CN110460593A - A kind of network address recognition methods, device and the medium of mobile flow gateway - Google Patents
A kind of network address recognition methods, device and the medium of mobile flow gateway Download PDFInfo
- Publication number
- CN110460593A CN110460593A CN201910691428.8A CN201910691428A CN110460593A CN 110460593 A CN110460593 A CN 110460593A CN 201910691428 A CN201910691428 A CN 201910691428A CN 110460593 A CN110460593 A CN 110460593A
- Authority
- CN
- China
- Prior art keywords
- network address
- type
- default
- distribution
- operating system
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L47/00—Traffic control in data switching networks
- H04L47/10—Flow control; Congestion control
- H04L47/24—Traffic characterised by specific attributes, e.g. priority or QoS
- H04L47/2408—Traffic characterised by specific attributes, e.g. priority or QoS for supporting different services, e.g. a differentiated services [DiffServ] type of service
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L47/00—Traffic control in data switching networks
- H04L47/10—Flow control; Congestion control
- H04L47/29—Flow control; Congestion control using a combination of thresholds
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L61/00—Network arrangements, protocols or services for addressing or naming
- H04L61/09—Mapping addresses
- H04L61/25—Mapping addresses of the same type
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
- H04L63/0227—Filtering policies
- H04L63/0236—Filtering by address, protocol, port number or service, e.g. IP-address or URL
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L69/00—Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
- H04L69/16—Implementation or adaptation of Internet protocol [IP], of transmission control protocol [TCP] or of user datagram protocol [UDP]
- H04L69/161—Implementation details of TCP/IP or UDP/IP stack architecture; Specification of modified or new header fields
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L12/00—Data switching networks
- H04L12/66—Arrangements for connecting between networks having differing types of switching systems, e.g. gateways
Abstract
This application involves network securitys and machine learning techniques field, disclose network address recognition methods, device and the medium of a kind of mobile flow gateway, wherein this method comprises: obtaining address feature distribution of the destination network addresses at the appointed time in section;When the address feature distribution of the destination network addresses meets the network address feature distribution condition of legal gateway, the destination network addresses are determined as legal gateway network address, wherein, the network address feature distribution condition is obtained according to the network address feature distribution of multiple legal gateways.The accuracy rate for identifying the network address of legal gateway can be improved using technical scheme.
Description
Technical field
This application involves technical field of network security more particularly to a kind of network address identification sides of mobile flow gateway
Method, device and medium.
Background technique
With the fast development of mobile communication and Internet technology, the more life & amusement office demands of people pass through movement
Terminal such as mobile phone, plate etc. is completed, and demand of the mobile terminal to mobile flow is increasing at the same time.If can correctly know
The network address (Internet Protocol Address, IP address) of flow gateway is not moved, then to bandwidth money is saved
Source, and it is all helpful for letting off the bad behaviors such as non-malicious Assembling Behavior, identification network swindle.
But when the IP address of the existing mobile flow gateway of identification, often passes through common carrier and obtain mobile flow gateway IP
Address, or the network address information of above-mentioned mobile flow gateway, but this acquisition are bought in some network address business websites
The method of the network address information of mobile flow gateway, the network address of the mobile flow gateway of acquisition is not comprehensive and cannot be timely
It updates, and then causes the network address of mobile flow gateway and general network address cannot be distinguished, and buy mobile stream
The network address information of amount gateway needs the expense of great number.
In conclusion the network of gateway is identified by the network address information of the mobile flow gateway of purchase in the prior art
There is many limitations for location, and accuracy rate is lower.
Summary of the invention
In view of this, the embodiment of the present application is desirable to provide a kind of recognition methods of mobile flow gateway network address, device
And medium, to improve the accuracy rate for identifying legal gateway network address.
In a first aspect, the embodiment of the present application provides a kind of network address recognition methods of mobile flow gateway, this method packet
It includes:
Obtain address feature distribution of the destination network addresses at the appointed time in section;
When the address feature distribution of the destination network addresses meets the network address feature distribution condition of legal gateway,
The destination network addresses are determined as legal gateway network address, wherein the network address feature distribution condition is according to more
The network address feature distribution of a legal gateway obtains.
Second aspect, the embodiment of the present application provide a kind of network address identification device of mobile flow gateway, the device packet
It includes:
Address feature distribution acquiring unit, for obtaining the destination network addresses at the appointed time address feature in section point
Cloth;
Legal gateway network Address Recognition unit, it is legal to meet for the address feature distribution when the destination network addresses
When the network address feature distribution condition of gateway, the destination network addresses are determined as legal gateway network address, wherein institute
Network address feature distribution condition is stated to be obtained according to the network address feature distribution of multiple legal gateways.
In a kind of possible embodiment, the legal gateway network Address Recognition unit is also used to:
The address feature distribution is inputted to the gateway network Address Recognition model trained, according to the net trained
The output result for closing network address identification model determines whether the destination network addresses are legal gateway network address, in which:
The gateway network Address Recognition model trained, passes through the address feature to multiple legal gateway network addresses
Distribution training obtains.
In a kind of possible embodiment, the address feature distribution includes at least one of following or any combination: institute
State the corresponding terminal operating system of default the Internet protocol data forwarded in designated time period by the destination network addresses
The flow of type distribution, the default corresponding type of business feature distribution of the Internet protocol data and the destination network addresses divides
Cloth.
In a kind of possible embodiment, the legal gateway network Address Recognition unit is also used to:
After obtaining address feature distribution of the destination network addresses at the appointed time in section, determined according to the flow distribution
The total flow of default the Internet protocol data is greater than the first preset flow value, and determines industry according to the type of business feature distribution
When being engaged in type sum less than the first pre-set business type threshold value, determines under the destination network addresses to exist and preset bad network behaviour
Make behavior.
In a kind of possible embodiment, the address feature distribution acquiring unit is used for:
According under the destination network addresses preset the Internet protocol data at least one operating system critical field,
Determine the default the Internet protocol data of every forwarded by the destination network addresses in the designated time period corresponding end
Hold OS Type feature;
According to the terminal operating system type feature and preset terminal operating system type feature and terminal operation
The mapping relations of system determine the corresponding terminal operating system type of each terminal operating system type feature;
According to the corresponding terminal operating system number of types of every Terminal Type operating system, the terminal operating system class is determined
Type distribution.
In a kind of possible embodiment, the address feature distribution acquiring unit is used for:
According at least one service feature critical field in the default the Internet protocol data, determine that every is preset mutually
The type of business of networking protocol data;
According to the quantity of the corresponding default the Internet protocol data of every class business, the type of business feature distribution is determined.
In a kind of possible embodiment, the address feature distribution acquiring unit is used for:
It is corresponding default mutual according to multiple given times of the destination network addresses in the designated time period
The flow of networking protocol data determines the flow distribution of the destination network addresses.
