CN111181962A - Data integrity merging system - Google Patents
Data integrity merging system Download PDFInfo
- Publication number
- CN111181962A CN111181962A CN201911397203.8A CN201911397203A CN111181962A CN 111181962 A CN111181962 A CN 111181962A CN 201911397203 A CN201911397203 A CN 201911397203A CN 111181962 A CN111181962 A CN 111181962A
- Authority
- CN
- China
- Prior art keywords
- data
- integrity
- merging
- tcp
- session
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L69/00—Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
- H04L69/16—Implementation or adaptation of Internet protocol [IP], of transmission control protocol [TCP] or of user datagram protocol [UDP]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L43/00—Arrangements for monitoring or testing data switching networks
- H04L43/08—Monitoring or testing based on specific metrics, e.g. QoS, energy consumption or environmental parameters
- H04L43/0876—Network utilisation, e.g. volume of load or congestion level
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/12—Applying verification of the received information
- H04L63/123—Applying verification of the received information received data contents, e.g. message integrity
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/14—Session management
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Security & Cryptography (AREA)
- Environmental & Geological Engineering (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention discloses a data integrity merging system, which belongs to the technical field of internet and comprises a storage module, and is characterized in that: the system comprises a four-tuple flow table of UDP and TCP, a merging module and an integrity evaluation module, wherein the merging module is used for establishing the four-tuple flow table of UDP and TCP, merging data packets of the same session by the four-tuple and a protocol identifier, and simplifying the merging of all flows into the merging of a single session; performing MD5 calculation on the full packet, and performing de-duplication judgment according to an MD5 value; and the integrity evaluation module is used for evaluating the integrity of the whole flow by weighting and calculating the integrity of all effective TCP sessions in the whole event range. The invention can remove duplication and vacancy filling of incomplete data of different acquisition points, carry out centralized combination, evaluate the integrity of the flow before combination and the flow after combination and display the flow in percentage values, and can continuously carry out data combination.
Description
Technical Field
The invention relates to the technical field of internet, in particular to a data integrity merging system.
Background
Existing network traffic analysis products can typically only handle the complete traffic situation. Such as: there are 10 packets for a complete session and only 5 of them can be captured, and the statistics of the number of packets for the session becomes problematic. Two scenarios may result in failure to capture complete data traffic, which may affect the subsequent analysis process.
The first scenario is: the collection point set has serious packet loss, but a plurality of collections can be complemented to form more complete flow.
The second scenario is: due to routing design, the uplink and downlink traffic may go through different routing loops. And the situation that the session is incomplete can also occur when a packet capturing device is deployed at a specific network position. Data from both acquisition points needs to be merged.
Chinese patent publication No. CN 105740361a, 2016, 07/06/2016, discloses a method and apparatus for detecting integrity of full-scale data, wherein the method comprises: extracting a first IP list in the full data and the access track data of the first IP list; loading reference data, and extracting a second IP list in the reference data and access track data of the second IP list; matching and verifying the access track data of the first IP list and the access track data of the second IP list; and calculating the integrity of the full data according to the matching verification result.
Although the method and the device for detecting the integrity of the full data disclosed in the patent document can improve the accuracy and reliability of the integrity detection of the full data in the internet, the method and the device can not only evaluate the integrity of the full data, but also further locate the position where the data is lost. However, incomplete data at different acquisition points cannot be subjected to de-duplication and gap filling, centralized combination is performed, and continuous combination of the data cannot be performed.
Disclosure of Invention
The invention aims to overcome the defects of the prior art and provides a data integrity merging system, which can be used for removing duplication and filling up incomplete data of different acquisition points, carrying out centralized merging, evaluating the integrity of the flow before merging and the flow after merging and displaying the integrity as a percentage value, and carrying out data merging continuously.
The invention is realized by the following technical scheme:
a data integrity merging system comprises a storage module, and is characterized in that: the storage module stores the flow by taking the four-tuple of the IP port as KEY and by session returning, and separately stores the original flow and the merged flow; the merging module is used for establishing a four-tuple flow table of UDP and TCP, merging the data packets of the same session into the same session through the four-tuple and the protocol identifier, and simplifying the merging of all flows into the merging of a single session; performing MD5 calculation on the full packet, performing deduplication judgment by using an MD5 value, if the same data packet of MD5 exists in the session, regarding the data packet as a duplicate data packet, and performing discarding treatment; if the data packet is not repeated data, dividing the data packet into UDP and TCP; and the integrity evaluation module estimates the integrity of the whole flow by weighting and calculating the integrity of all effective TCP sessions in the whole event range.
