CN106452953A - Synthetic data feature analysis method and system based on DPI (Deep Packet Inspection) technology - Google Patents
Synthetic data feature analysis method and system based on DPI (Deep Packet Inspection) technology Download PDFInfo
- Publication number
- CN106452953A CN106452953A CN201610866090.1A CN201610866090A CN106452953A CN 106452953 A CN106452953 A CN 106452953A CN 201610866090 A CN201610866090 A CN 201610866090A CN 106452953 A CN106452953 A CN 106452953A
- Authority
- CN
- China
- Prior art keywords
- application
- data flow
- technology
- engine
- dpi
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L43/00—Arrangements for monitoring or testing data switching networks
- H04L43/06—Generation of reports
- H04L43/062—Generation of reports related to network traffic
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L43/00—Arrangements for monitoring or testing data switching networks
- H04L43/02—Capturing of monitoring data
- H04L43/026—Capturing of monitoring data using flow identification
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L43/00—Arrangements for monitoring or testing data switching networks
- H04L43/02—Capturing of monitoring data
- H04L43/028—Capturing of monitoring data by filtering
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L61/00—Network arrangements, protocols or services for addressing or naming
- H04L61/45—Network directories; Name-to-address mapping
- H04L61/4505—Network directories; Name-to-address mapping using standardised directories; using standardised directory access protocols
- H04L61/4511—Network directories; Name-to-address mapping using standardised directories; using standardised directory access protocols using domain name system [DNS]
Abstract
The invention discloses a synthetic data feature analysis method and system based on a DPI (Deep Packet Inspection) technology. The method comprises the following steps: S1, acquiring a domain name request data flow, and generating a DNS resolution data table of a domain name request; S2, implementing an application identification on the domain name request data flow through the DPI technology, and marking the data flow which is identified with application as a known application; S3, implementing the application identification on the data flow which is not identified with application through an IPCache technology, and marking the data flow which is identified with application as the known application; S4, implementing the application identification again on the data flow which is not identified with application through a DFI (Deep Flow Inspection) technology, and marking the data flow which is identified with application as the known application; and S5, according to a destination IP address of the data flow, reversely finding a DNS domain name corresponding to the IP address in the DNS table for the data flow which is not identified with application, determining the application properties of the data flow through the DNS domain name, and marking the data flow which is identified as the known application. The synthetic data feature analysis method and system based on the DPI technology can effectively realize a precise identification of the P2P and the encrypted traffic, and improve the problem that in the prior art, a false negative rate and a misdeclaration rate are high.
Description
Technical field
The present invention relates to synthetic data characteristic analysis method and system, especially a kind of synthetic data based on DPI technology
Characteristic analysis method and system.
Background technology
Deep packet inspection technology (i.e. Deep Packet Inspection, hereinafter referred to as DPI), is a kind of application-oriented
The flow analysis detection technique of layer analysis.
DPI technology has become the standard configuration of high end network equipment, for Precise control and analysis to network traffics,
But developing rapidly recently as the Internet, application data technology constantly develops, safety more and more higher so that simple
DPI technology is difficult to be based only on and parsing for packet is realized accurately identifying application, it is therefore necessary to comprehensive multiple identifications
Mechanism and technology of identification, give full play to the advantage between each technology so as to form a kind of identification decorum, realize recognizing existing application
High-accuracy.
DPI correlation technique producer mostly is single DPI technology when using DPI technology at present, and the shortcoming of the technology also compares
Prominent, with the fast development of the Internet, particularly mobile Internet, it is based especially on the video of P2P technology, downloads class application
Continuous development, people have been difficult solely for the safety requirements of legacy network data, original DPI technology in feature identification
High discrimination is accomplished in vertical application.
Although, also have DPI and DFI with the use of scene, here, DFI refers to deep stream detection technique (i.e. Deep Flow
Inspection, hereinafter referred to as DFI), it is a kind of application specific identification detection technique based on data flow.
Also, DFI technology is made moderate progress to single use DPI technology in feature identification effect with the use of meeting, but two
The simple supplementary of the technology of kind is still difficult to break through to P2P and encrypts the difficult problem that flow is accurately recognized.
Content of the invention
The purpose of the present invention is exactly to solve the above-mentioned problems in the prior art, is reversely searched using DNS, DPI
The technology of identification of the big main application feature of technology, IPCache technology, DFI technology four, by making full use of the excellent of every technology
Point, makes the complementation of every technical advantage, forms complete data identification chain, reaches the application to target data and recognize, so as to provide
A kind of synthetic data characteristic analysis method based on DPI technology and system.
The purpose of the present invention will be achieved by the following technical programs:
Based on the synthetic data characteristic analysis method of DPI technology, comprise the steps:
S1, monitoring DNS name resolution request, domain name request data flow is obtained, generates the dns resolution tables of data of domain name request;
S2, carries out application identification by DPI technology to domain name request data flow, will identify the data of application by DPI technology
Fail to be sold at auction and be designated as known applications;
S3, by through S2 step unidentified go out application data flow application identification is carried out by IPCache technology, will pass through
IPCache technology identifies that the data flow token of application is known applications;
S4, the data flow for not identifying application through S3 step yet is carried out application identification again by DFI technology, will be passed through
DFI technology identifies that the data flow token of application is known applications;
S5, to not identifying the data flow of application yet through S4 step, the purpose IP address according to data flow are backwards to the S1
The corresponding DNS domain name of the IP address is searched in the DNS list for generating in step, the application of the data flow is determined by DNS domain name
Attribute, the data flow token for identifying application during this is known applications.
Preferably, the described synthetic data characteristic analysis method based on DPI technology, wherein:The S2 step include as
Lower process:
S21, purpose IP of record data stream and destination interface, generate purpose IP address pond (IPCache pond);
S22, purpose IP and destination interface when data flow is unrecognized then according to data flow is reversely searched in IP address pond,
If finding certain data stream in address pool to be identified as concrete application, the labelling data stream is the application.
Preferably, the described synthetic data characteristic analysis method based on DPI technology, wherein:Also comprise the steps:
S6, the recognition result of S2-S5 step is weighted processing, calculates intended application identification code by built-in algorithms, and according to
Intended application identification code finds the application attribute ownership of the data flow in corresponding application and weights mapping table.
Preferably, the described synthetic data characteristic analysis method based on DPI technology, wherein:The identification of the S2 step
As a result maximum weights are more than the S3 step and the maximum weights of the recognition result of S4 step;The recognition result of the S5 step
Maximum weights less than the recognition result of the S3 step and S4 step maximum weights.
Preferably, the described synthetic data characteristic analysis method based on DPI technology, wherein:The identification of the S2 step
As a result maximum weights are 0.5, and the maximum weights of the recognition result of the S3 step and S4 step are 0.2, the S5 step
Recognition result maximum weights be 0.1.
Based on the synthetic data characteristic analysis system of DPI technology, including
Data capture engine, for monitoring DNS name resolution request, obtains domain name request data flow, generates the DNS of domain name request
Parsing tables of data;
DPI recognizes engine, for carrying out application identification by DPI technology to domain name request data flow, will be recognized by DPI technology
The data flow token for going out application is known applications;
IPCache recognize engine, for by through DPI identification engine unidentified go out application data flow pass through IPCache technology
Application identification is carried out, and the data flow token that application is identified by IPCache technology is known applications;
DFI recognizes engine, for not identifying that the data flow of application passes through DFI technology again yet through IPCache identification engine
Secondary carry out application identification, by identified by DFI technology application data flow token be known applications;
DNS is counter to look into engine, for drawing, through DFI identification, the data flow for identifying application not yet, according to purpose IP of data flow
Address is backwards in the DNS list that generate in the S1 step and searches the corresponding DNS domain name of the IP address, true by DNS domain name
The application attribute of the fixed data flow, the data flow token for identifying application during this is known applications.
Preferably, the described synthetic data characteristic analysis system based on DPI technology, wherein:Also include intended application identification code
Production engine, for recognizing engine, IPCache identification engine, DFI identification engine and the anti-identification knot for looking into engine of DNS by DPI
Fruit is weighted processing, and calculates intended application identification code by built-in algorithms, and is answered to corresponding according to intended application identification code
With with weights mapping table in find the data flow application attribute ownership.
Preferably, the described synthetic data characteristic analysis system based on DPI technology, wherein:The identification of the DPI engine
As a result maximum weights are 0.5, the maximum of the weights of the recognition result of the IPCache engine and the recognition result of DFI engine
It is 0.1 that weights are the maximum weights of the anti-recognition result for looking into engine of 0.2, the DNS.
The advantage of technical solution of the present invention is mainly reflected in:
Deft design of the present invention, process is simple, by combination and the reasonable combination of the science of multiple application technology of identification, according to
The feature of each technology sets priority and weighted value so as to will not especially rely on some technology for counsel again when self-characteristic is played,
The ingenious fusion of each technological merit is accomplished, by data flow from its domain name mapping (dns resolution) to the comprehensive of its Flow Behavior
Covering, so as to good identification can be carried out to the application of P2P class, the accurate of identification is accurately applied so as to improve P2P and encryption flow
Property.
Also, the problem that prior art is failed to report to the height for applying feature identification, height is reported by mistake can be improved by this method.
Specific embodiment
The synthetic data characteristic analysis system based on DPI technology that the present invention is disclosed, including the data acquisition for communicating successively
Engine, DPI identification engine, IPCache identification engine, DFI identification engine, DNS is counter looks into engine.
The data capture engine, for monitoring DNS name resolution request, obtains domain name request data flow, generates domain name
The dns resolution tables of data of request;The dns resolution tables of data is used for looking into offer lookup source for DNS is counter.
The DPI identification engine is used for carrying out application identification by DPI technology to domain name request data flow, will be by DPI
Technology identifies that the data flow token of application is known applications;Its operation principle be by monitoring target data stream, and to data
Stream carries out packet and disassembles, and finds the characteristic character string in packet by scan matching, according to this feature word string and preset spy
The fingerprint content that levies in storehouse compares, and the data flow that labelling matches is known applications.
So-called labelling refers to the process of record data stream information and adds Apply Names, and specifically, correlation engine can basis
The data stream essential information (IP five-tuple) generates daily record, is added with the Apply Names of DPI engine identification, then in daily record
This log information is passed to next processing unit.
IPCache identification engine be used for by through DPI identification engine unidentified go out application data flow pass through
IPCache technology carries out application identification, and the data flow token for identifying application by IPCache technology is known applications.
The DFI identification engine is used for the data flow of application not identified yet by DFI through IPCache identification engine
Technology carries out application identification again, and the data flow token for identifying application by DFI technology is known applications;The DFI knows
Other engine be by surfaces such as the bag length of matched data stream, Bao Xu, directions, by the application of statistical summaries anticipation data flow
Attribute, the parsing through DFI engine can determine whether out the applicating category characteristic of data flow.
The DNS is counter to look into engine for drawing, through DFI identification, the data flow for identifying application not yet, according to data flow
Purpose IP address are backwards in the DNS list that generate in the S1 step and search the corresponding DNS domain name of the IP address, by DNS
Domain name determines the application attribute of the data flow, according to go to identical IP, same port data flow for homogeneous data principle, recognize
Belonging to same application for the data of identical purpose IP and same port in application layer, the data flow of application will be identified during this
It is labeled as known applications.
For in theory, through DNS is counter look into engine after should not exist unidentified go out data flow, but in order to drop
Low identification deviation, improves identification accuracy, and further, the synthetic data characteristic analysis system based on DPI technology also includes
Intended application identification code production engine and marking engine, the intended application identification code production engine is used for drawing DPI identification
Hold up, IPCache identification engine, DFI identification engine and the anti-recognition result for looking into engine of DNS are weighted processing, by built-in
Algorithm calculates intended application identification code, and finds this according in intended application identification code to corresponding application and weights mapping table
The application attribute ownership of data flow.
Here recognition result by judging the application for providing identification knot by the engine after certain engine to data flow
By, so-called be weighted to according to different engine characteristics and its priority level initializing difference engine to application produced by power of influence, this
In bright, the maximum weights of the recognition result of the DPI engine are more than the recognition result of the IPCache engine and DFI engine
Maximum weights;The maximum weights of the anti-recognition result for looking into engine of the DNS are less than the knowledge of the IPCache engine and DFI engine
The maximum weights of other result.
The weights total score is 1, if when certain engine is unrecognized, the weights of the recognition result of the engine are 0,
Also, the maximum weights of the recognition result of the DPI engine are 0.5, the maximum weights of the recognition result of the IPCache engine
And the maximum weights of the recognition result of DFI engine are the maximum weights of the anti-recognition result for looking into engine of 0.2, the DNS and are
0.1.
Data flow is after all applications identification engine, and the weight number combining according to appended by different engines draws a final power
Value, i.e. intended application identification code, and the data flow is found according in the final weights to corresponding application and weights mapping table
Application attribute belongs to.
When concrete application is recognized, carry out according to the degree of strength of each engine identification, i.e., for the priority for recognizing,
DPI engine > IPCache engine > DFI engine > DNS unfavourable balance engine.
Therefore, the identification process of the synthetic data characteristic analysis system based on DPI technology of the present invention is as follows:
S1, monitoring DNS name resolution request, domain name request data flow is obtained, generates the dns resolution tables of data of domain name request.
S2, carries out application identification by DPI technology to domain name request data flow, will identify application by DPI technology
Data flow token is known applications.
Its detailed process is as follows:
S21, purpose IP of record data stream and destination interface, generate purpose IP address pond (IPCache pond);
S22, purpose IP and destination interface when data flow is unrecognized then according to data flow is reversely searched in IP address pond,
If finding certain data stream in address pool to be identified as concrete application, the labelling data stream is the application.
For example, data flow A and B have identical purpose IP and destination interface, data flow A quilt when DPI engine
It is identified as applying Y, data stream B does not have identified, then IPCache engine is reversely searched, and factor data stream A and B have identical
Purpose IP and destination interface, and data stream B is also labeled as to apply Y.
S3, by through S2 step unidentified go out application data flow application identification is carried out by IPCache technology, will pass through
IPCache technology identifies that the data flow token of application is known applications.
S4, the data flow for not identifying application through S3 step yet is carried out application identification again by DFI technology, will be logical
Cross DFI technology and identify that the data flow token of application is known applications.
S5, to not identifying the data flow of application yet through S4 step, the purpose IP address according to data flow are backwards to institute
State in the DNS list for generating in S1 step and the corresponding DNS domain name of the IP address is searched, the data flow is determined by DNS domain name
Application attribute, the data flow token for identifying application during this is known applications.
Further, also include S6, the recognition result of S2-S5 step is weighted processing, is calculated by built-in algorithms
Intended application identification code, and answering for the data flow is found according in intended application identification code to corresponding application and weights mapping table
Belonged to attribute.
The present invention still has numerous embodiments, all employing equivalents or equivalent transformation and all technical sides for being formed
Case, is within the scope of the present invention.
Claims (8)
1. the synthetic data characteristic analysis method based on DPI technology, it is characterised in that:Comprise the steps:
S1, monitoring DNS name resolution request, domain name request data flow is obtained, generates the dns resolution tables of data of domain name request;
S2, carries out application identification by DPI technology to domain name request data flow, will identify the data of application by DPI technology
Fail to be sold at auction and be designated as known applications;
S3, by through S2 step unidentified go out application data flow application identification is carried out by IPCache technology, will pass through
IPCache technology identifies that the data flow token of application is known applications;
S4, the data flow for not identifying application through S3 step yet is carried out application identification again by DFI technology, will be passed through
DFI technology identifies that the data flow token of application is known applications;
S5, to not identifying the data flow of application yet through S4 step, the purpose IP address according to data flow are backwards to the S1
The corresponding DNS domain name of the IP address is searched in the DNS list for generating in step, the application of the data flow is determined by DNS domain name
Attribute, the data flow token for identifying application during this is known applications.
2. the synthetic data characteristic analysis method based on DPI technology according to claim 1, it is characterised in that:The S2
Step includes following process:
S21, purpose IP of record data stream and destination interface, generate purpose IP address pond(IPCache pond);
S22, when data flow is unrecognized through S1 step, then purpose IP of foundation data flow and destination interface are to purpose IP ground
Location is reversely searched in pond, if finding certain data stream in purpose IP address pond to be identified as concrete application, labelling this
Data flow is the application.
3. the synthetic data characteristic analysis method based on DPI technology according to claim 1, it is characterised in that:Also include
Following steps:S6, the recognition result of S2-S5 step is weighted processing, and calculates intended application identification by built-in algorithms
Code, and belonged to according to the application attribute for finding the data flow in intended application identification code to corresponding application and weights mapping table.
4. the synthetic data characteristic analysis method based on DPI technology according to claim 3, it is characterised in that:The S2
The maximum weights of the recognition result of step are more than the S3 step and the maximum weights of the recognition result of S4 step;The S5 step
Recognition result maximum weights less than the recognition result of the S3 step and S4 step maximum weights.
5. the synthetic data characteristic analysis method based on DPI technology according to claim 3, it is characterised in that:The S2
The maximum weights of the recognition result of step are 0.5, and the maximum weights of the recognition result of the S3 step and S4 step are 0.2,
The maximum weights of the recognition result of the S5 step are 0.1.
6. the synthetic data characteristic analysis system based on DPI technology, it is characterised in that:Including
Data capture engine, for monitoring DNS name resolution request, obtains domain name request data flow, generates the DNS of domain name request
Parsing tables of data;
DPI recognizes engine, for carrying out application identification by DPI technology to domain name request data flow, will be recognized by DPI technology
The data flow token for going out application is known applications;
IPCache recognize engine, for by through DPI identification engine unidentified go out application data flow pass through IPCache technology
Application identification is carried out, and the data flow token that application is identified by IPCache technology is known applications;
DFI recognizes engine, for not identifying that the data flow of application passes through DFI technology again yet through IPCache identification engine
Secondary carry out application identification, by identified by DFI technology application data flow token be known applications;
DNS is counter to look into engine, for drawing, through DFI identification, the data flow for identifying application not yet, according to purpose IP of data flow
Address is backwards in the DNS list that generate in the S1 step and searches the corresponding DNS domain name of the IP address, true by DNS domain name
The application attribute of the fixed data flow, the data flow token for identifying application during this is known applications.
7. according to the claim synthetic data characteristic analysis system based on DPI technology according to claim 6, its feature
It is:Also include intended application identification code production engine, for DPI being recognized, engine, IPCache identification engine, DFI identification are drawn
Holding up and the anti-recognition result for looking into engine of DNS is weighted processing, intended application identification code, and root is calculated by built-in algorithms
According to the application attribute ownership for finding the data flow in intended application identification code to corresponding application and weights mapping table.
8. the synthetic data characteristic analysis system based on DPI technology according to claim 7, it is characterised in that:The DPI
The maximum weights of the recognition result of engine are 0.5, the maximum weights of the recognition result of the IPCache engine and DFI engine
It is 0.1 that the maximum weights of recognition result are the maximum weights of the anti-recognition result for looking into engine of 0.2, the DNS.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201610866090.1A CN106452953A (en) | 2016-09-30 | 2016-09-30 | Synthetic data feature analysis method and system based on DPI (Deep Packet Inspection) technology |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201610866090.1A CN106452953A (en) | 2016-09-30 | 2016-09-30 | Synthetic data feature analysis method and system based on DPI (Deep Packet Inspection) technology |
Publications (1)
Publication Number | Publication Date |
---|---|
CN106452953A true CN106452953A (en) | 2017-02-22 |
Family
ID=58170152
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201610866090.1A Pending CN106452953A (en) | 2016-09-30 | 2016-09-30 | Synthetic data feature analysis method and system based on DPI (Deep Packet Inspection) technology |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN106452953A (en) |
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN108173705A (en) * | 2017-11-28 | 2018-06-15 | 北京天融信网络安全技术有限公司 | First packet recognition methods, device, equipment and the medium of flow drainage |
CN110417729A (en) * | 2019-06-12 | 2019-11-05 | 中国科学院信息工程研究所 | A kind of service and application class method and system encrypting flow |
Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102891893A (en) * | 2012-10-16 | 2013-01-23 | 苏州迈科网络安全技术股份有限公司 | P2P (Peer-to-Peer) traffic identification method and P2P traffic identification system |
CN103746768A (en) * | 2013-10-08 | 2014-04-23 | 北京神州绿盟信息安全科技股份有限公司 | Data packet identification method and equipment thereof |
CN104348675A (en) * | 2013-08-02 | 2015-02-11 | 北京邮电大学 | Bidirectional service data flow identification method and device |
CN105847078A (en) * | 2016-03-17 | 2016-08-10 | 哈尔滨工程大学 | HTTP (Hyper Text Transport Protocol) traffic refined identification method based on DPI (Data Processing Installation) self-study mechanism |
-
2016
- 2016-09-30 CN CN201610866090.1A patent/CN106452953A/en active Pending
Patent Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102891893A (en) * | 2012-10-16 | 2013-01-23 | 苏州迈科网络安全技术股份有限公司 | P2P (Peer-to-Peer) traffic identification method and P2P traffic identification system |
CN104348675A (en) * | 2013-08-02 | 2015-02-11 | 北京邮电大学 | Bidirectional service data flow identification method and device |
CN103746768A (en) * | 2013-10-08 | 2014-04-23 | 北京神州绿盟信息安全科技股份有限公司 | Data packet identification method and equipment thereof |
CN105847078A (en) * | 2016-03-17 | 2016-08-10 | 哈尔滨工程大学 | HTTP (Hyper Text Transport Protocol) traffic refined identification method based on DPI (Data Processing Installation) self-study mechanism |
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN108173705A (en) * | 2017-11-28 | 2018-06-15 | 北京天融信网络安全技术有限公司 | First packet recognition methods, device, equipment and the medium of flow drainage |
CN110417729A (en) * | 2019-06-12 | 2019-11-05 | 中国科学院信息工程研究所 | A kind of service and application class method and system encrypting flow |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
Zhou et al. | Gan-siamese network for cross-domain vehicle re-identification in intelligent transport systems | |
CN103838754B (en) | Information retrieval device and method | |
CN109117634A (en) | Malware detection method and system based on network flow multi-view integration | |
CN111726264B (en) | Network protocol variation detection method, device, electronic equipment and storage medium | |
CN106789242B (en) | Intelligent identification application analysis method based on mobile phone client software dynamic feature library | |
US20170053031A1 (en) | Information forecast and acquisition method based on webpage link parameter analysis | |
CN105959321A (en) | Passive identification method and apparatus for network remote host operation system | |
CN108536749B (en) | Method for constructing person track view based on collision detection method | |
CN110177123B (en) | Botnet detection method based on DNS mapping association graph | |
CN109151880A (en) | Mobile application flow identification method based on multilayer classifier | |
CN105024993A (en) | Protocol comparison method based on vector operation | |
CN111200600B (en) | Internet of things equipment flow sequence fingerprint feature extraction method | |
CN106991370A (en) | Pedestrian retrieval method based on color and depth | |
AU2012200642A1 (en) | A method and apparatus for communications analysis | |
CN108718341A (en) | Shared and search the method for data | |
CN112217834B (en) | Internet encryption flow interactive feature extraction method based on graph structure | |
CN106452953A (en) | Synthetic data feature analysis method and system based on DPI (Deep Packet Inspection) technology | |
CN110034966B (en) | Data flow classification method and system based on machine learning | |
CN108173705A (en) | First packet recognition methods, device, equipment and the medium of flow drainage | |
Kong et al. | Identification of abnormal network traffic using support vector machine | |
CN106227741B (en) | A kind of extensive URL matching process based on multilevel hash index chained list | |
CN104580254B (en) | A kind of fishing website identifying system and method | |
CN105119876B (en) | A kind of detection method and system of the domain name automatically generated | |
CN101854330A (en) | Method and system for collecting and analyzing network applications of Internet | |
CN107209834A (en) | Malicious communication pattern extraction apparatus, malicious communication schema extraction system, malicious communication schema extraction method and malicious communication schema extraction program |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
RJ01 | Rejection of invention patent application after publication |
Application publication date: 20170222 |
|
RJ01 | Rejection of invention patent application after publication |