CN107360062A - Verification method, system and the DPI equipment of DPI equipment recognition results - Google Patents
Verification method, system and the DPI equipment of DPI equipment recognition results Download PDFInfo
- Publication number
- CN107360062A CN107360062A CN201710749255.1A CN201710749255A CN107360062A CN 107360062 A CN107360062 A CN 107360062A CN 201710749255 A CN201710749255 A CN 201710749255A CN 107360062 A CN107360062 A CN 107360062A
- Authority
- CN
- China
- Prior art keywords
- dpi equipment
- application protocol
- recognition result
- client
- target data
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L43/00—Arrangements for monitoring or testing data switching networks
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L43/00—Arrangements for monitoring or testing data switching networks
- H04L43/18—Protocol analysers
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L69/00—Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
- H04L69/30—Definitions, standards or architectural aspects of layered protocol stacks
- H04L69/32—Architecture of open systems interconnection [OSI] 7-layer type protocol stacks, e.g. the interfaces between the data link level and the physical level
- H04L69/322—Intralayer communication protocols among peer entities or protocol data unit [PDU] definitions
- H04L69/329—Intralayer communication protocols among peer entities or protocol data unit [PDU] definitions in the application layer [OSI layer 7]
Abstract
The present invention is provided in a kind of verification method of DPI equipment recognition result, system and DPI equipment, including the source IP address of detection target data stream with the presence or absence of the client for establishing connection;The client of connection is established when existing on the source IP address, the quaternary group information of the target data stream is sent to the client;Receive the process title that the client is sent;The process title sent according to the client, obtain the application protocol of matching;Verify whether the application protocol of the matching is identical with the application protocol recognition result of DPI equipment.Verification method, system and the DPI equipment of the DPI equipment recognition results of the present invention can interpolate that whether the application protocol that client feedback is come is identical with the application protocol recognition result of DPI equipment, and the collection of abnormal data stream relevant information is carried out when the two is differed, to realize the foundation of the extraction of the characteristic information of application protocol and feature database.
Description
Technical field
The present invention relates to the technical field of information processing, more particularly to a kind of verification method of DPI equipment recognition result,
System and DPI equipment.
Background technology
DPI (Deep Packet Inspection, deep-packet detection) is a kind of 7 layer protocol analytical technologies, passes through parsing
Application layer data (including content of the head of IP/TCP/UDP messages and load) matches the protocol characteristic of application, so that it is determined that
A kind of data flow means of identification of application belonging to message data stream.
After DPI equipment identifies the application belonging to data flow, according to the demand of usage scenario, message can be carried out accurate
Routing control, QOS controls, security control, and the operation such as analytic statistics.The effect of these operations identifies highly dependent upon DPI
Accuracy.And the accuracy in the protocol characteristic storehouse that the accuracy of DPI identifications is depended primarily in DPI equipment.
More comprehensively and accurately feature database is complexity, a great system engineering, and the construction period is longer for foundation.It is existing
Have in technology, usually extract the protocol characteristic each applied one by one in laboratory environment.Due to the application association for needing to identify
Substantial amounts are discussed, and constantly have new opplication appearance, so feature database can not possibly accomplish 100% application protocol identification, are necessarily deposited
In unrecognized application protocol.The presence of these unknown flow rates can increase fault-tolerant cost during existing network operation.Generally, for
The specifically used scene of DPI equipment, the feature database for the most common application that emphasis is improved under special scenes.Nonetheless, also at least
Need to identify that fault-tolerant cost could be reduced to acceptable degree by hundreds of common applications.
The characteristic extraction procedure of each application protocol is also relatively complicated, and workload is big.In general, including following step
Suddenly:
(1) operation needs the application identified, the as far as possible comprehensive repertoire using application in laboratory environments, and
Entire packet caused by crawl application.This process needs repeated multiple times, more parts of data ladle sample sheets of acquisition.
(2) research staff compares the packet of crawl, therefrom analyzes feature, and be encoded to feature database.
(3) after obtaining feature database, it is also necessary to repeat said process again, obtained feature database is tested, to new hair
Existing unknown flow rate extracts feature again.After iteration is multiple, can just finally give application protocol more comprehensively and accurately
Feature database.
In addition, DPI equipment on-lines operation after, never effective method come judge its identification accuracy.Because hold
Row application terminal and DPI equipment be separation, data flow connection have it is ageing, majority connection only exist the very short time,
Lack reliable feedback mechanism.Only when the message control action according to caused by recognition result and corresponding control strategy occur it is bright
During aobvious deviation, attendant, which just can appreciate that, has there is identification problem.Now customer service has often been affected, and is wanted
Identification is solved the problems, such as, it is necessary to which extracting check and correction feature database again to corresponding application protocol in laboratory environment could solve.This
As will time a couple of days, had a strong impact on Consumer's Experience.If laboratory environment identifies mistake when could not grab existing network operation
Message, then problem be more difficult to solve.
The content of the invention
In view of the above the shortcomings that prior art, it is an object of the invention to provide a kind of DPI equipment recognition result
Verification method, system and DPI equipment, by with client carry out information exchange come judge client feedback come application protocol and
Whether the application protocol recognition result of DPI equipment is identical, and adopting for abnormal data stream relevant information is carried out when the two is differed
Collection, to realize the foundation of the extraction of the characteristic information of application protocol and feature database.
In order to achieve the above objects and other related objects, the present invention provides a kind of verification method of DPI equipment recognition result,
Applied in DPI equipment, the DPI device configurations have process title and application protocol recognition result match information;The DPI is set
The verification method of standby recognition result comprises the following steps:Detect to whether there is on the source IP address of target data stream and establish connection
Client;The client of connection is established when existing on the source IP address, by the quaternary group information of the target data stream
Send to the client so that the client searches the process name matched according to the quaternary group information in the client
Claim;The quaternary group information includes protocol type, purpose IP address, source port number and destination port number;Receive the client
The quaternary group information and process title of the target data stream sent;The process name sent according to the client
Claim, the application protocol matched is obtained with application protocol recognition result match information based on the process title;Verify the matching
Application protocol it is whether identical with the application protocol recognition result of DPI equipment.
In one embodiment of the invention, according to affiliated application, source IP address, purpose IP address, source port number, destination interface
Number one or more of condition screened to obtain the target data stream.
In one embodiment of the invention, in addition to:If the application protocol of the matching and the application protocol of the DPI equipment
Recognition result is different, if then by before the quaternary group information of the target data stream, process title and the target data stream
The complete content of dry data message is stored in local.
In one embodiment of the invention, if the affiliated application of the target data stream all to apply, is deposited according to local
Several preceding data messages of the quaternary group information of the target data stream of storage, process title and the target data stream
Complete content builds the feature database of DPI equipment;If the affiliated application of the target data stream is application-specific, according to local
Several preceding data messages of the quaternary group information of the target data stream of storage, process title and the target data stream
Complete content extract the characteristic information of specific protocol to update the feature database of application protocol.
In one embodiment of the invention, in addition to:If the application protocol of the matching and the application protocol of the DPI equipment
Recognition result is different, utilizes the application protocol recognition result of DPI equipment described in the application protocol amendment of the matching.
Accordingly, the present invention also provides a kind of checking system of DPI equipment recognition result, described applied in DPI equipment
DPI device configurations have process title and application protocol recognition result match information;The checking system of the DPI equipment recognition result
Including detection module, sending module, receiving module, matching module and authentication module;The detection module is used to detect number of targets
The client for establishing connection according to whether there is on the source IP address of stream;The sending module is used to deposit on the source IP address
When establishing the client of connection, the quaternary group information of the target data stream is sent to the client for the visitor
The process title of matching is searched in the client according to the quaternary group information in family end;The quaternary group information includes protocol class
Type, purpose IP address, source port number and destination port number;The receiving module be used for receive the client send it is described
The quaternary group information and process title of target data stream;The matching module is used to enter according to being sent the client
Journey title, the application protocol matched is obtained with application protocol recognition result match information based on the process title;The checking
Whether module is identical with the application protocol recognition result of DPI equipment described in the application protocol of the matching for verifying.
In one embodiment of the invention, the target data stream application, source IP address, purpose IP address, source belonging to
One or more of port numbers, destination slogan condition is screened to obtain.
In one embodiment of the invention, in addition to memory module, set for the application protocol in the matching with the DPI
During standby application protocol recognition result difference, by the quaternary group information of the target data stream, process title and the target
The complete content of several preceding data messages of data flow is stored in local.
In one embodiment of the invention, in addition to correcting module, for the application protocol and the institute DPI in the matching
During the application protocol recognition result difference of equipment, the application protocol of DPI equipment described in the application protocol amendment of the matching is utilized
Recognition result.
Finally, the present invention also provides a kind of DPI equipment, including communicator, processor and memory;The communicator is used for
Enter row data communication with client;The memory is used to store computer program;The processor is used for according to the communication
Device communicates with the data of the client, performs the computer program of the memory storage, is identified with performing above-mentioned DPI equipment
As a result verification method.
As described above, verification method, system and the DPI equipment of the DPI equipment recognition results of the present invention, have beneficial below
Effect:
(1) answering for application protocol and DPI equipment that client feedback is come is judged by carrying out information exchange with client
It is whether identical with protocol identification result, it ensure that the accuracy of the result;
(2) the application protocol recognition result obtained when DPI equipment with the application protocol recognition result through client validation not
When consistent, the collection of abnormal data stream relevant information is carried out, and the abnormal data stream relevant information based on predetermined number is realized and answered
With the extraction of the characteristic information of agreement and the structure of the feature database of application protocol;
(3) greatly reduce the workload of structure DPI feature databases, shorten the construction period of DPI feature databases under special scenes,
The workload of usual tens of man months is reduced within people's moon workload;
(4) the routing control based on DPI services, QOS controls, the security control provided, and the behaviour such as analytic statistics
The accuracy of work greatly improves, and fault-tolerant cost is greatly reduced.
Brief description of the drawings
Fig. 1 is shown as flow chart of the verification method of the DPI equipment recognition results of the present invention in an embodiment;
Fig. 2 is shown as structural representation of the checking system of the DPI equipment recognition results of the present invention in an embodiment;
Fig. 3 is shown as structural representation of the checking system of the DPI equipment recognition results of the present invention in another embodiment;
Fig. 4 is shown as structural representation of the DPI equipment of the present invention in an embodiment;
Fig. 5 is shown as structural representation of the checking system of the DPI equipment recognition results of the present invention in another embodiment.
Component label instructions
The checking system of 1 DPI equipment recognition results
11 detection modules
12 sending modules
13 receiving modules
14 matching modules
15 authentication modules
16 revision modules
4 DPI equipment
41 communicators
42 processors
43 memories
Embodiment
Illustrate embodiments of the present invention below by way of specific instantiation, those skilled in the art can be by this specification
Disclosed content understands other advantages and effect of the present invention easily.The present invention can also pass through specific realities different in addition
The mode of applying is embodied or practiced, the various details in this specification can also be based on different viewpoints with application, without departing from
Various modifications or alterations are carried out under the spirit of the present invention.It should be noted that in the case where not conflicting, following examples and implementation
Feature in example can be mutually combined.
It should be noted that the diagram provided in following examples only illustrates the basic structure of the present invention in a schematic way
Think, only show the component relevant with the present invention in schema then rather than according to component count, shape and the size during actual implement
Draw, kenel, quantity and the ratio of each component can be a kind of random change during its actual implementation, and its assembly layout kenel
It is likely more complexity.
The present invention DPI equipment recognition results verification method be applied to DPI equipment on, the DPI device configurations have into
Journey title and application protocol recognition result match information.Specifically, process title can with application protocol recognition result match information
Show and export in the form of by list.
As shown in figure 1, in an embodiment, the verification method of DPI equipment recognition results comprises the following steps:
Step S1, detect on the source IP address of target data stream with the presence or absence of the client for establishing connection.
In one embodiment of the invention, DPI equipment is according to certain screening conditions selection target data flow.Preferably, root
Screened according to one or more of affiliated application, source IP address, purpose IP address, source port number, destination slogan condition
To obtain target data stream.Wherein, affiliated application can be unknown applications, one or more application-specifics, or all should
With.DPI equipment carries out different selections according to different screening conditions to the data flow reported, obtains different target datas
Stream, so as to reach different purposes.When selection reports the traffic flow information of all agreements, it can help to develop structure one entirely
New DPI feature databases;When selection reports all unidentified traffic flow informations, an operating DPI feature can be helped
The quick perfect, stable operation in storehouse;When by address, agreement and port numbers to select the traffic flow information reported, it is possible to achieve
Special checking is carried out to the data flow of particular terminal device or application-specific.
Specifically, DPI equipment provides target data stream information, includes the five-tuple of every data stream according to screening conditions
The complete content of several preceding data messages of information, the application protocol recognition result of the data stream and the data flow;Again
It whether there is on source IP address in detection five-tuple information and establish the client being connected with DPI equipment.Need to illustrate
, client of the invention may operate on the terminal devices such as PC, smart mobile phone, and can inquire on terminal device
The information of all data flows.Five-tuple information is term known to the communications field, specifically includes protocol type, the purpose of data flow
IP address, source IP address, source port number and destination port number.
Preferably, the complete content of several preceding data messages of the target data stream can be first or preceding more numbers
According to the complete content of message.
Step S2, the client of connection is established when existing on the source IP address, by the quaternary of the target data stream
Group information is sent to the client so that the client searches matching according to the quaternary group information in the client
Process title;The quaternary group information includes protocol type, purpose IP address, source port number and destination port number.
Specifically, can be used for realizing DPI equipment recognition results in the client for establishing connection present on source IP address
Checking.Therefore the quaternary group information of target data stream is sent to the client.Wherein, quaternary group information includes five-tuple information
In other information in addition to source IP address.
In one embodiment of the invention, client utilizes operation after the quaternary group information of target data stream is received
The connection scan tool that system provides, can obtain all link informations under current system, there is currently so as to obtain system
All data streams five-tuple information.By the five-tuple information of all data streams and the four-tuple of the target data stream received
Information is compared, you can obtains process ID corresponding to target data stream, then the process list provided by operating system is checked
Instrument can obtain process title corresponding to process ID.Then, client by above-mentioned quaternary group information together with obtained process name
Title is sent to DPI equipment together.It should be noted that the source port in above-mentioned quaternary group information is the local side of client
Mouthful.
Step S3, the quaternary group information and process title for the target data stream that the client is sent are received.
Specifically, DPI equipment receives the quaternary group information and process title for the target data stream that client is sent,
In order to inquire about application protocol corresponding to the target data stream.
Step S4, the process title sent according to the client, based on the process title and application protocol
Recognition result match information obtains the application protocol of matching.
Because the DPI device configurations have process title and application protocol recognition result match information, therefore according to client
The process title sent, the application protocol of matching can be inquired.
Step S5, verify whether the application protocol of the matching is identical with the application protocol recognition result of DPI equipment.
Specifically, the application protocol recognition result application protocol of acquired matching obtained with DPI equipment is compared
To verifying whether the application protocol recognition result of DPI equipment is accurate.If the two is identical, show the recognition result of DPI equipment
Accurately;If the two is different, show DPI equipment recognition result is wrong or the unidentified target data stream of DPI equipment.Wherein,
If in the presence of the application protocol recognition result that DPI equipment obtains, show that the recognition result of DPI equipment is wrong;If DPI equipment obtains
To application protocol recognition result be not present when, then show the unidentified target data stream.
In one embodiment of the invention, if the application protocol of the matching and the application protocol identification of the DPI equipment are tied
Fruit is different, then by some numbers before the quaternary group information of the target data stream, process title and the target data stream
Local is stored according to the complete content of message, for inquiring about and showing, so as to facilitate DPI equipment management personnels to check DPI equipment
Running situation, to make appropriate attended operation.
Preferably, if the affiliated application of the target data stream is all applies, according to the target being locally stored
The complete content of several preceding data messages of the quaternary group information of data flow, process title and the target data stream carrys out structure
Build the feature database of DPI equipment;So as to accelerate the construction speed of DPI equipment feature databases, save in laboratory environment repeatedly
The workload of packet capturing.
Preferably, if the affiliated application of the target data stream is application-specific, according to the target being locally stored
The complete contents of several preceding data messages of the quaternary group information of data flow, process title and the target data stream carries
The characteristic information of specific protocol is taken to update the feature database of application protocol.Wherein, if the feature database of DPI equipment is specific in the absence of this
Using corresponding characteristic information, then by the feature database of the characteristic information addition DPI equipment of extraction;If in the feature database of DPI equipment
When the characteristic information of the application-specific of storage and the inconsistent characteristic information of extraction, deposited using the characteristic information of extraction to revise
The former characteristic information of storage.
In one embodiment of the invention, if the application protocol of the matching and the application protocol identification of the DPI equipment are tied
Fruit is different, using the application protocol recognition result of DPI equipment described in the application protocol amendment of the matching, so as to ensure application
Normal operation.
As shown in Fig. 2 in an embodiment, the checking system 1 of DPI equipment recognition results of the invention includes detection module
11st, sending module 12, receiving module 13, matching module 14 and authentication module 15.
Detection module 11 is used to detect on the source IP address of target data stream with the presence or absence of the client for establishing connection.
In one embodiment of the invention, DPI equipment is according to certain screening conditions selection target data flow.Preferably, root
Screened according to one or more of affiliated application, source IP address, purpose IP address, source port number, destination slogan condition
To obtain target data stream.Wherein, affiliated application can be unknown applications, one or more application-specifics, or all should
With.DPI equipment carries out different selections according to different screening conditions to the data flow reported, obtains different target datas
Stream, so as to reach different purposes.When selection reports the traffic flow information of all agreements, it can help to develop structure one entirely
New DPI feature databases;When selection reports all unidentified traffic flow informations, an operating DPI feature can be helped
The quick perfect, stable operation in storehouse;When by application-specific, address, agreement and port numbers to select the traffic flow information reported,
It can realize and special checking is carried out to the data flow of particular terminal device or application-specific.
Specifically, DPI equipment provides target data stream information, includes the five-tuple of every data stream according to screening conditions
The complete content of several preceding data messages of information, the application protocol recognition result of the data stream and the data flow;Again
It whether there is on source IP address in detection five-tuple information and establish the client being connected with DPI equipment.Need to illustrate
, client of the invention may operate on the terminal devices such as PC, smart mobile phone, and can inquire on terminal device
The information of all data flows.Five-tuple information is term known to the communications field, specifically includes protocol type, the purpose of data flow
IP address, source IP address, source port number and destination port number.
Preferably, the complete content of several preceding data messages of the target data stream can be first or preceding more numbers
According to the complete content of message.
Sending module 12 is connected with detection module 11, for the client for establishing connection on the source IP address be present
When, the quaternary group information of the target data stream is sent to the client so that the client is believed according to the four-tuple
Cease the process title that matching is searched in the client;The quaternary group information includes protocol type, purpose IP address, source port
Number and destination port number.
Specifically, can be used for realizing DPI equipment recognition results in the client for establishing connection present on source IP address
Checking.Therefore the quaternary group information of target data stream is sent to the client.Wherein, quaternary group information includes five-tuple information
In other information in addition to source IP address.
In one embodiment of the invention, client utilizes operation after the quaternary group information of target data stream is received
The connection scan tool that system provides, can obtain all link informations under current system, there is currently so as to obtain system
All data streams five-tuple information.By the five-tuple information of all data streams and the four-tuple of the target data stream received
Information is compared, you can obtains process ID corresponding to target data stream, then the process list provided by operating system is checked
Instrument can obtain process title corresponding to process ID.Then, client by above-mentioned quaternary group information together with obtained process name
Title is sent to DPI equipment together.It should be noted that the source port in above-mentioned quaternary group information is the local side of client
Mouthful.
Receiving module 13 is used for the quaternary group information and process for receiving the target data stream that the client is sent
Title.
Specifically, DPI equipment receives the quaternary group information and process title for the target data stream that client is sent,
In order to inquire about application protocol corresponding to the target data stream.
Matching module 14 is connected with receiving module 13, for the process title sent according to the client, base
In the process title application protocol matched is obtained with application protocol recognition result match information.
Because the DPI device configurations have process title and application protocol recognition result match information, therefore according to client
The process title sent, the application protocol of matching can be inquired.
Authentication module 15 is connected with matching module 14, for verifying the application protocol of the matching and the application of DPI equipment
Whether protocol identification result is identical.
Specifically, the application protocol recognition result application protocol of acquired matching obtained with DPI equipment is compared
To verifying whether the application protocol recognition result of DPI equipment is accurate.If the two is identical, show the recognition result of DPI equipment
Accurately;If the two is different, show DPI equipment recognition result is wrong or the unidentified target data stream of DPI equipment.Wherein,
If in the presence of the application protocol recognition result that DPI equipment obtains, show that the recognition result of DPI equipment is wrong;If DPI equipment obtains
To application protocol recognition result be not present when, then show the unidentified target data stream.
In one embodiment of the invention, in addition to memory module, set for the application protocol in the matching with the DPI
During standby application protocol recognition result difference, by the quaternary group information of the target data stream, process title and the target
The complete content of several preceding data messages of data flow is stored in local, for inquiring about and showing, so as to facilitate DPI equipment pipes
Reason personnel check the running situation of DPI equipment, to make appropriate attended operation.
Preferably, if the affiliated application of the target data stream is all applies, according to the target being locally stored
The complete content of several preceding data messages of the quaternary group information of data flow, process title and the target data stream carrys out structure
Build the feature database of DPI equipment;So as to accelerate the construction speed of DPI equipment feature databases, save in laboratory environment repeatedly
The workload of packet capturing.
Preferably, if the affiliated application of the target data stream is application-specific, according to the target being locally stored
The complete contents of several preceding data messages of the quaternary group information of data flow, process title and the target data stream carries
The characteristic information of specific protocol is taken to update the feature database of application protocol.Wherein, if the feature database of DPI equipment is specific in the absence of this
Using corresponding characteristic information, then by the feature database of the characteristic information addition DPI equipment of extraction;If in the feature database of DPI equipment
When the characteristic information of the application-specific of storage and the inconsistent characteristic information of extraction, deposited using the characteristic information of extraction to revise
The former characteristic information of storage.
As shown in figure 3, in further embodiment of this invention, in addition to revision module 16, for the application in the matching
During the application protocol recognition result difference of agreement and the DPI equipment, set using DPI described in the application protocol amendment of the matching
Standby application protocol recognition result, so as to ensure the normal operation of application.
As shown in figure 4, in an embodiment, DPI equipment 4 of the invention includes communicator 41, processor 42 and memory
33。
The communicator 41 is used to enter row data communication with client.
The memory 43 is used to store computer program.Preferably, the memory includes:ROM, RAM, magnetic disc or
CD etc. is various can be with the medium of store program codes.
The processor 42 is connected with the communicator 41 and the memory 42, for according to the communicator with it is described
Data communication between client, performs the computer program that the memory 43 stores, to perform above-mentioned DPI equipment recognition result
Verification method.
Preferably, processor 42 can be general processor, including central processing unit (CentralProcessingUnit,
Abbreviation CPU), network processing unit (NetworkProcessor, abbreviation NP) etc.;It can also be digital signal processor
(DigitalSignalProcessing, abbreviation DSP), application specific integrated circuit
(ApplicationSpecificIntegratedCircuit, abbreviation ASIC), field programmable gate array (Field-
ProgrammableGateArray, abbreviation FPGA) either other PLDs, discrete gate or transistor logic device
Part, discrete hardware components.
Fig. 5 show the another specific embodiment of the checking system of the DPI equipment recognition results of the present invention.Client can be with
It is the apple ios application programs or Android application program of background program on windows platforms or running background.DPI
Equipment is generally integrated in router interior, can include DPI modules and processing module two parts.DPI modules are used to realize target
Data flow obtains and the identification function of application protocol;Processing module is used to realize the communication function with client and DPI modules, with
And information processing and display function.
In summary, verification method, system and the DPI equipment of DPI equipment recognition results of the invention by with client
Information exchange is carried out to judge whether the application protocol that client feedback is come is identical with the application protocol recognition result of DPI equipment,
It ensure that the accuracy of the result;When the application protocol recognition result that DPI equipment obtains and the application through client validation are assisted
When view recognition result is inconsistent, the collection of abnormal data stream relevant information, and the abnormal data stream phase based on predetermined number are carried out
Close the structure of the extraction of the characteristic information of information realization application protocol and the feature database of application protocol;Greatly reduce structure DPI
The workload of feature database, shorten the construction period of DPI feature databases under special scenes, the workload of usual tens of man months is reduced to
Within one people's moon workload;The routing control based on DPI services, QOS controls, the security control provided, and analysis
The accuracy of the operations such as statistics greatly improves, and fault-tolerant cost is greatly reduced.So the present invention effectively overcome it is of the prior art
Various shortcoming and have high industrial utilization.
The above-described embodiments merely illustrate the principles and effects of the present invention, not for the limitation present invention.It is any ripe
Know the personage of this technology all can carry out modifications and changes under the spirit and scope without prejudice to the present invention to above-described embodiment.Cause
This, those of ordinary skill in the art is complete without departing from disclosed spirit and institute under technological thought such as
Into all equivalent modifications or change, should by the present invention claim be covered.
Claims (10)
1. a kind of verification method of DPI equipment recognition result, applied in DPI equipment, the DPI device configurations have process title
With application protocol recognition result match information;It is characterized in that:The verification method of the DPI equipment recognition result includes following step
Suddenly:
Detect on the source IP address of target data stream with the presence or absence of the client for establishing connection;
Establish the client of connection when existing on the source IP address, by the quaternary group information of the target data stream send to
The client searches the process title matched according to the quaternary group information for the client in the client;It is described
Quaternary group information includes protocol type, purpose IP address, source port number and destination port number;
Receive the quaternary group information and process title for the target data stream that the client is sent;
The process title sent according to the client, is matched based on the process title with application protocol recognition result
The application protocol of acquisition of information matching;
Verify whether the application protocol of the matching is identical with the application protocol recognition result of DPI equipment.
2. the verification method of DPI equipment recognition result according to claim 1, it is characterised in that:According to affiliated application, source
One or more of IP address, purpose IP address, source port number, destination slogan condition is screened to obtain the target
Data flow.
3. the verification method of DPI equipment recognition result according to claim 1, it is characterised in that:Also include:If described
The application protocol matched somebody with somebody is different from the application protocol recognition result of the DPI equipment, then believes the four-tuple of the target data stream
The complete content of several preceding data messages of breath, process title and the target data stream is stored in local.
4. the verification method of DPI equipment recognition result according to claim 3, it is characterised in that:If the target data
The affiliated application of stream all to apply, then according to the quaternary group information of the target data stream that is locally stored, process title with
And the complete contents of several preceding data messages of the target data stream builds the feature database of DPI equipment;If the target
The affiliated application of data flow is application-specific, then according to quaternary group information, the process name of the target data stream being locally stored
Claim and the complete content of several preceding data messages of the target data stream extracts the characteristic information of specific protocol with more
The feature database of new opplication agreement.
5. the verification method of DPI equipment recognition result according to claim 1, it is characterised in that:Also include:If described
The application protocol matched somebody with somebody is different from the application protocol recognition result of the DPI equipment, utilizes the application protocol amendment institute of the matching
State the application protocol recognition result of DPI equipment.
6. a kind of checking system of DPI equipment recognition result, applied in DPI equipment, the DPI device configurations have process title
With application protocol recognition result match information;It is characterized in that:The checking system of the DPI equipment recognition result includes detection mould
Block, sending module, receiving module, matching module and authentication module;
The detection module is used to detect on the source IP address of target data stream with the presence or absence of the client for establishing connection;
The sending module is used for when the client for establishing connection on the source IP address be present, by the target data stream
Quaternary group information send to the client so that the client is searched according to the quaternary group information in the client
The process title of matching;The quaternary group information includes protocol type, purpose IP address, source port number and destination port number;
The receiving module is used for the quaternary group information and process name for receiving the target data stream that the client is sent
Claim;
The matching module is used for the process title sent according to the client, based on the process title and application
Protocol identification result match information obtains the application protocol of matching;
The authentication module be used to verify described in the application protocol of the matching with the application protocol recognition result of DPI equipment whether
It is identical.
7. the checking system of DPI equipment recognition result according to claim 6, it is characterised in that:The target data stream
Sieved according to one or more of affiliated application, source IP address, purpose IP address, source port number, destination slogan condition
Select to obtain.
8. the checking system of DPI equipment recognition result according to claim 6, it is characterised in that:Also include memory module,
For in the application protocol recognition result difference of application protocol and the DPI equipment of the matching, by the target data
The complete content of several preceding data messages of the quaternary group information of stream, process title and the target data stream is stored in this
Ground.
9. the checking system of DPI equipment recognition result according to claim 6, it is characterised in that:Also include correcting module,
For the matching application protocol with the DPI equipment application protocol recognition result difference when, utilize the matching
Application protocol amendment described in DPI equipment application protocol recognition result.
A kind of 10. DPI equipment, it is characterised in that:Including communicator, processor and memory;
The communicator is used to enter row data communication with client;
The memory is used to store computer program;
The processor is used to be communicated with the data of the client according to the communicator, performs the meter of the memory storage
Calculation machine program, with the verification method of DPI equipment recognition results any one of perform claim requirement 1 to 5.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201710749255.1A CN107360062B (en) | 2017-08-28 | 2017-08-28 | DPI equipment identification result verification method and system and DPI equipment |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201710749255.1A CN107360062B (en) | 2017-08-28 | 2017-08-28 | DPI equipment identification result verification method and system and DPI equipment |
Publications (2)
Publication Number | Publication Date |
---|---|
CN107360062A true CN107360062A (en) | 2017-11-17 |
CN107360062B CN107360062B (en) | 2021-02-02 |
Family
ID=60289296
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201710749255.1A Active CN107360062B (en) | 2017-08-28 | 2017-08-28 | DPI equipment identification result verification method and system and DPI equipment |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN107360062B (en) |
Cited By (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN108924159A (en) * | 2018-07-31 | 2018-11-30 | 杭州迪普科技股份有限公司 | The verification method and device in a kind of message characteristic identification library |
CN109428774A (en) * | 2017-08-22 | 2019-03-05 | 网宿科技股份有限公司 | A kind of data processing method and relevant DPI equipment of DPI equipment |
CN113890835A (en) * | 2021-09-29 | 2022-01-04 | 杭州迪普科技股份有限公司 | Method and device for processing DPI application test message |
Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN202696628U (en) * | 2012-07-16 | 2013-01-23 | 北京国创富盛通信股份有限公司 | Network optimization system |
CN102984242A (en) * | 2012-11-20 | 2013-03-20 | 杭州迪普科技有限公司 | Automatic identification method and device of application protocols |
CN103973636A (en) * | 2013-01-28 | 2014-08-06 | 深圳市腾讯计算机系统有限公司 | Verification method, server and system |
CN105516173A (en) * | 2015-12-25 | 2016-04-20 | 北京中安智达科技有限公司 | Network application layer protocol identification method and system |
CN105812188A (en) * | 2016-04-25 | 2016-07-27 | 北京网康科技有限公司 | Traffic recognition method and device |
CN105939305A (en) * | 2015-06-24 | 2016-09-14 | 杭州迪普科技有限公司 | Access control method and device |
-
2017
- 2017-08-28 CN CN201710749255.1A patent/CN107360062B/en active Active
Patent Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN202696628U (en) * | 2012-07-16 | 2013-01-23 | 北京国创富盛通信股份有限公司 | Network optimization system |
CN102984242A (en) * | 2012-11-20 | 2013-03-20 | 杭州迪普科技有限公司 | Automatic identification method and device of application protocols |
CN103973636A (en) * | 2013-01-28 | 2014-08-06 | 深圳市腾讯计算机系统有限公司 | Verification method, server and system |
CN105939305A (en) * | 2015-06-24 | 2016-09-14 | 杭州迪普科技有限公司 | Access control method and device |
CN105516173A (en) * | 2015-12-25 | 2016-04-20 | 北京中安智达科技有限公司 | Network application layer protocol identification method and system |
CN105812188A (en) * | 2016-04-25 | 2016-07-27 | 北京网康科技有限公司 | Traffic recognition method and device |
Cited By (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN109428774A (en) * | 2017-08-22 | 2019-03-05 | 网宿科技股份有限公司 | A kind of data processing method and relevant DPI equipment of DPI equipment |
CN108924159A (en) * | 2018-07-31 | 2018-11-30 | 杭州迪普科技股份有限公司 | The verification method and device in a kind of message characteristic identification library |
CN113890835A (en) * | 2021-09-29 | 2022-01-04 | 杭州迪普科技股份有限公司 | Method and device for processing DPI application test message |
Also Published As
Publication number | Publication date |
---|---|
CN107360062B (en) | 2021-02-02 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN107426059A (en) | DPI equipment feature databases automatic update method, system, DPI equipment and cloud server | |
CN104320304B (en) | A kind of core network user flow application recognition methods of the multimode fusion easily extended | |
CN110113345A (en) | A method of the assets based on Internet of Things flow are found automatically | |
CN107360062A (en) | Verification method, system and the DPI equipment of DPI equipment recognition results | |
CN104065528A (en) | Method And Apparatus For Analyzing And Verifying Functionality Of Multiple Network Devices | |
CN106911523A (en) | The method and system that mobile interchange network users are positioned by LTE indulging in the internet | |
JP2009017298A (en) | Data analysis apparatus | |
CN110213124A (en) | Passive operation system identification method and device based on the more sessions of TCP | |
CN101188505B (en) | content type recognition method and device | |
CN104158627A (en) | Multi-protocol automatic identification system and method for heterogeneous link | |
CN105812368A (en) | Universal programming method for multiple communication protocols | |
CN105592487A (en) | Evaluation method and apparatus for LTE network service flow | |
CN103746840A (en) | Method and system for automatic checking of software version information of network equipment | |
CN107229566A (en) | The method and system that transfer language keeps function uniformity are serviced for SOA | |
CN109639655A (en) | A kind of intelligent depth resolution system and analytic method | |
CN111988896B (en) | Internet of things equipment management method based on edge computing gateway and big data cloud platform | |
CN110196800A (en) | Distributed transaction test method, apparatus and system | |
CN106535240A (en) | Mobile APP centralized performance analysis method based on cloud platform | |
CN105260168B (en) | Log-output method and device | |
CN107168844A (en) | A kind of method and device of performance monitoring | |
CN106209840A (en) | A kind of network packet De-weight method and device | |
CN107707549A (en) | A kind of device and method automatically extracted using feature | |
CN106789416A (en) | The recognition methods of industrial control system specialized protocol and system | |
CN101426008A (en) | Audit method and system based on back display | |
CN110401658A (en) | A kind of data interactive method and interaction platform |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant | ||
CP02 | Change in the address of a patent holder |
Address after: Room 301-A02, Building 5, No. 3000 Longdong Avenue, China (Shanghai) Pilot Free Trade Zone, Pudong New Area, Shanghai, March 2012 Patentee after: SHANGHAI GUOYUN INFORMATION TECHNOLOGY CO.,LTD. Address before: Room 908, No. 560, shengxia Road, China (Shanghai) pilot Free Trade Zone, Pudong New Area, Shanghai 201210 Patentee before: SHANGHAI GUOYUN INFORMATION TECHNOLOGY CO.,LTD. |
|
CP02 | Change in the address of a patent holder |