CN113891268B - User flow charging auditing method - Google Patents

User flow charging auditing method Download PDF

Info

Publication number
CN113891268B
CN113891268B CN202111285964.1A CN202111285964A CN113891268B CN 113891268 B CN113891268 B CN 113891268B CN 202111285964 A CN202111285964 A CN 202111285964A CN 113891268 B CN113891268 B CN 113891268B
Authority
CN
China
Prior art keywords
flow
traffic
charging
month
collecting
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202111285964.1A
Other languages
Chinese (zh)
Other versions
CN113891268A (en
Inventor
杨世标
范永斌
关诚勇
薛松荃
庄颷
黄坤
龙柯
燕飞
冯海东
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Individual
Original Assignee
Individual
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Individual filed Critical Individual
Priority to CN202111285964.1A priority Critical patent/CN113891268B/en
Publication of CN113891268A publication Critical patent/CN113891268A/en
Application granted granted Critical
Publication of CN113891268B publication Critical patent/CN113891268B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W4/00Services specially adapted for wireless communication networks; Facilities therefor
    • H04W4/24Accounting or billing
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W24/00Supervisory, monitoring or testing arrangements
    • H04W24/02Arrangements for optimising operational condition

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Business, Economics & Management (AREA)
  • Accounting & Taxation (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The invention discloses a user flow charging auditing method, which comprises the following steps: collecting a flow trend graph of clients of the whole network; judging whether the internet surfing flow of the user is stable or not according to a month flow model of the flow trend graph; if a client is found to have burst traffic only in a certain period of time, a problem of avoiding 95 charging in a CDN scheduling manner may exist. After the scheme is adopted, the method and the system can analyze and utilize the vulnerability of the 95 charging rules to maliciously evade the charged access users according to the traffic volume of the customer service peak period, the continuity of traffic peak dates of different access points and the analysis and matching of domain names, thereby recovering huge income for operators and improving the efficiency of network construction.

