CN113486935A - Block chain application flow identification method based on DPI and CNN - Google Patents

Block chain application flow identification method based on DPI and CNN Download PDF

Info

Publication number
CN113486935A
CN113486935A CN202110702605.5A CN202110702605A CN113486935A CN 113486935 A CN113486935 A CN 113486935A CN 202110702605 A CN202110702605 A CN 202110702605A CN 113486935 A CN113486935 A CN 113486935A
Authority
CN
China
Prior art keywords
traffic
dpi
block chain
data
identification
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202110702605.5A
Other languages
Chinese (zh)
Inventor
祝远鉴
李祥
张斌浩
秦晓龙
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Nanjing Fiberhome Telecommunication Technologies Co ltd
Original Assignee
Nanjing Fiberhome Telecommunication Technologies Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Nanjing Fiberhome Telecommunication Technologies Co ltd filed Critical Nanjing Fiberhome Telecommunication Technologies Co ltd
Priority to CN202110702605.5A priority Critical patent/CN113486935A/en
Publication of CN113486935A publication Critical patent/CN113486935A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F18/00Pattern recognition
    • G06F18/20Analysing
    • G06F18/21Design or setup of recognition systems or techniques; Extraction of features in feature space; Blind source separation
    • G06F18/214Generating training patterns; Bootstrap methods, e.g. bagging or boosting
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06NCOMPUTING ARRANGEMENTS BASED ON SPECIFIC COMPUTATIONAL MODELS
    • G06N3/00Computing arrangements based on biological models
    • G06N3/02Neural networks
    • G06N3/04Architecture, e.g. interconnection topology
    • G06N3/045Combinations of networks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • H04L63/1425Traffic logging, e.g. anomaly detection

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • Data Mining & Analysis (AREA)
  • General Engineering & Computer Science (AREA)
  • Computing Systems (AREA)
  • Computer Security & Cryptography (AREA)
  • Life Sciences & Earth Sciences (AREA)
  • Artificial Intelligence (AREA)
  • General Physics & Mathematics (AREA)
  • Evolutionary Computation (AREA)
  • Biophysics (AREA)
  • Bioinformatics & Cheminformatics (AREA)
  • General Health & Medical Sciences (AREA)
  • Computational Linguistics (AREA)
  • Mathematical Physics (AREA)
  • Software Systems (AREA)
  • Biomedical Technology (AREA)
  • Molecular Biology (AREA)
  • Bioinformatics & Computational Biology (AREA)
  • Computer Vision & Pattern Recognition (AREA)
  • Evolutionary Biology (AREA)
  • Health & Medical Sciences (AREA)
  • Computer Hardware Design (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

本发明公开了一种基于DPI和CNN的区块链应用流量识别方法,包括以下步骤:步骤S1、流量采集模块通过规则下发机制捕获并下发网络数据流量;步骤S2、DPI识别模块采用模式匹配算法对流量数据进行模式匹配,从而对应用流量进行识别,当匹配识别成功,则标记相应流量,结束;当无法匹配识别时,标记为不确定流量,并进入步骤S3;步骤S3、利用卷积神经网络模型CNN对不确定流量进行分类识别,当识别成功后,则标记为区块链相应流量类型,结束;当无法识别时,标记为非区块链流量,结束。通过本发明很好地弥补了使用传统方法不能精确识别出区块链应用的缺点,极大地提升了对区块链应用的识别能力。

Figure 202110702605

The invention discloses a block chain application traffic identification method based on DPI and CNN, comprising the following steps: step S1, a traffic collection module captures and delivers network data traffic through a rule issuing mechanism; step S2, the DPI identification module adopts a mode The matching algorithm performs pattern matching on the traffic data, so as to identify the application traffic. When the matching and identification is successful, the corresponding traffic is marked, and the end; The cumulative neural network model CNN classifies and identifies uncertain traffic. When the identification is successful, it is marked as the corresponding traffic type of the blockchain and ends; when it cannot be identified, it is marked as non-blockchain traffic and ended. The invention makes up for the disadvantage that the traditional method cannot accurately identify the blockchain application, and greatly improves the identification ability of the blockchain application.

Figure 202110702605

Description

Block chain application flow identification method based on DPI and CNN
Technical Field
The invention belongs to the technical field of block chains, and particularly relates to a block chain application flow identification technology based on a deep packet inspection technology (DPI) and a Convolutional Neural Network (CNN).
Background
As an emerging technology, the block chain technology has: the method has the characteristics of no tampering, decentralization, convenient tracing, collective maintenance and the like. The core technology mainly relates to encryption technology, point-to-point network design, realization of distributed algorithm and use of data storage technology. The decentralized blockchain technique has more significant advantages in privacy and security than the centralized technique architecture. The traditional traffic identification method in other fields in the industry is mainly as follows: a recognition method of a Support Vector Machine (SVM), a recognition method based on a bayesian algorithm, a recognition method based on a Decision Tree (Decision Tree), and the like. However, the current methods for identifying the application protocol traffic of the blockchain are relatively few, and no official published literature appears.
The prior art is mainly applied to traffic identification in the traditional centralized peer-to-peer network and the decentralized P2P network. There are significant drawbacks in large scale training or recognition errors. For example: a Support Vector Machine (SVM) -based recognition method is a novel learning method suitable for a small sample training model. The method has the characteristics of simple algorithm and stable performance. However, the algorithm and the improved method thereof are difficult to implement when training a large-scale training sample and solving a multi-classification problem; the identification method based on the decision tree is efficient and easy to understand and implement, but a large error is generated when processing data with stronger characteristic relevance. Therefore, there are significant drawbacks to the above approach when traffic recognition is performed for blockchain applications where data traffic is large and large-scale training samples need to be trained.
With the improvement of technology, the application of blockchains in the market is on the continuous rising trend. How network administrators can monitor blockchain traffic more efficiently becomes a serious problem. However, the blockchain application featuring decentralization is significantly different from the traditional centralization application in network model design. And relevant documents for identifying the block chain traffic do not appear at present.
Disclosure of Invention
Aiming at the problems in the prior art, the invention provides a block chain application flow identification method based on DPI and CNN, which can identify the block chain application in a network more accurately and improve the identification capability of the block chain application flow.
In order to solve the technical problems, the invention adopts the following technical scheme:
a block chain application flow identification method based on DPI and CNN comprises the following steps:
step S1, the traffic collection module captures and transmits the network data traffic through a rule transmission mechanism;
step S2, the DPI recognition module adopts a pattern matching algorithm to carry out pattern matching on the flow data so as to recognize the application flow, and when the matching recognition is successful, the corresponding flow is marked and the process is finished; when the matching identification cannot be performed, the flow is marked as uncertain flow, and the step S3 is entered;
step S3, classifying and identifying the uncertain traffic by using the convolutional neural network model CNN, marking the traffic as a traffic type corresponding to the block chain after the traffic type is successfully identified, and ending; when the traffic can not be identified, the traffic is marked as non-blockchain traffic, and the process is finished.
Further, when the DPI module performs pattern matching on the traffic data in step S2, the DPI module first analyzes and decodes the traffic data application layer protocol, then extracts the payload features in the traffic data packet by using the search algorithm engine, matches the payload features with the feature library in the DPI module, and if matching is successful, identifies the traffic data as the known blockchain application data.
Further, the specific process of identifying the data traffic by the convolutional neural network model CNN in step S3 is as follows:
(1) the characteristic extraction module collects block chain flow as training flow data, extracts statistical characteristics of the training flow data and establishes a flow characteristic vector set;
(2) the machine learning training module carries out deep learning on the traffic characteristic vector, and a training model for identifying the block chain application traffic is obtained through training;
(3) the feature extraction module collects and issues real-time network traffic and extracts a real-time feature vector set in the real-time network traffic;
(4) and identifying and judging the real-time characteristic vectors through the trained training model.
Further, the traffic feature vector set in step (1) includes blockchain and non-blockchain application data traffic features.
Further, the characteristic parameters of the traffic characteristic vector set include a multi-port characteristic, a multi-connectivity characteristic, a far-end address port uniformity characteristic, the number of times of alternate occurrence of large and small data packets, a standard deviation of payload lengths of the data packets, and the number of data packets with payload lengths larger than zero.
Further, the model structure of the convolutional neural network model CNN comprises an input layer, a convolutional layer, a pooling layer and a full-link layer, wherein the output y of the jth convolutional neuron in the convolutional layerjObtained by the following formula:
Figure BDA0003130721930000021
in the formula, SjIs the net input value, x, of the jth neuron1,x2…xi…xnIs the input value, w, from the 1, 2. i. n neuronsj1,wj2…wji…wjnThe connection strength between the 1 st, 2. i. n neurons and the jth neuron, namely the weight; bjFor the threshold, f (-) is the transfer function, X is the transpose of the applied feature vector for the blockchain, WjIs the connection strength weight vector.
Further, the transfer function f(s)j) Is a bounded monotonically rising function.
Has the advantages that: compared with the prior art, the invention has the following innovation points:
(1) the method combines a DPI algorithm and a machine learning algorithm based on a convolutional neural network model to identify the block chain application in a real-time network.
(2) And accurately identifying the known block chain application by adopting a DPI algorithm according to the unique identification feature library of the block chain data packet.
(3) And (3) identifying the unknown block chain flow by adopting a convolutional neural network algorithm as a learning model in a machine learning identification module. A "data set" is created that includes blockchain applications and non-blockchain applications. The "data set" includes a training set and a test set. The training set is used for training the model, and the testing set is used for testing the trained model in the early stage.
(4) And optimizing the training model by adopting a cross validation mode to obtain the optimal training model.
Drawings
Fig. 1 is a logic flow diagram of a block chain application traffic identification method based on DPI and CNN according to the present invention;
FIG. 2 is a block chain flow real-time monitoring system structure diagram of the convolutional neural network algorithm CNN of the present invention;
FIG. 3 is a j-th convolutional neural network model of the convolutional neural network algorithm CNN according to the present invention;
FIG. 4 is a graph comparing the recognition rates of the patterns at different sampling times according to the embodiment of the present invention.
Detailed Description
The invention will be further elucidated with reference to the following description of an embodiment in conjunction with the accompanying drawing. It is to be understood that these examples are for illustrative purposes only and are not intended to limit the scope of the present invention, which is to be given the full breadth of the appended claims and any and all equivalent modifications thereof which may occur to those skilled in the art upon reading the present specification.
In order to more accurately identify the block chain application in the network, the identification capability of the block chain application flow is improved. We use the following modes, namely: a Deep Packet Inspection (DPI) technology and Convolutional Neural Network (CNN) based machine learning model combined mode. The method well makes up the defect that the traditional method cannot accurately identify the block chain application, and greatly improves the identification capability of the block chain application. The specific process of the present invention is described in detail below:
fig. 1 is a flow chart of a mixed identification module based on DPI and CNN according to the present invention. The traffic collection module is used for capturing and issuing data traffic in a network in real time through a rule issuing mechanism. Firstly, judging whether the flow is the application flow of the known block chain through a DPI identification module. If so, marking the application flow as a known flow, otherwise, inputting the flow into a convolutional neural network module for modeling through machine learning, then judging whether the flow is the block chain flow, and if so, marking the flow as the block chain flow.
3.2 deep Package inspection model
The DPI adopts a pattern matching algorithm to perform pattern matching on the unique identifier of the application data packet in the real-time network flow, so as to realize the identification of the application flow. The technical key points of the DPI module comprise the selection accuracy of the unique identifier and the design of a feature library model.
When data traffic issued in a real-time network enters a DPI detection module, the system analyzes and decodes an application layer protocol in real time, extracts the characteristics of a payload in a traffic data packet by adopting a search algorithm engine, and matches the characteristics with a characteristic library so as to judge whether the traffic is known block chain traffic. If the match is successful, the application traffic is flagged as a known blockchain application. In the DPI flow identification design model, the identification accuracy is related to the selection accuracy of the characteristics and the coverage width. However, the method is limited to the endless layer of new applications and insufficient collection of unknown applications, and a comprehensive feature library does not exist, and the feature library needs to be updated continuously along with the update of the protocol. Application traffic that is not recognized by the DPI module therefore requires machine learning for further inspection.
2.2 convolutional neural network model
Convolutional neural networks are employed in this patent as models for machine learning. The method is divided into a training phase and a recognition phase, and the system structure is shown in figure 2. In the training stage, a data set used for training is collected, features are extracted from the data set to form a feature vector training set of a sample, the feature vector training set is trained through a machine learning algorithm, and a cross-validation mode in a machine learning sky model selection library is used for obtaining a training model. In the identification stage, a feature vector is extracted from real-time network flow every other time window and is delivered to an identification module to obtain an identification result. The machine learning framework adopts tensorflow and is used for data flow programming and model deployment. The specific process of the CNN identification block chain application flow is as follows:
