CN110519413A - Ranking statistics method, apparatus, system and medium based on DNS over QUIC - Google Patents

Ranking statistics method, apparatus, system and medium based on DNS over QUIC Download PDF

Info

Publication number
CN110519413A
CN110519413A CN201910851801.1A CN201910851801A CN110519413A CN 110519413 A CN110519413 A CN 110519413A CN 201910851801 A CN201910851801 A CN 201910851801A CN 110519413 A CN110519413 A CN 110519413A
Authority
CN
China
Prior art keywords
message
quic
address
type
destination
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201910851801.1A
Other languages
Chinese (zh)
Inventor
黄友俊
李星
吴建平
王冠
郭强
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
CERNET Corp
Original Assignee
CERNET Corp
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by CERNET Corp filed Critical CERNET Corp
Priority to CN201910851801.1A priority Critical patent/CN110519413A/en
Publication of CN110519413A publication Critical patent/CN110519413A/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L61/00Network arrangements, protocols or services for addressing or naming
    • H04L61/09Mapping addresses
    • H04L61/10Mapping addresses of different types
    • H04L61/103Mapping addresses of different types across network layers, e.g. resolution of network layer into physical layer addresses or address resolution protocol [ARP]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L61/00Network arrangements, protocols or services for addressing or naming
    • H04L61/45Network directories; Name-to-address mapping
    • H04L61/4505Network directories; Name-to-address mapping using standardised directories; using standardised directory access protocols
    • H04L61/4511Network directories; Name-to-address mapping using standardised directories; using standardised directory access protocols using domain name system [DNS]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L69/00Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
    • H04L69/22Parsing or analysis of headers

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

Present disclose provides a kind of ranking statistics methods based on DNS over QUIC.Method includes: the first message acquired in core network;The first message is parsed, to obtain the type of message of every one first message;Obtain the purpose IP address that the first message that type of message is QUIC accesses;Classification and ordination is carried out to purpose IP address according to purpose IP address corresponding access times.The disclosure additionally provides a kind of ranking statistics device, system and medium based on DNS over QUIC.

Description

Ranking statistics method, apparatus, system and medium based on DNS over QUIC
Technical field
This disclosure relates to field of computer technology, and in particular, to a kind of ranking statistics side based on DNS over QUIC Method, device, system and medium.
Background technique
DNS-over-QUIC is a kind of security protocol, can force all and domain name system (Domain Name System, DNS) server it is relevant link use QUIC agreement.QUIC (Quick UDP Internet Connection) is The Internet transport protocol of low delay of the one kind based on User Datagram Protocol (User Datagram Protocol, UDP).Area Security extension standard not traditional in DNS, DNS-over-QUIC establish delay is low, supports connection migration, and has better Interaction encryption.Therefore, statistics ranking is carried out for the purpose IP address of DNS-over-QUIC cryptographic protocol, to QUIC message It is significant to flow through different dns server monitoring.
Summary of the invention
In view of this, present disclose provides it is a kind of can according to the purpose IP address in the message of the QUIC type of acquisition, Analyze the ranking statistics side based on DNS over QUIC that all QUIC messages flow through the ranking of different dns servers Method, device, system and medium.
An aspect of this disclosure provides a kind of ranking statistics method based on DNS over QUIC.The method packet It includes: the first message in acquisition core network;First message is parsed, to obtain the type of message of every one first message;It obtains The purpose IP address for taking the first message that type of message is QUIC to access;According to the corresponding access times of purpose IP address to described Purpose IP address carries out classification and ordination.
In accordance with an embodiment of the present disclosure, the first message in the acquisition core network, comprising: in the core network Mirror port is set in one or more router;Mirror image data stream is acquired, from the mirror port to generate described the One message.
In accordance with an embodiment of the present disclosure, parsing first message, to obtain the type of message of every one first message, It include: parsing first message, to obtain the protocol fields and frame head of first message;According to the protocol fields with And frame head, judge the type of message of first message.
In accordance with an embodiment of the present disclosure, described according to the protocol fields and frame head, judge the report of first message Literary type, comprising: according to the protocol number of the protocol fields, judge whether first message is UDP message;When described first When message is UDP message, judge whether the type of message of the UDP message is QUIC according to the frame head.
In accordance with an embodiment of the present disclosure, when first message is UDP message, the frame head is the public packet header QUIC, Whether the type of message that the UDP message is judged according to the frame head is QUIC, comprising: when the public packet header the QUIC When data are preset data, the type of message of the UDP message is QUIC, and otherwise, the type of message of the UDP message is not QUIC。
It is in accordance with an embodiment of the present disclosure, described that classification and ordination is carried out to the destination IP address according to access times, comprising: Establish the destination IP address and its corresponding key-value pair of corresponding access times;To the destination IP according to the key-value pair Location is ranked up.
In accordance with an embodiment of the present disclosure, described that the destination IP address is ranked up according to the key-value pair, comprising: benefit The access times in the key-value pair are ranked up with quicksort, to obtain the corresponding purpose IP address of the access times Sequence.
Another aspect of the present disclosure provides a kind of ranking statistics device based on DNS over QUIC.Described device packet It includes acquisition module, parsing module, obtain module and classification and ordination module.The acquisition module is for acquiring in core network First message.The parsing module is for parsing first message, to obtain the type of message of every one first message.It is described to obtain Modulus block is used to obtain the purpose IP address that the first message that type of message is QUIC accesses.The classification and ordination module is for pressing Classification and ordination is carried out to the destination IP address according to the corresponding access times in the destination IP address.
Another aspect of the present disclosure provides a kind of ranking statistics system based on DNS over QUIC, comprising: storage Device;Processor, the processor runs program, to execute method as described above.
Another aspect of the present disclosure provides a kind of computer readable storage medium, is stored thereon with executable instruction, should Instruction makes processor execute method as described above when being executed by processor.
In accordance with an embodiment of the present disclosure, system can be analyzed according to the purpose IP address in the message of the QUIC type of acquisition Count out the ranking that all QUIC messages flow through different dns servers.
Detailed description of the invention
By referring to the drawings to the description of the embodiment of the present disclosure, the above-mentioned and other purposes of the disclosure, feature and Advantage will be apparent from, in the accompanying drawings:
Fig. 1 diagrammatically illustrates the stream of the ranking statistics method based on DNS over QUIC according to the embodiment of the present disclosure Cheng Tu;
Fig. 2 is diagrammatically illustrated to be adopted in the ranking statistics method based on DNS over QUIC according to the embodiment of the present disclosure Collect the flow chart of message;
Fig. 3 is diagrammatically illustrated to be solved in the ranking statistics method based on DNS over QUIC according to the embodiment of the present disclosure Analyse the flow chart of message;
Fig. 4, which is diagrammatically illustrated in the ranking statistics method based on DNS over QUIC according to the embodiment of the present disclosure, to be divided The flow chart of class sequence;
Fig. 5 diagrammatically illustrates the knot of the ranking statistics device based on DNS over QUIC according to the embodiment of the present disclosure Structure block diagram;And
Fig. 6 diagrammatically illustrates the ranking system being adapted for carrying out based on DNS over QUIC according to one embodiment of the disclosure The block diagram of the electronic equipment of meter method.
Specific embodiment
Hereinafter, will be described with reference to the accompanying drawings embodiment of the disclosure.However, it should be understood that these descriptions are only exemplary , and it is not intended to limit the scope of the present disclosure.In the following detailed description, to elaborate many specific thin convenient for explaining Section is to provide the comprehensive understanding to the embodiment of the present disclosure.It may be evident, however, that one or more embodiments are not having these specific thin It can also be carried out in the case where section.In addition, in the following description, descriptions of well-known structures and technologies are omitted, to avoid Unnecessarily obscure the concept of the disclosure.
Term as used herein is not intended to limit the disclosure just for the sake of description specific embodiment.It uses herein The terms "include", "comprise" etc. show the presence of the feature, step, operation and/or component, but it is not excluded that in the presence of Or add other one or more features, step, operation or component.
There are all terms (including technical and scientific term) as used herein those skilled in the art to be generally understood Meaning, unless otherwise defined.It should be noted that term used herein should be interpreted that with consistent with the context of this specification Meaning, without that should be explained with idealization or excessively mechanical mode.
It, in general should be according to this using statement as " at least one in A, B and C etc. " is similar to Field technical staff is generally understood the meaning of the statement to make an explanation (for example, " system at least one in A, B and C " Should include but is not limited to individually with A, individually with B, individually with C, with A and B, with A and C, have B and C, and/or System etc. with A, B, C).Using statement as " at least one in A, B or C etc. " is similar to, generally come Saying be generally understood the meaning of the statement according to those skilled in the art to make an explanation (for example, " having in A, B or C at least One system " should include but is not limited to individually with A, individually with B, individually with C, with A and B, have A and C, have B and C, and/or the system with A, B, C etc.).
Embodiment of the disclosure provides a kind of ranking statistics method, apparatus, system and Jie based on DNS over QUIC Matter.The ranking statistics method based on DNS over QUIC includes the first message acquired in core network;The first report of parsing Text, to obtain the type of message of every one first message;Obtain the purpose IP address that the first message that type of message is QUIC accesses; Classification and ordination is carried out to purpose IP address according to access times.In this way, it is possible to which analyzing all QUIC messages flows through difference The ranking of dns server.
Fig. 1 diagrammatically illustrates the stream of the ranking statistics method based on DNS over QUIC according to the embodiment of the present disclosure Cheng Tu.
Refering to fig. 1, in combination with Fig. 2-Fig. 4, method shown in Fig. 1 is described in detail, this method includes operation S110- Operate S140.
In operation S110, the first message in core network is acquired.Core network is, for example, in education network core network Backbone nodes, such as Peking University's network node, Tsinghua University's network node, Xi'an Communications University's network node etc..This public affairs It opens in embodiment, the first message is, for example, all messages for flowing through education network core network node.
In operation S120, the first message is parsed, to obtain the type of message of every one first message.In the embodiment of the present disclosure, The format of first message is for example as shown in table 1.
Table 1
In accordance with an embodiment of the present disclosure, all first messages of acquisition are traversed, every one first message is parsed, it then can root The type of message of every one first message is judged according to the content in " upper-layer protocol " field.Type of message is for example including network-control report (Internet Control Message Protocol, ICMP) message, Group Management Protocol (Internet is discussed by cultural association Group Management Protocol, IGMP) message, transmission control protocol (Transmission Control Protocol, TCP) message, UDP message etc..Such as the first data in message " upper-layer protocol " field are 88, indicate this first Message is UDP message.Further, in the embodiment of the present disclosure, for UDP message, type of message is also divided into QUIC type and non- QUIC type, for example, can be judged by the public packet header QUIC UDP message whether be QUIC type message.
In operation S130, the purpose IP address that the first message that type of message is QUIC accesses is obtained.Specifically, that is, it obtains " upper-layer protocol " field is 88, first message of the public packet header QUIC within the scope of the QUIC packet header of standard, this first The type of message of message is QUIC.Further, in the transport layer message for parsing the first message that type of message is QUIC The address purpose Internet protocol (Internet Protocol, IP).
In operation S140, classification and ordination is carried out to purpose IP address according to purpose IP address corresponding access times.According to Embodiment of the disclosure, it is available to arrive a large amount of purpose IP address, between these purpose IP address there are identical destination IP That is, there is the case where repeatedly accessing a certain purpose IP address, therefore, be ranked up according to access times to purpose IP address in location, The QUIC message that can visually see flows through the ranking of different dns servers.
Fig. 2 is diagrammatically illustrated to be adopted in the ranking statistics method based on DNS over QUIC according to the embodiment of the present disclosure Collect the flow chart of message.
As shown in Fig. 2, in accordance with an embodiment of the present disclosure, the first message in operation S110 acquisition core network may include It operates S111- and operates S112.
In operation S111, mirror port is set from one or more of core network router.For example, being led in education Mirror port is set in the router of dry net.Mirror port has the function of Port Mirroring.Port Mirroring refers to by exchanging On machine or router, the data traffic of one or more source ports is forwarded to a certain designated port (that is, mirror port) and is come in fact Now to the monitoring of network.
In operation S112, mirror image data stream is acquired, from mirror port to generate the first message.First message is mirror image All messages that port snoop arrives.
Fig. 3 is diagrammatically illustrated to be solved in the ranking statistics method based on DNS over QUIC according to the embodiment of the present disclosure Analyse the flow chart of message.
As shown in figure 3, in accordance with an embodiment of the present disclosure, operation S120 parses the first message, to obtain every one first message Type of message may include operation S121- operation S122.
In operation S121, the first message is parsed, to obtain the protocol fields and frame head of the first message.The embodiment of the present disclosure In, protocol fields are protocol fields shown in table 1, and frame head is, for example, version number shown in table 1, header length, service The contents such as type.
The type of message of the first message is judged according to protocol fields and frame head in operation S122.
In accordance with an embodiment of the present disclosure, firstly, according to the protocol number of protocol fields, judge whether the first message is UDP report Text.When the protocol number of the protocol fields of any first message is 88, which is UDP message, otherwise, the UDP message It is not UDP message, and gives up non-UDP message.
In accordance with an embodiment of the present disclosure, secondly, judging the report of UDP message according to frame head when the first message is UDP message Whether literary type is QUIC.Specifically, when the first message is UDP message, above-mentioned frame head is the public packet header QUIC, according to frame head Whether the type of message for judging UDP message is that QUIC is specifically included: when the data in the public packet header QUIC is preset datas, UDP The type of message of message is QUIC, and otherwise, the type of message of UDP message is not QUIC.
The public packet header QUIC is the frame head part of QUIC data packet, and size is in 1-51 bytes range.Its specific group At for example, common indicium (Public Flags), connection ID (Connection ID), QUIC version (version), packet Number (Packet Number) etc., other than common indicium is essential option, other fields are option.Only when QUIC public affairs When each field in packet header is in the data area in the public packet header standard QUIC altogether, the type of message of above-mentioned UDP message is only QUIC。
Fig. 4, which is diagrammatically illustrated in the ranking statistics method based on DNS over QUIC according to the embodiment of the present disclosure, to be divided The flow chart of class sequence.
As shown in figure 4, in accordance with an embodiment of the present disclosure, operating S140 according to the corresponding access times of purpose IP address to institute Stating purpose IP address and carrying out classification and ordination may include operation S141- operation S142.
In operation S141, purpose IP address and its corresponding key-value pair of corresponding access times are established.Specifically, to Mr. Yu One type of message is the first message of QUIC, obtains its purpose IP address, and the purpose IP address is stored in map, is established The corresponding key-value pair < purpose IP address of the purpose IP address, access times >, which is, for example, < 219.224.97.11 1 >.It is corresponding to the purpose IP address when the purpose IP address newly obtained is identical as the purpose IP address Key-value pair carry out increase operation, such as plus one operation, above-mentioned key-value pair is updated to < 219.224.97.11,2 > at this time.When new When the purpose IP address of acquisition and the purpose IP address be not identical, above-mentioned preservation is executed to the purpose IP address of the new acquisition and is built The operation of vertical key-value pair, such as establish key-value pair < 219.234.99.23,1 >.
In operation S142, purpose IP address is ranked up according to key-value pair.In accordance with an embodiment of the present disclosure, it can use The method of quicksort asks that number is ranked up to anti-in key-value pair, i.e., according to the access times in each key-value pair to key assignments To being ranked up, to obtain the sequence of the corresponding purpose IP address of access times, the result after sequence is for example as shown in table 2.
Table 2
Purpose IP address Access times
219.224.97.11 600
219.234.99.23 400
219.345.93.12 350
219.456.91.01 300
The ranking statistics method based on DNS over QUIC that the embodiment of the present disclosure provides, can be according to the QUIC of acquisition Purpose IP address in the message of type analyzes the ranking that all QUIC messages flow through different dns servers.
Fig. 5 is diagrammatically illustrated according to the ranking statistics device 500 based on DNS over QUIC of the embodiment of the present disclosure Structural block diagram.
As shown in figure 5, should include acquisition module 510, parsing mould based on the ranking statistics device 500 of DNS over QUIC Block 520 obtains module 530 and classification and ordination module 540.Device 500 can be used for executing the base with reference to described in Fig. 1-Fig. 4 In the ranking statistics method of DNS over QUIC.
Acquisition module 510 can for example execute operation S110, for acquiring the first message in core network.According to this public affairs Operation S111- operation S112 for example can also be performed in the embodiment opened, acquisition module 510, for from one of core network and Mirror port is set in above router, acquires mirror image data stream, from mirror port to generate the first message.First report Text is all messages that mirror port listens to.
Parsing module 520 can for example execute operation S120, for parsing the first message, to obtain every one first message Type of message.In accordance with an embodiment of the present disclosure, operation S121- operation S122 for example can also be performed in parsing module 520, for solving The first message is analysed, the first message is judged according to protocol fields and frame head to obtain the protocol fields and frame head of the first message Type of message.
Operation S130 can for example be executed by obtaining module 530, be accessed for obtaining the first message that type of message is QUIC Purpose IP address.
Classification and ordination module 540 can for example execute operation S140, for according to the corresponding access times of purpose IP address Classification and ordination is carried out to purpose IP address.In accordance with an embodiment of the present disclosure, operation for example can also be performed in classification and ordination module 540 S141- operates S142, for establishing purpose IP address and its corresponding key-value pair of corresponding access times, according to key-value pair to mesh IP address be ranked up.
It is module according to an embodiment of the present disclosure, submodule, unit, any number of or in which any more in subelement A at least partly function can be realized in a module.It is single according to the module of the embodiment of the present disclosure, submodule, unit, son Any one or more in member can be split into multiple modules to realize.According to the module of the embodiment of the present disclosure, submodule, Any one or more in unit, subelement can at least be implemented partly as hardware circuit, such as field programmable gate Array (FPGA), programmable logic array (PLA), system on chip, the system on substrate, the system in encapsulation, dedicated integrated electricity Road (ASIC), or can be by the hardware or firmware for any other rational method for integrate or encapsulate to circuit come real Show, or with any one in three kinds of software, hardware and firmware implementations or with wherein any several appropriately combined next reality It is existing.Alternatively, can be at least by part according to one or more of the module of the embodiment of the present disclosure, submodule, unit, subelement Ground is embodied as computer program module, when the computer program module is run, can execute corresponding function.
For example, any more in acquisition module 510, parsing module 520, acquisition module 530 and classification and ordination module 540 A may be incorporated in a module is realized or any one module therein can be split into multiple modules.Alternatively, this At least partly function of one or more modules in a little modules can be combined at least partly function of other modules, and It is realized in one module.In accordance with an embodiment of the present disclosure, acquisition module 510, parsing module 520, acquisition module 530 and classification At least one of sorting module 540 can at least be implemented partly as hardware circuit, such as field programmable gate array (FPGA), programmable logic array (PLA), system on chip, the system on substrate, the system in encapsulation, specific integrated circuit (ASIC), it or can be realized by carrying out the hardware such as any other rational method that is integrated or encapsulating or firmware to circuit, Or it several appropriately combined is realized with any one in three kinds of software, hardware and firmware implementations or with wherein any. Alternatively, acquisition module 510, parsing module 520, obtain at least one of module 530 and classification and ordination module 540 can be down to It is implemented partly as computer program module less, when the computer program module is run, corresponding function can be executed.
Fig. 6, which is diagrammatically illustrated, is adapted for carrying out the ranking statistics based on DNS over QUIC according to the embodiment of the present disclosure The block diagram of the electronic equipment of method.Fig. 6 is only an example, should not function and use scope band to the embodiment of the present disclosure Carry out any restrictions.
As shown in fig. 6, include processor 601 according to the electronic equipment 600 of the embodiment of the present disclosure, it can be according to being stored in Program in read-only memory (ROM) 602 is loaded into the journey in random access storage device (RAM) 603 from storage section 608 Sequence and execute various movements appropriate and processing.Processor 601 for example may include general purpose microprocessor (such as CPU), instruction Set processor and/or related chip group and/or special microprocessor (for example, specific integrated circuit (ASIC)), etc..Processor 601 can also include the onboard storage device for caching purposes.Processor 601 may include being implemented for executing according to the disclosure Single treatment unit either multiple processing units of the different movements of the method flow of example.
In RAM 603, it is stored with electronic equipment 600 and operates required various programs and data.Processor 601, ROM 602 and RAM 603 is connected with each other by bus 604.Processor 601 is by executing the journey in ROM 602 and/or RAM 603 Sequence executes the various operations of the method flow according to the embodiment of the present disclosure.It is being removed it is noted that described program also can store In one or more memories other than ROM 602 and RAM 603.Processor 601 can also be stored in described one by executing Program in a or multiple memories executes the various operations of the method according to the embodiment of the present disclosure.
In accordance with an embodiment of the present disclosure, electronic equipment 600 can also include input/output (I/O) interface 605, input/defeated (I/O) interface 605 is also connected to bus 604 out.System 600 can also include being connected in lower component of I/O interface 605 It is one or more: the importation 606 including keyboard, mouse etc.;Including such as cathode-ray tube (CRT), liquid crystal display And the output par, c 608 of loudspeaker etc. (LCD) etc.;Storage section 608 including hard disk etc.;And including such as LAN card, tune The communications portion 609 of the network interface card of modulator-demodulator etc..Communications portion 609 executes mailing address via the network of such as internet Reason.Driver 610 is also connected to I/O interface 605 as needed.Detachable media 611, such as disk, CD, magneto-optic disk, half Conductor memory etc. is mounted on as needed on driver 610, in order to as needed from the computer program read thereon It is mounted into storage section 608.
In accordance with an embodiment of the present disclosure, computer software journey may be implemented as according to the method flow of the embodiment of the present disclosure Sequence.For example, embodiment of the disclosure includes a kind of computer program product comprising be carried on computer readable storage medium Computer program, which includes the program code for method shown in execution flow chart.In such implementation In example, which can be downloaded and installed from network by communications portion 609, and/or from detachable media 611 It is mounted.When the computer program is executed by processor 601, the above-mentioned function limited in the system of the embodiment of the present disclosure is executed Energy.In accordance with an embodiment of the present disclosure, system as described above, unit, module, unit etc. can pass through computer program Module is realized.
The disclosure additionally provides a kind of computer readable storage medium, which can be above-mentioned reality It applies included in equipment/device/system described in example;Be also possible to individualism, and without be incorporated the equipment/device/ In system.Above-mentioned computer readable storage medium carries one or more program, when said one or multiple program quilts When execution, the ranking statistics method based on DNS over QUIC according to the embodiment of the present disclosure is realized.
In accordance with an embodiment of the present disclosure, computer readable storage medium can be non-volatile computer-readable storage medium Matter, such as can include but is not limited to: portable computer diskette, hard disk, random access storage device (RAM), read-only memory (ROM), erasable programmable read only memory (EPROM or flash memory), portable compact disc read-only memory (CD-ROM), light Memory device, magnetic memory device or above-mentioned any appropriate combination.In the disclosure, computer readable storage medium can With to be any include or the tangible medium of storage program, the program can be commanded execution system, device or device use or Person is in connection.For example, in accordance with an embodiment of the present disclosure, computer readable storage medium may include above-described One or more memories other than ROM 602 and/or RAM 603 and/or ROM 602 and RAM 603.
Flow chart and block diagram in attached drawing are illustrated according to the system of the various embodiments of the disclosure, method and computer journey The architecture, function and operation in the cards of sequence product.In this regard, each box in flowchart or block diagram can generation A part of one module, program segment or code of table, a part of above-mentioned module, program segment or code include one or more Executable instruction for implementing the specified logical function.It should also be noted that in some implementations as replacements, institute in box The function of mark can also occur in a different order than that indicated in the drawings.For example, two boxes succeedingly indicated are practical On can be basically executed in parallel, they can also be executed in the opposite order sometimes, and this depends on the function involved.Also it wants It is noted that the combination of each box in block diagram or flow chart and the box in block diagram or flow chart, can use and execute rule The dedicated hardware based systems of fixed functions or operations is realized, or can use the group of specialized hardware and computer instruction It closes to realize.
Embodiment of the disclosure is described above.But the purpose that these embodiments are merely to illustrate that, and It is not intended to limit the scope of the present disclosure.Although respectively describing each embodiment above, but it is not intended that each reality Use cannot be advantageously combined by applying the measure in example.The scope of the present disclosure is defined by the appended claims and the equivalents thereof.It does not take off From the scope of the present disclosure, those skilled in the art can make a variety of alternatives and modifications, these alternatives and modifications should all fall in this Within scope of disclosure.

Claims (10)

1. a kind of ranking statistics method based on DNS over QUIC, comprising:
Acquire the first message in core network;
First message is parsed, to obtain the type of message of every one first message;
Obtain the purpose IP address that the first message that type of message is QUIC accesses;
Classification and ordination is carried out to the destination IP address according to the corresponding access times in the destination IP address.
2. the first message according to the method described in claim 1, wherein, in the acquisition core network, comprising:
Mirror port is set in one or more of core network router;
Mirror image data stream is acquired, from the mirror port to generate first message.
3. according to the method described in claim 1, wherein, parsing first message, to obtain every one first message Type of message, comprising:
First message is parsed, to obtain the protocol fields and frame head of first message;
According to the protocol fields and frame head, the type of message of first message is judged.
4. it is described according to the protocol fields and frame head according to the method described in claim 3, wherein, judge described first The type of message of message, comprising:
According to the protocol number of the protocol fields, judge whether first message is UDP message;
When first message be UDP message when, according to the frame head judge the UDP message type of message whether be QUIC。
5. according to the method described in claim 4, wherein, when first message is UDP message, the frame head is QUIC public Packet header altogether, whether the type of message that the UDP message is judged according to the frame head is QUIC, comprising:
When the data in the public packet header the QUIC are preset data, the type of message of the UDP message is QUIC, otherwise, institute The type of message for stating UDP message is not QUIC.
6. described to carry out classification row to the destination IP address according to access times according to the method described in claim 1, wherein Sequence, comprising:
Establish the destination IP address and its corresponding key-value pair of corresponding access times;
The destination IP address is ranked up according to the key-value pair.
7. described to be arranged according to the key-value pair the destination IP address according to the method described in claim 6, wherein Sequence, comprising:
The access times in the key-value pair are ranked up using quicksort, to obtain the corresponding purpose of the access times The sequence of IP address.
8. a kind of ranking statistics device based on DNS over QUIC, comprising:
Acquisition module, for acquiring the first message in core network;
Parsing module, for parsing first message, to obtain the type of message of every one first message;
Module is obtained, the purpose IP address accessed for obtaining the first message that type of message is QUIC;
Classification and ordination module, for classifying according to the corresponding access times in the destination IP address to the destination IP address Sequence.
9. a kind of ranking statistics system based on DNS over QUIC, comprising:
Memory;
Processor, the processor runs program, to execute method according to any one of claims 1 to 7.
10. a kind of computer readable storage medium, is stored thereon with executable instruction, which makes to handle when being executed by processor Device executes method according to any one of claims 1 to 7.
CN201910851801.1A 2019-09-10 2019-09-10 Ranking statistics method, apparatus, system and medium based on DNS over QUIC Pending CN110519413A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201910851801.1A CN110519413A (en) 2019-09-10 2019-09-10 Ranking statistics method, apparatus, system and medium based on DNS over QUIC

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201910851801.1A CN110519413A (en) 2019-09-10 2019-09-10 Ranking statistics method, apparatus, system and medium based on DNS over QUIC

Publications (1)

Publication Number Publication Date
CN110519413A true CN110519413A (en) 2019-11-29

Family

ID=68630643

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201910851801.1A Pending CN110519413A (en) 2019-09-10 2019-09-10 Ranking statistics method, apparatus, system and medium based on DNS over QUIC

Country Status (1)

Country Link
CN (1) CN110519413A (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2023274146A1 (en) * 2021-07-01 2023-01-05 华为技术有限公司 Remote access method, electronic device, and storage medium

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101741847A (en) * 2009-12-22 2010-06-16 北京锐安科技有限公司 Detecting method of DDOS (distributed denial of service) attacks
CN104301182A (en) * 2014-10-22 2015-01-21 赛尔网络有限公司 Method and device for inquiring slow website access abnormal information
WO2018086076A1 (en) * 2016-11-11 2018-05-17 华为技术有限公司 Data transmission method and apparatus
WO2019151909A1 (en) * 2018-01-30 2019-08-08 Telefonaktiebolaget Lm Ericsson (Publ) Controlling migration of a quic connection

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101741847A (en) * 2009-12-22 2010-06-16 北京锐安科技有限公司 Detecting method of DDOS (distributed denial of service) attacks
CN104301182A (en) * 2014-10-22 2015-01-21 赛尔网络有限公司 Method and device for inquiring slow website access abnormal information
WO2018086076A1 (en) * 2016-11-11 2018-05-17 华为技术有限公司 Data transmission method and apparatus
WO2019151909A1 (en) * 2018-01-30 2019-08-08 Telefonaktiebolaget Lm Ericsson (Publ) Controlling migration of a quic connection

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2023274146A1 (en) * 2021-07-01 2023-01-05 华为技术有限公司 Remote access method, electronic device, and storage medium

Similar Documents

Publication Publication Date Title
US20160098340A1 (en) Method and system for comparing different versions of a cloud based application in a production environment using segregated backend systems
CN107579874B (en) Method and device for detecting data collection missing report of flow collection equipment
CN110719215B (en) Flow information acquisition method and device of virtual network
JP2012157056A (en) Protocol emulator
US20150278523A1 (en) Method and system for testing cloud based applications and services in a production environment using segregated backend systems
CN109906586A (en) The system and method for configuration verification across secure network boundary
CN107534690A (en) Gather domain name system flow
CN109247065A (en) Enable the lasting stream identifier of different application
CN110868409A (en) Passive operating system identification method and system based on TCP/IP protocol stack fingerprint
CN109995582A (en) Asset equipment management system and method based on real-time status
US11650994B2 (en) Monitoring network traffic to determine similar content
Li et al. DrawerPipe: A reconfigurable pipeline for network processing on FPGA-based SmartNIC
CN114041276A (en) Security policy enforcement and visibility for network architectures that mask external source addresses
CN110633195A (en) Performance data display method and device, electronic equipment and storage medium
CN111565127B (en) Test method, system, device and medium for network address translation
CN110519413A (en) Ranking statistics method, apparatus, system and medium based on DNS over QUIC
US10419351B1 (en) System and method for extracting signatures from controlled execution of applications and application codes retrieved from an application source
CN110517090A (en) Monitoring device and method based on advertisement door
CN111917743B (en) Method, system, device and medium for switching access relation between nodes
Ciesla et al. URL extraction on the NetFPGA reference router
US9652264B2 (en) Methods, systems, and computer readable media for providing a unified framework to support diverse data generation engines
CN110535982A (en) Ranking statistics method, apparatus, system and medium based on DNS over TLS
CN113726917A (en) Domain name determination method and device and electronic equipment
Alonso et al. Towards 100 GbE FPGA-Based Flow Monitoring
Trzepiński et al. FPGA Implementation of Memory Management for Multigigabit Traffic Monitoring

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication

Application publication date: 20191129

RJ01 Rejection of invention patent application after publication