CN109861862A - A kind of network flow search method, device, electronic equipment and storage medium - Google Patents
A kind of network flow search method, device, electronic equipment and storage medium Download PDFInfo
- Publication number
- CN109861862A CN109861862A CN201910108881.1A CN201910108881A CN109861862A CN 109861862 A CN109861862 A CN 109861862A CN 201910108881 A CN201910108881 A CN 201910108881A CN 109861862 A CN109861862 A CN 109861862A
- Authority
- CN
- China
- Prior art keywords
- information
- statistical nature
- network flow
- search result
- packet
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Landscapes
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The embodiment of the invention discloses a kind of network flow search method, device, electronic equipment and storage mediums, belong to retrieval technique field, wherein, the described method includes: carrying out feature extraction to the statistical nature for carrying out network flow retrieval, and the statistical nature extracted is analyzed, it obtains more than two for carrying out the statistical nature of flow retrieval;Based on preset similarity calculation, more than two statistical natures for carrying out network flow retrieval are ranked up, corresponding ranking results are obtained;According to ranking results, the search result of sequence including at least network flow in the search result of predetermined order range as return is selected.The solution of the present invention can accomplish: only including at least network flow sequence predetermined order range search result could as return search result, therefore it provides flow search method return search result it is more accurate.
Description
Technical field
The present embodiments relate to retrieval technique fields, and in particular to a kind of network flow search method, device, electronics are set
Standby and storage medium.
Background technique
The corresponding research of the method for network flow retrieval at present is concentrated mainly in real-time traffic classification.Traffic classification, just
Being is multiple priority or multiple service classes by traffic partition, such as using the ToS of IP packet head (Type of service, service
Type) front three (i.e. IP precedence) of field marks message, message can at most be divided into 23=8 class;If using DSCP
(Differentiated Services Codepoint, differentiated service code point, first 6 of the domain ToS), then can at most divide
At 64 classes.
Classification for flow, domain ToS about IP packet etc. and the domain EXP of MPLS message etc. are only a kind of feelings of classification
Condition can almost classify to any message segment of message in fact, for example, can also according to source IP address, purpose IP address,
The classification of the progress flow such as source port number, destination slogan, agreement ID.
Existing traffic classification method should predefine several traffic classes, and be used for the sample of label to train set.
Traffic classification model is trained on training set, is subsequently used for classifying to the disjoint test set of training set.It compares
Under, flow retrieval no need to reserve the training set of the class of traffic of justice and label, it according to the set of network flow to flow into
Row sequence.
How existing network flow search method solves existing net there are flow search result not enough accurately defect
Not accurate enough the problem of flow search result present in network flow search method, is problem to be solved.
Summary of the invention
For this purpose, the embodiment of the present invention provides a kind of network flow search method, device, electronic equipment and storage medium, with
Solve the problems, such as that flow search result is not accurate enough in the prior art.
To achieve the goals above, the embodiment of the present invention provides the following technical solutions:
In the first aspect of embodiments of the present invention, a kind of network flow search method, the method packet are provided
It includes: feature extraction being carried out to the statistical nature for carrying out network flow retrieval, and the statistical nature extracted is analyzed, is obtained
More than two statistical natures for being used to carry out flow retrieval;Based on preset similarity calculation, to more than two use
It is ranked up in the statistical nature for carrying out network flow retrieval, obtains corresponding ranking results;According to the ranking results, selection
Including at least network flow sequence predetermined order range search result as return search result.
In another embodiment of the invention, the method also includes: obtain and the statistical nature associated statistics spy
Reference breath.
In another embodiment of the present invention, institute's statistical nature information is included at least with the next item down: function type is packet
Characteristic information, function are described as the characteristic information of the number-of-packet of one-way transmission, function type is the characteristic information of byte, function
It is described as the characteristic information of the byte number of one-way transmission, function type is the characteristic information of packet size, function type is data packet
Between the characteristic information of time, the corresponding quantative attribute information of traffic statistics feature.