Description

User flow charging auditing method
Technical Field
The invention belongs to the field of communication, and particularly relates to a user flow charging auditing method.
Background
The 95 charging rule is to collect flow data once every 5 minutes as one collection point, and a total of 12×24×30=8640 collection points are collected for one month (calculated according to 30 days, and the same applies below). And (3) arranging according to descending order, removing the maximum use bandwidth of 5% (432 acquisition points) in one month, and obtaining the rest maximum bandwidth as the basis of the charging bandwidth in the current month.
Specifically, 95 billing: taking a point every 5 minutes, 12 points every 1 hour, 12 x 24 points every 1 day, 12 x 24 x 30=8640 points every 30 days for one month, then the point of the highest value of 5% is removed, and the remaining highest bandwidth is used as the basis of charging flow.
Theoretically, 95 billing eliminates the high peak of 36 hours per month (24×30×5% =36). If there are 4 hours in the peak period of each day, the bandwidth occupied by the 9 (36/4=9) day peak is effectively removed from the user; if there are 3 hours per day peak, the user is effectively deprived of bandwidth occupied by 12 (36 +.3=12) day peak; if the peak period of each day is only 2 hours, the user is effectively deprived of the bandwidth occupied by the peak at 18 (36 +.2=18) days.
When a client accesses to 2-4 access points of an operator at the same time, the CDN scheduling technology is utilized, and when the traffic is scheduled to different nodes according to the day in the service peak period, the monthly charging bandwidth can be controlled within the lowest access bandwidth.
Disclosure of Invention
The invention discloses a method for auditing and utilizing 95 charging rule loopholes.
The technical scheme adopted by the invention for solving the technical problems is as follows:
a user flow charging auditing method includes:
collecting a flow trend graph of clients of the whole network;
judging whether the internet surfing flow of the user is stable or not according to a month flow model of the flow trend graph;
if a client is found to have bursty traffic only for a certain period of time, there may be a behavior of utilizing 95 charging rule vulnerabilities through CDN scheduling techniques. .
Preferably, if the burst traffic only occurs for about 10 days, further deriving each traffic acquisition point of the service in the current month;
analyzing whether the flow collection points in the peak period are within 432;
if within 432, there may be an action to exploit 95 billing rule holes through CDN scheduling techniques. .
Preferably, the method further comprises:
screening out all traffic abnormal business access clients;
and integrating the data of the burst traffic time points of the different access nodes to form one or a plurality of complete and fixed month traffic trend models, wherein the access points in the combination may have the behavior of utilizing 95 charging rule holes through CDN scheduling technology. .
Preferably, the method further comprises:
by analyzing the traffic components of each access node in the combination, comprising:
collecting and selecting IP address flow of TopN through Netflow;
and carrying out domain name analysis aiming at the IP address, cross-comparing domain name coincidence degrees in the combination, and finally determining whether a client dispatches the flow to a plurality of access nodes through CDN dispatching technology, thereby avoiding the reasonable charging basis of 95 charging.
Preferably, the flow trend graph of the clients of the whole network is collected, which means that:
and collecting the outlet bandwidth and the inlet bandwidth of the port, calculating the bandwidth of the port, and forming a flow trend graph of the client.
After the scheme is adopted, the method and the system can analyze and utilize the vulnerability of the 95 charging rules to maliciously evade the charged access users according to the traffic volume of the customer service peak period, the continuity of traffic peak dates of different access points and the analysis and matching of domain names, thereby recovering huge income for operators and improving the efficiency of network construction.
Additional features and advantages of the invention will be set forth in the description which follows, and in part will be obvious from the description, or may be learned by practice of the invention. The objectives and other advantages of the invention will be realized and attained by the structure particularly pointed out in the written description and claims thereof as well as the appended drawings.
Drawings
The present invention will be described in detail below with reference to the attached drawings, so that the above advantages of the present invention will be more apparent. Wherein,
FIG. 1 is a schematic diagram of a user traffic model at normal times;
FIG. 2 is a schematic diagram of the occurrence of abnormal traffic in a user traffic model.
Detailed Description
The following will describe embodiments of the present invention in detail with reference to the drawings and examples, thereby solving the technical problems by applying technical means to the present invention, and realizing the technical effects can be fully understood and implemented accordingly. It should be noted that, as long as no conflict is formed, each embodiment of the present invention and each feature of each embodiment may be combined with each other, and the formed technical solutions are all within the protection scope of the present invention.
The invention discloses an algorithm, which is used for analyzing and utilizing a 95 charging rule vulnerability to maliciously evade a charged access user according to the peak traffic of a client service, the continuity of traffic peak dates of different access points and the analysis and matching of domain names aiming at the 95 charging service accessed at multiple access points, thereby recovering huge income for operators and improving the efficiency of network construction.
Specifically, a method for auditing user flow charging includes:
collecting a flow trend graph of clients of the whole network;
judging whether the internet surfing flow of the user is stable or not according to a month flow model of the flow trend graph;
if a client is found to have bursty traffic only for a certain period of time, there may be a behavior of utilizing 95 charging rule vulnerabilities through CDN scheduling techniques. .
Preferably, if the burst traffic only occurs for about 10 days, further deriving each traffic acquisition point of the service in the current month;
analyzing whether the flow collection points in the peak period are within 432;
if within 432, there may be an action to exploit 95 billing rule holes through CDN scheduling techniques. .
Preferably, the method further comprises:
screening out all traffic abnormal business access clients;
and integrating the data of the burst traffic time points of the different access nodes to form one or a plurality of complete and fixed month traffic trend models, wherein the access points in the combination may have the behavior of utilizing 95 charging rule holes through CDN scheduling technology. .
Preferably, the method further comprises:
by analyzing the traffic components of each access node in the combination, comprising:
collecting and selecting IP address flow of TopN through Netflow;
and carrying out domain name analysis aiming at the IP address, cross-comparing domain name coincidence degrees in the combination, and finally determining whether a client dispatches the flow to a plurality of access nodes through CDN dispatching technology, thereby avoiding the reasonable charging basis of 95 charging.
Preferably, the flow trend graph of the clients of the whole network is collected, which means that:
and collecting the outlet bandwidth and the inlet bandwidth of the port, calculating the bandwidth of the port, and forming a flow trend graph of the client.
In one embodiment, the method consists essentially of two steps, traffic analysis and domain name analysis.
1. Flow analysis
Firstly, collecting a flow trend chart of a whole network client, performing preliminary analysis, and normally accessing a service, wherein a month flow model tends to be stable, as shown in fig. 1:
if a client is found to have burst traffic only in a certain period of time, there may be a problem of avoiding 95 charging by a CDN scheduling manner, as shown in fig. 2:
if the burst traffic only occurs about 10 days, each traffic acquisition point of the service in the current month is further derived, whether the traffic acquisition points in the peak period are within 432 or not is analyzed, and if the traffic acquisition points are within 432, the possibility of utilizing the 95 charging rule loopholes through the CDN scheduling technology may exist.
Because different access points of the same service may have different names and be opened, service access clients with abnormal traffic need to be screened out, one or a plurality of complete and fixed month traffic trend models are formed by integrating data of burst traffic time points of different access nodes, and then the access points in the combinations may have the behavior of drilling 95 charging rule holes.
2. Domain name analysis
If the client accesses by using different access nodes, it is impossible to confirm whether the behavior of the charging vulnerability of 95 is in existence or not by the client information alone. Therefore, the integrated complete and fixed service flow combinations are subjected to deep analysis on the flow components of all access nodes in the combinations, the IP address flow of TopN is collected and selected through Netflow, domain name analysis is carried out on the IP address, the domain name coincidence degree in the combinations is compared in a crossing manner, and finally whether a client schedules the flow on a plurality of access nodes through CDN scheduling technology is determined, so that the reasonable charging basis of 95 charging is avoided.
The key point of the invention is to precisely locate the user avoiding 95 charging rules through the cross analysis of the flow of the multiple nodes and the domain name. All methods for auditing and avoiding 95 charging rules by combining flow and domain name belong to the protection scope of the patent.
By analyzing the flow trend graph of the access service in each place and combining with the domain name resolution mode, the invention can effectively avoid the behavior that the client escapes 95 charging by using CDN scheduling technology, thereby improving the network construction efficiency and avoiding the loss of national assets.
Finally, it should be noted that: the foregoing description is only a preferred embodiment of the present invention, and the present invention is not limited thereto, but it is to be understood that modifications and equivalents of some of the technical features described in the foregoing embodiments may be made by those skilled in the art, although the present invention has been described in detail with reference to the foregoing embodiments. Any modification, equivalent replacement, improvement, etc. made within the spirit and principle of the present invention should be included in the protection scope of the present invention.

Claims (2)

1. A method for auditing user traffic charges, comprising:
collecting the flow of clients of the whole network, and forming a flow trend graph according to time;
judging whether the internet surfing flow of the user is stable or not according to a month flow model of the flow trend graph;
if a client is found to have burst traffic only in a certain period of time, a behavior of utilizing a 95 charging rule vulnerability through a CDN scheduling mode may exist; if the burst flow only occurs for about 10 days, further deriving each flow acquisition point in the current month;
analyzing whether the flow collection points in the peak period are within 432;
if within 432, there may be a behavior to exploit 95 billing rule holes through CDN scheduling techniques;
screening out all traffic abnormal business access clients;
integrating data of burst flow time points of different access nodes to form one or a plurality of complete and fixed month flow trend models, wherein the access points in the month flow trend models may have a behavior of utilizing 95 charging rule holes through CDN scheduling technology;
by analyzing the traffic components of each access node, comprising:
collecting and selecting IP address flow of TopN through Netflow;
performing domain name analysis aiming at the IP address, and cross-comparing domain name coincidence in the combination;
and finally determining whether the client schedules the traffic at a plurality of access nodes through CDN scheduling technology, thereby avoiding the reasonable charging basis of 95 charging.
2. The method for auditing user traffic charges according to claim 1, wherein collecting traffic trend graphs of clients of the whole network means:
and collecting the outlet bandwidth and the inlet bandwidth of the port, calculating the bandwidth of the port, and forming a flow trend graph of the client.
CN202111285964.1A 2021-11-02 2021-11-02 User flow charging auditing method Active CN113891268B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202111285964.1A CN113891268B (en) 2021-11-02 2021-11-02 User flow charging auditing method

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202111285964.1A CN113891268B (en) 2021-11-02 2021-11-02 User flow charging auditing method

Publications (2)

Publication Number Publication Date
CN113891268A CN113891268A (en) 2022-01-04
CN113891268B true CN113891268B (en) 2024-04-16

Family

ID=79015292

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202111285964.1A Active CN113891268B (en) 2021-11-02 2021-11-02 User flow charging auditing method

Country Status (1)

Country Link
CN (1) CN113891268B (en)

Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR20140039513A (en) * 2012-09-24 2014-04-02 에스케이텔레콤 주식회사 Charging method, apparatus and system for contents delivery network
CN106027272A (en) * 2016-04-26 2016-10-12 乐视控股(北京)有限公司 CDN (Content Delivery Network) node server traffic time deduction method and system
CN106358172A (en) * 2015-07-17 2017-01-25 中兴通讯股份有限公司 Interaction method and device among network elements in network architecture
CN109067670A (en) * 2018-09-28 2018-12-21 杭州领智云画科技有限公司 A kind of CDN dispatching method and CDN controlling equipment
CN109547517A (en) * 2017-09-22 2019-03-29 贵州白山云科技股份有限公司 A kind of bandwidth scheduling method and apparatus
CN110493017A (en) * 2019-08-22 2019-11-22 北京世纪互联宽带数据中心有限公司 A kind of charge on traffic method and system
CN111901131A (en) * 2020-09-29 2020-11-06 杭州优云科技有限公司 Flow charging scheduling method, storage medium and computer

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US9224163B2 (en) * 2009-08-31 2015-12-29 Aryaka Networks, Inc. Incremental computation of billing percentile values in a cloud based application acceleration as a service environment

Patent Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR20140039513A (en) * 2012-09-24 2014-04-02 에스케이텔레콤 주식회사 Charging method, apparatus and system for contents delivery network
CN106358172A (en) * 2015-07-17 2017-01-25 中兴通讯股份有限公司 Interaction method and device among network elements in network architecture
CN106027272A (en) * 2016-04-26 2016-10-12 乐视控股(北京)有限公司 CDN (Content Delivery Network) node server traffic time deduction method and system
CN109547517A (en) * 2017-09-22 2019-03-29 贵州白山云科技股份有限公司 A kind of bandwidth scheduling method and apparatus
CN109067670A (en) * 2018-09-28 2018-12-21 杭州领智云画科技有限公司 A kind of CDN dispatching method and CDN controlling equipment
CN110493017A (en) * 2019-08-22 2019-11-22 北京世纪互联宽带数据中心有限公司 A kind of charge on traffic method and system
CN111901131A (en) * 2020-09-29 2020-11-06 杭州优云科技有限公司 Flow charging scheduling method, storage medium and computer

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
IDC流量计费策略与实现;高峰;;电信技术(11);全文 *
宽带流量计费的风险及规避;冉淼;张英冕;;现代通信(Z2);全文 *

Also Published As

Publication number Publication date
CN113891268A (en) 2022-01-04

Similar Documents

Publication Publication Date Title
CN109495317B (en) Data network flow prediction method and device
US20070076606A1 (en) Statistical trace-based methods for real-time traffic classification
US8566527B2 (en) System and method for usage analyzer of subscriber access to communications network
CN104102700A (en) Categorizing method oriented to Internet unbalanced application flow
CN101741608B (en) Traffic characteristic-based P2P application identification system and method
CN101754253A (en) General packet radio service (GPRS) end-to-end performance analysis method and system
CN112380570A (en) Data analysis method applied to block chain and edge computing server
US11424993B1 (en) Artificial intelligence system for network traffic flow based detection of service usage policy violations
CN103716282A (en) Method and system for correcting IP library
CN107945050A (en) Method and device for identifying and identifying type of electricity customer and central server
CN115168423A (en) Smart power grid data aggregation method based on local differential privacy
CN110191004A (en) A kind of port detecting method and system
Gebraselase et al. Transaction characteristics of bitcoin
CN113891268B (en) User flow charging auditing method
US8838774B2 (en) Method, system, and computer program product for identifying common factors associated with network activity with reduced resource utilization
EP3346666A1 (en) A prediction system configured for modeling the expected number of attacks on a computer or communication network
JP5933469B2 (en) Rearrangement support device, rearrangement support method, and rearrangement support program
CN117118711A (en) Method, device, equipment and storage medium for detecting illegal users
CN107222319B (en) Communication operation analysis method and device
CN116055194A (en) Big data platform-oriented security assessment method based on group portraits
CN113037551B (en) Quick identification and positioning method for sensitive-related services based on traffic slice
CN114186118A (en) Network public opinion topic information processing system, method, storage medium and terminal
Hamacher et al. Public security: simulations need to replace conventional wisdom
CN107147542A (en) A kind of information generating method and device
CN112769755A (en) DNS log statistical feature extraction method for threat detection

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant