network flow identification method based on downloaded resources title, is characterized in that: comprise the following steps: receive request message; Downloaded resources link in identification described request message; If identified successfully, resolve described request message, extract downloaded resources title.
2. method according to claim 1, is characterized in that: the step of the downloaded resources link in described identification described request message comprises: by linking for characterizing the downloaded resources of the feature identification described request message of downloaded resources in feature database.
3. method according to claim 2, is characterized in that: the corresponding sign ID of each feature in described feature database, to downloaded resources, link identifies the mark of ID, for indicating and distinguish download link.
4. method according to claim 1, is characterized in that: described parsing described request message, the step of extracting downloaded resources title comprises: by the signature in signature storehouse, resolve described request message, extract downloaded resources title.
5. the network traffics identification equipment based on downloaded resources title, is characterized in that: comprising: receiving element, for receiving request message; Recognition unit, for identifying the downloaded resources link of described request message; Resolution unit, identifies for successfully resolved the request message that downloaded resources links, and therefrom extracts downloaded resources title.
6. equipment according to claim 5, is characterized in that: described recognition unit is by linking for characterizing the downloaded resources of the feature identification described request message of downloaded resources in feature database.
7. equipment according to claim 6, is characterized in that: the corresponding sign ID of each feature in described feature database, the request message mark respective identification ID linking comprising downloaded resources, for indicating and difference download link.
8. equipment according to claim 5, is characterized in that: described resolution unit is resolved described request message by the signature in signature storehouse, extracts downloaded resources title.
9. the network traffics management-control method based on downloaded resources title, it is characterized in that: the network flow identification method described in employing claim 1 to 4 any one extracts downloaded resources title from network traffics, according to the downloaded resources title of extracting, carries out management and the control of network traffics.
10. the network traffics management and control devices based on downloaded resources title, is characterized in that: comprise network traffics recognition unit and network flow management unit;
Network traffics recognition unit adopts the network traffics identification equipment described in claim 5 to 8 any one from network traffics, to extract downloaded resources title;
The downloaded resources title that network flow management unit by using network traffics recognition unit extracts is carried out management and the control of network traffics.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410257677.3A CN104079493A (en) | 2014-06-11 | 2014-06-11 | Flow recognition method and equipment and management and control method and equipment based on names of downloaded resources |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410257677.3A CN104079493A (en) | 2014-06-11 | 2014-06-11 | Flow recognition method and equipment and management and control method and equipment based on names of downloaded resources |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN104079493A true CN104079493A (en) | 2014-10-01 |
Family
ID=51600545
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201410257677.3A Pending CN104079493A (en) | 2014-06-11 | 2014-06-11 | Flow recognition method and equipment and management and control method and equipment based on names of downloaded resources |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN104079493A (en) |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105100246A (en) * | 2015-07-30 | 2015-11-25 | 北京慧点科技有限公司 | Network flow management and control method based on downloaded resource name |
| CN106878074A (en) * | 2017-02-17 | 2017-06-20 | 杭州迪普科技股份有限公司 | Traffic filtering method and device |
| CN109150742A (en) * | 2018-08-13 | 2019-01-04 | 南京中新赛克科技有限责任公司 | A kind of flow screening system and its method based on network processing unit |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| EP2288151A1 (en) * | 2008-05-21 | 2011-02-23 | Huawei Technologies Co., Ltd. | Methods and apparatuses for generating channel information, access controlling and delivering and iptv system |
| CN102325270A (en) * | 2011-09-13 | 2012-01-18 | 北京网康科技有限公司 | Network video identification method and network video identification device thereof |
| CN102333122A (en) * | 2011-09-28 | 2012-01-25 | 奇智软件(北京)有限公司 | Downloaded resource provision method, device and system |
| CN103209170A (en) * | 2013-03-04 | 2013-07-17 | 汉柏科技有限公司 | File type identification method and identification system |
-
2014
- 2014-06-11 CN CN201410257677.3A patent/CN104079493A/en active Pending
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| EP2288151A1 (en) * | 2008-05-21 | 2011-02-23 | Huawei Technologies Co., Ltd. | Methods and apparatuses for generating channel information, access controlling and delivering and iptv system |
| CN102325270A (en) * | 2011-09-13 | 2012-01-18 | 北京网康科技有限公司 | Network video identification method and network video identification device thereof |
| CN102333122A (en) * | 2011-09-28 | 2012-01-25 | 奇智软件(北京)有限公司 | Downloaded resource provision method, device and system |
| CN103209170A (en) * | 2013-03-04 | 2013-07-17 | 汉柏科技有限公司 | File type identification method and identification system |
Cited By (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105100246A (en) * | 2015-07-30 | 2015-11-25 | 北京慧点科技有限公司 | Network flow management and control method based on downloaded resource name |
| CN106878074A (en) * | 2017-02-17 | 2017-06-20 | 杭州迪普科技股份有限公司 | Traffic filtering method and device |
| CN106878074B (en) * | 2017-02-17 | 2020-09-08 | 杭州迪普科技股份有限公司 | Flow filtering method and device |
| CN109150742A (en) * | 2018-08-13 | 2019-01-04 | 南京中新赛克科技有限责任公司 | A kind of flow screening system and its method based on network processing unit |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US10795992B2 (en) | Self-adaptive application programming interface level security monitoring | |
| CN112468520B (en) | Data detection method, device and equipment and readable storage medium | |
| EP3144839A1 (en) | Detection device, detection method and detection program | |
| CN110708215A (en) | Deep packet inspection rule base generation method and device, network equipment and storage medium | |
| US9197523B2 (en) | Systems and methods for extracting media from network traffic having unknown protocols | |
| CN107528818B (en) | Data processing method and device for media file | |
| JP2009017298A (en) | Data analysis apparatus | |
| CN102316087A (en) | The detection method that network application is attacked | |
| CN102724317A (en) | Network data flow classification method and device | |
| CN102739457A (en) | Network flow recognition system and method based on DPI (Deep Packet Inspection) and SVM (Support Vector Machine) technology | |
| KR102461022B1 (en) | Method and Apparatus for Analysis of Log Data | |
| CN109151880A (en) | Mobile application flow identification method based on multilayer classifier | |
| CN105100246A (en) | Network flow management and control method based on downloaded resource name | |
| CN103036910B (en) | A kind of user's web access Behavior-Based control method and device | |
| CN108234345A (en) | A kind of traffic characteristic recognition methods of terminal network application, device and system | |
| CN101360090B (en) | Application protocol recognition method | |
| CN104079493A (en) | Flow recognition method and equipment and management and control method and equipment based on names of downloaded resources | |
| CN108933781A (en) | Method, apparatus and computer readable storage medium for processing character string | |
| CN104901897A (en) | Determination method and device of application type | |
| WO2016201876A1 (en) | Service identification method and device for encrypted traffic, and computer storage medium | |
| CN102984242A (en) | Automatic identification method and device of application protocols | |
| CN106330768B (en) | A kind of application and identification method based on cloud computing | |
| CN104079450A (en) | Method and device for generating characteristic pattern set | |
| CN111224891A (en) | Traffic application identification system and method based on dynamic learning triples | |
| Su et al. | Mobile traffic identification based on application's network signature |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| WD01 | Invention patent application deemed withdrawn after publication |
Application publication date: 20141001 |
|
| WD01 | Invention patent application deemed withdrawn after publication |