In one more embodiment of the present invention, the method also includes: the IP packet information for carrying out flow retrieval is obtained,
Wherein, the IP packet information is included at least with the next item down: source IP information, source port information, Target IP information, target port
Information, transport protocol message.
In the second aspect of embodiments of the present invention, a kind of network flow retrieval device, described device packet are provided
Include: statistical nature extraction module carries out feature extraction to the statistical nature for carrying out network flow retrieval, and to the statistics extracted
Feature is analyzed, and is obtained more than two for carrying out the statistical nature of flow retrieval;Sorting module, based on preset similar
Computation model is spent, the statistical nature extraction module is extracted more than two for carrying out the statistics of network flow retrieval
Feature is ranked up, and obtains corresponding ranking results;Search result return module, the row obtained according to the sorting module
Sequence is as a result, select the search result of sequence including at least network flow in the search result of predetermined order range as return.
In another embodiment of the invention, described device further include obtain module, the acquisitions module for obtain and
The associated statistical nature information of the statistical nature that the statistical nature extraction module extracts.
In another embodiment of the present invention, institute's statistical nature information is included at least with the next item down: function type is packet
Characteristic information, function are described as the characteristic information of the number-of-packet of one-way transmission, function type is the characteristic information of byte, function
It is described as the characteristic information of the byte number of one-way transmission, function type is the characteristic information of packet size, function type is data packet
Between the characteristic information of time, the corresponding quantative attribute information of traffic statistics feature.
In one more embodiment of the present invention, the module that obtains is also used to obtain the IP data packet letter for carrying out flow retrieval
Breath, wherein the IP packet information that the acquisition module is got is included at least with the next item down: source IP information, source port
Information, Target IP information, destination port information, transport protocol message.
The embodiment of the present invention have the advantages that a kind of network flow search method provided in an embodiment of the present invention, device,
Electronic equipment and storage medium can be accomplished: only include at least retrieval knot of the sequence in predetermined order range of network flow
Fruit could as return search result, therefore it provides flow search method return search result it is more accurate.
In the third aspect of embodiments of the present invention, a kind of electronic equipment is provided, the electronic equipment includes depositing
Reservoir and processor, the processor and the memory complete mutual communication by bus;The memory is stored with
The program instruction that can be executed by the processor, the processor call described program instruction to be able to carry out side as described above
Method.
In the fourth aspect of embodiments of the present invention, a kind of computer readable storage medium is provided, is stored thereon
There is the step of computer program, the computer program realizes method as described above when being executed by processor.
The embodiment of the present invention have the advantages that a kind of network flow search method provided in an embodiment of the present invention, device,
Electronic equipment and storage medium can be accomplished: only include at least retrieval knot of the sequence in predetermined order range of network flow
Fruit could as return search result, therefore it provides flow search method return search result it is more accurate.
Detailed description of the invention
It, below will be to embodiment party in order to illustrate more clearly of embodiments of the present invention or technical solution in the prior art
Formula or attached drawing needed to be used in the description of the prior art are briefly described.It should be evident that the accompanying drawings in the following description is only
It is merely exemplary, it for those of ordinary skill in the art, without creative efforts, can also basis
The attached drawing of offer, which is extended, obtains other implementation attached drawings.
