CN114268559B - Directional network detection method, device, equipment and medium based on TF-IDF algorithm - Google Patents
Directional network detection method, device, equipment and medium based on TF-IDF algorithm Download PDFInfo
- Publication number
- CN114268559B CN114268559B CN202111634982.6A CN202111634982A CN114268559B CN 114268559 B CN114268559 B CN 114268559B CN 202111634982 A CN202111634982 A CN 202111634982A CN 114268559 B CN114268559 B CN 114268559B
- Authority
- CN
- China
- Prior art keywords
- message
- list
- basic
- directional network
- backfill
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000001514 detection method Methods 0.000 title claims abstract description 113
- 238000004422 calculation algorithm Methods 0.000 title claims abstract description 56
- 238000000034 method Methods 0.000 claims abstract description 19
- 230000002159 abnormal effect Effects 0.000 claims description 12
- 238000005192 partition Methods 0.000 claims description 9
- 230000011218 segmentation Effects 0.000 claims description 9
- 238000000605 extraction Methods 0.000 claims description 5
- 238000013507 mapping Methods 0.000 claims description 4
- 239000000284 extract Substances 0.000 abstract description 7
- 238000004590 computer program Methods 0.000 description 11
- 238000012545 processing Methods 0.000 description 10
- 238000005516 engineering process Methods 0.000 description 9
- 230000006870 function Effects 0.000 description 9
- 238000004364 calculation method Methods 0.000 description 6
- 238000013473 artificial intelligence Methods 0.000 description 5
- 238000010586 diagram Methods 0.000 description 5
- 238000007726 management method Methods 0.000 description 5
- 238000004891 communication Methods 0.000 description 4
- 230000005856 abnormality Effects 0.000 description 2
- 239000004973 liquid crystal related substance Substances 0.000 description 2
- 230000003287 optical effect Effects 0.000 description 2
- 230000002093 peripheral effect Effects 0.000 description 2
- 238000012552 review Methods 0.000 description 2
- 238000000638 solvent extraction Methods 0.000 description 2
- 230000005641 tunneling Effects 0.000 description 2
- 238000003491 array Methods 0.000 description 1
- 230000005540 biological transmission Effects 0.000 description 1
- 238000011217 control strategy Methods 0.000 description 1
- 238000013500 data storage Methods 0.000 description 1
- 238000013135 deep learning Methods 0.000 description 1
- 235000019800 disodium phosphate Nutrition 0.000 description 1
- 238000000802 evaporation-induced self-assembly Methods 0.000 description 1
- 230000010365 information processing Effects 0.000 description 1
- 238000007689 inspection Methods 0.000 description 1
- 230000003993 interaction Effects 0.000 description 1
- 230000002452 interceptive effect Effects 0.000 description 1
- 238000010801 machine learning Methods 0.000 description 1
- 230000007246 mechanism Effects 0.000 description 1
- 230000005055 memory storage Effects 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 238000003058 natural language processing Methods 0.000 description 1
- 230000008569 process Effects 0.000 description 1
- 230000004044 response Effects 0.000 description 1
- 230000000007 visual effect Effects 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L43/00—Arrangements for monitoring or testing data switching networks
- H04L43/06—Generation of reports
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L43/00—Arrangements for monitoring or testing data switching networks
- H04L43/08—Monitoring or testing based on specific metrics, e.g. QoS, energy consumption or environmental parameters
- H04L43/0805—Monitoring or testing based on specific metrics, e.g. QoS, energy consumption or environmental parameters by checking availability
- H04L43/0811—Monitoring or testing based on specific metrics, e.g. QoS, energy consumption or environmental parameters by checking availability by checking connectivity
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L43/00—Arrangements for monitoring or testing data switching networks
- H04L43/18—Protocol analysers
-
- Y—GENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y02—TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
- Y02D—CLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
- Y02D10/00—Energy efficient computing, e.g. low power processors, power management or thermal management
Abstract
The invention relates to the field of Internet of things, and provides a method, a device, equipment and a medium for detecting a directional network based on a TF-IDF algorithm, which can segment an acquired CAP packet to obtain each message, generate a data pane according to basic characteristics of each message, adopt the TF-IDF algorithm, determine the protocol type of each message based on the data pane, extract backfill characteristics of each message according to the protocol type of each message, backfill the data pane to obtain a target pane, mark each message in the target pane according to a first list and a second list to obtain a detection report, calculate connectivity matching degree of a target directional network according to the detection report, and output the detection report and the connectivity matching degree. The invention can rapidly match the relevant protocol types of the message based on the TF-IDF algorithm, marks the message by combining with the configured list, and can rapidly and accurately realize the detection of the directional network without manual intervention.
Description
Technical Field
The invention relates to the technical field of the internet of things, in particular to a directional network detection method, device, equipment and medium based on a TF-IDF algorithm.
Background
The directional service is one of important revenue services in the field of the Internet of things, and the directional service accepts the factors of more open clients, more client channels, more control strategies and the like, so that the directional service network connectivity opened by the clients is modulated into an important link before delivery.
At present, the customization degree of the client oriented service is higher, after the acceptance personnel analyze through professional tools such as network packet capturing and wirereshark, the professional personnel still need to screen key information such as specific protocols, IP (Internet Protocol ), URL (Uniform Resource Locator, uniform resource locator) and domain names through manpower, and extract information after the inspection of each network message from a physical layer to an application layer.
In the processing mode, the repeatability workload is large, the labor cost is high, and meanwhile, the matching efficiency and the accuracy are not high.
Disclosure of Invention
In view of the above, it is necessary to provide a method, a device and a medium for detecting a directional network based on TF-IDF algorithm, so as to solve the problems of low detection efficiency and low accuracy of the directional network.
A directional network detection method based on TF-IDF algorithm, the directional network detection method based on TF-IDF algorithm comprising:
Responsive to a detection instruction for a target directional network, collecting CAP packets captured from the target directional network based on a network element;
dividing the CAP packet to obtain each message carried in the CAP packet;
extracting basic characteristics of each message, and generating a data pane according to the basic characteristics of each message;
determining the protocol type of each message based on the data pane by adopting a TF-IDF algorithm;
extracting backfill characteristics of each message according to the protocol type of each message;
backfilling the data pane by using the backfilling characteristic of each message to obtain a target pane;
acquiring a first list and a second list which are preset, and marking each message in the target pane according to the first list and the second list to obtain a detection report;
calculating connectivity matching degree of the target directional network according to the detection report;
and outputting the detection report and the connectivity matching degree.
According to a preferred embodiment of the present invention, the dividing the CAP packet to obtain each packet carried in the CAP packet includes:
acquiring a start identifier and an end identifier;
determining the starting identifier and the ending identifier as partition points to partition the CAP packet;
And for each piece of data obtained after the segmentation, determining the starting identifier as a message starting point, and determining the ending identifier as a message ending point to obtain each message carried in the CAP packet.