It is pre- for being forwarded in the designated time period by the destination network addresses in a kind of possible embodiment
If the corresponding terminal operating system type distribution of the Internet protocol data, the network address feature distribution condition are as follows: specified class
The quantity of terminal operating system and the ratio of terminal operating system total quantity are greater than the first default ratio;
For the corresponding type of business feature distribution of the default the Internet protocol data, the network address feature distribution
Condition are as follows: in the quantity of the corresponding default the Internet protocol data of specified services type and the distribution of default conversational traffic species characteristic
The similarity of the quantity of the corresponding default the Internet protocol data of the specified services type is greater than the first default similarity threshold;
For the corresponding type of business feature distribution of the default the Internet protocol data, the network address feature distribution
Condition are as follows: type of business sum is greater than the second pre-set business type threshold value;
For the flow distribution of the destination network addresses, the network address feature distribution condition are as follows: flow distribution with
The similarity of default regular flow distribution is greater than the second default similarity threshold.
For the flow distribution of the destination network addresses, the network address feature distribution condition are as follows: default internet
The total flow of protocol data is greater than the second preset flow value.
The third aspect, the embodiment of the present application provide a kind of computer storage medium, store in the computer storage medium
There are computer executable instructions, the computer executable instructions are for method described in first aspect.
Scheme provided by the present application at least has the following beneficial effects:
In scheme provided by the present application, by the address feature distribution of the destination network addresses of acquisition, with legal gateway
Network address feature distribution condition judges whether the destination network addresses are legal gateway network address, and it is legal to can be improved identification
The accuracy rate of gateway network address.
Detailed description of the invention
Fig. 1 is to apply a kind of identifying code identification picture of the application to issue flow diagram;
Fig. 2 is that a kind of network address of mobile flow gateway provided by the embodiments of the present application identifies schematic diagram;
Fig. 3 is terminal operating system type distribution schematic diagram provided by the embodiments of the present application;
Fig. 4 is a kind of method schematic diagram for obtaining the terminal operating system type distribution provided by the embodiments of the present application;
Fig. 5 is the preset terminal operating system type feature of creation provided by the embodiments of the present application and terminal operating system
The method schematic diagram of mapping relations;
Fig. 6 is that a kind of corresponding type of business feature of default the Internet protocol data that obtains provided by the embodiments of the present application is divided
The method schematic diagram of cloth;
Fig. 7 is a kind of schematic diagram of type of business feature distribution provided by the embodiments of the present application;
Fig. 8 is a kind of method signal of flow distribution for obtaining the destination network addresses provided by the embodiments of the present application
Figure;
Fig. 9 is the schematic diagram of a flow distribution provided by the embodiments of the present application;
Figure 10 is a kind of method schematic diagram of trained gateway network address identification model provided by the embodiments of the present application;
Figure 11 is that scheme provided by the embodiments of the present application is applied in the process signal for being transmitted the scene of data using TCP/IP
Figure;
Figure 12 is a kind of schematic diagram of the network address identification device of mobile flow gateway provided by the embodiments of the present application;
Figure 13 is schematic diagram of the identification device provided by the embodiments of the present application as hardware entities.
Specific embodiment
In order to keep the purposes, technical schemes and advantages of the application clearer, below in conjunction with attached drawing to the application make into
It is described in detail to one step, it is clear that described embodiment is only the application some embodiments, rather than whole implementation
Example.Based on the embodiment in the application, obtained by those of ordinary skill in the art without making creative efforts
All other embodiment, shall fall in the protection scope of this application.
The technical solution of the application is more fully understood for the ease of those skilled in the art, below to this application involves it is special
There is noun to be illustrated:
1, mobile flow gateway: mobile flow refers to through general packet radio service (General Packet Radio
Service, GPRS), strong type Data for GSM Evolution (Enhanced Data Rate for GSM Evolution,
EDGE), Time Division-Synchronous Code Division Multiple Access (Time Division-Synchronous Code Division Multiple
Access, TD-SCDMA), it is high-speed slender body theory (High Speed Downlink Packet Access, HSDPA), wide
Band CDMA (Wideband Code Division Multiple Access, WCDMA), long term evolution (Long Term
Evolution, LTE) etc. mobile communication technologies online or using data traffic caused by related data value-added service, do not include
Pass through stream caused by the online of the other modes such as WLAN (Wireless Local Area Network, WLAN), CSD
Amount, not comprising the data traffic that the dats services with increment (multimedia message, song downloading, news flash etc.) by content charging is examined and made cuts, also not
Include data traffic caused by the group customer such as Blackberry, Pushmail, M2M and industrial application.Mobile flow gateway
Refer to that each operator provides the gateway of mobile traffic service for user, and the legal gateway in the embodiment of the present application is mobile flow
Another address of gateway.
2, the access record in certain network address under Internet protocol, root address feature distribution: are preset in a period of time
Distribution is known according to various in a certain network address, such as the default interconnection forwarded in designated time period by above-mentioned destination network addresses
The corresponding terminal operating system type distribution of fidonetFido data, the default corresponding type of business feature distribution of the Internet protocol data
And flow distribution of above-mentioned destination network addresses etc. portrays a kind of transitory nature of the network address.
The design philosophy of the application is illustrated below:
With the development of mobile communication and Internet technology, demand of the terminal to mobile flow increasingly increases, if can be just
It really identifies and the network address of the legal gateway of traffic service is provided, to saving network broadband resource, let off Normal aggregation row
For, identification network swindle etc. bad behaviors be all extremely helpful.
By application technical scheme issue identifying code for, to identification provide traffic service legal gateway net
Importance of the network address in terms of saving network bandwidth resources is illustrated:
Identifying code is a kind of very universal precautionary approach to malicious attack, and the identifying code scheme of mainstream is mainly led at present
Picture is crossed to issue, if legal mobile flow gateway of the picture from offer traffic service issued when identifying code identification can be learnt
Network address control above-mentioned gateway in the case where not influencing user's use and issue low-quality picture, can save and issue
The network bandwidth resources of picture are all very useful for operator and user, as shown in Figure 1, specifically include as
Lower process:
Step S101 pulls image data when identifying code identification;
Step S102, judgement issue whether the network address of above-mentioned image data is mobile flow gateway network address, if
It is to enter step S103, otherwise enters step S104.
Step S103 issues the picture of low resolution;
Step S103 issues the picture of normal resolution.
It can be seen that the legal net of identification offer traffic service from the example that the image that identifying code identifies issues is used for above
The importance of the network address of pass, therefore, the embodiment of the present application provide a kind of mobile flow gateway network address recognition methods,
Device and medium, using a certain network address as destination network addresses, acquire first in the present processes and parse target
The network address at the appointed time the Internet protocol data in section, obtains the destination network addresses specified according to the result of parsing
In period, the corresponding terminal operating system type of the Internet protocol data forwarded by the destination network addresses is distributed, mutually
The address feature distribution of the flow distribution of the corresponding type of business feature distribution of networking protocol data and the network address etc., and
It is legal to be obtained according to the network address feature distribution of multiple legal gateways (i.e. above-mentioned mobile flow gateway) for providing traffic service
The network address feature distribution condition of gateway, is directed to some destination network addresses, when the destination network addresses are when specified
Between address feature distribution in section when meeting the network address feature distribution condition of legal gateway, determine that the destination network addresses are
The network address of legal gateway.
, can also be using the address feature distribution of destination network addresses as input value in the scheme of the application, input is
Trained gateway network Address Recognition model, according to the output of gateway network Address Recognition model as a result, determining the target network
Whether network address is legal gateway network address.
