CN105227348B - A kind of Hash storage method based on IP five-tuple - Google Patents
A kind of Hash storage method based on IP five-tuple Download PDFInfo
- Publication number
- CN105227348B CN105227348B CN201510528651.2A CN201510528651A CN105227348B CN 105227348 B CN105227348 B CN 105227348B CN 201510528651 A CN201510528651 A CN 201510528651A CN 105227348 B CN105227348 B CN 105227348B
- Authority
- CN
- China
- Prior art keywords
- storage unit
- hash
- session
- unit
- hash array
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
- H04L41/14—Network analysis or design
- H04L41/142—Network analysis or design using statistical or mathematical methods
Landscapes
- Physics & Mathematics (AREA)
- Algebra (AREA)
- General Physics & Mathematics (AREA)
- Mathematical Analysis (AREA)
- Mathematical Optimization (AREA)
- Mathematical Physics (AREA)
- Probability & Statistics with Applications (AREA)
- Pure & Applied Mathematics (AREA)
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Information Retrieval, Db Structures And Fs Structures Therefor (AREA)
- Computer And Data Communications (AREA)
Abstract
The invention discloses a kind of Hash storage methods based on IP five-tuple.Its method includes: to receive session information inquiry request;According to the IP five-tuple in the session information inquiry request, the first unit mark of the first Hash array is determined based on the first hash function, the second unit mark of the second Hash array is determined based on the second hash function, wherein, each unit in the first Hash array is for storing the second Hash array;Current second Hash array is determined according to first unit mark and second unit mark;All session storage units that the current second Hash array is directed toward are traversed, session storage unit corresponding with the IP five-tuple is searched;Session information is obtained from the session storage unit.The present invention solves the problems, such as that the Hash of IP five-tuple Hash storage method in the prior art is unevenly distributed, newly-increased speed is slow and search speed is slow.
Description
Technical field
The present invention relates to network session statistical analysis field more particularly to a kind of Hash storage sides based on IP five-tuple
Method.
Background technique
Denial of Service attack (DoS, Denial of Service), which refers to, to be exhausted using various service requests by attacking network
System resource, to make the request that can not be handled legitimate user by attacking network.And with the rise of Botnet, while by
It is simple in attack method, be affected, be difficult to the features such as tracing, and make distributed denial of service attack (DDoS,
Distributed Denial of Service) it obtains quickly growing and increasingly spreading unchecked.The corpse net of thousands of host compositions
Network provides required bandwidth and host for ddos attack, huge attack and network flow is formd, to by attack net
Network causes great harm.
With the continuous improvement and development of ddos attack technology, Internet Service Provider (ISP, Internet
Service Provider), internet content provider (ICP, Internet Content Provider), internet data
The safety and operation challenge that the operators such as center (IDC, Internet Data Center) face also are increasing, and operator must
Flow must be detected and cleaned, it is ensured that network normal table before DDoS threatens influence key business and application
Operation and business normal development.Meanwhile it is to use that detection to ddos attack flow and cleaning, which can also become operator,
A kind of value-added service that family provides, to obtain better user satisfaction.
Under the big flow network environment of the operators such as ISP, IDC, current network state, session are rapidly and accurately judged
Exactly most crucial one of the technology of statistical analysis, gets up connection session establishment all in flow and analyzes the various of its transmission
Data can obtain the information much about current network state, have very great help to timely discovery ddos attack, and the company of foundation
It connects, needs IP five-tuple information i.e. source address, destination address, source port, target port and the IP agreement in data message, use
The efficiency which kind of method storage IP five-tuple information will analyze session connection plays the role of key.
IP five-tuple Hash storage method is the most commonly used at present, but IP five-tuple Hash storage method in the prior art is
Have the shortcomings that very much.Mainly there is following disadvantage:
1, Hash is unevenly distributed: the Hash storage location that the hash function that many methods use calculates is not average enough, leads
Cause hash-collision depth larger.
2, it is slow to increase speed newly: because being unevenly distributed, the conflict depth of Hash is big, and many methods use chain technique solution
Entire chain often can be traversed when newly-increased and consumes a large amount of time when certainly conflicting.
3, search speed is slow: as the value of storage is more and more, depth is also more and more greater than 1 storage location, often
It is many to search several values not in the stem of storage location, traversal chained list number is generally required when searching these values
It is secondary to obtain, consume a large amount of time again among these.
Summary of the invention
In view of this, the embodiment of the present invention provides a kind of Hash storage method based on IP five-tuple, to solve existing skill
Hash is unevenly distributed in art, is increased newly and the very slow problem of search speed.
The embodiment of the invention provides a kind of Hash storage methods based on IP five-tuple, comprising:
Receive session information inquiry request;
According to the IP five-tuple in the session information inquiry request, the first Hash array is determined based on the first hash function
First unit mark, based on the second hash function determine the second Hash array second unit identify, wherein it is described first breathe out
Each unit in uncommon array is for storing the second Hash array;
Current second Hash array is determined according to first unit mark and second unit mark;
All session storage units that the current second Hash array is directed toward are traversed, are searched corresponding with the IP five-tuple
Session storage unit;
Session information is obtained from the session storage unit.
The beneficial effects of the present invention are: a kind of Hash storage method based on IP five-tuple provided by the invention, uses
Two operations of CRC32 algorithm and XOR operation are combined as hash function to obtain final Hash storage location, so that breathing out
Uncommon storage and distribution is very uniform.The different data of two strings, all the same probability of the value calculated by two functions is very little, so
In conjunction with two hash functions, the end value that different data string can be made to calculate to the maximum extent is different, to reduce hash-collision.
By the above measure, solves Hash in the prior art and be unevenly distributed, the newly-increased and very slow problem of search speed, on the whole significantly
Improve the Hash storage efficiency of IP five-tuple.
Detailed description of the invention
By reading a detailed description of non-restrictive embodiments in the light of the attached drawings below, of the invention other
Feature, objects and advantages will become more apparent upon:
Fig. 1 is a kind of flow diagram of Hash storage method based on IP five-tuple of the embodiment of the present invention one;
Fig. 2 is a kind of flow diagram of Hash storage method based on IP five-tuple of the embodiment of the present invention three;
Specific embodiment
The present invention is described in further detail with reference to the accompanying drawings and examples.It is understood that this place is retouched
The specific embodiment stated is used only for explaining the present invention rather than limiting the invention.It also should be noted that in order to just
In description, only some but not all contents related to the present invention are shown in the drawings.
Embodiment one
Fig. 1 is that embodiment one provides a kind of flow diagram of Hash storage method based on IP five-tuple.This method is suitable
For under big flow network environment, biggish data information is converted into lesser data information memory, it is easily accessible and
The case where statistical analysis.This method is executed by the device of the Hash storage method based on IP five-tuple, which may be provided at end
In end, it can be realized in the form of software and/or hardware.Such as Internet Service Provider (ISP, Internet
Service Provider), internet content provider (ICP, Internet Content Provider), internet data
The operators such as center (IDC, Internet Data Center) can be clear to be detected and be subject to flow with adopting said method
It washes, it is ensured that the operation of network normal table and the normal development of business.
As shown in Figure 1, this method comprises:
S110, session information inquiry request is received.
The device of Hash storage method based on IP five-tuple receives the session inquiry request containing IP five-tuple information, uses
IP five-tuple goes to determine the storage location of session information, so that session information be accessed.
S120, according to the IP five-tuple in the session information inquiry request, the first Kazakhstan is determined based on the first hash function
The first unit mark of uncommon array determines that the second unit of the second Hash array identifies based on the second hash function, wherein described
Each unit in first Hash array is for storing the second Hash array.
IP five-tuple information link includes source address sip, destination address dip, source port sport, target port dport and
IP protocol number protocol.Initially set up the first Hash array and the second hash function group, each list in the first Hash array
Member is a second Hash array again.Each unit of second hash function is a pointer, is directed toward each storage element.By
First unit mark is calculated in first hash function, show that second unit identifies by the second hash function.
Further, the length of the first Hash array is greater than the second Hash array.
Further, the first hash function is F=CRC_32 (M- > link) %A.
Wherein, F is the first unit mark in the first Hash array, the cyclic redundancy check algorithm letter that CRC_32 is 32
Number, M- > link are the IP five-tuple information in session storage unit, and A is the length of the first Hash array.
Second hash function is f=(sip^dip^ ((sport < < 16)+dport)) %a.
Wherein, f is the second unit mark in the second Hash array, and a is the length of the second Hash array.
After burst of data was calculated by 32 CRC functions first, obtained value be distributed substantially it is relatively uniform,
If still there is conflict, there are also second IP five-tuple exclusive or hash function, the different data of two strings are calculated by two functions
The all the same probability of value out, is very little, so different data string can be made to calculate to the maximum extent in conjunction with two hash functions
End value it is different.Hash-collision is greatly reduced in this way.
S130, current second Hash array is determined according to first unit mark and second unit mark.
First unit identifies the position for determining the first hash function group, and second unit identifies the position for determining the second Hash array
It sets.Because each unit is a second Hash array, first unit mark and second unit in the first Hash array
Mark has finally determined that a second current Hash array, the second current Hash array are that the first Hash array and second breathe out
The combination of uncommon array.
All session storage units that S140, the traversal current second Hash array are directed toward, are searched and five yuan of the IP
The corresponding session storage unit of group.
If calculating many same session storage units of storage location, i.e., current second Hash array with hash function
It is directed toward many session storage units.These session storage units just need to be connected with chained list, and the length of this chained list
It can be understood as conflict depth.Current second is just needed to be traversed for when searching session storage unit corresponding with affiliated IP five-tuple
All session storage units that hash function group is directed toward.
Further, the session storage unit M includes:
IP five-tuple information link;
Upper Storage Unit Pointer prev;
Next Storage Unit Pointer next;
It searches and counts count, for recording conversation storage unit by lookup number.
S150, session information is obtained from the session storage unit.
Further, if the session storage unit is the first storage unit that the current second Hash array is directed toward,
Then return to the session information;
If the session storage unit is not the first storage unit that the current second Hash array is directed toward, according to institute
State the lookup counting that a Storage Unit Pointer obtains upper session storage unit, the lookup meter of the session storage unit
The lookup whether number is greater than upper session storage unit counts, if so, the position of two session storage units of exchange, more cenotype
The pointer answered, and return to the session information;If it is not, then directly returning to the session information.
In the prior art, as session storage unit is more and more, depth is also more and more greater than 1 storage location, past
Several storage units are searched not on the head of storage location toward very much, when searching these storage units often
Needing to be traversed for chained list could obtain for several times, consume a large amount of time again among these.In the present embodiment, by searching for the big of counting
Session storage unit on the small same chained list of exchange, so that it is always located in chained list head by more session storage unit is searched,
The session storage unit being under same chained list in this way by by the descending head from chained list of the number searched to tail portion into
Row arrangement.The time that chained list is traversed when greatly reducing due to searching element, effectively increase the efficiency of storage.
A kind of Hash storage method based on IP five-tuple that the embodiment of the present invention one provides, by using CRC32 algorithm
It combines with two operations of XOR operation as hash function to obtain final Hash storage location.The different data of two strings,
The all the same probability of the value calculated by two functions is very little, so can make to the maximum extent in conjunction with two hash functions
The end value that different data string calculates is different, reduces hash-collision.By the above measure, solves Hash in the prior art and be distributed
Unevenness, the newly-increased and very slow problem of search speed, greatly improves the Hash storage efficiency of IP five-tuple on the whole.
Embodiment two
The present embodiment is further traversing all of the current second Hash array direction based on embodiment one
Session storage unit also performs the following operations after searching session storage unit corresponding with the IP five-tuple:
If not finding the corresponding session storage unit of the IP five-tuple, apply for new session storage in memory space
Unit, the IP five-tuple information preservation in the new session storage unit, using according to the first hash function and second
First unit that hash function is calculated mark and second unit mark determine a second final Hash array, it is described most
The second whole Hash array is for being directed toward new session storage unit.
Further, if the session storage unit that the second final Hash array is not directed toward, directly make described
The second final Hash array is directed toward the new session storage unit, then returns to the session of the new session storage unit
Information;
If the second final Hash array has the session storage unit of direction, the new session is allowed to store first
The pointer of the next storage unit of direction in cellular construction is directed toward already present session in the second final Hash array
Then storage unit is directed toward the pointer of the upper storage unit of direction of the already present session storage unit described new
Session storage unit, the first session storage unit for allowing the second final Hash array to be directed toward are the new session storage
Unit finally returns to the session information of the new session storage unit.
It solves to conflict using chain technique in the prior art and often traverses entire chain in newly-increased session storage unit and disappear
The a large amount of time is consumed.When new session storage unit is added in the present embodiment on chain, be utilized in head insertion rather than
Tail portion insertion, it is only necessary to once-through operations for head insertion without traversing entire chain, while reducing device workload
The time has been saved, storage efficiency is improved.
The present embodiment two is on the basis of example 1 in all sessions for traversing the current second Hash array direction
Storage unit does not find respective session storage unit after searching session storage unit corresponding with the IP five-tuple, establishes
New session storage unit stores session information, and new session storage unit is added in the head of chained list.Keep Hash distribution equal
While even, on head, insertion improves storage efficiency without traversing entire chain.
Embodiment three
Fig. 2 is that embodiment three provides a kind of flow diagram of Hash storage method based on IP five-tuple.The present embodiment
On the basis of the above embodiments, entire scheme is embodied, is completely described, is easy to understand.The present embodiment only describes
Hash storage method based on IP five-tuple but do not limit its method.
Firstly, setting the first hash function in the present embodiment as F, the second hash function is f.The length of first Hash array H
Degree is A, and the length of the second Hash array h is a.Setting memory cell structure M link [sip, dip, sport, dport,
Protocol], prev, next, count } for saving IP five-tuple information.
As shown in Fig. 2, this method comprises:
S210, session is searched according to IP five-tuple.
S220, Hash position H [h] is calculated by function F and function f.
First unit mark and second unit mark are respectively obtained by the first hash function F and the second hash function f, i.e.,
The position h of the position H of first Hash array and the second Hash array finally obtain Hash position H [h].
S230, traversal H [h], find session storage unit M.If M can be found, S240 is executed;Otherwise, S250 is executed.
All session storage units that H [h] is directed toward are traversed, session storage unit M corresponding with IP five-tuple is found.
S240, M search counting count and add 1.
Further, after S240, this method further include:
S2410, M whether be H [h] be directed toward header element i.e. first session storage unit.If so, executing S260;It is no
Then, then S2420 is executed.
S2420, judge whether M- > count > M- > prev- > count.If so, executing S2430;Otherwise, S260 is executed.
The lookup that M- > count is M counts, and M- > prev- > count is the lookup meter of the previous session storage unit of M
Number.Judging whether M- > count > M- > prev- > count then is the lookup counting for comparing M and its previous session storage unit
Size.Purpose is will to be searched session storage unit often and move on to the head of entire chained list.It is under same chained list in this way
Session storage unit will be arranged from the head of chained list to tail portion by the number searched is descending.
S2430, the position for exchanging M and M- > prev, then execute S260.
As exchange M and its previous session storage unit are in the position of the chained list of H [h] the session storage unit composition being directed toward
It sets.
S250, application session storage unit M, IP five-tuple information preservation in M.
Further, after S250, this method further include:
S2510, judge whether H [h] is empty.If it is empty, then S260 is executed;Otherwise, S2520 is executed.
S2520, M- > next are directed toward H [h] current sessions N.The next session Storage Unit Pointer of the direction of M is directed toward H [h]
Currently existing session storage unit.
S2530, H [h] current sessions N- > prev are directed toward M.The upper session storage of the direction of current sessions storage unit N
Unit pointer is directed toward new application session storage unit M.
S2540, H [h]=M.The session storage unit on the head for the session storage unit chained list for being as directed toward H [h]
The session storage unit M newly applied.Then S260 is executed.
S260, session storage unit M is returned.
The embodiment of the present invention three provides a kind of specifically Hash storage based on IP five-tuple based on above-described embodiment
Method.IP five-tuple Hash storage method proposed by the present invention, uses CRC32 algorithm and XOR operation as hash function, no
Only quickly and distribute very evenly, by chain technique solve hash-collision and it is newly-increased when be inserted in chained list stem and be not required to traverse
Entire chain, and linked list element position is adjusted by searching for counting, the newly-increased and search speed of Hash element can be greatly improved,
By the above measure, the Hash storage efficiency of IP five-tuple is greatly improved on the whole.
Note that the above is only a better embodiment of the present invention and the applied technical principle.It will be appreciated by those skilled in the art that
The invention is not limited to the specific embodiments described herein, be able to carry out for a person skilled in the art it is various it is apparent variation,
It readjusts and substitutes without departing from protection scope of the present invention.Therefore, although being carried out by above embodiments to the present invention
It is described in further detail, but the present invention is not limited to the above embodiments only, without departing from the inventive concept, also
It may include more other equivalent embodiments, and the scope of the invention is determined by the scope of the appended claims.
Claims (6)
1. a kind of Hash storage method based on IP five-tuple characterized by comprising
Receive session information inquiry request;
According to the IP five-tuple in the session information inquiry request, the of the first Hash array is determined based on the first hash function
One unit marks determine that the second unit of the second Hash array identifies based on the second hash function, wherein the first Hash number
Each unit in group is for storing the second Hash array;
Current second Hash array is determined according to first unit mark and second unit mark;
All session storage units that the current second Hash array is directed toward are traversed, meeting corresponding with the IP five-tuple is searched
Talk about storage unit;
Session information is obtained from the session storage unit;
Wherein, session information is obtained from the session storage unit, comprising:
If the session storage unit is the first storage unit that the current second Hash array is directed toward, the session is returned
Information;
If the session storage unit is not the first storage unit that the current second Hash array is directed toward, deposited according to upper one
The lookup that storage unit pointer obtains upper session storage unit counts, and whether the lookup of the session storage unit counts big
It is counted in the lookup of upper session storage unit, if so, the position of two session storage units of exchange, updates and refer to accordingly
Needle, and return to the session information;If it is not, then directly returning to the session information;
It is described search be counted as recording conversation storage unit by lookup number.
2. according to the method described in claim 1, it is characterized by:
The first Hash array length is greater than the length of the second Hash array.
3. the method according to claim 1, wherein the session storage unit includes:
IP five-tuple information link, including source address sip, destination address dip, source port sport, target port dport
With IP protocol number protocol;
Upper Storage Unit Pointer prev;
Next Storage Unit Pointer next;
It searches and counts count, for recording conversation storage unit by lookup number.
4. according to the method described in claim 3, it is characterized by:
First hash function is F=CRC_32 (M- > link) %A;
Wherein, F is that the first unit in the first Hash array identifies, the cyclic redundancy check algorithmic function that CRC_32 is 32,
M- > link is the IP five-tuple information in session storage unit, and A is the length of the first Hash array;
Second hash function is f=(sip^dip^ ((sport < < 16)+dport)) %a;
Wherein, f is the second unit mark in the second Hash array, and a is the length of the second Hash array.
5. according to the method described in claim 3, it is characterized in that, all meetings that the traversal current second Hash array is directed toward
Storage unit is talked about, after searching corresponding with IP five-tuple session storage unit, further includes:
If not finding the corresponding session storage unit of the IP five-tuple, apply for that new session storage is single in memory space
Member is breathed out the IP five-tuple information preservation in the new session storage unit using according to the first hash function and second
The first unit mark and second unit mark that uncommon function is calculated determine a second final Hash array, described final
The second Hash array for being directed toward new session storage unit.
6. according to the method described in claim 5, it is characterized in that, described using according to the first hash function and the second Hash letter
The first unit mark and second unit mark that number is calculated determine a second final Hash array, described final the
Two Hash arrays are for being directed toward after new session storage unit, further includes:
If the session storage unit that the second final Hash array is not directed toward directly makes the second final Hash
Array is directed toward the new session storage unit, then returns to the session information of the new session storage unit;
If the second final Hash array has the session storage unit of direction, the new session storage unit is allowed first
The pointer of the next storage unit of direction in structure is directed toward already present session storage in the second final Hash array
Then the pointer of the upper storage unit of direction of the already present session storage unit is directed toward the new session by unit
Storage unit, the first session storage unit for allowing the second final Hash array to be directed toward are that the new session storage is single
Member finally returns to the session information of the new session storage unit.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510528651.2A CN105227348B (en) | 2015-08-25 | 2015-08-25 | A kind of Hash storage method based on IP five-tuple |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510528651.2A CN105227348B (en) | 2015-08-25 | 2015-08-25 | A kind of Hash storage method based on IP five-tuple |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN105227348A CN105227348A (en) | 2016-01-06 |
| CN105227348B true CN105227348B (en) | 2019-01-11 |
Family
ID=54996059
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201510528651.2A Active CN105227348B (en) | 2015-08-25 | 2015-08-25 | A kind of Hash storage method based on IP five-tuple |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN105227348B (en) |
Families Citing this family (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107770113A (en) * | 2016-08-15 | 2018-03-06 | 台山市金讯互联网络科技有限公司 | A kind of accurate flood attack detection method for determining attack signature |
| CN107770114A (en) * | 2016-08-15 | 2018-03-06 | 台山市金讯互联网络科技有限公司 | A kind of flood attack detection method of the distributed monitoring of optimization |
| CN107248939B (en) * | 2017-05-26 | 2020-07-31 | 中国人民解放军理工大学 | Network flow high-speed correlation method based on hash memory |
| CN111526225B (en) * | 2020-04-28 | 2022-07-01 | 杭州迪普科技股份有限公司 | Session management method and device |
| CN112612670B (en) * | 2020-12-02 | 2023-04-11 | 北京东土军悦科技有限公司 | Session information statistical method, device, exchange equipment and storage medium |
| CN114221847B (en) * | 2021-12-10 | 2024-01-23 | 北京天融信网络安全技术有限公司 | Network session management method, device and equipment and storage medium |
Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102123090A (en) * | 2011-02-23 | 2011-07-13 | 中国人民解放军国防科学技术大学 | IP (Internet protocol) fragment processing method based on two-level table storage and transport layer information inquiry |
| CN103179109A (en) * | 2013-02-04 | 2013-06-26 | 上海恒为信息科技有限公司 | Secondary session query function based filtering and distribution device and method thereof |
| CN104038389A (en) * | 2014-06-19 | 2014-09-10 | 高长喜 | Multiple application protocol identification method and device |
| CN104378263A (en) * | 2014-11-27 | 2015-02-25 | 盛科网络(苏州)有限公司 | Network flow monitoring method and device based on TCP session and message processing chip |
| CN104683255A (en) * | 2013-11-29 | 2015-06-03 | 华为技术有限公司 | Load sharing balance method and device for physical ports, and link aggregation system |
| CN104780178A (en) * | 2015-04-29 | 2015-07-15 | 北京邮电大学 | Connection management method for preventing TCP attack |
-
2015
- 2015-08-25 CN CN201510528651.2A patent/CN105227348B/en active Active
Patent Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102123090A (en) * | 2011-02-23 | 2011-07-13 | 中国人民解放军国防科学技术大学 | IP (Internet protocol) fragment processing method based on two-level table storage and transport layer information inquiry |
| CN103179109A (en) * | 2013-02-04 | 2013-06-26 | 上海恒为信息科技有限公司 | Secondary session query function based filtering and distribution device and method thereof |
| CN104683255A (en) * | 2013-11-29 | 2015-06-03 | 华为技术有限公司 | Load sharing balance method and device for physical ports, and link aggregation system |
| CN104038389A (en) * | 2014-06-19 | 2014-09-10 | 高长喜 | Multiple application protocol identification method and device |
| CN104378263A (en) * | 2014-11-27 | 2015-02-25 | 盛科网络(苏州)有限公司 | Network flow monitoring method and device based on TCP session and message processing chip |
| CN104780178A (en) * | 2015-04-29 | 2015-07-15 | 北京邮电大学 | Connection management method for preventing TCP attack |
Non-Patent Citations (1)
| Title |
|---|
| IPFIX双向流生成系统的研究与实现;车佳敏;《中国优秀硕士学位论文全文数据库(电子期刊)》;20110315;第I139-138页 |
Also Published As
| Publication number | Publication date |
|---|---|
| CN105227348A (en) | 2016-01-06 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN105227348B (en) | A kind of Hash storage method based on IP five-tuple | |
| Acs et al. | Cache privacy in named-data networking | |
| US8792347B2 (en) | Real-time network monitoring and subscriber identification with an on-demand appliance | |
| US9118567B2 (en) | Removing lead filter from serial multiple-stage filter used to detect large flows in order to purge flows for prolonged operation | |
| US8510830B2 (en) | Method and apparatus for efficient netflow data analysis | |
| US20100157800A1 (en) | Method for processing network traffic loading balance | |
| CN108737447B (en) | User datagram protocol flow filtering method, device, server and storage medium | |
| WO2017025021A1 (en) | Method and device for processing flow table | |
| US8817792B2 (en) | Data forwarding method, data processing method, system and relevant devices | |
| Xu et al. | ELDA: Towards efficient and lightweight detection of cache pollution attacks in NDN | |
| CN109936517A (en) | Adaptive dynamic traffic distribution method in mimicry defence | |
| Hou et al. | Theil-based countermeasure against interest flooding attacks for named data networks | |
| CN111049859A (en) | Attack traffic shunting and blocking method based on topology analysis | |
| Matsumoto et al. | LightFlow: Speeding up GPU-based flow switching and facilitating maintenance of flow table | |
| US10516615B2 (en) | Network traffic congestion control | |
| CN110049061A (en) | Lightweight ddos attack detection device and detection method on high speed network | |
| Yang et al. | Adaptive measurements using one elastic sketch | |
| JP2009231890A (en) | Packet relay device and traffic monitoring system | |
| US10547560B1 (en) | Monitoring network communications queues | |
| Singh et al. | Revisiting heavy-hitters: Don't count packets, compute flow inter-packet metrics in the data plane | |
| CN101854366B (en) | Peer-to-peer network flow-rate identification method and device | |
| Li et al. | The new threat to internet: DNP attack with the attacking flows strategizing technology | |
| Kong et al. | Time-out bloom filter: A new sampling method for recording more flows | |
| Xie et al. | Index–Trie: Efficient archival and retrieval of network traffic | |
| US7961731B2 (en) | Method and system for real-time detection of hidden traffic patterns |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| CB02 | Change of applicant information |
Address after: 705-708, room two, No. 121, north south of the Five Ridges Avenue, Chancheng District, Guangdong, Foshan, 528000 Applicant after: GUANGDONG RUIJIANG CLOUD COMPUTING CO., LTD. Address before: Chancheng District of Guangdong city of Foshan province south of the Five Ridges 528000 Avenue North 121 East International A District Office 7-8 Applicant before: Guangdong Efly Network Co., Ltd. |
|
| COR | Change of bibliographic data | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |