CN109150742A - A kind of flow screening system and its method based on network processing unit - Google Patents

A kind of flow screening system and its method based on network processing unit Download PDF

Info

Publication number
CN109150742A
CN109150742A CN201810915728.5A CN201810915728A CN109150742A CN 109150742 A CN109150742 A CN 109150742A CN 201810915728 A CN201810915728 A CN 201810915728A CN 109150742 A CN109150742 A CN 109150742A
Authority
CN
China
Prior art keywords
flow
feature database
information
module
processing unit
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201810915728.5A
Other languages
Chinese (zh)
Inventor
仝国利
庄文强
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Nanjing Sinovatio Technology LLC
Original Assignee
Nanjing Sinovatio Technology LLC
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Nanjing Sinovatio Technology LLC filed Critical Nanjing Sinovatio Technology LLC
Priority to CN201810915728.5A priority Critical patent/CN109150742A/en
Publication of CN109150742A publication Critical patent/CN109150742A/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L47/00Traffic control in data switching networks
    • H04L47/10Flow control; Congestion control
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W28/00Network traffic management; Network resource management
    • H04W28/02Traffic management, e.g. flow control or congestion control
    • H04W28/10Flow control between communication endpoints

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The invention discloses a kind of flow screening system and its method based on network processing unit carries out information extraction according to flow, obtains required feature, extracts critical field, generates feature database according to modes such as hash.Afterflow rate obtains mark information according to the hit situation in feature database afterwards, and hit is labeled as matching treatment, and miss is labeled as non-matching treatment, according to mark information, carries out Screening Treatment to flow.

Description

A kind of flow screening system and its method based on network processing unit
Technical field
The present invention relates to INTERNET management domains, and in particular to one kind is realized on headend equipment predicts flow The network system realization of screening.
Background technique
With the arrival of mobile 5G, the continuous promotion of fixed network broadband width, in backbone network, core net data traffic rapidly on It rising, brings great challenge to rear end equipment, data-handling capacity need to be continuously improved to meet needs, however in data processing In, it is often only concerned a portion flow, therefore prescreening can be carried out to flow, guarantees that the data for needing to be concerned about can be by Processing, is indifferent to data and excludes as far as possible, therefore can reduce data traffic size processed, improve the whole of rear end equipment Body processing capacity.
Summary of the invention
The purpose of the present invention is to propose to one kind to be based on network processing unit flow screening system and its method, carry out to flow pre- Screening is surveyed, to guarantee that the flow needed can be identified completely, unwanted flow can be screened out as far as possible, reduce Uninterrupted processed.
The invention discloses a kind of flow screening system based on network processing unit, including
AM access module parses access flow, is above sent to different message processing module (MPM)s;
Preprocessing module obtains flow correlated characteristic, extracts critical field, generates feature database information, and be stored in feature database Module;
Feature library module carries out the feature database information matches processing of flow, and indicia matched result information;
Flow is carried out relevant treatment according to matching result information by filter module;
Processing module exports or handles the flow for passing through filter module.
The correlated characteristic includes five-tuple and VPN.
The flow screening technique of the invention discloses a kind of flow screening system based on network processing unit, including following step It is rapid:
S1: according to flow, information extraction is carried out, extracts critical field, obtains feature database information, generates feature database;
S2: according to the hit situation in feature database, mark information is obtained, flow passes through the feature database information phase one that S1 is generated It causes to be to hit, hit is labeled as matching treatment, and miss is labeled as non-matching treatment;
S3: according to mark information, Screening Treatment is carried out to flow.
The utility model has the advantages that compared with prior art, the present invention the present invention proposes that a kind of pair of flow carries out prediction screening technique, with Guarantee that the flow needed can be identified completely, unwanted flow can be screened out as far as possible, reduce stream processed Measure size.It is continuously improved now with bandwidth, higher and higher to equipment message processing requirement, actually most of flow is backstage It is indifferent to, by the invention it is possible to filter out the flow of needs in advance, reduces to rear end equipment performance pressures, and then improve and set Standby process performance.The present invention is believed using advanced hash algorithms such as hash needing to handle flow by introduced feature library concept Breath extracts key feature, and forms keyword according to certain way, ultimately produces efficient feature database information.Afterflow rate root afterwards According to feature database matching identification information, it is sent into the further filtration treatment of filter, all flows will pass through filter, according to feature Library identification information determines that next step processing acts, therefore by filter, can filter out needing to be further processed flow Come.
Detailed description of the invention
Fig. 1 is flow diagram of the invention.
Specific embodiment
The present invention is further explained with reference to the accompanying drawings and examples.
One kind of the invention is based on network processing unit flow screening system, parses access flow by AM access module, above send To different message processing module (MPM)s, such as TCP, UDP, IP packet processing module;Preprocessing module handles the letter of flow as needed Breath obtains flow correlated characteristic, extracts critical field, including but not limited to information such as five-tuple, VPN, according to modes such as hash Generate feature database information, in storage feature library module, such as extract five-tuple information, that is, SIP, DIP of TCP flow, SPORT, DPORT, PROTOCOL obtain cryptographic Hash according to hash function;If rear afterflow rate obtains the same cryptographic Hash after above-mentioned calculating, Then flow carrying mark information enters filter module, and the filter module is according to flow matches feature database information, to flow Relevant treatment is carried out, which can include but is not limited to Qos, hit situation etc. according to various requirement definitions, for example mark To need to be further processed, then it is sent to processing module, otherwise abandons flow.

Claims (3)

1. a kind of flow screening system based on network processing unit, it is characterised in that: including
AM access module parses access flow, is above sent to different message processing module (MPM)s;
Preprocessing module obtains flow correlated characteristic, extracts critical field, generates feature database information, and be stored in feature library module;
Feature library module carries out the feature database information matches processing of flow, and indicia matched result information;
Flow is carried out relevant treatment according to matching result information by filter module;
Processing module exports or handles the flow for passing through filter module.
2. a kind of flow screening system based on network processing unit according to claim 1, it is characterised in that: the correlation Feature includes five-tuple and VPN.
3. based on a kind of flow screening technique of the flow screening system based on network processing unit of any of claims 1 or 2, It is characterized in that: the following steps are included:
S1: according to flow, information extraction is carried out, extracts critical field, obtains feature database information, generates feature database;
S2: according to the hit situation in feature database, mark information is obtained, flow is consistent i.e. by the feature database information that S1 is generated For hit, hit is labeled as matching treatment, and miss is labeled as non-matching treatment;
S3: according to mark information, Screening Treatment is carried out to flow.
CN201810915728.5A 2018-08-13 2018-08-13 A kind of flow screening system and its method based on network processing unit Pending CN109150742A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201810915728.5A CN109150742A (en) 2018-08-13 2018-08-13 A kind of flow screening system and its method based on network processing unit

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201810915728.5A CN109150742A (en) 2018-08-13 2018-08-13 A kind of flow screening system and its method based on network processing unit

Publications (1)

Publication Number Publication Date
CN109150742A true CN109150742A (en) 2019-01-04

Family

ID=64792713

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201810915728.5A Pending CN109150742A (en) 2018-08-13 2018-08-13 A kind of flow screening system and its method based on network processing unit

Country Status (1)

Country Link
CN (1) CN109150742A (en)

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102025636A (en) * 2010-12-09 2011-04-20 北京星网锐捷网络技术有限公司 Message feature processing method and device as well as network equipment
CN102315974A (en) * 2011-10-17 2012-01-11 北京邮电大学 Stratification characteristic analysis-based method and apparatus thereof for on-line identification for TCP, UDP flows
CN103200112A (en) * 2012-01-06 2013-07-10 北京奇策科技有限公司 Computer network transmission control protocol (TCP) flow control method
CN103281213A (en) * 2013-04-18 2013-09-04 西安交通大学 Method for extracting, analyzing and searching network flow and content
CN104022920A (en) * 2014-06-26 2014-09-03 重庆重邮汇测通信技术有限公司 LTE (long term evolution) network flow recognition system and method
CN104079493A (en) * 2014-06-11 2014-10-01 国家计算机网络与信息安全管理中心 Flow recognition method and equipment and management and control method and equipment based on names of downloaded resources

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102025636A (en) * 2010-12-09 2011-04-20 北京星网锐捷网络技术有限公司 Message feature processing method and device as well as network equipment
CN102315974A (en) * 2011-10-17 2012-01-11 北京邮电大学 Stratification characteristic analysis-based method and apparatus thereof for on-line identification for TCP, UDP flows
CN103200112A (en) * 2012-01-06 2013-07-10 北京奇策科技有限公司 Computer network transmission control protocol (TCP) flow control method
CN103281213A (en) * 2013-04-18 2013-09-04 西安交通大学 Method for extracting, analyzing and searching network flow and content
CN104079493A (en) * 2014-06-11 2014-10-01 国家计算机网络与信息安全管理中心 Flow recognition method and equipment and management and control method and equipment based on names of downloaded resources
CN104022920A (en) * 2014-06-26 2014-09-03 重庆重邮汇测通信技术有限公司 LTE (long term evolution) network flow recognition system and method

Similar Documents

Publication Publication Date Title
Tong et al. A novel QUIC traffic classifier based on convolutional neural networks
Wang The applications of deep learning on traffic identification
Bu et al. Encrypted network traffic classification using deep and parallel network-in-network models
CN104320304B (en) A kind of core network user flow application recognition methods of the multimode fusion easily extended
AU2012200642B2 (en) A method and apparatus for communications analysis
CN105871832A (en) Network application encrypted traffic recognition method and device based on protocol attributes
US20110125748A1 (en) Method and Apparatus for Real Time Identification and Recording of Artifacts
CN102307123A (en) NAT (Network Address Translation) flow identification method based on transmission layer flow characteristic
CN101741908A (en) Identification method for application layer protocol characteristic
CN107426049A (en) A kind of network traffics accurate detecting method, equipment and storage medium
CN103200133A (en) Flow identification method based on network flow gravitation cluster
CN103840983A (en) WEB tunnel detection method based on protocol behavior analysis
Khakpour et al. An information-theoretical approach to high-speed flow nature identification
CN109299742A (en) Method, apparatus, equipment and the storage medium of automatic discovery unknown network stream
CN110149280A (en) Net flow assorted method and apparatus
Jeong et al. A semi-supervised approach for network intrusion detection using generative adversarial networks
CN108737367A (en) A kind of method for detecting abnormality and system of video surveillance network
CN105847250A (en) VoIP stream media multi-dimensional information steganography real time detection method
Dubin et al. Real time video quality representation classification of encrypted http adaptive video streaming-the case of safari
Shi et al. Source identification of encrypted video traffic in the presence of heterogeneous network traffic
CN106506541A (en) The method and apparatus for generating network white list
CN109150742A (en) A kind of flow screening system and its method based on network processing unit
JP2004312083A (en) Learning data generating apparatus, intrusion detection system, and its program
KR20140040120A (en) Method and device for extracting data from a data stream travelling around an ip network
CN105404797B (en) A kind of Active Networks streaming digital water mark method based on dual redundant

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication
RJ01 Rejection of invention patent application after publication

Application publication date: 20190104