It should be noted that the scheme of the application can with but be not limited to apply and using any specified Internet protocol
The scene for transmitting data, as applied the scheme of the application being transmitted using transmission control protocol TCP/internet protocol IP
Scene;When applying the scheme of the application in the scene using TCP/IP transmission data, above-mentioned the Internet protocol data is
TCP data, above-mentioned destination network addresses are target ip address, in the present embodiment, internet protocol transmission data not used
View is excessively limited, below only with preset Internet protocol indicate to transmit the Internet protocols of data to the scheme of the application into
Row description.
The implementation of the technical solution of the application is described in detail with reference to the accompanying drawing:
As shown in Fig. 2, the application provides a kind of network address recognition methods of legal mobile flow gateway, specifically include
Following steps:
Step S201 obtains address feature distribution of the destination network addresses at the appointed time in section;
Excessive restriction is not done to above-mentioned designated time period, those skilled in the art can be arranged according to actual needs, such as will
Its period for 8:00-10:00 for being set as some scheduled date, the period of 17:00-20:00,10:00-22:00 when
Between section etc..
In embodiments herein, the address feature distribution of above-mentioned destination network addresses within a specified time can with but not
It is confined to include one of following or any combination:
1) in above-mentioned designated time period, default the Internet protocol data corresponding end for being forwarded by the destination network addresses
Hold OS Type distribution;
It should be understood that every default the Internet protocol data should all be derived from a certain terminal, each end
There is its corresponding terminal operating system at end;
In the present embodiment, by the terminal operating system of the corresponding terminal of all default the Internet protocol datas according to classification
Sort out, above-mentioned terminal operating system type is distributed as point of the corresponding terminal operating system number of types of every Terminal Type operating system
Cloth, for details, reference can be made to Fig. 3.
2) the corresponding type of business feature distribution of the Internet protocol data is preset;
It, in the present embodiment, can be with it should be understood that every default the Internet protocol data can all access a business
Classify to different business, above-mentioned type of business feature distribution is to pass through the destination network addresses in above-mentioned specified time
The distribution situation of the corresponding type of business of default the Internet protocol data of forwarding.
3) flow distribution of above-mentioned destination network addresses;
It should be understood that every default the Internet protocol data is a flow, above-mentioned destination network addresses are above-mentioned
The corresponding flow of multiple given times in designated time period is the flow distribution of above-mentioned destination network addresses.
Excessive restriction is not done to above-mentioned multiple given times, those skilled in the art can be arranged according to actual needs.
Step S202, in judgement the address feature distribution of destination network addresses whether meet legal gateway network address it is special
It levies distribution occasion and otherwise enters step S104 if satisfied, then entering step S203;
In the present embodiment, can be in the network address feature distribution according to multiple legal gateways, above-mentioned designated time period
The interior corresponding terminal operating system type distribution of default the Internet protocol data forwarded by above-mentioned destination network addresses is preset
One in the flow distribution of the corresponding type of business feature distribution of the Internet protocol data and above-mentioned destination network addresses or
Multiple distributions obtain the network address feature distribution condition of above-mentioned legal gateway.
Step S203 determines that destination network addresses are legal gateway network addresses;
Step S204, determining destination network addresses not is legal gateway network address.
Terminal in step S201 can with but be not limited to include: smart phone, tablet computer, notebook personal computer,
Desktop computer, robot etc..
The terminal operating system of above-mentioned terminal can with but be not limited to include: Android (Android) system, IOS system
(Internetworking Operating System-Cisco), Microsoft (Microsoft Windows) system, Unix operation
System, (SuSE) Linux OS, Mac operating system.
Above-mentioned Android system Android is the operating system of a kind of freedom based on Linux and open source code.Mainly make
For mobile device, such as smart phone and tablet computer;
Above-mentioned iOS system is a moving operation applied to the mobile end equipment such as tablet computer by Apple Inc.'s exploitation
System;
Above-mentioned UNIX operating system is a powerful multi-user, multitask, the timesharing behaviour for supporting various processor framework
Make system;
Above-mentioned (SuSE) Linux OS is a set of free class Unix operating system using with Free propagation, is one and is based on
Portable operating system interface (Portable Operating System Interface of UNIX, POSIX) and UNIX's
Multi-user, multitask, the operation system for supporting multithreading and more central processing units (Central Processing Unit, CPU)
System, it can run main unix tool software, application program and network protocol;
Above-mentioned Microsoft Windows is a kind of using graphical user interface (Graphical User
Interface, GUI) operating system;
Above-mentioned Mac OS is first in the successful graphical user interface of commercial kitchen area (Graphical User
Interface, GUI) operating system.
As shown in figure 4, the scheme of the present embodiment provides a kind of method for obtaining above-mentioned terminal operating system type distribution:
Step S401 determines the every default internet forwarded in above-mentioned designated time period by above-mentioned destination network addresses
The corresponding terminal operating system type feature of protocol data;
The operating system critical field preset in the Internet protocol data under above-mentioned destination network addresses is parsed, as above-mentioned behaviour
It, can be by the operating system critical field of every default the Internet protocol data parsing acquisition when making system core field only one
As its corresponding terminal operating system type feature;When aforesaid operations system core field be at least two when, by it is above-mentioned extremely
Few two operating system critical fielies are according to preset field processing mode treated result as terminal operating system type spy
Sign;
Wherein, excessive restriction is not done to above-mentioned preset field processing mode, can with but be not limited to field connecting method,
It can but be not limited to determine at least two operating system critical fielies according to the result of specific field splicing sequential concatenation
To preset the corresponding terminal operating system type feature of the Internet protocol data.
Excessive restriction is not done to above-mentioned specific field splicing sequence, those skilled in the art can be arranged according to actual needs
Specific field splicing sequence, it is special with distinguish different terminal operating systems terminal operating system type with reaching higher accuracy
The purpose of sign.
Step S402 determines the corresponding terminal operating system type of each terminal operating system type feature;
In the present embodiment, can with but be not limited to according to business provider obtain history preset the Internet protocol data
And every history presets the corresponding type of business of business of the Internet protocol data access, presets creation terminal operating system class
The mapping relations of type feature and terminal operating system;
In this embodiment, it can be closed according to the mapping of preset terminal operating system type feature and terminal operating system
System, determines the corresponding terminal operating system type of each terminal operating system type feature.
Step S403 determines above-mentioned terminal operating system type distribution;
The destination network addresses can be determined according to the corresponding terminal operating system number of types of every Terminal Type operating system
Corresponding terminal operating system type distribution, above-mentioned terminal operating system type distribution can be found in Fig. 3;
The histogram of Fig. 3 indicates a terminal operating system type distribution, wherein row " first kind terminal operating system,
Second Terminal Type operating system, third Terminal Type operating system, the 4th Terminal Type operating system, the 5th Terminal Type operating system,
6th Terminal Type operating system " indicates terminal operating system type, erects the number " 20,40,60,80,100,120,140 " of column
The corresponding terminal operating system number of types of terminal operating system is indicated, as shown in figure 3, first left rectangle frame table in Fig. 3
The terminal operating system number of types for showing first kind terminal operating system is 120, can be bright from the distribution of terminal operating system type
Really and clearly learn the quantity of each Terminal Type operating system.
