CN104243521B - A kind of method that P2P Network Recognitions are carried out using deep packet inspection technical - Google Patents
A kind of method that P2P Network Recognitions are carried out using deep packet inspection technical Download PDFInfo
- Publication number
- CN104243521B CN104243521B CN201310243431.6A CN201310243431A CN104243521B CN 104243521 B CN104243521 B CN 104243521B CN 201310243431 A CN201310243431 A CN 201310243431A CN 104243521 B CN104243521 B CN 104243521B
- Authority
- CN
- China
- Prior art keywords
- value range
- main frame
- network
- message
- hosts
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Abstract
A kind of method that P2P Network Recognitions are carried out using DPI technologies, first determines whether the topological value range of network to be identified, is judged using DPI technologies if more than first threshold, otherwise then judges the ratio of the inputoutput data amount in certain hour.By application above technology, enable to more accurately and fast be identified result in flow is recognized, and be also greatly optimized on identification process, easier can be realized in existing equipment.
Description
Technical field
The present invention relates to communication technical field, more particularly to a kind of method of deep-packet detection.
Background technology
With continuing to develop for the new network application for being based on P2P (peer to peer) discharge model in recent years, network
The depletion rate of bandwidth resources is constantly accelerated, and online traditional business also receives increasing impact and influence.P2P is in itself
A kind of good technology, there is wide prospect of the application, but P2P is also a kind of very strong technology of lethality simultaneously.At present, it is based on
The downloading service of the application of P2P mostly bandwidth exhaustion type so that rich access originally, convergence and backbone bandwidth resource are consumed
Totally, network link is often in full load condition, cause network service quality deteriorate (packet loss, when extend to shake and increase greatly
Plus), make the part voice higher to end-to-end QoS (quality of service) requirement, video, the development of game class business
It is greatly affected, while having tied up the bandwidth resources of conventional internet application.How such value traffic stream is effectively controlled
The erosion to bandwidth is measured, the present situation of backbone network non-profit with the increased production is solved, is a realistic problem of the pendulum in face of operator.
Deep-packet detection(DPI)Technology is a kind of flow detection and control technology based on application layer, when IP packets,
When TCP or UDP message stream are by bandwidth management system based on DPI technologies, the system is by deeply reading the interior of IP payload packages
Hold and the application layer message in the layer protocols of OSI seven recombinated, so as to obtain the content of whole application program, then according to being
The management strategy for defining of uniting carries out shaping operation to flow.Deep-packet detection method is namely based on this principle, various by detecting
The fixed character word that P2P application protocols are used recognizes various P2P application.
Following benefit can be brought using DPI technologies:
A) Detection accuracy is higher than the method based on port and flow rate mode, and the change of port does not interfere with verification and measurement ratio.
B) most popular P2P applications can be detected.
C) it is adapted to the accurate detection of flow.
Inventor has found that prior art at least has the disadvantage that when actually used DPI technologies are realized:
A) None- identified is emerging, encrypted P2P application, it may appear that fail to judge.
B) protocal analysis and feature search needs to put into a large amount of manpowers and time.
C) it is difficult to obtain the feature of cryptographic protocol.
D) selection of feature has a significant impact to detection performance.
E) system detectio module need to aperiodically be upgraded.
F) check that the content of application layer is related to the problem of privacy.
G) the disposal ability requirement to testing equipment is higher.
The content of the invention
The invention provides a kind of method that P2P Network Recognitions are carried out using DPI technologies, including:
Step 202, network to be identified is measured, obtain the topological value range of the main frame of the participation network, this is opened up
Flutter the maximum topology distance that value range is the main frame for participating in data interaction in the network;
Step 204, whether the topological value range is judged more than default first threshold, if so, then enter step 206, if
It is no, then into step 210;
Main frame in step 206, the network to be identified receives message, and DPI treatment is carried out to message, scans text therein
This, carries out pattern match, using the state machine being made up of regular expression, in the content and state machine in the text that will be received
Pattern compare, it is determined that the pattern of the message for receiving;
If step 208, identifying the message for P2P messages, the network is reported for P2P networks, into step 214;If
Non- P2P messages are not reported then, into step 214;
The input data amount and output data quantity of step 210, statistics a period of time interior main frame, obtain the input data amount
With the ratio of output data quantity;
If step 212, the ratio are less than Second Threshold, into step 206;It is P2P nets not report the network otherwise
Network, into step 214;
Step 214, flow end of identification.
The size of network range largely designates the characteristic of procotol.In the present invention, by first determining whether net
Network scope, then targetedly known otherwise, effectively distinguish the flow RM under different situations.Also,
The state machine being made up of regular expression realizes the treatment of DPI, accurately obtains result.By application above skill
Art, enables to more accurately and fast be identified result in flow is recognized, and also significantly excellent on identification process
Change, easier can be realized in existing equipment.
Brief description of the drawings
Technical scheme in order to illustrate more clearly the embodiments of the present invention, below will be to embodiment or description of the prior art
Needed for the accompanying drawing to be used be briefly described, it should be apparent that, drawings in the following description are only more of the invention
Embodiment.For those of ordinary skill in the art, on the premise of not paying creative work, can also be attached according to these
Figure obtains other accompanying drawings.
Fig. 1 is the flow chart of the embodiment of the present invention one.
Fig. 2 is the flow chart of the embodiment of the present invention two.
Specific embodiment
To make the objects, technical solutions and advantages of the present invention become more apparent, below will be by specific embodiment and phase
Accompanying drawing is closed, the present invention is described in further detail.
Embodiment one
The embodiment of the present invention one provides a kind of method that P2P Network Recognitions are carried out using DPI technologies, including:
Step 202, network to be identified is measured, obtain the topological value range of the main frame of the participation network, this is opened up
Flutter the maximum topology distance that value range is the main frame for participating in data interaction in the network;
Step 204, whether the topological value range is judged more than default first threshold, if so, then enter step 206, if
It is no, then into step 210;
Main frame in step 206, the network to be identified receives message, and DPI treatment is carried out to message, scans text therein
This, carries out pattern match, using the state machine being made up of regular expression, in the content and state machine in the text that will be received
Pattern compare, it is determined that the pattern of the message for receiving;
If step 208, identifying the message for P2P messages, the network is reported for P2P networks, into step 214;If
Non- P2P messages are not reported then, into step 214;
The input data amount and output data quantity of step 210, statistics a period of time interior main frame, obtain the input data amount
With the ratio of output data quantity;
If step 212, the ratio are less than Second Threshold, into step 206;It is P2P nets not report the network otherwise
Network, into step 214;
Step 214, flow end of identification.
Embodiment two
Topological value range is measured in embodiment one to be specially:
Step 2021, with any one main frame as starting point, the main frame value range is indicated for 0, with the main frame as current hosts;
Step 2022, the value range for obtaining current hosts, if other do not indicate that the main frame of value range sends data to currently
Main frame, then indicate the value range of the main frame for current hosts value range subtracts one;If other do not indicate the main frame of value range from current
Host receiving data, then indicate the value range of the main frame for current hosts value range plus one;
Step 2023, jump to arbitrarily and have annexation with current hosts and indicated the main frame of value range, with the main frame
It is current hosts, repeat step 2022, untill All hosts indicate value range;
Step 2024, the value range that value range maximum in All hosts is subtracted minimum, the difference of gained are described opening up
Flutter value range.
One of ordinary skill in the art will appreciate that all or part of flow in realizing above-described embodiment method, can be
The hardware of correlation is instructed to complete by mainframe program, described program can be stored in a main frame read/write memory medium,
The program is upon execution, it may include such as the flow of the embodiment of above-mentioned each method.Wherein, described storage medium can for magnetic disc,
CD, read-only memory (Read-Only Memory, ROM) or random access memory (Random Access
Memory, RAM) etc..
The object, technical solutions and advantages of the present invention are further described by above-listed preferred embodiment, are answered
Understand, the foregoing is only presently preferred embodiments of the present invention, be not intended to limit the invention, it is all in essence of the invention
Within god and principle, any modification, equivalent substitution and improvements made etc. should be included within the scope of the present invention.
Claims (2)
1. a kind of method that P2P Network Recognitions are carried out using DPI technologies, including:
Step 202, network to be identified is measured, the topological value range of the main frame for obtaining participating in the network, the topological scope
It is worth to participate in the maximum topology distance of the main frame of data interaction in the network;
Step 204, whether the topological value range is judged more than default first threshold, if so, then enter step 206, if it is not, then
Into step 210;
Main frame in step 206, the network to be identified receives message, and DPI treatment is carried out to message, scans text therein,
Pattern match is carried out, using the state machine being made up of regular expression, in the content and state machine in the text that will be received
Pattern compares, it is determined that the pattern of the message for receiving;
If step 208, identifying the message for P2P messages, the network is reported for P2P networks, into step 214;If not P2P
Message is not reported then, into step 214;
Step 210, in statistics a period of time main frame input data amount and output data quantity, obtain the input data amount and defeated
Go out the ratio of data volume;
If step 212, the ratio are less than Second Threshold, into step 206;Otherwise, the network is not reported for P2P networks,
Into step 214;
Step 214, flow end of identification.