And the UDP is directly added into the session stream to complete the combination.
And the TCP is firstly de-duplicated and then is judged whether to be complete, and the serial number and the confirmation number of the TCP are calculated and compared whether to be continuous or not.
Each end of the TCP session contains a 32-bit serial number for tracking the data volume sent by the end, each packet contains a serial number, and the receiving end is used for notifying the sending end of successful data reception through an acknowledgement number.
The sequence number and the confirmation number in the TCP data packet from the client to the server and from the server to the client are respectively counted, a load length field is added, and 5 fields in total participate in calculation.
The integrity of the overall flow is the ratio of the number of all complete TCP sessions to the number of all TCP sessions.
The UDP is a user datagram protocol; TCP is a transmission control protocol; KEY is a value; MD5 is an information summarization algorithm; bit is a bit.
The beneficial effects of the invention are mainly shown in the following aspects:
1. the invention relates to a storage module, which stores flow by taking an IP port quadruplet as a KEY and by session return, and separately stores original flow and merged flow; the merging module is used for establishing a four-tuple flow table of UDP and TCP, merging the data packets of the same session into the same session through the four-tuple and the protocol identifier, and simplifying the merging of all flows into the merging of a single session; performing MD5 calculation on the full packet, performing deduplication judgment by using an MD5 value, if the same data packet of MD5 exists in the session, regarding the data packet as a duplicate data packet, and performing discarding treatment; if the data packet is not repeated data, dividing the data packet into UDP and TCP; the integrity evaluation module estimates the integrity of the whole flow by weighting and calculating the integrity of all effective TCP sessions in the whole event range, and as a complete technical scheme, compared with the prior art, the integrity evaluation module can eliminate duplicate and complement incomplete data of different acquisition points, performs centralized merging, can evaluate the integrity of the flow before merging and the flow after merging and display the integrity of the flow before merging and the flow after merging in percentage, so that the integrity of the data can be supported by more clear data before merging and after merging, the data can be stored in an incomplete mode, and the data can be merged continuously after the supplementary flow data is obtained, thereby improving the integrity.
2. According to the invention, through the past repeated supplementation and scoring of the percentage value of the data integrity, a lot of low-quality data which cannot be accurately analyzed or cannot be analyzed in the prior art can be converted into high-quality data, so that more effective analysis can be obtained, and the analysis accuracy and reliability can be improved.
Drawings
The invention will be further described in detail with reference to the drawings and the detailed description, wherein:
FIG. 1 is a block flow diagram of the present invention.
Detailed Description
Example 1
Referring to fig. 1, a data integrity merging system includes a storage module, a merging module and an integrity evaluation module, where the storage module stores traffic by using an IP port quadruplet as a KEY and by using a session return port, and separately stores original traffic and merged traffic; the merging module is used for establishing a four-tuple flow table of UDP and TCP, merging the data packets of the same session into the same session through the four-tuple and the protocol identifier, and simplifying the merging of all flows into the merging of a single session; performing MD5 calculation on the full packet, performing deduplication judgment by using an MD5 value, if the same data packet of MD5 exists in the session, regarding the data packet as a duplicate data packet, and performing discarding treatment; if the data packet is not repeated data, dividing the data packet into UDP and TCP; and the integrity evaluation module estimates the integrity of the whole flow by weighting and calculating the integrity of all effective TCP sessions in the whole event range.
The storage module stores the flow by taking an IP port quadruplet as a KEY and by session merging, and separately stores the original flow and the combined flow; the merging module is used for establishing a four-tuple flow table of UDP and TCP, merging the data packets of the same session into the same session through the four-tuple and the protocol identifier, and simplifying the merging of all flows into the merging of a single session; performing MD5 calculation on the full packet, performing deduplication judgment by using an MD5 value, if the same data packet of MD5 exists in the session, regarding the data packet as a duplicate data packet, and performing discarding treatment; if the data packet is not repeated data, dividing the data packet into UDP and TCP; the integrity evaluation module estimates the integrity of the whole flow by weighting and calculating the integrity of all effective TCP sessions in the whole event range, and as a complete technical scheme, compared with the prior art, the integrity evaluation module can eliminate duplicate and complement incomplete data of different acquisition points, performs centralized merging, can evaluate the integrity of the flow before merging and the flow after merging and display the integrity of the flow before merging and the flow after merging in percentage, so that the integrity of the data can be supported by more clear data before merging and after merging, the data can be stored in an incomplete mode, and the data can be merged continuously after the supplementary flow data is obtained, thereby improving the integrity.
Example 2
Referring to fig. 1, a data integrity merging system includes a storage module, a merging module and an integrity evaluation module, where the storage module stores traffic by using an IP port quadruplet as a KEY and by using a session return port, and separately stores original traffic and merged traffic; the merging module is used for establishing a four-tuple flow table of UDP and TCP, merging the data packets of the same session into the same session through the four-tuple and the protocol identifier, and simplifying the merging of all flows into the merging of a single session; performing MD5 calculation on the full packet, performing deduplication judgment by using an MD5 value, if the same data packet of MD5 exists in the session, regarding the data packet as a duplicate data packet, and performing discarding treatment; if the data packet is not repeated data, dividing the data packet into UDP and TCP; and the integrity evaluation module estimates the integrity of the whole flow by weighting and calculating the integrity of all effective TCP sessions in the whole event range.
And the UDP is directly added into the session stream to complete the combination.
Example 3
Referring to fig. 1, a data integrity merging system includes a storage module, a merging module and an integrity evaluation module, where the storage module stores traffic by using an IP port quadruplet as a KEY and by using a session return port, and separately stores original traffic and merged traffic; the merging module is used for establishing a four-tuple flow table of UDP and TCP, merging the data packets of the same session into the same session through the four-tuple and the protocol identifier, and simplifying the merging of all flows into the merging of a single session; performing MD5 calculation on the full packet, performing deduplication judgment by using an MD5 value, if the same data packet of MD5 exists in the session, regarding the data packet as a duplicate data packet, and performing discarding treatment; if the data packet is not repeated data, dividing the data packet into UDP and TCP; and the integrity evaluation module estimates the integrity of the whole flow by weighting and calculating the integrity of all effective TCP sessions in the whole event range.
And the UDP is directly added into the session stream to complete the combination.
And the TCP is firstly de-duplicated and then is judged whether to be complete, and the serial number and the confirmation number of the TCP are calculated and compared whether to be continuous or not.
Example 4
Referring to fig. 1, a data integrity merging system includes a storage module, a merging module and an integrity evaluation module, where the storage module stores traffic by using an IP port quadruplet as a KEY and by using a session return port, and separately stores original traffic and merged traffic; the merging module is used for establishing a four-tuple flow table of UDP and TCP, merging the data packets of the same session into the same session through the four-tuple and the protocol identifier, and simplifying the merging of all flows into the merging of a single session; performing MD5 calculation on the full packet, performing deduplication judgment by using an MD5 value, if the same data packet of MD5 exists in the session, regarding the data packet as a duplicate data packet, and performing discarding treatment; if the data packet is not repeated data, dividing the data packet into UDP and TCP; and the integrity evaluation module estimates the integrity of the whole flow by weighting and calculating the integrity of all effective TCP sessions in the whole event range.
And the UDP is directly added into the session stream to complete the combination.
And the TCP is firstly de-duplicated and then is judged whether to be complete, and the serial number and the confirmation number of the TCP are calculated and compared whether to be continuous or not.
Each end of the TCP session contains a 32-bit serial number for tracking the data volume sent by the end, each packet contains a serial number, and the receiving end is used for notifying the sending end of successful data reception through an acknowledgement number.
Example 5
Referring to fig. 1, a data integrity merging system includes a storage module, a merging module and an integrity evaluation module, where the storage module stores traffic by using an IP port quadruplet as a KEY and by using a session return port, and separately stores original traffic and merged traffic; the merging module is used for establishing a four-tuple flow table of UDP and TCP, merging the data packets of the same session into the same session through the four-tuple and the protocol identifier, and simplifying the merging of all flows into the merging of a single session; performing MD5 calculation on the full packet, performing deduplication judgment by using an MD5 value, if the same data packet of MD5 exists in the session, regarding the data packet as a duplicate data packet, and performing discarding treatment; if the data packet is not repeated data, dividing the data packet into UDP and TCP; and the integrity evaluation module estimates the integrity of the whole flow by weighting and calculating the integrity of all effective TCP sessions in the whole event range.
And the UDP is directly added into the session stream to complete the combination.
And the TCP is firstly de-duplicated and then is judged whether to be complete, and the serial number and the confirmation number of the TCP are calculated and compared whether to be continuous or not.
Each end of the TCP session contains a 32-bit serial number for tracking the data volume sent by the end, each packet contains a serial number, and the receiving end is used for notifying the sending end of successful data reception through an acknowledgement number.
The sequence number and the confirmation number in the TCP data packet from the client to the server and from the server to the client are respectively counted, a load length field is added, and 5 fields in total participate in calculation.
Example 6
Referring to fig. 1, a data integrity merging system includes a storage module, a merging module and an integrity evaluation module, where the storage module stores traffic by using an IP port quadruplet as a KEY and by using a session return port, and separately stores original traffic and merged traffic; the merging module is used for establishing a four-tuple flow table of UDP and TCP, merging the data packets of the same session into the same session through the four-tuple and the protocol identifier, and simplifying the merging of all flows into the merging of a single session; performing MD5 calculation on the full packet, performing deduplication judgment by using an MD5 value, if the same data packet of MD5 exists in the session, regarding the data packet as a duplicate data packet, and performing discarding treatment; if the data packet is not repeated data, dividing the data packet into UDP and TCP; and the integrity evaluation module estimates the integrity of the whole flow by weighting and calculating the integrity of all effective TCP sessions in the whole event range.
And the UDP is directly added into the session stream to complete the combination.
And the TCP is firstly de-duplicated and then is judged whether to be complete, and the serial number and the confirmation number of the TCP are calculated and compared whether to be continuous or not.
Each end of the TCP session contains a 32-bit serial number for tracking the data volume sent by the end, each packet contains a serial number, and the receiving end is used for notifying the sending end of successful data reception through an acknowledgement number.
The sequence number and the confirmation number in the TCP data packet from the client to the server and from the server to the client are respectively counted, a load length field is added, and 5 fields in total participate in calculation.
The integrity of the overall flow is the ratio of the number of all complete TCP sessions to the number of all TCP sessions.
Through the past repeated supplementation and scoring of the percentage value of the data integrity, a lot of low-quality data which cannot be accurately analyzed or cannot be analyzed in the prior art can be converted into high-quality data, so that more effective analysis can be obtained, and the analysis accuracy and reliability can be improved.
The following details the entire data integrity merge:
the initial serial number is random and may be any value between 0 and 4,294,967,295, demonstrated with respect to the initial serial number.
The description starts with the fourth packet:
firstly, the two directions of C- > S and S- > C are divided;
the fourth packet is a request packet of C, and the fourth packet contains GET type selection information one, wherein the total number of the GET type selection information is 725 bytes;
the fifth packet is an acknowledgement packet for S, ACK indicates that 725 bytes sent by segment C are acknowledged, and Len is 0 indicating that no data is transmitted.
The sixth packet is S send, Len is 1448 bytes indicating that data is already answering the C request;
the seventh packet is an acknowledgement packet for C, ACK update 1449 indicates that transmission data of S is acknowledged, and Seq update 726 indicates that acknowledgement of S to reception of the fourth packet data is accepted.
The eighth and ninth packets have the same meaning as the sixth and seventh packets.
The actually captured C- > S directional conversation flow can be calculated by accumulating Len fields in the C- > S;
SumC2SLen=LenPacket4+LenPacket7+LenPacket9=725+0+0=725
accumulating Len fields in S- > C can calculate the actually captured S- > C directional conversation flow;
SumS2CLen=LenPacket5+LenPacket6+LenPacket8=0+1448+1448=2896
then the theoretical total traffic that should be available in both directions is calculated. Find session start and first packet is 4, last packet is 9;
the confirmed C- > S transmission quantity is ConfirmC 2S-SeqPacket 9-SeqPacket 4-726-1-725
The confirmed S- > C transmission quantity is ConfirmC2S ═ ACKPacket9 ═ ACKPacket4 ═ 2897-1 ═ 2896
If the actually captured packet SumC2SLen is more than or equal to ConfirmC2S, the conversation in the C- > S direction is complete;
if the actually captured packet SumS2CLEn is more than or equal to ConfirmC2S, the session in the S- > C direction is complete;
if both directions are complete, the whole session is judged to be complete.
Claims (6)
1. A data integrity merging system comprises a storage module, and is characterized in that: the storage module stores the flow by taking the four-tuple of the IP port as KEY and by session returning, and separately stores the original flow and the merged flow; the merging module is used for establishing a four-tuple flow table of UDP and TCP, merging the data packets of the same session into the same session through the four-tuple and the protocol identifier, and simplifying the merging of all flows into the merging of a single session; performing MD5 calculation on the full packet, performing deduplication judgment by using an MD5 value, if the same data packet of MD5 exists in the session, regarding the data packet as a duplicate data packet, and performing discarding treatment; if the data packet is not repeated data, dividing the data packet into UDP and TCP; and the integrity evaluation module estimates the integrity of the whole flow by weighting and calculating the integrity of all effective TCP sessions in the whole event range.
2. A data integrity combining system as claimed in claim 1, wherein: and the UDP is directly added into the session stream to complete the combination.
3. A data integrity combining system as claimed in claim 1, wherein: and the TCP is firstly de-duplicated and then is judged whether to be complete, and the serial number and the confirmation number of the TCP are calculated and compared whether to be continuous or not.
4. A data integrity combining system as claimed in claim 1, wherein: each end of the TCP session contains a 32-bit serial number for tracking the data volume sent by the end, each packet contains a serial number, and the receiving end is used for notifying the sending end of successful data reception through an acknowledgement number.
5. A data integrity combining system as claimed in claim 1, wherein: the sequence number and the confirmation number in the TCP data packet from the client to the server and from the server to the client are respectively counted, a load length field is added, and 5 fields in total participate in calculation.
6. A data integrity combining system as claimed in claim 1, wherein: the integrity of the overall flow is the ratio of the number of all complete TCP sessions to the number of all TCP sessions.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201911397203.8A CN111181962B (en) | 2019-12-30 | 2019-12-30 | Data integrity merging system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201911397203.8A CN111181962B (en) | 2019-12-30 | 2019-12-30 | Data integrity merging system |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN111181962A true CN111181962A (en) | 2020-05-19 |
| CN111181962B CN111181962B (en) | 2022-04-12 |
Family
ID=70650514
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201911397203.8A Active CN111181962B (en) | 2019-12-30 | 2019-12-30 | Data integrity merging system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN111181962B (en) |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN111866164A (en) * | 2020-07-29 | 2020-10-30 | 钱秀英 | Information acquisition system and method for data transmission among communication devices |
| CN112398863A (en) * | 2020-11-19 | 2021-02-23 | 全知科技(杭州)有限责任公司 | Data analysis method for incomplete flow of TCP long connection |
| CN113946294A (en) * | 2021-10-29 | 2022-01-18 | 蜂巢科技(南通)有限公司 | Distributed storage system and data processing method thereof |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105740361A (en) * | 2016-01-26 | 2016-07-06 | 上海晶赞科技发展有限公司 | Detection method and apparatus for integrity of total data |
| CN106416175A (en) * | 2014-05-28 | 2017-02-15 | 华为技术有限公司 | Protocol stack adaptation method and apparatus |
| CN106951360A (en) * | 2017-03-27 | 2017-07-14 | 网宿科技股份有限公司 | Data statistics integrity degree computational methods and system |
| CN110535855A (en) * | 2019-08-28 | 2019-12-03 | 北京安御道合科技有限公司 | A kind of network event method for monitoring and analyzing and system, information data processing terminal |
-
2019
- 2019-12-30 CN CN201911397203.8A patent/CN111181962B/en active Active
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106416175A (en) * | 2014-05-28 | 2017-02-15 | 华为技术有限公司 | Protocol stack adaptation method and apparatus |
| CN105740361A (en) * | 2016-01-26 | 2016-07-06 | 上海晶赞科技发展有限公司 | Detection method and apparatus for integrity of total data |
| CN106951360A (en) * | 2017-03-27 | 2017-07-14 | 网宿科技股份有限公司 | Data statistics integrity degree computational methods and system |
| CN110535855A (en) * | 2019-08-28 | 2019-12-03 | 北京安御道合科技有限公司 | A kind of network event method for monitoring and analyzing and system, information data processing terminal |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN111866164A (en) * | 2020-07-29 | 2020-10-30 | 钱秀英 | Information acquisition system and method for data transmission among communication devices |
| CN112398863A (en) * | 2020-11-19 | 2021-02-23 | 全知科技(杭州)有限责任公司 | Data analysis method for incomplete flow of TCP long connection |
| CN113946294A (en) * | 2021-10-29 | 2022-01-18 | 蜂巢科技(南通)有限公司 | Distributed storage system and data processing method thereof |
Also Published As
| Publication number | Publication date |
|---|---|
| CN111181962B (en) | 2022-04-12 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN111181962B (en) | Data integrity merging system | |
| Alcock et al. | Application flow control in YouTube video streams | |
| US7779133B2 (en) | Estimation of web client response time | |
| US7860010B2 (en) | Method, apparatus and system for detecting sequence number of packet for transmission of multi-units | |
| CN108282497A (en) | For the ddos attack detection method of SDN control planes | |
| EP3334117B1 (en) | Method, apparatus and system for quantizing defence result | |
| CN105376110A (en) | Network data packet analysis method and system in big data stream technology | |
| KR102188222B1 (en) | Video service quality evaluation method and device | |
| CN107623685A (en) | The method and device of quick detection SYN Flood attacks | |
| CN104009986A (en) | Network attack springboard detection method and device based on host | |
| JP2003244238A (en) | Traffic monitoring device and method, and computer program | |
| US9270550B2 (en) | Session-based traffic analysis system | |
| CN100495993C (en) | Method, device, system and communication method for detecting the host number | |
| Yang et al. | A clustering-partitioning algorithm to find TCP packet round-trip time for intrusion detection | |
| CN102780591A (en) | Method and apparatus for distinguishing and sampling bi-directional network traffic at a conversation level | |
| EP2523407A1 (en) | Method and apparatus to determine the amount of delay in the transfer of data associated with a TCP zero window event or set of TCP zero window events | |
| Rewaskar et al. | A passive state-machine approach for accurate analysis of TCP out-of-sequence segments | |
| CN112511454A (en) | Method, system and device for detecting network quality | |
| TWI472207B (en) | A system for capturing multi-nodes and replaying cross-layers | |
| CN112118442A (en) | AI video call quality analysis method, device, computer equipment and storage medium | |
| CN103220585B (en) | A kind of network video transmission method supporting QoS | |
| Luo et al. | Novel approaches to end-to-end packet reordering measurement | |
| Zhang et al. | Chat: Accurate network latency measurement for 5g e2e networks | |
| CN106341289B (en) | A kind of the packet loss ratio estimation method and device of network packet packet capturing process | |
| Yang et al. | An efficient TCP/IP packet matching algorithm to detect stepping-stone intrusion |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| TA01 | Transfer of patent application right |
Effective date of registration: 20210621 Address after: 610000 Sichuan Chengdu China (Sichuan) Free Trade Experimental Zone Chengdu High-tech Zone Tianfu Road North 966 Building 1 Unit 14 Building 41401-41406 Applicant after: Chengdu Kelai Network Technology Co., Ltd Address before: 13 / F and 14 / F, unit 1, building 4, No. 966, north section of Tianfu Avenue, Chengdu high tech Zone, China (Sichuan) pilot Free Trade Zone, Wuhou District, Chengdu, Sichuan 610000 Applicant before: COLASOFT Co.,Ltd. |
|
| TA01 | Transfer of patent application right | ||
| CB02 | Change of applicant information |
Address after: 610000 12th, 13th and 14th floors, unit 1, building 4, No. 966, north section of Tianfu Avenue, Chengdu hi tech Zone, China (Sichuan) pilot Free Trade Zone, Chengdu, Sichuan Applicant after: Kelai Network Technology Co.,Ltd. Address before: 610000 Sichuan Chengdu China (Sichuan) Free Trade Experimental Zone Chengdu High-tech Zone Tianfu Road North 966 Building 1 Unit 14 Building 41401-41406 Applicant before: Chengdu Kelai Network Technology Co.,Ltd. |
|
| CB02 | Change of applicant information | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |