CN108848004A - A kind of P2P flow rate testing methods, system and equipment and storage medium - Google Patents
A kind of P2P flow rate testing methods, system and equipment and storage medium Download PDFInfo
- Publication number
- CN108848004A CN108848004A CN201810879008.8A CN201810879008A CN108848004A CN 108848004 A CN108848004 A CN 108848004A CN 201810879008 A CN201810879008 A CN 201810879008A CN 108848004 A CN108848004 A CN 108848004A
- Authority
- CN
- China
- Prior art keywords
- flow
- traffic characteristic
- flow rate
- testing methods
- rate testing
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L43/00—Arrangements for monitoring or testing data switching networks
- H04L43/08—Monitoring or testing based on specific metrics, e.g. QoS, energy consumption or environmental parameters
- H04L43/0876—Network utilisation, e.g. volume of load or congestion level
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L43/00—Arrangements for monitoring or testing data switching networks
- H04L43/06—Generation of reports
- H04L43/062—Generation of reports related to network traffic
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1425—Traffic logging, e.g. anomaly detection
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L43/00—Arrangements for monitoring or testing data switching networks
- H04L43/18—Protocol analysers
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/12—Applying verification of the received information
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Environmental & Geological Engineering (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
This application discloses a kind of P2P flow rate testing methods, system and equipment and computer readable storage medium, this method to include:When the access request for the process that receives, judge whether the protocol type of the process is udp protocol;If so, obtaining the traffic characteristic of the process;Wherein, the traffic characteristic includes at least the connection number and uplink traffic of the process;The P2P flow detection result of the process is obtained according to the traffic characteristic.P2P flow rate testing methods provided by the present application detect P2P flow by traffic characteristic, the traffic characteristic includes but is not limited to the connection number and uplink traffic of process, the higher feature of P2P flow connection number is utilized and determines P2P flow, improve the accuracy of P2P flow detection, the risk for greatly reducing erroneous judgement reduces the risk for influencing normal software operation.
Description
Technical field
This application involves field of computer technology, more specifically to a kind of P2P flow rate testing methods, system and set
Standby and a kind of computer readable storage medium.
Background technique
With the development of network, P2P network (Chinese name of new generation:Peer-to-peer network, full name in English:Peer to Peer
Networking) technology is widely used.P2P application mainly includes file-sharing, P2P Streaming Media view currently popular
Frequency and instant messaging etc..While P2P technology continues to develop, the network traffic data that various P2P applications generate is alreadyd exceed
Traditional network service, becomes the maximum consumer of network bandwidth, brings heavy burden to network, also gives major operation
Quotient manages P2P flow and brings huge challenge.Internet massive band width is occupied by P2P application, to the service quality of other application
Threat is formd, the interests of Internet Service Provider are also compromised, in order to guarantee that network can normally orderly operation, it is necessary to right
P2P network flow is identified and is monitored, and the performance of network service is improved.
In the prior art, general network monitoring software, such as 360 network monitoring softwares etc. are general to pass through analysis net
Network uplink traffic, and the specific process for using P2P network flow is determined according to the corresponding relationship of uplink traffic and process.But
Only it will cause biggish erroneous judgement using only the uplink traffic of network, the accuracy of P2P flow detection is lower.
Therefore, how to improve the accuracy of P2P flow detection is those skilled in the art's problem to be solved.
Summary of the invention
The application's is designed to provide a kind of P2P flow rate testing methods, system and equipment and a kind of computer-readable deposits
Storage media improves the accuracy of P2P flow detection.
To achieve the above object, this application provides a kind of P2P flow rate testing methods, including:
When the access request for the process that receives, judge whether the protocol type of the process is udp protocol;
If so, obtaining the traffic characteristic of the process;Wherein, the traffic characteristic includes at least the connection of the process
Several and uplink traffic;
The P2P flow detection result of the process is obtained according to the traffic characteristic.
Wherein, whether the protocol type for judging the process is udp protocol, including:
Whether the protocol type of process described in the structure decision by the data packet for analyzing the process is udp protocol.
Wherein, the protocol type of process described in the structure decision by the data packet for analyzing the process be udp protocol it
Afterwards, further include:
The purpose IP address of the data packet is connected, and judges whether successful connection;
If it is not, then determining the protocol type of the process for udp protocol.
Wherein, the P2P flow detection of the process is obtained as a result, including according to the traffic characteristic:
Judge whether the connection number is greater than the first preset value and whether the uplink traffic is greater than the second preset value;
If being, determine the process for abnormal P2P flow.
Wherein, after determining the process for abnormal P2P flow, further include:
Intercept the access request of the process.
Wherein, before the access request for intercepting the process, further include:
Prompt information is sent to management terminal according to the traffic characteristic, so that the management terminal chooses whether to intercept institute
State the access request of process;
After the interception order for receiving the management terminal, the step of executing the access request for intercepting the process.
Wherein, before determining the process for abnormal P2P flow, further include:
The digital signature information of the process is obtained, and judges in pre-stored digital signature white list whether to include institute
State the digital signature information of process;
If it is not, then executing the step of determining the process for abnormal P2P flow.
To achieve the above object, this application provides a kind of P2P flow quantity detecting systems, including:
Judgment module, for when the access request for the process that receives, judging whether the protocol type of the process is UDP
Agreement;
Module is obtained, for obtaining the traffic characteristic of the process when the protocol type of the process is udp protocol;
Wherein, the traffic characteristic includes at least the connection number and uplink traffic of the process;
Detection module, for obtaining the P2P flow detection result of the process according to the traffic characteristic.
To achieve the above object, this application provides a kind of P2P flow detection devices, including:
Memory, for storing computer program;
Processor is realized when for executing the computer program such as the step of above-mentioned P2P flow rate testing methods.
To achieve the above object, this application provides a kind of computer readable storage medium, the computer-readable storages
It is stored with computer program on medium, such as above-mentioned P2P flow rate testing methods are realized when the computer program is executed by processor
The step of.
By above scheme it is found that a kind of P2P flow rate testing methods provided by the present application, including:When receiving process
When access request, judge whether the protocol type of the process is udp protocol;If so, obtaining the traffic characteristic of the process;
Wherein, the traffic characteristic includes at least the connection number and uplink traffic of the process;It is obtained according to the traffic characteristic described
The P2P flow detection result of process.
P2P flow rate testing methods provided by the present application detect P2P flow by traffic characteristic, which includes but not
The connection number and uplink traffic for being limited to process also use process compared with the scheme of uplink traffic is only used only in the prior art
Connection number.In practical applications, Transmission Control Protocol (Chinese name is utilized:Transmission control protocol, full name in English:Transmission
Control Protocol) the general connection number of process (such as utilize Dropbox process upload local file) it is lower, the application mentions
The P2P flow rate testing methods of confession are utilized the higher feature of P2P flow connection number and determine P2P flow, improve P2P flow detection
Accuracy, greatly reduce the risk of erroneous judgement, reduce influence normal software operation risk.Disclosed herein as well is one
Kind P2P flow quantity detecting system and equipment and a kind of computer readable storage medium, are equally able to achieve above-mentioned technical effect.
Detailed description of the invention
In order to illustrate the technical solutions in the embodiments of the present application or in the prior art more clearly, to embodiment or will show below
There is attached drawing needed in technical description to be briefly described, it should be apparent that, the accompanying drawings in the following description is only this
Some embodiments of application for those of ordinary skill in the art without creative efforts, can be with
It obtains other drawings based on these drawings.
Fig. 1 is a kind of flow chart of P2P flow rate testing methods disclosed in the embodiment of the present application;
Fig. 2 is the flow chart of another kind P2P flow rate testing methods disclosed in the embodiment of the present application;
Fig. 3 is a kind of structure chart of P2P flow quantity detecting system disclosed in the embodiment of the present application;
Fig. 4 is the structure chart of another kind P2P flow quantity detecting system disclosed in the embodiment of the present application;
Fig. 5 is a kind of structure chart of P2P flow detection device disclosed in the embodiment of the present application;
Fig. 6 is the structure chart of another kind P2P flow detection device disclosed in the embodiment of the present application.
Specific embodiment
Below in conjunction with the attached drawing in the embodiment of the present application, technical solutions in the embodiments of the present application carries out clear, complete
Site preparation description, it is clear that described embodiments are only a part of embodiments of the present application, instead of all the embodiments.It is based on
Embodiment in the application, it is obtained by those of ordinary skill in the art without making creative efforts every other
Embodiment shall fall in the protection scope of this application.
The embodiment of the present application discloses a kind of P2P flow rate testing methods, improves the accuracy of P2P flow detection.
Referring to Fig. 1, a kind of flow chart of P2P flow rate testing methods disclosed in the embodiment of the present application, as shown in Figure 1, including:
S101:When the access request for the process that receives, judge whether the protocol type of the process is udp protocol;If
It is then to enter S102;If it is not, then terminating process;
It is understood that due to using the process one of P2P flow to be set to udp protocol (Chinese name:User Datagram Protocol
View, full name in English:User Datagram Protocol), therefore this is first determined whether in the access request that filter layer intercepts process
The protocol type of process, if the protocol type of the process is Transmission Control Protocol, which is not centainly P2P flow, after not needing progress
Continuous step.
It should be noted that not limiting the concrete mode for obtaining protocol type herein, those skilled in the art can root
Flexible choice is carried out according to actual conditions.It can be sentenced as a preferred implementation manner, by the structure of the data packet of analysis process
Whether the protocol type for the process of breaking is udp protocol.Since the packet header structure of Transmission Control Protocol and udp protocol has very greatly
Difference, specifically, the packet header of udp protocol include source port, destination port, length, verification and and data, and TCP
The packet header of agreement further includes serial number, confirmation number, window pointer etc., therefore, passes through data packet packet in addition to above- mentioned information
Head is easy to whether difference is udp protocol.
In order to further prevent judging by accident, the mode for reversely connecting IP verification can be combined with, specifically, connecting the data
The purpose IP address of packet, and judge whether successful connection;If it is not, then the protocol type of the process is TCP type, if it is not, then sentencing
The protocol type of the fixed process is udp protocol.
S102:Obtain the traffic characteristic of the process;Wherein, the traffic characteristic includes at least the connection number of the process
And uplink traffic;
In specific implementation, the access request that process is intercepted in filter layer, when the protocol type of the process is udp protocol
When, the traffic characteristic of the process is obtained, the flow analysis so as to subsequent step to process.Traffic characteristic herein include at least into
The connection number and uplink traffic of journey can also include certainly other features, such as protocol type, be not specifically limited herein.?
In the prior art, the traffic characteristic that flow analysis uses is only uplink traffic, be easy to cause erroneous judgement, and in the sheet of the present embodiment
The connection number for having used process in step simultaneously, improves the accuracy of P2P flow detection, greatly reduces the wind of erroneous judgement
Danger reduces the risk for influencing normal software operation.
S103:The P2P flow detection result of the process is obtained according to the traffic characteristic.
In specific implementation, P2P flow detection result is obtained using the traffic characteristic that previous step obtains.The present embodiment is not
P2P flow detection result concrete form is limited, those skilled in the art can flexible setting according to the actual situation.
For example, the P2P flow detection result can be whether the process is P2P flow.Same unlimited regular inspection, which is surveyed, herein is somebody's turn to do
Process whether be P2P flow concrete mode, can use known P2P flow detection result process traffic characteristic training classification
Model, and the traffic characteristic of the process is inputted in the disaggregated model that training is completed and obtains testing result.For another example, the P2P flow
Testing result can also include whether the process is abnormal P2P flow, will describe in detail in next embodiment.
P2P flow rate testing methods provided by the embodiments of the present application detect P2P flow, the traffic characteristic packet by traffic characteristic
It includes but the connection number and uplink traffic for being not limited to process also uses compared with the scheme of uplink traffic is only used only in the prior art
The connection number of process.In practical applications, the process of Transmission Control Protocol (such as uploading local file using Dropbox process) one is utilized
As connection number it is lower, P2P flow rate testing methods provided by the embodiments of the present application are utilized the higher feature of P2P flow connection number and sentence
Determine P2P flow, improve the accuracy of P2P flow detection, greatly reduce the risk of erroneous judgement, reduces influence normal software
The risk of operation.
The embodiment of the present application discloses a kind of P2P flow rate testing methods, and relative to a upper embodiment, the present embodiment is to technology
Scheme has made further instruction and optimization.Specifically:
Referring to fig. 2, the flow chart of another kind P2P flow rate testing methods provided by the embodiments of the present application, as shown in Fig. 2, packet
It includes:
S201:When the access request for the process that receives, judge whether the protocol type of the process is udp protocol;If
It is then to enter S202;If it is not, then terminating process;
S202:Obtain the traffic characteristic of the process;Wherein, the traffic characteristic includes at least the connection number of the process
And uplink traffic;
S203:Judge whether the connection number is greater than the first preset value and whether the uplink traffic is greater than second and presets
Value;If being, determine the process for abnormal P2P flow.
In specific implementation, abnormal P2P flow has biggish connection number and biggish unit time uplink traffic simultaneously,
It is excessive to occupy upstream bandwidth, therefore uplink traffic is preset greater than second greater than the first preset value, in the unit time by connection number
The process of value is determined as abnormal P2P flow.As a preferred implementation manner, after judging process for exception P2P flow, intercept
The access request of the process.It can certainly be decided whether to intercept the access request by manager, specifically, according to the process
Traffic characteristic sends prompt information when management terminal selection intercepts the access request to management terminal and executes and intercept the process
Access request the step of.It, can also basis as a preferred implementation manner, after the access request for intercepting the process
Traffic characteristic sends a warning message to management terminal.
On the basis of the above embodiments, setting process white list can also be passed through as a preferred implementation manner,
Mode further prevents judging by accident, specifically, further including before determining the process for abnormal P2P flow:Obtain the process
Digital signature information, and judge in pre-stored digital signature white list whether include the process digital signature information;
If it is not, then executing the step of determining the process for abnormal P2P flow.
It is understood that this step, which defaults each process for allowing to access non-public file, its corresponding number label
Name.It in specific implementation, can be that the equipment each requested access to is promulgated by GlobalSign (global certificate management authority)
Digital signature, the digital signature are the digital signature of the process for the non-public file of access initiated by the equipment.Setting herein
Standby can be specially the mobile devices such as mobile phone, tablet computer and laptop, can also be the other equipment such as desktop computer, utilize
The process that above equipment is initiated is to have the digital signature of the equipment.The white name of digital signature is previously stored with sample step default
Single, that is, the process for possessing the digital signature in digital signature white list is considered as legal P2P flow.It should be noted that should
Digital signature white list can store in filter layer, when filter layer intercepts the access request of process, carry out number in time
The screening of signature.When digital signature white list includes the digital signature information of process, allow the access request of the process, if not
In the presence of then determining the process for abnormal P2P flow.Since digital signature list is that GlobalSign is formed and stored in filtering
In layer, safety is higher.
A kind of P2P flow quantity detecting system provided by the embodiments of the present application is introduced below, a kind of P2P described below
Flow quantity detecting system can be cross-referenced with a kind of above-described P2P flow rate testing methods.
Referring to Fig. 3, a kind of structure chart of P2P flow quantity detecting system provided by the embodiments of the present application, as shown in figure 3, including:
Judgment module 301, for when the access request for the process that receives, judge the process protocol type whether be
Udp protocol;
Module 302 is obtained, for when the protocol type of the process is udp protocol, the flow for obtaining the process to be special
Sign;Wherein, the traffic characteristic includes at least the connection number and uplink traffic of the process;
Detection module 303, for obtaining the P2P flow detection result of the process according to the traffic characteristic.
On the basis of the above embodiments, as a preferred implementation manner, the judgment module 301 specifically by point
Analyse process described in the structure decision of the data packet of the process protocol type whether be udp protocol module.
On the basis of the above embodiments, further include as a preferred implementation manner,:
Link block for connecting the purpose IP address of the data packet, and judges whether successful connection;If it is not, then sentencing
The protocol type of the fixed process is udp protocol.
P2P flow quantity detecting system provided by the embodiments of the present application detects P2P flow, the traffic characteristic packet by traffic characteristic
It includes but the connection number and uplink traffic for being not limited to process also uses compared with the scheme of uplink traffic is only used only in the prior art
The connection number of process.In practical applications, the process of Transmission Control Protocol (such as uploading local file using Dropbox process) one is utilized
As connection number it is lower, P2P flow quantity detecting system provided by the embodiments of the present application is utilized the higher feature of P2P flow connection number and sentences
Determine P2P flow, improve the accuracy of P2P flow detection, greatly reduce the risk of erroneous judgement, reduces influence normal software
The risk of operation.
The embodiment of the present application discloses a kind of P2P flow quantity detecting system, and relative to a upper embodiment, the present embodiment is to technology
Scheme has made further instruction and optimization.Specifically:
Referring to fig. 4, the structure chart of another kind P2P flow quantity detecting system provided by the embodiments of the present application, as shown in figure 4, packet
It includes:
Judgment module 401, for when the access request for the process that receives, judge the process protocol type whether be
Udp protocol;
Module 402 is obtained, for when the protocol type of the process is udp protocol, the flow for obtaining the process to be special
Sign;Wherein, the traffic characteristic includes at least the connection number and uplink traffic of the process;
Detection module 403, for judging whether the connection number is greater than the first preset value and whether the uplink traffic is big
In the second preset value;If being, determine the process for abnormal P2P flow.
On the basis of the above embodiments, further include as a preferred implementation manner,:
Blocking module, for intercepting the access request of the process.
On the basis of the above embodiments, further include as a preferred implementation manner,:
Sending module, for sending prompt information to management terminal according to the traffic characteristic, so as to the management terminal
Choose whether to intercept the access request of the process;
Receiving module, after the interception order for receiving the management terminal, the access for executing the interception process is asked
The step of asking.
On the basis of the above embodiments, further include as a preferred implementation manner,:
Signature blocks are verified, for obtaining the digital signature information of the process, and judge pre-stored digital signature
In white list whether include the process digital signature information;If it is not, then determining the process for abnormal P2P flow.
Present invention also provides a kind of P2P flow detection devices, referring to Fig. 5, a kind of P2P stream provided by the embodiments of the present application
The structure chart for measuring detection device, as shown in figure 5, including:
Memory 100, for storing computer program;
Step provided by above-described embodiment may be implemented in processor 200 when for executing the computer program.
Specifically, memory 100 includes non-volatile memory medium, built-in storage.Non-volatile memory medium storage
There are operating system and computer-readable instruction, which is that the operating system and computer in non-volatile memory medium can
The operation of reading instruction provides environment.Processor 200 provides calculating and control ability for P2P flow detection device, deposits described in execution
When the computer program saved in reservoir 100, following steps may be implemented:When the access request for the process that receives, institute is judged
Whether the protocol type for stating process is udp protocol;If so, obtaining the traffic characteristic of the process;Wherein, the traffic characteristic
Including at least the connection number and uplink traffic of the process;The P2P flow detection of the process is obtained according to the traffic characteristic
As a result.
The embodiment of the present application detects P2P flow by traffic characteristic, which includes but is not limited to the connection of process
Several and uplink traffic also uses the connection number of process compared with the scheme of uplink traffic is only used only in the prior art.In reality
In, lower using process (such as uploading local file using Dropbox process) general connection number of Transmission Control Protocol, the application is real
It applies example and the higher feature judgement P2P flow of P2P flow connection number is utilized, improve the accuracy of P2P flow detection, greatly
The risk for reducing erroneous judgement reduces the risk for influencing normal software operation.
Preferably, it when the processor 200 executes the computer subprogram saved in the memory 100, may be implemented
Following steps:Whether the protocol type of process described in the structure decision by the data packet for analyzing the process is udp protocol.
Preferably, it when the processor 200 executes the computer subprogram saved in the memory 100, may be implemented
Following steps:The purpose IP address of the data packet is connected, and judges whether successful connection;If it is not, then determining the process
Protocol type is udp protocol.
Preferably, it when the processor 200 executes the computer subprogram saved in the memory 100, may be implemented
Following steps:Judge whether the connection number is greater than the first preset value and whether the uplink traffic is greater than the second preset value;If
It is to determine the process for abnormal P2P flow.
Preferably, it when the processor 200 executes the computer subprogram saved in the memory 100, may be implemented
Following steps:Intercept the access request of the process.
Preferably, it when the processor 200 executes the computer subprogram saved in the memory 100, may be implemented
Following steps:Prompt information is sent to management terminal according to the traffic characteristic, so that the management terminal chooses whether to intercept
The access request of the process;After the interception order for receiving the management terminal, the access request for intercepting the process is executed
The step of.
Preferably, it when the processor 200 executes the computer subprogram saved in the memory 100, may be implemented
Following steps:Obtain the digital signature information of the process, and judge in pre-stored digital signature white list whether include
The digital signature information of the process;If it is not, then executing the step of determining the process for abnormal P2P flow.
On the basis of the above embodiments, preferably, referring to Fig. 6, the P2P flow detection device is also wrapped
It includes:
Input interface 300 is connected with processor 200, for obtaining computer program, parameter and the instruction of external importing,
It saves through the control of processor 200 into memory 100.The input interface 300 can be connected with input unit, and it is manual to receive user
The parameter or instruction of input.The input unit can be the touch layer covered on display screen, be also possible to be arranged in terminal enclosure
Key, trace ball or Trackpad, be also possible to keyboard, Trackpad or mouse etc..
Display unit 400 is connected with processor 200, the data sent for video-stream processor 200.The display unit 400
It can be display screen, liquid crystal display or the electric ink display screen etc. in PC machine.It, can be with specifically, in the present embodiment
P2P flow detection result etc. is shown by display unit 400.
The network port 500 is connected with processor 200, for being communicatively coupled with external each terminal device.The communication link
The communication technology used by connecing can be cable communicating technology or wireless communication technique, and such as mobile high definition chained technology (MHL) leads to
It is blue with universal serial bus (USB), high-definition media interface (HDMI), adopting wireless fidelity technology (WiFi), Bluetooth Communication Technology, low-power consumption
The tooth communication technology, communication technology based on IEEE802.11s etc..Specifically, in the present embodiment, the network port can be passed through
500 import the disaggregated model etc. that training is completed to processor 200.
Present invention also provides a kind of computer readable storage medium, which may include:USB flash disk, mobile hard disk,
Read-only memory (Read-Only Memory, ROM), random access memory (Random Access Memory, RAM), magnetic
The various media that can store program code such as dish or CD.Computer program, the calculating are stored on the storage medium
Machine program realizes following steps when being executed by processor:When the access request for the process that receives, the agreement of the process is judged
Whether type is udp protocol;If so, obtaining the traffic characteristic of the process;Wherein, the traffic characteristic includes at least described
The connection number and uplink traffic of process;The P2P flow detection result of the process is obtained according to the traffic characteristic.
The embodiment of the present application detects P2P flow by traffic characteristic, which includes but is not limited to the connection of process
Several and uplink traffic also uses the connection number of process compared with the scheme of uplink traffic is only used only in the prior art.In reality
In, lower using process (such as uploading local file using Dropbox process) general connection number of Transmission Control Protocol, the application is real
It applies example and the higher feature judgement P2P flow of P2P flow connection number is utilized, improve the accuracy of P2P flow detection, greatly
The risk for reducing erroneous judgement reduces the risk for influencing normal software operation.
Preferably, when the computer subprogram stored in the computer readable storage medium is executed by processor, specifically
Following steps may be implemented:The protocol type of process described in structure decision by the data packet for analyzing the process whether be
Udp protocol.
Preferably, when the computer subprogram stored in the computer readable storage medium is executed by processor, specifically
Following steps may be implemented:The purpose IP address of the data packet is connected, and judges whether successful connection;If it is not, then determining institute
The protocol type for stating process is udp protocol.
Preferably, when the computer subprogram stored in the computer readable storage medium is executed by processor, specifically
Following steps may be implemented:Judge whether the connection number is greater than the first preset value and whether the uplink traffic is greater than second in advance
If value;If being, determine the process for abnormal P2P flow.
Preferably, when the computer subprogram stored in the computer readable storage medium is executed by processor, specifically
Following steps may be implemented:Intercept the access request of the process.
Preferably, when the computer subprogram stored in the computer readable storage medium is executed by processor, specifically
Following steps may be implemented:Prompt information is sent to management terminal according to the traffic characteristic, so as to management terminal selection
Whether the access request of the process is intercepted;After the interception order for receiving the management terminal, executes and intercept the process
The step of access request.
Preferably, when the computer subprogram stored in the computer readable storage medium is executed by processor, specifically
Following steps may be implemented:The digital signature information of the process is obtained, and is judged in pre-stored digital signature white list
Whether include the process digital signature information;If it is not, then executing the step of determining the process for abnormal P2P flow.
The foregoing description of the disclosed embodiments makes professional and technical personnel in the field can be realized or use the application.
Various modifications to these embodiments will be readily apparent to those skilled in the art, as defined herein
General Principle can be realized in other embodiments without departing from the spirit or scope of the application.Therefore, the application
It is not intended to be limited to the embodiments shown herein, and is to fit to and the principles and novel features disclosed herein phase one
The widest scope of cause.
Each embodiment is described in a progressive manner in specification, the highlights of each of the examples are with other realities
The difference of example is applied, the same or similar parts in each embodiment may refer to each other.For system disclosed in embodiment
Speech, since it is corresponded to the methods disclosed in the examples, so being described relatively simple, related place is referring to method part illustration
?.It should be pointed out that for those skilled in the art, under the premise of not departing from the application principle, also
Can to the application, some improvement and modification can also be carried out, these improvement and modification also fall into the protection scope of the claim of this application
It is interior.
It should also be noted that, in the present specification, relational terms such as first and second and the like be used merely to by
One entity or operation are distinguished with another entity or operation, without necessarily requiring or implying these entities or operation
Between there are any actual relationship or orders.Moreover, the terms "include", "comprise" or its any other variant meaning
Covering non-exclusive inclusion, so that the process, method, article or equipment for including a series of elements not only includes that
A little elements, but also including other elements that are not explicitly listed, or further include for this process, method, article or
The intrinsic element of equipment.In the absence of more restrictions, the element limited by sentence "including a ...", is not arranged
Except there is also other identical elements in the process, method, article or apparatus that includes the element.
Claims (10)
1. a kind of P2P flow rate testing methods, which is characterized in that including:
When the access request for the process that receives, judge whether the protocol type of the process is udp protocol;
If so, obtaining the traffic characteristic of the process;Wherein, the traffic characteristic include at least the process connection number and
Uplink traffic;
The P2P flow detection result of the process is obtained according to the traffic characteristic.
2. P2P flow rate testing methods according to claim 1, which is characterized in that judge the process protocol type whether
For udp protocol, including:
Whether the protocol type of process described in the structure decision by the data packet for analyzing the process is udp protocol.
3. P2P flow rate testing methods according to claim 2, which is characterized in that by the data packet for analyzing the process
The protocol type of process described in structure decision be udp protocol after, further include:
The purpose IP address of the data packet is connected, and judges whether successful connection;
If it is not, then determining the protocol type of the process for udp protocol.
4. P2P flow rate testing methods according to claim 1, which is characterized in that according to the traffic characteristic obtain it is described into
The P2P flow detection of journey is as a result, include:
Judge whether the connection number is greater than the first preset value and whether the uplink traffic is greater than the second preset value;
If being, determine the process for abnormal P2P flow.
5. P2P flow rate testing methods according to claim 4, which is characterized in that determine the process for abnormal P2P flow it
Afterwards, further include:
Intercept the access request of the process.
6. P2P flow rate testing methods according to claim 5, which is characterized in that before the access request for intercepting the process,
Further include:
Send prompt information to management terminal according to the traffic characteristic, so as to the management terminal choose whether to intercept it is described into
The access request of journey;
After the interception order for receiving the management terminal, the step of executing the access request for intercepting the process.
7. according to any one of the claim 4-6 P2P flow rate testing methods, which is characterized in that determine the process for exception
Before P2P flow, further include:
Obtain the digital signature information of the process, and judge in pre-stored digital signature white list whether include it is described into
The digital signature information of journey;
If it is not, then executing the step of determining the process for abnormal P2P flow.
8. a kind of P2P flow quantity detecting system, which is characterized in that including:
Judgment module, for when the access request for the process that receives, judging whether the protocol type of the process is UDP association
View;
Module is obtained, for obtaining the traffic characteristic of the process when the protocol type of the process is udp protocol;Wherein,
The traffic characteristic includes at least the connection number and uplink traffic of the process;
Detection module, for obtaining the P2P flow detection result of the process according to the traffic characteristic.
9. a kind of electronic equipment, which is characterized in that including:
Memory, for storing computer program;
Processor realizes the flow detection side P2P as described in any one of claim 1 to 7 when for executing the computer program
The step of method.
10. a kind of computer readable storage medium, which is characterized in that be stored with computer on the computer readable storage medium
Program realizes the P2P flow rate testing methods as described in any one of claim 1 to 7 when the computer program is executed by processor
The step of.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201810879008.8A CN108848004A (en) | 2018-08-03 | 2018-08-03 | A kind of P2P flow rate testing methods, system and equipment and storage medium |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201810879008.8A CN108848004A (en) | 2018-08-03 | 2018-08-03 | A kind of P2P flow rate testing methods, system and equipment and storage medium |
Publications (1)
Publication Number | Publication Date |
---|---|
CN108848004A true CN108848004A (en) | 2018-11-20 |
Family
ID=64195700
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201810879008.8A Pending CN108848004A (en) | 2018-08-03 | 2018-08-03 | A kind of P2P flow rate testing methods, system and equipment and storage medium |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN108848004A (en) |
Cited By (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN109347876A (en) * | 2018-11-29 | 2019-02-15 | 深圳市网心科技有限公司 | A kind of safety defense method and relevant apparatus |
CN109547449A (en) * | 2018-11-29 | 2019-03-29 | 深圳市网心科技有限公司 | A kind of safety detection method and relevant apparatus |
CN111756716A (en) * | 2020-06-15 | 2020-10-09 | 深信服科技股份有限公司 | Flow detection method and device and computer readable storage medium |
Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101051997A (en) * | 2006-11-20 | 2007-10-10 | 深圳市深信服电子科技有限公司 | P2P flow identifying control method based on network application |
CN101510841A (en) * | 2008-12-31 | 2009-08-19 | 成都市华为赛门铁克科技有限公司 | Method and system for recognizing end-to-end flux |
CN102035750A (en) * | 2010-12-31 | 2011-04-27 | 杭州华三通信技术有限公司 | Peer-to-peer (P2P) flow recognizing method and device |
CN102045257A (en) * | 2010-12-22 | 2011-05-04 | 上海亿煌信息技术有限公司 | Peer-to-peer software (P2P) recognition method based on multi-protocol bidirectional single link |
CN102055627A (en) * | 2011-01-04 | 2011-05-11 | 深信服网络科技(深圳)有限公司 | Method and device for identifying peer-to-peer (P2P) application connection |
EP2568681A1 (en) * | 2011-09-07 | 2013-03-13 | Deutsche Telekom AG | Network communication device for communicating over a communication network |
-
2018
- 2018-08-03 CN CN201810879008.8A patent/CN108848004A/en active Pending
Patent Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101051997A (en) * | 2006-11-20 | 2007-10-10 | 深圳市深信服电子科技有限公司 | P2P flow identifying control method based on network application |
CN101510841A (en) * | 2008-12-31 | 2009-08-19 | 成都市华为赛门铁克科技有限公司 | Method and system for recognizing end-to-end flux |
CN102045257A (en) * | 2010-12-22 | 2011-05-04 | 上海亿煌信息技术有限公司 | Peer-to-peer software (P2P) recognition method based on multi-protocol bidirectional single link |
CN102035750A (en) * | 2010-12-31 | 2011-04-27 | 杭州华三通信技术有限公司 | Peer-to-peer (P2P) flow recognizing method and device |
CN102055627A (en) * | 2011-01-04 | 2011-05-11 | 深信服网络科技(深圳)有限公司 | Method and device for identifying peer-to-peer (P2P) application connection |
EP2568681A1 (en) * | 2011-09-07 | 2013-03-13 | Deutsche Telekom AG | Network communication device for communicating over a communication network |
Cited By (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN109347876A (en) * | 2018-11-29 | 2019-02-15 | 深圳市网心科技有限公司 | A kind of safety defense method and relevant apparatus |
CN109547449A (en) * | 2018-11-29 | 2019-03-29 | 深圳市网心科技有限公司 | A kind of safety detection method and relevant apparatus |
CN109547449B (en) * | 2018-11-29 | 2021-09-24 | 深圳市网心科技有限公司 | Safety detection method and related device |
CN111756716A (en) * | 2020-06-15 | 2020-10-09 | 深信服科技股份有限公司 | Flow detection method and device and computer readable storage medium |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
JP6559694B2 (en) | Automatic SDK acceptance | |
CN111600781B (en) | Firewall system stability testing method based on tester | |
CN111937006B (en) | System for determining performance based on entropy | |
CN110417778B (en) | Access request processing method and device | |
CN108848004A (en) | A kind of P2P flow rate testing methods, system and equipment and storage medium | |
CN106911687B (en) | Page construction control method and device | |
CN111104675A (en) | Method and device for detecting system security vulnerability | |
KR101491639B1 (en) | Method for determining type of network and method for providing contents by using the same | |
CN112615858B (en) | Internet of things equipment monitoring method, device and system | |
CN112163198B (en) | Host login security detection method, system, device and storage medium | |
CN107864117A (en) | Webpage hold-up interception method, device and computer-readable recording medium | |
CN108985095A (en) | A kind of non-public file access method, system and electronic equipment and storage medium | |
CN109688093A (en) | Firewall policy verification method, system, equipment and readable storage medium storing program for executing | |
US10965539B2 (en) | System and method for distributed testing of end-to-end performance of a server | |
CN108777679A (en) | Flow access relation generation method, device and the readable storage medium storing program for executing of terminal | |
CN111181771A (en) | Security changing abnormity positioning method and device based on fort machine and electronic equipment | |
CN109347819A (en) | A kind of virus mail detection method, system and electronic equipment and storage medium | |
CN104320285A (en) | Website running status monitoring method and device | |
WO2021139345A1 (en) | Method and apparatus for displaying network state during call process, and computer device and medium | |
CN110971482B (en) | Back-end server detection method and device based on ebpf and electronic equipment | |
CN102143085B (en) | Multi-dimensional network situation awareness method, equipment and system | |
US20160065444A1 (en) | Anomaly detection based on combinations of cause value, message type, response time (gtp-c) | |
CN107666414A (en) | A kind of network performance optimizing method, system and computer-readable recording medium | |
CN114465710A (en) | Vulnerability detection method, device, equipment and storage medium based on flow | |
CN109688099A (en) | Server end hits library recognition methods, device, equipment and readable storage medium storing program for executing |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
RJ01 | Rejection of invention patent application after publication |
Application publication date: 20181120 |
|
RJ01 | Rejection of invention patent application after publication |