as shown in fig. 2, the feature extraction module is used to collect the blockchain traffic in the network and create a traffic "data set" from the extracted statistical features of the application traffic. The machine learning module is used for deeply learning the traffic data set through a machine learning algorithm to generate a training model for identifying the block chain application traffic. The data set includes a large number of blockchain and non-blockchain application data traffic characteristics. The real-time feature extraction module is used for collecting and issuing the flow in the real-time network, establishing a real-time feature vector set and sending the real-time feature vector set to the identification module. And then the recognition module predicts the real-time data flow through the trained model to obtain a prediction result.
The model structure includes: input layer, book basic unit, pooling layer and full tie-up layer. In the preprocessing stage, the block chain application and part of non-block chain application are adopted for preprocessing, and the characteristics of the data flow are extracted. And then, selecting the characteristics, and removing redundant characteristics to ensure that the system obtains an optimal characteristic subset. And finally, taking the feature subsets as a machine learning data set, wherein the data set comprises a training set and a testing set.
In the CNN model, a vector representing features in a training set as a matrix is used as an input to an input layer. And then selecting proper hyper-parameters, and importing a training set to train the weight and the bias of the model to obtain an optimal training model. When real-time network data traffic enters the detection module, the system will recognize the blockchain application according to the level of model training. Preferably, the characteristic parameters in the "data set" include: multiport characteristics, multi-connectivity characteristics, remote address port uniformity characteristics, alternate occurrence times of large and small data packets, standard deviation of payload length of the data packets, and the number of data packets with payload length larger than zero.
As shown in fig. 3, the operation principle of the jth basic convolution neuron of the present invention is as follows: net input value S of jth neuron of convolutional neural network detection modulejComprises the following steps:
Figure BDA0003130721930000051
wherein: x is the number of1、x2...xi...xnRepresent inputs from neurons 1,2 … i … n, respectively; w is aj1、wj2...wji...wjnRespectively representing the connection strength of the neurons 1 and 2 … i … n and the jth neuron, namely the weight; bjIs a threshold value; f (-) is a transfer function; y isjIs the output of the jth neuron. The block chain applies the transpose of the feature vector as:
X=[mip,mport,raup,stddev,swf,pcnt]T
Wj=[wj1wj2…wji…wjn]
net input SjAfter passing through the transfer function f (-), the output y of the j-th neuron is obtainedj
Figure BDA0003130721930000052
Where f (x) is a monotonically rising function and must be a bounded function.
Comparing the block chain application flow identification method based on DPI and CNN with the block chain application flow identification rate of the common mode in the prior art. Selecting a plurality of common block chains for application, and performing research and analysis by adopting three methods of DPI, convolutional neural network and mixed detection of DPI and convolutional neural network respectively to obtain statistical results, as shown in Table 1.
TABLE 1 comparison of recognition rates by different methods
Figure BDA0003130721930000053
As can be seen from table 1, the recognition rate of the DPI method is about 85% when identifying the application traffic of the blockchain, and the recognition rate of the convolutional neural network method is also about 85% when identifying the application traffic of the blockchain. And the mixed detection model after the DPI and the convolutional neural network are combined, the recognition rate is obviously improved, and the result is between 93% and 97%. The average recognition rates of the above methods were compared by counting the results of the multiple detections, and the results are shown in fig. 4.
As can be seen from fig. 4, when identifying the block connection application traffic within a plurality of sampling times, the identification rate of the DPI and convolutional neural network hybrid identification method of the present invention is superior to that of the DPI or convolutional neural network identification method.
The key points of the invention are as follows: firstly, a DPI detection algorithm is adopted to accurately identify the application of the known block chain. And secondly, performing flow identification on the unknown block chain application by adopting a CNN-based machine learning method. Thirdly, a DPI and CNN combined model is adopted in a machine learning module for training and real-time flow detection. And fourthly, selecting and marking the DPI and CNN characteristic models.
Finally, it should be noted that: the above examples are only intended to illustrate the technical solution of the present invention, but not to limit it; although the present invention has been described in detail with reference to the foregoing embodiments, it will be understood by those of ordinary skill in the art that: the technical solutions described in the foregoing embodiments may still be modified, or some technical features may be equivalently replaced; and such modifications or substitutions do not depart from the spirit and scope of the corresponding technical solutions of the embodiments of the present invention.

Claims (7)

1.一种基于DPI和CNN的区块链应用流量识别方法,其特征在于包括以下步骤:1. a block chain application traffic identification method based on DPI and CNN, is characterized in that comprising the following steps: 步骤S1、流量采集模块通过规则下发机制捕获并下发网络数据流量;Step S1, the traffic collection module captures and delivers network data traffic through a rule delivery mechanism; 步骤S2、DPI识别模块采用模式匹配算法对流量数据进行模式匹配,从而对应用流量进行识别,当匹配识别成功,则标记相应流量,结束;当无法匹配识别时,标记为不确定流量,并进入步骤S3;In step S2, the DPI identification module uses a pattern matching algorithm to perform pattern matching on the traffic data, thereby identifying the application traffic. When the matching and identification are successful, the corresponding traffic is marked, and the end is ended; when the matching and identification cannot be performed, it is marked as an uncertain traffic and enters. step S3; 步骤S3、利用卷积神经网络模型CNN对不确定流量进行分类识别,当识别成功后,则标记为区块链相应流量类型,结束;当无法识别时,标记为非区块链流量,结束。Step S3, use the convolutional neural network model CNN to classify and identify the uncertain traffic. When the identification is successful, it is marked as the corresponding traffic type of the blockchain and ended; when it cannot be identified, it is marked as non-blockchain traffic and ended. 2.根据权利要求1所述基于DPI和CNN的区块链应用流量识别方法,其特征在于:步骤S2所述DPI识别模块对流量数据进行模式匹配时,首先对流量数据应用层协议进行解析及解码,然后采用搜索算法引擎提取流量数据包中有效载荷特征,并将该有效载荷特征与DPI识别模块中的特征库进行匹配,若匹配成功,则将该流量数据标识为已知区块链应用数据。2. The block chain application traffic identification method based on DPI and CNN according to claim 1, is characterized in that: when the DPI identification module described in step S2 carries out pattern matching to the traffic data, at first the traffic data application layer protocol is parsed and analyzed. Decode, and then use the search algorithm engine to extract the payload feature in the traffic data packet, and match the payload feature with the feature library in the DPI identification module. If the match is successful, the traffic data will be identified as a known blockchain application data. 3.根据权利要求1所述基于DPI和CNN的区块链应用流量识别方法,其特征在于:步骤S3中卷积神经网络模型CNN识别数据流量的具体过程如下:3. according to the described block chain application traffic identification method based on DPI and CNN according to claim 1, it is characterized in that: in step S3, the concrete process that convolutional neural network model CNN identifies data traffic is as follows: (1)特征提取模块采集区块链流量作为训练流量数据,并提取训练流量数据的统计特征,建立流量特征向量集;(1) The feature extraction module collects blockchain traffic as training traffic data, extracts statistical features of the training traffic data, and establishes a traffic feature vector set; (2)机器学习训练模块对流量特征向量进行深度学习,训练得到用于识别区块链应用流量的训练模型;(2) The machine learning training module performs in-depth learning on the traffic feature vector, and trains to obtain a training model for identifying blockchain application traffic; (3)特征提取模块对实时网络流量进行采集下发,并提取实时网络流量中的实时特征向量集;(3) The feature extraction module collects and distributes real-time network traffic, and extracts the real-time feature vector set in the real-time network traffic; (4)通过训练好的训练模型对实时特征向量进行识别判断。(4) Identify and judge the real-time feature vector through the trained training model. 4.根据权利要求3所述基于DPI和CNN的区块链应用流量识别方法,其特征在于:步骤(1)中所述流量特征向量集包括区块链和非区块链应用数据流量特征。4. The block chain application traffic identification method based on DPI and CNN according to claim 3, is characterized in that: the traffic feature vector set described in step (1) includes block chain and non-block chain application data traffic characteristics. 5.根据权利要求3所述基于DPI和CNN的区块链应用流量识别方法,其特征在于:所述流量特征向量集的特征参数包括多端口特征、多连接性特征、远端地址端口统一性特征、大小数据包交替出现次数、数据包净荷长度标准差、净荷长度大于零的数据包个数。5. The block chain application traffic identification method based on DPI and CNN according to claim 3, characterized in that: the characteristic parameters of the traffic feature vector set include multi-port features, multi-connectivity features, remote address port uniformity Features, the number of alternating occurrences of large and small data packets, the standard deviation of the data packet payload length, and the number of data packets whose payload length is greater than zero. 6.根据权利要求3所述基于DPI和CNN的区块链应用流量识别方法,其特征在于:所述卷积神经网络模型CNN的模型结构包括输入层、卷积层、池化层和全连接层,其中卷积层中第j个卷积神经元的输出yj通过下式获得:6. The block chain application traffic identification method based on DPI and CNN according to claim 3, it is characterized in that: the model structure of described convolutional neural network model CNN comprises input layer, convolution layer, pooling layer and full connection layer, where the output yj of the jth convolutional neuron in the convolutional layer is obtained by:
Figure FDA0003130721920000021
Figure FDA0003130721920000021
 式中,Sj为第j个神经元的净输入值,x1,x2…xi…xn为来自第1,2…i…n个神经元的输入值,wj1,wj2…wji…wjn为第1,2…i…n个神经元与第j个神经元的连接强度,即权值;bj为阈值,f(·)为传递函数,X为区块链应用特征向量的转置,Wj为连接强度权值向量。In the formula, S j is the net input value of the jth neuron , x 1 , x 2 ... x i ... x n is the input value from the 1st, 2nd... w ji ...w jn is the connection strength between the 1st, 2nd...i...n neuron and the jth neuron, that is, the weight; b j is the threshold, f( ) is the transfer function, and X is the blockchain application The transpose of the feature vector, W j is the connection strength weight vector. 7.根据权利要求6所述基于DPI和CNN的区块链应用流量识别方法,其特征在于:所述传递函数f(sj)为有界的单调上升函数。7. The block chain application traffic identification method based on DPI and CNN according to claim 6, wherein the transfer function f(s j ) is a bounded monotonically rising function.
CN202110702605.5A 2021-06-24 2021-06-24 Block chain application flow identification method based on DPI and CNN Pending CN113486935A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202110702605.5A CN113486935A (en) 2021-06-24 2021-06-24 Block chain application flow identification method based on DPI and CNN

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202110702605.5A CN113486935A (en) 2021-06-24 2021-06-24 Block chain application flow identification method based on DPI and CNN

Publications (1)

Publication Number Publication Date
CN113486935A true CN113486935A (en) 2021-10-08

Family

ID=77936096

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202110702605.5A Pending CN113486935A (en) 2021-06-24 2021-06-24 Block chain application flow identification method based on DPI and CNN

Country Status (1)

Country Link
CN (1) CN113486935A (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114338853A (en) * 2021-12-31 2022-04-12 西南民族大学 A blockchain traffic monitoring and detection method under the industrial Internet
CN115118462A (en) * 2022-06-09 2022-09-27 华中师范大学 A Data Privacy Protection Method Based on Convolution Enhanced Chain

Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108712324A (en) * 2018-05-22 2018-10-26 中国联合网络通信集团有限公司 The method and apparatus for handling mail
CN109151880A (en) * 2018-11-08 2019-01-04 中国人民解放军国防科技大学 Mobile application traffic identification method based on multi-layer classifier
US20190213182A1 (en) * 2018-01-05 2019-07-11 Telia Company Ab Method and a node for storage of data in a network
CN110247930A (en) * 2019-07-01 2019-09-17 北京理工大学 A kind of refined net method for recognizing flux based on deep neural network
CN111131069A (en) * 2019-11-25 2020-05-08 北京理工大学 An abnormal encrypted traffic detection and classification method based on deep learning strategy
US10873456B1 (en) * 2019-05-07 2020-12-22 LedgerDomain, LLC Neural network classifiers for block chain data structures
CN112491643A (en) * 2020-11-11 2021-03-12 北京马赫谷科技有限公司 Deep packet inspection method, device, equipment and storage medium

Patent Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20190213182A1 (en) * 2018-01-05 2019-07-11 Telia Company Ab Method and a node for storage of data in a network
CN108712324A (en) * 2018-05-22 2018-10-26 中国联合网络通信集团有限公司 The method and apparatus for handling mail
CN109151880A (en) * 2018-11-08 2019-01-04 中国人民解放军国防科技大学 Mobile application traffic identification method based on multi-layer classifier
US10873456B1 (en) * 2019-05-07 2020-12-22 LedgerDomain, LLC Neural network classifiers for block chain data structures
CN110247930A (en) * 2019-07-01 2019-09-17 北京理工大学 A kind of refined net method for recognizing flux based on deep neural network
CN111131069A (en) * 2019-11-25 2020-05-08 北京理工大学 An abnormal encrypted traffic detection and classification method based on deep learning strategy
CN112491643A (en) * 2020-11-11 2021-03-12 北京马赫谷科技有限公司 Deep packet inspection method, device, equipment and storage medium

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114338853A (en) * 2021-12-31 2022-04-12 西南民族大学 A blockchain traffic monitoring and detection method under the industrial Internet
CN114338853B (en) * 2021-12-31 2022-09-20 西南民族大学 Block chain flow monitoring and detecting method under industrial internet
CN115118462A (en) * 2022-06-09 2022-09-27 华中师范大学 A Data Privacy Protection Method Based on Convolution Enhanced Chain
CN115118462B (en) * 2022-06-09 2023-07-18 华中师范大学 A Data Privacy Protection Method Based on Convolution Enhanced Chain

Similar Documents

Publication Publication Date Title
CN112925989B (en) A method and system for group discovery of attribute network
CN109272500B (en) Fabric classification method based on adaptive convolutional neural network
CN109218223B (en) A robust network traffic classification method and system based on active learning
CN112367273B (en) Flow classification method and device of deep neural network model based on knowledge distillation
CN105871832A (en) Network application encrypted traffic recognition method and device based on protocol attributes
CN112382411A (en) Drug-protein targeting effect prediction method based on heterogeneous graph
CN110909224B (en) A method and system for automatic classification and identification of sensitive data based on artificial intelligence
CN101442535B (en) Method for recognizing and tracking application based on keyword sequence
CN111126820A (en) Anti-stealing method and system
CN113486935A (en) Block chain application flow identification method based on DPI and CNN
CN115309813A (en) Social Robot Detection Algorithm Based on User Semantics, Attributes and Neighborhood Information
CN117349786B (en) Evidence fusion transformer fault diagnosis method based on data equalization
CN117238394A (en) Molecular image and SMILES character string based pre-training molecular property prediction method
CN114980122A (en) Small sample radio frequency fingerprint intelligent identification system and method
CN114510552B (en) A classification method and system for industrial Internet industry chain based on word segmentation technology
CN118069778B (en) LLM model-based similar asset fingerprint extraction method
CN110879802A (en) A log pattern extraction and matching method
CN114897085A (en) Clustering method based on closed subgraph link prediction and computer equipment
CN114124437A (en) Encrypted Traffic Identification Method Based on Prototype Convolutional Network
JP7587662B2 (en) Method for processing missing values of network log data and classifying the root cause of communication failures through the same
CN118626898A (en) A cloud platform fault root cause analysis method based on abnormal correlation graph and graph neural network
CN110516722B (en) Automatic generation method for traceability between requirements and codes based on active learning
CN118051818A (en) Internet of things equipment identification method based on federal learning and behavior analysis
CN116032790B (en) Method, device and system for identifying, diagnosing and predicting massive data flow anomalies of dispatching automation system
CN116796894A (en) An efficient deep learning weather prediction model construction method

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication
RJ01 Rejection of invention patent application after publication

Application publication date: 20211008