CN108848004A - A kind of P2P flow rate testing methods, system and equipment and storage medium - Google Patents

A kind of P2P flow rate testing methods, system and equipment and storage medium Download PDF

Info

Publication number
CN108848004A
CN108848004A CN201810879008.8A CN201810879008A CN108848004A CN 108848004 A CN108848004 A CN 108848004A CN 201810879008 A CN201810879008 A CN 201810879008A CN 108848004 A CN108848004 A CN 108848004A
Authority
CN
China
Prior art keywords
flow
traffic characteristic
flow rate
testing methods
rate testing
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201810879008.8A
Other languages
Chinese (zh)
Inventor
杜琛
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Shenzhen Onething Technology Co Ltd
Original Assignee
Shenzhen Onething Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Shenzhen Onething Technology Co Ltd filed Critical Shenzhen Onething Technology Co Ltd
Priority to CN201810879008.8A priority Critical patent/CN108848004A/en
Publication of CN108848004A publication Critical patent/CN108848004A/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L43/00Arrangements for monitoring or testing data switching networks
    • H04L43/08Monitoring or testing based on specific metrics, e.g. QoS, energy consumption or environmental parameters
    • H04L43/0876Network utilisation, e.g. volume of load or congestion level
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L43/00Arrangements for monitoring or testing data switching networks
    • H04L43/06Generation of reports
    • H04L43/062Generation of reports related to network traffic
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • H04L63/1425Traffic logging, e.g. anomaly detection
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L43/00Arrangements for monitoring or testing data switching networks
    • H04L43/18Protocol analysers
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/12Applying verification of the received information

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Environmental & Geological Engineering (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

This application discloses a kind of P2P flow rate testing methods, system and equipment and computer readable storage medium, this method to include:When the access request for the process that receives, judge whether the protocol type of the process is udp protocol;If so, obtaining the traffic characteristic of the process;Wherein, the traffic characteristic includes at least the connection number and uplink traffic of the process;The P2P flow detection result of the process is obtained according to the traffic characteristic.P2P flow rate testing methods provided by the present application detect P2P flow by traffic characteristic, the traffic characteristic includes but is not limited to the connection number and uplink traffic of process, the higher feature of P2P flow connection number is utilized and determines P2P flow, improve the accuracy of P2P flow detection, the risk for greatly reducing erroneous judgement reduces the risk for influencing normal software operation.

