CN107181736A - Based on 7 layers of network data packet classification method applied and system - Google Patents
Based on 7 layers of network data packet classification method applied and system Download PDFInfo
- Publication number
- CN107181736A CN107181736A CN201710267176.7A CN201710267176A CN107181736A CN 107181736 A CN107181736 A CN 107181736A CN 201710267176 A CN201710267176 A CN 201710267176A CN 107181736 A CN107181736 A CN 107181736A
- Authority
- CN
- China
- Prior art keywords
- data
- packet
- application
- classification
- layers
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L69/00—Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
- H04L69/30—Definitions, standards or architectural aspects of layered protocol stacks
- H04L69/32—Architecture of open systems interconnection [OSI] 7-layer type protocol stacks, e.g. the interfaces between the data link level and the physical level
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
- H04L63/0227—Filtering policies
- H04L63/0236—Filtering by address, protocol, port number or service, e.g. IP-address or URL
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L69/00—Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
- H04L69/22—Parsing or analysis of headers
Abstract
The present invention provides a kind of based on 7 layers of network data packet classification method applied and system, in the case that it in the source MAC or destination-mac address that receive data with MAC Address preset in strategy by matching, classification judgement is carried out to packet according to data frame type;And data message head is obtained to packet progress fractionation parsing, subdata type is judged according to data message head;Application layer protocol characteristic code is finally matched in the pay(useful) load of data, is applied layer protocol classification according to application layer protocol characteristic code;So as to precisely recognize various network applications, output flow is reduced as far as possible, is improved convergence ratio, is greatly reduced the deployment quantity of Back end data content analysis server.
Description
Technical field
The present invention relates to the technical field of network traffics processing, and in particular to a kind of network packet based on 7 layers of application
Sorting technique and system.
Background technology
Growing network security demand is developed and meets rapidly in face of information-based, and the constantly research and development of each security firm are new
Technology, from traditional 3, the tracking that 4 layers are developed into 7 layers of application content now using filtering.With " the blast of network traffics
The deep parsing that formula " increases and safety applications are analyzed, traditional net flow assorted equipment can only according to 3,4 layers of application carry out just
The classification of step, it is impossible to be deep into 7 layers of application.Real safety applications demand can not have been met by traditional scheme, therefore has been compeled
The system for needing to have 7 layers of application traffic identification and classification is cut, the network traffics of magnanimity can be classified, filtered out largely not
The network packet needed, real valuable 7 layers of application data packet filtering is come out to security engine.
The content of the invention
For the deficiency of technology at this stage, various network applications can be precisely recognized it is an object of the invention to provide one kind,
And reduction output flow, improve convergence ratio based on 7 layers application network data packet classification methods and system.
A kind of network data packet classification method based on 7 layers of application, the network packet classification side based on 7 layers of application
Method comprises the following steps:
S1, situation about being matched in the source MAC or destination-mac address for receiving data with MAC Address preset in strategy
Under, classification judgement is carried out to packet according to data frame type;
S2, to packet carry out split parsing obtain data message head, subdata type is judged according to data message head;
S3, the matching application layer protocol characteristic code in the pay(useful) load of data, are answered according to application layer protocol characteristic code
Use layer protocol classification.
A kind of network packet categorizing system based on 7 layers of application, the network packet based on 7 layers of application, which is classified, is
System includes following functions module:
Packet classification module, for preset in the source MAC or destination-mac address and strategy for receive data
In the case that MAC Address is matched, classification judgement is carried out to packet according to data frame type;
Subdata sort module, obtains data message head, according to data message head for carrying out fractionation parsing to packet
Judge subdata type;
Application recognition module, for matching application layer protocol characteristic code in the pay(useful) load of data, is assisted according to application layer
View condition code is applied layer protocol classification.
