CN109361619A - A kind of traffic classification method and electronic equipment - Google Patents
A kind of traffic classification method and electronic equipment Download PDFInfo
- Publication number
- CN109361619A CN109361619A CN201811610635.8A CN201811610635A CN109361619A CN 109361619 A CN109361619 A CN 109361619A CN 201811610635 A CN201811610635 A CN 201811610635A CN 109361619 A CN109361619 A CN 109361619A
- Authority
- CN
- China
- Prior art keywords
- feature
- data
- data packet
- flow
- result
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L47/00—Traffic control in data switching networks
- H04L47/10—Flow control; Congestion control
- H04L47/24—Traffic characterised by specific attributes, e.g. priority or QoS
- H04L47/2441—Traffic characterised by specific attributes, e.g. priority or QoS relying on flow classification, e.g. using integrated services [IntServ]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
- H04L41/14—Network analysis or design
- H04L41/145—Network analysis or design involving simulating, designing, planning or modelling of a network
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L47/00—Traffic control in data switching networks
- H04L47/10—Flow control; Congestion control
- H04L47/24—Traffic characterised by specific attributes, e.g. priority or QoS
- H04L47/2475—Traffic characterised by specific attributes, e.g. priority or QoS for supporting traffic characterised by the type of applications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L47/00—Traffic control in data switching networks
- H04L47/10—Flow control; Congestion control
- H04L47/24—Traffic characterised by specific attributes, e.g. priority or QoS
- H04L47/2483—Traffic characterised by specific attributes, e.g. priority or QoS involving identification of individual flows
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The embodiment of the present application provides a kind of traffic classification method and electronic equipment, which comprises obtains the data stream statistics feature in network flow;Obtain the data packet feature in the network flow;Net flow assorted result is determined based on the traffic statistics feature and data packet feature using network flow classified model, wherein the network flow classified model is formed by convolutional neural networks training.The traffic classification result of the embodiment of the present application efficiently and accurately can obtain net flow assorted as a result, simplifying user's operation, improve point efficiency and precision.
Description
Technical field
The invention relates to traffic classification field, in particular to a kind of traffic classification method and electronic equipment.
Background technique
Network situation awareness is exactly to detect the operating status of various equipment, network behavior and user behavior in network, is reached
Understanding to the overall situation, macroscopic view of existing network, and existing network state and Tendency Prediction are assessed according to it.Due to network flow
Amount can be good at react a period of time in network state, network protocol features and user behavior state and they between
Association, so the Situation Awareness based on flow can follow the basic characteristics of Situation Awareness, from macroscopically holding Network Situation, and
It is predicted.
With the rapid development of information technology, new application continues to bring out, network flow is even more to be skyrocketed through, this gives network
The huge pressure of flow analysis bring and challenge.Net flow assorted, which refers to, to be identified from network flow by correlated characteristic
Relevant agreement or application simultaneously classify to it, it is of great importance to network traffic analysis.
Currently, there are mainly three types of net flow assorted methods: traffic classification method based on port is matched based on tagged word
Method and method based on stream statistics.Traffic classification method based on port is a kind of simple and quick traffic classification method,
But since the port of many applications is not fixed, the accuracy rate of this method is lower.Based on the matched traffic classification method of tagged word
Accuracy rate is high, but need it is artificial constantly update feature to guarantee the validity of tagged word, this method labor intensive and cannot
Effective identification encryption flow.Traffic classification method based on statistical flow characteristic is the fast development for having benefited from machine learning, benefit
Network application is distinguished with the various statistical natures that flow shows in transmission process, this method can solve first two method
The shortcomings that.But the method based on stream statistics only considered the feature of stream, and the feature of packet load is had ignored, lead to standard
True rate or relatively low.
Apply for content
The embodiment of the present application provides a kind of traffic classification knot that can efficiently and accurately obtain net flow assorted result
Fruit, and the electronic equipment of application this method.
In order to solve the above-mentioned technical problem, the embodiment of the present application provides a kind of traffic classification method, comprising:
Obtain the data stream statistics feature in network flow;
Obtain the data packet feature in the network flow;
Network flow point is determined based on the traffic statistics feature and data packet feature using network flow classified model
Class result, wherein the network flow classified model is formed by convolutional neural networks training.
Preferably, the data packet feature obtained in the network flow includes:
Obtain the application layer data packet feature in the network flow in every data stream.
Preferably, the application layer data packet feature obtained in the network flow in every data stream includes:
During the data flow is by starting to termination, if the data packet feature of the correspondence data flow obtained
Sequential parameter meets predetermined sequence parameter request, then the data packet feature is input in the convolutional neural networks.
Preferably, described true based on the traffic statistics feature and data packet feature using network flow classified model
Determining net flow assorted result includes:
Network flow classified model determines at least one for characterizing the number based on each data packet feature of acquisition
According to the data packet category feature of packet feature classification;
Packet category feature and data stream statistics feature determine the net to network flow classified model based on the data
Network traffic classification result.
Preferably, when the data packet category feature be it is multiple when, the category feature of packet based on the data and
Data stream statistics feature determines that the net flow assorted result includes:
The data stream statistics feature is formed into multiple one-dimension arrays in conjunction with each data packet category feature respectively;
Multiple sub- results of classification are respectively formed based on the multiple one-dimensional data;
The net flow assorted result is determined based on multiple sub- results of classification.
Preferably, described determine that the net flow assorted result includes: based on multiple sub- results of classification
Count each sub- result for characterization classification;
The net flow assorted result is determined based on the maximum value in statistical magnitude of all categories in statistical result.
Preferably, the sub- result is one-dimensional data group, dimension is at least identical as preset traffic classes quantity, and
Each dimension data includes the probability number that the unique traffic classes of characterization become final net flow assorted result in the data group
According to;
It is described to determine that the net flow assorted result includes: based on multiple sub- results of classification
Count the probability data that consolidated network traffic classification result is characterized in each sub- result;
Determine that the traffic classes that the maximum data element of numerical value is characterized are the net flow assorted based on statistical result
As a result.
Preferably, the data stream statistics feature is including at least the total data packet quantity in every data stream, average
According to packet size, upstream data packet quantity, upstream data packet total size, downlink data packet quantity, downlink data packet total size, data
Flow duration, the average time interval of adjacent data parlor, data flow Mean Speed, upstream rate, downlink data
One of flow velocity rate is a variety of.
The embodiment of the present invention provides a kind of electronic equipment simultaneously, comprising:
First obtains device, is used to obtain the data stream statistics feature in network flow;
Second obtains device, is used to obtain the data packet feature in the network flow;
Network flow classified model is formed by convolutional neural networks training, for the traffic statistics according to acquisition
Feature and data packet feature determine net flow assorted result.
Preferably, further include:
Pretreatment unit is at least used in the data packet feature based on acquisition determine in the network flow every
Application layer data packet feature in data stream.
Disclosure based on the above embodiment can know that the beneficial effect of the embodiment of the present application is in combination with data
Statistical flow characteristic and data packet feature, while assisting determining final classification as a result, substantially increasing net based on convolutional neural networks
The speed and accuracy rate of network traffic classification result judgement, make the efficiency of flow analysis, and to the Network Situation sense based on flow
Know that efficiency is improved.
Detailed description of the invention
Fig. 1 is the flow diagram of the data classification method in one embodiment of the invention.
Fig. 2 is the flow diagram of the data classification method in another embodiment of the present invention.
Fig. 3 is the flow diagram of the data classification method in another embodiment of the present invention.
Fig. 4 is the structural block diagram of the electronic equipment in one embodiment of the invention.
Specific embodiment
In the following, being described in detail in conjunction with specific embodiment of the attached drawing to the application, but not as the restriction of the application.
It should be understood that various modifications can be made to disclosed embodiments.Therefore, following description should not regard
To limit, and only as the example of embodiment.Those skilled in the art will expect within the scope and spirit of this
Other modifications.
The attached drawing being included in the description and forms part of the description shows embodiment of the disclosure, and with it is upper
What face provided is used to explain the disclosure together to substantially description and the detailed description given below to embodiment of the disclosure
Principle.
By the description of the preferred form with reference to the accompanying drawings to the embodiment for being given as non-limiting example, the application's
These and other characteristic will become apparent.
It is also understood that although the application is described referring to some specific examples, those skilled in the art
Member realizes many other equivalents of the application in which can determine, they have feature as claimed in claim and therefore all
In the protection scope defined by whereby.
When read in conjunction with the accompanying drawings, in view of following detailed description, above and other aspect, the feature and advantage of the disclosure will become
It is more readily apparent.
The specific embodiment of the disclosure is described hereinafter with reference to attached drawing;It will be appreciated, however, that the disclosed embodiments are only
Various ways implementation can be used in the example of the disclosure.Known and/or duplicate function and structure and be not described in detail to avoid
Unnecessary or extra details makes the disclosure smudgy.Therefore, specific structural and functionality disclosed herein is thin
Section is not intended to restrictions, but as just the basis of claim and representative basis be used to instructing those skilled in the art with
Substantially any appropriate detailed construction diversely uses the disclosure.
This specification can be used phrase " in one embodiment ", " in another embodiment ", " in another embodiment
In " or " in other embodiments ", it can be referred to one or more of the identical or different embodiment according to the disclosure.
In the following, the embodiment of the present application is described in detail in conjunction with attached drawing.
As shown in Figure 1, the embodiment of the present invention provides a kind of traffic classification method, comprising:
Obtain the data stream statistics feature in network flow;
Obtain the data packet feature in network flow;
Net flow assorted knot is determined based on traffic statistics feature and data packet feature using network flow classified model
Fruit, wherein network flow classified model is formed by convolutional neural networks training.
The beneficial effect of the embodiment of the present application is in combination with data stream statistics feature and data packet feature, while base
It assists determining final classification in convolutional neural networks as a result, substantially increasing the speed of net flow assorted result judgement and accurate
Rate makes the efficiency of flow analysis, and is improved to the network situation awareness efficiency based on flow.
Specifically, data stream statistics feature is big including at least the total data packet quantity in every data stream, average data packet
Small, upstream data packet quantity, upstream data packet total size, downlink data packet quantity, downlink data packet total size, data flow are lasting
Time, the average time interval of adjacent data parlor, data flow Mean Speed, upstream rate, downstream data rates
One of or it is a variety of.
Obtaining the data packet feature in network flow can realize in crawl application traffic of all categories by using packet catcher
Data packet obtain.
In the present embodiment obtain network flow in data packet feature include:
Obtain the application layer data packet feature in network flow in every data stream.
Due to including multiple layer datas, such as link layer data, network layer data, transport layer data and application in data packet
Layer data etc., but have the function of characterization traffic classes due to only having application layer data in multiple layer data, when obtaining
Data filtering can be carried out to it after obtaining the data packet in pieces of data stream, make the feature for only retaining application layer data packet.
Specifically, it is wrapped when application layer data packet feature in the present embodiment in obtaining network flow in every data stream
It includes:
During data flow is by starting to termination, if the sequential parameter of the data packet feature of the corresponding data stream obtained
Meet predetermined sequence parameter request, then data packet feature is input in convolutional neural networks.
For example, determining the initial time of every data stream, is risen in the initial time, successively obtain data packet feature, due to
Application layer data packet typically occurs in the preliminary stage of data flow, therefore can fix tentatively the feature work for for example only obtaining preceding 10 data packets
For application layer data packet feature.When implementation, the current sequence parameter of the data packet of acquisition can be judged, be determined if full
The sequential parameter of sufficient 1-10 requires (can also be certainly other parameters requirement, such as 3-15 etc.), if satisfied, then taking in the data
Packet, if not satisfied, not taking in then, only carries out data recordation to it into network flow classified model, for obtaining flow system
Count parameter attribute, such as the total data packet quantity of the data flow, upstream data packet quantity, downlink data packet quantity etc..
Preferably due to which the byte length of each data packet differs, and if desired network flow classified model can be more preferable
Ground cog region divided data packet, the method in the present embodiment further include:
It is input in network flow classified model to obtaining after data packet feature is normalized.
That is, needing before data packet feature is input in network flow classified model to the byte of data packet feature
Length carries out unification.
For example, the byte length for fixing tentatively each data packet feature needs to be all satisfied the requirement of 1500 bytes, can also expire certainly
Foot other bytes requirement.Wherein, the data in each data packet beyond 1500 bytes are deleted, and less than the number of 1500 bytes
It is filled up according to then filling 0 in packet, to gather together enough 1500 bytes.
Further, as shown in Fig. 2, in the present embodiment using network flow classified model be based on traffic statistics feature and
Data packet feature includes: when determining net flow assorted result
Network flow classified model determines at least one for characterize data packet based on each data packet feature of acquisition
The data packet category feature of feature classification;
Network flow classified model is based on data packet category feature and data stream statistics feature determines network flow point
Class result.
For example, network flow classified model is based in each data packet feature of acquisition continuing with above-described embodiment
The feature storage of 1500 bytes summarizes and arranges other features for 5 data packets, certainly can also be 1,2, or more data packet
Category feature.Then, traffic statistics feature of the network flow classified model based on multiple data packet category feature and statistics come
Net flow assorted result is determined jointly.
Further, as shown in figure 3, being based on data packet category feature and number when data packet category feature is multiple
Determined according to statistical flow characteristic include: when net flow assorted result
Data stream statistics feature is formed into multiple one-dimension arrays in conjunction with each data packet category feature respectively;
Multiple sub- results of classification are respectively formed based on multiple one-dimensional datas;
Net flow assorted result is determined based on multiple sub- results of classification.
It that is to say, each data packet category feature is in conjunction with data stream statistics feature, in this way, just foring and data packet
The equal one-dimension array of category feature quantity quantity.Multiple one-dimension array is input in network flow classified model, is made every
A one-dimension array is respectively formed the sub- result of the traffic classes for characterizing the data flow.Finally, network flow classified model
Or system can determine the final network flow classification of the data flow based on multiple subclassification results of the acquisition.It is, really
The executing subject of fixed final network flow classification can be network flow classified model, can also be electronic equipment.
Network flow classified model in the present embodiment includes at least one volume base, at least one maximum pond layer, extremely
Lack a full articulamentum and Softmax layers.Wherein, the purpose of convolutional layer is to extract the different data characteristicses of input, such as data
Packet feature and data stream statistics feature, the feature that different volume bases extracts is different, such as first layer convolutional layer can only extract one
A little rudimentary features, second layer convolutional layer can from low-level features the more complicated feature of iterative extraction.Maximum pond layer is used for will
It is several regions through rolling up the feature cutting that base extracts, and extracts the lesser feature of dimension in multiple region.Full articulamentum
Become global characteristics for combining the local feature in all regions, to be used to calculate son as a result, sub- result is one-dimensional data
Group, dimension are at least identical as preset traffic classes quantity.Softmax layers for the n-dimensional vector of sub- result to be converted into being worth
For 0 to 1 n-dimensional vector, the relative probability for keeping each expression different classes of, i.e., each dimension data characterizes unique stream in data group
Measuring classification becomes the probability of final net flow assorted result.
Specifically, include: when determining net flow assorted result based on multiple sub- results of classification in the present embodiment
Count every height result for characterization classification;
The net flow assorted result is determined based on the maximum value in statistical magnitude of all categories in statistical result.
That is, determining the traffic classes that every height result is characterized, statistics characterizes the sub- fruiting quantities of each classification later,
The classification for selecting quantity the maximum to be characterized is as final classification results.
But when statistical result shows that the quantity for representing the sub- result of each classification is identical, sub- fruiting quantities can not be based on
And when determining final classification results, it also can be used in the present embodiment final to determine by the multidimensional data for analyzing sub- result
Traffic classification result.
For example, including: when determining net flow assorted result based on multiple sub- results of classification
Count the probability data that consolidated network traffic classification result is characterized in each sub- result;
The classification that the maximum data element of numerical value (the sum of probability data) characterization is determined based on statistical result is final net
Network traffic classification result.
For example, characterizing the sum of probability data in the sub- result of first category in 10 sub- results is A, second category is characterized
Sub- result in the sum of probability data be B, characterizing the sum of probability data in the sub- result of third classification is C, wherein numerical value
A is maximum, then the net flow assorted result finally determined is first category.
According to the traffic classification method in the embodiment of the present application, such as in intra-company, administrative staff are intended to according to network flow
When overall work state of the service condition of amount to determine interior employee, the method in the embodiment of the present application can be used to network
Flow is classified, it is determined that the download of such as text class data is big or audio-video class data download is big, accordingly
It can determine the working condition of employee.Alternatively, when R&D personnel Most current user to be determined would generally be at which
When using a large amount of flows of upper consumption, the classification method that can also be used in the present embodiment is determined, and is simple and efficient, and accuracy
It greatly improves compared with prior art.
As shown in figure 4, the embodiment of the present invention provides a kind of electronic equipment simultaneously, comprising:
First obtains device, is used to obtain the data stream statistics feature in network flow;
Second obtains device, is used to obtain the data packet feature in network flow;
Network flow classified model is formed by convolutional neural networks training, for the traffic statistics feature according to acquisition
And data packet feature determines net flow assorted result.
The beneficial effect of the embodiment of the present application is in combination with data stream statistics feature and data packet feature, while base
It assists determining final classification in convolutional neural networks as a result, substantially increasing the speed of net flow assorted result judgement and accurate
Rate makes the efficiency of flow analysis, and is improved to the network situation awareness efficiency based on flow.
Specifically, data stream statistics feature is big including at least the total data packet quantity in every data stream, average data packet
Small, upstream data packet quantity, upstream data packet total size, downlink data packet quantity, downlink data packet total size, data flow are lasting
Time, the average time interval of adjacent data parlor, data flow Mean Speed, upstream rate, downstream data rates
One of or it is a variety of.
Second, which obtains device, can realize crawl by using packet catcher when obtaining the data packet feature in network flow
Data packet in application traffic of all categories obtains.
Further, in this embodiment electronic equipment further include:
Pretreatment unit is at least used in the data packet feature based on acquisition determine every data stream in network flow
In application layer data packet feature.
Due to including multiple layer datas, such as link layer data, network layer data, transport layer data and application in data packet
Layer data etc., but have the function of characterization traffic classes due to only having application layer data in multiple layer data, when obtaining
Data filtering can be carried out to it after obtaining the data packet in pieces of data stream, make the feature for only retaining application layer data packet.
Specifically, application layer data of the pretreatment unit in the present embodiment in obtaining network flow in every data stream
Include: when packet feature
During data flow is by starting to termination, if the sequential parameter of the data packet feature of the corresponding data stream obtained
Meet predetermined sequence parameter request, then data packet feature is input in convolutional neural networks.
For example, determining the initial time of every data stream, is risen in the initial time, successively obtain data packet feature, due to
Application layer data packet typically occurs in the preliminary stage of data flow, therefore can fix tentatively the feature work for for example only obtaining preceding 10 data packets
For application layer data packet feature.When implementation, the current sequence parameter of the data packet of acquisition can be judged, be determined if full
The sequential parameter of sufficient 1-10 requires (can also be certainly other parameters requirement, such as 3-15 etc.), if satisfied, then taking in the data
Packet, if not satisfied, not taking in then, only carries out data recordation to it into network flow classified model, for obtaining flow system
Count parameter attribute, such as the total data packet quantity of the data flow, upstream data packet quantity, downlink data packet quantity etc..
Preferably due to which the byte length of each data packet differs, and if desired network flow classified model can be more preferable
Ground cog region divided data packet, the method in the present embodiment further include:
It is input in network flow classified model to obtaining after data packet feature is normalized.
That is, needing before data packet feature is input in network flow classified model to the byte of data packet feature
Length carries out unification.
For example, the byte length for fixing tentatively each data packet feature needs to be all satisfied the requirement of 1500 bytes, can also expire certainly
Foot other bytes requirement.Wherein, the data in each data packet beyond 1500 bytes are deleted, and less than the number of 1500 bytes
It is filled up according to then filling 0 in packet, to gather together enough 1500 bytes.
Further, in this embodiment being based on traffic statistics feature and data packet feature using network flow classified model
Include: when determining net flow assorted result
Network flow classified model determines at least one for characterize data packet based on each data packet feature of acquisition
The data packet category feature of feature classification;
Network flow classified model is based on data packet category feature and data stream statistics feature determines network flow point
Class result.
For example, network flow classified model is based in each data packet feature of acquisition continuing with above-described embodiment
The feature storage of 1500 bytes summarizes and arranges other features for 5 data packets, certainly can also be 1,2, or more data packet
Category feature.Then, traffic statistics feature of the network flow classified model based on multiple data packet category feature and statistics come
Net flow assorted result is determined jointly.
Further, when data packet category feature is multiple, network flow classified model is based on data packet category feature
And data stream statistics feature determine include: when net flow assorted result
Data stream statistics feature is formed into multiple one-dimension arrays in conjunction with each data packet category feature respectively;
Multiple sub- results of classification are respectively formed based on multiple one-dimensional datas;
Net flow assorted result is determined based on multiple sub- results of classification.
It that is to say, each data packet category feature is in conjunction with data stream statistics feature, in this way, just foring and data packet
The equal one-dimension array of category feature quantity quantity.Multiple one-dimension array is input in network flow classified model, is made every
A one-dimension array is respectively formed the sub- result of the traffic classes for characterizing the data flow.Finally, network flow classified model
Or system can determine the final network flow classification of the data flow based on multiple subclassification results of the acquisition.It is, really
The executing subject of fixed final network flow classification can be network flow classified model, can also be the processor in electronic equipment.
Network flow classified model in the present embodiment includes at least one volume base, at least one maximum pond layer, extremely
Lack a full articulamentum and Softmax layers.Wherein, the purpose of convolutional layer is to extract the different data characteristicses of input, such as data
Packet feature and data stream statistics feature, the feature that different volume bases extracts is different, such as first layer convolutional layer can only extract one
A little rudimentary features, second layer convolutional layer can from low-level features the more complicated feature of iterative extraction.Maximum pond layer is used for will
It is several regions through rolling up the feature cutting that base extracts, and extracts the lesser feature of dimension in multiple region.Full articulamentum
Become global characteristics for combining the local feature in all regions, to be used to calculate son as a result, sub- result is one-dimensional data
Group, dimension are at least identical as preset traffic classes quantity.Softmax layers for the n-dimensional vector of sub- result to be converted into being worth
For 0 to 1 n-dimensional vector, the relative probability for keeping each expression different classes of, i.e., each dimension data characterizes unique stream in data group
Measuring classification becomes the probability of final net flow assorted result.
Specifically, include: when determining net flow assorted result based on multiple sub- results of classification in the present embodiment
Count every height result for characterization classification;
The net flow assorted result is determined based on the maximum value in statistical magnitude of all categories in statistical result.
That is, determining the traffic classes that every height result is characterized, statistics characterizes the sub- fruiting quantities of each classification later,
The classification for selecting quantity the maximum to be characterized is as final classification results.
But when statistical result shows that the quantity for representing the sub- result of each classification is identical, sub- fruiting quantities can not be based on
And when determining final classification results, it also can be used in the present embodiment final to determine by the multidimensional data for analyzing sub- result
Traffic classification result.
For example, including: when determining net flow assorted result based on multiple sub- results of classification
Count the probability data that consolidated network traffic classification result is characterized in each sub- result;
The classification that the maximum data element of numerical value (the sum of probability data) characterization is determined based on statistical result is final net
Network traffic classification result.
For example, characterizing the sum of probability data in the sub- result of first category in 10 sub- results is A, second category is characterized
Sub- result in the sum of probability data be B, characterizing the sum of probability data in the sub- result of third classification is C, wherein numerical value
A is maximum, then the net flow assorted result finally determined is first category.
According to the traffic classification method in the embodiment of the present application, such as in intra-company, administrative staff are intended to according to network flow
When overall work state of the service condition of amount to determine interior employee, the method in the embodiment of the present application can be used to network
Flow is classified, it is determined that the download of such as text class data is big or audio-video class data download is big, accordingly
It can determine the working condition of employee.Alternatively, when R&D personnel Most current user to be determined would generally be at which
When using a large amount of flows of upper consumption, the classification method that can also be used in the present embodiment is determined, and is simple and efficient, and accuracy
It greatly improves compared with prior art.
It is apparent to those skilled in the art that for convenience and simplicity of description, the data of foregoing description
The electronic equipment that processing method is applied to, can be with reference to the corresponding description in before-mentioned products embodiment, and details are not described herein.
Above embodiments are only the exemplary embodiment of the application, are not used in limitation the application, the protection scope of the application
It is defined by the claims.Those skilled in the art can make respectively the application in the essence and protection scope of the application
Kind modification or equivalent replacement, this modification or equivalent replacement also should be regarded as falling within the scope of protection of this application.
Claims (10)
1. a kind of traffic classification method characterized by comprising
Obtain the data stream statistics feature in network flow;
Obtain the data packet feature in the network flow;
Net flow assorted knot is determined based on the traffic statistics feature and data packet feature using network flow classified model
Fruit, wherein the network flow classified model is formed by convolutional neural networks training.
2. the method according to claim 1, wherein the data packet feature packet obtained in the network flow
It includes:
Obtain the application layer data packet feature in the network flow in every data stream.
3. according to the method described in claim 2, it is characterized in that, described obtain in the network flow in every data stream
Application layer data packet feature includes:
During the data flow is by starting to termination, if the sequence of the data packet feature of the correspondence data flow obtained
Parameter meets predetermined sequence parameter request, then the data packet feature is input in the convolutional neural networks.
4. the method according to claim 1, wherein described be based on the flow using network flow classified model
Statistical nature and data packet feature determine that net flow assorted result includes:
Network flow classified model determines at least one for characterizing the data packet based on each data packet feature of acquisition
The data packet category feature of feature classification;
Packet category feature and data stream statistics feature determine the network flow to network flow classified model based on the data
Measure classification results.
5. according to the method described in claim 4, it is characterized in that, when the data packet category feature be it is multiple when, the base
Determine that the net flow assorted result includes: in the data packet category feature and data stream statistics feature
The data stream statistics feature is formed into multiple one-dimension arrays in conjunction with each data packet category feature respectively;
Multiple sub- results of classification are respectively formed based on the multiple one-dimensional data;
The net flow assorted result is determined based on multiple sub- results of classification.
6. according to the method described in claim 5, it is characterized in that, described determine the net based on multiple sub- results of classification
Network traffic classification result includes:
Count each sub- result for characterization classification;
The net flow assorted result is determined based on the maximum value in statistical magnitude of all categories in statistical result.
7. according to the method described in claim 5, it is characterized in that, the sub- result be one-dimensional data group, dimension at least with
Preset traffic classes quantity is identical, and each dimension data includes that the unique traffic classes of characterization become final in the data group
The probability data of net flow assorted result;
It is described to determine that the net flow assorted result includes: based on multiple sub- results of classification
Count the probability data that consolidated network traffic classification result is characterized in each sub- result;
Determine that the traffic classes that the maximum data element of numerical value is characterized are the net flow assorted result based on statistical result.
8. the method according to claim 1, wherein the data stream statistics feature includes at least every data stream
In total data packet quantity, average data packet size, upstream data packet quantity, upstream data packet total size, downlink data packet number
Amount, downlink data packet total size, the data flow duration, the average time interval of adjacent data parlor, data flow Mean Speed,
One of upstream rate, downstream data rates are a variety of.
9. a kind of electronic equipment characterized by comprising
First obtains device, is used to obtain the data stream statistics feature in network flow;
Second obtains device, is used to obtain the data packet feature in the network flow;
Network flow classified model is formed by convolutional neural networks training, for the traffic statistics feature according to acquisition
And data packet feature determines net flow assorted result.
10. electronic equipment according to claim 9, which is characterized in that further include:
Pretreatment unit is at least used to determine every number in the network flow in the data packet feature based on acquisition
According to the application layer data packet feature in stream.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201811610635.8A CN109361619A (en) | 2018-12-27 | 2018-12-27 | A kind of traffic classification method and electronic equipment |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201811610635.8A CN109361619A (en) | 2018-12-27 | 2018-12-27 | A kind of traffic classification method and electronic equipment |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN109361619A true CN109361619A (en) | 2019-02-19 |
Family
ID=65330108
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201811610635.8A Pending CN109361619A (en) | 2018-12-27 | 2018-12-27 | A kind of traffic classification method and electronic equipment |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN109361619A (en) |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110751222A (en) * | 2019-10-25 | 2020-02-04 | 中国科学技术大学 | Online encrypted traffic classification method based on CNN and LSTM |
| CN112769633A (en) * | 2020-12-07 | 2021-05-07 | 深信服科技股份有限公司 | Proxy traffic detection method and device, electronic equipment and readable storage medium |
| CN112953851A (en) * | 2019-12-10 | 2021-06-11 | 华为数字技术(苏州)有限公司 | Traffic classification method and traffic management equipment |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20170364794A1 (en) * | 2016-06-20 | 2017-12-21 | Telefonaktiebolaget Lm Ericsson (Publ) | Method for classifying the payload of encrypted traffic flows |
| CN108173704A (en) * | 2017-11-24 | 2018-06-15 | 中国科学院声学研究所 | A kind of method and device of the net flow assorted based on representative learning |
| CN108199863A (en) * | 2017-11-27 | 2018-06-22 | 中国科学院声学研究所 | A kind of net flow assorted method and system based on the study of two benches sequence signature |
| CN108900432A (en) * | 2018-07-05 | 2018-11-27 | 中山大学 | A kind of perception of content method based on network Flow Behavior |
-
2018
- 2018-12-27 CN CN201811610635.8A patent/CN109361619A/en active Pending
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20170364794A1 (en) * | 2016-06-20 | 2017-12-21 | Telefonaktiebolaget Lm Ericsson (Publ) | Method for classifying the payload of encrypted traffic flows |
| CN108173704A (en) * | 2017-11-24 | 2018-06-15 | 中国科学院声学研究所 | A kind of method and device of the net flow assorted based on representative learning |
| CN108199863A (en) * | 2017-11-27 | 2018-06-22 | 中国科学院声学研究所 | A kind of net flow assorted method and system based on the study of two benches sequence signature |
| CN108900432A (en) * | 2018-07-05 | 2018-11-27 | 中山大学 | A kind of perception of content method based on network Flow Behavior |
Non-Patent Citations (1)
| Title |
|---|
| 王伟: "基于深度学习的网络流量分类及异常检测方法研究", 《中国博士学位论文全文数据库信息科技辑(月刊)》 * |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110751222A (en) * | 2019-10-25 | 2020-02-04 | 中国科学技术大学 | Online encrypted traffic classification method based on CNN and LSTM |
| CN112953851A (en) * | 2019-12-10 | 2021-06-11 | 华为数字技术(苏州)有限公司 | Traffic classification method and traffic management equipment |
| CN112769633A (en) * | 2020-12-07 | 2021-05-07 | 深信服科技股份有限公司 | Proxy traffic detection method and device, electronic equipment and readable storage medium |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN109361619A (en) | A kind of traffic classification method and electronic equipment | |
| CN106708815B (en) | Data processing method, device and system | |
| CN104102875B (en) | Software service quality monitoring method and system based on weighted naive Bayes classifier | |
| CN106649831B (en) | Data filtering method and device | |
| CN106294783A (en) | A kind of video recommendation method and device | |
| CN108090508A (en) | A kind of classification based training method, apparatus and storage medium | |
| CN108667747A (en) | The method, apparatus and computer readable storage medium of network flow application type identification | |
| CN108833139B (en) | OSSEC alarm data aggregation method based on category attribute division | |
| CN104965784B (en) | Automatic test approach and device | |
| CN106708841B (en) | The polymerization and device of website visitation path | |
| CN111107423A (en) | Video service playing card pause identification method and device | |
| CN103324758B (en) | A kind of news category method and system | |
| CN107766234A (en) | A kind of assessment method, the apparatus and system of the webpage health degree based on mobile device | |
| CN104299179B (en) | It is a kind of for the tune class system of teacher and its tune class method | |
| CN102984269A (en) | Method and device for peer-to-peer flow identification | |
| CN104834739A (en) | Internet information storage system | |
| CN107622406A (en) | Identify the method and system of virtual unit | |
| CN116186739A (en) | Multimedia behavior data analysis system based on big data | |
| CN108123834A (en) | Log analysis system based on big data platform | |
| CN110019827A (en) | A kind of corpus library generating method, device, equipment and computer storage medium | |
| CN110830499B (en) | Network attack application detection method and system | |
| CN109816004A (en) | Source of houses picture classification method, device, equipment and storage medium | |
| CN113645182A (en) | Random forest detection method for denial of service attack based on secondary feature screening | |
| CN103793509B (en) | Group figure grasping means and device | |
| CN106972979A (en) | A kind of network performance monitoring method and device based on SDN |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20190219 |