Description

A kind of P2P flow rate testing methods, system and equipment and storage medium
Technical field
This application involves field of computer technology, more specifically to a kind of P2P flow rate testing methods, system and set Standby and a kind of computer readable storage medium.
Background technique
With the development of network, P2P network (Chinese name of new generation:Peer-to-peer network, full name in English:Peer to Peer Networking) technology is widely used.P2P application mainly includes file-sharing, P2P Streaming Media view currently popular Frequency and instant messaging etc..While P2P technology continues to develop, the network traffic data that various P2P applications generate is alreadyd exceed Traditional network service, becomes the maximum consumer of network bandwidth, brings heavy burden to network, also gives major operation Quotient manages P2P flow and brings huge challenge.Internet massive band width is occupied by P2P application, to the service quality of other application Threat is formd, the interests of Internet Service Provider are also compromised, in order to guarantee that network can normally orderly operation, it is necessary to right P2P network flow is identified and is monitored, and the performance of network service is improved.
In the prior art, general network monitoring software, such as 360 network monitoring softwares etc. are general to pass through analysis net Network uplink traffic, and the specific process for using P2P network flow is determined according to the corresponding relationship of uplink traffic and process.But Only it will cause biggish erroneous judgement using only the uplink traffic of network, the accuracy of P2P flow detection is lower.
Therefore, how to improve the accuracy of P2P flow detection is those skilled in the art's problem to be solved.
Summary of the invention
The application's is designed to provide a kind of P2P flow rate testing methods, system and equipment and a kind of computer-readable deposits Storage media improves the accuracy of P2P flow detection.
To achieve the above object, this application provides a kind of P2P flow rate testing methods, including:
When the access request for the process that receives, judge whether the protocol type of the process is udp protocol;
If so, obtaining the traffic characteristic of the process;Wherein, the traffic characteristic includes at least the connection of the process Several and uplink traffic;
The P2P flow detection result of the process is obtained according to the traffic characteristic.
Wherein, whether the protocol type for judging the process is udp protocol, including:
Whether the protocol type of process described in the structure decision by the data packet for analyzing the process is udp protocol.
Wherein, the protocol type of process described in the structure decision by the data packet for analyzing the process be udp protocol it Afterwards, further include:
The purpose IP address of the data packet is connected, and judges whether successful connection;
If it is not, then determining the protocol type of the process for udp protocol.
Wherein, the P2P flow detection of the process is obtained as a result, including according to the traffic characteristic:
Judge whether the connection number is greater than the first preset value and whether the uplink traffic is greater than the second preset value;
If being, determine the process for abnormal P2P flow.
Wherein, after determining the process for abnormal P2P flow, further include:
Intercept the access request of the process.
Wherein, before the access request for intercepting the process, further include:
Prompt information is sent to management terminal according to the traffic characteristic, so that the management terminal chooses whether to intercept institute State the access request of process;
After the interception order for receiving the management terminal, the step of executing the access request for intercepting the process.
Wherein, before determining the process for abnormal P2P flow, further include:
The digital signature information of the process is obtained, and judges in pre-stored digital signature white list whether to include institute State the digital signature information of process;
If it is not, then executing the step of determining the process for abnormal P2P flow.
To achieve the above object, this application provides a kind of P2P flow quantity detecting systems, including:
Judgment module, for when the access request for the process that receives, judging whether the protocol type of the process is UDP Agreement;
Module is obtained, for obtaining the traffic characteristic of the process when the protocol type of the process is udp protocol; Wherein, the traffic characteristic includes at least the connection number and uplink traffic of the process;
Detection module, for obtaining the P2P flow detection result of the process according to the traffic characteristic.
To achieve the above object, this application provides a kind of P2P flow detection devices, including:
Memory, for storing computer program;
Processor is realized when for executing the computer program such as the step of above-mentioned P2P flow rate testing methods.
To achieve the above object, this application provides a kind of computer readable storage medium, the computer-readable storages It is stored with computer program on medium, such as above-mentioned P2P flow rate testing methods are realized when the computer program is executed by processor The step of.
By above scheme it is found that a kind of P2P flow rate testing methods provided by the present application, including:When receiving process When access request, judge whether the protocol type of the process is udp protocol;If so, obtaining the traffic characteristic of the process; Wherein, the traffic characteristic includes at least the connection number and uplink traffic of the process;It is obtained according to the traffic characteristic described The P2P flow detection result of process.
P2P flow rate testing methods provided by the present application detect P2P flow by traffic characteristic, which includes but not The connection number and uplink traffic for being limited to process also use process compared with the scheme of uplink traffic is only used only in the prior art Connection number.In practical applications, Transmission Control Protocol (Chinese name is utilized:Transmission control protocol, full name in English:Transmission Control Protocol) the general connection number of process (such as utilize Dropbox process upload local file) it is lower, the application mentions The P2P flow rate testing methods of confession are utilized the higher feature of P2P flow connection number and determine P2P flow, improve P2P flow detection Accuracy, greatly reduce the risk of erroneous judgement, reduce influence normal software operation risk.Disclosed herein as well is one Kind P2P flow quantity detecting system and equipment and a kind of computer readable storage medium, are equally able to achieve above-mentioned technical effect.
Detailed description of the invention
In order to illustrate the technical solutions in the embodiments of the present application or in the prior art more clearly, to embodiment or will show below There is attached drawing needed in technical description to be briefly described, it should be apparent that, the accompanying drawings in the following description is only this Some embodiments of application for those of ordinary skill in the art without creative efforts, can be with It obtains other drawings based on these drawings.
Fig. 1 is a kind of flow chart of P2P flow rate testing methods disclosed in the embodiment of the present application;
Fig. 2 is the flow chart of another kind P2P flow rate testing methods disclosed in the embodiment of the present application;
Fig. 3 is a kind of structure chart of P2P flow quantity detecting system disclosed in the embodiment of the present application;
Fig. 4 is the structure chart of another kind P2P flow quantity detecting system disclosed in the embodiment of the present application;
Fig. 5 is a kind of structure chart of P2P flow detection device disclosed in the embodiment of the present application;
Fig. 6 is the structure chart of another kind P2P flow detection device disclosed in the embodiment of the present application.
Specific embodiment
Below in conjunction with the attached drawing in the embodiment of the present application, technical solutions in the embodiments of the present application carries out clear, complete Site preparation description, it is clear that described embodiments are only a part of embodiments of the present application, instead of all the embodiments.It is based on Embodiment in the application, it is obtained by those of ordinary skill in the art without making creative efforts every other Embodiment shall fall in the protection scope of this application.
The embodiment of the present application discloses a kind of P2P flow rate testing methods, improves the accuracy of P2P flow detection.
Referring to Fig. 1, a kind of flow chart of P2P flow rate testing methods disclosed in the embodiment of the present application, as shown in Figure 1, including:
S101:When the access request for the process that receives, judge whether the protocol type of the process is udp protocol;If It is then to enter S102;If it is not, then terminating process;
It is understood that due to using the process one of P2P flow to be set to udp protocol (Chinese name:User Datagram Protocol View, full name in English:User Datagram Protocol), therefore this is first determined whether in the access request that filter layer intercepts process The protocol type of process, if the protocol type of the process is Transmission Control Protocol, which is not centainly P2P flow, after not needing progress Continuous step.
It should be noted that not limiting the concrete mode for obtaining protocol type herein, those skilled in the art can root Flexible choice is carried out according to actual conditions.It can be sentenced as a preferred implementation manner, by the structure of the data packet of analysis process Whether the protocol type for the process of breaking is udp protocol.Since the packet header structure of Transmission Control Protocol and udp protocol has very greatly Difference, specifically, the packet header of udp protocol include source port, destination port, length, verification and and data, and TCP The packet header of agreement further includes serial number, confirmation number, window pointer etc., therefore, passes through data packet packet in addition to above- mentioned information Head is easy to whether difference is udp protocol.
In order to further prevent judging by accident, the mode for reversely connecting IP verification can be combined with, specifically, connecting the data The purpose IP address of packet, and judge whether successful connection;If it is not, then the protocol type of the process is TCP type, if it is not, then sentencing The protocol type of the fixed process is udp protocol.
S102:Obtain the traffic characteristic of the process;Wherein, the traffic characteristic includes at least the connection number of the process And uplink traffic;
In specific implementation, the access request that process is intercepted in filter layer, when the protocol type of the process is udp protocol When, the traffic characteristic of the process is obtained, the flow analysis so as to subsequent step to process.Traffic characteristic herein include at least into The connection number and uplink traffic of journey can also include certainly other features, such as protocol type, be not specifically limited herein.? In the prior art, the traffic characteristic that flow analysis uses is only uplink traffic, be easy to cause erroneous judgement, and in the sheet of the present embodiment The connection number for having used process in step simultaneously, improves the accuracy of P2P flow detection, greatly reduces the wind of erroneous judgement Danger reduces the risk for influencing normal software operation.
S103:The P2P flow detection result of the process is obtained according to the traffic characteristic.
In specific implementation, P2P flow detection result is obtained using the traffic characteristic that previous step obtains.The present embodiment is not P2P flow detection result concrete form is limited, those skilled in the art can flexible setting according to the actual situation.
For example, the P2P flow detection result can be whether the process is P2P flow.Same unlimited regular inspection, which is surveyed, herein is somebody's turn to do Process whether be P2P flow concrete mode, can use known P2P flow detection result process traffic characteristic training classification Model, and the traffic characteristic of the process is inputted in the disaggregated model that training is completed and obtains testing result.For another example, the P2P flow Testing result can also include whether the process is abnormal P2P flow, will describe in detail in next embodiment.
P2P flow rate testing methods provided by the embodiments of the present application detect P2P flow, the traffic characteristic packet by traffic characteristic It includes but the connection number and uplink traffic for being not limited to process also uses compared with the scheme of uplink traffic is only used only in the prior art The connection number of process.In practical applications, the process of Transmission Control Protocol (such as uploading local file using Dropbox process) one is utilized As connection number it is lower, P2P flow rate testing methods provided by the embodiments of the present application are utilized the higher feature of P2P flow connection number and sentence Determine P2P flow, improve the accuracy of P2P flow detection, greatly reduce the risk of erroneous judgement, reduces influence normal software The risk of operation.
The embodiment of the present application discloses a kind of P2P flow rate testing methods, and relative to a upper embodiment, the present embodiment is to technology Scheme has made further instruction and optimization.Specifically:
Referring to fig. 2, the flow chart of another kind P2P flow rate testing methods provided by the embodiments of the present application, as shown in Fig. 2, packet It includes:
S201:When the access request for the process that receives, judge whether the protocol type of the process is udp protocol;If It is then to enter S202;If it is not, then terminating process;
S202:Obtain the traffic characteristic of the process;Wherein, the traffic characteristic includes at least the connection number of the process And uplink traffic;
S203:Judge whether the connection number is greater than the first preset value and whether the uplink traffic is greater than second and presets Value;If being, determine the process for abnormal P2P flow.
In specific implementation, abnormal P2P flow has biggish connection number and biggish unit time uplink traffic simultaneously, It is excessive to occupy upstream bandwidth, therefore uplink traffic is preset greater than second greater than the first preset value, in the unit time by connection number The process of value is determined as abnormal P2P flow.As a preferred implementation manner, after judging process for exception P2P flow, intercept The access request of the process.It can certainly be decided whether to intercept the access request by manager, specifically, according to the process Traffic characteristic sends prompt information when management terminal selection intercepts the access request to management terminal and executes and intercept the process Access request the step of.It, can also basis as a preferred implementation manner, after the access request for intercepting the process Traffic characteristic sends a warning message to management terminal.
On the basis of the above embodiments, setting process white list can also be passed through as a preferred implementation manner, Mode further prevents judging by accident, specifically, further including before determining the process for abnormal P2P flow:Obtain the process Digital signature information, and judge in pre-stored digital signature white list whether include the process digital signature information; If it is not, then executing the step of determining the process for abnormal P2P flow.
It is understood that this step, which defaults each process for allowing to access non-public file, its corresponding number label Name.It in specific implementation, can be that the equipment each requested access to is promulgated by GlobalSign (global certificate management authority) Digital signature, the digital signature are the digital signature of the process for the non-public file of access initiated by the equipment.Setting herein Standby can be specially the mobile devices such as mobile phone, tablet computer and laptop, can also be the other equipment such as desktop computer, utilize The process that above equipment is initiated is to have the digital signature of the equipment.The white name of digital signature is previously stored with sample step default Single, that is, the process for possessing the digital signature in digital signature white list is considered as legal P2P flow.It should be noted that should Digital signature white list can store in filter layer, when filter layer intercepts the access request of process, carry out number in time The screening of signature.When digital signature white list includes the digital signature information of process, allow the access request of the process, if not In the presence of then determining the process for abnormal P2P flow.Since digital signature list is that GlobalSign is formed and stored in filtering In layer, safety is higher.
A kind of P2P flow quantity detecting system provided by the embodiments of the present application is introduced below, a kind of P2P described below Flow quantity detecting system can be cross-referenced with a kind of above-described P2P flow rate testing methods.
Referring to Fig. 3, a kind of structure chart of P2P flow quantity detecting system provided by the embodiments of the present application, as shown in figure 3, including:
Judgment module 301, for when the access request for the process that receives, judge the process protocol type whether be Udp protocol;
Module 302 is obtained, for when the protocol type of the process is udp protocol, the flow for obtaining the process to be special Sign;Wherein, the traffic characteristic includes at least the connection number and uplink traffic of the process;
Detection module 303, for obtaining the P2P flow detection result of the process according to the traffic characteristic.
On the basis of the above embodiments, as a preferred implementation manner, the judgment module 301 specifically by point Analyse process described in the structure decision of the data packet of the process protocol type whether be udp protocol module.
On the basis of the above embodiments, further include as a preferred implementation manner,:
Link block for connecting the purpose IP address of the data packet, and judges whether successful connection;If it is not, then sentencing The protocol type of the fixed process is udp protocol.
P2P flow quantity detecting system provided by the embodiments of the present application detects P2P flow, the traffic characteristic packet by traffic characteristic It includes but the connection number and uplink traffic for being not limited to process also uses compared with the scheme of uplink traffic is only used only in the prior art The connection number of process.In practical applications, the process of Transmission Control Protocol (such as uploading local file using Dropbox process) one is utilized As connection number it is lower, P2P flow quantity detecting system provided by the embodiments of the present application is utilized the higher feature of P2P flow connection number and sentences Determine P2P flow, improve the accuracy of P2P flow detection, greatly reduce the risk of erroneous judgement, reduces influence normal software The risk of operation.
The embodiment of the present application discloses a kind of P2P flow quantity detecting system, and relative to a upper embodiment, the present embodiment is to technology Scheme has made further instruction and optimization.Specifically:
Referring to fig. 4, the structure chart of another kind P2P flow quantity detecting system provided by the embodiments of the present application, as shown in figure 4, packet It includes:
Judgment module 401, for when the access request for the process that receives, judge the process protocol type whether be Udp protocol;
Module 402 is obtained, for when the protocol type of the process is udp protocol, the flow for obtaining the process to be special Sign;Wherein, the traffic characteristic includes at least the connection number and uplink traffic of the process;
Detection module 403, for judging whether the connection number is greater than the first preset value and whether the uplink traffic is big In the second preset value;If being, determine the process for abnormal P2P flow.
On the basis of the above embodiments, further include as a preferred implementation manner,:
Blocking module, for intercepting the access request of the process.
On the basis of the above embodiments, further include as a preferred implementation manner,:
Sending module, for sending prompt information to management terminal according to the traffic characteristic, so as to the management terminal Choose whether to intercept the access request of the process;
Receiving module, after the interception order for receiving the management terminal, the access for executing the interception process is asked The step of asking.
On the basis of the above embodiments, further include as a preferred implementation manner,:
Signature blocks are verified, for obtaining the digital signature information of the process, and judge pre-stored digital signature In white list whether include the process digital signature information;If it is not, then determining the process for abnormal P2P flow.
Present invention also provides a kind of P2P flow detection devices, referring to Fig. 5, a kind of P2P stream provided by the embodiments of the present application The structure chart for measuring detection device, as shown in figure 5, including:
Memory 100, for storing computer program;
Step provided by above-described embodiment may be implemented in processor 200 when for executing the computer program.
Specifically, memory 100 includes non-volatile memory medium, built-in storage.Non-volatile memory medium storage There are operating system and computer-readable instruction, which is that the operating system and computer in non-volatile memory medium can The operation of reading instruction provides environment.Processor 200 provides calculating and control ability for P2P flow detection device, deposits described in execution When the computer program saved in reservoir 100, following steps may be implemented:When the access request for the process that receives, institute is judged Whether the protocol type for stating process is udp protocol;If so, obtaining the traffic characteristic of the process;Wherein, the traffic characteristic Including at least the connection number and uplink traffic of the process;The P2P flow detection of the process is obtained according to the traffic characteristic As a result.
The embodiment of the present application detects P2P flow by traffic characteristic, which includes but is not limited to the connection of process Several and uplink traffic also uses the connection number of process compared with the scheme of uplink traffic is only used only in the prior art.In reality In, lower using process (such as uploading local file using Dropbox process) general connection number of Transmission Control Protocol, the application is real It applies example and the higher feature judgement P2P flow of P2P flow connection number is utilized, improve the accuracy of P2P flow detection, greatly The risk for reducing erroneous judgement reduces the risk for influencing normal software operation.
Preferably, it when the processor 200 executes the computer subprogram saved in the memory 100, may be implemented Following steps:Whether the protocol type of process described in the structure decision by the data packet for analyzing the process is udp protocol.
Preferably, it when the processor 200 executes the computer subprogram saved in the memory 100, may be implemented Following steps:The purpose IP address of the data packet is connected, and judges whether successful connection;If it is not, then determining the process Protocol type is udp protocol.
Preferably, it when the processor 200 executes the computer subprogram saved in the memory 100, may be implemented Following steps:Judge whether the connection number is greater than the first preset value and whether the uplink traffic is greater than the second preset value;If It is to determine the process for abnormal P2P flow.
Preferably, it when the processor 200 executes the computer subprogram saved in the memory 100, may be implemented Following steps:Intercept the access request of the process.
Preferably, it when the processor 200 executes the computer subprogram saved in the memory 100, may be implemented Following steps:Prompt information is sent to management terminal according to the traffic characteristic, so that the management terminal chooses whether to intercept The access request of the process;After the interception order for receiving the management terminal, the access request for intercepting the process is executed The step of.
Preferably, it when the processor 200 executes the computer subprogram saved in the memory 100, may be implemented Following steps:Obtain the digital signature information of the process, and judge in pre-stored digital signature white list whether include The digital signature information of the process;If it is not, then executing the step of determining the process for abnormal P2P flow.
On the basis of the above embodiments, preferably, referring to Fig. 6, the P2P flow detection device is also wrapped It includes:
Input interface 300 is connected with processor 200, for obtaining computer program, parameter and the instruction of external importing, It saves through the control of processor 200 into memory 100.The input interface 300 can be connected with input unit, and it is manual to receive user The parameter or instruction of input.The input unit can be the touch layer covered on display screen, be also possible to be arranged in terminal enclosure Key, trace ball or Trackpad, be also possible to keyboard, Trackpad or mouse etc..
Display unit 400 is connected with processor 200, the data sent for video-stream processor 200.The display unit 400 It can be display screen, liquid crystal display or the electric ink display screen etc. in PC machine.It, can be with specifically, in the present embodiment P2P flow detection result etc. is shown by display unit 400.
The network port 500 is connected with processor 200, for being communicatively coupled with external each terminal device.The communication link The communication technology used by connecing can be cable communicating technology or wireless communication technique, and such as mobile high definition chained technology (MHL) leads to It is blue with universal serial bus (USB), high-definition media interface (HDMI), adopting wireless fidelity technology (WiFi), Bluetooth Communication Technology, low-power consumption The tooth communication technology, communication technology based on IEEE802.11s etc..Specifically, in the present embodiment, the network port can be passed through 500 import the disaggregated model etc. that training is completed to processor 200.
Present invention also provides a kind of computer readable storage medium, which may include:USB flash disk, mobile hard disk, Read-only memory (Read-Only Memory, ROM), random access memory (Random Access Memory, RAM), magnetic The various media that can store program code such as dish or CD.Computer program, the calculating are stored on the storage medium Machine program realizes following steps when being executed by processor:When the access request for the process that receives, the agreement of the process is judged Whether type is udp protocol;If so, obtaining the traffic characteristic of the process;Wherein, the traffic characteristic includes at least described The connection number and uplink traffic of process;The P2P flow detection result of the process is obtained according to the traffic characteristic.
The embodiment of the present application detects P2P flow by traffic characteristic, which includes but is not limited to the connection of process Several and uplink traffic also uses the connection number of process compared with the scheme of uplink traffic is only used only in the prior art.In reality In, lower using process (such as uploading local file using Dropbox process) general connection number of Transmission Control Protocol, the application is real It applies example and the higher feature judgement P2P flow of P2P flow connection number is utilized, improve the accuracy of P2P flow detection, greatly The risk for reducing erroneous judgement reduces the risk for influencing normal software operation.
Preferably, when the computer subprogram stored in the computer readable storage medium is executed by processor, specifically Following steps may be implemented:The protocol type of process described in structure decision by the data packet for analyzing the process whether be Udp protocol.
Preferably, when the computer subprogram stored in the computer readable storage medium is executed by processor, specifically Following steps may be implemented:The purpose IP address of the data packet is connected, and judges whether successful connection;If it is not, then determining institute The protocol type for stating process is udp protocol.
Preferably, when the computer subprogram stored in the computer readable storage medium is executed by processor, specifically Following steps may be implemented:Judge whether the connection number is greater than the first preset value and whether the uplink traffic is greater than second in advance If value;If being, determine the process for abnormal P2P flow.
Preferably, when the computer subprogram stored in the computer readable storage medium is executed by processor, specifically Following steps may be implemented:Intercept the access request of the process.
Preferably, when the computer subprogram stored in the computer readable storage medium is executed by processor, specifically Following steps may be implemented:Prompt information is sent to management terminal according to the traffic characteristic, so as to management terminal selection Whether the access request of the process is intercepted;After the interception order for receiving the management terminal, executes and intercept the process The step of access request.
Preferably, when the computer subprogram stored in the computer readable storage medium is executed by processor, specifically Following steps may be implemented:The digital signature information of the process is obtained, and is judged in pre-stored digital signature white list Whether include the process digital signature information;If it is not, then executing the step of determining the process for abnormal P2P flow.
The foregoing description of the disclosed embodiments makes professional and technical personnel in the field can be realized or use the application. Various modifications to these embodiments will be readily apparent to those skilled in the art, as defined herein General Principle can be realized in other embodiments without departing from the spirit or scope of the application.Therefore, the application It is not intended to be limited to the embodiments shown herein, and is to fit to and the principles and novel features disclosed herein phase one The widest scope of cause.
Each embodiment is described in a progressive manner in specification, the highlights of each of the examples are with other realities The difference of example is applied, the same or similar parts in each embodiment may refer to each other.For system disclosed in embodiment Speech, since it is corresponded to the methods disclosed in the examples, so being described relatively simple, related place is referring to method part illustration ?.It should be pointed out that for those skilled in the art, under the premise of not departing from the application principle, also Can to the application, some improvement and modification can also be carried out, these improvement and modification also fall into the protection scope of the claim of this application It is interior.
It should also be noted that, in the present specification, relational terms such as first and second and the like be used merely to by One entity or operation are distinguished with another entity or operation, without necessarily requiring or implying these entities or operation Between there are any actual relationship or orders.Moreover, the terms "include", "comprise" or its any other variant meaning Covering non-exclusive inclusion, so that the process, method, article or equipment for including a series of elements not only includes that A little elements, but also including other elements that are not explicitly listed, or further include for this process, method, article or The intrinsic element of equipment.In the absence of more restrictions, the element limited by sentence "including a ...", is not arranged Except there is also other identical elements in the process, method, article or apparatus that includes the element.

Claims (10)

1. a kind of P2P flow rate testing methods, which is characterized in that including:
When the access request for the process that receives, judge whether the protocol type of the process is udp protocol;
If so, obtaining the traffic characteristic of the process;Wherein, the traffic characteristic include at least the process connection number and Uplink traffic;
The P2P flow detection result of the process is obtained according to the traffic characteristic.
2. P2P flow rate testing methods according to claim 1, which is characterized in that judge the process protocol type whether For udp protocol, including:
Whether the protocol type of process described in the structure decision by the data packet for analyzing the process is udp protocol.
3. P2P flow rate testing methods according to claim 2, which is characterized in that by the data packet for analyzing the process The protocol type of process described in structure decision be udp protocol after, further include:
The purpose IP address of the data packet is connected, and judges whether successful connection;
If it is not, then determining the protocol type of the process for udp protocol.
4. P2P flow rate testing methods according to claim 1, which is characterized in that according to the traffic characteristic obtain it is described into The P2P flow detection of journey is as a result, include:
Judge whether the connection number is greater than the first preset value and whether the uplink traffic is greater than the second preset value;
If being, determine the process for abnormal P2P flow.
5. P2P flow rate testing methods according to claim 4, which is characterized in that determine the process for abnormal P2P flow it Afterwards, further include:
Intercept the access request of the process.
6. P2P flow rate testing methods according to claim 5, which is characterized in that before the access request for intercepting the process, Further include:
Send prompt information to management terminal according to the traffic characteristic, so as to the management terminal choose whether to intercept it is described into The access request of journey;
After the interception order for receiving the management terminal, the step of executing the access request for intercepting the process.
7. according to any one of the claim 4-6 P2P flow rate testing methods, which is characterized in that determine the process for exception Before P2P flow, further include:
Obtain the digital signature information of the process, and judge in pre-stored digital signature white list whether include it is described into The digital signature information of journey;
If it is not, then executing the step of determining the process for abnormal P2P flow.
8. a kind of P2P flow quantity detecting system, which is characterized in that including:
Judgment module, for when the access request for the process that receives, judging whether the protocol type of the process is UDP association View;
Module is obtained, for obtaining the traffic characteristic of the process when the protocol type of the process is udp protocol;Wherein, The traffic characteristic includes at least the connection number and uplink traffic of the process;
Detection module, for obtaining the P2P flow detection result of the process according to the traffic characteristic.
9. a kind of electronic equipment, which is characterized in that including:
Memory, for storing computer program;
Processor realizes the flow detection side P2P as described in any one of claim 1 to 7 when for executing the computer program The step of method.
10. a kind of computer readable storage medium, which is characterized in that be stored with computer on the computer readable storage medium Program realizes the P2P flow rate testing methods as described in any one of claim 1 to 7 when the computer program is executed by processor The step of.
CN201810879008.8A 2018-08-03 2018-08-03 A kind of P2P flow rate testing methods, system and equipment and storage medium Pending CN108848004A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201810879008.8A CN108848004A (en) 2018-08-03 2018-08-03 A kind of P2P flow rate testing methods, system and equipment and storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201810879008.8A CN108848004A (en) 2018-08-03 2018-08-03 A kind of P2P flow rate testing methods, system and equipment and storage medium

Publications (1)

Publication Number Publication Date
CN108848004A true CN108848004A (en) 2018-11-20

Family

ID=64195700

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201810879008.8A Pending CN108848004A (en) 2018-08-03 2018-08-03 A kind of P2P flow rate testing methods, system and equipment and storage medium

Country Status (1)

Country Link
CN (1) CN108848004A (en)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109347876A (en) * 2018-11-29 2019-02-15 深圳市网心科技有限公司 A kind of safety defense method and relevant apparatus
CN109547449A (en) * 2018-11-29 2019-03-29 深圳市网心科技有限公司 A kind of safety detection method and relevant apparatus
CN111756716A (en) * 2020-06-15 2020-10-09 深信服科技股份有限公司 Flow detection method and device and computer readable storage medium

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101051997A (en) * 2006-11-20 2007-10-10 深圳市深信服电子科技有限公司 P2P flow identifying control method based on network application
CN101510841A (en) * 2008-12-31 2009-08-19 成都市华为赛门铁克科技有限公司 Method and system for recognizing end-to-end flux
CN102035750A (en) * 2010-12-31 2011-04-27 杭州华三通信技术有限公司 Peer-to-peer (P2P) flow recognizing method and device
CN102045257A (en) * 2010-12-22 2011-05-04 上海亿煌信息技术有限公司 Peer-to-peer software (P2P) recognition method based on multi-protocol bidirectional single link
CN102055627A (en) * 2011-01-04 2011-05-11 深信服网络科技(深圳)有限公司 Method and device for identifying peer-to-peer (P2P) application connection
EP2568681A1 (en) * 2011-09-07 2013-03-13 Deutsche Telekom AG Network communication device for communicating over a communication network

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101051997A (en) * 2006-11-20 2007-10-10 深圳市深信服电子科技有限公司 P2P flow identifying control method based on network application
CN101510841A (en) * 2008-12-31 2009-08-19 成都市华为赛门铁克科技有限公司 Method and system for recognizing end-to-end flux
CN102045257A (en) * 2010-12-22 2011-05-04 上海亿煌信息技术有限公司 Peer-to-peer software (P2P) recognition method based on multi-protocol bidirectional single link
CN102035750A (en) * 2010-12-31 2011-04-27 杭州华三通信技术有限公司 Peer-to-peer (P2P) flow recognizing method and device
CN102055627A (en) * 2011-01-04 2011-05-11 深信服网络科技(深圳)有限公司 Method and device for identifying peer-to-peer (P2P) application connection
EP2568681A1 (en) * 2011-09-07 2013-03-13 Deutsche Telekom AG Network communication device for communicating over a communication network

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109347876A (en) * 2018-11-29 2019-02-15 深圳市网心科技有限公司 A kind of safety defense method and relevant apparatus
CN109547449A (en) * 2018-11-29 2019-03-29 深圳市网心科技有限公司 A kind of safety detection method and relevant apparatus
CN109547449B (en) * 2018-11-29 2021-09-24 深圳市网心科技有限公司 Safety detection method and related device
CN111756716A (en) * 2020-06-15 2020-10-09 深信服科技股份有限公司 Flow detection method and device and computer readable storage medium

Similar Documents

Publication Publication Date Title
JP6559694B2 (en) Automatic SDK acceptance
CN111600781B (en) Firewall system stability testing method based on tester
CN111937006B (en) System for determining performance based on entropy
CN110417778B (en) Access request processing method and device
CN108848004A (en) A kind of P2P flow rate testing methods, system and equipment and storage medium
CN106911687B (en) Page construction control method and device
CN111104675A (en) Method and device for detecting system security vulnerability
KR101491639B1 (en) Method for determining type of network and method for providing contents by using the same
CN112615858B (en) Internet of things equipment monitoring method, device and system
CN112163198B (en) Host login security detection method, system, device and storage medium
CN107864117A (en) Webpage hold-up interception method, device and computer-readable recording medium
CN108985095A (en) A kind of non-public file access method, system and electronic equipment and storage medium
CN109688093A (en) Firewall policy verification method, system, equipment and readable storage medium storing program for executing
US10965539B2 (en) System and method for distributed testing of end-to-end performance of a server
CN108777679A (en) Flow access relation generation method, device and the readable storage medium storing program for executing of terminal
CN111181771A (en) Security changing abnormity positioning method and device based on fort machine and electronic equipment
CN109347819A (en) A kind of virus mail detection method, system and electronic equipment and storage medium
CN104320285A (en) Website running status monitoring method and device
WO2021139345A1 (en) Method and apparatus for displaying network state during call process, and computer device and medium
CN110971482B (en) Back-end server detection method and device based on ebpf and electronic equipment
CN102143085B (en) Multi-dimensional network situation awareness method, equipment and system
US20160065444A1 (en) Anomaly detection based on combinations of cause value, message type, response time (gtp-c)
CN107666414A (en) A kind of network performance optimizing method, system and computer-readable recording medium
CN114465710A (en) Vulnerability detection method, device, equipment and storage medium based on flow
CN109688099A (en) Server end hits library recognition methods, device, equipment and readable storage medium storing program for executing

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication

Application publication date: 20181120

RJ01 Rejection of invention patent application after publication