The present invention provides a kind of based on 7 layers of network data packet classification method applied and system, and it, which passes through, is receiving data
Source MAC or destination-mac address with the case that preset MAC Address is matched in strategy, according to data frame type logarithm
Classification judgement is carried out according to bag;And data message head is obtained to packet progress fractionation parsing, subnumber is judged according to data message head
According to type;Application layer protocol characteristic code is finally matched in the pay(useful) load of data, is answered according to application layer protocol characteristic code
Use layer protocol classification;So as to precisely recognize various network applications, output flow is reduced as far as possible, improves convergence ratio, greatly
Reduce the deployment quantity of Back end data content analysis server.
Brief description of the drawings
Fig. 1 is the step flow chart of the network data packet classification method based on 7 layers of application described in the embodiment of the present invention;
Fig. 2 is that the port of the network data packet classification method based on 7 layers of application described in the embodiment of the present invention exports flow
Figure;
Fig. 3 is the FB(flow block) of the network data packet classification method based on 7 layers of application described in the embodiment of the present invention;
Fig. 4 is the sub-process block diagram of step S1 in Fig. 3;
Fig. 5 is the sub-process block diagram of step S2 in Fig. 3;
Fig. 6 is the sub-process block diagram of step S3 in Fig. 3;
Fig. 7 is the module frame chart of the network packet categorizing system based on 7 layers of application described in the embodiment of the present invention;
Fig. 8 is the unit block diagram of packet classification module in Fig. 7;
Fig. 9 is the unit block diagram of Fig. 7 neutron data sort modules;
Figure 10 is the unit block diagram of application recognition module in Fig. 7.
Embodiment
In order to make the purpose , technical scheme and advantage of the present invention be clearer, it is right below in conjunction with drawings and Examples
The present invention is further elaborated, it will be appreciated that the specific embodiments described herein are merely illustrative of the present invention, and
It is not used in the restriction present invention.
The present invention proposes a kind of network data packet classification method based on 7 layers of application, as depicted in figs. 1 and 2, described to be based on
The network data packet classification method of 7 layers of application comprises the following steps:
S1, situation about being matched in the source MAC or destination-mac address for receiving data with MAC Address preset in strategy
Under, classification judgement is carried out to packet according to data frame type;
Specifically, as shown in figure 3, the step S1 include it is following step by step:
S11, packet split obtain the source MAC and destination-mac address of data frame type and data;
S12, the source MAC and destination-mac address for extracting reception data, by source MAC or destination-mac address and plan
Preset MAC Address is compared in slightly, if comparing result is consistent, into step S13;If comparing result is inconsistent,
Then enter step S14;
S13, according to data frame type to packet carry out classification judgement;
S14, to data carry out physical port matching judgment output.
Wherein, in the step S13, according to data frame type by packet point carry out IP packets, vlan data bag,
The classification of PPPOE packets and other types of packet four.
S2, to packet carry out split parsing obtain data message head, subdata type is judged according to data message head.
As shown in figure 4, the step S2 include it is following step by step:
S21, sorted packet carried out splitting parsing obtain the literary head of IP datagram,
S22, in the literary head of IP datagram Match IP protocol type;
S23, subdata type judged according to IP protocol type.
Wherein, the subdata type includes TCP data bag, UDP message bag, GRE packets and other packets four
Plant classification.
For IP packets, fractionation parsing is carried out first and obtains the literary head of IP datagram, the Match IP in the literary head of IP datagram
Protocol type;If matching result is consistent, judge it is TCP data bag or UDP message bag according to IP protocol type, such as
Fruit matching result is inconsistent, then carries out physical port matching judgment output to IP packets.
For vlan data bag, first determine whether whether vlan data bag meets the VLAN-ID strategies of user's setting, if not
Meet, then physical port matching judgment output is carried out to vlan data bag;If it is satisfied, then splitting parsing obtains IP datagram text
Head, the protocol type of Match IP in the literary head of IP datagram;If matching result is consistent, it is according to the judgement of IP protocol type
TCP data bag or UDP message bag, if matching result is inconsistent, carry out physical port matching judgment defeated to IP packets
Go out.
Whether for PPPOE packets, it is subscriber dialing authentication data packet to first determine whether PPPOE packets, if it is not,
Physical port matching judgment output then is carried out to PPPOE packets;If it is, exporting plan according to matching to PPPOE packets
Slightly exported.
For other packets, then physical port matching judgment output is directly carried out.
S3, the matching application layer protocol characteristic code in the pay(useful) load of data, are answered according to application layer protocol characteristic code
Use layer protocol classification.
As shown in figure 5, the step S3 include it is following step by step:
S31, subdata carry out port policy matching;
S32, in the case of port policy is unmatched, in data payload match application layer protocol characteristic code, according to should
Be applied layer protocol classification with layer protocol condition code.
S33, the output according to application layer protocol classification subdata progress Different Strategies.
For TCP data bag, first determine whether whether the source port and target port of TCP data bag match TCP port strategy,
If TCP port strategy can be matched, exported according to matching output policy;If can not match, to TCP data bag
Load carry out TCP application-level protocol identifications;The application rule that search matching is set up in advance i.e. inside TCP payload
Storehouse, condition code is applied if finding and matching, and is exported according to matching output policy;If do not find match should
With condition code, then physical port matching judgment output is carried out.
For UDP message bag, first determine whether whether the source port and target port of UDP message bag data bag match UDP ends
Mouth strategy, if it is possible to match udp port strategy, then exported according to matching output policy;It is right if can not match
The load of UDP message bag carries out UDP application-level protocol identifications;Search matching is set up in advance i.e. inside UDP payload
Using rule base, condition code is applied if finding and matching, is exported according to matching output policy;If not finding phase
The application condition code of matching, then carry out physical port matching judgment output.
Specifically, it is specifically to judge whether data to be output match physics that data are carried out with the output of physical port matching judgment
Port policy, if it does not match, directly abandoning, if it does, then determining whether the output network interface of physical port matching is
It is no normal, if normally, data to be output to be matched to the output network interface specified from physical port and are exported, if abnormal,
Data to be output are re-assigned to other network interfaces with it with group, this makes it possible to ensure that flow do not lose as far as possible.
When being exported to data according to matching output policy, it is necessary first to judge whether the output network interface specified is normal,
If normal, data to be output are exported from the output network interface specified, if abnormal, data to be output redistributed
To with its other network interface with group, this makes it possible to ensure that flow do not lose as far as possible.
Such as same a packet needs uniformly to be exported from OUT-1, OUT-2 and OUT-3, and system passes through poll
The state of each network interface card finds out some moment OUT-1 ports and occurs in that failure, then can automatically by packet only from OUT-2 and
OUT-3 is uniformly exported.If finding out OUT-1 fault recoveries, then revert to equal from OUT-1, OUT-2, OUT-3 progress
Even output, so as to reduce the loss of output data packet as far as possible.
Heretofore described VLAN-ID strategies, matching output policy, TCP port strategy, udp port strategy and physics
The dependency rule of port policy is set by user, and above-mentioned various strategies can be combined with time parameter method, forms each
Plant combined strategy.
According to it is above-mentioned based on 7 layers application network data packet classification methods, the present invention also provide it is a kind of based on 7 layers application
Network packet categorizing system, as shown in fig. 6, the network packet categorizing system based on 7 layers of application includes following functions
Module:
Packet classification module, for preset in the source MAC or destination-mac address and strategy for receive data
In the case that MAC Address is matched, classification judgement is carried out to packet according to data frame type;
Subdata sort module, obtains data message head, according to data message head for carrying out fractionation parsing to packet
Judge subdata type;
Application recognition module, for matching application layer protocol characteristic code in the pay(useful) load of data, is assisted according to application layer
View condition code is applied layer protocol classification.
Wherein, as shown in fig. 7, the packet classification module includes following functions unit:
One-level split cells, for packet carry out split obtain data frame type and data source MAC and
Destination-mac address;
Address comparison unit, the source MAC and destination-mac address of data is received for extracting, by source MAC or mesh
Mark MAC Address is compared with MAC Address preset in strategy, if comparing result is consistent, sends result to classification and sentences
Disconnected unit;If comparing result is inconsistent, physics output unit is sent result to;
Classification judging unit, for carrying out classification judgement to packet according to data frame type;
Physics output unit, for carrying out physical port matching judgment output to data.
As shown in figure 8, the subdata sort module includes following functions unit:
Two grades of split cells, the literary head of IP datagram is obtained for carrying out fractionation parsing to sorted packet,
Protocol matching unit, the protocol type for the Match IP in the literary head of IP datagram;
Agreement judging unit, for judging subdata type according to IP protocol type.
As shown in figure 9, the application recognition module includes following functions unit:
Port match unit, port policy matching is carried out for subdata;
Condition code matching unit, in the case of port policy is unmatched, application layer association to be matched in data payload
Condition code is discussed, is applied layer protocol classification according to application layer protocol characteristic code.
Tactful output unit, the output for carrying out Different Strategies according to application layer protocol classification subdata.
The present invention provides a kind of based on 7 layers of network data packet classification method applied and system, and it, which passes through, is receiving data
Source MAC or destination-mac address with the case that preset MAC Address is matched in strategy, according to data frame type logarithm
Classification judgement is carried out according to bag;And data message head is obtained to packet progress fractionation parsing, subnumber is judged according to data message head
According to type;Application layer protocol characteristic code is finally matched in the pay(useful) load of data, is answered according to application layer protocol characteristic code
Use layer protocol classification;So as to precisely recognize various network applications, output flow is reduced as far as possible, improves convergence ratio, greatly
Reduce the deployment quantity of Back end data content analysis server.
Specifically, it is of the present invention it is a kind of based on 7 layers application network data packet classification methods and system compare existing skill
The advantage of art is as follows:
In traditional scheme, each delivery outlet data are indiscriminate, can only handle the data of layer 2-4;In new scheme,
In addition to compatible traditional scheme, moreover it is possible to support the identification and classification of 7 layers of application, by self-defined some groups of different rules,
The different 7 layer application data bag of input is exported from different output groupings.
Be essentially all indifference processing for packet in traditional scheme, will not be specifically designed for some non-7 layers it is special
Packet carries out specially treated;In new scheme, it can be identified and handle for some non-7 layers of special data packages.Than
Such as:The packets such as chap authentication, GRE certifications need to be converged, then specify delivery outlet output from some.
In traditional scheme, each delivery outlet data are stateless to be exported, if some delivery outlet failure is (such as:Netting twine quilt
Pull out), the data exported from this mouthful will lose;In new scheme, add to exporting the state-detection of network interface, once find certain
Individual delivery outlet failure, then redistribute (average other network interfaces being distributed to it with group) by the flow exported from the network interface,
This makes it possible to ensure that flow do not lose as far as possible.
Apparatus above embodiment is one-to-one, the simple part of device embodiment with embodiment of the method, real referring to method
Apply example.
The embodiment of each in this specification is described by the way of progressive, and what each embodiment was stressed is and other
Between the difference of embodiment, each embodiment identical similar portion mutually referring to.
Professional further appreciates that, with reference to the unit of each example of the embodiments described herein description
And algorithm steps, can be realized with electronic hardware, computer software or the combination of the two, in order to clearly demonstrate hardware and
The interchangeability of software, generally describes the composition and step of each example according to feature in the above description.This
A little functions are performed with hardware or software mode actually, depending on the application-specific and design constraint of technical scheme.Specially
Industry technical staff can realize described function to each specific application using distinct methods, but this realization is not
The scope of the present invention should be exceeded.
Directly it can be held with reference to the step of the method or algorithm that the embodiments described herein is described with hardware, processor
Capable software module, or the two combination are implemented.Software module can be placed in random access memory, internal memory, read-only storage,
Institute is public in electrically programmable ROM, electrically erasable ROM, register, hard disk, moveable magnetic disc, CD-ROM or technical field
In the storage medium for any other forms known.
Embodiments of the invention are described above in conjunction with accompanying drawing, but the invention is not limited in above-mentioned specific
Embodiment, above-mentioned embodiment is only schematical, rather than restricted, one of ordinary skill in the art
Under the enlightenment of the present invention, in the case of present inventive concept and scope of the claimed protection is not departed from, it can also make a lot
Form, these are belonged within the protection of the present invention.
Claims (10)
1. a kind of network data packet classification method based on 7 layers of application, it is characterised in that the network number based on 7 layers of application
Comprise the following steps according to packet classification method:
S1, receive the source MAC or destination-mac address of data with it is tactful in the case that preset MAC Address matches, root
Classification judgement is carried out to packet according to data frame type;
S2, to packet carry out split parsing obtain data message head, subdata type is judged according to data message head;
S3, application layer protocol characteristic code is matched in the pay(useful) load of data, be applied layer according to application layer protocol characteristic code
Protocol class.
2. the network data packet classification method according to claim 1 based on 7 layers of application, it is characterised in that the step S1
Including it is following step by step:
S11, packet split obtain the source MAC and destination-mac address of data frame type and data;
S12, the source MAC and destination-mac address for extracting reception data, by source MAC or destination-mac address and strategy
Preset MAC Address is compared, if comparing result is consistent, into step S13;If comparing result is inconsistent, enter
Enter step S14;
S13, according to data frame type to packet carry out classification judgement;
S14, to data carry out physical port matching judgment output.
3. the network data packet classification method according to claim 2 based on 7 layers of application, it is characterised in that the step S13
In, packet point is carried out by IP packets, vlan data bag, PPPOE packets and other packets according to data frame type
The classification of four types.
4. the network data packet classification method according to claim 3 based on 7 layers of application, it is characterised in that the step S2
Including it is following step by step:
S21, sorted packet is carried out splitting parsing obtain the literary head of IP datagram;
S22, in the literary head of IP datagram Match IP protocol type;
S23, subdata type judged according to IP protocol type.
5. the network data packet classification method according to claim 4 based on 7 layers of application, it is characterised in that the subdata
Type includes TCP data bag, UDP message bag, the four kinds of classification of GRE packets and other packets.
6. the network data packet classification method according to claim 5 based on 7 layers of application, it is characterised in that the step S3
Including it is following step by step:
S31, subdata carry out port policy matching;
S32, in the case of port policy is unmatched, in data payload match application layer protocol characteristic code, according to application layer
Protocol characteristic code is applied layer protocol classification;
S33, the output according to application layer protocol classification subdata progress Different Strategies.
7. a kind of network packet categorizing system based on 7 layers of application, it is characterised in that the network number based on 7 layers of application
Include following functions module according to bag categorizing system:
Packet classification module, for receiving the source MAC or destination-mac address of data and preset MAC in strategy
In the case that location is matched, classification judgement is carried out to packet according to data frame type;
Subdata sort module, obtains data message head for carrying out fractionation parsing to packet, is judged according to data message head
Subdata type;
Application recognition module, it is special according to application layer protocol for matching application layer protocol characteristic code in the pay(useful) load of data
Code is levied to be applied layer protocol classification.
8. the network packet categorizing system according to claim 7 based on 7 layers of application, it is characterised in that the packet
Sort module includes following functions unit:
One-level split cells, for carrying out splitting the source MAC and target that obtain data frame type and data to packet
MAC Address;
Address comparison unit, the source MAC and destination-mac address of data is received for extracting, by source MAC or target
MAC Address is compared with MAC Address preset in strategy, if comparing result is consistent, sends result to classification and judges
Unit;If comparing result is inconsistent, physics output unit is sent result to;
Classification judging unit, for carrying out classification judgement to packet according to data frame type;
Physics output unit, for carrying out physical port matching judgment output to data.
9. the network packet categorizing system according to claim 7 based on 7 layers of application, it is characterised in that the subdata
Sort module includes following functions unit:
Two grades of split cells, the literary head of IP datagram is obtained for carrying out fractionation parsing to sorted packet,
Protocol matching unit, the protocol type for the Match IP in the literary head of IP datagram;
Agreement judging unit, for judging subdata type according to IP protocol type.
10. the network packet categorizing system according to claim 5 based on 7 layers of application, it is characterised in that the application is known
Other module includes following functions unit:
Port match unit, port policy matching is carried out for subdata;
Condition code matching unit, in the case of port policy is unmatched, application layer protocol being matched in data payload special
Code is levied, is applied layer protocol classification according to application layer protocol characteristic code.
Tactful output unit, the output for carrying out Different Strategies according to application layer protocol classification subdata.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201710267176.7A CN107181736B (en) | 2017-04-21 | 2017-04-21 | Network data packet classification method and system based on 7-layer application |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201710267176.7A CN107181736B (en) | 2017-04-21 | 2017-04-21 | Network data packet classification method and system based on 7-layer application |
Publications (2)
Publication Number | Publication Date |
---|---|
CN107181736A true CN107181736A (en) | 2017-09-19 |
CN107181736B CN107181736B (en) | 2019-12-17 |
Family
ID=59830903
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201710267176.7A Active CN107181736B (en) | 2017-04-21 | 2017-04-21 | Network data packet classification method and system based on 7-layer application |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN107181736B (en) |
Cited By (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN110855602A (en) * | 2018-08-21 | 2020-02-28 | 国家计算机网络与信息安全管理中心 | Internet of things cloud platform event identification method and system |
CN112055015A (en) * | 2020-09-02 | 2020-12-08 | 许继集团有限公司 | Station control layer network data processing method of power protection device |
CN112532616A (en) * | 2020-11-26 | 2021-03-19 | 杭州迪普科技股份有限公司 | Feature analysis method and device for network application |
CN112751812A (en) * | 2019-10-31 | 2021-05-04 | 北京京东振世信息技术有限公司 | Method and device for self-adapting application protocol |
WO2021164340A1 (en) * | 2020-02-17 | 2021-08-26 | 华为技术有限公司 | Data processing method and device therefor |
CN113360740A (en) * | 2021-06-04 | 2021-09-07 | 上海天旦网络科技发展有限公司 | Data packet labeling method and system |
CN113935431A (en) * | 2021-10-28 | 2022-01-14 | 北京永信至诚科技股份有限公司 | Method and system for analyzing and identifying private encrypted data through multi-stream association |
Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
KR20070122020A (en) * | 2006-06-23 | 2007-12-28 | 삼성전자주식회사 | Apparatus and method for classifying packet data |
CN101227417A (en) * | 2006-08-04 | 2008-07-23 | 华为技术有限公司 | Apparatus and method for data package classification |
US20100232370A1 (en) * | 2009-03-11 | 2010-09-16 | Sony Corporation | Quality of service traffic recognition and packet classification home mesh network |
CN103763198A (en) * | 2013-11-15 | 2014-04-30 | 武汉绿色网络信息服务有限责任公司 | Data packet classification method |
-
2017
- 2017-04-21 CN CN201710267176.7A patent/CN107181736B/en active Active
Patent Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
KR20070122020A (en) * | 2006-06-23 | 2007-12-28 | 삼성전자주식회사 | Apparatus and method for classifying packet data |
CN101227417A (en) * | 2006-08-04 | 2008-07-23 | 华为技术有限公司 | Apparatus and method for data package classification |
US20100232370A1 (en) * | 2009-03-11 | 2010-09-16 | Sony Corporation | Quality of service traffic recognition and packet classification home mesh network |
CN103763198A (en) * | 2013-11-15 | 2014-04-30 | 武汉绿色网络信息服务有限责任公司 | Data packet classification method |
Cited By (10)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN110855602A (en) * | 2018-08-21 | 2020-02-28 | 国家计算机网络与信息安全管理中心 | Internet of things cloud platform event identification method and system |
CN110855602B (en) * | 2018-08-21 | 2022-02-25 | 国家计算机网络与信息安全管理中心 | Internet of things cloud platform event identification method and system |
CN112751812A (en) * | 2019-10-31 | 2021-05-04 | 北京京东振世信息技术有限公司 | Method and device for self-adapting application protocol |
WO2021164340A1 (en) * | 2020-02-17 | 2021-08-26 | 华为技术有限公司 | Data processing method and device therefor |
CN112055015A (en) * | 2020-09-02 | 2020-12-08 | 许继集团有限公司 | Station control layer network data processing method of power protection device |
CN112532616A (en) * | 2020-11-26 | 2021-03-19 | 杭州迪普科技股份有限公司 | Feature analysis method and device for network application |
CN113360740A (en) * | 2021-06-04 | 2021-09-07 | 上海天旦网络科技发展有限公司 | Data packet labeling method and system |
CN113360740B (en) * | 2021-06-04 | 2022-10-11 | 上海天旦网络科技发展有限公司 | Data packet labeling method and system |
CN113935431A (en) * | 2021-10-28 | 2022-01-14 | 北京永信至诚科技股份有限公司 | Method and system for analyzing and identifying private encrypted data through multi-stream association |
CN113935431B (en) * | 2021-10-28 | 2022-04-08 | 北京永信至诚科技股份有限公司 | Method and system for analyzing and identifying private encrypted data through multi-stream association |
Also Published As
Publication number | Publication date |
---|---|
CN107181736B (en) | 2019-12-17 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN107181736A (en) | Based on 7 layers of network data packet classification method applied and system | |
CN104348716B (en) | A kind of message processing method and equipment | |
CN101674307B (en) | Hierarchical application of security services with a computer network | |
CN104320304B (en) | A kind of core network user flow application recognition methods of the multimode fusion easily extended | |
US9088437B2 (en) | Method and device for processing source role information | |
CA2525343C (en) | Security checking program for communication between networks | |
CN105871619B (en) | A kind of flow load type detection method based on n-gram multiple features | |
CN102315974A (en) | Stratification characteristic analysis-based method and apparatus thereof for on-line identification for TCP, UDP flows | |
CN103428224A (en) | Method and device for intelligently defending DDoS attacks | |
US8295177B1 (en) | Flow classes | |
CN102739457A (en) | Network flow recognition system and method based on DPI (Deep Packet Inspection) and SVM (Support Vector Machine) technology | |
Lu et al. | Session level flow classification by packet size distribution and session grouping | |
CN102437950B (en) | High efficient and extensible IP data packet classification method | |
CN109845223A (en) | Implement network security policy using presorting | |
CN109299742A (en) | Method, apparatus, equipment and the storage medium of automatic discovery unknown network stream | |
CN105207997B (en) | A kind of message forwarding method and system of attack protection | |
CN107566192A (en) | A kind of abnormal flow processing method and Network Management Equipment | |
US20060272019A1 (en) | Intelligent database selection for intrusion detection & prevention systems | |
CN105306411A (en) | Data packet processing method and device | |
US20210352516A1 (en) | Estimating apparatus, system, method, and computer-readable medium, and learning apparatus, method, and computer-readable medium | |
de Sa Silva et al. | A neural network application for attack detection in computer networks | |
CN106257867A (en) | A kind of business recognition method encrypting flow and device | |
Wang et al. | Internet traffic classification using machine learning: a token-based approach | |
US20100265949A1 (en) | Methods, systems, and computer readable media for performing flow compilation packet processing | |
CN107592243A (en) | A kind of method and device for verifying router static binding function |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |