CN105162626A - Network traffic depth identification system and method based on many-core processor - Google Patents
Network traffic depth identification system and method based on many-core processor Download PDFInfo
- Publication number
- CN105162626A CN105162626A CN201510514488.4A CN201510514488A CN105162626A CN 105162626 A CN105162626 A CN 105162626A CN 201510514488 A CN201510514488 A CN 201510514488A CN 105162626 A CN105162626 A CN 105162626A
- Authority
- CN
- China
- Prior art keywords
- rule
- module
- protocol
- fields
- data
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Landscapes
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention discloses a network traffic depth identification system based on a many-core processor and a corresponding identification method. The identification method comprises: firstly, establishing a semantic-based rule base by use of a semantic-based rule module, analyzing rules in the rule base by use of a rule analysis module and then generating a hierarchy match tree by use of a hierarchy match tree module; obtaining original network data by virtue of a receiving module and orderly performing IP fragment recombination processing and TCP recombination processing to obtain transport layer data; identifying the type of a protocol used by the transport layer data at an application layer according to a protocol specification regular expression defined by a protocol specification module and then performing structuring processing on the application layer data by virtue of a structured protocol data module; and finally, performing rule matching on the structured application layer data according to the hierarchy match tree by virtue of a matching engine module, sending a successful matching result to a user behavior statistical module for statistics, and then completing the network traffic depth identification.
Description
Technical field
The invention belongs to network flow management technical field, relate to a kind of network traffics depth recognition system based on many-core processor, also relate to the recognition methods using above-mentioned recognition system network traffics to be carried out to depth recognition.
Background technology
At present, the management of each macroreticular operator to network traffics is only limitted to extensive management.Many operators still rest on the basis of employing SNMP technology to the management of own net, consideration to own net device load-bearing capability is only limitted to the supervision of network traffics, and for content concrete in network traffics, the user behavior information comprised in flow is not effectively monitored and is utilized.
Use is in the past based on the technology of the method monitoring traffic in network of port, although use fast, simply, but along with exhausting of IPv4 address, the conversion of IP address and port is more and more frequent, adopt the arbitrariness of port when adding application designer design ap-plication, this technology has become more and more unreliable; And this technology finally only recognizes transport layer data, user behavior information can not be obtained further according to application layer data.Adopt the technology of the method monitoring flow of machine learning, for obscure and flow after encrypting time effective especially.But the monitoring of this technology to flow to depend on application-specific produce the feature of flow, and need through long-term observation to the extraction of traffic characteristic, just can find out the difference between different flow.
At present the most reliable technology is a kind of traffic classification method based on flow load, by character string relevant to application in recognition network packet or perform more complicated syntactic match and identify application.It can disclosed data by what allow in those scopes of law in Sampling network packet, effectively supervise network traffics.Modern technology makes the encryption to network packet, the obscuring and encapsulate that all to become very easy of agreement, but due to the computing cost of costliness under high bandwidth, makes traditional platform cannot process in real time the network traffics under high bandwidth.This is current the most direct the faced problem of traffic classification technology based on load.
Summary of the invention
The object of this invention is to provide a kind of network traffics depth recognition system based on many-core processor, the platform of many-core processor adopts a kind of traffic classification technology based on load, not only solve legacy network flux recognition system can only analyze flow protocol type, can not obtain the problem of detailed user behavioural information, also solving legacy network flux recognition system cannot the problem of real-time online process high-speed network flow.
Another object of the present invention is to provide a kind of recognition methods of the network traffics depth recognition system based on many-core processor.
A technical scheme of the present invention is, a kind of network traffics depth recognition system based on many-core processor, comprises the receiver module obtaining raw network data and the rule module based on semanteme storing the matched rule based on semanteme; Receiver module is connected with the protocol specification module of the protocol type used in application layer according to self-defining regular expression identification transport layer data, and protocol specification model calling has the structural data module of application layer data being carried out to structuring process; Rule module based on semanteme be connected with can according to the specific format of matched rule word for word section parse the rule parsing module of the content of each field, rule parsing model calling have by resolve generate rule multilevel matching tree multilevel matching tree module; Structural data module and multilevel matching tree module all with can carry out data and be connected with the matching engine module of matching regular expressions, matching engine module is also connected with the user behavior statistical module storing the result that the match is successful.
The present invention also has following characteristics:
(1) be kept in rule file according to the form of every bar matched rule a line to be formed based on the rule base in the rule module of semanteme; Matched rule is combined by service fields and identification field;
Have four fields in service fields: Apply Names, application behavior, operating system and agency, four fields are spaced from each other by " " symbol; Apply Names and applying row are defined by concrete user behavior, and operating system and agency are determined by procotol, for the operating system that cannot determine or agency, use All to represent arbitrary operating system or agency; The concrete form of service fields is: Apply Names application behavior operating system is acted on behalf of;
Three fields are had: the regular expression of what protocol domain of agreement, protocol domain, is spaced from each other by " | " symbol in identification field; Add that the concrete form after manner of decryption Decode is: [agreement: protocol domain 1, protocol domain 2, protocol domain 3] | [Decode] | [expression formula 1, expression formula 2, expression formula 3].
Another technical solution used in the present invention is, uses above-mentioned recognition system to carry out the recognition methods of depth recognition to network traffics, comprises the following steps:
Step 1, rule parsing
Set up the rule base based on semanteme by the rule module based on semanteme, then by rule parsing module, the rule in rule base is resolved, then generate level Match Tree;
Step 2, receives flow
Receiver module obtains raw network data, and carries out ip fragmentation restructuring process and TCP restructuring process successively to raw network data, obtains transport layer data;
Step 3, multi-protocol analysis
Identify according to the protocol specification regular expression of protocol specification module definition the protocol type that transport layer data uses in application layer, then according to the protocol type judging to obtain, by structuring protocol data module, structuring process is carried out to application layer data;
Step 4, matching engine
Matching engine module carries out rule match according to multilevel matching tree to structurized application layer data, gives user behavior statistical module and adds up, complete network traffics depth recognition by the result that the match is successful.
The present invention also has following characteristics:
(1) in step 1 based on the method for building up of the rule base of semanteme be:
1) service fields and the identification field of matched rule is defined respectively:
Four fields in definition service fields: Apply Names, application behavior, operating system and agency, use " " symbol above four fields to be separated; Apply Names and applying row are determined by concrete user behavior, and operating system and agency are determined by procotol, for the operating system that cannot determine or agency, use All to represent arbitrary operating system or agency; The concrete form of service fields is: Apply Names application behavior operating system is acted on behalf of;
Three fields in definition identification field: the regular expression of what protocol domain of agreement, protocol domain, be spaced from each other by " | " symbol, add that the concrete form after manner of decryption Decode is: [agreement: protocol domain 1, protocol domain 2, protocol domain 3] | [Decode] | [expression formula 1, expression formula 2, expression formula 3];
2) by service fields and identification field combination, and use " | " symbol to separate, be kept in rule file according to the form of every bar matched rule a line, formation rule storehouse.
(2) resolve to comprise to the rule in rule base in step 1 and the service fields of rule to be resolved and identification field is resolved: in service fields, each business son field is by separating, obtain value corresponding to corresponding service son field by successively separating character string; In identification field each recognin field by | separate, obtain the value of corresponding recognin field by successively separating character string.
(3) generating level Match Tree concrete grammar in step 1 is: the whole rule set after resolving is divided into multiple subset according to protocol domain, each subset builds an adaptation, the next adaptation that may enter after having mated according to previous adaptation, carrys out create-rule multilevel matching tree.
Can also simplify above multilevel matching tree further, the rule do not matched with it be extracted separately, the regular level Match Tree after simplifying can be obtained in each protocol domain field.
The invention has the beneficial effects as follows: the network traffics depth recognition system based on many-core processor of the present invention can not only identify application layer traffic protocol type, detailed user behavioural information, also meet the real-time online disposal ability to high-speed network flow.Recognition system of the present invention can be applicable to various many-core processor, all can realize the object of network traffics being carried out to depth recognition.
Accompanying drawing explanation
Fig. 1 is the structural representation of the network traffics depth recognition system that the present invention is based on many-core processor;
Fig. 2 is the method flow diagram of recognition methods of the present invention;
Fig. 3 is the flow chart of the network traffics depth recognition of the embodiment of the present invention;
Fig. 4 is schematic diagram rule set being divided into multiple subset of the embodiment of the present invention;
Fig. 5 is the multilevel matching tree of the embodiment of the present invention;
Fig. 6 is the multilevel matching tree after the embodiment of the present invention is simplified;
Fig. 7 is that embodiment of the present invention application layer data carries out structurized result schematic diagram.
In figure, 1. receiver module, 2. protocol specification module, 3. structural data module, 4. based on the rule module of semanteme, 5. rule parsing module, 6. multilevel matching tree module, 7. matching engine module, 8. user behavior statistical module.
Embodiment
Below in conjunction with the drawings and specific embodiments, the present invention is described in further detail.
The invention provides a kind of network traffics depth recognition system based on many-core processor, comprise receiver module 1 and the rule module 4 based on semanteme; Receiver module 1 is connected with protocol specification module 2 and structural data module 3 in turn; Rule module 4 based on semanteme is connected with rule parsing module 5 and multilevel matching tree module 6 in turn, structural data module 3 is all connected with matching engine module 7 with multilevel matching tree module 6, matching engine module 7 is also connected with user behavior statistical module 8, and the annexation of each module is shown in Fig. 1.
Receiver module 1 obtains raw network data, and carries out ip fragmentation restructuring process and TCP restructuring process to packet, obtains transport layer data.
Protocol specification module 2 definition has the regular expression of various protocols specification, the protocol type that the packet identifying application layer data according to regular expression uses in application layer.
Structuring protocol data module 3 carries out structuring process according to the data format of this protocol type that the protocol type identified and RFC define to application layer data.
Matching engine module 7 carries out matching regular expressions according to the multilevel matching tree of multilevel matching tree CMOS macro cell to the application layer data after structure, concrete coupling flow process be for structuring after application layer data, perform regular expression pattern matching with regular expression corresponding to protocol domain in multilevel matching tree respectively.
Rule module 4 based on semanteme is the storehouse of depositing matched rule according to certain format, is divided into two parts, and a part is the service fields of rule; Another part is the identification field of rule.
(1) service fields
There are four fields in service fields: Apply Names, application behavior, operating system and agency, use " " symbol above four fields to be separated.Apply Names and application behavior use concrete definition, and operating system and agency are determined by corresponding agreement, for the operating system that cannot determine or agency, use All to represent arbitrary operating system or agency; The concrete form of service fields is:
Apply Names application behavior operating system is acted on behalf of
(2) identification field
Identification field comprises regular expression three fields of agreement, protocol domain, protocol domain, adds that the concrete form after manner of decryption Decode is:
[agreement: protocol domain 1, protocol domain 2, protocol domain 3] | [Decode] | [expression formula 1, expression formula 2, expression formula 3]
By service fields and identification field combination, and use " | " to separate, obtain the rule defined, every for this rule bar a line, be kept at formation rule storehouse in a rule file.
The matched rule of individual data bag is defined as follows:
Apply Names application behavior operating system is acted on behalf of | and [agreement: protocol domain 1, protocol domain 2, protocol domain 3] | [Decode] | [expression formula 1, expression formula 2, expression formula 3]
The matched rule of multiple packet is defined as follows:
Apply Names application behavior operating system is acted on behalf of | [agreement 1: protocol domain 11, protocol domain 12, protocol domain 13] [agreement 2: protocol domain 21, protocol domain 22, protocol domain 23] ... | [Decode1] [Decode2] ... | [expression formula 11, expression formula 12, expression formula 13] [expression formula 21, expression formula 22, expression formula 23]
Rule parsing module 5 reads matched rule one by one from based on the rule base of semanteme, then according to rule specific format word for word section parse the content of each field.
Multilevel matching tree module 6 is divided into multiple protocol domain subset according to protocol domain whole rule set, and each subset builds an adaptation, the next adaptation that may enter after having mated according to previous adaptation, builds regular level Match Tree.
The successful result of user behavior statistical module 8 statistical match, preserves detailed user behavior information according to certain format and sends to monitoring client, for further analysis.
Present invention also offers the recognition methods using above-mentioned recognition system network traffics to be carried out to depth recognition, whole identification process is as Fig. 2, and concrete steps are as follows:
Step 1, rule parsing
Step 1-1, by setting up the rule base based on semanteme based on the rule module of semanteme.
Rule base is the storehouse of depositing matched rule according to certain format, is divided into two parts, and a part is the service fields of rule; Another part is the identification field of rule.
(1) service fields
There are four fields in service fields: Apply Names, application behavior, operating system and agency, use " " symbol above four fields to be separated.Apply Names and application behavior use concrete definition, and operating system and agency are determined by corresponding agreement, for the operating system that cannot determine or agency, use All to represent arbitrary operating system or agency; The concrete form of service fields is:
Apply Names application behavior operating system is acted on behalf of
(2) identification field
Identification field comprises regular expression three fields of agreement, protocol domain, protocol domain, adds that the concrete form after manner of decryption Decode is:
[agreement: protocol domain 1, protocol domain 2, protocol domain 3] | [Decode] | [expression formula 1, expression formula 2, expression formula 3]
By service fields and identification field combination, and use " | " to separate, obtain the rule defined, every for this rule bar a line, be kept at formation rule storehouse in a rule file.
Step 1-2, is resolved the rule in rule base by rule parsing module.
According to the rule schemata described in step 1-1, rule is successively resolved, comprise service fields and resolve and identification field parsing.
(1) service fields
In service fields, service fields is by separating, and obtains value corresponding to each service fields by successively separating character string.
(2) identification field
In identification field agreement, manner of decryption and protocol domain regular expression between by | separate, obtain the value of respective field by successively separating character string, obtain the regular expression that agreement, protocol domain, manner of decryption and protocol domain are corresponding successively.
Step 1-3, the whole rule set after resolving is divided into multiple subset according to protocol domain, and each subset builds an adaptation, the next adaptation that may enter after having mated according to previous adaptation, generates level Match Tree.
Can also simplify above multilevel matching tree further, the rule do not matched with it be extracted separately, the regular level Match Tree after simplifying can be obtained in each protocol domain field.
Step 2, receives flow
Step 2-1, receiver module obtains raw network data.
First initialization network interface, comprises initialization network interface resources, data packet buffer and packet receiving rule; Then network packet is obtained from corresponding network interface.
Step 2-2, carries out ip fragmentation restructuring process and TCP restructuring process to packet successively, obtains transport layer data.
The burst flag bit in check data packet network layer data packet header is responsible in ip fragmentation restructuring, judge whether this IP message is fragment message, if so, then the data of the follow-up fragment packets from same bag (identical source IP and No. id) are spliced into initial data.
TCP Session reassemble is responsible for judging whether this message exists a TCP session, if there is no, the TCP session that then interpolation one is new, then the state (in the beginning of TCP session, transfer of data, TCP disconnect) of this TCP session is judged according to the value of SYN, FIN and ACK flag bit in transport layer data packet header, the data of finally reducing according to the state of TCP session and in conjunction with the sequence number of tcp data bag during whole TCP session.
Step 3, multi-protocol analysis
Step 3-1, identifies according to the protocol specification regular expression of protocol specification module definition the protocol type that packet uses in application layer.
The specification of multiple application layer protocol is defined in protocol specification module, specific as follows
Http protocol specification: " (POST|GET) .*HTTP/ (0 .9|1 .0|1 .1) ";
Rtsp protocol specification: " GET [x09-x0d-~] * Accept:application/x-rtsp-tunnelled ";
Ftp protocol specification: " ^220 [x09-x0d-~ x80-xfd] * ftp ".
Step 3-2, carries out structuring process by structuring protocol data module to application layer data.
Judge according to protocol specification module the protocol type that application layer uses, according to this protocol type form, message format preliminary treatment is carried out to application layer data.As for http protocol, in its consensus standard, the content of most of field all has the form of key-value pair, successively can identify and obtain corresponding field and value corresponding to this field, then the form of result according to key-value pair be stored.
Step 4, matching engine
Step 4-1, the regular expression adopting matching engine module corresponding to protocol domain in structurized application layer data and multilevel matching tree carries out regular expression pattern matching, obtains matching result.
Step 4-2, is sent to user behavior statistical module by the result that the match is successful, completes network traffics depth recognition.
Embodiment
Below to identify that Sina's microblogging refreshes the process of microblogging behavior, describe in detail to the network traffics depth recognition system based on many-core processor of the present invention, whole flow process as shown in Figure 3.
This network traffics depth recognition system is based upon on the platform of many-core processor, comprises receiver module, protocol specification module, structural data module, the rule module based on semanteme, rule parsing module, multilevel matching tree module, matching engine module and user behavior statistical module.
The many-core processor that the present embodiment uses is TileraGx-36 processor, this processor can provide high performance disposal ability, meet the real-time processing requirement to 10,000,000,000 network datas, it mainly comprises multinuclear Intelligent programmable packet engine (multicoreProgrammableIntelligentPacketEngine, mPIPE) and core processing unit Tile.The classification of core Intelligent programmable packet engine primary responsibility packet and load balancing, be sent to corresponding processor by packet according to the pattern formulated and process.
TileraGx-36 processor is a kind of processor of iMesh framework, this is a kind of matrix type structure of improvement, Lothrus apterus communication simultaneously between assembly between two can be realized, this items selection TileraGx36 money multi-core network processor is as hardware platform, it is integrated with 36 tile processors on a single die, each processor host frequency reaches 1.2GHZ, have 9M tri-grades of Cache that the Instruction Cache of 32K and the data Cache of 32K, the second-level cache of 256K and 36 core are shared, the disposal ability to the 40Gbps network bandwidth can be supported.
Step 1, rule parsing
Step 1-1, sets up the rule base based on semanteme.
The rule refreshing Sina's microblogging is as follows:
Sina_WeiboRefreshWeiboAllAll|[HTTP:URI,Host]|[None]|["gettimeline":-1_-1,"weibo.cn":-1_-1]
Step 1-2, resolves it according to rule schemata, obtains the regular expression that respective field, protocol domain and protocol domain are corresponding.As Apply Names Sina_Weibo, user behavior RefreshWeibo, agreement HTTP, protocol domain URI, Host, regular expression gettimeline, weibo.cn that protocol domain is corresponding.
Step 1-3, the rule set after resolving is divided into multiple subset according to regular kind, and as shown in Figure 4, each subset builds an adaptation, generates level Match Tree, as shown in Figure 5.Further to above multilevel matching tree simplify, the rule do not matched with it in each protocol domain field is extracted separately, can obtain as Fig. 6 simplify after regular level Match Tree.
Step 2, receives flow
First initialization network interface, comprises initialization network interface resources, data packet buffer and packet receiving rule; Then network packet is obtained from corresponding network interface.Obtain raw network data bag from network interface, ip fragmentation restructuring process and TCP restructuring process are carried out to packet, obtains transport layer data.
Step 3, multi-protocol analysis
Step 3-1, according to protocol specification module, judges application layer protocol type by transport layer data.
Step 3-2, according to the protocol type form judging to obtain, structuring application layer data, after process, result as shown in Figure 7.
Step 4, matching engine
According to the regular level Match Tree generated, regular expression pattern matching is carried out to structurized application layer data, obtains matching result; The result that the match is successful is sent to user behavior statistical module, completes network traffics depth recognition.
More than the present invention describe just part case study on implementation, but the present invention is not limited to above-mentioned embodiment.Above-mentioned embodiment is schematic, is not restrictive.Every employing system and method for the present invention, do not departing under the ambit that present inventive concept and claim protect, all concrete expansions all belong within protection scope of the present invention.
Claims (7)
1. based on a network traffics depth recognition system for many-core processor, it is characterized in that, comprise the receiver module (1) obtaining raw network data and the rule module based on semanteme (4) storing the matched rule based on semanteme; Receiver module (1) is connected with the protocol specification module (2) of the protocol type used in application layer according to self-defining regular expression identification transport layer data, and protocol specification module (2) is connected with the structural data module (3) of application layer data being carried out to structuring process; Rule module (4) based on semanteme be connected with can according to the specific format of matched rule word for word section parse the rule parsing module (5) of the content of each field, rule parsing module (5) be connected with by resolve generate rule multilevel matching tree multilevel matching tree module (6); Structural data module (3) and multilevel matching tree module (6) all with can carry out data and be connected with the matching engine module (7) of matching regular expressions, matching engine module (7) is also connected with the user behavior statistical module (8) of the storage result that the match is successful.
2. the network traffics depth recognition system based on many-core processor according to claim 1, it is characterized in that, the rule base in the described rule module based on semanteme (4) is kept in rule file according to the form of every bar matched rule a line to be formed; Described matched rule is combined by service fields and identification field;
Have four fields in described service fields: Apply Names, application behavior, operating system and agency, four fields are spaced from each other by " " symbol; Apply Names and applying row are defined by concrete user behavior, and operating system and agency are determined by procotol, for the operating system that cannot determine or agency, use All to represent arbitrary operating system or agency; The concrete form of service fields is: Apply Names application behavior operating system is acted on behalf of;
Three fields are had: the regular expression of what protocol domain of agreement, protocol domain, is spaced from each other by " | " symbol in described identification field; Add that the concrete form after manner of decryption Decode is: [agreement: protocol domain 1, protocol domain 2, protocol domain 3] | [Decode] | [expression formula 1, expression formula 2, expression formula 3].
3. use recognition system as claimed in claim 1 network traffics to be carried out to a recognition methods for depth recognition, it is characterized in that, comprise the following steps:
Step 1, rule parsing
Set up the rule base based on semanteme by the rule module based on semanteme, then by rule parsing module, the rule in rule base is resolved, then generate level Match Tree;
Step 2, receives flow
Receiver module obtains raw network data, and carries out ip fragmentation restructuring process and TCP restructuring process successively to raw network data, obtains transport layer data;
Step 3, multi-protocol analysis
Identify according to the protocol specification regular expression of protocol specification module definition the protocol type that transport layer data uses in application layer, then according to the protocol type judging to obtain, by structuring protocol data module, structuring process is carried out to application layer data;
Step 4, matching engine
Matching engine module carries out rule match according to multilevel matching tree to structurized application layer data, gives user behavior statistical module and adds up, complete network traffics depth recognition by the result that the match is successful.
4. recognition methods according to claim 3, is characterized in that, described in step 1 based on the method for building up of the rule base of semanteme is:
1) service fields and the identification field of matched rule is defined respectively:
Four fields in definition service fields: Apply Names, application behavior, operating system and agency, use " " symbol above four fields to be separated; Apply Names and applying row are determined by concrete user behavior, and operating system and agency are determined by procotol, for the operating system that cannot determine or agency, use All to represent arbitrary operating system or agency; The concrete form of service fields is: Apply Names application behavior operating system is acted on behalf of;
Three fields in definition identification field: the regular expression of what protocol domain of agreement, protocol domain, be spaced from each other by " | " symbol, add that the concrete form after manner of decryption Decode is: [agreement: protocol domain 1, protocol domain 2, protocol domain 3] | [Decode] | [expression formula 1, expression formula 2, expression formula 3];
2) by service fields and identification field combination, and use " | " symbol to separate, be kept in rule file according to the form of every bar matched rule a line, formation rule storehouse.
5. recognition methods according to claim 3, is characterized in that, resolves to comprise resolve and identification field parsing the service fields of rule described in step 1 to the rule in rule base; In service fields, each business son field is by separating, and obtains value corresponding to corresponding service son field by successively separating character string; In identification field each recognin field by | separate, obtain the value of corresponding recognin field by successively separating character string.
6. recognition methods according to claim 3, it is characterized in that, generating level Match Tree concrete grammar described in step 1 is: the whole rule set after resolving is divided into multiple subset according to protocol domain, each subset builds an adaptation, the next adaptation that may enter after having mated according to previous adaptation, carrys out create-rule multilevel matching tree.
7. recognition methods according to claim 6, is characterized in that, simplifies, the rule do not matched with it is extracted separately, obtain the regular level Match Tree of simplifying in each protocol domain field the multilevel matching tree of described generation.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510514488.4A CN105162626B (en) | 2015-08-20 | 2015-08-20 | Network flow depth recognition system and recognition methods based on many-core processor |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510514488.4A CN105162626B (en) | 2015-08-20 | 2015-08-20 | Network flow depth recognition system and recognition methods based on many-core processor |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN105162626A true CN105162626A (en) | 2015-12-16 |
| CN105162626B CN105162626B (en) | 2018-07-06 |
Family
ID=54803388
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201510514488.4A Expired - Fee Related CN105162626B (en) | 2015-08-20 | 2015-08-20 | Network flow depth recognition system and recognition methods based on many-core processor |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN105162626B (en) |
Cited By (14)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105635170A (en) * | 2016-01-26 | 2016-06-01 | 宝利九章(北京)数据技术有限公司 | Method and device for identifying network data packet based on rules |
| CN106341285A (en) * | 2016-11-25 | 2017-01-18 | 杭州华三通信技术有限公司 | Traffic identification method and device |
| CN106897281A (en) * | 2015-12-17 | 2017-06-27 | 阿里巴巴集团控股有限公司 | A kind of daily record sharding method and device |
| WO2018113330A1 (en) * | 2016-12-22 | 2018-06-28 | Huawei Technologies Co., Ltd. | Apparatus and method for os agent to optimize transmission over the air |
| CN108259371A (en) * | 2016-12-28 | 2018-07-06 | 亿阳信通股份有限公司 | A kind of network flow data analysis method and device based on stream process |
| CN108737291A (en) * | 2018-05-09 | 2018-11-02 | 北京建筑大学 | A kind of method and device that network flow indicates |
| CN109995740A (en) * | 2018-01-02 | 2019-07-09 | 国家电网公司 | Threat detection method based on depth protocal analysis |
| CN110224995A (en) * | 2019-05-17 | 2019-09-10 | 南京聚铭网络科技有限公司 | A kind of high-efficiency multi-function packet depth recognition method |
| CN110855602A (en) * | 2018-08-21 | 2020-02-28 | 国家计算机网络与信息安全管理中心 | Internet of things cloud platform event identification method and system |
| CN110875897A (en) * | 2018-08-29 | 2020-03-10 | 阿里巴巴集团控股有限公司 | Data transmission method, device, server and storage medium |
| CN111338812A (en) * | 2020-01-22 | 2020-06-26 | 中国民航信息网络股份有限公司 | Data processing method and device |
| CN111355696A (en) * | 2018-12-24 | 2020-06-30 | 中移(杭州)信息技术有限公司 | Message identification method and device, DPI (deep packet inspection) equipment and storage medium |
| CN112565262A (en) * | 2020-12-03 | 2021-03-26 | 恒安嘉新(北京)科技股份公司 | Flow data processing method, system, network equipment and storage medium |
| CN115277106A (en) * | 2022-06-30 | 2022-11-01 | 北京安博通科技股份有限公司 | User identification method and system of network equipment |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101282362A (en) * | 2008-05-13 | 2008-10-08 | 中兴通讯股份有限公司 | Method and apparatus for detecting depth packet |
| CN101557329A (en) * | 2009-05-27 | 2009-10-14 | 杭州迪普科技有限公司 | Application layer-based data segmenting method and device thereof |
| CN103051725A (en) * | 2012-12-31 | 2013-04-17 | 华为技术有限公司 | Application identification method, data mining method, device and system |
| CN103795709A (en) * | 2013-12-27 | 2014-05-14 | 北京天融信软件有限公司 | Network security detection method and system |
| CN104348677A (en) * | 2013-08-05 | 2015-02-11 | 华为技术有限公司 | Deep packet inspection method and equipment and coprocessor |
-
2015
- 2015-08-20 CN CN201510514488.4A patent/CN105162626B/en not_active Expired - Fee Related
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101282362A (en) * | 2008-05-13 | 2008-10-08 | 中兴通讯股份有限公司 | Method and apparatus for detecting depth packet |
| CN101557329A (en) * | 2009-05-27 | 2009-10-14 | 杭州迪普科技有限公司 | Application layer-based data segmenting method and device thereof |
| CN103051725A (en) * | 2012-12-31 | 2013-04-17 | 华为技术有限公司 | Application identification method, data mining method, device and system |
| CN104348677A (en) * | 2013-08-05 | 2015-02-11 | 华为技术有限公司 | Deep packet inspection method and equipment and coprocessor |
| CN103795709A (en) * | 2013-12-27 | 2014-05-14 | 北京天融信软件有限公司 | Network security detection method and system |
Non-Patent Citations (2)
| Title |
|---|
| 杨荣: "深度包检测技术中模式匹配算法分析", 《软件导刊》 * |
| 王建: "基于DPI的LTE网络用户行为感知系统的设计与实现", 《电信科学》 * |
Cited By (21)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106897281A (en) * | 2015-12-17 | 2017-06-27 | 阿里巴巴集团控股有限公司 | A kind of daily record sharding method and device |
| CN106897281B (en) * | 2015-12-17 | 2020-08-14 | 阿里巴巴集团控股有限公司 | Log fragmentation method and device |
| US10496616B2 (en) | 2015-12-17 | 2019-12-03 | Alibaba Group Holding Limited | Log fragmentation method and apparatus |
| CN105635170B (en) * | 2016-01-26 | 2018-12-18 | 宝利九章(北京)数据技术有限公司 | The rule-based method and apparatus that network packet is identified |
| CN105635170A (en) * | 2016-01-26 | 2016-06-01 | 宝利九章(北京)数据技术有限公司 | Method and device for identifying network data packet based on rules |
| CN106341285A (en) * | 2016-11-25 | 2017-01-18 | 杭州华三通信技术有限公司 | Traffic identification method and device |
| US10548117B2 (en) | 2016-12-22 | 2020-01-28 | Huawei Technologies Co., Ltd. | Apparatus and method for OS agent to optimize transmission over the air |
| WO2018113330A1 (en) * | 2016-12-22 | 2018-06-28 | Huawei Technologies Co., Ltd. | Apparatus and method for os agent to optimize transmission over the air |
| CN108259371A (en) * | 2016-12-28 | 2018-07-06 | 亿阳信通股份有限公司 | A kind of network flow data analysis method and device based on stream process |
| CN109995740A (en) * | 2018-01-02 | 2019-07-09 | 国家电网公司 | Threat detection method based on depth protocal analysis |
| CN108737291A (en) * | 2018-05-09 | 2018-11-02 | 北京建筑大学 | A kind of method and device that network flow indicates |
| CN110855602B (en) * | 2018-08-21 | 2022-02-25 | 国家计算机网络与信息安全管理中心 | Internet of things cloud platform event identification method and system |
| CN110855602A (en) * | 2018-08-21 | 2020-02-28 | 国家计算机网络与信息安全管理中心 | Internet of things cloud platform event identification method and system |
| CN110875897A (en) * | 2018-08-29 | 2020-03-10 | 阿里巴巴集团控股有限公司 | Data transmission method, device, server and storage medium |
| CN110875897B (en) * | 2018-08-29 | 2022-12-06 | 阿里巴巴集团控股有限公司 | Data transmission method, device, server and storage medium |
| CN111355696A (en) * | 2018-12-24 | 2020-06-30 | 中移(杭州)信息技术有限公司 | Message identification method and device, DPI (deep packet inspection) equipment and storage medium |
| CN110224995A (en) * | 2019-05-17 | 2019-09-10 | 南京聚铭网络科技有限公司 | A kind of high-efficiency multi-function packet depth recognition method |
| CN111338812A (en) * | 2020-01-22 | 2020-06-26 | 中国民航信息网络股份有限公司 | Data processing method and device |
| CN112565262A (en) * | 2020-12-03 | 2021-03-26 | 恒安嘉新(北京)科技股份公司 | Flow data processing method, system, network equipment and storage medium |
| CN115277106A (en) * | 2022-06-30 | 2022-11-01 | 北京安博通科技股份有限公司 | User identification method and system of network equipment |
| CN115277106B (en) * | 2022-06-30 | 2024-03-19 | 北京安博通科技股份有限公司 | User identification method and system of network equipment |
Also Published As
| Publication number | Publication date |
|---|---|
| CN105162626B (en) | 2018-07-06 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN105162626A (en) | Network traffic depth identification system and method based on many-core processor | |
| US11425047B2 (en) | Traffic analysis method, common service traffic attribution method, and corresponding computer system | |
| CN103873320B (en) | Encryption method for recognizing flux and device | |
| US20210258791A1 (en) | Method for http-based access point fingerprint and classification using machine learning | |
| CN104506484A (en) | Proprietary protocol analysis and identification method | |
| CN102710504A (en) | Application identification method and application identification device | |
| CN102739457A (en) | Network flow recognition system and method based on DPI (Deep Packet Inspection) and SVM (Support Vector Machine) technology | |
| CN106101015A (en) | A kind of mobile Internet traffic classes labeling method and system | |
| CN109218124A (en) | DNS tunnel transmission detection method and device | |
| CN104320304A (en) | Multimode integration core network user traffic application identification method easy to expand | |
| CN110347501A (en) | A kind of service testing method, device, storage medium and electronic equipment | |
| CN107181605B (en) | Message detection method and system, content extraction device and flow matching device | |
| CN105302885B (en) | full-text data extraction method and device | |
| CN105099918B (en) | A kind of matched method and apparatus of data search | |
| CN102025567A (en) | Sharing access detection method and related device | |
| CN110417729A (en) | A kind of service and application class method and system encrypting flow | |
| CN108123962A (en) | A kind of method that BFS algorithms generation attack graph is realized using Spark | |
| CN111865996A (en) | Data detection method and device and electronic equipment | |
| CN103067389B (en) | High safety file transfer method based on short website | |
| Sun et al. | Design and demonstration of high-throughput protocol oblivious packet forwarding to support software-defined vehicular networks | |
| JP6548823B2 (en) | Real-time validation of JSON data applying tree graph properties | |
| CN103001966A (en) | Processing and identifying method and device for private network IP | |
| CN102984242A (en) | Automatic identification method and device of application protocols | |
| CN105049456B (en) | A kind of secret communication method based on web page interlinkage request | |
| CN114221777B (en) | Digital currency flow self-synchronization monitoring method, device and equipment under limited condition |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant | ||
| CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20180706 Termination date: 20190820 |
|
| CF01 | Termination of patent right due to non-payment of annual fee |