CN106452953A - Synthetic data feature analysis method and system based on DPI (Deep Packet Inspection) technology - Google Patents

Synthetic data feature analysis method and system based on DPI (Deep Packet Inspection) technology Download PDF

Info

Publication number
CN106452953A
CN106452953A CN201610866090.1A CN201610866090A CN106452953A CN 106452953 A CN106452953 A CN 106452953A CN 201610866090 A CN201610866090 A CN 201610866090A CN 106452953 A CN106452953 A CN 106452953A
Authority
CN
China
Prior art keywords
application
data flow
technology
engine
dpi
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201610866090.1A
Other languages
Chinese (zh)
Inventor
丁增红
周明中
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
SUZHOU MAIKE NETWORK SAFETY TECHNOLOGY Co Ltd
Original Assignee
SUZHOU MAIKE NETWORK SAFETY TECHNOLOGY Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by SUZHOU MAIKE NETWORK SAFETY TECHNOLOGY Co Ltd filed Critical SUZHOU MAIKE NETWORK SAFETY TECHNOLOGY Co Ltd
Priority to CN201610866090.1A priority Critical patent/CN106452953A/en
Publication of CN106452953A publication Critical patent/CN106452953A/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L43/00Arrangements for monitoring or testing data switching networks
    • H04L43/06Generation of reports
    • H04L43/062Generation of reports related to network traffic
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L43/00Arrangements for monitoring or testing data switching networks
    • H04L43/02Capturing of monitoring data
    • H04L43/026Capturing of monitoring data using flow identification
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L43/00Arrangements for monitoring or testing data switching networks
    • H04L43/02Capturing of monitoring data
    • H04L43/028Capturing of monitoring data by filtering
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L61/00Network arrangements, protocols or services for addressing or naming
    • H04L61/45Network directories; Name-to-address mapping
    • H04L61/4505Network directories; Name-to-address mapping using standardised directories; using standardised directory access protocols
    • H04L61/4511Network directories; Name-to-address mapping using standardised directories; using standardised directory access protocols using domain name system [DNS]

Abstract

The invention discloses a synthetic data feature analysis method and system based on a DPI (Deep Packet Inspection) technology. The method comprises the following steps: S1, acquiring a domain name request data flow, and generating a DNS resolution data table of a domain name request; S2, implementing an application identification on the domain name request data flow through the DPI technology, and marking the data flow which is identified with application as a known application; S3, implementing the application identification on the data flow which is not identified with application through an IPCache technology, and marking the data flow which is identified with application as the known application; S4, implementing the application identification again on the data flow which is not identified with application through a DFI (Deep Flow Inspection) technology, and marking the data flow which is identified with application as the known application; and S5, according to a destination IP address of the data flow, reversely finding a DNS domain name corresponding to the IP address in the DNS table for the data flow which is not identified with application, determining the application properties of the data flow through the DNS domain name, and marking the data flow which is identified as the known application. The synthetic data feature analysis method and system based on the DPI technology can effectively realize a precise identification of the P2P and the encrypted traffic, and improve the problem that in the prior art, a false negative rate and a misdeclaration rate are high.

Description

Synthetic data characteristic analysis method and system based on DPI technology
Technical field
The present invention relates to synthetic data characteristic analysis method and system, especially a kind of synthetic data based on DPI technology Characteristic analysis method and system.
Background technology
Deep packet inspection technology (i.e. Deep Packet Inspection, hereinafter referred to as DPI), is a kind of application-oriented The flow analysis detection technique of layer analysis.
DPI technology has become the standard configuration of high end network equipment, for Precise control and analysis to network traffics, But developing rapidly recently as the Internet, application data technology constantly develops, safety more and more higher so that simple DPI technology is difficult to be based only on and parsing for packet is realized accurately identifying application, it is therefore necessary to comprehensive multiple identifications Mechanism and technology of identification, give full play to the advantage between each technology so as to form a kind of identification decorum, realize recognizing existing application High-accuracy.
DPI correlation technique producer mostly is single DPI technology when using DPI technology at present, and the shortcoming of the technology also compares Prominent, with the fast development of the Internet, particularly mobile Internet, it is based especially on the video of P2P technology, downloads class application Continuous development, people have been difficult solely for the safety requirements of legacy network data, original DPI technology in feature identification High discrimination is accomplished in vertical application.
Although, also have DPI and DFI with the use of scene, here, DFI refers to deep stream detection technique (i.e. Deep Flow Inspection, hereinafter referred to as DFI), it is a kind of application specific identification detection technique based on data flow.
Also, DFI technology is made moderate progress to single use DPI technology in feature identification effect with the use of meeting, but two The simple supplementary of the technology of kind is still difficult to break through to P2P and encrypts the difficult problem that flow is accurately recognized.
Content of the invention
The purpose of the present invention is exactly to solve the above-mentioned problems in the prior art, is reversely searched using DNS, DPI The technology of identification of the big main application feature of technology, IPCache technology, DFI technology four, by making full use of the excellent of every technology Point, makes the complementation of every technical advantage, forms complete data identification chain, reaches the application to target data and recognize, so as to provide A kind of synthetic data characteristic analysis method based on DPI technology and system.
The purpose of the present invention will be achieved by the following technical programs:
Based on the synthetic data characteristic analysis method of DPI technology, comprise the steps:
S1, monitoring DNS name resolution request, domain name request data flow is obtained, generates the dns resolution tables of data of domain name request;
S2, carries out application identification by DPI technology to domain name request data flow, will identify the data of application by DPI technology Fail to be sold at auction and be designated as known applications;
S3, by through S2 step unidentified go out application data flow application identification is carried out by IPCache technology, will pass through IPCache technology identifies that the data flow token of application is known applications;
S4, the data flow for not identifying application through S3 step yet is carried out application identification again by DFI technology, will be passed through DFI technology identifies that the data flow token of application is known applications;
S5, to not identifying the data flow of application yet through S4 step, the purpose IP address according to data flow are backwards to the S1 The corresponding DNS domain name of the IP address is searched in the DNS list for generating in step, the application of the data flow is determined by DNS domain name Attribute, the data flow token for identifying application during this is known applications.
Preferably, the described synthetic data characteristic analysis method based on DPI technology, wherein:The S2 step include as Lower process:
S21, purpose IP of record data stream and destination interface, generate purpose IP address pond (IPCache pond);
S22, purpose IP and destination interface when data flow is unrecognized then according to data flow is reversely searched in IP address pond, If finding certain data stream in address pool to be identified as concrete application, the labelling data stream is the application.
Preferably, the described synthetic data characteristic analysis method based on DPI technology, wherein:Also comprise the steps: S6, the recognition result of S2-S5 step is weighted processing, calculates intended application identification code by built-in algorithms, and according to Intended application identification code finds the application attribute ownership of the data flow in corresponding application and weights mapping table.
Preferably, the described synthetic data characteristic analysis method based on DPI technology, wherein:The identification of the S2 step As a result maximum weights are more than the S3 step and the maximum weights of the recognition result of S4 step;The recognition result of the S5 step Maximum weights less than the recognition result of the S3 step and S4 step maximum weights.
Preferably, the described synthetic data characteristic analysis method based on DPI technology, wherein:The identification of the S2 step As a result maximum weights are 0.5, and the maximum weights of the recognition result of the S3 step and S4 step are 0.2, the S5 step Recognition result maximum weights be 0.1.
Based on the synthetic data characteristic analysis system of DPI technology, including
Data capture engine, for monitoring DNS name resolution request, obtains domain name request data flow, generates the DNS of domain name request Parsing tables of data;
DPI recognizes engine, for carrying out application identification by DPI technology to domain name request data flow, will be recognized by DPI technology The data flow token for going out application is known applications;
IPCache recognize engine, for by through DPI identification engine unidentified go out application data flow pass through IPCache technology Application identification is carried out, and the data flow token that application is identified by IPCache technology is known applications;
DFI recognizes engine, for not identifying that the data flow of application passes through DFI technology again yet through IPCache identification engine Secondary carry out application identification, by identified by DFI technology application data flow token be known applications;
DNS is counter to look into engine, for drawing, through DFI identification, the data flow for identifying application not yet, according to purpose IP of data flow Address is backwards in the DNS list that generate in the S1 step and searches the corresponding DNS domain name of the IP address, true by DNS domain name The application attribute of the fixed data flow, the data flow token for identifying application during this is known applications.
Preferably, the described synthetic data characteristic analysis system based on DPI technology, wherein:Also include intended application identification code Production engine, for recognizing engine, IPCache identification engine, DFI identification engine and the anti-identification knot for looking into engine of DNS by DPI Fruit is weighted processing, and calculates intended application identification code by built-in algorithms, and is answered to corresponding according to intended application identification code With with weights mapping table in find the data flow application attribute ownership.
Preferably, the described synthetic data characteristic analysis system based on DPI technology, wherein:The identification of the DPI engine As a result maximum weights are 0.5, the maximum of the weights of the recognition result of the IPCache engine and the recognition result of DFI engine It is 0.1 that weights are the maximum weights of the anti-recognition result for looking into engine of 0.2, the DNS.
The advantage of technical solution of the present invention is mainly reflected in:
Deft design of the present invention, process is simple, by combination and the reasonable combination of the science of multiple application technology of identification, according to The feature of each technology sets priority and weighted value so as to will not especially rely on some technology for counsel again when self-characteristic is played, The ingenious fusion of each technological merit is accomplished, by data flow from its domain name mapping (dns resolution) to the comprehensive of its Flow Behavior Covering, so as to good identification can be carried out to the application of P2P class, the accurate of identification is accurately applied so as to improve P2P and encryption flow Property.
Also, the problem that prior art is failed to report to the height for applying feature identification, height is reported by mistake can be improved by this method.
Specific embodiment
The synthetic data characteristic analysis system based on DPI technology that the present invention is disclosed, including the data acquisition for communicating successively Engine, DPI identification engine, IPCache identification engine, DFI identification engine, DNS is counter looks into engine.
The data capture engine, for monitoring DNS name resolution request, obtains domain name request data flow, generates domain name The dns resolution tables of data of request;The dns resolution tables of data is used for looking into offer lookup source for DNS is counter.
The DPI identification engine is used for carrying out application identification by DPI technology to domain name request data flow, will be by DPI Technology identifies that the data flow token of application is known applications;Its operation principle be by monitoring target data stream, and to data Stream carries out packet and disassembles, and finds the characteristic character string in packet by scan matching, according to this feature word string and preset spy The fingerprint content that levies in storehouse compares, and the data flow that labelling matches is known applications.
So-called labelling refers to the process of record data stream information and adds Apply Names, and specifically, correlation engine can basis The data stream essential information (IP five-tuple) generates daily record, is added with the Apply Names of DPI engine identification, then in daily record This log information is passed to next processing unit.
IPCache identification engine be used for by through DPI identification engine unidentified go out application data flow pass through IPCache technology carries out application identification, and the data flow token for identifying application by IPCache technology is known applications.
The DFI identification engine is used for the data flow of application not identified yet by DFI through IPCache identification engine Technology carries out application identification again, and the data flow token for identifying application by DFI technology is known applications;The DFI knows Other engine be by surfaces such as the bag length of matched data stream, Bao Xu, directions, by the application of statistical summaries anticipation data flow Attribute, the parsing through DFI engine can determine whether out the applicating category characteristic of data flow.
The DNS is counter to look into engine for drawing, through DFI identification, the data flow for identifying application not yet, according to data flow Purpose IP address are backwards in the DNS list that generate in the S1 step and search the corresponding DNS domain name of the IP address, by DNS Domain name determines the application attribute of the data flow, according to go to identical IP, same port data flow for homogeneous data principle, recognize Belonging to same application for the data of identical purpose IP and same port in application layer, the data flow of application will be identified during this It is labeled as known applications.
For in theory, through DNS is counter look into engine after should not exist unidentified go out data flow, but in order to drop Low identification deviation, improves identification accuracy, and further, the synthetic data characteristic analysis system based on DPI technology also includes Intended application identification code production engine and marking engine, the intended application identification code production engine is used for drawing DPI identification Hold up, IPCache identification engine, DFI identification engine and the anti-recognition result for looking into engine of DNS are weighted processing, by built-in Algorithm calculates intended application identification code, and finds this according in intended application identification code to corresponding application and weights mapping table The application attribute ownership of data flow.
Here recognition result by judging the application for providing identification knot by the engine after certain engine to data flow By, so-called be weighted to according to different engine characteristics and its priority level initializing difference engine to application produced by power of influence, this In bright, the maximum weights of the recognition result of the DPI engine are more than the recognition result of the IPCache engine and DFI engine Maximum weights;The maximum weights of the anti-recognition result for looking into engine of the DNS are less than the knowledge of the IPCache engine and DFI engine The maximum weights of other result.
The weights total score is 1, if when certain engine is unrecognized, the weights of the recognition result of the engine are 0, Also, the maximum weights of the recognition result of the DPI engine are 0.5, the maximum weights of the recognition result of the IPCache engine And the maximum weights of the recognition result of DFI engine are the maximum weights of the anti-recognition result for looking into engine of 0.2, the DNS and are 0.1.
Data flow is after all applications identification engine, and the weight number combining according to appended by different engines draws a final power Value, i.e. intended application identification code, and the data flow is found according in the final weights to corresponding application and weights mapping table Application attribute belongs to.
When concrete application is recognized, carry out according to the degree of strength of each engine identification, i.e., for the priority for recognizing, DPI engine > IPCache engine > DFI engine > DNS unfavourable balance engine.
Therefore, the identification process of the synthetic data characteristic analysis system based on DPI technology of the present invention is as follows:
S1, monitoring DNS name resolution request, domain name request data flow is obtained, generates the dns resolution tables of data of domain name request.
S2, carries out application identification by DPI technology to domain name request data flow, will identify application by DPI technology Data flow token is known applications.
Its detailed process is as follows:
S21, purpose IP of record data stream and destination interface, generate purpose IP address pond (IPCache pond);
S22, purpose IP and destination interface when data flow is unrecognized then according to data flow is reversely searched in IP address pond, If finding certain data stream in address pool to be identified as concrete application, the labelling data stream is the application.
For example, data flow A and B have identical purpose IP and destination interface, data flow A quilt when DPI engine It is identified as applying Y, data stream B does not have identified, then IPCache engine is reversely searched, and factor data stream A and B have identical Purpose IP and destination interface, and data stream B is also labeled as to apply Y.
S3, by through S2 step unidentified go out application data flow application identification is carried out by IPCache technology, will pass through IPCache technology identifies that the data flow token of application is known applications.
S4, the data flow for not identifying application through S3 step yet is carried out application identification again by DFI technology, will be logical Cross DFI technology and identify that the data flow token of application is known applications.
S5, to not identifying the data flow of application yet through S4 step, the purpose IP address according to data flow are backwards to institute State in the DNS list for generating in S1 step and the corresponding DNS domain name of the IP address is searched, the data flow is determined by DNS domain name Application attribute, the data flow token for identifying application during this is known applications.
Further, also include S6, the recognition result of S2-S5 step is weighted processing, is calculated by built-in algorithms Intended application identification code, and answering for the data flow is found according in intended application identification code to corresponding application and weights mapping table Belonged to attribute.
The present invention still has numerous embodiments, all employing equivalents or equivalent transformation and all technical sides for being formed Case, is within the scope of the present invention.

Claims (8)

1. the synthetic data characteristic analysis method based on DPI technology, it is characterised in that:Comprise the steps:
S1, monitoring DNS name resolution request, domain name request data flow is obtained, generates the dns resolution tables of data of domain name request;
S2, carries out application identification by DPI technology to domain name request data flow, will identify the data of application by DPI technology Fail to be sold at auction and be designated as known applications;
S3, by through S2 step unidentified go out application data flow application identification is carried out by IPCache technology, will pass through IPCache technology identifies that the data flow token of application is known applications;
S4, the data flow for not identifying application through S3 step yet is carried out application identification again by DFI technology, will be passed through DFI technology identifies that the data flow token of application is known applications;
S5, to not identifying the data flow of application yet through S4 step, the purpose IP address according to data flow are backwards to the S1 The corresponding DNS domain name of the IP address is searched in the DNS list for generating in step, the application of the data flow is determined by DNS domain name Attribute, the data flow token for identifying application during this is known applications.
2. the synthetic data characteristic analysis method based on DPI technology according to claim 1, it is characterised in that:The S2 Step includes following process:
S21, purpose IP of record data stream and destination interface, generate purpose IP address pond(IPCache pond);
S22, when data flow is unrecognized through S1 step, then purpose IP of foundation data flow and destination interface are to purpose IP ground Location is reversely searched in pond, if finding certain data stream in purpose IP address pond to be identified as concrete application, labelling this Data flow is the application.
3. the synthetic data characteristic analysis method based on DPI technology according to claim 1, it is characterised in that:Also include Following steps:S6, the recognition result of S2-S5 step is weighted processing, and calculates intended application identification by built-in algorithms Code, and belonged to according to the application attribute for finding the data flow in intended application identification code to corresponding application and weights mapping table.
4. the synthetic data characteristic analysis method based on DPI technology according to claim 3, it is characterised in that:The S2 The maximum weights of the recognition result of step are more than the S3 step and the maximum weights of the recognition result of S4 step;The S5 step Recognition result maximum weights less than the recognition result of the S3 step and S4 step maximum weights.
5. the synthetic data characteristic analysis method based on DPI technology according to claim 3, it is characterised in that:The S2 The maximum weights of the recognition result of step are 0.5, and the maximum weights of the recognition result of the S3 step and S4 step are 0.2, The maximum weights of the recognition result of the S5 step are 0.1.
6. the synthetic data characteristic analysis system based on DPI technology, it is characterised in that:Including
Data capture engine, for monitoring DNS name resolution request, obtains domain name request data flow, generates the DNS of domain name request Parsing tables of data;
DPI recognizes engine, for carrying out application identification by DPI technology to domain name request data flow, will be recognized by DPI technology The data flow token for going out application is known applications;
IPCache recognize engine, for by through DPI identification engine unidentified go out application data flow pass through IPCache technology Application identification is carried out, and the data flow token that application is identified by IPCache technology is known applications;
DFI recognizes engine, for not identifying that the data flow of application passes through DFI technology again yet through IPCache identification engine Secondary carry out application identification, by identified by DFI technology application data flow token be known applications;
DNS is counter to look into engine, for drawing, through DFI identification, the data flow for identifying application not yet, according to purpose IP of data flow Address is backwards in the DNS list that generate in the S1 step and searches the corresponding DNS domain name of the IP address, true by DNS domain name The application attribute of the fixed data flow, the data flow token for identifying application during this is known applications.
7. according to the claim synthetic data characteristic analysis system based on DPI technology according to claim 6, its feature It is:Also include intended application identification code production engine, for DPI being recognized, engine, IPCache identification engine, DFI identification are drawn Holding up and the anti-recognition result for looking into engine of DNS is weighted processing, intended application identification code, and root is calculated by built-in algorithms According to the application attribute ownership for finding the data flow in intended application identification code to corresponding application and weights mapping table.
8. the synthetic data characteristic analysis system based on DPI technology according to claim 7, it is characterised in that:The DPI The maximum weights of the recognition result of engine are 0.5, the maximum weights of the recognition result of the IPCache engine and DFI engine It is 0.1 that the maximum weights of recognition result are the maximum weights of the anti-recognition result for looking into engine of 0.2, the DNS.
CN201610866090.1A 2016-09-30 2016-09-30 Synthetic data feature analysis method and system based on DPI (Deep Packet Inspection) technology Pending CN106452953A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201610866090.1A CN106452953A (en) 2016-09-30 2016-09-30 Synthetic data feature analysis method and system based on DPI (Deep Packet Inspection) technology

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201610866090.1A CN106452953A (en) 2016-09-30 2016-09-30 Synthetic data feature analysis method and system based on DPI (Deep Packet Inspection) technology

Publications (1)

Publication Number Publication Date
CN106452953A true CN106452953A (en) 2017-02-22

Family

ID=58170152

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201610866090.1A Pending CN106452953A (en) 2016-09-30 2016-09-30 Synthetic data feature analysis method and system based on DPI (Deep Packet Inspection) technology

Country Status (1)

Country Link
CN (1) CN106452953A (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108173705A (en) * 2017-11-28 2018-06-15 北京天融信网络安全技术有限公司 First packet recognition methods, device, equipment and the medium of flow drainage
CN110417729A (en) * 2019-06-12 2019-11-05 中国科学院信息工程研究所 A kind of service and application class method and system encrypting flow

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102891893A (en) * 2012-10-16 2013-01-23 苏州迈科网络安全技术股份有限公司 P2P (Peer-to-Peer) traffic identification method and P2P traffic identification system
CN103746768A (en) * 2013-10-08 2014-04-23 北京神州绿盟信息安全科技股份有限公司 Data packet identification method and equipment thereof
CN104348675A (en) * 2013-08-02 2015-02-11 北京邮电大学 Bidirectional service data flow identification method and device
CN105847078A (en) * 2016-03-17 2016-08-10 哈尔滨工程大学 HTTP (Hyper Text Transport Protocol) traffic refined identification method based on DPI (Data Processing Installation) self-study mechanism

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102891893A (en) * 2012-10-16 2013-01-23 苏州迈科网络安全技术股份有限公司 P2P (Peer-to-Peer) traffic identification method and P2P traffic identification system
CN104348675A (en) * 2013-08-02 2015-02-11 北京邮电大学 Bidirectional service data flow identification method and device
CN103746768A (en) * 2013-10-08 2014-04-23 北京神州绿盟信息安全科技股份有限公司 Data packet identification method and equipment thereof
CN105847078A (en) * 2016-03-17 2016-08-10 哈尔滨工程大学 HTTP (Hyper Text Transport Protocol) traffic refined identification method based on DPI (Data Processing Installation) self-study mechanism

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108173705A (en) * 2017-11-28 2018-06-15 北京天融信网络安全技术有限公司 First packet recognition methods, device, equipment and the medium of flow drainage
CN110417729A (en) * 2019-06-12 2019-11-05 中国科学院信息工程研究所 A kind of service and application class method and system encrypting flow

Similar Documents

Publication Publication Date Title
Zhou et al. Gan-siamese network for cross-domain vehicle re-identification in intelligent transport systems
CN103838754B (en) Information retrieval device and method
CN109117634A (en) Malware detection method and system based on network flow multi-view integration
CN111726264B (en) Network protocol variation detection method, device, electronic equipment and storage medium
CN106789242B (en) Intelligent identification application analysis method based on mobile phone client software dynamic feature library
US20170053031A1 (en) Information forecast and acquisition method based on webpage link parameter analysis
CN105959321A (en) Passive identification method and apparatus for network remote host operation system
CN108536749B (en) Method for constructing person track view based on collision detection method
CN110177123B (en) Botnet detection method based on DNS mapping association graph
CN109151880A (en) Mobile application flow identification method based on multilayer classifier
CN105024993A (en) Protocol comparison method based on vector operation
CN111200600B (en) Internet of things equipment flow sequence fingerprint feature extraction method
CN106991370A (en) Pedestrian retrieval method based on color and depth
AU2012200642A1 (en) A method and apparatus for communications analysis
CN108718341A (en) Shared and search the method for data
CN112217834B (en) Internet encryption flow interactive feature extraction method based on graph structure
CN106452953A (en) Synthetic data feature analysis method and system based on DPI (Deep Packet Inspection) technology
CN110034966B (en) Data flow classification method and system based on machine learning
CN108173705A (en) First packet recognition methods, device, equipment and the medium of flow drainage
Kong et al. Identification of abnormal network traffic using support vector machine
CN106227741B (en) A kind of extensive URL matching process based on multilevel hash index chained list
CN104580254B (en) A kind of fishing website identifying system and method
CN105119876B (en) A kind of detection method and system of the domain name automatically generated
CN101854330A (en) Method and system for collecting and analyzing network applications of Internet
CN107209834A (en) Malicious communication pattern extraction apparatus, malicious communication schema extraction system, malicious communication schema extraction method and malicious communication schema extraction program

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication

Application publication date: 20170222

RJ01 Rejection of invention patent application after publication