CN105357118A - Rule based flow classifying method and system - Google Patents

Rule based flow classifying method and system Download PDF

Info

Publication number
CN105357118A
CN105357118A CN 201510698328 CN201510698328A CN105357118A CN 105357118 A CN105357118 A CN 105357118A CN 201510698328 CN201510698328 CN 201510698328 CN 201510698328 A CN201510698328 A CN 201510698328A CN 105357118 A CN105357118 A CN 105357118A
Authority
CN
Grant status
Application
Patent type
Prior art keywords
rule
layer
rules
matching
set
Prior art date
Application number
CN 201510698328
Other languages
Chinese (zh)
Inventor
孟进
Original Assignee
上海斐讯数据通信技术有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L45/00Routing or path finding of packets in data switching networks
    • H04L45/38Flow based routing
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L47/00Traffic regulation in packet switching networks
    • H04L47/10Flow control or congestion control
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L47/00Traffic regulation in packet switching networks
    • H04L47/10Flow control or congestion control
    • H04L47/24Flow control or congestion control depending on the type of traffic, e.g. priority or quality of service [QoS]
    • H04L47/2441Flow classification

Abstract

The invention provides a rule based flow classifying method and device. The rule based flow classifying method comprises the steps of presetting a rule set and constructing a rule hierarchical matching tree based on rules in the rule set, wherein the rule hierarchical matching tree comprises a first rule layer and a second rule layer; when a data packet is received, obtaining a host and a URI (Uniform Resource Identifier) of the data packet; searching matched rules in the first rule layer according to the host by the matcher; after determining that the first rule layer matched rules are found, triggering a next matcher in the first rule layer matched rules to search matched rules in the second rule layer based on the uniform resource identifier. According to the rule based flow classifying method and device, stability of the system for resource consumption along with increase of rules and protocol domains is ensured, and the flow classifying speed is also increased.

Description

一种基于规则的流量分类方法和系统 Rule-based traffic classification methods and systems

技术领域 FIELD

[0001] 本发明涉及通信技术领域,尤其涉及一种基于规则的流量分类方法和系统。 [0001] The present invention relates to communication technologies, particularly to a traffic classification rule based methods and systems.

背景技术 Background technique

[0002] 目前,互联网中新的应用模式与应用不断涌现,网络流量不断增长,并呈现多样化,给互联网运营与管理带来巨大挑战。 [0002] Currently, new application models and emerging Internet applications, network traffic is growing, and diversified, operation and management of the Internet to a huge challenge. 实时网络流量分类对帮助互联网服务提供商了解网络运行状态,优化网络运营与管理具有重要意义。 Real-time network traffic classification is important in helping Internet service provider for network operation status, optimize network operations and management.

[0003] 基于规则的流量分类系统中,对于大量的基于语义的规则,通常把所有的规则都被分到用于确定性有限(DFA)组合的域中,其中,对于大量的基于语义的规则有两种匹配方法:图1中一个规则构造一个匹配器,通过顺序匹配规则中的每一个协议域完成一个匹配器的匹配过程;然后按照顺序依次匹配每个匹配器;如果当前的匹配器没有匹配到,则转到下一个匹配器进行匹配,直到匹配到一个匹配器或者所有的匹配器都检查完为止。 [0003] Rule-based flow classification system, in which, for a large number of rule-based semantics for a large number of rule-based semantics, usually all the rules have been assigned to a finite deterministic (DFA) in combination domain there are two matching methods: a rule 1 in FIG construct a match, a matching process is completed by a matching unit matching each of a sequence of protocol field of the rule; and the order in accordance with each of the matching unit match; if the current does not match matched, go to the next matching unit match, until a match or a match of all matchers are checked up. 匹配速度受规则/匹配器的数量和具体规则中协议域数量多少的影响。 Effect of the number of protocols the number of domain specific rules and the number of rule-matching speed / the matcher. 图2中所有的规则首先可以根据他们的协议域进行划分,然后在同一协议域的规则表达式可以合并到一个基于DFA的匹配器中;当一个匹配器匹配失败或者所有的匹配器都检查完成后系统就停止匹配的过程。 FIG 2 is first of all rules may be divided according to their protocol fields, then the expression can be combined into a DFA based on the same rule matcher in the protocol field; when a match or matches all matcher fails to check for complete after the system stops the matching process.

[0004] 这两种规则组织的缺点是: [0004] disadvantage of both rules of the organization are:

[0005] 规则中的值组合带来的内存激增造成的不确定性风险。 Uncertainty risk value combinations [0005] rule brought a surge caused by memory.

[0006] 要花费额外的空间来保存每一个匹配器进行匹配时的中间匹配结果。 [0006] it takes extra space to store each intermediate matcher matching results of matches. 同时还要花费额外的时间来合并中间的匹配结果,从而得到最终匹配到的规则。 But also spend extra time to merge the middle of matches, resulting in the final match to the rule. 随着规则和协议域数量的增多,这个问题会变得越来越严重,极大地增加资源消耗,匹配速度也会降低。 With the increase in the number of rules and protocol fields, this problem will become more serious, greatly increase resource consumption, matching speed will be reduced.

发明内容 SUMMARY

[0007] 有鉴于此,本发明的目的是针对上述技术问题,提供一种基于规则的流量分类方法和系统,确保随着规则和协议域数量的增多,系统对资源消耗的稳定性,同时提高流量分类的速率。 [0007] In view of this, an object of the present invention is directed to the above technical problems and to provide a method and system for traffic classification rule-based rules to ensure that with the increase in number of protocols and domains, the stability of the system resource consumption, while increasing rate traffic classification.

[0008] 本发明提供了一种基于规则的流量分类方法,包括:预先设置规则集,并根据规则集中的规则构造规则层次匹配树,所述规则层次匹配树包括第一规则层和第二规则层;当接收到数据包,获取数据包的域名和统一资源标识符,匹配器根据域名在第一规则层中查找匹配的规则,确定查找到第一规则层匹配规则后,触发下一个匹配器在第一规则层匹配规则中,根据统一资源标识符在第二规则层中查找匹配的规则。 [0008] The present invention provides a method based on traffic classification rules, comprising: a set of preset rules, and matching tree structure in accordance with rule set rule hierarchy, the hierarchical rule matching rule tree comprises a first layer and a second rule layer; after receiving the data packet, the packet obtaining a uniform resource identifier and the domain name, the domain name to find a match according to the matching of the first rule in the rule layer, a first rule is determined to find the matching rule layer, triggered by a matcher in the first layer rule matching rules for a rule that matches the rule in the second layer according to the uniform resource identifier.

[0009] 进一步地,所述规则集的规则包括规则ID以及和规则ID对应的域名和统一资源标识符。 [0009] Further, the rule of the rule set includes a rule ID and the rule ID and the corresponding domain name and uniform resource identifier.

[0010] 进一步地,所述根据规则集中的规则构造规则层次匹配树,具体为:根据域名和统一资源标识符,将规则集中的规则构造规则层次匹配树。 [0010] Further, according to the matching rule set tree structure rule hierarchy, in particular: a uniform resource identifier and the domain name according to the rule set matches the rule hierarchy tree structure.

[0011] 进一步地,所述根据规则集中的规则构造规则层次匹配树,具体为:根据域名将规则集中的规则分类形成第一规则层,其中相同的域名归为一类,形成第一规则层的子规则集;根据统一资源标识符,将第一规则层的子规则集分类形成第二规则层。 [0011] Further, according to the rule set matches the rule hierarchy tree structure, specifically: forming a first layer according to the rules of domain classification rule set, wherein the same name into one group, to form a first layer rule a sub-set of rules; the uniform resource identifier, the first set of sub-rules rule layer free layer forming the second rule.

[0012] 本发明还提供了一种基于规则的流量分类装置,包括:设置模块,用于预先设置规则集,并根据规则集中的规则构造规则层次匹配树,所述规则层次匹配树包括第一规则层和第二规则层;获取单元,用于当接收到数据包,获取数据包的域名和统一资源标识符;匹配器,用于根据域名在第一规则层中查找匹配的规则,确定查找到第一规则层匹配规则后, 触发下一个匹配器在第一规则层匹配规则中,根据统一资源标识符在第二规则层中查找匹配的规则。 [0012] The present invention further provides a device based on traffic classification rules, comprising: a setting module configured to set a pre-set rules, and matching tree structure in accordance with rule set rule hierarchy, the hierarchical rule tree comprises a first matching rules rule layer and the second layer; acquiring unit, when receiving a packet, obtaining the domain name, and uniform resource identifier data packet; matcher for finding the first rule matching layer according to the rules of the domain name, to find determined after the first rule to the rule matching layer, triggered by a matching layer in the first rule matching rule for a rule matching rules in the second layer according to the uniform resource identifier.

[0013] 进一步地,所述规则集的规则包括规则ID以及和规则ID对应的域名和统一资源标识符。 [0013] Further, the rule of the rule set includes a rule ID and the rule ID and the corresponding domain name and uniform resource identifier.

[0014] 进一步地,所述设置模块根据规则集中的规则构造规则层次匹配树,具体为:设置模块根据域名将规则集中的规则分类形成第一规则层,其中相同的域名归为一类,形成第一规则层的子规则集;根据统一资源标识符,将第一规则层的子规则集分类形成第二规则层。 [0014] Further, according to the setting module matching rule set rule hierarchy tree structure, specifically: a first setting module classification rule layer is formed in accordance with the rule set domain names, the same domain where classified as a class, are formed a first set of sub-rules rule layer; according to a uniform resource identifier, the first set of sub-rules rule layer free layer forming the second rule.

[0015] 和现有技术相比,本发明的有益效果在于:本发明在保证基于DFA匹配器的匹配速度不降低的情况下,移除匹配器之间转换时中间结果的额外开销,提高了系统性能。 [0015] and compared with the prior art, the beneficial effects of the present invention: The present invention is based in ensuring the DFA matcher matching speed is not lowered, removing the overhead of transition between intermediate results matcher, improved system performance. 此外,采用规则层次匹配树结构,下一个匹配器由当前匹配器的匹配结果决定,这样,每一个匹配器都构建在一个小的规则集上,从而降低了内存溢出的风险。 In addition, the use of matching rule hierarchy tree structure, the next match is determined by the current matching result of the matching unit, so that each matcher are built on a small set of rules, thereby reducing the risk of memory overflow.

附图说明 BRIEF DESCRIPTION

[0016] 图1为现有技术中的一种对于大量的基于语义的规则匹配的示意图。 [0016] FIG. 1 is a schematic diagram of a prior art for a large number of rules based on the semantic match.

[0017] 图2为现有技术中的另一种对于大量的基于语义的规则匹配的示意图。 [0017] Figure 2 is another schematic diagram of the prior art for a large number of rules based on the semantic match.

[0018] 图3为本发明所公开的对于大量的基于语义的规则匹配的示意图。 [0018] FIG. 3 is a schematic view of the present invention is disclosed for a large number of rules based on the semantic match.

[0019] 图4为本发明所公开的基于规则的流量分类方法的示意图。 [0019] FIG. 4 is a schematic flow classification method of the present invention disclosed based on rules.

[0020] 图5为本发明一个具体实施例的规则集的示意图。 [0020] FIG. 5 is a schematic embodiment rule sets specific embodiment of the present invention.

具体实施方式 detailed description

[0021] 以下将结合附图所示的具体实施方式对本发明进行详细描述,但这些实施方式并不限制本发明,本领域的普通技术人员根据这些实施方式所做出的结构、方法、或功能上的变换均包含在本发明的保护范围内。 [0021] The present invention will hereinafter be described in detail with reference to specific embodiments shown in the drawings, but these embodiments do not limit the present invention, those of ordinary skill in the art according to these embodiments made structures, methods, or functions the conversion are included within the scope of the present invention.

[0022] 相比较于现有技术,本发明根据协议域把整个大的规则集划分成小的子规则集, 如图3所示,并将匹配器只需要保存相应的子规则集。 [0022] Compared to the prior art, the present invention according to the protocol field dividing the entire large set of rules into smaller sub-set of rules shown in Figure 3, and the match need only save the corresponding sub-set of rules.

[0023] 图4为本发明所公开的基于规则的流量分类方法的示意图。 [0023] FIG. 4 is a schematic flow classification method of the present invention disclosed based on rules. 参照图3,包括: Referring to FIG. 3, comprising:

[0024] 步骤401,预先设置规则集。 [0024] Step 401, the rule set is set in advance.

[0025] 在本步骤中,规则集中的每一条规则包括规则ID,以及和规则ID对应的域名(Host)和统一资源标识符(URI,UniformResourceIdentifier) 〇 [0025] In this step, each rule in a set comprising a rule ID, and the corresponding rule ID and the domain name (the Host) and a uniform resource identifier (URI, UniformResourceIdentifier) ​​square

[0026] 下表1提供了一个规则集的实例,当然还有其他的规则设置,在此不限制。 Table 1 provides the [0026] of an example of a rule set, of course, other set of rules, which is not limiting.

[0027]表1 [0027] TABLE 1

[0028] [0028]

Figure CN105357118AD00051

[0029] 步骤402,根据规则集中的规则构造规则层次匹配树,该规则层次匹配树包括第一规则层和第二规则层。 [0029] Step 402, according to the rule set level matching tree construction rules, the rule includes a first rule matching tree hierarchy layer and a second layer rule.

[0030] 在本步骤中,将规则集中的规则根据Host和URI构造规则层次匹配树。 [0030] In this step, the rule set and the URI matching tree construction rules according Host level. 具体地, 根据Host,将规则集中的规则分类形成第一规则层,其中相同的Host归为一类,形成子规则集;根据URI,将第一规则层的子规则集分类形成第二规则层。 In particular, according to the classification Host formed, the first rule set rule layer, wherein the same category as the Host, forming a sub-set of rules; according to the URI, the sub-rules of the first set of classification rules layer forming a second rule layer .

[0031] 例如根据表1中的规则构造规则层次匹配树,如图5所示。 [0031] According to the rules, for example, matching tree structure in hierarchical rule table 1, as shown in FIG. 将规则集\。 The rule sets \. 中具有相同Hostweibo.cn的规则R1和R2归为一类形成子规则集,即^。 Hostweibo.cn with the same rules R1 and R2 form a sub-category as the rule set, i.e., ^. 包括规则R1和R2,Host 为3g.qq.com和*的规则分别归类,即1i包括规则R4,Mu2包括规则R3和R5,如此形成第一规则层;然后,根据不同的URI,将第一规则层中子规则集进一步分类形成第二规则层, 分别为R1、R2、R3、R4 和R5。 Including rules R1 and R2, Host 3g.qq.com rules to classify and *, respectively, i.e. including rules 1i R4, Mu2 including rules R3 and R5, thus forming a first layer rule; then, depending on the URI, the first a rule layer is further classified neutron ruleset layer forming a second rule, respectively, R1, R2, R3, R4 and R5.

[0032] 此外,随着规则集中所有规则定义的协议域的并集中协议域个数的增多,规则层次匹配树的层次也会随着增加,在此不限制。 [0032] Moreover, all the rules with the rule set defined by the protocol field and the number of protocol field concentration increases, the rule matching tree hierarchy level will also increase, which is not limiting.

[0033] 步骤403,当接收到数据包,获取数据包的Host和URI,匹配器根据Host在第一规则层中查找匹配的规则,以及触发下一个匹配器在第一规则层中查找到的匹配规则中,根据URI在在第二规则层中查找匹配的规则。 [0033] Step 403, when the received packet, and acquires the URI packet Host, Host matcher to find a match according to the rules of the first rule matching layer, and a trigger is found in the rules of the first layer matching rule, according to the URI to find a match in the second rule in the rule layer.

[0034] 在本步骤中,假设一个数据包含有协议域"Host"为"weibo.cn"和协议域"URI" 为"/ttt/gettimeline.php"进入系统后,首先匹配器在M。 [0034] In this step, the data is assumed that a protocol field comprising "Host" is "weibo.cn" protocol field and "URI" to "/ttt/gettimeline.php" into the system, in the first matching M. ,。 . 查找数据包的"Host"协议域, 选择分支激活下一个匹配器然后匹配数据包中的"URI"协议域,因为是最后一个协议域,可以得出R1是该数据包最后一个匹配到的规则。 Find the packet "Host" protocol domain, select the branch and activate the next matcher matching packet "URI" protocol domain, because a protocol is the last field, R1 can be derived that the last data packet to a match rule .

[0035] 本发明还提供了一种基于规则的流量分类装置,包括: [0035] The present invention further provides a device based on traffic classification rules, comprising:

[0036] 设置模块,用于预先设置规则集,并根据规则集中的规则构造规则层次匹配树,该规则层次匹配树包括第一规则层和第二规则层; [0036] The setting module configured to set a pre-set rules, and matching tree structure in accordance with rule set rule hierarchy, the hierarchical rule matching rule tree comprises a first layer and a second layer rule;

[0037] 获取单元,用于接收数据包,获取数据包中规则所定义的协议域字段的内容,比如Host和URI; [0037] acquiring unit, for receiving a data packet, acquire the content field of the protocol data packet domain defined in the rules, such as Host and the URI;

[0038] 匹配器,用于根据Host在第一规则层中查找匹配的规则,以及触发下一个匹配器在第一规则层中查找到的匹配规则中,根据URI在在第二规则层中查找匹配的规则。 [0038] The matching unit, according to the first Host find matching rules in the rule layer, and is triggered by a match is found in the first rule in the rule matching layer, according to the URI lookup rules in the second layer matching rules.

[0039] 本发明的基于规则的流量分类装置的相关技术细节和前述的基于规则的流量分类方法类似,故在此不赘述。 [0039] similar to the related art and the details of the rule-based classification apparatus according to the present invention, the flow rule-based classification of traffic, it is not described herein.

[0040] 与现有最好技术相比,本发明在保证基于DFA匹配器的匹配速度不降低的情况下,移除匹配器之间转换时中间结果的额外开销,提高了系统性能。 [0040] Compared with the prior art best, in the case where the present invention is guaranteed to match the speed of the DFA based matchmaker is not reduced, the overhead is removed between the intermediate conversion result matching unit, system performance is improved. 此外,采用规则层次匹配树结构,下一个匹配器由当前匹配器的匹配结果决定,这样,每一个匹配器都构建在一个小的规则集上,从而降低了内存溢出的风险。 In addition, the use of matching rule hierarchy tree structure, the next match is determined by the current matching result of the matching unit, so that each matcher are built on a small set of rules, thereby reducing the risk of memory overflow.

[0041] 虽然本发明已以较佳实施例披露如上,但本发明并非限定于此。 [0041] While the present invention has been disclosed above with reference to preferred embodiments, but the present invention is not limited thereto. 任何本领域技术人员,在不脱离本发明的精神和范围内,均可作各种更动与修改,因此本发明的保护范围应当以权利要求所限定的范围为准。 Anyone skilled in the art, without departing from the spirit and scope of the present invention, various changes or modifications may be made, and therefore the scope of the present invention reference should be made to the scope defined by the claims. 对于本领域技术人员而言,显然本发明不限于上述示范性实施例的细节,而且在不背离本发明的精神或基本特征的情况下,能够以其他的具体形式实现本发明。 To those skilled in the art, that the invention is not limited to the details of the above-described exemplary embodiment, but without departing from the spirit or essential characteristics of the present invention, the present invention can be realized in other specific forms. 因此,无论从哪一点来看,均应将实施例看作是示范性的,而且是非限制性的,本发明的范围由所附权利要求而不是上述说明限定,因此旨在将落在权利要求的等同要件的含义和范围内的所有变化囊括在本发明内。 Therefore, no matter from what point of view, the embodiments should be considered exemplary, and not limiting, the scope of the invention being indicated by the appended claims rather than by the foregoing description, the appended claims are therefore intended to All changes which come within the meaning and range of equivalents thereof are within the present invention include.

Claims (7)

1. 一种基于规则的流量分类方法,其特征在于,包括: 预先设置规则集,并根据规则集中的规则构造规则层次匹配树,所述规则层次匹配树包括第一规则层和第二规则层; 当接收到数据包,获取数据包的域名和统一资源标识符,匹配器根据域名在第一规则层中查找匹配的规则,确定查找到第一规则层匹配规则后,触发下一个匹配器在第一规则层匹配规则中,根据统一资源标识符在第二规则层中查找匹配的规则。 A method based on traffic classification rules, wherein, comprising: a set of preset rules, and matching tree structure in accordance with rule set rule hierarchy, the hierarchical rule matching rule tree comprises a first layer and a second layer rule ; after receiving the data packet, the packet obtaining a uniform resource identifier and the domain name, the domain name to find a match according to the matching of the first rule in the rule layer, a first rule is determined to find the matching rule layer, triggered by a matcher the first rule layer matching rules for a rule that matches the rule in the second layer according to the uniform resource identifier.
2. 如权利要求1所述的基于规则的流量分类方法,其特征在于,所述规则集的规则包括规则ID以及和规则ID对应的域名和统一资源标识符。 2. The method of claim 1 traffic classification rule-based claim, wherein said rule set includes a rule ID and the rules and rule corresponding to the domain ID and a uniform resource identifier.
3.如权利要求2所述的基于规则的流量分类方法,其特征在于,所述根据规则集中的规则构造规则层次匹配树,具体为: 根据域名和统一资源标识符,将规则集中的规则构造规则层次匹配树。 The configuration of domain names and rules uniform resource identifier, a set of rules: 3. The flow classification rule-based method according to claim 2, characterized in that, according to the matching rule set tree structure rule hierarchy, in particular level matching rule tree.
4.如权利要求3所述的基于规则的流量分类方法,其特征在于,所述根据规则集中的规则构造规则层次匹配树,具体为: 根据域名将规则集中的规则分类形成第一规则层,其中相同的域名归为一类,形成第一规则层的子规则集;根据统一资源标识符,将第一规则层的子规则集分类形成第二规则层。 4. The rule-based flow classification method according to claim 3, characterized in that, according to the matching rule set tree structure rule hierarchy, in particular: a first classification rule layer is formed in accordance with the rule set domain, wherein the same category as the domain name, a first set of sub-rules forming the rule layer; according to a uniform resource identifier, the first set of sub-rules rule layer free layer forming the second rule.
5. -种基于规则的流量分类装置,其特征在于,包括: 设置模块,用于预先设置规则集,并根据规则集中的规则构造规则层次匹配树,所述规则层次匹配树包括第一规则层和第二规则层; 获取单元,用于当接收到数据包,获取数据包的域名和统一资源标识符; 匹配器,用于根据域名在第一规则层中查找匹配的规则,确定查找到第一规则层匹配规则后,触发下一个匹配器在第一规则层匹配规则中,根据统一资源标识符在第二规则层中查找匹配的规则。 5. - kind of rule-based flow classification apparatus, characterized by comprising: setting means for setting the rule set in advance, and matching tree structure in accordance with rule set rule hierarchy, the hierarchical rule matching rule tree comprises a first layer and the second rule layer; acquiring unit, when receiving a packet, obtaining the domain name, and uniform resource identifier data packet; matcher for matching to find the first rule in the rule layer according to the domain name, to find the first determined after a rule matching rule layer, triggered by a matching layer in the first rule matching rule for a rule matching rules in the second layer according to the uniform resource identifier.
6. 如权利要求5所述的基于规则的流量分类装置,其特征在于,所述规则集的规则包括规则ID以及和规则ID对应的域名和统一资源标识符。 6. The rule-based traffic classification device according to claim 5, wherein the rule set includes a rule ID and the rules and rule corresponding to the domain ID and a uniform resource identifier.
7.如权利要求6所述的基于规则的流量分类装置,其特征在于,所述设置模块根据规则集中的规则构造规则层次匹配树,具体为: 设置模块根据域名将规则集中的规则分类形成第一规则层,其中相同的域名归为一类,形成第一规则层的子规则集;根据统一资源标识符,将第一规则层的子规则集分类形成第二规则层。 7. The rule-based classification apparatus according to traffic claimed in claim 6, wherein the setting module configured in accordance with rule set matches the rule hierarchy tree, in particular: the setting module is formed of classification according to the rule set domain a rule layer, wherein the same name into one group, a first set of sub-rules forming the rule layer; according to a uniform resource identifier, the first set of sub-rules rule layer free layer forming the second rule.
CN 201510698328 2015-10-23 2015-10-23 Rule based flow classifying method and system CN105357118A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN 201510698328 CN105357118A (en) 2015-10-23 2015-10-23 Rule based flow classifying method and system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN 201510698328 CN105357118A (en) 2015-10-23 2015-10-23 Rule based flow classifying method and system

Publications (1)

Publication Number Publication Date
CN105357118A true true CN105357118A (en) 2016-02-24

Family

ID=55332991

Family Applications (1)

Application Number Title Priority Date Filing Date
CN 201510698328 CN105357118A (en) 2015-10-23 2015-10-23 Rule based flow classifying method and system

Country Status (1)

Country Link
CN (1) CN105357118A (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106534095A (en) * 2016-10-27 2017-03-22 成都知道创宇信息技术有限公司 Fast matching method for WAF security rules

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20040243563A1 (en) * 2001-08-29 2004-12-02 Andreas Heiner Method and system for classifying binary strings
CN101119321A (en) * 2007-09-29 2008-02-06 杭州华三通信技术有限公司 Network flux classification processing method and apparatus
CN101909079A (en) * 2010-07-15 2010-12-08 北京迈朗世讯科技有限公司 User online behavior data acquisition method in backbone link and system
CN102185762A (en) * 2011-04-19 2011-09-14 北京网康科技有限公司 Equipment for recognizing, extracting and processing user data sending behavior
CN103841096A (en) * 2013-09-05 2014-06-04 北京科能腾达信息技术股份有限公司 Intrusion detection method with matching algorithm automatically adjusted

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20040243563A1 (en) * 2001-08-29 2004-12-02 Andreas Heiner Method and system for classifying binary strings
CN101119321A (en) * 2007-09-29 2008-02-06 杭州华三通信技术有限公司 Network flux classification processing method and apparatus
CN101909079A (en) * 2010-07-15 2010-12-08 北京迈朗世讯科技有限公司 User online behavior data acquisition method in backbone link and system
CN102185762A (en) * 2011-04-19 2011-09-14 北京网康科技有限公司 Equipment for recognizing, extracting and processing user data sending behavior
CN103841096A (en) * 2013-09-05 2014-06-04 北京科能腾达信息技术股份有限公司 Intrusion detection method with matching algorithm automatically adjusted

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106534095A (en) * 2016-10-27 2017-03-22 成都知道创宇信息技术有限公司 Fast matching method for WAF security rules

Similar Documents

Publication Publication Date Title
US20130318604A1 (en) Blacklisting and whitelisting of security-related events
US20030187817A1 (en) Fast policy classification for strings
US20100125599A1 (en) Obtaining trusted recommendations through discovery of common contacts in contact lists
Che et al. DRES: Dynamic range encoding scheme for TCAM coprocessors
CN102999633A (en) Cloud cluster extraction method of network information
CN101035131A (en) Protocol recognition method and device
CN102110132A (en) Uniform resource locator matching and searching method, device and network equipment
Kogan et al. SAX-PAC (scalable and expressive packet classification)
CN1494278A (en) Data stream classifying method
CN101916285A (en) Method and device for analyzing internet web page contents
US20150180891A1 (en) Using network locations obtained from multiple threat lists to evaluate network data or machine data
US20100281053A1 (en) Method, apparatus, and computer-readable medium for distributing a query
CN102073728A (en) Method, device and equipment for determining web access requests
US20140282943A1 (en) Universal management of user profiles
US20140137254A1 (en) Malicious website identifying method and system
US20150052575A1 (en) Steering Traffic Among Multiple Network Services Using a Centralized Dispatcher
US20100138375A1 (en) Graph-Based Data Search
CN102968413A (en) Method and equipment for providing searching result
US8910281B1 (en) Identifying malware sources using phishing kit templates
CN1798147A (en) Method for matching uniform resource locator
CN103973684A (en) Rule compiling and matching method and device
US20140067806A1 (en) Retroactive Search of Objects Using K-D Tree
CN104580027A (en) OpenFlow message forwarding method and equipment
CN103020293A (en) Method and system for constructing ontology base in mobile application
CN103763149A (en) Method for real-time statistics of number of network users

Legal Events

Date Code Title Description
C06 Publication
C10 Entry into substantive examination