Fig. 1 is a kind of flow diagram for network flow search method that the embodiment of the present invention 1 provides;
Fig. 2 is the flow diagram of the network flow search method in specific practical application;
Fig. 3 is the mean accuracy schematic diagram of single continuous query FBTR in the top in specific practical application;
Fig. 4 is the comparison for inquiring corresponding accuracy data and the corresponding accuracy data of small inquiry greatly in specific practical application
Schematic diagram;
Fig. 5 be specific practical application in QBE with inquire greatly accuracy data, DistSUM with inquire greatly accuracy data,
The contrast schematic diagram of DistMIN and the accuracy data inquired greatly;
Fig. 6 be QBE and the accuracy data of small inquiry in specific practical application, DistSUM and small inquiry accuracy data,
The contrast schematic diagram of DistMIN and the accuracy data of small inquiry;
Fig. 7 is QBE, DistSUM, DistMIN in specific practical application in the data comparison schematic diagram for recalling performance;
Fig. 8 is the signal of the accuracy data of the DistMIN in specific practical application and the recall rate data of DistMIN
Figure;
Fig. 9 is the structural schematic diagram that a kind of network flow that the embodiment of the present invention 2 provides retrieves device;
In figure: 901- statistical nature extraction module;902- sorting module;903- search result return module.
Specific embodiment
Embodiments of the present invention are illustrated by particular specific embodiment below, those skilled in the art can be by this explanation
Content disclosed by book is understood other advantages and efficacy of the present invention easily, it is clear that described embodiment is the present invention one
Section Example, instead of all the embodiments.Based on the embodiments of the present invention, those of ordinary skill in the art are not doing
Every other embodiment obtained under the premise of creative work out, shall fall within the protection scope of the present invention.
Embodiment 1
Embodiment according to the present invention 1 provides a kind of network flow search method, as shown in Figure 1, implementing for the present invention
A kind of flow diagram for network flow search method that example 1 provides.This method at least includes the following steps:
S101, to carry out network flow retrieval statistical nature carry out feature extraction, and to the statistical nature extracted into
Row analysis obtains more than two for carrying out the statistical nature of flow retrieval;
S102 is based on preset similarity calculation, to more than two for carrying out the statistics of network flow retrieval
Feature is ranked up, and obtains corresponding ranking results;
It should be noted that the computation model of the preset similarity in step 102 introduces Euclidean distance to measure phase
Like degree, therefore, inquiry can pass through following formula with the distance between i-th of flow in set:
It was found from above-mentioned formula: small distance means high similitude.All flows in set according to user query
Distance is arranged by ascending order.Finally, top ranked network flow will be returned as search result.The experimental results showed that Euclidean away from
From suitable for the retrieval based on flow.The preset similarity calculation of this step is the phase set up according to above-mentioned formula
Like degree computation model, details are not described herein.
S103, according to ranking results, selection includes at least search result of the sequence in predetermined order range of network flow
Search result as return;In this way, through the embodiment of the present invention 1 provide scheme, can accomplish: only include at least network
The sequence of flow predetermined order range search result could as return search result, therefore it provides flow retrieval
The search result that method returns is more accurate.
In an optional example, the method also includes: it obtains and the associated statistical nature information of statistical nature.
In an optional example, institute's statistical nature information is included at least with the next item down: function type is the feature of packet
Information, function are described as the characteristic information of the number-of-packet of one-way transmission, function type is the characteristic information of byte, function description
When characteristic information, function type for the byte number of one-way transmission are the characteristic information of packet size, function type is data parlor
Between characteristic information, the corresponding quantative attribute information of traffic statistics feature.
In practical applications, table 1 gives all data of the traffic statistics feature in specific example, institute specific as follows
It states:
Table 1
It can also include traffic statistics feature other than all data for the traffic statistics feature that above-mentioned table 1 is set out
Other data, this is no longer going to repeat them.
In an optional example, the method also includes: the IP packet information for carrying out flow retrieval is obtained,
In, IP packet information include at least with the next item down: source IP information, source port information, Target IP information, destination port information,
Transport protocol message.
As shown in Fig. 2, for the flow diagram of the flow search method in specific practical application.In practical applications,
FBTR uses the querying method of QBE.User can inquire FBTR system by providing the example of flow.
In specific practical application, the system model that the network flow search method that the embodiment of the present invention 1 provides uses has
Body is as described below:
FBTR is suitable for network flow.Process is by a series of IP data packet groups with identical 5 tuple at source IP, source
Mouthful, Target IP, target port, transport protocol.Pretreatment is process construction, and IP data packet is grouped into stream according to 5 tuples by it.?
In scheme provided by the invention, it is assumed that all N number of network flows have all been constructed and have been stored in traffic set,
Wherein, F indicates that traffic is collected, and Fi indicates i-th of process in F.
As shown in Fig. 2, extracting M statistical nature in system model to indicate traffic flow, therefore i-th of stream can be with table
The vector being shown as in feature space:
Fi={ fi, 1, fi2 ..., fi, M }, wherein fI, jIndicate that the value of j-th of feature, this feature are the groupings in flow
Statistics.The embodiment of the present invention 1 provide flow search method in, using feature scaling by all characteristic values bring into range [0,
1], this equal importance that may insure feature in feature vector.
Feature scaling can indicate are as follows:
Wherein,It is the minimum value of j-th of feature in F,It is the maximum value of j-th of feature in F.
In the system model of the FBTR with QBE, user can provide flow as inquiry to start flow retrieval.It is false
If user captures inquiry stream by using other network management and analysis tools manually.
Identical M statistical nature can be extracted from inquiry stream.Given inquiry stream, the inquiry Q of user also from feature to
Amount expression,
Q={ q1, q2..., qM}
Wherein, qj indicates that the value of j-th of feature, this feature are the classified statistic amounts in inquiry stream.For similarity searching,
The similitude between any stream in inquiry and set is calculated in its feature vector.In scheme provided by the invention, use
Euclidean distance measures similarity, thus inquire with gather in the distance between i-th of flow can pass through
Small distance means high similitude.All flows in set are arranged according at a distance from user query by ascending order.
Finally, top ranked network flow will be returned as search result.The experimental results showed that Euclidean distance is suitable for being based on flow
Retrieval.
As shown in figure 3, for the mean accuracy schematic diagram of single continuous query FBTR in the top in specific practical application.Such as
Shown in Fig. 3, for the precision of top 10 close to 0.9, preceding 500 precision are still 0.6 or so.It is often the case that accuracy is from preceding 10
0.9 be reduced to preceding 10, the 0.3 of 000 because may there are some relevant flows to be difficult to retrieve.Experimental data is shown, is being tested
There are two types of types in data set, wherein there is 6 major class, each major class comprises more than 40,000 stream.Other 11 analogies
Smaller, each of these is both less than 7000 streams.In particular, four classes are very small, be respectively buddy, rsp, rtsp and
Yahooism, each is less than 500 streams.Experimental data shows that two kinds of flow leads to two distinct types of inquiry, i.e.,
Big inquiry and small inquiry.According to it is assumed that concentrating in experimental data, large size inquiry has more than 40,000 related streams, and small looks into
It askes having less than 7,000 related streams.
As shown in figure 4, for the corresponding accuracy data of inquiry greatly and the corresponding precision number of small inquiry in specific practical application
According to contrast schematic diagram.The result shows that big inquiry and small inquiry have very different performance.The precision inquired greatly is from top 10
0.95 be slowly declined to preceding 10, the 0.78 of 000.Great variety has occurred in the precision of small inquiry.It from top 10 0.84
Quickly it is down to preceding 10, the 0.07 of 000.For example, the precision of preceding 1000 small inquiries is lower than 0.35.As can be seen that small inquiry
Performance seriously affects the average behavior of QBE.Compared with big inquiry, the related procedure for quickly searching small inquiry wants much more difficult.
In addition, the data by the precision of tri- kinds of combined methods of DistSUM, DistMIN and DistMAX are shown, as a result table
Bright DistMAX cannot work well.DistSUM and DistMIN shows extraordinary performance.DistMIN is slightly better than
DistSUM.For example, the precision of DistSUM and DistMIN are about 0.94 in top 10.In first 500, DistSUM and
The precision of DistMIN is about 0.65.By combined method appropriate, double fluid inquiry can effectively improve flow retrieval performance.
Precision raising can reach 5% to 10%.
As shown in figure 5, for the QBE in specific practical application and the accuracy data inquired greatly, DistSUM and the essence inquired greatly
Degree evidence, the contrast schematic diagram of DistMIN and the accuracy data inquired greatly;The result shows that: DistMIN be it is best, than
DistSUM is slightly good.In top 10, combined method is not very superior.With the increase for the flow being collected into, combined method
Increase to smooth performance.In preceding 10,000, the precision of the ratio of precision list continuous query of DistMIN is about high by 8%.
As shown in fig. 6, for QBE and the accuracy data of small inquiry, the essence of DistSUM and small inquiry in specific practical application
The contrast schematic diagram of degree evidence, DistMIN and the accuracy data of small inquiry;The result shows that: accuracy from top 10 0.9 or so
Quickly fall to preceding 10, about the 0.1 of 000.DistSUM and DistMIN has closely similar performance, hence it is evident that is better than QBE.
In top 10, the precision of combined method is higher than QBE about 8%.In first 100, first 500 and first 1000, precision difference
Significant variation does not occur.In first 5000, the precision of DistSUM and DistMIN are slightly better than QBE.In preceding 10,000,
The performance of these three methods is very close.
As shown in fig. 7, showing for QBE, DistSUM, DistMIN in specific practical application in the data comparison for recalling performance
It is intended to;The result shows that: these three methods all have lower recall rate, less than 0.45, even if system returns to 10,000 ranking
Forward flow.DistSUM and DistMIN are shown than QBE better performance.In top 10, combined method is not showed
Better performance out.However, combined method is stablized relative to the improvement of QBE and is risen with the increase for the flow being collected into.Preceding
In 10,000, improvement can achieve about 10%, but the recall rate of DistMIN is only 0.4 or so.How to retrieve relevant enough
Small inquiry stream is a major challenge of FBTR.
As shown in figure 8, for the accuracy data of the DistMIN in specific practical application and the recall rate data of DistMIN
Schematic diagram;The result shows that: accuracy decline is very fast, but recall rate increasess slowly.Good be some the precision of top 10 also not
It is wrong.This means that FBTR system can quickly return to a small amount of correlative flow in flow in the top.
In conclusion a kind of network flow search method that the embodiment of the present invention 1 provides, has the advantages that only
Have sequence including at least network flow predetermined order range search result could as the search result of return, therefore,
The search result that the flow search method of offer returns is more accurate.
Embodiment 2
Embodiment according to the present invention 2 additionally provides a kind of network flow retrieval device, as shown in figure 9, real for the present invention
A kind of structural schematic diagram of flow retrieval device of the offer of example 2 is provided.
A kind of network flow retrieval device that the embodiment of the present invention 2 provides includes statistical nature extraction module 901, sequence mould
Block 902 and search result return module 903.
Specifically, statistical nature extraction module 901, carries out feature to the statistical nature for carrying out network flow retrieval and mentions
It takes, and the statistical nature extracted is analyzed, obtain more than two for carrying out the statistical nature of flow retrieval;
Sorting module 902 is based on preset similarity calculation, two extracted to statistical nature extraction module 901
A above statistical nature for carrying out network flow retrieval is ranked up, and obtains corresponding ranking results;
Search result return module 903, according to the ranking results that sorting module 902 obtains, selection includes at least network flow
The sequence of amount predetermined order range search result as return search result;In this way, 2 providing through the embodiment of the present invention
A kind of network flow search method, can accomplish: only including at least network flow sequence predetermined order range inspection
Hitch fruit could as return search result, therefore it provides flow search method return search result it is more accurate.
In an optional example, described device further includes obtaining module (being not shown in Fig. 9), obtains module and is used for
Obtain the associated statistical nature information of statistical nature extracted with statistical nature extraction module 901.
In an optional example, institute's statistical nature information is included at least with the next item down: function type is the feature of packet
Information, function are described as the characteristic information of the number-of-packet of one-way transmission, function type is the characteristic information of byte, function description
When characteristic information, function type for the byte number of one-way transmission are the characteristic information of packet size, function type is data parlor
Between characteristic information, the corresponding quantative attribute information of traffic statistics feature.
In an optional example, obtains module and is also used to obtain the IP packet information for carrying out flow retrieval, wherein
The IP packet information that gets of module is obtained to include at least with the next item down: source IP information, source port information, Target IP information,
Destination port information, transport protocol message.
Part in the partial content in scheme that the embodiment of the present invention 2 provides and the scheme of the offer of the embodiment of the present invention 1
The same or similar part of content, please be referring to the description of the corresponding portion for the embodiment of the present invention 1, and details are not described herein.
In conclusion a kind of network flow search method that the embodiment of the present invention 2 provides, has the advantages that energy
Enough accomplish: only including at least network flow sequence predetermined order range search result could as return retrieval knot
Fruit, therefore it provides flow search method return search result it is more accurate.
Embodiment 3
Embodiment according to the present invention 3, additionally provides a kind of electronic equipment, and the electronic equipment includes: memory and place
Device is managed, the processor and the memory complete mutual communication by bus;The memory is stored with can be described
The program instruction that processor executes, the processor call described program instruction to be able to carry out following method: to progress network flow
The statistical nature of amount retrieval carries out feature extraction, and analyzes the statistical nature extracted, obtains more than two be used for
Carry out the statistical nature of flow retrieval;Based on preset similarity calculation, to more than two for carrying out network flow
The statistical nature of retrieval is ranked up, and obtains corresponding ranking results;According to ranking results, selection includes at least network flow
Sort predetermined order range search result as return search result.
Part in the partial content in scheme that the embodiment of the present invention 3 provides and the scheme of the offer of the embodiment of the present invention 1
The same or similar part of content, please be referring to the description of the corresponding portion for the embodiment of the present invention 1, and details are not described herein.
In conclusion a kind of electronic equipment that the embodiment of the present invention 3 provides, having the advantages that can accomplish: only
Have sequence including at least network flow predetermined order range search result could as the search result of return, therefore,
The search result that the flow search method of offer returns is more accurate.
Embodiment 4
Embodiment according to the present invention 4 additionally provides a kind of computer readable storage medium, is stored thereon with computer journey
Sequence, the computer program realize following method when being executed by processor: carrying out to the statistical nature for carrying out network flow retrieval
Feature extraction, and the statistical nature extracted is analyzed, it is special to obtain more than two statistics for carrying out flow retrieval
Sign;Based on preset similarity calculation, more than two statistical natures for carrying out network flow retrieval are arranged
Sequence obtains corresponding ranking results;According to ranking results, selection includes at least the sequence of network flow in predetermined order range
Search result is as the search result returned.
Part in the partial content in scheme that the embodiment of the present invention 4 provides and the scheme of the offer of the embodiment of the present invention 1
The same or similar part of content, please be referring to the description of the corresponding portion for the embodiment of the present invention 1, and details are not described herein.
In conclusion a kind of computer readable storage medium that the embodiment of the present invention 4 provides, has the advantages that
Can accomplish: only including at least network flow sequence predetermined order range search result could as return retrieval
As a result, therefore it provides flow search method return search result it is more accurate.
Although above having used general explanation and specific embodiment, the present invention is described in detail, at this
On the basis of invention, it can be made some modifications or improvements, this will be apparent to those skilled in the art.Therefore,
These modifications or improvements without departing from theon the basis of the spirit of the present invention are fallen within the scope of the claimed invention.
Claims (10)
1. a kind of network flow search method characterized by comprising
Feature extraction is carried out to the statistical nature for carrying out network flow retrieval, and the statistical nature extracted is analyzed, is obtained
To more than two for carrying out the statistical nature of flow retrieval;
Based on preset similarity calculation, more than two statistical natures for carrying out network flow retrieval are arranged
Sequence obtains corresponding ranking results;
According to the ranking results, select sequence including at least network flow in the search result of predetermined order range as returning
The search result returned.
2. the method according to claim 1, wherein the method also includes: obtain with the statistical nature close
The statistical nature information of connection.
3. according to the method described in claim 2, it is characterized in that, institute's statistical nature information is included at least with the next item down:
Function type be the characteristic information of packet, the function number-of-packet that is described as one-way transmission characteristic information, function type be
The feature that the characteristic information of byte, function are described as the characteristic information of the byte number of one-way transmission, function type is packet size is believed
Breath, function type are the characteristic information of data parlor time, the corresponding quantative attribute information of traffic statistics feature.
4. the method according to claim 1, wherein the method also includes: obtain carry out flow retrieval IP
Packet information, wherein the IP packet information is included at least with the next item down: source IP information, source port information, Target IP letter
Breath, destination port information, transport protocol message.
5. a kind of network flow retrieves device characterized by comprising
Statistical nature extraction module carries out feature extraction to the statistical nature for carrying out network flow retrieval, and to the system extracted
Meter feature is analyzed, and is obtained more than two for carrying out the statistical nature of flow retrieval;
Sorting module is based on preset similarity calculation, the two or more extracted to the statistical nature extraction module
The statistical nature for carrying out network flow retrieval be ranked up, obtain corresponding ranking results;
Search result return module, the ranking results obtained according to the sorting module, selection include at least network flow
Sequence predetermined order range search result as return search result.
6. device according to claim 5, which is characterized in that described device further includes obtaining module, the acquisition module
For obtaining the associated statistical nature information of the statistical nature extracted with the statistical nature extraction module.
7. device according to claim 6, which is characterized in that institute's statistical nature information is included at least with the next item down:
Function type be the characteristic information of packet, the function number-of-packet that is described as one-way transmission characteristic information, function type be
The feature that the characteristic information of byte, function are described as the characteristic information of the byte number of one-way transmission, function type is packet size is believed
Breath, function type are the characteristic information of data parlor time, the corresponding quantative attribute information of traffic statistics feature.
8. device according to claim 6, which is characterized in that the module that obtains is also used to obtain progress flow retrieval
IP packet information, wherein the IP packet information that the acquisition module is got is included at least with the next item down: source IP letter
Breath, source port information, Target IP information, destination port information, transport protocol message.
9. a kind of electronic equipment characterized by comprising
Memory and processor, the processor and the memory complete mutual communication by bus;The memory
It is stored with the program instruction that can be executed by the processor, the processor calls described program instruction to be able to carry out right such as and wants
Seek 1 to 4 any method.
10. a kind of computer readable storage medium, which is characterized in that be stored thereon with computer program, the computer program
The step of the method as any such as Claims 1-4 is realized when being executed by processor.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910108881.1A CN109861862A (en) | 2019-02-03 | 2019-02-03 | A kind of network flow search method, device, electronic equipment and storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910108881.1A CN109861862A (en) | 2019-02-03 | 2019-02-03 | A kind of network flow search method, device, electronic equipment and storage medium |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN109861862A true CN109861862A (en) | 2019-06-07 |
Family
ID=66897665
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201910108881.1A Pending CN109861862A (en) | 2019-02-03 | 2019-02-03 | A kind of network flow search method, device, electronic equipment and storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN109861862A (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113438123A (en) * | 2021-05-26 | 2021-09-24 | 曙光网络科技有限公司 | Network flow monitoring method and device, computer equipment and storage medium |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20050249125A1 (en) * | 2002-12-13 | 2005-11-10 | Yoon Seung H | Traffic measurement system and traffic analysis method thereof |
| CN105959175A (en) * | 2016-04-21 | 2016-09-21 | 南开大学 | Network flow classification method based on GPU-accelerated kNN algorithm |
| CN106453434A (en) * | 2016-12-20 | 2017-02-22 | 北京启明星辰信息安全技术有限公司 | Monitoring method and monitoring system for network traffic |
| US20170116291A1 (en) * | 2015-10-27 | 2017-04-27 | Adobe Systems Incorporated | Network caching of search result history and interactions |
| CN109165307A (en) * | 2018-09-19 | 2019-01-08 | 腾讯科技(深圳)有限公司 | A kind of characteristic key method, apparatus and storage medium |
-
2019
- 2019-02-03 CN CN201910108881.1A patent/CN109861862A/en active Pending
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20050249125A1 (en) * | 2002-12-13 | 2005-11-10 | Yoon Seung H | Traffic measurement system and traffic analysis method thereof |
| US20170116291A1 (en) * | 2015-10-27 | 2017-04-27 | Adobe Systems Incorporated | Network caching of search result history and interactions |
| CN105959175A (en) * | 2016-04-21 | 2016-09-21 | 南开大学 | Network flow classification method based on GPU-accelerated kNN algorithm |
| CN106453434A (en) * | 2016-12-20 | 2017-02-22 | 北京启明星辰信息安全技术有限公司 | Monitoring method and monitoring system for network traffic |
| CN109165307A (en) * | 2018-09-19 | 2019-01-08 | 腾讯科技(深圳)有限公司 | A kind of characteristic key method, apparatus and storage medium |
Non-Patent Citations (1)
| Title |
|---|
| 张军 等: "基于时间序列分析的网络流量异常检测", 《吉林大学学报》 * |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113438123A (en) * | 2021-05-26 | 2021-09-24 | 曙光网络科技有限公司 | Network flow monitoring method and device, computer equipment and storage medium |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN106452868A (en) | Network traffic statistics implement method supporting multi-dimensional aggregation classification | |
| CN103714134B (en) | Network flow data index method and system | |
| Liu et al. | Effective and real-time in-app activity analysis in encrypted internet traffic streams | |
| WO2022134794A1 (en) | Method and apparatus for processing public opinions about news event, storage medium, and computer device | |
| CN102890714B (en) | Method and device for indexing data | |
| CN108537134A (en) | A kind of video semanteme scene cut and mask method | |
| CN105975479B (en) | A kind of telecommunication user interest-degree analysis method and system based on tag library | |
| CN109670843A (en) | Data processing method, device, computer equipment and the storage medium of complaint business | |
| CN104281684B (en) | Massive logs are stored and querying method and system | |
| CN106934071A (en) | Recommendation method and device based on Heterogeneous Information network and Bayes's personalized ordering | |
| US20160034505A1 (en) | Systems and methods for large-scale link analysis | |
| CN110175730A (en) | A kind of government policy intelligence and the matched system and method for enterprise based on big data | |
| CN103207901B (en) | A kind of method and apparatus that IP address ownership place is obtained based on search engine | |
| CN103888541A (en) | Method and system for discovering cells fused with topology potential and spectral clustering | |
| CN105471670A (en) | Flow data classification method and device | |
| CN108920689A (en) | Source of goods recommended method and system | |
| Chibani et al. | Elephant herding optimization for service selection in qos-aware web service composition | |
| CN106202388B (en) | A kind of user gradation Automated Partition Method and system | |
| CN107835132A (en) | A kind of method and device of traffic source tracking | |
| CN102437950A (en) | High efficient and extensible IP data packet classification method | |
| CN109450978A (en) | A kind of data classification and load balance process method based on storm | |
| CN109861862A (en) | A kind of network flow search method, device, electronic equipment and storage medium | |
| KR100681000B1 (en) | Apparatus and method for measuring per-flow information of traffic | |
| CN106909626A (en) | Improved Decision Tree Algorithm realizes search engine optimization technology | |
| CN109242039A (en) | It is a kind of based on candidates estimation Unlabeled data utilize method |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20190607 |