In the present embodiment, a large amount of default the Internet protocol data that can be obtained according to business provider's history, wound
The mapping relations of preset terminal operating system type feature and terminal operating system are built, as shown in figure 5, providing a concrete example
Son:
Step S501 obtains largely default the Internet protocol data, determines that every default the Internet protocol data is corresponding
Terminal operating system type feature;
Wherein, it is determined here that the corresponding terminal operating system type feature of every default the Internet protocol data and step
Method in S401 is consistent, is not repeated to describe herein.
Step S502 is identified, really according to the terminal operating system in the business access data of every the Internet protocol data
The corresponding terminal operating system of fixed every default the Internet protocol data;
It should be understood that in the business access data of every the Internet protocol data can with but be not limited to comprising this mutually
The corresponding terminal of networking protocol data or the corresponding user of the Internet protocol data by the login time of accessing terminal to network,
The network address of network and the terminal operating system mark of the corresponding terminal containing the Internet protocol data are accessed, therefore, just
The corresponding terminal behaviour of every default the Internet protocol data can be determined according to the business access data of every the Internet protocol data
Make system.
Step S503, by the terminal operating system type feature of every default the Internet protocol data and corresponding end
Operating system is held, the mapping relations of preset terminal operating system type feature and terminal operating system are built into.
Wherein, the mapping relations of above-mentioned preset terminal operating system type feature and terminal operating system can with but not office
Be limited to save as the form of binary table or binary group, the application does not limit this, and can with but be not limited to will be above-mentioned
The mapping relations of preset terminal operating system type feature and terminal operating system are stored in specified data library, so as to right
Than searching, accelerate the speed for identifying legal gateway network address.
As shown in fig. 6, a kind of obtain presented below presets the corresponding type of business feature distribution of the Internet protocol data
Mode:
Step S601 parses the service feature critical field in default the Internet protocol data, true according to the result of parsing
The type of business of fixed every default the Internet protocol data;
Above-mentioned service feature keyword may be one or more.
Step S602 determines type of business feature according to the quantity of the corresponding default the Internet protocol data of every class business
Distribution.
The present embodiment provides a histograms as shown in Figure 7 to indicate type of business feature distribution, wherein row " first
Class business, the second class business, the third window, the 4th class business, the 5th class business, the 6th class business " indicates type of business,
The number " 20,40,60,80,100,120,140 " of perpendicular column indicates the corresponding default the Internet protocol data of inhomogeneous business
Quantity, first left rectangle frame indicates that the quantity of the corresponding default the Internet protocol data of first kind business is 60 in Fig. 7, from
Type of business feature distribution can define and clearly learn the quantity of every a kind of business.
As shown in figure 8, a kind of mode of flow distribution for obtaining destination network addresses presented below:
Step S801 obtains the corresponding default the Internet protocol data of multiple given times in designated time period
Flow;
Wherein, a default the Internet protocol data is a flow, herein the default internet of any given time
The flow of protocol data, for the quantity of the corresponding default the Internet protocol data of the given time.
Step S802 determines target according to the flow of the corresponding default the Internet protocol data of multiple given times
The flow distribution of network address.
The present embodiment provides a histograms as shown in Figure 9 to indicate flow distribution, wherein row " 0 point of certain moon in year,
1 point of certain moon in year, 2 points of certain moon in year, 3 points of certain moon in year, 4 points of certain moon in year, 5 points of certain moon in year, 6 points of certain moon in year, certain year
7 points of certain moon, 8 points of certain moon in year, 9 points of certain moon in year, 10 points of certain moon in year, 11 points of certain moon in year, 12 points of certain moon in year, certain year
The moon 13 points, 14 points of certain moon in year, 15 points of certain moon in year, 16 points of certain moon in year, 17 points of certain moon in year, 18 points of certain moon in year, certain year
When 19 points of certain moon, 20 points of certain moon in year, 21 points of certain moon in year, 22 points of certain moon in year, 23 points of certain moon in year " indicates any specified
It carves, the number " 5000,10000,15000,20000,25000,30000 " for erecting column indicates that inhomogeneous business is corresponding default mutual
The quantity of networking protocol data, the 6th, left side rectangle frame indicates that certain month certain year 5 points of flow is 5000 in Fig. 9, from flow distribution
It can define and clearly learn the flow of each given time.
Above-mentioned network address feature distribution item in order to guarantee to identify the accuracy of legal gateway network address, in the application
Part can with but be not limited to include:
Network address feature distribution condition 1) specify the quantity of Terminal Type operating system and terminal operating system total quantity
Ratio is greater than the first default ratio;
Excessive restriction is not done to the above-mentioned first default ratio, those skilled in the art can be arranged according to actual needs;
Excessive restriction is not done to above-mentioned specified Terminal Type operating system, can according to need the type of the legal gateway of identification
Setting, such as in the present embodiment, the legal gateway network address of the legal gateway for being to provide mobile flow of identification, at this point, above-mentioned
Specified Terminal Type operating system is mobile terminal operating system, such as Android system, IOS system.
Network address feature distribution condition 2) quantity of the corresponding default the Internet protocol data of specified services type and pre-
If the quantity of the corresponding default the Internet protocol data of above-mentioned specified services type is similar in the distribution of conversational traffic species characteristic
Degree is greater than the first default similarity threshold;
Above-mentioned default conversational traffic species characteristic distribution refers to (such as network swindle, malice aggregation row of no Network anomalous behaviors
For etc.) in the case of type of business feature distribution.
Excessive restriction is not done to specified services type and the first default similarity threshold, those skilled in the art can root
It is arranged according to actual demand.
Network address feature distribution condition 3) type of business sum be greater than the second pre-set business type threshold value;
It should be understood that when the corresponding type of business of default the Internet protocol data of a certain network address forwarding is more
When, be legal gateway network address a possibility that it is bigger.
Excessive restriction is not done to the second pre-set business type threshold value, those skilled in the art can set according to actual needs
It sets.
Network address feature distribution condition 4) to be greater than second default for the similarity of flow distribution and the distribution of default regular flow
Similarity threshold;
Above-mentioned default regular flow distribution refers to no Network anomalous behaviors (such as network swindle, malice Assembling Behavior) situation
Under, and meet the flow distribution situation of user's net temporal regularity.
Excessive restriction is not done to the second default similarity threshold, those skilled in the art can be arranged according to actual needs.
Network address feature distribution condition 5) total flow of the Internet protocol data is preset greater than the second preset flow value.
It should be understood that the total flow (total quantity) when the corresponding default the Internet protocol data of a certain network address is more
When, be legal gateway network address a possibility that it is bigger.
Excessive restriction is not done to the second preset flow value, those skilled in the art can be arranged according to actual needs.
Wherein, network address feature distribution condition 1) it is interior by above-mentioned destination network addresses for above-mentioned designated time period
The corresponding terminal operating system type distribution setting of the default the Internet protocol data of forwarding, network address feature distribution condition
2) type of business feature distribution corresponding with above-mentioned default the Internet protocol data 3) is directed to is arranged, network address feature distribution
Condition 4) and 5) be the flow distribution for being directed to above-mentioned destination network addresses.
As optional embodiment, those skilled in the art can flexibly use network address feature distribution condition
1) multiple in -5) are used cooperatively, more accurately to identify legal gateway network address, can with but be not limited to will simultaneously
Meet network address feature distribution condition 1) -5) destination network addresses be determined as legal gateway network address.
As a kind of possible performance, in the scheme of the application, above-mentioned network address feature distribution condition is utilized
3) when with legal gateway network address 5) is identified, it is possible to which the total flow for default the Internet protocol data occur is greater than first and presets
Flow value, and type of business sum is less than the first pre-set business type threshold value, at this time because the destination network addresses are when specified
Between total flow in section it is excessive, but type of business sum is very few, and situation is abnormal, determines exist under the destination network addresses at this time
Preset bad network operation behavior;
Excessive restriction, the technology of this field are not done to above-mentioned first preset flow value and the first pre-set business type threshold value
Personnel can be arranged according to actual needs.
It is above-mentioned to preset bad network operation behavior and may include abnormal aggregation behavior, network fraudulent act etc..
In the scheme of the application, after step S201, it can not also be judged by network address feature distribution condition
Whether destination network addresses are legal gateway network addresses, can also obtain destination network addresses address feature distribution it
Afterwards, it is inputted the gateway network Address Recognition model trained by machine learning, according to gateway network Address Recognition model
Output result determine whether it is legal gateway network address.
Machine learning (Machine Learning, ML) is a multi-field cross discipline, be related to probability theory, statistics,
The multiple subjects such as Approximation Theory, convextiry analysis, algorithm complexity theory.It is dedicated to studying the mankind were simulated or realized to computer how
Habit behavior reorganizes the existing structure of knowledge and is allowed to constantly improve the performance of itself, machine to obtain new knowledge or skills
Study is the core of artificial intelligence, is the fundamental way for making computer have intelligence, and application spreads each neck of artificial intelligence
Domain.In the common method of machine learning, it is broadly divided into supervised learning and unsupervised learning, above-mentioned supervised learning includes various
Disaggregated model can go training to obtain one by the existing training sample set comprising input data and corresponding output data
The best model of classifying quality.
In order to realize such scheme, as shown in Figure 10, the present embodiment also provides a kind of trained gateway network address identification mould
The method of type:
Step S1001 obtains training sample set, and training sample set includes the address feature distribution of a large amount of network address, with
And each network address whether be legal gateway network address result;
Above-mentioned network address includes, legal gateway network address and illegal gateway network address, can with but be not limited to
The scheme of narration obtains the address feature distribution of multiple network address the upper surface of through this embodiment and each network address is
No is the result of legal gateway network address;
Can with but be not limited to indicate whether each network address is legal net using legal gateway network address mark position
Close network address as a result, as legal gateway network address mark position value be 1 when, indicate that the network address is legal gateway net
Network address, when the value of legal gateway network address mark position is 0, indicating the network address not is legal gateway network address.
Step S1002 is based on Training model construction gateway network address training pattern, the training of gateway network address
Model includes at least one or more input feature vectors and an output label;
Said one or multiple input feature vectors can with but be not limited in the Address d istribution feature of network address one
Or multiple features, said one or multiple features may include above-mentioned terminal operating system distribution, type of business feature distribution with
And flow distribution;
Above-mentioned output label can be the value of the legal gateway network address mark position of identified network address.
Step S1003 is trained current gateway network address training pattern using training sample set, according to output
The result of layer output adjusts the model parameter of current gateway network address training pattern, until model training is less than the pre- of setting
Error condition is surveyed, is determined as current gateway network address training pattern to identify legal gateway network Address Recognition model;
It, can be by the whole or one of training sample concentration when being trained every time to gateway network address training pattern
The address feature distribution of fixed number amount inputs gateway network address training pattern one by one, respectively that gateway network address training pattern is defeated
The value ratio of the value legal gateway network address mark position corresponding with training sample set of legal gateway network address mark position out
Compared with determining that the consistent quantity of value of two legal gateway network address mark positions occupies the ratio of trained network address total number
Value is prediction accuracy, when above-mentioned prediction accuracy is greater than default prediction proper threshold value, determines that model training is less than the pre- of setting
Survey error condition.
When being trained every time to gateway network address training pattern, above-mentioned prediction accuracy is just no more than default prediction
When true threshold value, the data that the training sample having not been used can be selected to concentrate re-start gateway network address training pattern
Training can also adjust the model parameter of gateway network address training pattern according to preset model parameter Tuning function, adjust
After whole above-mentioned model parameter, data that above-mentioned training sample is concentrated are re-used to above-mentioned gateway network address training pattern again
It is trained.
It should be noted that those skilled in the art can also adjust above-mentioned gateway according to other model training methods
The model parameter of network address training pattern, or according to other model training methods to above-mentioned gateway network address training pattern
It is trained, the application does not do excessive restriction to this.
In order to make the scheme of the application be more convenient for understanding, such as Figure 11 is being used below with applying the scheme of the application
One specific example of the scene of TCP/IP transmission data is illustrated:
Step 1101, it acquires and parses the TCP data forwarded by target ip address, according to the SNY packet number in TCP data
According to the terminal operating system type feature of every TCP data of determination, and then determines in designated time period and turned by target ip address
The corresponding terminal operating system type distribution of the TCP data of hair;
Specifically, following multiple operating system critical fielies in SNY data packet be can parse:
Terminal operating system critical field 1) segmental identification DF, above-mentioned DF is used to indicate that the block length of the TCP data to be super
It is fragment when crossing MTU, or abandons and ICMP error message is used to report to source host;
Terminal operating system critical field 2) ttl, above-mentioned ttl indicate IP packet allow by router maximum number
Amount;
Terminal operating system critical field 3) IP option len, to indicate the IP option of target ip address;
Terminal operating system critical field 4) sliding window Window size, Window size this field itself do not belong to
In the other characteristic of operating system grade, but the characteristic of the multiple proportion of sliding window and mss belongs to the other characteristic of operating system grade;
Terminal operating system critical field 5) timer timestamp, some terminal operating systems can be timestamp
Value is set as 0, so the value of the corresponding timestamp of different terminal operating systems may be different;
Terminal operating system critical field 6) TCP option, because timestamp is changed with time, mss
May be tampered by intermediate router, TCP option is the specific value for removing timestamp, mss.
The multiple terminal operating system critical fielies of SNY bag data in any TCP data are closed according to terminal operating system
Key field 1), terminal operating system critical field 2), terminal operating system critical field 3), terminal operating system critical field
4), terminal operating system critical field 5), terminal operating system critical field 6) sequential concatenation result as the TCP data
Corresponding terminal operating system type feature;
According to the corresponding terminal operating system type feature of each TCP data and preset terminal operating system type
The mapping relations of feature and terminal operating system determine the corresponding terminal operating system of each TCP data, and then according to each
The corresponding terminal operating system of TCP data determines the corresponding terminal operating system type distribution of target ip address.