According to a preferred embodiment of the present invention, the determining, by using TF-IDF algorithm, a protocol type of each packet based on the data pane includes:
reading the occurrence times of each basic feature in each message and the total occurrence times of all basic features in each message from the data pane;
calculating the quotient of the occurrence frequency of each basic feature and the total frequency to obtain the occurrence frequency of each basic feature in each message;
obtaining a pre-configured message protocol dictionary, wherein the message protocol dictionary is used for storing the mapping relation between protocol types and characteristics;
determining the number of each protocol type in the message protocol dictionary;
determining the number of each basic feature in the message protocol dictionary;
calculating the sum of the number of each basic feature and a preset value to obtain a basic value of each basic feature;
calculating the logarithmic value of the quotient of the number of each protocol type and the basic value of each basic feature to obtain the inverse frequency of each basic feature relative to each protocol type;
Calculating the product of the occurrence frequency of each basic feature and the frequency of each basic feature relative to each protocol type to obtain the weight of each basic feature relative to each protocol type;
calculating the sum of the weights of all basic features in each message relative to each protocol type to obtain the fit degree of each message relative to each protocol type;
and determining the protocol type with the highest degree of fit as the protocol type of each message.
According to a preferred embodiment of the present invention, the extracting the backfill feature of each message according to the protocol type of each message includes:
determining a field to which backfill characteristics of each message belong according to the protocol type of each message;
and extracting the backfill characteristic of each message from each message according to the field of the backfill characteristic of each message.
According to a preferred embodiment of the present invention, the first list is used for storing features of objects that prohibit access to the target directional network, the second list is used for storing features of objects that allow access to the target directional network, and the marking each message in the target pane according to the first list and the second list includes:
reading backfill characteristics of each message from the target pane;
Matching the backfill characteristic of each message with the characteristic of the object in the first list, and marking the matched message for the first time;
matching the backfill characteristic of each message with the characteristic of the object in the second list, and marking the matched message for the second time;
and carrying out third marking on the messages which are not successfully matched with the first list and are not successfully matched with the second list.
According to a preferred embodiment of the present invention, the calculating the connectivity matching degree of the target directional network according to the detection report includes:
acquiring the number of the messages with the second mark from the detection report as a first number;
acquiring the number of the messages with the third mark from the detection report as a second number;
calculating the sum of the first quantity and the second quantity to obtain a third quantity;
acquiring the total number of all messages from the detection report;
and calculating the quotient of the third quantity and the total quantity to obtain the connectivity matching degree of the target directional network.
According to a preferred embodiment of the present invention, after outputting the detection report and the connectivity match degree, the method further includes:
When the connectivity matching degree is not equal to 1, sending out prompt information;
the prompt information is used for prompting that the target directional network has abnormal access conditions and prompting to check the detection report.
A TF-IDF algorithm-based directional network detection apparatus, the TF-IDF algorithm-based directional network detection apparatus comprising:
the acquisition unit is used for responding to a detection instruction of a target directional network and acquiring CAP packets captured from the target directional network based on network elements;
the segmentation unit is used for segmenting the CAP packet to obtain each message carried in the CAP packet;
the generating unit is used for extracting the basic characteristics of each message and generating a data pane according to the basic characteristics of each message;
a determining unit, configured to determine a protocol type of each message based on the data pane by using a TF-IDF algorithm;
the extraction unit is used for extracting backfill characteristics of each message according to the protocol type of each message;
the backfill unit is used for backfilling the data pane by utilizing the backfill characteristic of each message to obtain a target pane;
the marking unit is used for acquiring a first list and a second list which are preset, marking each message in the target pane according to the first list and the second list, and obtaining a detection report;
The calculating unit is used for calculating connectivity matching degree of the target directional network according to the detection report;
and the output unit is used for outputting the detection report and the connectivity matching degree.
A computer device, the computer device comprising:
a memory storing at least one instruction; and
And the processor executes the instructions stored in the memory to realize the directional network detection method based on the TF-IDF algorithm.
A computer-readable storage medium having stored therein at least one instruction for execution by a processor in a computer device to implement the TF-IDF algorithm based directional network detection method.
According to the technical scheme, the method and the device can be used for rapidly matching the relevant protocol types of the message based on the TF-IDF algorithm, marking the message by combining the configured list, and rapidly and accurately detecting the directional network without manual intervention.
Drawings
Fig. 1 is a flow chart of a preferred embodiment of the method for directional network detection based on TF-IDF algorithm of the present invention.
Fig. 2 is a functional block diagram of a preferred embodiment of the directional network detection apparatus based on TF-IDF algorithm of the present invention.
Fig. 3 is a schematic structural diagram of a computer device for implementing a preferred embodiment of the directional network detection method based on TF-IDF algorithm according to the present invention.
Detailed Description
In order to make the objects, technical solutions and advantages of the present invention more apparent, the present invention will be described in detail with reference to the accompanying drawings and specific embodiments.
Fig. 1 is a flowchart of a directional network detection method based on TF-IDF algorithm according to a preferred embodiment of the present invention. The order of the steps in the flowchart may be changed and some steps may be omitted according to various needs.
The directional network detection method based on the TF-IDF algorithm is applied to one or more computer devices, wherein the computer devices are devices capable of automatically performing numerical calculation and/or information processing according to preset or stored instructions, and the hardware comprises, but is not limited to, microprocessors, application specific integrated circuits (Application Specific Integrated Circuit, ASICs), programmable gate arrays (Field-Programmable Gate Array, FPGA), digital processors (Digital Signal Processor, DSPs), embedded devices and the like.
The computer device may be any electronic product that can interact with a user in a human-computer manner, such as a personal computer, tablet computer, smart phone, personal digital assistant (Personal Digital Assistant, PDA), game console, interactive internet protocol television (Internet Protocol Television, IPTV), smart wearable device, etc.
The computer device may also include a network device and/or a user device. Wherein the network device includes, but is not limited to, a single network server, a server group composed of a plurality of network servers, or a Cloud based Cloud Computing (Cloud Computing) composed of a large number of hosts or network servers.
The server may be an independent server, or may be a cloud server that provides cloud services, cloud databases, cloud computing, cloud functions, cloud storage, network services, cloud communications, middleware services, domain name services, security services, content delivery networks (Content Delivery Network, CDN), and basic cloud computing services such as big data and artificial intelligence platforms.
Among these, artificial intelligence (Artificial Intelligence, AI) is the theory, method, technique and application system that uses a digital computer or a digital computer-controlled machine to simulate, extend and extend human intelligence, sense the environment, acquire knowledge and use knowledge to obtain optimal results.
Artificial intelligence infrastructure technologies generally include technologies such as sensors, dedicated artificial intelligence chips, cloud computing, distributed storage, big data processing technologies, operation/interaction systems, mechatronics, and the like. The artificial intelligence software technology mainly comprises a computer vision technology, a robot technology, a biological recognition technology, a voice processing technology, a natural language processing technology, machine learning/deep learning and other directions.
The network in which the computer device is located includes, but is not limited to, the internet, a wide area network, a metropolitan area network, a local area network, a virtual private network (Virtual Private Network, VPN), and the like.
S10, responding to a detection instruction of a target directional network, and acquiring CAP packets captured from the target directional network based on a network element.
In this embodiment, the target-oriented network refers to a network accessible to a specific object.
In this embodiment, the network element may include, but is not limited to: PGW (PDN GateWay), etc.
In this embodiment, the CAP packet may be a 16-system CAP file, or a CAP file of a type such as pcap, or the like.
S11, dividing the CAP packet to obtain each message carried in the CAP packet.
In at least one embodiment of the present invention, the partitioning the CAP packet to obtain each packet carried in the CAP packet includes:
acquiring a start identifier and an end identifier;
determining the starting identifier and the ending identifier as partition points to partition the CAP packet;
and for each piece of data obtained after the segmentation, determining the starting identifier as a message starting point, and determining the ending identifier as a message ending point to obtain each message carried in the CAP packet.
For example: when the initial identifier is a first identifier and the end identifier is a second identifier, the data between the first identifier and the second identifier is loaded after segmentation, and the data is a message.
By the embodiment, the CAP packet can be automatically segmented according to the identifier, so that each message in the CAP packet can be extracted.
S12, extracting basic characteristics of each message, and generating a data pane according to the basic characteristics of each message.
In at least one embodiment of the present invention, the basic features may include, but are not limited to, one or more of the following combinations of features:
source address Src, destination address Dest, source port SrcPort, destination port DestPort, base Protocol type Protocol, etc.
Further, taking each message as a column, and placing the basic characteristics of each message in a square behind each message to form the data pane, which can be seen in the following table:
| message 1 | Basic characteristics 1 | Basic feature 2 | Basic feature 3 | Basic features 4 |
| Message 2 | Basic characteristics 1 | Basic feature 2 | Basic feature 3 | Basic features 4 |
| Message 3 | Basic characteristics 1 | Basic feature 2 | Basic feature 3 | Basic features 4 |
| Message 4 | Basic characteristics 1 | Basic feature 2 | Basic feature 3 | Basic features 4 |
| Message 5 | Basic characteristics 1 | Basic feature 2 | Basic feature 3 | Basic features 4 |
By the above embodiment, the data pane can be generated for subsequent data processing.
S13, a TF-IDF (term frequency-inverse document frequency) algorithm is adopted, and the protocol type of each message is determined based on the data pane.
In at least one embodiment of the present invention, the determining, by using TF-IDF algorithm, a protocol type of each packet based on the data pane includes:
reading the occurrence times of each basic feature in each message and the total occurrence times of all basic features in each message from the data pane;
calculating the quotient of the occurrence frequency of each basic feature and the total frequency to obtain the occurrence frequency of each basic feature in each message;
obtaining a pre-configured message protocol dictionary, wherein the message protocol dictionary is used for storing the mapping relation between protocol types and characteristics;
determining the number of each protocol type in the message protocol dictionary;
determining the number of each basic feature in the message protocol dictionary;
calculating the sum of the number of each basic feature and a preset value to obtain a basic value of each basic feature;
Calculating the logarithmic value of the quotient of the number of each protocol type and the basic value of each basic feature to obtain the inverse frequency of each basic feature relative to each protocol type;
calculating the product of the occurrence frequency of each basic feature and the frequency of each basic feature relative to each protocol type to obtain the weight of each basic feature relative to each protocol type;
calculating the sum of the weights of all basic features in each message relative to each protocol type to obtain the fit degree of each message relative to each protocol type;
and determining the protocol type with the highest degree of fit as the protocol type of each message.
For example: the message protocol dictionary may store: DNS (Domain Name Server, domain name resolution) protocol, a feature "port 53" corresponding to the DNS protocol; GTP (GPRS tunneling protocol) protocol and the corresponding feature "port 2152" of the GTP protocol; GTP < HTTP > protocol, and the characteristic port 80 corresponding to GTP < HTTP > protocol.
According to the embodiment, the protocol type of the daily message can be automatically matched based on the TF-IDF algorithm and the configured message protocol dictionary, human intervention is not needed, the calculation efficiency is high, the misoperation problem caused by human participation is effectively avoided, and the accuracy is high.
S14, extracting backfill characteristics of each message according to the protocol type of each message.
In at least one embodiment of the present invention, the extracting the backfill feature of each message according to the protocol type of each message includes:
determining a field to which backfill characteristics of each message belong according to the protocol type of each message;
and extracting the backfill characteristic of each message from each message according to the field of the backfill characteristic of each message.
For example: the backfill features can include, but are not limited to: IP (Internet Protocol ), URL (uniform resource locator, uniform resource location system), domain name, etc.
It will be appreciated that unlike the basic features which have fixed fields for each protocol type, the backfill features are also different for the fields to which each protocol type belongs, and therefore need to be extracted according to the different protocol types.
By the implementation mode, the backfill characteristic can be extracted pertinently based on the protocol type of the message, and manual intervention is not needed.
And S15, backfilling the data pane by using the backfilling characteristic of each message to obtain a target pane.
In this embodiment, the backfill feature of each message may be added behind the corresponding message feature to obtain the target pane, which may be specifically referred to in the following table:
| Message 1 | Basic characteristics 1 | Basic feature 2 | Basic feature 3 | Basic features 4 | Backfill feature 1 |
| Message 2 | Basic characteristics 1 | Basic feature 2 | Basic feature 3 | Basic features 4 | Backfill feature 2 |
| Message 3 | Basic characteristics 1 | Basic feature 2 | Basic feature 3 | Basic features 4 | Backfill feature 3 |
| Message 4 | Basic characteristics 1 | Basic feature 2 | Basic feature 3 | Basic features 4 | Backfill feature 4 |
| Message 5 | Basic characteristics 1 | Basic feature 2 | Basic feature 3 | Basic features 4 | Backfill feature 5 |
S16, a first list and a second list which are configured in advance are obtained, and each message in the target pane is marked according to the first list and the second list, so that a detection report is obtained.
In at least one embodiment of the present invention, the first list is used for storing features of objects that prohibit access to the target directional network, the second list is used for storing features of objects that allow access to the target directional network, and the marking each message in the target pane according to the first list and the second list includes:
reading backfill characteristics of each message from the target pane;
matching the backfill characteristic of each message with the characteristic of the object in the first list, and marking the matched message for the first time;
Matching the backfill characteristic of each message with the characteristic of the object in the second list, and marking the matched message for the second time;
and carrying out third marking on the messages which are not successfully matched with the first list and are not successfully matched with the second list.
Specifically, the first list corresponds to a pre-configured blacklist, and the second list corresponds to a pre-configured whitelist.
Further, according to the matching situation, the detection report is generated, and the specific form can be seen in the following table:
| message 1 | Basic characteristics 1 | Basic feature 2 | Basic feature 3 | Basic features 4 | Backfill feature 1 | First mark |
| Message 2 | Basic characteristics 1 | Basic feature 2 | Basic feature 3 | Basic features 4 | Backfill feature 2 | Second mark |
| Message 3 | Basic characteristics 1 | Basic feature 2 | Basic feature 3 | Basic features 4 | Backfill feature 3 | Third mark |
| Message 4 | Basic characteristics 1 | Basic feature 2 | Basic feature 3 | Basic features 4 | Backfill feature 4 | First mark |
| Message 5 | Basic characteristics 1 | Basic feature 2 | Basic feature 3 | Basic features 4 | Backfill feature 5 | Second mark |
By the embodiment, each message can be automatically marked by combining with a preconfigured list, and then a detection report can be automatically generated.
And S17, calculating connectivity matching degree of the target directional network according to the detection report.
In at least one embodiment of the present invention, the calculating connectivity matching degree of the target directional network according to the detection report includes:
acquiring the number of the messages with the second mark from the detection report as a first number;
acquiring the number of the messages with the third mark from the detection report as a second number;
calculating the sum of the first quantity and the second quantity to obtain a third quantity;
acquiring the total number of all messages from the detection report;
and calculating the quotient of the third quantity and the total quantity to obtain the connectivity matching degree of the target directional network.
With the above example, the number of the messages with the second label is 2, the number of the messages with the third label is 1, and the total number of all the messages is 5, and then the connectivity matching degree of the target directional network is calculated by using the formula (2+1)/5 and is 60%.
Through the implementation mode, the connectivity matching degree of the target directional network can be automatically calculated.
And S18, outputting the detection report and the connectivity matching degree.
In this embodiment, the detection report and the connectivity matching degree may be transmitted to a terminal device of the designated user.
For example: the detection report and the connectivity matching degree can be transmitted to a terminal device of a client or a terminal device of a tester.
In this embodiment, after outputting the detection report and the connectivity matching degree, the method further includes:
when the connectivity matching degree is not equal to 1, sending out prompt information;
the prompt information is used for prompting that the target directional network has abnormal access conditions and prompting to check the detection report.
For example: the prompt information may be: "connectivity match of the current network is not a percentage, there may be abnormal access conditions, please query the detection report to determine the abnormal access object".
It can be understood that as long as the object in the blacklist accesses the target directional network in the detection report, an abnormal access condition is indicated, at this time, the calculated connectivity matching degree is not 1, and at this time, prompt information is timely sent to remind related personnel of handling the abnormality.
When the connectivity matching degree is 1, it is indicated that there is no object in the blacklist accessing the target directional network in the detection report, that is, there is no abnormal access, and at this time, it may be unnecessary to view the detection report, so as to save time. Of course, the detection report is still output for review by the user as needed.
According to the technical scheme, the method and the device can divide the acquired CAP packet to obtain each message, generate a data pane according to the basic characteristics of each message, determine the protocol type of each message based on the data pane by adopting a TF-IDF algorithm, extract the backfill characteristics of each message according to the protocol type of each message, backfill the data pane to obtain a target pane, mark each message in the target pane according to a first list and a second list to obtain a detection report, calculate the connectivity matching degree of a target directional network according to the detection report, and output the detection report and the connectivity matching degree. The invention can rapidly match the relevant protocol types of the message based on the TF-IDF algorithm, marks the message by combining with the configured list, and can rapidly and accurately realize the detection of the directional network without manual intervention.
Fig. 2 is a functional block diagram of a preferred embodiment of the directional network detection apparatus according to the present invention based on TF-IDF algorithm. The directional network detection device 11 based on the TF-IDF algorithm comprises an acquisition unit 110, a segmentation unit 111, a generation unit 112, a determination unit 113, an extraction unit 114, a backfill unit 115, a marking unit 116, a calculation unit 117, and an output unit 118. The module/unit referred to in the present invention refers to a series of computer program segments capable of being executed by the processor 13 and of performing a fixed function, which are stored in the memory 12. In the present embodiment, the functions of the respective modules/units will be described in detail in the following embodiments.
The acquisition unit 110 acquires CAP packets captured from a target directional network based on network elements in response to a detection instruction of the target directional network.
In this embodiment, the target-oriented network refers to a network accessible to a specific object.
In this embodiment, the network element may include, but is not limited to: PGW (PDN GateWay), etc.
In this embodiment, the CAP packet may be a 16-system CAP file, or a CAP file of a type such as pcap, or the like.
The dividing unit 111 divides the CAP packet to obtain each packet carried in the CAP packet.
In at least one embodiment of the present invention, the partitioning unit 111 partitions the CAP packet, and the obtaining each packet carried in the CAP packet includes:
acquiring a start identifier and an end identifier;
determining the starting identifier and the ending identifier as partition points to partition the CAP packet;
and for each piece of data obtained after the segmentation, determining the starting identifier as a message starting point, and determining the ending identifier as a message ending point to obtain each message carried in the CAP packet.
For example: when the initial identifier is a first identifier and the end identifier is a second identifier, the data between the first identifier and the second identifier is loaded after segmentation, and the data is a message.
By the embodiment, the CAP packet can be automatically segmented according to the identifier, so that each message in the CAP packet can be extracted.
The generating unit 112 extracts the basic characteristics of each message and generates a data pane according to the basic characteristics of each message.
In at least one embodiment of the present invention, the basic features may include, but are not limited to, one or more of the following combinations of features:
source address Src, destination address Dest, source port SrcPort, destination port DestPort, base Protocol type Protocol, etc.
Further, taking each message as a column, and placing the basic characteristics of each message in a square behind each message to form the data pane, which can be seen in the following table:
| message 1 | Basic characteristics 1 | Basic feature 2 | Basic feature 3 | Basic features 4 |
| Message 2 | Basic characteristics 1 | Basic feature 2 | Basic feature 3 | Basic features 4 |
| Message 3 | Basic characteristics 1 | Basic feature 2 | Basic feature 3 | Basic features 4 |
| Message 4 | Basic characteristics 1 | Basic feature 2 | Basic feature 3 | Basic features 4 |
| Message 5 | Basic characteristics 1 | Basic feature 2 | Basic feature 3 | Basic features 4 |
By the above embodiment, the data pane can be generated for subsequent data processing.
The determining unit 113 determines the protocol type of each message based on the data pane using a TF-IDF (term frequency-inverse document frequency) algorithm.
In at least one embodiment of the present invention, the determining unit 113 employs TF-IDF algorithm, and determining the protocol type of each packet based on the data pane includes:
reading the occurrence times of each basic feature in each message and the total occurrence times of all basic features in each message from the data pane;
calculating the quotient of the occurrence frequency of each basic feature and the total frequency to obtain the occurrence frequency of each basic feature in each message;
obtaining a pre-configured message protocol dictionary, wherein the message protocol dictionary is used for storing the mapping relation between protocol types and characteristics;
determining the number of each protocol type in the message protocol dictionary;
determining the number of each basic feature in the message protocol dictionary;
calculating the sum of the number of each basic feature and a preset value to obtain a basic value of each basic feature;
calculating the logarithmic value of the quotient of the number of each protocol type and the basic value of each basic feature to obtain the inverse frequency of each basic feature relative to each protocol type;
Calculating the product of the occurrence frequency of each basic feature and the frequency of each basic feature relative to each protocol type to obtain the weight of each basic feature relative to each protocol type;
calculating the sum of the weights of all basic features in each message relative to each protocol type to obtain the fit degree of each message relative to each protocol type;
and determining the protocol type with the highest degree of fit as the protocol type of each message.
For example: the message protocol dictionary may store: DNS (Domain Name Server, domain name resolution) protocol, a feature "port 53" corresponding to the DNS protocol; GTP (GPRS tunneling protocol) protocol and the corresponding feature "port 2152" of the GTP protocol; GTP < HTTP > protocol, and the characteristic port 80 corresponding to GTP < HTTP > protocol.
According to the embodiment, the protocol type of the daily message can be automatically matched based on the TF-IDF algorithm and the configured message protocol dictionary, human intervention is not needed, the calculation efficiency is high, the misoperation problem caused by human participation is effectively avoided, and the accuracy is high.
The extraction unit 114 extracts backfill features of each message according to the protocol type of each message.
In at least one embodiment of the present invention, the extracting unit 114 extracts the backfill feature of each message according to the protocol type of each message includes:
determining a field to which backfill characteristics of each message belong according to the protocol type of each message;
and extracting the backfill characteristic of each message from each message according to the field of the backfill characteristic of each message.
For example: the backfill features can include, but are not limited to: IP (Internet Protocol ), URL (uniform resource locator, uniform resource location system), domain name, etc.
It will be appreciated that unlike the basic features which have fixed fields for each protocol type, the backfill features are also different for the fields to which each protocol type belongs, and therefore need to be extracted according to the different protocol types.
By the implementation mode, the backfill characteristic can be extracted pertinently based on the protocol type of the message, and manual intervention is not needed.
The backfill unit 115 backfills the data pane with the backfill feature of each message to obtain a target pane.
In this embodiment, the backfill feature of each message may be added behind the corresponding message feature to obtain the target pane, which may be specifically referred to in the following table:
| Message 1 | Basic characteristics 1 | Basic feature 2 | Basic feature 3 | Basic features 4 | Backfill feature 1 |
| Message 2 | Basic characteristics 1 | Basic feature 2 | Basic feature 3 | Basic features 4 | Backfill feature 2 |
| Message 3 | Basic characteristics 1 | Basic feature 2 | Basic feature 3 | Basic features 4 | Backfill feature 3 |
| Message 4 | Basic characteristics 1 | Basic feature 2 | Basic feature 3 | Basic features 4 | Backfill feature 4 |
| Message 5 | Basic characteristics 1 | Basic feature 2 | Basic feature 3 | Basic features 4 | Backfill feature 5 |
The marking unit 116 obtains a first list and a second list which are configured in advance, and marks each message in the target pane according to the first list and the second list to obtain a detection report.
In at least one embodiment of the present invention, the first list is used for storing features of objects that prohibit access to the target directional network, the second list is used for storing features of objects that allow access to the target directional network, and the marking unit 116 marks each message in the target pane according to the first list and the second list includes:
reading backfill characteristics of each message from the target pane;
matching the backfill characteristic of each message with the characteristic of the object in the first list, and marking the matched message for the first time;
Matching the backfill characteristic of each message with the characteristic of the object in the second list, and marking the matched message for the second time;
and carrying out third marking on the messages which are not successfully matched with the first list and are not successfully matched with the second list.
Specifically, the first list corresponds to a pre-configured blacklist, and the second list corresponds to a pre-configured whitelist.
Further, according to the matching situation, the detection report is generated, and the specific form can be seen in the following table:
| message 1 | Basic characteristics 1 | Basic feature 2 | Basic feature 3 | Basic features 4 | Backfill feature 1 | First mark |
| Message 2 | Basic characteristics 1 | Basic feature 2 | Basic feature 3 | Basic features 4 | Backfill feature 2 | Second mark |
| Message 3 | Basic characteristics 1 | Basic feature 2 | Basic feature 3 | Basic features 4 | Backfill feature 3 | Third mark |
| Message 4 | Basic characteristics 1 | Basic feature 2 | Basic feature 3 | Basic features 4 | Backfill feature 4 | First mark |
| Message 5 | Basic characteristics 1 | Basic feature 2 | Basic feature 3 | Basic features 4 | Backfill feature 5 | Second mark |
By the embodiment, each message can be automatically marked by combining with a preconfigured list, and then a detection report can be automatically generated.
The calculation unit 117 calculates connectivity matching degree of the target directional network according to the detection report.
In at least one embodiment of the present invention, the calculating unit 117 calculates connectivity matching degree of the target directional network according to the detection report includes:
acquiring the number of the messages with the second mark from the detection report as a first number;
acquiring the number of the messages with the third mark from the detection report as a second number;
calculating the sum of the first quantity and the second quantity to obtain a third quantity;
acquiring the total number of all messages from the detection report;
and calculating the quotient of the third quantity and the total quantity to obtain the connectivity matching degree of the target directional network.
With the above example, the number of the messages with the second label is 2, the number of the messages with the third label is 1, and the total number of all the messages is 5, and then the connectivity matching degree of the target directional network is calculated by using the formula (2+1)/5 and is 60%.
Through the implementation mode, the connectivity matching degree of the target directional network can be automatically calculated.
The output unit 118 outputs the detection report and the connectivity match.
In this embodiment, the detection report and the connectivity matching degree may be transmitted to a terminal device of the designated user.
For example: the detection report and the connectivity matching degree can be transmitted to a terminal device of a client or a terminal device of a tester.
In this embodiment, after outputting the detection report and the connectivity matching degree, when the connectivity matching degree is not equal to 1, a prompt message is sent out;
the prompt information is used for prompting that the target directional network has abnormal access conditions and prompting to check the detection report.
For example: the prompt information may be: "connectivity match of the current network is not a percentage, there may be abnormal access conditions, please query the detection report to determine the abnormal access object".
It can be understood that as long as the object in the blacklist accesses the target directional network in the detection report, an abnormal access condition is indicated, at this time, the calculated connectivity matching degree is not 1, and at this time, prompt information is timely sent to remind related personnel of handling the abnormality.
When the connectivity matching degree is 1, it is indicated that there is no object in the blacklist accessing the target directional network in the detection report, that is, there is no abnormal access, and at this time, it may be unnecessary to view the detection report, so as to save time. Of course, the detection report is still output for review by the user as needed.
According to the technical scheme, the method and the device can divide the acquired CAP packet to obtain each message, generate a data pane according to the basic characteristics of each message, determine the protocol type of each message based on the data pane by adopting a TF-IDF algorithm, extract the backfill characteristics of each message according to the protocol type of each message, backfill the data pane to obtain a target pane, mark each message in the target pane according to a first list and a second list to obtain a detection report, calculate the connectivity matching degree of a target directional network according to the detection report, and output the detection report and the connectivity matching degree. The invention can rapidly match the relevant protocol types of the message based on the TF-IDF algorithm, marks the message by combining with the configured list, and can rapidly and accurately realize the detection of the directional network without manual intervention.
Fig. 3 is a schematic structural diagram of a computer device according to a preferred embodiment of the present invention for implementing a directional network detection method based on TF-IDF algorithm.
The computer device 1 may comprise a memory 12, a processor 13 and a bus, and may further comprise a computer program stored in the memory 12 and executable on the processor 13, for example a directional network detection program based on the TF-IDF algorithm.
It will be appreciated by those skilled in the art that the schematic diagram is merely an example of the computer device 1 and does not constitute a limitation of the computer device 1, the computer device 1 may be a bus type structure, a star type structure, the computer device 1 may further comprise more or less other hardware or software than illustrated, or a different arrangement of components, for example, the computer device 1 may further comprise an input-output device, a network access device, etc.
It should be noted that the computer device 1 is only used as an example, and other electronic products that may be present in the present invention or may be present in the future are also included in the scope of the present invention by way of reference.
The memory 12 includes at least one type of readable storage medium including flash memory, a removable hard disk, a multimedia card, a card memory (e.g., SD or DX memory, etc.), a magnetic memory, a magnetic disk, an optical disk, etc. The memory 12 may in some embodiments be an internal storage unit of the computer device 1, such as a removable hard disk of the computer device 1. The memory 12 may in other embodiments also be an external storage device of the computer device 1, such as a plug-in mobile hard disk, a Smart Media Card (SMC), a Secure Digital (SD) Card, a Flash memory Card (Flash Card) or the like, which are provided on the computer device 1. Further, the memory 12 may also include both an internal storage unit and an external storage device of the computer device 1. The memory 12 may be used not only for storing application software installed in the computer device 1 and various types of data, such as codes of a directional network detection program based on TF-IDF algorithm, etc., but also for temporarily storing data that has been output or is to be output.
The processor 13 may be comprised of integrated circuits in some embodiments, for example, a single packaged integrated circuit, or may be comprised of multiple integrated circuits packaged with the same or different functions, including one or more central processing units (Central Processing unit, CPU), microprocessors, digital processing chips, graphics processors, a combination of various control chips, and the like. The processor 13 is a Control Unit (Control Unit) of the computer device 1, connects the respective components of the entire computer device 1 using various interfaces and lines, executes or executes programs or modules stored in the memory 12 (for example, executes a directional network detection program based on TF-IDF algorithm, etc.), and invokes data stored in the memory 12 to perform various functions of the computer device 1 and process data.
The processor 13 executes the operating system of the computer device 1 and various types of applications installed. The processor 13 executes the application program to implement the steps of the various embodiments of the TF-IDF algorithm-based directional network detection method described above, such as the steps shown in fig. 1.
Illustratively, the computer program may be partitioned into one or more modules/units that are stored in the memory 12 and executed by the processor 13 to complete the present invention. The one or more modules/units may be a series of computer readable instruction segments capable of performing the specified functions, which instruction segments describe the execution of the computer program in the computer device 1. For example, the computer program may be divided into an acquisition unit 110, a division unit 111, a generation unit 112, a determination unit 113, an extraction unit 114, a backfill unit 115, a marking unit 116, a calculation unit 117, an output unit 118.
The integrated units implemented in the form of software functional modules described above may be stored in a computer readable storage medium. The software functional module is stored in a storage medium, and includes several instructions for causing a computer device (which may be a personal computer, a computer device, or a network device, etc.) or a processor (processor) to execute portions of the TF-IDF algorithm-based directional network detection method according to the embodiments of the present invention.
The modules/units integrated in the computer device 1 may be stored in a computer readable storage medium if implemented in the form of software functional units and sold or used as separate products. Based on this understanding, the present invention may also be implemented by a computer program for instructing a relevant hardware device to implement all or part of the procedures of the above-mentioned embodiment method, where the computer program may be stored in a computer readable storage medium and the computer program may be executed by a processor to implement the steps of each of the above-mentioned method embodiments.
Wherein the computer program comprises computer program code which may be in source code form, object code form, executable file or some intermediate form etc. The computer readable medium may include: any entity or device capable of carrying the computer program code, a recording medium, a U disk, a removable hard disk, a magnetic disk, an optical disk, a computer Memory, a Read-Only Memory (ROM), a random access Memory, or the like.
Further, the computer-readable storage medium may mainly include a storage program area and a storage data area, wherein the storage program area may store an operating system, an application program required for at least one function, and the like; the storage data area may store data created from the use of blockchain nodes, and the like.
The blockchain is a novel application mode of computer technologies such as distributed data storage, point-to-point transmission, consensus mechanism, encryption algorithm and the like. The Blockchain (Blockchain), which is essentially a decentralised database, is a string of data blocks that are generated by cryptographic means in association, each data block containing a batch of information of network transactions for verifying the validity of the information (anti-counterfeiting) and generating the next block. The blockchain may include a blockchain underlying platform, a platform product services layer, an application services layer, and the like.
The bus may be a peripheral component interconnect standard (peripheral component interconnect, PCI) bus or an extended industry standard architecture (extended industry standard architecture, EISA) bus, among others. The bus may be classified as an address bus, a data bus, a control bus, etc. For ease of illustration, only one straight line is shown in fig. 3, but not only one bus or one type of bus. The bus is arranged to enable a connection communication between the memory 12 and at least one processor 13 or the like.
Although not shown, the computer device 1 may further comprise a power source (such as a battery) for powering the various components, preferably the power source may be logically connected to the at least one processor 13 via a power management means, whereby the functions of charge management, discharge management, and power consumption management are achieved by the power management means. The power supply may also include one or more of any of a direct current or alternating current power supply, recharging device, power failure detection circuit, power converter or inverter, power status indicator, etc. The computer device 1 may further include various sensors, bluetooth modules, wi-Fi modules, etc., which will not be described in detail herein.
Further, the computer device 1 may also comprise a network interface, optionally comprising a wired interface and/or a wireless interface (e.g. WI-FI interface, bluetooth interface, etc.), typically used for establishing a communication connection between the computer device 1 and other computer devices.
The computer device 1 may optionally further comprise a user interface, which may be a Display, an input unit, such as a Keyboard (Keyboard), or a standard wired interface, a wireless interface. Alternatively, in some embodiments, the display may be an LED display, a liquid crystal display, a touch-sensitive liquid crystal display, an OLED (Organic Light-Emitting Diode) touch, or the like. The display may also be referred to as a display screen or display unit, as appropriate, for displaying information processed in the computer device 1 and for displaying a visual user interface.
It should be understood that the embodiments described are for illustrative purposes only and are not limited to this configuration in the scope of the patent application.
Fig. 3 shows only a computer device 1 with components 12-13, it being understood by those skilled in the art that the structure shown in fig. 3 is not limiting of the computer device 1 and may include fewer or more components than shown, or may combine certain components, or a different arrangement of components.
In connection with fig. 1, the memory 12 in the computer device 1 stores a plurality of instructions to implement a method for directional network detection based on TF-IDF algorithm, the processor 13 being executable to implement:
responsive to a detection instruction for a target directional network, collecting CAP packets captured from the target directional network based on a network element;
dividing the CAP packet to obtain each message carried in the CAP packet;
extracting basic characteristics of each message, and generating a data pane according to the basic characteristics of each message;
determining the protocol type of each message based on the data pane by adopting a TF-IDF algorithm;
extracting backfill characteristics of each message according to the protocol type of each message;
backfilling the data pane by using the backfilling characteristic of each message to obtain a target pane;
Acquiring a first list and a second list which are preset, and marking each message in the target pane according to the first list and the second list to obtain a detection report;
calculating connectivity matching degree of the target directional network according to the detection report;
and outputting the detection report and the connectivity matching degree.
Specifically, the specific implementation method of the above instructions by the processor 13 may refer to the description of the relevant steps in the corresponding embodiment of fig. 1, which is not repeated herein.
The data in this case were obtained legally.
In the several embodiments provided in the present invention, it should be understood that the disclosed systems, devices, and methods may be implemented in other manners. For example, the above-described apparatus embodiments are merely illustrative, and for example, the division of the modules is merely a logical function division, and there may be other manners of division when actually implemented.
The invention is operational with numerous general purpose or special purpose computer system environments or configurations. For example: personal computers, server computers, hand-held or portable devices, tablet devices, multiprocessor systems, microprocessor-based systems, set top boxes, programmable consumer electronics, network PCs, minicomputers, mainframe computers, distributed computing environments that include any of the above systems or devices, and the like. The invention may be described in the general context of computer-executable instructions, such as program modules, being executed by a computer. Generally, program modules include routines, programs, objects, components, data structures, etc. that perform particular tasks or implement particular abstract data types. The invention may also be practiced in distributed computing environments where tasks are performed by remote processing devices that are linked through a communications network. In a distributed computing environment, program modules may be located in both local and remote computer storage media including memory storage devices.
The modules described as separate components may or may not be physically separate, and components shown as modules may or may not be physical units, may be located in one place, or may be distributed over multiple network units. Some or all of the modules may be selected according to actual needs to achieve the purpose of the solution of this embodiment.
In addition, each functional module in the embodiments of the present invention may be integrated in one processing unit, or each unit may exist alone physically, or two or more units may be integrated in one unit. The integrated units can be realized in a form of hardware or a form of hardware and a form of software functional modules.
It will be evident to those skilled in the art that the invention is not limited to the details of the foregoing illustrative embodiments, and that the present invention may be embodied in other specific forms without departing from the spirit or essential characteristics thereof.
The present embodiments are, therefore, to be considered in all respects as illustrative and not restrictive, the scope of the invention being indicated by the appended claims rather than by the foregoing description, and all changes which come within the meaning and range of equivalency of the claims are therefore intended to be embraced therein. Any reference signs in the claims shall not be construed as limiting the claim concerned.
Furthermore, it is evident that the word "comprising" does not exclude other elements or steps, and that the singular does not exclude a plurality. The units or means stated in the invention may also be implemented by one unit or means, either by software or hardware. The terms first, second, etc. are used to denote a name, but not any particular order.
Finally, it should be noted that the above-mentioned embodiments are merely for illustrating the technical solution of the present invention and not for limiting the same, and although the present invention has been described in detail with reference to the preferred embodiments, it should be understood by those skilled in the art that modifications and equivalents may be made to the technical solution of the present invention without departing from the spirit and scope of the technical solution of the present invention.
Claims (10)
1. The directional network detection method based on the TF-IDF algorithm is characterized by comprising the following steps of:
responsive to a detection instruction for a target directional network, collecting CAP packets captured from the target directional network based on a network element;
dividing the CAP packet to obtain each message carried in the CAP packet;
extracting basic characteristics of each message, and generating a data pane according to the basic characteristics of each message;
Determining the protocol type of each message based on the data pane by adopting a TF-IDF algorithm;
extracting backfill characteristics of each message according to the protocol type of each message;
backfilling the data pane by using the backfilling characteristic of each message to obtain a target pane;
acquiring a first list and a second list which are preset, and marking each message in the target pane according to the first list and the second list to obtain a detection report;
calculating connectivity matching degree of the target directional network according to the detection report;
and outputting the detection report and the connectivity matching degree.
2. The method for detecting a directional network based on TF-IDF algorithm of claim 1, wherein said dividing the CAP packet to obtain each packet carried in the CAP packet comprises:
acquiring a start identifier and an end identifier;
determining the starting identifier and the ending identifier as partition points to partition the CAP packet;
and for each piece of data obtained after the segmentation, determining the starting identifier as a message starting point, and determining the ending identifier as a message ending point to obtain each message carried in the CAP packet.
3. The TF-IDF algorithm-based directional network detection method according to claim 1, wherein said determining a protocol type of each message based on said data pane using TF-IDF algorithm comprises:
reading the occurrence times of each basic feature in each message and the total occurrence times of all basic features in each message from the data pane;
calculating the quotient of the occurrence frequency of each basic feature and the total frequency to obtain the occurrence frequency of each basic feature in each message;
obtaining a pre-configured message protocol dictionary, wherein the message protocol dictionary is used for storing the mapping relation between protocol types and characteristics;
determining the number of each protocol type in the message protocol dictionary;
determining the number of each basic feature in the message protocol dictionary;
calculating the sum of the number of each basic feature and a preset value to obtain a basic value of each basic feature;
calculating the logarithmic value of the quotient of the number of each protocol type and the basic value of each basic feature to obtain the inverse frequency of each basic feature relative to each protocol type;
calculating the product of the occurrence frequency of each basic feature and the frequency of each basic feature relative to each protocol type to obtain the weight of each basic feature relative to each protocol type;
Calculating the sum of the weights of all basic features in each message relative to each protocol type to obtain the fit degree of each message relative to each protocol type;
and determining the protocol type with the highest degree of fit as the protocol type of each message.
4. The TF-IDF algorithm-based directional network detection method according to claim 1, wherein said extracting backfill features of each message according to a protocol type of each message comprises:
determining a field to which backfill characteristics of each message belong according to the protocol type of each message;
and extracting the backfill characteristic of each message from each message according to the field of the backfill characteristic of each message.
5. The TF-IDF algorithm-based directional network detection method according to claim 1, wherein said first list is used for storing features of objects that are prohibited from accessing said target directional network, said second list is used for storing features of objects that are permitted to access said target directional network, and said marking each message in said target pane according to said first list and said second list comprises:
reading backfill characteristics of each message from the target pane;
Matching the backfill characteristic of each message with the characteristic of the object in the first list, and marking the matched message for the first time;
matching the backfill characteristic of each message with the characteristic of the object in the second list, and marking the matched message for the second time;
and carrying out third marking on the messages which are not successfully matched with the first list and are not successfully matched with the second list.
6. The TF-IDF algorithm-based directional network detection method according to claim 5, wherein said calculating connectivity match of said target directional network according to said detection report comprises:
acquiring the number of the messages with the second mark from the detection report as a first number;
acquiring the number of the messages with the third mark from the detection report as a second number;
calculating the sum of the first quantity and the second quantity to obtain a third quantity;
acquiring the total number of all messages from the detection report;
and calculating the quotient of the third quantity and the total quantity to obtain the connectivity matching degree of the target directional network.
7. The TF-IDF algorithm-based directional network detection method according to claim 1, wherein after outputting said detection report and said connectivity match, said method further comprises:
When the connectivity matching degree is not equal to 1, sending out prompt information;
the prompt information is used for prompting that the target directional network has abnormal access conditions and prompting to check the detection report.
8. A TF-IDF algorithm-based directional network detection apparatus, comprising:
the acquisition unit is used for responding to a detection instruction of a target directional network and acquiring CAP packets captured from the target directional network based on network elements;
the segmentation unit is used for segmenting the CAP packet to obtain each message carried in the CAP packet;
the generating unit is used for extracting the basic characteristics of each message and generating a data pane according to the basic characteristics of each message;
a determining unit, configured to determine a protocol type of each message based on the data pane by using a TF-IDF algorithm;
the extraction unit is used for extracting backfill characteristics of each message according to the protocol type of each message;
the backfill unit is used for backfilling the data pane by utilizing the backfill characteristic of each message to obtain a target pane;
the marking unit is used for acquiring a first list and a second list which are preset, marking each message in the target pane according to the first list and the second list, and obtaining a detection report;
The calculating unit is used for calculating connectivity matching degree of the target directional network according to the detection report;
and the output unit is used for outputting the detection report and the connectivity matching degree.
9. A computer device, the computer device comprising:
a memory storing at least one instruction; and
A processor executing instructions stored in the memory to implement a TF-IDF algorithm based directional network detection method according to any one of claims 1 to 7.
10. A computer-readable storage medium, characterized by: the computer-readable storage medium having stored therein at least one instruction for execution by a processor in a computer device to implement the TF-IDF algorithm based directional network detection method according to any one of claims 1 to 7.
Priority Applications (2)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111634982.6A CN114268559B (en) | 2021-12-27 | 2021-12-27 | Directional network detection method, device, equipment and medium based on TF-IDF algorithm |
| PCT/CN2022/142008 WO2023125435A1 (en) | 2021-12-27 | 2022-12-26 | Directional network detection method and apparatus based on tf-idf algorithm, device and medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111634982.6A CN114268559B (en) | 2021-12-27 | 2021-12-27 | Directional network detection method, device, equipment and medium based on TF-IDF algorithm |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN114268559A CN114268559A (en) | 2022-04-01 |
| CN114268559B true CN114268559B (en) | 2024-02-20 |
Family
ID=80831384
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202111634982.6A Active CN114268559B (en) | 2021-12-27 | 2021-12-27 | Directional network detection method, device, equipment and medium based on TF-IDF algorithm |
Country Status (2)
| Country | Link |
|---|---|
| CN (1) | CN114268559B (en) |
| WO (1) | WO2023125435A1 (en) |
Families Citing this family (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114268559B (en) * | 2021-12-27 | 2024-02-20 | 天翼物联科技有限公司 | Directional network detection method, device, equipment and medium based on TF-IDF algorithm |
Citations (12)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO1997007614A1 (en) * | 1995-08-16 | 1997-02-27 | Telstra Corporation Limited | A network analysis system |
| EP2041923A2 (en) * | 2006-07-14 | 2009-04-01 | Cuculus Gmbh | Method and arrangement for creating networks for accessing a public network |
| WO2014127827A1 (en) * | 2013-02-22 | 2014-08-28 | Telefonaktiebolaget L M Ericsson (Publ) | A network node and a method of a network node of controlling data packet delivery to a mobile terminal in case of data rate throttling after having reached a data download cap |
| CN104067588A (en) * | 2011-09-26 | 2014-09-24 | 高通股份有限公司 | Systems and methods for traffic detection network control |
| CN106815199A (en) * | 2015-11-30 | 2017-06-09 | 任子行网络技术股份有限公司 | Protocol type analysis method and device based on machine learning |
| CN107273454A (en) * | 2017-05-31 | 2017-10-20 | 北京京东尚科信息技术有限公司 | User data sorting technique, device, server and computer-readable recording medium |
| CN108234141A (en) * | 2016-12-22 | 2018-06-29 | 中移(杭州)信息技术有限公司 | A kind of orientation flow processing method and server |
| CN109257242A (en) * | 2017-07-13 | 2019-01-22 | 中国电信股份有限公司 | Business recognition method and device, grouped data network gateway |
| CN110471832A (en) * | 2019-06-25 | 2019-11-19 | 平安科技(深圳)有限公司 | Processing method, device and the computer readable storage medium of program operation |
| CN112887173A (en) * | 2021-02-19 | 2021-06-01 | 山东英信计算机技术有限公司 | Storage network detection method, device, equipment and readable storage medium |
| CN113422774A (en) * | 2021-06-23 | 2021-09-21 | 安徽工业大学 | Automatic penetration testing method and device based on network protocol and storage medium |
| CN113783881A (en) * | 2021-09-15 | 2021-12-10 | 浙江工业大学 | Network honeypot deployment method facing penetration attack |
Family Cites Families (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US7165215B2 (en) * | 2003-06-24 | 2007-01-16 | Microsoft Corporation | Pane element |
| US8085673B2 (en) * | 2006-11-22 | 2011-12-27 | Ixia | Method and apparatus for generating bi-directional network traffic and collecting statistics on same |
| WO2016049609A1 (en) * | 2014-09-25 | 2016-03-31 | Hughes Network Systems, Llc | Application-aware multihoming for data traffic acceleration in data communications networks |
| CN114268559B (en) * | 2021-12-27 | 2024-02-20 | 天翼物联科技有限公司 | Directional network detection method, device, equipment and medium based on TF-IDF algorithm |
-
2021
- 2021-12-27 CN CN202111634982.6A patent/CN114268559B/en active Active
-
2022
- 2022-12-26 WO PCT/CN2022/142008 patent/WO2023125435A1/en unknown
Patent Citations (12)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO1997007614A1 (en) * | 1995-08-16 | 1997-02-27 | Telstra Corporation Limited | A network analysis system |
| EP2041923A2 (en) * | 2006-07-14 | 2009-04-01 | Cuculus Gmbh | Method and arrangement for creating networks for accessing a public network |
| CN104067588A (en) * | 2011-09-26 | 2014-09-24 | 高通股份有限公司 | Systems and methods for traffic detection network control |
| WO2014127827A1 (en) * | 2013-02-22 | 2014-08-28 | Telefonaktiebolaget L M Ericsson (Publ) | A network node and a method of a network node of controlling data packet delivery to a mobile terminal in case of data rate throttling after having reached a data download cap |
| CN106815199A (en) * | 2015-11-30 | 2017-06-09 | 任子行网络技术股份有限公司 | Protocol type analysis method and device based on machine learning |
| CN108234141A (en) * | 2016-12-22 | 2018-06-29 | 中移(杭州)信息技术有限公司 | A kind of orientation flow processing method and server |
| CN107273454A (en) * | 2017-05-31 | 2017-10-20 | 北京京东尚科信息技术有限公司 | User data sorting technique, device, server and computer-readable recording medium |
| CN109257242A (en) * | 2017-07-13 | 2019-01-22 | 中国电信股份有限公司 | Business recognition method and device, grouped data network gateway |
| CN110471832A (en) * | 2019-06-25 | 2019-11-19 | 平安科技(深圳)有限公司 | Processing method, device and the computer readable storage medium of program operation |
| CN112887173A (en) * | 2021-02-19 | 2021-06-01 | 山东英信计算机技术有限公司 | Storage network detection method, device, equipment and readable storage medium |
| CN113422774A (en) * | 2021-06-23 | 2021-09-21 | 安徽工业大学 | Automatic penetration testing method and device based on network protocol and storage medium |
| CN113783881A (en) * | 2021-09-15 | 2021-12-10 | 浙江工业大学 | Network honeypot deployment method facing penetration attack |
Also Published As
| Publication number | Publication date |
|---|---|
| CN114268559A (en) | 2022-04-01 |
| WO2023125435A1 (en) | 2023-07-06 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN112653760B (en) | Cross-server file transmission method and device, electronic equipment and storage medium | |
| CN113806434B (en) | Big data processing method, device, equipment and medium | |
| CN111210201B (en) | Occupational label establishing method and device, electronic equipment and storage medium | |
| CN112732567B (en) | Mock data testing method and device based on ip, electronic equipment and storage medium | |
| CN112702228B (en) | Service flow limit response method, device, electronic equipment and readable storage medium | |
| CN114301670B (en) | Terminal authentication method, device, equipment and medium based on IPV6 address | |
| CN113890712A (en) | Data transmission method and device, electronic equipment and readable storage medium | |
| CN114268559B (en) | Directional network detection method, device, equipment and medium based on TF-IDF algorithm | |
| CN112052409B (en) | Address resolution method, device, equipment and medium | |
| CN112597752B (en) | Complaint text processing method and device, electronic equipment and storage medium | |
| CN116934263B (en) | Product batch admittance method, device, equipment and medium | |
| CN112667244A (en) | Data verification method and device, electronic equipment and computer readable storage medium | |
| CN117316359B (en) | Blood detection process tracking method, device, equipment and medium | |
| CN116414366B (en) | Middleware interface generation method, device, equipment and medium | |
| CN113626533B (en) | Ultraviolet power detection method and device and electronic equipment | |
| CN107609008A (en) | A kind of data importing device and method from relevant database to Kafka based on Apache Sqoop | |
| CN114640666B (en) | File sharing downloading method, electronic equipment and readable storage medium | |
| CN116701233B (en) | Transaction system testing method, equipment and medium based on high concurrency report simulation | |
| CN115221875B (en) | Word weight generation method, device, electronic equipment and storage medium | |
| CN116976821B (en) | Enterprise problem feedback information processing method, device, equipment and medium | |
| CN116418580B (en) | Data integrity protection detection method and device for local area network and electronic equipment | |
| CN116436687A (en) | Multi-terminal data interaction method and system based on rail transit | |
| CN114416575A (en) | Method, device and equipment for generating Mock data and storage medium | |
| CN116821876A (en) | Processing method, device, equipment and medium for product configuration data | |
| CN117151955A (en) | Traffic case processing state tracking method, device, equipment and medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |