CN107018096A - The method that data analysis and reduction are carried out based on application layer protocol - Google Patents
The method that data analysis and reduction are carried out based on application layer protocol Download PDFInfo
- Publication number
- CN107018096A CN107018096A CN201710303842.8A CN201710303842A CN107018096A CN 107018096 A CN107018096 A CN 107018096A CN 201710303842 A CN201710303842 A CN 201710303842A CN 107018096 A CN107018096 A CN 107018096A
- Authority
- CN
- China
- Prior art keywords
- application layer
- layer protocol
- packet
- module
- carried out
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L49/00—Packet switching elements
- H04L49/90—Buffering arrangements
- H04L49/9057—Arrangements for supporting packet reassembly or resequencing
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L43/00—Arrangements for monitoring or testing data switching networks
- H04L43/02—Capturing of monitoring data
- H04L43/026—Capturing of monitoring data using flow identification
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention discloses a kind of method that data analysis and reduction are carried out based on application layer protocol, comprise the following steps:Application layer protocol flag sign is extracted;Distinguish application layer protocol:Agreement differentiation is carried out to packet;Judge the time-out time that packet is reached;All packets are spliced;The system that data analysis and reduction are carried out based on application layer protocol, it is characterised in that:Described characteristic extracting module is extracted to application layer protocol flag sign;Application layer protocol discriminating module carries out agreement differentiation to packet;Judge module judges the time-out time that packet is reached;Packet concatenation module is spliced all packets;Conversation recording acquisition module obtains session complete documentation.The present invention, which has, quickly analyzes new agreement, the fireballing feature of application layer packet reduction restructuring.
Description
Technical field
It is especially a kind of that data analysis is carried out based on application layer protocol the present invention relates to network data analysis and reduction field
With the method and system of reduction.
Background technology
The purpose for obtaining packet is in order to which these packets are analyzed and judged, so as to obtain in the information of network
Hold.The analysis of network packet is widely used to the fields such as intrusion detection, fire wall, network measure with judgment technology.At present,
The more commonly used data packet analysis technology includes stateless data packet analysis technology and stateful data packet analysis technology.Stateless
Data packet analysis technology is the network packet analytical technology used earliest.Such as traditional fire wall just uses stateless technology
To filter packet.Stateless technology need not keep the state of each packet, and it only needs to system and provided for analysis software
Rule set.When collecting device receives packet, just the packet is checked according to the rule of rule set, if
Match somebody with somebody, represent acceptance of the bid, otherwise, do not get the bid.The advantage of stateless data packet analysis is the internal memory for not needing over-consumption, because this
Technology need not preserve the state each wrapped but shortcoming is also apparent, and these shortcomings mainly include, need to consume substantial amounts of meter
Evaluation time, because to each bag, being required for that inspection is compared, when rule set quantity is larger, the time of search rule collection will
It is very huge.
The content of the invention
Data analysis is carried out based on application layer protocol it is an object of the invention to overcome the deficiencies of the prior art and provide one kind
With the method and system of reduction, it can quickly analyze new agreement and application layer packet reduction restructuring speed is fast.
The purpose of the present invention is achieved through the following technical solutions:Data analysis is carried out with going back based on application layer protocol
Former method, it is characterised in that comprise the following steps:
Application layer protocol flag sign is extracted;
Distinguish application layer protocol:Agreement differentiation is carried out to packet;
Judge the time-out time that packet is reached;
All packets are spliced;
It is preferred that, described differentiation application layer protocol is to carry out agreement differentiation to packet, will belong to Internet and transport layer
Packet is rejected.
It is preferred that, application layer protocol is distinguished by whether including session start mark and conversation end mark in packet,
And judge the session start and end of application layer.
It is preferred that, described session start mark and session end mark is the mark of a special string or application protocol
Will position.
It is preferred that, described packet is combined as packet queue i.e. effective data packets after being rejected are arranged.
It is preferred that, described effective data packets row are a sliding windows.
The system that data analysis and reduction are carried out based on application layer protocol, it is characterised in that including:Characteristic extracting module,
Application layer protocol discriminating module, judge module, packet concatenation module and conversation recording acquisition module;Characteristic extracting module is with answering
It is connected with layer protocol discriminating module, application layer protocol discriminating module is connected with judge module, judge module splices mould with packet
Block is connected, and packet concatenation module is connected with conversation recording acquisition module.
It is preferred that, described characteristic extracting module is extracted to application layer protocol flag sign;Application layer protocol discriminating module
Agreement differentiation is carried out to packet;Judge module judges the time-out time that packet is reached;Packet concatenation module is by all numbers
Spliced according to bag;Conversation recording acquisition module obtains session complete documentation.
It is preferred that, described application layer protocol discriminating module, by whether including session start mark and meeting in packet
End mark is talked about, and judges the session start and end of application layer
The beneficial effects of the invention are as follows:The present invention, which has, quickly analyzes new agreement, and application layer packet reduction restructuring is fireballing
Feature.
Brief description of the drawings
Fig. 1 is the method flow diagram that data analysis and reduction are carried out based on application layer protocol;
Fig. 2 is the system framework figure that data analysis and reduction are carried out based on application layer protocol.
Embodiment
Technical scheme is described in further detail below in conjunction with the accompanying drawings, but protection scope of the present invention is not limited to
It is as described below.
As shown in figure 1, carrying out the method for data analysis and reduction based on application layer protocol, comprise the following steps:
Application layer protocol flag sign is extracted;
Distinguish application layer protocol:Agreement differentiation is carried out to packet;
Judge the time-out time that packet is reached;
All packets are spliced;
Obtain session complete documentation.
Described differentiation application layer protocol, is to carry out agreement differentiation to packet, will belong to the number of Internet and transport layer
Rejected according to bag.
Described differentiation application layer protocol by packet whether include session start mark and conversation end mark, and
Judge the session start and end of application layer.
Described session start mark and the flag bit that session end mark is a special string or application protocol.
Described packet is combined as packet queue i.e. effective data packets after being rejected are arranged.
Described effective data packets row are a sliding windows.
The system that data analysis and reduction are carried out based on application layer protocol, including:Characteristic extracting module, application layer protocol
Discriminating module, judge module, packet concatenation module and conversation recording acquisition module;Characteristic extracting module and application layer protocol area
Sub-module is connected, and application layer protocol discriminating module is connected with judge module, and judge module is connected with packet concatenation module, data
Bag concatenation module is connected with conversation recording acquisition module.
Described characteristic extracting module is extracted to application layer protocol flag sign;Application layer protocol discriminating module is to packet
Carry out agreement differentiation;Judge module judges the time-out time that packet is reached;Packet concatenation module carries out all packets
Splicing;Conversation recording acquisition module obtains session complete documentation.
Described application layer protocol discriminating module, by whether including session start mark and conversation end mark in packet
Will, and judge the session start and end of application layer
Described above is only the preferred embodiment of the present invention, it should be understood that the present invention is not limited to shape described herein
Formula, is not to be taken as the exclusion to other embodiment, and available for various other combinations, modification and environment, and can be herein
In the contemplated scope, it is modified by the technology or knowledge of above-mentioned teaching or association area.And those skilled in the art are carried out
Change and change do not depart from the spirit and scope of the present invention, then all should be in the protection domain of appended claims of the present invention.
Claims (9)
1. the method for data analysis and reduction is carried out based on application layer protocol, it is characterised in that comprise the following steps:Application layer is assisted
Will of assessing a bid for tender feature extraction;
Distinguish application layer protocol:Agreement differentiation is carried out to packet;
Judge the time-out time that packet is reached;
All packets are spliced.
2. the method according to claim 1 that data analysis and reduction are carried out based on application layer protocol, it is characterised in that:Institute
The differentiation application layer protocol stated is to carry out agreement differentiation to packet, and the packet for belonging to Internet and transport layer is picked
Remove.
3. the method that data analysis and reduction are carried out based on application layer protocol according to claim 1-2 any one, its
It is characterised by:Described differentiation application layer protocol, by whether including session start mark and conversation end mark in packet,
And judge the session start and end of application layer.
4. the method according to claim 3 that data analysis and reduction are carried out based on application layer protocol, it is characterised in that:Institute
The session start mark stated and the flag bit that session end mark is a special string or application protocol.
5. the method according to claim 3 that data analysis and reduction are carried out based on application layer protocol, it is characterised in that:Institute
The packet stated is combined as packet queue i.e. effective data packets after being rejected are arranged.
6. the method according to claim 5 that data analysis and reduction are carried out based on application layer protocol, it is characterised in that:Institute
The effective data packets row stated are a sliding windows.
7. the system of data analysis and reduction is carried out based on application layer protocol, it is characterised in that including:Characteristic extracting module, should
With layer protocol discriminating module, judge module, packet concatenation module and conversation recording acquisition module;Characteristic extracting module and application
Layer protocol discriminating module is connected, and application layer protocol discriminating module is connected with judge module, judge module and packet concatenation module
It is connected, packet concatenation module is connected with conversation recording acquisition module.
8. the system according to claim 1 that data analysis and reduction are carried out based on application layer protocol, it is characterised in that:Institute
The characteristic extracting module stated is extracted to application layer protocol flag sign;Application layer protocol discriminating module carries out agreement area to packet
Point;Judge module judges the time-out time that packet is reached;Packet concatenation module is spliced all packets;Session is remembered
Record acquisition module and obtain session complete documentation.
9. the system according to claim 1 that data analysis and reduction are carried out based on application layer protocol, it is characterised in that:Institute
The application layer protocol discriminating module stated, by whether including session start mark and conversation end mark, and judge in packet
The session start and end of application layer.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201710303842.8A CN107018096A (en) | 2017-05-03 | 2017-05-03 | The method that data analysis and reduction are carried out based on application layer protocol |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201710303842.8A CN107018096A (en) | 2017-05-03 | 2017-05-03 | The method that data analysis and reduction are carried out based on application layer protocol |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN107018096A true CN107018096A (en) | 2017-08-04 |
Family
ID=59448735
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201710303842.8A Pending CN107018096A (en) | 2017-05-03 | 2017-05-03 | The method that data analysis and reduction are carried out based on application layer protocol |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN107018096A (en) |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110753050A (en) * | 2019-10-22 | 2020-02-04 | 网易(杭州)网络有限公司 | Method and device for generating protocol document, computer storage medium and electronic equipment |
| CN111314164A (en) * | 2019-12-13 | 2020-06-19 | 北京明朝万达科技股份有限公司 | Network flow restoration method and device and computer readable storage medium |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101729542A (en) * | 2009-11-26 | 2010-06-09 | 上海大学 | Multi-protocol information resolving system based on network packet |
| CN103780610A (en) * | 2014-01-16 | 2014-05-07 | 绵阳师范学院 | Network data recovery method based on protocol characteristics |
| CN104320304A (en) * | 2014-11-04 | 2015-01-28 | 武汉虹信技术服务有限责任公司 | Multimode integration core network user traffic application identification method easy to expand |
| US20150085878A1 (en) * | 2013-09-26 | 2015-03-26 | Netapp, Inc. | Protocol data unit interface |
-
2017
- 2017-05-03 CN CN201710303842.8A patent/CN107018096A/en active Pending
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101729542A (en) * | 2009-11-26 | 2010-06-09 | 上海大学 | Multi-protocol information resolving system based on network packet |
| US20150085878A1 (en) * | 2013-09-26 | 2015-03-26 | Netapp, Inc. | Protocol data unit interface |
| CN103780610A (en) * | 2014-01-16 | 2014-05-07 | 绵阳师范学院 | Network data recovery method based on protocol characteristics |
| CN104320304A (en) * | 2014-11-04 | 2015-01-28 | 武汉虹信技术服务有限责任公司 | Multimode integration core network user traffic application identification method easy to expand |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110753050A (en) * | 2019-10-22 | 2020-02-04 | 网易(杭州)网络有限公司 | Method and device for generating protocol document, computer storage medium and electronic equipment |
| CN110753050B (en) * | 2019-10-22 | 2022-03-04 | 网易(杭州)网络有限公司 | Method and device for generating protocol document, computer storage medium and electronic equipment |
| CN111314164A (en) * | 2019-12-13 | 2020-06-19 | 北京明朝万达科技股份有限公司 | Network flow restoration method and device and computer readable storage medium |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN101741744B (en) | Network flow identification method | |
| CN101645806B (en) | Network flow classifying system and network flow classifying method combining DPI and DFI | |
| CN103905261B (en) | Protocol characteristic storehouse online updating method and system | |
| CN102025563B (en) | Network flow identification method based on Hash collision compensation | |
| CN104156389B (en) | Deep-packet detection system and method based on Hadoop platform | |
| CN110222791A (en) | Sample labeling information auditing method and device | |
| CN106330584A (en) | Identification method and identification device of business flow | |
| CN103297267B (en) | A kind of methods of risk assessment of network behavior and system | |
| CN104408923B (en) | Traffic behavior appraisal procedure and device | |
| CN109522421A (en) | A kind of product attribute recognition methods of the network equipment | |
| CN108766031A (en) | A kind of method and apparatus of detection lane obstructions object | |
| CN113407886A (en) | Network crime platform identification method, system, device and computer storage medium | |
| CN106789242A (en) | A kind of identification application intellectual analysis engine based on mobile phone client software behavioral characteristics storehouse | |
| CN107018096A (en) | The method that data analysis and reduction are carried out based on application layer protocol | |
| CN106408334A (en) | Verification method and system of network advertisements | |
| WO2021114985A1 (en) | Companionship object identification method and apparatus, server and system | |
| CN107818132A (en) | A kind of webpage agent discovery method based on machine learning | |
| CN110020161B (en) | Data processing method, log processing method and terminal | |
| CN109213858B (en) | Automatic identification method and system for network water army | |
| CN109275045A (en) | Mobile terminal encrypted video ad traffic recognition methods based on DFI | |
| CN102437959B (en) | Stream forming method based on dual overtime network message | |
| CN106980658A (en) | Video labeling method and device | |
| CN104410533A (en) | Network user behavior identification system | |
| CN101296224B (en) | P2P flux recognition system and method | |
| CN106557535B (en) | Method and system for processing big data level Pcap file |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20170804 |