2. method according to claim 1, it is characterised in that described to obtain topological value range and be specially:
Step 2021, with any one main frame as starting point, the main frame value range is indicated for 0, with the main frame as current hosts;
Step 2022, the value range for obtaining current hosts, if other do not indicate that the main frame of value range sends data to current hosts,
Then indicate the value range of the main frame for current hosts value range subtracts one;If other do not indicate that the main frame of value range connects from current hosts
Data are received, then indicates the value range of the main frame for current hosts value range plus one;
Step 2023, jump to arbitrarily and have annexation with current hosts and indicated the main frame of value range, be to work as with the main frame
Preceding main frame, repeat step 2022, untill All hosts indicate value range;
Step 2024, the value range that value range maximum in All hosts is subtracted minimum, the difference of gained are the topological model
Enclose value.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201310243431.6A CN104243521B (en) | 2013-06-19 | 2013-06-19 | A kind of method that P2P Network Recognitions are carried out using deep packet inspection technical |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201310243431.6A CN104243521B (en) | 2013-06-19 | 2013-06-19 | A kind of method that P2P Network Recognitions are carried out using deep packet inspection technical |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN104243521A CN104243521A (en) | 2014-12-24 |
| CN104243521B true CN104243521B (en) | 2017-06-09 |
Family
ID=52230867
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201310243431.6A Active CN104243521B (en) | 2013-06-19 | 2013-06-19 | A kind of method that P2P Network Recognitions are carried out using deep packet inspection technical |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN104243521B (en) |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1997007A (en) * | 2006-09-30 | 2007-07-11 | 华为技术有限公司 | A system, method and device for service sensing |
| CN101383829A (en) * | 2008-10-17 | 2009-03-11 | 杭州华三通信技术有限公司 | Stream recognition method and bandwidth management device |
| CN101577644A (en) * | 2009-06-16 | 2009-11-11 | 华中师范大学 | Peer-to-peer network application traffic identification method |
| EP2262172A1 (en) * | 2009-06-10 | 2010-12-15 | Alcatel Lucent | Method and scout agent for building a source database |
| CN102333012A (en) * | 2011-10-17 | 2012-01-25 | 苏州迈科网络安全技术股份有限公司 | Method and device for detecting peer-to-peer (P2P) flow |
-
2013
- 2013-06-19 CN CN201310243431.6A patent/CN104243521B/en active Active
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1997007A (en) * | 2006-09-30 | 2007-07-11 | 华为技术有限公司 | A system, method and device for service sensing |
| CN101383829A (en) * | 2008-10-17 | 2009-03-11 | 杭州华三通信技术有限公司 | Stream recognition method and bandwidth management device |
| EP2262172A1 (en) * | 2009-06-10 | 2010-12-15 | Alcatel Lucent | Method and scout agent for building a source database |
| CN101577644A (en) * | 2009-06-16 | 2009-11-11 | 华中师范大学 | Peer-to-peer network application traffic identification method |
| CN102333012A (en) * | 2011-10-17 | 2012-01-25 | 苏州迈科网络安全技术股份有限公司 | Method and device for detecting peer-to-peer (P2P) flow |
Also Published As
| Publication number | Publication date |
|---|---|
| CN104243521A (en) | 2014-12-24 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN110225417B (en) | Data processing method and server, and method and server for detecting stuck state | |
| EP2434689B1 (en) | Method and apparatus for detecting message | |
| CN103905261B (en) | Protocol characteristic storehouse online updating method and system | |
| CN104243225B (en) | A kind of method for recognizing flux based on deep-packet detection | |
| CN101547207A (en) | Protocol identification control method and equipment based on application behavior mode | |
| CN100553206C (en) | Internet, applications method for recognizing flux based on packet sampling and application signature | |
| CN108616756A (en) | The detection method and device of video traffic, storage medium, electronic device | |
| CN107612890B (en) | Network monitoring method and system | |
| CN114009089A (en) | Estimating quality metrics for delay sensitive traffic flows in a communication network | |
| JP2009232300A (en) | Congestion detecting method, congestion detection device, and congestion detection program | |
| JPWO2020022444A1 (en) | Fraud detection method and fraud detection device | |
| CN104253712B (en) | A kind of method that P2P Network Recognitions are carried out using deep packet inspection technical | |
| CN113542123A (en) | Method and device for determining forwarding path | |
| CN104158823B (en) | Simulation method oriented to LDoS (Low-rate Denial of Service) and LDDoS (Low-rate Distributed Denial of Service) | |
| CN106131153B (en) | Business recognition method and device based on intelligent gateway | |
| CN107465533A (en) | Method for releasing resource and device in business function chain | |
| CN109474623B (en) | Network security protection and parameter determination method, device, equipment and medium thereof | |
| CN105245551A (en) | Application identification method based on DNS and packet length combination | |
| CN105763463B (en) | Method and device for transmitting link detection message | |
| CN104243521B (en) | A kind of method that P2P Network Recognitions are carried out using deep packet inspection technical | |
| CN103152794A (en) | Service access method and access controller | |
| CN103248528A (en) | Network flow detecting method based on ant colony optimization and layered DPI (deep packet inspection) | |
| Kampitaki et al. | Evaluating selfishness impact on MANETs | |
| CN101854366A (en) | Peer-to-peer network flow-rate identification method and device | |
| CN110138682A (en) | A kind of method for recognizing flux and device |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant | ||
| CP02 | Change in the address of a patent holder |
Address after: 100094, Beijing, Haidian District, Zhongguancun software park on the two phase of Building No. 15 Zhongxing 3A Patentee after: BEIJING SAPLING TECHNOLOGY CO., LTD. Address before: 100084 No. 2 building, No. 1, Nongda South Road, Beijing, Haidian District, B-604 Patentee before: BEIJING SAPLING TECHNOLOGY CO., LTD. |