CN105915396A - Home network traffic recognition system and method - Google Patents

Home network traffic recognition system and method Download PDF

Info

Publication number
CN105915396A
CN105915396A CN201610446279.5A CN201610446279A CN105915396A CN 105915396 A CN105915396 A CN 105915396A CN 201610446279 A CN201610446279 A CN 201610446279A CN 105915396 A CN105915396 A CN 105915396A
Authority
CN
China
Prior art keywords
home gateway
packet
application
information
analysis platform
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201610446279.5A
Other languages
Chinese (zh)
Inventor
程海瑞
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
China United Network Communications Group Co Ltd
Original Assignee
China United Network Communications Group Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by China United Network Communications Group Co Ltd filed Critical China United Network Communications Group Co Ltd
Priority to CN201610446279.5A priority Critical patent/CN105915396A/en
Publication of CN105915396A publication Critical patent/CN105915396A/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L69/00Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
    • H04L69/22Parsing or analysis of headers
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/28Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
    • H04L12/2801Broadband local area networks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/32Specific management aspects for broadband networks

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The invention discloses a home network traffic recognition system and a home network traffic recognition method, and relates to the technical field of communication, used for making statistics on the application usage of a user in a home network. The system comprises a traffic analysis platform and at least a home gateway, wherein the home gateway is used for acquiring quintuple information of a data packet passing through the home gateway, matching each piece of information in the quintuple information of the data packet with corresponding information in at least one group of quintuple information in a result table; recognizing the data packet as the data packet of a first application; sending a first recognition result to a traffic analysis platform; the result table at least records the recognized quintuple information of the home network where the home gateway is located, and identifiers of applications corresponding to the recognized quintuple information; the first application is the application in the result table and corresponds to the quintuple information matched with the quintuple information of the data packet; and the traffic analysis platform is used for receiving the first recognition result, and makes statistics on the application usage of the home gateway.

Description

Home network traffic identification system and method
Technical field
The present invention relates to wireless communication technology field, particularly relate to home network traffic identification system and side Method.
Background technology
Flow identification technology can improve the ability of network management, and it is widely used in network management, industry The every field such as business monitoring, Service Quality Management.At present, the stream quantitative analysis to broadband user is main It is that (Broadband Remote Access Serve, broad band remote accesses at the BRAS of Metropolitan Area Network (MAN) Server) or the upper other DPI equipment of hanging of SR (Service Router, full-service router) carry out Detection and analysis, do not have to provide the technical scheme being identified for the traffic characteristic in home network.
Summary of the invention
Embodiments of the invention provide a kind of home network traffic identification system and method, in order to statistician User's service condition to application in the network of front yard.
For reaching above-mentioned purpose, embodiments of the invention adopt the following technical scheme that
First aspect, it is provided that a kind of home network traffic identification system, including: flow analysis platform and At least one home gateway being connected with described flow analysis platform;
Described home gateway, for obtaining the five-tuple information of the packet flowing through described home gateway, And by each information in the five-tuple information of described packet, with the least one set five yuan in result table In group information, corresponding information is mated;By the packet that described identification of data packets is the first application, And send the first recognition result to described flow analysis platform;Wherein, described result table at least records institute State the home network identified five-tuple information at home gateway place, and described identified five-tuple The mark of the application that information is corresponding;Described first application be in described result table, and with described data The application that the five-tuple information of five-tuple information matches of bag is corresponding;Described first recognition result carries Described packet is the information of the packet of described first application;
Described flow analysis platform, is used for receiving described first recognition result, and according to described home network Close the recognition result to multiple packets reported, add up the described home gateway use feelings to application Condition;Wherein, the plurality of packet includes described packet.
Second aspect, it is provided that a kind of home network traffic recognition methods, is applied to comprise flow analysis and puts down In platform and the system of at least one home gateway that is connected with described flow analysis platform, described method bag Include:
Home gateway obtains the five-tuple information of the packet flowing through described home gateway, and by described number According to each information in the five-tuple information of bag, with phase in the least one set five-tuple information in result table The information answered is mated;
Described home gateway is by packet that described identification of data packets is the first application;Wherein, described knot Really table at least records the home network identified five-tuple information at described home gateway place, and described The mark of the application that identified five-tuple information is corresponding;Described first application is in described result table , and the application corresponding with the five-tuple information of the five-tuple information matches of described packet;Described One recognition result carries the information that described packet is the packet of described first application;
Described home gateway sends the first recognition result to described flow analysis platform, so that described flow The recognition result to multiple packets that analysis platform reports according to described home gateway, adds up described family The front yard gateway service condition to application;Wherein, the plurality of packet includes described packet.
Embodiments provide home network traffic identification system and method, compensate for prior art In home network traffic is not analyzed identify defect.The home network that the embodiment of the present invention provides Network flux recognition system adds new network element (i.e. flow analysis on the basis of not changing existing network framework Platform), in such manner, it is possible in the case of not affecting existing network operation, home network traffic is known Not, it is achieved process is simple and convenient.It addition, by the existing flow in home network is analyzed, It is capable of the prediction to following flow in home network, thus is that user pushes industry for operator Business etc. provide data support.
Accompanying drawing explanation
The framework signal of a kind of home network traffic identification system that Fig. 1 provides for the embodiment of the present invention Figure;
The structural representation of a kind of home gateway that Fig. 2 provides for the embodiment of the present invention;
The flow chart of a kind of home network traffic recognition methods that Fig. 3 provides for the embodiment of the present invention;
The structural representation of a kind of home gateway that Fig. 4 provides for the embodiment of the present invention.
Detailed description of the invention
Character "/" herein, represent forward-backward correlation to as if " or " relation.Such as, A/B Can be understood as A or B.Term " first " and " second " herein are for distinguishing difference Object rather than for the particular order of description object." multiple " represent two or more.
Below in conjunction with the accompanying drawing in the embodiment of the present invention, the technical scheme in the embodiment of the present invention is entered Row describes in detail, it is clear that embodiments described below is only a part of embodiment of the present invention, Rather than whole embodiments.
The home network traffic identification system and method that the embodiment of the present invention provides, flows through house for identification The packet of front yard gateway is the packet of which application, and, home gateway can be by recognition result Offering flow analysis platform, recognition result is added up by flow Identification platform, thus obtains each family The terminal (or user) under the gateway of the front yard service condition to application (or software), optionally, flow Identification platform can be by the logic ID identification home gateway of home gateway.
As it is shown in figure 1, be the frame of a kind of home network traffic identification system that the embodiment of the present invention provides Structure schematic diagram.System shown in Fig. 1 includes: home gateway, flow analysis platform, terminal.One Flow analysis platform can add up one or more home gateway service condition to application, one family Gateway can connect one or more terminal.
1) home gateway, the telecommunications carrying access network of home network with operator for connecting user Network, it is deployed in user's house.The structural representation of home gateway is as in figure 2 it is shown, include: under by Supreme hardware layer, operating system layer, middleware layer and the application layer set gradually.Wherein, application layer Including APP (Application, application program) and plug-in unit etc.;Middleware layer includes OSGI framework. It addition, home gateway can also include business module and remote supervision module, be used for making home gateway with Other equipment (such as terminal or APP/ plug-in management platform) communicate.
The application layer of home gateway is provided with home network traffic and analyzes APP.The embodiment of the present invention carries Step performed by home gateway in the home network traffic recognition methods of confession, specifically can be by home network Home network traffic in network is analyzed APP and is performed.Home network traffic analyzes APP can be based on OSGI framework, uses Java language to write, is not limited to this when certainly implementing.Home network stream Component analysis APP can be prefabricated when home gateway dispatches from the factory;Distal tube can also be passed through by home gateway Reason module is downloaded from APP/ plug-in management platform and is obtained.
2) flow analysis platform, i.e. home network traffic analysis platform, be used for home network stream Quantitative analysis and statistics, and the storage etc. of data file.Flow analysis platform mainly includes following patrolling Volume module: data base (such as MySQL, Oracle etc.), flow analysis module and home gateway Mutual module (wherein, can be according to Socket agreement between flow analysis platform and home gateway Communication), (it can be based on struts+spring+hibernate for analysis result query web module Framework realizes);Above-mentioned module may operate on x86 framework.
3) terminal, can be smart mobile phone, panel computer, PC (personal computer, PC), intelligent television etc..Home gateway managing customer end (i.e. home gateway can be installed in terminal Management APP), bind between APP and the home gateway in terminal.Additionally, terminal also may be used To be logged in the administration page of intelligent home gateway in web mode by PC.
The identification system that the embodiment of the present invention provides can also include: APP/ plug-in management platform (figure Not shown in 1), i.e. the APP Store of home gateway, its major function is the APP/ to home gateway Plug-in unit is managed and responds the download from home gateway or terminal, by the APP/ of home gateway Plug-in unit (as home network traffic analyzes APP) downloads to home gateway.APP/ plug-in management platform And can pass through between home gateway, APP/ plug-in management platform and home gateway managing customer end JSON/XML agreement communicates.
The merit of each equipment in the home network traffic identification the system below embodiment of the present invention provided Can illustrate.
Home gateway, for obtaining the five-tuple information of the packet flowing through this home gateway, and should In each information in the five-tuple information of packet, with the least one set five-tuple information in result table Corresponding information is mated;By the packet that this identification of data packets is the first application, wherein, first Packet is in result table, and corresponding with the five-tuple information of the five-tuple information matches of this packet Application;Sending the first recognition result to flow analysis platform, wherein, result table at least records family The home network identified five-tuple information at gateway place, and identified five-tuple information is corresponding The mark of application;First recognition result carries the information that packet is the packet of the first application.
Flow analysis platform, for receive the first recognition result, and according to home gateway report to many The recognition result of individual packet, the statistics home gateway service condition to application;Wherein, the plurality of number This packet is included according to bag.
Wherein, " home gateway " can be any one home gateway being connected with flow analysis platform. Any number of home gateways being connected with flow analysis platform all can have above-mentioned functions.
" packet " can be to flow through the upstream data bag of this home gateway (i.e. terminal is sent out to access network The packet sent) or downlink data packet (packet that i.e. access network sends to terminal).Packet Five-tuple information includes: source IP address (local_ip), purpose IP address (remote_ip), Source port (local_port), destination interface (remote_port) and transport layer protocol (protocolID).
" result table " for record in the home network at home gateway place identified one or more groups The mark of the application of five-tuple information and correspondence thereof, and other relevant informations (concrete example refers to Hereafter).It should be noted that for the same application under one family gateway, up direction On, different from the source IP address/source port of the packet of different terminals;On down direction, mail to The purpose IP address of the packet of different terminals/destination interface is different;Further, same home gateway Under the IP address of packet be dynamically distribution, be dynamically point including the address of home gateway Join, therefore, a kind of application can one or more groups five-tuple information corresponding, but, one group five yuan The most corresponding a kind of application of group information.If the five-tuple information of the packet that home gateway gets and result One group of five-tuple information in table is identical, then illustrate that this packet must be the packet of this application.
Example, result table can be that home gateway asks to obtain from flow analysis platform, such as, If the home gateway in one family network is replaced by a new home gateway because of failure and other reasons, Then this new home gateway can be to the result table of flow analysis this home network of platform request.Result table Can also be home gateway after to the historical data bag identification success flowing through this home gateway, to this The relevant information of historical data bag obtains after recording.In the latter, optionally, home gateway Can be also used for, after the relevant information of historical data bag is recorded, the knot of this information to be comprised Really table reports flow Identification platform and reports, to facilitate the flow analysis platform result to this home gateway Table records and manages.
Home gateway specifically may be used for: the most sequentially, by the source IP address of this packet Mate with the source IP address in result table, by the purpose IP address of this packet and result table Purpose IP address mate, the source port of this packet is carried out with the source port in result table Coupling, mates the destination interface of this packet with the destination interface in result table, by these data The transport layer protocol that bag is used mates with the transport layer protocol in result table.
Home gateway specifically may be used for: timing reports recognition result to flow analysis platform, this identification Result can include the first recognition result, the second recognition result hereinafter, and recognition failures etc.; Such as, home gateway reported this 1 hour interior all identification knots every 1 hour to flow analysis platform Really.Or, home network specifically may be used for: in the case of network idle bandwidth is relatively big, Xiang Liu Component analysis platform reports recognition result etc..The mode reported is not defined by the embodiment of the present invention.
When implementing, home gateway can be also used for: is being the first application by this identification of data packets After packet, directly this packet is forwarded.Concrete, if this packet is upstream data Bag, then mail to network equipment by this packet;If this packet is downlink data packet, then by this number Corresponding terminal is mail to according to bag.
The recognition result to multiple packets that flow analysis platform reports according to home gateway, statistician The front yard gateway service condition to application, may include that and report in preset time period according to home gateway Each recognition result, statistics home gateway to application service condition.Wherein, the embodiment of the present invention pair The concrete value of this preset time period is not defined, for example, it may be one day, half a day etc..Each knowledge Other result can be home gateway in this preset time period to the different pieces of information flowing through this home gateway Bag is identified the result obtained afterwards.The flow analysis platform statistics home gateway use feelings to application Condition, may include that and carry out unique user (the most single home gateway) " portrait ", such as, right Single home gateway is to the use frequency of application or uses duration etc. to add up, to single home gateway The usage behavior in broadband is added up, to the terminal of type each under single home gateway to application Use frequency or use duration to carry out statistics etc..It addition, flow analysis platform statistics home gateway is corresponding Service condition, it is also possible to including: customer group (the most multiple home gateway) is carried out " portrait ", Such as, to the part or all of home gateway in flow analysis platform institute coverage to application use Situation carries out statistics etc..So, can be on the one hand that operator provides marketing service accurately, another Aspect can analyze after the data that obtain and CRM system (Customer Relationship Management, CRM) data combine, then by electronic channel system Systems etc. are open to user etc., and recommend business or set meal etc. to user on this basis.
Embodiments provide home network traffic identification system and concrete recognition methods, make up Home network traffic is not analyzed the defect identified by prior art.The embodiment of the present invention carries The home network traffic identification system of confession adds new network element on the basis of not changing existing network framework (i.e. flow analysis platform), in such manner, it is possible in the case of not affecting existing network operation, to home network Network flow is identified, it is achieved process is simple and convenient.It addition, existing by home network Flow is analyzed, it is possible to realize the prediction to following flow in home network, thus for runing The offer data supports such as business is user's transmission service.
Optionally, result table also includes at least one in following information:
The logic ID of described home gateway, the terminal type that described identified five-tuple information is corresponding, The numbering of described identified five-tuple information, application corresponding to described identified five-tuple information is The no identification information being currently running.
Optionally, result table can also include at least one in following information:
1), the logic ID of home gateway, for result table being reported flow analysis at home gateway After platform, the result table of different home gateways can be made a distinction and manage by flow analysis platform.
2) terminal type (such as, smart mobile phone, the flat board that, identified five-tuple information is corresponding Computer, PC, intelligent television etc.), divide for result table being reported flow at home gateway After analysis platform, flow analysis platform can be to the terminal class using certain terminal applied under home gateway Type is added up.In this optional implementation, home gateway is it may also be determined that flow through this home network Close packet be from or flow to which type of terminal.
3), the numbering of identified five-tuple information, for one group of five-tuple information of unique mark, It can be as the major key of result table.When implementing, home gateway is being somebody's turn to do to the acquisition of flow analysis platform During the result table of the home network belonging to home gateway, this home network can be sent to flow analysis platform The numbering of the five-tuple information in the result table that the Central Shanxi Plain has stored, so, flow analysis platform can be only Send to this home gateway and this home gateway does not has storage, and be the family belonging to this home gateway Network identified five-tuple information, thus save transmission bandwidth.
4), the identification information that whether is currently running of application corresponding to identified five-tuple information, tool Body can be marked with running_tag, is being sent to flow analysis platform for home gateway After information, flow analysis platform can count which application sometime to be currently running.
Table 1 is the structure of a kind of result table.Wherein, order_number is identified five-tuple The numbering of information, its can as the major key of result table, AppID be the mark of types of applications (such as Can be the sequence number etc. of types of applications), LoID is the logic ID of home gateway;terminal_type For terminal type, having the property enumerated (ENUM), (i.e. its numerical value can only be from given for also referred to as list type Several numerical value in one;local_ip、remote_ip、local_port、remote_port、 ProtocolID is the five-tuple information of packet;Running_tag is identifier, is used for identifying this Whether application corresponding to five-tuple information is currently running, and it can take different values, the embodiment of the present invention In, so that " running_tag=1 represents that application corresponding to this five-tuple information is currently running; Running_tag=0, represents that application corresponding to this five-tuple information is out of service " as a example by illustrate.
Table 1
It should be noted that the length of the remote_ip in table 1 is 128bit is to consider IPv6 ground Obtain after the length of location.
In the optional implementation of one, if the five-tuple information of this packet and the institute in result table Five-tuple information is had not mate, then:
Home gateway, is additionally operable to the destination interface when this packet and at least one application in rule list Destination interface identical time, obtain the regular expression to be matched that this packet is corresponding;By to be matched just Then expression formula is mated with the regular expression in rule list;It is the second application by this identification of data packets Packet, wherein, the second application is in rule list, and identical with regular expression to be matched Application corresponding to regular expression;The second recognition result, wherein, rule is sent to flow analysis platform Then table at least records the application in home network and between the regular expression identifying this application Corresponding relation;Second recognition result carries the information that packet is the packet of the second application.
Flow analysis platform, is additionally operable to receive the second recognition result, and adds up home gateway to application Service condition.
Rule list identifies the regular expression of types of applications for recording, and its structure can be as shown in table 2. Wherein, order_number is the major key of rule list, and AppID is that the mark of types of applications is (concrete Can be the sequence number etc. of types of applications), regular_expression is the regular expression of application, For identifying whether a packet meets the feature of a certain application.
Table 2
Entry Type Length Whether it is empty Major key
order_numbe int 11 No
AppID int 11 No --
regular_expression varchar 1024 No --
Wherein, regular expression is a kind of logical formula, specifically specific by some defined Character or one " rule character string " of character string composition.This rule character string may be used for identifying one One or more characteristic informations of individual application.
Example, regular expression includes at least one in destination interface, and following information: on Row data volume, upstream data bag number, downlink data amount, downlink data packet number, upstream data amount is with upper The ratio of the ratio of row number-of-packet, downlink data amount and downlink data packet number.As shown in table 3, table Show the regular expression that each application in a rule list is corresponding.
Table 3
Example, based on table 3, it is assumed that the destination interface of the packet acquired in home gateway is 16000, then home gateway gathers destination interface in preset time period is multiple packets of 16000, Thus obtain the ratio of downlink data amount and downlink data packet number according to the plurality of packet, and up The ratio of data volume and upstream data bag number, if the ratio of downlink data amount and downlink data packet number belongs to [1,3] this scope, and the ratio of upstream data amount and upstream data bag number belong to [30,50] this Scope, then by this identification of data packets be QQ Video chat application packet.Assume home gateway institute The destination interface of the packet obtained is 30000, then home gateway gathers purpose in preset time period Port is multiple packets of 30000, thus according to the plurality of packet obtain downlink data amount with under The ratio of row number-of-packet, if the ratio of downlink data amount and downlink data packet number is more than 30, then will This identification of data packets is the packet of VOD video-on-demand applications.
Can be with storage rule table in home gateway, this rule list can be that home gateway is from home network stream On amount platform, request obtains.When implementing, use new application when one family network has Authority time, the characteristic information of this new application can be stored in home network traffic platform, family Network can regularly or trigger property from flow analysis platform ask rule list.Implement Time, optionally, home gateway can be when to flow analysis platform request rule list, to flow analysis Platform sends the major key in the rule list stored in this home gateway, and so, flow analysis platform can Only to send to this home gateway, this home gateway there is no storage, and be the family belonging to home gateway The characteristic information of the spendable application of front yard network, thus save transmission bandwidth.
Further, if the destination interface of this packet is not in rule list, the most described home gateway is also For, report the 3rd recognition result to flow Identification platform, wherein, the 3rd recognition result comprises knowledge Not failed information.
In the optional implementation of one, home gateway, it is additionally operable to send note to flow analysis platform Volume request;Wherein, registration request comprises the logic ID of home gateway.Flow analysis platform, also uses In receiving registration request, and according to the logic ID of home gateway, home gateway is registered.
During it should be noted that implement, only home gateway registers it on flow analysis platform After, flow analysis platform just can be connected with setting up between flow analysis platform, and communicates.And And, after home gateway is registered on flow analysis platform, flow analysis platform can be according to this This home gateway is managed by the logic ID of home network, such as, and the rule to this home network Table, the management of result table, be managed the service condition of application this home gateway.
It should be noted that the embodiment of the present invention additionally provides the home gateway management in a kind of terminal The method carrying out between APP and home gateway binding, specifically may include that terminal (such as mobile phone) On home gateway management APP (such as entered by the scanning mode such as Quick Response Code entering authentication interface Enter authentication interface) after, complete certification by the broadband account and password receiving user's input;If recognizing Demonstrate,prove unsuccessfully, then prompting does not exists or password bad etc. for user name;If certification is passed through, then to Family prompting input random verification code, and receiving the message of the request random verification code that user triggers After, send this message to APP/ plug-in management platform;Then, APP/ plug-in management platform is to note Gateway sends identifying code (this identifying code can be 6 figure places by hash function stochastic generation); It is short that Short Message Service Gateway can send identifying code by the phone number that user is reserved in business hall to this mobile phone Letter;Mobile phone receives the identifying code that user inputs in this authentication interface, completes checking.The method has double The beneficial effect of the user self-help binding of weight safety guarantee.
As it is shown on figure 3, be the stream of a kind of home network traffic recognition methods that the embodiment of the present invention provides Journey schematic diagram.The method can be based on home network traffic identification system presented above, this (such as, home gateway how in the explanation of the related content in the embodiment of the method that inventive embodiments provides Obtain the contents such as result table, rule list, and the example of result table, rule list or regular expression etc.) Being referred to above, here is omitted.Method shown in Fig. 3 includes:
S301: home gateway obtains the five-tuple information of the packet flowing through this home gateway.Wherein, This home network can be any one home gateway in home network traffic identification system.
S302: home gateway is by each information in the five-tuple information of this packet, and in result table Least one set five-tuple information in corresponding information mate.
If the match is successful, then perform S303.If it fails to match, the most optionally perform S304.
Wherein, result table at least records the home network identified five-tuple letter at this home gateway place Breath, and the mark of application corresponding to this identified five-tuple information.
S303: home gateway is by the packet that this identification of data packets is the first application, and to flow analysis Platform sends the first recognition result.Follow-up, family's capaciated flow network platform receives the first result, and according to The knowledge to multiple packets (including the packet in above-mentioned steps S301-S302) of this home network The other result statistics home gateway service condition to application.
Wherein, the first application is in result table, and five of the five-tuple information matches with this packet The application that tuple information is corresponding.First recognition result carries the packet that this packet is the first application Information.
S304: home gateway judges whether the destination interface of this packet is included in rule list.
The most then perform S305.If it is not, then explanation home gateway can not identify this packet, can The execution S307 of choosing.
Wherein, the application during rule list at least records the home network belonging to this home gateway with for knowing The not corresponding relation between the regular expression of this application.
S305: home gateway obtains the regular expression to be matched that this packet is corresponding;And this is treated Join regular expression to mate with the regular expression in rule list.
If the match is successful, then perform S306;If it fails to match, then perform S307.
S306: home gateway is by the packet that this identification of data packets is the second application, and to flow analysis Platform sends the second recognition result.Follow-up, family's capaciated flow network platform receives the second recognition result, and According to the second recognition result statistics home gateway service condition to application.
Wherein, the second application is in rule list, and the canonical table identical with regular expression to be matched Reach the application corresponding to formula.Second recognition result carries the packet that this packet is the second application Information.
S307: home gateway sends the 3rd recognition result to flow analysis platform;Wherein, the 3rd identify Result comprises home gateway and can not identify the information of this packet.
Step S307 can illustrate: does not comprise the canonical for identifying this packet in home gateway Expression formula, in the case of being somebody's turn to do, home gateway can obtain up-to-date rule list to flow analysis platform;Or Person, flow analysis platform, after receiving the 3rd recognition result, sends up-to-date to this home gateway Rule list.
It is based on family presented above that the home network traffic that the embodiment of the present invention provides analyzes method Front yard network traffics identification system, the beneficial effect that it can reach is with reference to above, and here is omitted.
Optionally, home gateway and flow analysis platform carry out information mutual before, the method also may be used To include: home gateway sends registration request to flow analysis platform;Wherein, registration request comprises The logic ID of home gateway, for making flow analysis platform according to the logic ID of home gateway to family Gateway is registered.The explanation of its related content is referred to above.
Optionally, the method can also include: home gateway obtain from flow analysis platform below believe At least one in breath: result table, rule list.The explanation of its related content is referred to above.
As shown in Figure 4, it is the structural representation of a kind of home gateway that the embodiment of the present invention provides, uses In performing in home network traffic recognition methods presented above step performed by home gateway.This In embodiment, the explanation of related content is referred to above, and here is omitted.Family shown in Fig. 4 Network comprise in the home network traffic recognition methods of offer mentioned above performed by home gateway The logic functional block that step is corresponding, example, may include that
Acquiring unit 401, for obtaining the five-tuple information of the packet flowing through described home gateway.
Matching unit 402, for by each information in the five-tuple information of described packet, with knot Really in the least one set five-tuple information in table, corresponding information is mated.
Recognition unit 403, is used for the packet that described identification of data packets is the first application, wherein, Result table at least records the home network identified five-tuple information at described home gateway place, and institute State the mark of application corresponding to identified five-tuple information;First application is in result table, and with The application that the five-tuple information of the five-tuple information matches of described packet is corresponding;Described first identifies knot The information that described packet is the packet of described first application is carried in Guo.
Transmitting element 404, for sending the first recognition result to flow analysis platform, so that flow The recognition result to multiple packets that analysis platform reports according to home gateway, adds up home gateway pair The service condition of application;Wherein, the plurality of packet includes the packet that said units is identified.
Optionally, described five-tuple information includes destination interface;If the five-tuple information of described packet Do not mate, then when the destination interface of described packet with all five-tuple information in described result table Time identical with the destination interface of at least one application in rule list, described acquiring unit 401 is also used In: obtain the regular expression to be matched that described packet is corresponding.Described matching unit 402 is additionally operable to: And described regular expression to be matched is mated with the regular expression in described rule list.Described Recognition unit 403 is additionally operable to, and described identification of data packets is the packet of the second application;Wherein, described Rule list at least records the application in described home network and for identifying the regular expression of this application Between corresponding relation;Second application be in rule list, and with described regular expression phase to be matched The same application corresponding to regular expression;Carrying described packet in described second recognition result is institute State the information of the packet of the second application.Described transmitting element 404 is additionally operable to, to described flow analysis Platform sends the second recognition result, so that described flow analysis platform identifies knot according to described second Really, the described home gateway service condition to application is added up.
Optionally, described regular expression includes at least one in following information: upstream data amount, Upstream data bag number, downlink data amount, downlink data packet number, upstream data amount and upstream data bag number Ratio, the ratio of downlink data amount and downlink data packet number.
Optionally, described transmitting element 404 can be also used for, and sends note to described flow analysis platform Volume request;Wherein, described registration request comprises the logic ID of described home gateway, be used for making described Described home gateway is registered by flow analysis platform according to the logic ID of described home gateway.
Optionally, described acquiring unit 401 can be also used for, and obtains from described flow analysis platform At least one in following information: result table, rule list.
Optionally, result table also includes at least one in following information: the logic ID of home gateway, The terminal type that described identified five-tuple information is corresponding, the volume of described identified five-tuple information Number, the identification information whether application corresponding to described identified five-tuple information is currently running.
The home gateway that the embodiment of the present invention provides is for performing home network traffic presented above Recognition methods, the beneficial effect that it can reach is with reference to above, and here is omitted.
Last it is noted that above example is only in order to illustrate technical scheme, rather than right It limits;Although the present invention being described in detail with reference to previous embodiment, this area common Skilled artisans appreciate that the technical scheme described in foregoing embodiments still can be repaiied by it Change, or wherein portion of techniques feature is carried out equivalent;And these amendments or replacement, not The essence making appropriate technical solution departs from the spirit and scope of various embodiments of the present invention technical scheme.

Claims (12)

1. a home network traffic identification system, it is characterised in that including: flow analysis is put down Platform and at least one home gateway being connected with described flow analysis platform;
Described home gateway, for obtaining the five-tuple letter of the packet flowing through described home gateway Breath, and by each information in the five-tuple information of described packet, with at least in result table In group five-tuple information, corresponding information is mated;It is the first application by described identification of data packets Packet, and send the first recognition result to described flow analysis platform;Wherein, described result table At least record the home network identified five-tuple information at described home gateway place, and described The mark of application corresponding to five-tuple information identified;Described first application is in described result table , and the application corresponding with the five-tuple information of the five-tuple information matches of described packet;Described First recognition result carries the information that described packet is the packet of described first application;
Described flow analysis platform, is used for receiving described first recognition result, and according to described family The recognition result to multiple packets that gateway reports, adds up the use to application of the described home gateway Situation;Wherein, the plurality of packet includes described packet.
System the most according to claim 1, it is characterised in that described five-tuple information bag Include destination interface;
Described home gateway, if being additionally operable in five-tuple information and the described result table of described packet All five-tuple information do not mate, then when in destination interface and the rule list of described packet When the destination interface of at least one application is identical, obtain the canonical table to be matched that described packet is corresponding Reach formula;Regular expression in described regular expression to be matched and described rule list is carried out Join;By the packet that described identification of data packets is the second application, and send out to described flow analysis platform Send the second recognition result;Wherein, described rule list at least records the family belonging to described home gateway Application in network and the corresponding relation between the regular expression identifying this application;Described Two application are in described rule list, and the regular expressions identical with described regular expression to be matched Application corresponding to formula;Carrying described packet in described second recognition result is described second application The information of packet;
Described flow analysis platform, is additionally operable to receive described second recognition result, and adds up described family The front yard gateway service condition to application.
System the most according to claim 2, it is characterised in that described regular expression bag Include at least one in destination interface, and following information: upstream data amount, upstream data bag number, The ratio of downlink data amount, downlink data packet number, upstream data amount and upstream data bag number, descending Data volume and the ratio of downlink data packet number.
4. according to the system described in any one of claim 1-3, it is characterised in that
Described home gateway, is additionally operable to send registration request to described flow analysis platform;Wherein, Described registration request comprises the logic ID of described home gateway;
Described flow analysis platform, is additionally operable to receive described registration request, and according to described home network Described home gateway is registered by the logic ID closed.
5. according to the system described in any one of claim 1-4, it is characterised in that
Described home gateway, be additionally operable to obtain from described flow analysis platform in following information to Few one: described result table, rule list;Wherein, described rule list at least records described home network Application in network and the corresponding relation between the regular expression identifying this application.
6. according to the system described in any one of claim 1-5, it is characterised in that described result Table also includes at least one in following information:
The logic ID of described home gateway, the terminal class that described identified five-tuple information is corresponding Type, the numbering of described identified five-tuple information, described identified five-tuple information is corresponding The identification information whether application is currently running.
7. a home network traffic recognition methods, it is characterised in that be applied to comprise flow and divide In analysis platform and the system of at least one home gateway that is connected with described flow analysis platform, described Method includes:
Described home gateway obtains the five-tuple information of the packet flowing through described home gateway, and will Each information in the five-tuple information of described packet, with the least one set five-tuple in result table In information, corresponding information is mated;
Described home gateway is by packet that described identification of data packets is the first application;Wherein, described Result table at least records the home network identified five-tuple information at described home gateway place, and The mark of the application that described identified five-tuple information is corresponding;Described first application is described result In table, and the application corresponding with the five-tuple information of the five-tuple information matches of described packet; Described first recognition result carries the information that described packet is the packet of described first application;
Described home gateway sends the first recognition result to described flow analysis platform, so that described The recognition result to multiple packets that flow analysis platform reports according to described home gateway, statistics The described home gateway service condition to application;Wherein, the plurality of packet includes described data Bag.
Method the most according to claim 7, it is characterised in that described five-tuple information bag Include destination interface;Described method also includes:
If the five-tuple information of described packet is equal with all five-tuple information in described result table Do not mate, then when the purpose that the destination interface of described packet is applied with at least one in rule list When port is identical, described home gateway obtains the regular expression to be matched that described packet is corresponding; And described regular expression to be matched is mated with the regular expression in described rule list;
Described home gateway is by packet that described identification of data packets is the second application;Wherein, described Rule list at least records the application in described home network and for identifying the regular expressions of this application Corresponding relation between formula;Described second application is in described rule list, and to be matched with described The application corresponding to regular expression that regular expression is identical;Described second recognition result carries Described packet is the information of the packet of described second application;
Described home gateway sends the second recognition result to described flow analysis platform, so that described Flow analysis platform, according to described second recognition result, adds up the use to application of the described home gateway Situation.
Method the most according to claim 8, it is characterised in that described regular expression bag Include at least one in destination interface, and following information: upstream data amount, upstream data bag number, The ratio of downlink data amount, downlink data packet number, upstream data amount and upstream data bag number, descending Data volume and the ratio of downlink data packet number.
10. according to the method described in any one of claim 7-9, it is characterised in that described method Also include:
Described home gateway sends registration request to described flow analysis platform;Wherein, described registration Request comprises the logic ID of described home gateway, is used for making described flow analysis platform according to institute Described home gateway is registered by the logic ID stating home gateway.
11. according to the method described in any one of claim 7-10, it is characterised in that described side Method also includes:
Described home gateway obtains at least one in following information from described flow analysis platform: Described result table, rule list;Wherein, answering during described rule list at least records described home network With the corresponding relation between the regular expression for identifying this application.
12. according to the method described in any one of claim 7-11, it is characterised in that described knot Table really also includes at least one in following information:
The logic ID of described home gateway, the terminal class that described identified five-tuple information is corresponding Type, the numbering of described identified five-tuple information, described identified five-tuple information is corresponding The identification information whether application is currently running.
CN201610446279.5A 2016-06-20 2016-06-20 Home network traffic recognition system and method Pending CN105915396A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201610446279.5A CN105915396A (en) 2016-06-20 2016-06-20 Home network traffic recognition system and method

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201610446279.5A CN105915396A (en) 2016-06-20 2016-06-20 Home network traffic recognition system and method

Publications (1)

Publication Number Publication Date
CN105915396A true CN105915396A (en) 2016-08-31

Family

ID=56758006

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201610446279.5A Pending CN105915396A (en) 2016-06-20 2016-06-20 Home network traffic recognition system and method

Country Status (1)

Country Link
CN (1) CN105915396A (en)

Cited By (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106850599A (en) * 2017-01-18 2017-06-13 中国科学院信息工程研究所 A kind of NAT detection methods based on fusion user behavior and sudden peal of thunder ID
CN108965011A (en) * 2018-07-25 2018-12-07 中天宽带技术有限公司 One kind being based on intelligent gateway deep packet inspection system and analysis method
CN109391520A (en) * 2017-08-10 2019-02-26 中国移动通信有限公司研究院 Deep message detection method, device and system based on pattern of fusion home gateway
WO2019075608A1 (en) * 2017-10-16 2019-04-25 Oppo广东移动通信有限公司 Method and device for identifying encrypted data stream, storage medium, and system
CN111131493A (en) * 2019-12-31 2020-05-08 中国移动通信集团江苏有限公司 Data acquisition method and device and user portrait generation method and device
CN112235159A (en) * 2020-10-13 2021-01-15 中移(杭州)信息技术有限公司 Gateway quality portrait generation method, system, network equipment and storage medium
CN112751781A (en) * 2019-10-31 2021-05-04 阿里巴巴集团控股有限公司 Method, device and equipment for processing flow data and computer storage medium
CN112769713A (en) * 2020-12-31 2021-05-07 北京赛思信安技术股份有限公司 HTTPS flow application classification method based on result weighting of multiple matching engines
CN113923013A (en) * 2021-09-30 2022-01-11 深信服科技股份有限公司 Application identification management method and system

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20140156812A1 (en) * 2012-12-05 2014-06-05 Fortinet, Inc. Customized configuration settings for a network appliance
CN104052639A (en) * 2014-07-02 2014-09-17 山东大学 Real-time multi-application network flow identification method based on support vector machine
US9113400B2 (en) * 2013-03-08 2015-08-18 Tellabs Operations, Inc Method and apparatus for offloading packet traffic from LTE network to WLAN using DPI

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20140156812A1 (en) * 2012-12-05 2014-06-05 Fortinet, Inc. Customized configuration settings for a network appliance
US9113400B2 (en) * 2013-03-08 2015-08-18 Tellabs Operations, Inc Method and apparatus for offloading packet traffic from LTE network to WLAN using DPI
CN104052639A (en) * 2014-07-02 2014-09-17 山东大学 Real-time multi-application network flow identification method based on support vector machine

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
郭志鑫等: ""家庭网络后台流量分析与识别"", 《信息通信技术》 *

Cited By (14)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106850599B (en) * 2017-01-18 2019-12-03 中国科学院信息工程研究所 A kind of NAT detection method based on fusion user behavior and sudden peal of thunder ID
CN106850599A (en) * 2017-01-18 2017-06-13 中国科学院信息工程研究所 A kind of NAT detection methods based on fusion user behavior and sudden peal of thunder ID
CN109391520B (en) * 2017-08-10 2020-07-14 中国移动通信有限公司研究院 Deep packet inspection method, device and system based on fusion type home gateway
CN109391520A (en) * 2017-08-10 2019-02-26 中国移动通信有限公司研究院 Deep message detection method, device and system based on pattern of fusion home gateway
CN110741613A (en) * 2017-10-16 2020-01-31 Oppo广东移动通信有限公司 encrypted data stream identification method, device, storage medium and system
WO2019076000A1 (en) * 2017-10-16 2019-04-25 Oppo广东移动通信有限公司 Method and device for identifying encrypted data stream, storage medium, and system
WO2019075608A1 (en) * 2017-10-16 2019-04-25 Oppo广东移动通信有限公司 Method and device for identifying encrypted data stream, storage medium, and system
US11418951B2 (en) 2017-10-16 2022-08-16 Guangdong Oppo Mobile Telecommunications Corp., Ltd. Method for identifying encrypted data stream, device, storage medium and system
CN108965011A (en) * 2018-07-25 2018-12-07 中天宽带技术有限公司 One kind being based on intelligent gateway deep packet inspection system and analysis method
CN112751781A (en) * 2019-10-31 2021-05-04 阿里巴巴集团控股有限公司 Method, device and equipment for processing flow data and computer storage medium
CN111131493A (en) * 2019-12-31 2020-05-08 中国移动通信集团江苏有限公司 Data acquisition method and device and user portrait generation method and device
CN112235159A (en) * 2020-10-13 2021-01-15 中移(杭州)信息技术有限公司 Gateway quality portrait generation method, system, network equipment and storage medium
CN112769713A (en) * 2020-12-31 2021-05-07 北京赛思信安技术股份有限公司 HTTPS flow application classification method based on result weighting of multiple matching engines
CN113923013A (en) * 2021-09-30 2022-01-11 深信服科技股份有限公司 Application identification management method and system

Similar Documents

Publication Publication Date Title
CN105915396A (en) Home network traffic recognition system and method
CN111901135B (en) Data analysis method and device
CN110048927B (en) Communication method and communication device
US9602185B2 (en) Communication terminal, communication control apparatus, communication system, communication control method, and program
CN105210344B (en) Customization and notification method in M2M communication system and apparatus for the method
US20130191890A1 (en) Method and system for user identity recognition based on specific information
CN110326345B (en) Method, device and system for configuring network slice
CN105491244B (en) Classroom automatic roll-calling system based on WIFI and smart mobile phone
CN105207853B (en) A kind of LAN method for managing and monitoring
CN106416135A (en) Access point grouping based on performance and location
US20200329360A1 (en) Method and system for discovering user equipment in a network
US10447530B2 (en) Device metering
CN102740342A (en) Network management equipment performance simulation test method and system
CN101188603A (en) A method for access to the external network according to user's right
CN108039968A (en) Network optimized approach, equipment and computer-readable recording medium
WO2023134312A1 (en) Content charging test method, management device, terminal device and storage medium
CN107547213A (en) A kind of recognition methods of business rule and device
CN106416146A (en) Communication apparatus, communication method, and communication system
CN107566513A (en) Test equipment DOS environmental data collecting methods and system
US8000279B2 (en) System for multicast broadcasting towards at least one roaming user terminal in a mobile IP network
CN108702799A (en) Method for merging mobile core and IOT data
CN110337103A (en) A kind of connectionless data hided transmission method based on 802.11 agreements
CN104601400B (en) Shunting device performance test methods, test client and test server
CN105827637B (en) The configuration method and system of IMS fixed line number
CN1937461B (en) Terminal test device based on terminal management business

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication
RJ01 Rejection of invention patent application after publication

Application publication date: 20160831