Step S1102 determines the type of business of every TCP data according to the data bag data in TCP data, and then determines
The corresponding type of business feature distribution of TCP data;
Step S1103 determines the stream of above-mentioned target ip address according to the flow of the corresponding TCP data of multiple given times
Amount distribution;
Step S1104 is determined according to the distribution of terminal operating system type, type of business feature distribution and flow distribution
The address feature distribution of target ip address;
Step S1105, judges whether the address feature distribution of target ip address meets the network address feature of legal gateway
Otherwise distribution occasion, enters step S1207 if satisfied, entering step S1206;
Step S1106 determines that target ip address is legal gateway network address;
Step S1107, determining target ip address not is legal gateway network address.
It, not only can be easily according to the network address feature distribution condition of legal gateway by scheme provided by the present application
It rapidly and accurately identifies and the network address of the gateway of mobile flow is provided, can also efficiently identify and preset bad network operation
Behavior can identify network fraudulent act, let off harmless Assembling Behavior;
And scheme provided by the present application, it is legal to operator or the purchase of gateway network address information provider to save
The high cost of gateway network address, it is at low cost, and Netowrk tape can be saved after identifying legal gateway network address
Wide resource, to needing the user using flow and provide the operation commercial city of traffic service with very big value.
Based on identical design, as shown in figure 12, the network address that the present embodiment also provides a kind of mobile flow gateway is known
Other device, the device include:
Address feature distribution acquiring unit 1201, for obtaining address feature of the destination network addresses at the appointed time in section
Distribution;
Legal gateway network Address Recognition unit 1202 meets for the address feature distribution when above-mentioned destination network addresses
When the network address feature distribution condition of legal gateway, above-mentioned destination network addresses are determined as legal gateway network address,
In, above-mentioned network address feature distribution condition is obtained according to the network address feature distribution of multiple legal gateways.
In a kind of possible embodiment, above-mentioned legal gateway network Address Recognition unit is also used to:
Address above mentioned feature distribution is inputted to the gateway network Address Recognition model trained, according to the above-mentioned net trained
The output result for closing network address identification model determines whether above-mentioned destination network addresses are legal gateway network address, in which:
The above-mentioned gateway network Address Recognition model trained, passes through the address feature to multiple legal gateway network addresses
Distribution training obtains.
In a kind of possible embodiment, address above mentioned feature distribution includes at least one of following or any combination: on
State the corresponding terminal operating system of default the Internet protocol data forwarded in designated time period by above-mentioned destination network addresses
The flow of type distribution, the default corresponding type of business feature distribution of the Internet protocol data and above-mentioned destination network addresses divides
Cloth.
In a kind of possible embodiment, above-mentioned legal gateway network Address Recognition unit is also used to:
After obtaining address feature distribution of the destination network addresses at the appointed time in section, determined according to above-mentioned flow distribution
The total flow of default the Internet protocol data is greater than the first preset flow value, and determines industry according to above-mentioned type of business feature distribution
When being engaged in type sum less than the first pre-set business type threshold value, determines under above-mentioned destination network addresses to exist and preset bad network behaviour
Make behavior.
In a kind of possible embodiment, address above mentioned feature distribution acquiring unit is used for:
According under above-mentioned destination network addresses preset the Internet protocol data at least one operating system critical field,
Determine the default the Internet protocol data of every forwarded by above-mentioned destination network addresses in above-mentioned designated time period corresponding end
Hold OS Type feature;
According to above-mentioned terminal operating system type feature and preset terminal operating system type feature and terminal operation
The mapping relations of system determine the corresponding terminal operating system type of each terminal operating system type feature;
According to the corresponding terminal operating system number of types of every Terminal Type operating system, above-mentioned terminal operating system class is determined
Type distribution.
In a kind of possible embodiment, address above mentioned feature distribution acquiring unit is used for:
According at least one service feature critical field in above-mentioned default the Internet protocol data, determine that every is preset mutually
The type of business of networking protocol data;
According to the quantity of the corresponding default the Internet protocol data of every class business, above-mentioned type of business feature distribution is determined.
In a kind of possible embodiment, address above mentioned feature distribution acquiring unit is used for:
It is corresponding default mutual according to multiple given times of the above-mentioned destination network addresses in above-mentioned designated time period
The flow of networking protocol data determines the flow distribution of above-mentioned destination network addresses.
It is pre- for being forwarded in above-mentioned designated time period by above-mentioned destination network addresses in a kind of possible embodiment
If the corresponding terminal operating system type distribution of the Internet protocol data, above-mentioned network address feature distribution condition are as follows: specified class
The quantity of terminal operating system and the ratio of terminal operating system total quantity are greater than the first default ratio;
For the corresponding type of business feature distribution of above-mentioned default the Internet protocol data, above-mentioned network address feature distribution
Condition are as follows: in the quantity of the corresponding default the Internet protocol data of specified services type and the distribution of default conversational traffic species characteristic
The similarity of the quantity of the corresponding default the Internet protocol data of above-mentioned specified services type is greater than the first default similarity threshold;
For the corresponding type of business feature distribution of above-mentioned default the Internet protocol data, above-mentioned network address feature distribution
Condition are as follows: type of business sum is greater than the second pre-set business type threshold value;
For the flow distribution of above-mentioned destination network addresses, above-mentioned network address feature distribution condition are as follows: flow distribution with
The similarity of default regular flow distribution is greater than the second default similarity threshold.
For the flow distribution of above-mentioned destination network addresses, above-mentioned network address feature distribution condition are as follows: default internet
The total flow of protocol data is greater than the second preset flow value.
The device is as shown in figure 13 as an example of hardware entities, which includes processor 1301, storage medium
1302 and at least one external communication interface 1303;Above-mentioned processor 1301, storage medium 1302 and external communication interface
1303 are connected by bus 1304.
It need to be noted that: be related to the description of above-mentioned apparatus, with the application method description be it is similar, with having for method
Beneficial effect description, does not repeat them here.For undisclosed technical detail in the application gateway embodiment, it is real to please refer to the application method
Apply the description of example.
The embodiment of the present invention also provides a kind of computer storage medium, is stored with computer in above-mentioned computer storage medium
Executable instruction, above-mentioned computer executable instructions are used to execute the gateway in a kind of local area network of any one of above-described embodiment
Control method.
In addition, in several embodiments provided herein, it should be understood that disclosed device and method, it can be with
It realizes by another way.Apparatus embodiments described above are merely indicative, for example, the division of said units,
Only a kind of logical function partition, there may be another division manner in actual implementation, such as: multiple units or components can be tied
It closes, or is desirably integrated into another system, or some features can be ignored or not executed.In addition, shown or discussed each group
Can be through some interfaces at the mutual coupling in part or direct-coupling or communication connection, equipment or unit it is indirect
Coupling or communication connection, can be electrical, mechanical or other forms.
Above-mentioned unit as illustrated by the separation member, which can be or may not be, to be physically separated, aobvious as unit
The component shown can be or may not be physical unit, it can and it is in one place, it may be distributed over multiple network lists
In member;Some or all of units can be selected to achieve the purpose of the solution of this embodiment according to the actual needs.
In addition, each functional unit in each embodiment of the application can be fully integrated in one processing unit, it can also
To be each unit individually as a unit, can also be integrated in one unit with two or more units;It is above-mentioned
Integrated unit both can take the form of hardware realization, can also realize in the form of hardware adds SFU software functional unit.
Those of ordinary skill in the art will appreciate that: realize that all or part of the steps of above method embodiment can pass through
The relevant hardware of program instruction is completed, and program above-mentioned can be stored in a computer readable storage medium, the program
When being executed, step including the steps of the foregoing method embodiments is executed;And storage medium above-mentioned include: movable storage device, it is read-only
Memory (ROM, Read-Only Memory), random access memory (RAM, Random Access Memory), magnetic disk or
The various media that can store program code such as person's CD.
If alternatively, the above-mentioned integrated unit of the application is realized in the form of software function module and as independent product
When selling or using, it also can store in a computer readable storage medium.Based on this understanding, the application is implemented
Substantially the part that contributes to existing technology can be embodied in the form of software products the technical solution of example in other words,
The computer software product is stored in a storage medium, including some instructions are used so that computer equipment (can be with
Personal computer, server or network equipment etc.) execute each embodiment above method of the application all or part.
And storage medium above-mentioned includes: that movable storage device, ROM, RAM, magnetic or disk etc. are various can store program code
Medium.
The above, the only specific embodiment of the application, but the protection scope of the application is not limited thereto, it is any
Those familiar with the art within the technical scope of the present application, can easily think of the change or the replacement, and should all contain
Lid is within the scope of protection of this application.Therefore, the protection scope of the application should be subject to above-mentioned scope of protection of the claims.
Claims (10)
1. a kind of network address recognition methods of mobile flow gateway characterized by comprising
Obtain address feature distribution of the destination network addresses at the appointed time in section;
When the address feature distribution of the destination network addresses meets the network address feature distribution condition of legal gateway, by institute
It states destination network addresses and is determined as legal gateway network address, wherein the network address feature distribution condition is according to multiple conjunctions
The network address feature distribution of method gateway obtains.
2. the method as described in claim 1, which is characterized in that it is special to obtain address of the destination network addresses at the appointed time in section
After sign distribution, further includes:
The address feature distribution is inputted to the gateway network Address Recognition model trained, according to the gateway net trained
The output result of network Address Recognition model determines whether the destination network addresses are legal gateway network address, in which:
The gateway network Address Recognition model trained, passes through the address feature distribution to multiple legal gateway network addresses
Training obtains.
3. method according to claim 1 or 2, which is characterized in that the address feature distribution include at least it is one of following or
Person's any combination: the default the Internet protocol data forwarded in the designated time period by the destination network addresses is corresponding
The distribution of terminal operating system type, the default corresponding type of business feature distribution of the Internet protocol data and the target network
The flow distribution of address.
4. method as claimed in claim 3, which is characterized in that it is special to obtain address of the destination network addresses at the appointed time in section
After sign distribution, further includes:
Determine that the total flow of default the Internet protocol data is greater than the first preset flow value according to the flow distribution, and according to institute
When stating type of business feature distribution and determining type of business sum less than the first pre-set business type threshold value, the target network is determined
Exist under address and presets bad network operation behavior.
5. method as claimed in claim 3, which is characterized in that obtain the terminal operating system type point in the following way
Cloth:
According at least one the operating system critical field preset under the destination network addresses in the Internet protocol data, determine
The corresponding terminal behaviour of the default the Internet protocol data of every forwarded by the destination network addresses in the designated time period
Make system type feature;
According to the terminal operating system type feature and preset terminal operating system type feature and terminal operating system
Mapping relations, determine the corresponding terminal operating system type of each terminal operating system type feature;
According to the corresponding terminal operating system number of types of every Terminal Type operating system, the terminal operating system type point is determined
Cloth.
6. method as claimed in claim 3, which is characterized in that it is corresponding to obtain default the Internet protocol data in the following way
Type of business feature distribution:
According at least one service feature critical field in the default the Internet protocol data, every default internet is determined
The type of business of protocol data;
According to the quantity of the corresponding default the Internet protocol data of every class business, the type of business feature distribution is determined.
7. method as claimed in claim 3, which is characterized in that obtain the flow of the destination network addresses in the following way
Distribution:
According to the corresponding default internet of multiple given times of the destination network addresses in the designated time period
The flow of protocol data determines the flow distribution of the destination network addresses.
8. method as claimed in claim 3, which is characterized in that the network address feature distribution condition includes:
For the default the Internet protocol data corresponding end forwarded in the designated time period by the destination network addresses
Hold OS Type distribution, the network address feature distribution condition are as follows: the quantity and terminal of specified Terminal Type operating system
The ratio of operating system total quantity is greater than the first default ratio;
For the corresponding type of business feature distribution of the default the Internet protocol data, the network address feature distribution condition
Are as follows: described in the quantity of the corresponding default the Internet protocol data of specified services type and the distribution of default conversational traffic species characteristic
The similarity of the quantity of the corresponding default the Internet protocol data of specified services type is greater than the first default similarity threshold;
For the corresponding type of business feature distribution of the default the Internet protocol data, the network address feature distribution condition
Are as follows: type of business sum is greater than the second pre-set business type threshold value;
For the flow distribution of the destination network addresses, the network address feature distribution condition are as follows: flow distribution and default
The similarity of regular flow distribution is greater than the second default similarity threshold;
For the flow distribution of the destination network addresses, the network address feature distribution condition are as follows: default Internet protocol
The total flow of data is greater than the second preset flow value.
9. a kind of network address identification device of mobile flow gateway characterized by comprising
Address feature distribution acquiring unit, for obtaining address feature distribution of the destination network addresses at the appointed time in section;
Legal gateway network Address Recognition unit meets legal gateway for the address feature distribution when the destination network addresses
Network address feature distribution condition when, the destination network addresses are determined as legal gateway network address, wherein the net
Network address feature distribution condition is obtained according to the network address feature distribution of multiple legal gateways.
10. a kind of computer storage medium, which is characterized in that be stored with the executable finger of computer in the computer storage medium
It enables, the computer executable instructions require 1 to 8 described in any item methods for perform claim.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201910691428.8A CN110460593B (en) | 2019-07-29 | 2019-07-29 | Network address identification method, device and medium for mobile traffic gateway |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201910691428.8A CN110460593B (en) | 2019-07-29 | 2019-07-29 | Network address identification method, device and medium for mobile traffic gateway |
Publications (2)
Publication Number | Publication Date |
---|---|
CN110460593A true CN110460593A (en) | 2019-11-15 |
CN110460593B CN110460593B (en) | 2021-12-14 |
Family
ID=68483884
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201910691428.8A Active CN110460593B (en) | 2019-07-29 | 2019-07-29 | Network address identification method, device and medium for mobile traffic gateway |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN110460593B (en) |
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN112887333A (en) * | 2021-03-02 | 2021-06-01 | 深信服科技股份有限公司 | Abnormal equipment detection method and device, electronic equipment and readable storage medium |
CN113114669A (en) * | 2021-04-09 | 2021-07-13 | 厦门市美亚柏科信息股份有限公司 | GOIP gateway identification method, device, equipment and storage medium based on gateway data |
Citations (14)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101262491A (en) * | 2008-04-02 | 2008-09-10 | 王京 | Application layer network analysis method and system |
CN101795215A (en) * | 2010-01-28 | 2010-08-04 | 哈尔滨工程大学 | Network traffic anomaly detection method and detection device |
CN102833668A (en) * | 2012-08-20 | 2012-12-19 | 中国联合网络通信集团有限公司 | Data traffic reminding method and data traffic reminding device |
CN102891829A (en) * | 2011-07-18 | 2013-01-23 | 航天信息股份有限公司 | Method and system for detecting and defending distributed denial of service attack |
CN103428189A (en) * | 2012-05-25 | 2013-12-04 | 阿里巴巴集团控股有限公司 | Method, apparatus and system for identifying malicious network equipment |
CN104391979A (en) * | 2014-12-05 | 2015-03-04 | 北京国双科技有限公司 | Malicious web crawler recognition method and device |
CN106682504A (en) * | 2015-11-06 | 2017-05-17 | 珠海市君天电子科技有限公司 | Method and device for preventing file from being maliciously edited and electronic equipment |
CN106886906A (en) * | 2016-08-15 | 2017-06-23 | 阿里巴巴集团控股有限公司 | A kind of device identification method and device |
CN107426132A (en) * | 2016-05-23 | 2017-12-01 | 腾讯科技(深圳)有限公司 | The detection method and device of network attack |
CN107483458A (en) * | 2017-08-29 | 2017-12-15 | 杭州迪普科技股份有限公司 | The recognition methods of network attack and device, computer-readable recording medium |
CN107911396A (en) * | 2017-12-30 | 2018-04-13 | 世纪龙信息网络有限责任公司 | Log in method for detecting abnormality and system |
US20180324193A1 (en) * | 2017-05-05 | 2018-11-08 | Microsoft Technology Licensing, Llc | Non-protocol specific system and method for classifying suspect ip addresses as sources of non-targeted attacks on cloud based machines |
CN109194536A (en) * | 2018-07-27 | 2019-01-11 | 北京奇虎科技有限公司 | A kind of network flow filter method, device and terminal |
CN109962903A (en) * | 2017-12-26 | 2019-07-02 | 中移(杭州)信息技术有限公司 | A kind of home gateway method for safety monitoring, device, system and medium |
-
2019
- 2019-07-29 CN CN201910691428.8A patent/CN110460593B/en active Active
Patent Citations (14)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101262491A (en) * | 2008-04-02 | 2008-09-10 | 王京 | Application layer network analysis method and system |
CN101795215A (en) * | 2010-01-28 | 2010-08-04 | 哈尔滨工程大学 | Network traffic anomaly detection method and detection device |
CN102891829A (en) * | 2011-07-18 | 2013-01-23 | 航天信息股份有限公司 | Method and system for detecting and defending distributed denial of service attack |
CN103428189A (en) * | 2012-05-25 | 2013-12-04 | 阿里巴巴集团控股有限公司 | Method, apparatus and system for identifying malicious network equipment |
CN102833668A (en) * | 2012-08-20 | 2012-12-19 | 中国联合网络通信集团有限公司 | Data traffic reminding method and data traffic reminding device |
CN104391979A (en) * | 2014-12-05 | 2015-03-04 | 北京国双科技有限公司 | Malicious web crawler recognition method and device |
CN106682504A (en) * | 2015-11-06 | 2017-05-17 | 珠海市君天电子科技有限公司 | Method and device for preventing file from being maliciously edited and electronic equipment |
CN107426132A (en) * | 2016-05-23 | 2017-12-01 | 腾讯科技(深圳)有限公司 | The detection method and device of network attack |
CN106886906A (en) * | 2016-08-15 | 2017-06-23 | 阿里巴巴集团控股有限公司 | A kind of device identification method and device |
US20180324193A1 (en) * | 2017-05-05 | 2018-11-08 | Microsoft Technology Licensing, Llc | Non-protocol specific system and method for classifying suspect ip addresses as sources of non-targeted attacks on cloud based machines |
CN107483458A (en) * | 2017-08-29 | 2017-12-15 | 杭州迪普科技股份有限公司 | The recognition methods of network attack and device, computer-readable recording medium |
CN109962903A (en) * | 2017-12-26 | 2019-07-02 | 中移(杭州)信息技术有限公司 | A kind of home gateway method for safety monitoring, device, system and medium |
CN107911396A (en) * | 2017-12-30 | 2018-04-13 | 世纪龙信息网络有限责任公司 | Log in method for detecting abnormality and system |
CN109194536A (en) * | 2018-07-27 | 2019-01-11 | 北京奇虎科技有限公司 | A kind of network flow filter method, device and terminal |
Cited By (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN112887333A (en) * | 2021-03-02 | 2021-06-01 | 深信服科技股份有限公司 | Abnormal equipment detection method and device, electronic equipment and readable storage medium |
CN113114669A (en) * | 2021-04-09 | 2021-07-13 | 厦门市美亚柏科信息股份有限公司 | GOIP gateway identification method, device, equipment and storage medium based on gateway data |
CN113114669B (en) * | 2021-04-09 | 2023-05-23 | 厦门市美亚柏科信息股份有限公司 | GOIP gateway identification method, device, equipment and storage medium based on gateway data |
Also Published As
Publication number | Publication date |
---|---|
CN110460593B (en) | 2021-12-14 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US20230179618A1 (en) | Malicious traffic detection with anomaly detection modeling | |
US9275224B2 (en) | Apparatus and method for improving detection performance of intrusion detection system | |
KR101848576B1 (en) | Methods and systems of using application-specific and application-type-specific models for the efficient classification of mobile device behaviors | |
Vlăduţu et al. | Internet traffic classification based on flows' statistical properties with machine learning | |
CN111953641A (en) | Classification of unknown network traffic | |
US11924168B2 (en) | Firewall rules intelligence | |
US20130304676A1 (en) | On-device real-time behavior analyzer | |
CN111327451B (en) | System for identifying and assisting in the creation and implementation of network service configurations using Hidden Markov Models (HMMs) | |
US20220171800A1 (en) | Clustering using natural language processing | |
CN110460593A (en) | A kind of network address recognition methods, device and the medium of mobile flow gateway | |
CN106850338A (en) | A kind of R+1 classes application protocol recognition method and device based on semantic analysis | |
CN111371778A (en) | Attack group identification method, device, computing equipment and medium | |
CN112884121A (en) | Traffic identification method based on generation of confrontation deep convolutional network | |
CN113626624B (en) | Resource identification method and related device | |
US11588677B2 (en) | System and a method for recognizing and addressing network alarms in a computer network | |
CN116134785A (en) | Low latency identification of network device attributes | |
US20220030309A1 (en) | Enhanced digital content review | |
Sija et al. | Survey on network protocol reverse engineering approaches, methods and tools | |
Clausen et al. | Examining traffic microstructures to improve model development | |
Yichiet et al. | A semantic-aware log generation method for network activities | |
CN113783920A (en) | Method and apparatus for identifying web access portal | |
KR20200084460A (en) | Method and apparatus for generating learning data for machine learning, and social media analysis apparatus using generated learning data | |
SYED ARIFFIN et al. | Detection and Classification of Conflict Flows in SDN Using Machine Learning Algorithms | |
US11184282B1 (en) | Packet forwarding in a network device | |
US11281995B2 (en) | Finding optimal surface for hierarchical classification task on an ontology |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |