CN117591854A - Self-adaptive flow analysis method, system, electronic equipment and medium - Google Patents
Self-adaptive flow analysis method, system, electronic equipment and medium Download PDFInfo
- Publication number
- CN117591854A CN117591854A CN202311499229.XA CN202311499229A CN117591854A CN 117591854 A CN117591854 A CN 117591854A CN 202311499229 A CN202311499229 A CN 202311499229A CN 117591854 A CN117591854 A CN 117591854A
- Authority
- CN
- China
- Prior art keywords
- traffic
- feature
- basic
- information table
- feature information
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Withdrawn
Links
- 238000000034 method Methods 0.000 title claims abstract description 22
- 238000005206 flow analysis Methods 0.000 title abstract description 5
- 239000011159 matrix material Substances 0.000 claims abstract description 98
- 238000004458 analytical method Methods 0.000 claims abstract description 62
- 230000003044 adaptive effect Effects 0.000 claims abstract description 44
- 238000011156 evaluation Methods 0.000 claims abstract description 8
- 238000000605 extraction Methods 0.000 claims description 13
- 238000004590 computer program Methods 0.000 claims description 12
- 238000004364 calculation method Methods 0.000 claims description 11
- 238000004140 cleaning Methods 0.000 claims description 9
- 230000006870 function Effects 0.000 claims description 9
- 238000012545 processing Methods 0.000 claims description 9
- 238000007781 pre-processing Methods 0.000 claims description 8
- 238000013507 mapping Methods 0.000 abstract description 9
- 238000004891 communication Methods 0.000 description 17
- 230000008569 process Effects 0.000 description 11
- 238000005516 engineering process Methods 0.000 description 7
- 238000004422 calculation algorithm Methods 0.000 description 6
- 238000013461 design Methods 0.000 description 6
- 230000002093 peripheral effect Effects 0.000 description 4
- 238000000513 principal component analysis Methods 0.000 description 3
- 230000002159 abnormal effect Effects 0.000 description 2
- 238000010586 diagram Methods 0.000 description 2
- 238000001914 filtration Methods 0.000 description 2
- 230000006872 improvement Effects 0.000 description 2
- 230000003993 interaction Effects 0.000 description 2
- 238000005259 measurement Methods 0.000 description 2
- 238000012544 monitoring process Methods 0.000 description 2
- 238000010606 normalization Methods 0.000 description 2
- 238000002759 z-score normalization Methods 0.000 description 2
- 230000006399 behavior Effects 0.000 description 1
- 230000005540 biological transmission Effects 0.000 description 1
- 238000007405 data analysis Methods 0.000 description 1
- 238000013144 data compression Methods 0.000 description 1
- 238000001514 detection method Methods 0.000 description 1
- 230000010354 integration Effects 0.000 description 1
- 238000007726 management method Methods 0.000 description 1
- 230000005055 memory storage Effects 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 238000005457 optimization Methods 0.000 description 1
- 238000009877 rendering Methods 0.000 description 1
- 238000011160 research Methods 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
- 238000012549 training Methods 0.000 description 1
- 239000013598 vector Substances 0.000 description 1
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F18/00—Pattern recognition
- G06F18/20—Analysing
- G06F18/21—Design or setup of recognition systems or techniques; Extraction of features in feature space; Blind source separation
- G06F18/213—Feature extraction, e.g. by transforming the feature space; Summarisation; Mappings, e.g. subspace methods
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L43/00—Arrangements for monitoring or testing data switching networks
- H04L43/04—Processing captured monitoring data, e.g. for logfile generation
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L43/00—Arrangements for monitoring or testing data switching networks
- H04L43/08—Monitoring or testing based on specific metrics, e.g. QoS, energy consumption or environmental parameters
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1416—Event detection, e.g. attack signature detection
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L65/00—Network arrangements, protocols or services for supporting real-time applications in data packet communication
- H04L65/1066—Session management
- H04L65/1101—Session protocols
- H04L65/1104—Session initiation protocol [SIP]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L69/00—Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
- H04L69/22—Parsing or analysis of headers
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/40—Network security protocols
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2218/00—Aspects of pattern recognition specially adapted for signal processing
- G06F2218/02—Preprocessing
- G06F2218/04—Denoising
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2218/00—Aspects of pattern recognition specially adapted for signal processing
- G06F2218/08—Feature extraction
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Security & Cryptography (AREA)
- Data Mining & Analysis (AREA)
- General Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Computer Vision & Pattern Recognition (AREA)
- Environmental & Geological Engineering (AREA)
- Bioinformatics & Cheminformatics (AREA)
- Business, Economics & Management (AREA)
- Computer Hardware Design (AREA)
- Multimedia (AREA)
- Life Sciences & Earth Sciences (AREA)
- Artificial Intelligence (AREA)
- Computing Systems (AREA)
- Bioinformatics & Computational Biology (AREA)
- Evolutionary Biology (AREA)
- Evolutionary Computation (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- General Business, Economics & Management (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
本发明属于流量测绘技术领域,其目的在于提供一种自适应流量分析方法、系统、电子设备及介质。本发明公开了一种自适应流量分析方法,包括:获取流量记录文件,并对所述流量记录文件进行特征解析,得到流量基本特征信息表;对所述流量基本特征信息表中的流量基本特征信息进行预处理,得到预处理后流量特征信息表;根据所述预处理后流量特征信息表得到流量特征关联矩阵;根据所述流量特征关联矩阵对预存的历史流量特征关联矩阵进行动态自适应更新,得到更新后流量特征关联矩阵,并根据所述更新后流量特征关联矩阵得到最优特征关联集合;根据所述最优特征关联集合,得到流量评估结果。本发明可提高流量分析的准确性及有效性。
The invention belongs to the technical field of flow mapping, and its purpose is to provide an adaptive flow analysis method, system, electronic equipment and media. The invention discloses an adaptive traffic analysis method, which includes: obtaining a traffic record file, performing feature analysis on the traffic record file, and obtaining a traffic basic feature information table; and analyzing the traffic basic features in the traffic basic feature information table. The information is preprocessed to obtain a preprocessed traffic feature information table; a traffic feature correlation matrix is obtained based on the preprocessed traffic feature information table; and a pre-stored historical traffic feature correlation matrix is dynamically and adaptively updated based on the traffic feature correlation matrix. , obtain the updated traffic characteristic correlation matrix, and obtain the optimal characteristic correlation set according to the updated traffic characteristic correlation matrix; obtain the traffic evaluation result according to the optimal characteristic correlation set. The invention can improve the accuracy and effectiveness of flow analysis.
Description
技术领域Technical field
本发明属于流量测绘技术领域,具体涉及一种自适应流量分析方法、系统、电子设备及介质。The invention belongs to the technical field of flow mapping, and specifically relates to an adaptive flow analysis method, system, electronic equipment and media.
背景技术Background technique
VoIP(Voice over Internet Protocol,基于IP的语音传输)是一种利用IP协议进行语音通信的技术。VoIP可以将语音信号转换成数字数据包,使其能够通过互联网或其他IP网络进行传输,由于其具有成本较低、通信灵活、可扩展性高且便于集成和管理等特点,VoIP通信技术已广泛应用在家庭、企业和运营商等地方,为高质量、经济实惠和多功能的通信服务提供技术支撑。VoIP (Voice over Internet Protocol, voice transmission based on IP) is a technology that uses IP protocol for voice communication. VoIP can convert voice signals into digital data packets so that they can be transmitted through the Internet or other IP networks. Due to its low cost, flexible communication, high scalability, and easy integration and management, VoIP communication technology has been widely used It is used in homes, enterprises, operators and other places to provide technical support for high-quality, affordable and multi-functional communication services.
VoIP系统环境网络中的流量测绘是指通过测量和分析VoIP通信中的流量特征,如延迟、抖动、丢包等,以便提取有关通话质量、网络性能和用户体验中的各种性能指标和特征信息。通过测量、分析和评估实际通信流量,例如安全监控、服务质量(QoS)评估、数据压缩、流量分类、异常检测和业务分析,可以有效加强VoIP网络安全并优化VoIP服务质量。在应用过程中,首先,网络管理员通过流量测量和分析,可以发现网络中存在的瓶颈和问题,进而采取相应的优化措施,如调整网络参数、增加带宽、改善网络拓扑等,提升VoIP通话的质量和稳定性;其次,通过对用户通话流量的测量和分析,服务方可以了解用户在不同网络环境下的体验状况,进而优化用户的通信体验,提高用户满意度;此外,定期的VoIP网络流量分析可以识别和监测网络中的异常活动和潜在的安全威胁、阻止网络异常行为和入侵尝试,保护其免受潜在的攻击和滥用,有利于提高VoIP网络的安全可靠性。Traffic mapping in the VoIP system environment network refers to measuring and analyzing traffic characteristics in VoIP communications, such as delay, jitter, packet loss, etc., in order to extract various performance indicators and feature information about call quality, network performance and user experience. . By measuring, analyzing and evaluating actual communication traffic, such as security monitoring, quality of service (QoS) assessment, data compression, traffic classification, anomaly detection and business analysis, VoIP network security can be effectively strengthened and VoIP service quality optimized. During the application process, first of all, network administrators can discover bottlenecks and problems in the network through traffic measurement and analysis, and then take corresponding optimization measures, such as adjusting network parameters, increasing bandwidth, improving network topology, etc., to improve the efficiency of VoIP calls. Quality and stability; secondly, by measuring and analyzing user call traffic, the service provider can understand the user's experience in different network environments, thereby optimizing the user's communication experience and improving user satisfaction; in addition, regular VoIP network traffic Analysis can identify and monitor abnormal activities and potential security threats in the network, prevent abnormal network behaviors and intrusion attempts, protect it from potential attacks and abuse, and help improve the security and reliability of VoIP networks.
但是,在使用现有技术过程中,发明人发现现有技术中至少存在如下问题:However, in the process of using the prior art, the inventor discovered that there are at least the following problems in the prior art:
现有技术中,在VoIP系统环境网络中进行流量测绘时,存在准确性及有效性较低的问题。具体地,现有技术中,大部分流量测绘工作通常通过网络流量监测工具、构建流量分析系统或主动测量技术实现,同时使用流量统计和分析软件等进行实行,在面向VoIP软交换系统内的流量测绘时,现有技术缺乏针对性流量特征即进行测绘,使得面对大吞吐呼叫流量场景时,采用现有技术存在测绘能力弱、测绘准确性低及有效性低的问题。In the existing technology, there is a problem of low accuracy and effectiveness when performing traffic mapping in a VoIP system environment network. Specifically, in the existing technology, most traffic mapping work is usually implemented through network traffic monitoring tools, building traffic analysis systems or active measurement technologies, and at the same time using traffic statistics and analysis software, etc., when oriented to the traffic in the VoIP softswitch system When surveying and mapping, the existing technology lacks targeted traffic characteristics to perform surveying and mapping. Therefore, when faced with large throughput call traffic scenarios, the existing technology has problems of weak surveying and mapping capabilities, low surveying and mapping accuracy, and low effectiveness.
发明内容Contents of the invention
本发明旨在至少在一定程度上解决上述技术问题,本发明提供了一种自适应流量分析方法、系统、电子设备及介质。The present invention aims to solve the above technical problems at least to a certain extent. The present invention provides an adaptive traffic analysis method, system, electronic equipment and media.
为了实现上述目的,本发明采用以下技术方案:In order to achieve the above objects, the present invention adopts the following technical solutions:
第一方面,本发明提供了一种自适应流量分析方法,包括:In a first aspect, the present invention provides an adaptive traffic analysis method, including:
获取流量记录文件,并对所述流量记录文件进行特征解析,得到流量基本特征信息表;其中,所述流量基本特征信息表中包括各时间段内的流量基本特征信息;Obtain the traffic record file, perform feature analysis on the traffic record file, and obtain a traffic basic feature information table; wherein the traffic basic feature information table includes traffic basic feature information in each time period;
对所述流量基本特征信息表中的流量基本特征信息进行预处理,得到预处理后流量特征信息表;Preprocess the basic traffic characteristic information in the basic traffic characteristic information table to obtain a preprocessed traffic characteristic information table;
根据所述预处理后流量特征信息表得到流量特征关联矩阵;Obtain a traffic feature correlation matrix according to the preprocessed traffic feature information table;
根据所述流量特征关联矩阵对预存的历史流量特征关联矩阵进行动态自适应更新,得到更新后流量特征关联矩阵,并根据所述更新后流量特征关联矩阵得到最优特征关联集合;Dynamically adaptively update the pre-stored historical traffic feature correlation matrix according to the traffic feature correlation matrix to obtain an updated traffic feature correlation matrix, and obtain an optimal feature correlation set based on the updated traffic feature correlation matrix;
根据所述最优特征关联集合,得到流量评估结果。According to the optimal feature association set, a traffic evaluation result is obtained.
本发明可提高流量分析的准确性及有效性。具体地,本发明在流量分析与流量特征提取过程中,通过根据所述预处理后流量特征信息表得到流量特征关联矩阵,引入互信息作为度量预处理后流量特征之间相关性的指标,互信息分析可以帮助识别和量化特征之间的相互作用关系,便于发现隐藏在流量数据中的关键信息和模式。同时,本发明在得到最优特征关联集合的过程中,还通过根据所述流量特征关联矩阵对预存的历史流量特征关联矩阵进行动态自适应更新,进而得到最优特征关联集合,以便根据所述最优特征关联集合,得到流量评估结果。在此过程中,本发明建立了一种自适应特征提取过程,可根据实际情况对特征的权重进行自动调整,提高对关键特征的关注度,减少对不相关特征的影响,并缩小待评估的特征范围,进而可以提高流量分析的准确性和有效性,能够自动适不同的流量场景应并提取最具代表性的特征。基于上述内容,本发明通过在终端软交换网络中自适应测量和分析VoIP系统环境网络中的流量特征,探索和分析VoIP系统环境的通信中可能出现的网络问题,可优化VoIP系统环境的网络性能指标,以便提高网络的安全性和可靠性,为网络安全和网络服务的进一步提升提供了新的解决方案。The invention can improve the accuracy and effectiveness of flow analysis. Specifically, in the process of traffic analysis and traffic feature extraction, the present invention obtains the traffic feature correlation matrix based on the pre-processed traffic feature information table, introduces mutual information as an index to measure the correlation between pre-processed traffic features, and mutual information. Information analysis can help identify and quantify the interactions between features to discover key information and patterns hidden in traffic data. At the same time, in the process of obtaining the optimal feature association set, the present invention also dynamically and adaptively updates the pre-stored historical traffic feature association matrix according to the traffic feature association matrix, thereby obtaining the optimal feature association set, so as to obtain the optimal feature association set according to the traffic feature association matrix. The optimal feature association set is used to obtain the traffic evaluation results. In this process, the present invention establishes an adaptive feature extraction process that can automatically adjust the weight of features according to actual conditions, increase attention to key features, reduce the impact on irrelevant features, and narrow down the number of features to be evaluated. feature range, thereby improving the accuracy and effectiveness of traffic analysis, automatically adapting to different traffic scenarios and extracting the most representative features. Based on the above content, the present invention can optimize the network performance of the VoIP system environment by adaptively measuring and analyzing the traffic characteristics in the VoIP system environment network in the terminal soft-switching network, and exploring and analyzing network problems that may occur in communications in the VoIP system environment. Indicators are used to improve the security and reliability of the network and provide new solutions for the further improvement of network security and network services.
在一个可能的设计中,对所述流量记录文件进行特征解析,得到流量基本特征信息表,包括:In a possible design, feature analysis is performed on the traffic record file to obtain a basic traffic feature information table, including:
对所述流量记录文件进行切分处理,得到多个流量基本字段;Segment the traffic record file to obtain multiple basic traffic fields;
对多个所述流量基本字段进行解析处理,得到全流量协议字段;Perform parsing and processing on multiple basic traffic fields to obtain full traffic protocol fields;
对所述全流量协议字段进行解析处理,得到SIP协议头部字段;Parse the full-flow protocol field to obtain the SIP protocol header field;
根据所述全流量协议字段和所述SIP协议头部字段得到流量基本特征信息表。A traffic basic characteristic information table is obtained according to the full traffic protocol field and the SIP protocol header field.
在一个可能的设计中,对所述流量基本特征信息表中的流量基本特征信息进行预处理,得到预处理后流量特征信息表,包括:In a possible design, the basic traffic characteristic information in the basic traffic characteristic information table is preprocessed to obtain a preprocessed traffic characteristic information table, including:
对所述流量基本特征信息表中的流量基本特征信息进行数据清洗,得到清洗后流量基本特征信息;Perform data cleaning on the traffic basic feature information in the traffic basic feature information table to obtain the cleaned traffic basic feature information;
对所述流量基本特征信息表中的清洗后流量基本特征信息进行去噪,得到去噪后流量基本特征信息;Denoise the cleaned traffic basic feature information in the traffic basic feature information table to obtain the denoised traffic basic feature information;
对所述流量基本特征信息表中的去噪后流量基本特征信息进行标准化,得到预处理后流量特征信息表。The denoised traffic basic feature information in the traffic basic feature information table is standardized to obtain a preprocessed traffic feature information table.
在一个可能的设计中,所述流量特征关联矩阵中的任一流量特征关联信息为:In a possible design, any traffic feature correlation information in the traffic feature correlation matrix is:
式中,p(x)为所述预处理后流量特征信息表中任一预处理后流量基本特征信息x对应的边缘概率密度函数,p(y)为所述预处理后流量特征信息表中位于预处理后流量基本特征信息x相邻时间段的预处理后流量基本特征信息y对应的边缘概率密度函数,p(x,y)为预处理后流量基本特征信息x和预处理后流量基本特征信息y对应的联合概率密度函数。In the formula, p(x) is the edge probability density function corresponding to any preprocessed traffic basic characteristic information x in the preprocessed traffic characteristic information table, and p(y) is the preprocessed traffic characteristic information table. The marginal probability density function corresponding to the preprocessed traffic basic feature information y located in the adjacent time period of the preprocessed traffic basic feature information x, p (x, y) is the preprocessed traffic basic feature information x and the preprocessed traffic basic The joint probability density function corresponding to the feature information y.
在一个可能的设计中,所述更新后流量特征关联矩阵为:In a possible design, the updated traffic characteristic correlation matrix is:
式中,C为所述流量特征关联矩阵,为预存的历史流量特征关联矩阵,w为预设的更新系数。In the formula, C is the traffic characteristic correlation matrix, is the pre-stored historical traffic characteristic correlation matrix, and w is the preset update coefficient.
在一个可能的设计中,根据所述更新后流量特征关联矩阵得到最优特征关联集合,包括:In a possible design, the optimal feature correlation set is obtained based on the updated traffic feature correlation matrix, including:
通过PCA方法得到所述更新后流量特征关联矩阵的协方差矩阵;Obtain the covariance matrix of the updated traffic characteristic correlation matrix through the PCA method;
根据所述协方差矩阵中特征值的大小,选择协方差矩阵中的前k个主成分;其中,k为大于1的自然数;According to the size of the eigenvalues in the covariance matrix, select the first k principal components in the covariance matrix; where k is a natural number greater than 1;
将前k个主成分投影至新特征空间中,得到最优特征关联集合。Project the first k principal components into the new feature space to obtain the optimal feature correlation set.
在一个可能的设计中,所述协方差矩阵为:In one possible design, the covariance matrix is:
式中,Xi为更新后流量特征关联矩阵中第i个更新后流量特征关联信息,n为所述更新后流量特征关联矩阵中的总数据量,T为转置符号。In the formula, Xi is the updated traffic characteristic correlation matrix The i-th updated traffic feature correlation information in , n is the total data amount in the updated traffic feature correlation matrix, and T is the transpose symbol.
第二方面,本发明提供了一种自适应流量分析系统,用于实现如上述任一项所述的自适应流量分析方法;所述自适应流量分析系统包括:In a second aspect, the present invention provides an adaptive traffic analysis system for implementing the adaptive traffic analysis method as described in any one of the above; the adaptive traffic analysis system includes:
流量特征解析模块,用于获取流量记录文件,并对所述流量记录文件进行特征解析,得到流量基本特征信息表;其中,所述流量基本特征信息表中包括各时间段内的流量基本特征信息;The traffic feature analysis module is used to obtain the traffic record file, perform feature analysis on the traffic record file, and obtain a traffic basic feature information table; wherein the traffic basic feature information table includes traffic basic feature information in each time period. ;
数据预处理模块,与所述流量特征解析模块通信连接,用于对所述流量基本特征信息表中的流量基本特征信息进行预处理,得到预处理后流量特征信息表;A data preprocessing module, communicatively connected to the traffic feature analysis module, is used to preprocess the basic traffic feature information in the traffic basic feature information table, and obtain a preprocessed traffic feature information table;
关联性计算模块,与所述数据预处理模块通信连接,用于根据所述预处理后流量特征信息表得到流量特征关联矩阵;a correlation calculation module, communicatively connected to the data preprocessing module, and used to obtain a traffic feature correlation matrix according to the preprocessed traffic feature information table;
自适应特征提取模块,与所述关联性计算模块通信连接,用于根据所述流量特征关联矩阵对预存的历史流量特征关联矩阵进行动态自适应更新,得到更新后流量特征关联矩阵,并根据所述更新后流量特征关联矩阵得到最优特征关联集合;The adaptive feature extraction module is communicatively connected to the correlation calculation module, and is used to dynamically and adaptively update the pre-stored historical traffic feature correlation matrix according to the traffic feature correlation matrix, obtain the updated traffic feature correlation matrix, and perform the adaptive feature extraction module according to the traffic feature correlation matrix. The updated traffic feature correlation matrix is used to obtain the optimal feature correlation set;
特征分析模块,与所述自适应特征提取模块通信连接,用于根据所述最优特征关联集合,得到流量评估结果。A feature analysis module is communicatively connected to the adaptive feature extraction module, and is used to obtain a traffic assessment result based on the optimal feature association set.
第三方面,本发明提供了一种电子设备,包括:In a third aspect, the present invention provides an electronic device, including:
存储器,用于存储计算机程序指令;以及,Memory for storing computer program instructions; and,
处理器,用于执行所述计算机程序指令从而完成如上述任一项所述的自适应流量分析方法的操作。A processor, configured to execute the computer program instructions to complete the operations of the adaptive traffic analysis method as described in any one of the above.
第四方面,本发明提供了一种计算机可读存储介质,用于存储计算机可读取的计算机程序指令,所述计算机程序指令被配置为运行时执行如上述任一项所述的自适应流量分析方法的操作。In a fourth aspect, the present invention provides a computer-readable storage medium for storing computer-readable computer program instructions, the computer program instructions being configured to execute the adaptive traffic according to any one of the above when running. Operation of analytical methods.
附图说明Description of drawings
图1是实施例中一种自适应流量分析方法的流程图;Figure 1 is a flow chart of an adaptive traffic analysis method in an embodiment;
图2是实施例中一种自适应流量分析系统的模块框图;Figure 2 is a module block diagram of an adaptive traffic analysis system in the embodiment;
图3是实施例中一种电子设备的模块框图。Figure 3 is a module block diagram of an electronic device in the embodiment.
具体实施方式Detailed ways
为了更清楚地说明本发明实施例或现有技术中的技术方案,下面将结合附图和实施例或现有技术的描述对本发明作简单地介绍,显而易见地,下面关于附图结构的描述仅仅是本发明的一些实施例,对于本领域普通技术人员来讲,在不付出创造性劳动的前提下,还可以根据这些附图获得其他的附图。在此需要说明的是,对于这些实施例方式的说明用于帮助理解本发明,但并不构成对本发明的限定。In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the present invention will be briefly introduced below in conjunction with the accompanying drawings and the description of the embodiments or the prior art. Obviously, the following description of the structure of the drawings is only These are some embodiments of the present invention. For those of ordinary skill in the art, other drawings can be obtained based on these drawings without exerting creative efforts. It should be noted here that the description of these embodiments is used to help understand the present invention, but does not constitute a limitation of the present invention.
实施例1:Example 1:
本实施例公开了一种自适应流量分析方法,可以但不限于由具有一定计算资源的计算机设备或虚拟机执行,例如由个人计算机、智能手机、个人数字助理或可穿戴设备等电子设备执行,或者由虚拟机执行。This embodiment discloses an adaptive traffic analysis method, which can be, but is not limited to, executed by a computer device or a virtual machine with certain computing resources, such as by an electronic device such as a personal computer, a smart phone, a personal digital assistant or a wearable device, Or executed by a virtual machine.
如图1所示,一种自适应流量分析方法,可以但不限于包括有如下步骤:As shown in Figure 1, an adaptive traffic analysis method can, but is not limited to, include the following steps:
S1.通过对VoIP网络中流量进行全流量捕获,获取流量记录文件,并对所述流量记录文件进行特征解析,得到流量基本特征信息表;其中,所述流量基本特征信息表中包括各时间段内的流量基本特征信息。S1. Capture the full flow of traffic in the VoIP network, obtain the traffic record file, and perform feature analysis on the traffic record file to obtain a basic traffic feature information table; wherein the basic traffic feature information table includes each time period Basic traffic characteristic information within the system.
具体地,对所述流量记录文件进行特征解析,得到流量基本特征信息表,包括:Specifically, perform feature analysis on the traffic record file to obtain a traffic basic feature information table, including:
S101.对所述流量记录文件进行切分处理,得到多个流量基本字段;S101. Segment the traffic record file to obtain multiple basic traffic fields;
S102.对多个所述流量基本字段进行解析处理,得到全流量协议字段;S102. Analyze multiple basic traffic fields to obtain full traffic protocol fields;
S103.对所述全流量协议字段进行解析处理,得到SIP(Session initializationProtocol,会话初始协议)协议头部字段;S103. Parse the full-flow protocol field to obtain the SIP (Session initialization Protocol) protocol header field;
S104.根据所述全流量协议字段和所述SIP协议头部字段得到流量基本特征信息表。S104. Obtain a traffic basic characteristic information table according to the full traffic protocol field and the SIP protocol header field.
本实施例中,使用流量数据的时间戳,以预设的时间间隔参数Tdefault对流量记录文件进行分段切分,进而得到各时间段内流量信息基本特征,也即多个流量基本字段;本实施例还可根据配置的时间间隔参数对捕获的多个流量基本字段进行分段采集与初步解析,以便得到最终的流量基本特征信息表。In this embodiment, the timestamp of the traffic data is used to segment the traffic record file with the preset time interval parameter T default , and then the basic characteristics of the traffic information in each time period are obtained, that is, multiple basic traffic fields; This embodiment can also perform segmented collection and preliminary analysis of multiple captured basic traffic fields according to the configured time interval parameters, so as to obtain the final basic traffic characteristic information table.
S2.对所述流量基本特征信息表中的流量基本特征信息进行预处理,得到预处理后流量特征信息表;对所述流量基本特征信息表进行预处理时,包括但不仅限于对所述流量基本特征信息表中的流量基本特征信息进行数据清洗、去除噪声、标准化等操作,以确保分析数据的准确性、可靠性和一致性。S2. Preprocess the basic flow characteristic information in the flow basic characteristic information table to obtain a preprocessed flow characteristic information table; when preprocessing the basic flow characteristic information table, it includes but is not limited to the flow rate The basic traffic characteristic information in the basic characteristic information table undergoes operations such as data cleaning, noise removal, and standardization to ensure the accuracy, reliability, and consistency of the analyzed data.
本实施例中,对所述流量基本特征信息表中的流量基本特征信息进行预处理,得到预处理后流量特征信息表,包括:In this embodiment, the basic traffic characteristic information in the basic traffic characteristic information table is preprocessed to obtain a preprocessed traffic characteristic information table, which includes:
S201.对所述流量基本特征信息表中的流量基本特征信息进行数据清洗,得到清洗后流量基本特征信息;具体地,数据清洗可移除流量基本特征信息中无效或错误数据,以提高数据质量。S201. Perform data cleaning on the traffic basic feature information in the traffic basic feature information table to obtain the cleaned traffic basic feature information; specifically, data cleaning can remove invalid or erroneous data in the traffic basic feature information to improve data quality. .
S202.对所述流量基本特征信息表中的清洗后流量基本特征信息进行去噪,得到去噪后流量基本特征信息;S202. Denoise the cleaned traffic basic feature information in the traffic basic feature information table to obtain the denoised traffic basic feature information;
具体地,本实施例中,去噪处理用于滤除流量基本特征信息表中偶尔出现的偏移信息,以可降低流量基本特征信息中噪点数量,本实施例中,采用Z-Score标准化算法,采用下式对所述流量基本特征信息表中的清洗后流量基本特征信息进行标准化:Specifically, in this embodiment, denoising processing is used to filter out offset information that occasionally appears in the basic traffic characteristic information table, so as to reduce the number of noise points in the basic traffic characteristic information. In this embodiment, the Z-Score normalization algorithm is used , the following formula is used to standardize the cleaned traffic basic feature information in the traffic basic feature information table:
式中,xi′为所述流量基本特征信息表中的清洗后流量基本特征信息,xi为与清洗后流量基本特征信息xi′匹配的标准化后数据,μ为所述流量基本特征信息表中的清洗后流量基本特征信息的平均值,σ为所述流量基本特征信息表中的清洗后流量基本特征信息的标准差;In the formula, x i ′ is the basic traffic characteristic information after cleaning in the basic traffic characteristic information table, xi is the standardized data matching the basic traffic characteristic information after cleaning x i ′, and μ is the basic traffic characteristic information. The average value of the basic characteristic information of the flow after cleaning in the table, σ is the standard deviation of the basic characteristic information of the flow after cleaning in the basic flow characteristic information table;
随后采用下式中的中位数滤波算法,进一步去除信息中的噪声:Then the median filtering algorithm in the following formula is used to further remove the noise in the information:
Yi=median(xi-n+1,xi-n+2,…,xi);Y i =median(xi -n+1 ,xi -n+2 ,…, xi );
式中,Yi为所述流量基本特征信息表中的去噪后流量基本特征信息,xi-n+1,xi-n+2,…,xi为标准化后数据,n为滤波窗口大小,通常为一个3以上的正整数。In the formula, Y i is the basic traffic characteristic information after denoising in the basic traffic characteristic information table, xi -n+1 , xi-n+2 ,..., xi is the standardized data, and n is the filtering window. Size, usually a positive integer above 3.
S203.对所述流量基本特征信息表中的去噪后流量基本特征信息进行标准化,得到预处理后流量特征信息表。S203. Standardize the denoised traffic basic feature information in the traffic basic feature information table to obtain a preprocessed traffic feature information table.
具体地,本实施例中,标准化处理可标准化流量基本特征信息表中的流量基本特征信息,将所有的信息特征缩放到同一个范围内,本实施例中,根据采用的标准化算法不同通常为[0,1]或[-1,1],通常采用Min-Max标准化算法或Z-score标准化算法。其中的Min-Max标准化算法的计算公式如下式:Specifically, in this embodiment, the standardization process can standardize the traffic basic feature information in the traffic basic feature information table, and scale all information features to the same range. In this embodiment, depending on the standardization algorithm used, it is usually [ 0,1] or [-1,1], usually Min-Max normalization algorithm or Z-score normalization algorithm is used. The calculation formula of the Min-Max normalization algorithm is as follows:
式中,Ynorm为与Yi匹配的预处理后流量特征信息表中的预处理后流量特征信息,Ymin为所述流量基本特征信息表中的去噪后流量基本特征信息中的最小值,Ymax为所述流量基本特征信息表中的去噪后流量基本特征信息中的最大值。In the formula, Y norm is the preprocessed traffic feature information in the preprocessed traffic feature information table that matches Y i , and Y min is the minimum value in the denoised traffic basic feature information in the traffic basic feature information table. , Y max is the maximum value in the denoised traffic basic feature information in the traffic basic feature information table.
S3.根据所述预处理后流量特征信息表得到流量特征关联矩阵;根据所述预处理后流量特征信息表得到流量特征关联矩阵,包括:依次获取所述预处理后流量特征信息表中相邻时间段内的预处理后流量基本特征信息之间的关联程度,得到多个流量特征关联信息;根据多个流量特征关联信息得到流量特征关联矩阵;本实施例中,通过引入互信息这一度量标准,将预处理后流量基本特征信息之间的关联程度两两进行量化,在关联性计算之后可得到流量特征关联矩阵,用于下一步评估特征的关键程度。S3. Obtain the traffic characteristic correlation matrix according to the pre-processed traffic characteristic information table; obtain the traffic characteristic correlation matrix according to the pre-processed traffic characteristic information table, including: sequentially obtaining adjacent items in the pre-processed traffic characteristic information table. The correlation degree between the preprocessed traffic basic characteristic information within the time period is used to obtain multiple traffic characteristic correlation information; the traffic characteristic correlation matrix is obtained based on the multiple traffic characteristic correlation information; in this embodiment, by introducing the measure of mutual information Standard, the correlation degree between the preprocessed traffic basic characteristic information is quantified pairwise. After the correlation calculation, the traffic characteristic correlation matrix can be obtained, which is used to evaluate the criticality of the characteristics in the next step.
具体地,本实施例中,所述流量特征关联矩阵中的任一流量特征关联信息为:Specifically, in this embodiment, any traffic feature correlation information in the traffic feature correlation matrix is:
式中,p(x)为所述预处理后流量特征信息表中任一预处理后流量基本特征信息x对应的边缘概率密度函数,p(y)为所述预处理后流量特征信息表中位于预处理后流量基本特征信息x相邻时间段的预处理后流量基本特征信息y对应的边缘概率密度函数,p(x,y)为预处理后流量基本特征信息x和预处理后流量基本特征信息y对应的联合概率密度函数。In the formula, p(x) is the edge probability density function corresponding to any preprocessed traffic basic characteristic information x in the preprocessed traffic characteristic information table, and p(y) is the preprocessed traffic characteristic information table. The marginal probability density function corresponding to the preprocessed traffic basic feature information y located in the adjacent time period of the preprocessed traffic basic feature information x, p (x, y) is the preprocessed traffic basic feature information x and the preprocessed traffic basic The joint probability density function corresponding to the feature information y.
S4.根据所述流量特征关联矩阵对预存的历史流量特征关联矩阵(也即上一周期得到的更新后流量特征关联矩阵)进行动态自适应更新,得到更新后流量特征关联矩阵,并根据所述更新后流量特征关联矩阵得到最优特征关联集合。S4. Dynamically and adaptively update the pre-stored historical traffic feature correlation matrix (that is, the updated traffic feature correlation matrix obtained in the previous cycle) according to the traffic feature correlation matrix to obtain the updated traffic feature correlation matrix, and perform The updated traffic feature correlation matrix obtains the optimal feature correlation set.
本实施例中,所述更新后流量特征关联矩阵为:In this embodiment, the updated traffic characteristic correlation matrix is:
式中,C为所述流量特征关联矩阵,为预存的历史流量特征关联矩阵,w为预设的更新系数。In the formula, C is the traffic characteristic correlation matrix, is the pre-stored historical traffic characteristic correlation matrix, and w is the preset update coefficient.
本实施例中,采用指数加权移动平均的方式对预存的历史流量特征关联矩阵进行动态自适应更新,其中的更新系数w可为用户自定义配置得到,用于控制矩阵更新的快慢。In this embodiment, an exponentially weighted moving average method is used to dynamically and adaptively update the pre-stored historical traffic characteristic correlation matrix, in which the update coefficient w can be configured by the user to control the speed of matrix update.
具体地,本实施例中,更新系数w的示例计算公式如下:Specifically, in this embodiment, the example calculation formula of the update coefficient w is as follows:
w=α×CosSim+β×EucilideanDist;w=α×CosSim+β×EucilideanDist;
式中,CosSim为预存的历史流量特征关联矩阵和流量特征关联矩阵C之间的余弦相似性,EucilideanDist为预存的历史流量特征关联矩阵/>和流量特征关联矩阵C之间的欧几里得距离,α为预设的第一权重,β为预设的第二权重。本实施例中,α和β是考虑到同时使用余弦相似值和欧几里得距离的情况下设置的,分三种情况:如果只使用余弦相似性,则α为1,β为0;若只使用欧几里得距离,则α为0,β为1;若两种都使用,则需要用户自定义两种距离方法的权重,而后赋值α和β。In the formula, CosSim is the pre-stored historical traffic characteristic correlation matrix and the cosine similarity between the traffic feature correlation matrix C, EucilideanDist is the pre-stored historical traffic feature correlation matrix/> The Euclidean distance between the traffic characteristic correlation matrix C and α is the preset first weight, and β is the preset second weight. In this embodiment, α and β are set taking into account the simultaneous use of cosine similarity and Euclidean distance. There are three situations: if only cosine similarity is used, α is 1 and β is 0; If only Euclidean distance is used, α is 0 and β is 1; if both are used, the user needs to customize the weights of the two distance methods and then assign α and β.
本实施例中,在初始化时对用户输入的更新系数w公式进行解析,通过验证该公式的合法性、解析数学表达式可最终得到对应的更新系数w。在每个Tdefault周期结束时,可根据更新系数w的计算公式更新流量特征关联矩阵。In this embodiment, the update coefficient w formula input by the user is analyzed during initialization. By verifying the legality of the formula and analyzing the mathematical expression, the corresponding update coefficient w can finally be obtained. At the end of each T default period, the traffic characteristic correlation matrix can be updated according to the calculation formula of the update coefficient w.
本实施例中,根据所述更新后流量特征关联矩阵得到最优特征关联集合,包括:In this embodiment, the optimal feature correlation set is obtained according to the updated traffic feature correlation matrix, including:
S401.通过PCA(Principal Component Analysis,主成分分析)方法得到所述更新后流量特征关联矩阵的协方差矩阵;S401. Obtain the covariance matrix of the updated traffic characteristic correlation matrix through the PCA (Principal Component Analysis) method;
本实施例中,所述协方差矩阵为:In this embodiment, the covariance matrix is:
式中,Xi为更新后流量特征关联矩阵中第i个更新后流量特征关联信息,n为所述更新后流量特征关联矩阵中的总数据量,T为转置符号。In the formula, Xi is the updated traffic characteristic correlation matrix The i-th updated traffic feature correlation information in , n is the total data amount in the updated traffic feature correlation matrix, and T is the transpose symbol.
S402.根据所述协方差矩阵中特征值的大小,选择协方差矩阵中的前k个主成分;其中,k为大于1的自然数;S402. Select the first k principal components in the covariance matrix according to the size of the eigenvalues in the covariance matrix; where k is a natural number greater than 1;
S403.将前k个主成分投影至新特征空间中,得到最优特征关联集合。S403. Project the first k principal components into the new feature space to obtain the optimal feature correlation set.
具体地,对于具有n个特征的数据集,协方差矩阵是一个n×n的矩阵,表示各个特征之间的协方差。本实施例中,可通过线性代数的方法求解协方差矩阵的特征值和特征向量。特征向量表示特征空间中的方向,而特征值表示特征向量沿该方向的重要程度。特征值计算完成后,可以根据特征值的大小排序,自定义k,并选择特征值的前k个主成分,以根据其得到最优特征关联集合,代表缩减后的特征。Specifically, for a data set with n features, the covariance matrix is an n×n matrix that represents the covariance between each feature. In this embodiment, the eigenvalues and eigenvectors of the covariance matrix can be solved through linear algebra. Eigenvectors represent directions in feature space, and eigenvalues represent the importance of feature vectors along that direction. After the eigenvalue calculation is completed, you can sort according to the size of the eigenvalue, customize k, and select the first k principal components of the eigenvalue to obtain the optimal feature association set to represent the reduced features.
需要说明的是,本实施例中,采用动态更新权重的方式调整特征的重要性,通过指数加权移动平均的分析方法,自适应赋予不同重要程度数据权重的方式对预存的历史流量特征关联矩阵进行动态自适应更新;根据所述最新特征关联集合中的特征大小选择前k个主成分(由用户指定),以得到最优特征关联集合,由此利于缩小特征研究范围,进而更高效地进行后续的网络数据分析工作。It should be noted that in this embodiment, the importance of features is adjusted by dynamically updating weights, and the pre-stored historical traffic feature correlation matrix is performed on the pre-stored historical traffic feature correlation matrix by adaptively assigning weights to data of different importance through the analysis method of exponentially weighted moving average. Dynamic adaptive update; select the first k principal components (specified by the user) according to the feature size in the latest feature association set to obtain the optimal feature association set, which will help narrow the scope of feature research and carry out follow-up more efficiently network data analysis work.
S5.根据所述最优特征关联集合,得到流量评估结果。本实施例中,通过网络管理员的人工经验训练得到的SVM分类器对所述最优特征关联集合进行分类评估,进而可得到得到流量评估结果。本实施例中,流量评估结果中包括延迟、丢包率、抖动和宽带等中药网络QoS(Quality of Service,服务质量)指标,可将各指标依次分为用于评估网络QoS由好到坏的五级分类结果。S5. Obtain the traffic evaluation result according to the optimal feature association set. In this embodiment, the SVM classifier obtained through manual experience training of the network administrator performs classification and evaluation on the optimal feature association set, and then the traffic evaluation result can be obtained. In this embodiment, the traffic evaluation results include TCM network QoS (Quality of Service, Quality of Service) indicators such as delay, packet loss rate, jitter, and bandwidth. Each indicator can be divided into categories used to evaluate network QoS from good to bad. Five-level classification results.
本实施例可提高流量分析的准确性及有效性。具体地,本实施例在流量分析与流量特征提取过程中,通过根据所述预处理后流量特征信息表得到流量特征关联矩阵,引入互信息作为度量预处理后流量特征之间相关性的指标,互信息分析可以帮助识别和量化特征之间的相互作用关系,便于发现隐藏在流量数据中的关键信息和模式。同时,本实施例在得到最优特征关联集合的过程中,还通过根据所述流量特征关联矩阵对预存的历史流量特征关联矩阵进行动态自适应更新,进而得到最优特征关联集合,以便根据所述最优特征关联集合,得到流量评估结果。在此过程中,本实施例建立了一种自适应特征提取过程,可根据实际情况对特征的权重进行自动调整,提高对关键特征的关注度,减少对不相关特征的影响,并缩小待评估的特征范围,进而可以提高流量分析的准确性和有效性,能够自动适不同的流量场景应并提取最具代表性的特征。基于上述内容,本实施例通过在终端软交换网络中自适应测量和分析VoIP系统环境网络中的流量特征,探索和分析VoIP系统环境的通信中可能出现的网络问题,可优化VoIP系统环境的网络性能指标,以便提高网络的安全性和可靠性,为网络安全和网络服务的进一步提升提供了新的解决方案。This embodiment can improve the accuracy and effectiveness of traffic analysis. Specifically, in this embodiment, during the process of traffic analysis and traffic feature extraction, the traffic feature correlation matrix is obtained according to the pre-processed traffic feature information table, and mutual information is introduced as an indicator to measure the correlation between pre-processed traffic features. Mutual information analysis can help identify and quantify the interaction relationships between features to facilitate the discovery of key information and patterns hidden in traffic data. At the same time, in the process of obtaining the optimal feature association set, this embodiment also dynamically and adaptively updates the pre-stored historical traffic feature association matrix according to the traffic feature association matrix, thereby obtaining the optimal feature association set, so that the optimal feature association set can be obtained according to the traffic feature association matrix. The optimal feature association set is described to obtain the traffic assessment results. In this process, this embodiment establishes an adaptive feature extraction process that can automatically adjust the weight of features according to the actual situation, increase attention to key features, reduce the impact on irrelevant features, and narrow down the number of features to be evaluated. feature range, thereby improving the accuracy and effectiveness of traffic analysis, automatically adapting to different traffic scenarios and extracting the most representative features. Based on the above content, this embodiment can optimize the network of the VoIP system environment by adaptively measuring and analyzing the traffic characteristics in the VoIP system environment network in the terminal soft-switching network, and exploring and analyzing network problems that may occur in communications in the VoIP system environment. Performance indicators, in order to improve the security and reliability of the network, provide new solutions for the further improvement of network security and network services.
实施例2:Example 2:
本实施例公开了一种自适应流量分析系统,用于实现实施例1中自适应流量分析方法;如图2所示,所述自适应流量分析系统包括:This embodiment discloses an adaptive traffic analysis system, which is used to implement the adaptive traffic analysis method in Embodiment 1; as shown in Figure 2, the adaptive traffic analysis system includes:
流量特征解析模块,用于获取流量记录文件,并对所述流量记录文件进行特征解析,得到流量基本特征信息表;其中,所述流量基本特征信息表中包括各时间段内的流量基本特征信息;The traffic feature analysis module is used to obtain the traffic record file, perform feature analysis on the traffic record file, and obtain a traffic basic feature information table; wherein the traffic basic feature information table includes traffic basic feature information in each time period. ;
数据预处理模块,与所述流量特征解析模块通信连接,用于对所述流量基本特征信息表中的流量基本特征信息进行预处理,得到预处理后流量特征信息表;A data preprocessing module, communicatively connected to the traffic feature analysis module, is used to preprocess the basic traffic feature information in the traffic basic feature information table, and obtain a preprocessed traffic feature information table;
关联性计算模块,与所述数据预处理模块通信连接,用于根据所述预处理后流量特征信息表得到流量特征关联矩阵;a correlation calculation module, communicatively connected to the data preprocessing module, and used to obtain a traffic feature correlation matrix according to the preprocessed traffic feature information table;
自适应特征提取模块,与所述关联性计算模块通信连接,用于根据所述流量特征关联矩阵对预存的历史流量特征关联矩阵进行动态自适应更新,得到更新后流量特征关联矩阵,并根据所述更新后流量特征关联矩阵得到最优特征关联集合;The adaptive feature extraction module is communicatively connected to the correlation calculation module, and is used to dynamically and adaptively update the pre-stored historical traffic feature correlation matrix according to the traffic feature correlation matrix, obtain the updated traffic feature correlation matrix, and perform the adaptive feature extraction module according to the traffic feature correlation matrix. The updated traffic feature correlation matrix is used to obtain the optimal feature correlation set;
特征分析模块,与所述自适应特征提取模块通信连接,用于根据所述最优特征关联集合,得到流量评估结果。A feature analysis module is communicatively connected to the adaptive feature extraction module, and is used to obtain a traffic assessment result based on the optimal feature association set.
实施例3:Example 3:
在实施例1或2的基础上,本实施例公开了一种电子设备,该设备可以是智能手机、平板电脑、笔记本电脑或者台式电脑等。电子设备可能被称为用户终端、便携式终端、台式终端等,如图3所示,电子设备包括:Based on Embodiment 1 or 2, this embodiment discloses an electronic device, which may be a smart phone, a tablet computer, a notebook computer, a desktop computer, etc. Electronic devices may be called user terminals, portable terminals, desktop terminals, etc. As shown in Figure 3, electronic devices include:
存储器,用于存储计算机程序指令;以及,Memory for storing computer program instructions; and,
处理器,用于执行所述计算机程序指令从而完成如实施例1中任一所述的自适应流量分析方法的操作。A processor, configured to execute the computer program instructions to complete the operations of the adaptive traffic analysis method as described in any one of Embodiment 1.
具体地,处理器301可以包括一个或多个处理核心,比如4核心处理器、8核心处理器等。处理器301可以采用DSP(Digital Signal Processing,数字信号处理)、FPGA(Field-Programmable Gate Array,现场可编程门阵列)、PLA(Programmable LogicArray,可编程逻辑阵列)中的至少一种硬件形式来实现。处理器301也可以包括主处理器和协处理器,主处理器是用于对在唤醒状态下的数据进行处理的处理器,也称CPU(CentralProcessing Unit,中央处理器);协处理器是用于对在待机状态下的数据进行处理的低功耗处理器。在一些实施例中,处理器301可以集成有GPU(Graphics Processing Unit,图像处理器),GPU用于负责显示屏所需要显示的内容的渲染和绘制。Specifically, the processor 301 may include one or more processing cores, such as a 4-core processor, an 8-core processor, etc. The processor 301 can be implemented in at least one hardware form among DSP (Digital Signal Processing, digital signal processing), FPGA (Field-Programmable Gate Array, field programmable gate array), and PLA (Programmable Logic Array, programmable logic array). . The processor 301 may also include a main processor and a co-processor. The main processor is a processor used to process data in the wake-up state, also called CPU (Central Processing Unit, central processing unit); the co-processor is A low-power processor used to process data in standby mode. In some embodiments, the processor 301 may be integrated with a GPU (Graphics Processing Unit, image processor), and the GPU is responsible for rendering and drawing content to be displayed on the display screen.
存储器302可以包括一个或多个计算机可读存储介质,该计算机可读存储介质可以是非暂态的。存储器302还可包括高速随机存取存储器,以及非易失性存储器,比如一个或多个磁盘存储设备、闪存存储设备。在一些实施例中,存储器302中的非暂态的计算机可读存储介质用于存储至少一个指令,该至少一个指令用于被处理器301所执行以实现本申请中实施例1提供的自适应流量分析方法。Memory 302 may include one or more computer-readable storage media, which may be non-transitory. Memory 302 may also include high-speed random access memory, and non-volatile memory, such as one or more disk storage devices, flash memory storage devices. In some embodiments, the non-transitory computer-readable storage medium in the memory 302 is used to store at least one instruction, and the at least one instruction is used to be executed by the processor 301 to implement the adaptive method provided in Embodiment 1 of this application. Traffic analysis methods.
在一些实施例中,终端还可选包括有:通信接口303和至少一个外围设备。处理器301、存储器302和通信接口303之间可以通过总线或信号线相连。各个外围设备可以通过总线、信号线或电路板与通信接口303相连。具体地,外围设备包括:射频电路304、显示屏305和电源306中的至少一种。In some embodiments, the terminal optionally further includes: a communication interface 303 and at least one peripheral device. The processor 301, the memory 302 and the communication interface 303 may be connected through a bus or a signal line. Each peripheral device can be connected to the communication interface 303 through a bus, a signal line or a circuit board. Specifically, the peripheral device includes: at least one of a radio frequency circuit 304, a display screen 305, and a power supply 306.
通信接口303可被用于将I/O(Input/Output,输入/输出)相关的至少一个外围设备连接到处理器301和存储器302。在一些实施例中,处理器301、存储器302和通信接口303被集成在同一芯片或电路板上;在一些其他实施例中,处理器301、存储器302和通信接口303中的任意一个或两个可以在单独的芯片或电路板上实现,本实施例对此不加以限定。The communication interface 303 may be used to connect at least one I/O (Input/Output) related peripheral device to the processor 301 and the memory 302 . In some embodiments, the processor 301, the memory 302 and the communication interface 303 are integrated on the same chip or circuit board; in some other embodiments, any one or both of the processor 301, the memory 302 and the communication interface 303 It can be implemented on a separate chip or circuit board, which is not limited in this embodiment.
射频电路304用于接收和发射RF(Radio Frequency,射频)信号,也称电磁信号。射频电路304通过电磁信号与通信网络以及其他通信设备进行通信。The radio frequency circuit 304 is used to receive and transmit RF (Radio Frequency, radio frequency) signals, also called electromagnetic signals. Radio frequency circuit 304 communicates with communication networks and other communication devices through electromagnetic signals.
显示屏305用于显示UI(User Interface,用户界面)。该UI可以包括图形、文本、图标、视频及其它们的任意组合。The display screen 305 is used to display UI (User Interface, user interface). The UI can include graphics, text, icons, videos, and any combination thereof.
电源306用于为电子设备中的各个组件进行供电。The power supply 306 is used to power various components in the electronic device.
实施例4:Example 4:
在实施例1至3任一项实施例的基础上,本实施例公开了一种计算机可读存储介质,用于存储计算机可读取的计算机程序指令,所述计算机程序指令被配置为运行时执行如实施例1所述的自适应流量分析方法的操作。Based on any one of Embodiments 1 to 3, this embodiment discloses a computer-readable storage medium for storing computer-readable computer program instructions, where the computer program instructions are configured to run The operation of the adaptive traffic analysis method described in Embodiment 1 is performed.
显然,本领域的技术人员应该明白,上述的本发明的各模块或各步骤可以用通用的计算装置来实现,它们可以集中在单个的计算装置上,或者分布在多个计算装置所组成的网络上,可选地,它们可以用计算装置可执行的程序代码来实现,从而,可以将它们存储在存储装置中由计算装置来执行,或者将它们分别制作成各个集成电路模块,或者将它们中的多个模块或步骤制作成单个集成电路模块来实现。这样,本发明不限制于任何特定的硬件和软件结合。Obviously, those skilled in the art should understand that the above-mentioned modules or steps of the present invention can be implemented using general-purpose computing devices. They can be concentrated on a single computing device, or distributed across a network composed of multiple computing devices. , optionally, they can be implemented with program codes executable by a computing device, so that they can be stored in a storage device and executed by the computing device, or they can be separately made into individual integrated circuit modules, or they can be Multiple modules or steps are made into a single integrated circuit module. As such, the invention is not limited to any specific combination of hardware and software.
最后应说明的是,以上实施例仅用以说明本发明的技术方案,而非对其限制;尽管参照前述实施例对本发明进行了详细的说明,本领域的普通技术人员应当理解:其依然可以对前述各实施例所记载的技术方案进行修改,或者对其中部分技术特征进行等同替换。而这些修改或者替换,并不使相应技术方案的本质脱离本发明各实施例技术方案的精神和范围。Finally, it should be noted that the above embodiments are only used to illustrate the technical solution of the present invention, but not to limit it; although the present invention has been described in detail with reference to the foregoing embodiments, those of ordinary skill in the art should understand that it can still be used Modify the technical solutions described in the foregoing embodiments, or make equivalent replacements for some of the technical features. However, these modifications or substitutions do not cause the essence of the corresponding technical solution to deviate from the spirit and scope of the technical solution of each embodiment of the present invention.
Claims (10)
Priority Applications (2)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202311499229.XA CN117591854A (en) | 2023-11-10 | 2023-11-10 | Self-adaptive flow analysis method, system, electronic equipment and medium |
| CN202411597863.1A CN119449430A (en) | 2023-11-10 | 2024-11-11 | A network QoS evaluation method, system, device, and medium based on SIP message adaptive traffic analysis |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202311499229.XA CN117591854A (en) | 2023-11-10 | 2023-11-10 | Self-adaptive flow analysis method, system, electronic equipment and medium |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN117591854A true CN117591854A (en) | 2024-02-23 |
Family
ID=89914278
Family Applications (2)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202311499229.XA Withdrawn CN117591854A (en) | 2023-11-10 | 2023-11-10 | Self-adaptive flow analysis method, system, electronic equipment and medium |
| CN202411597863.1A Pending CN119449430A (en) | 2023-11-10 | 2024-11-11 | A network QoS evaluation method, system, device, and medium based on SIP message adaptive traffic analysis |
Family Applications After (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202411597863.1A Pending CN119449430A (en) | 2023-11-10 | 2024-11-11 | A network QoS evaluation method, system, device, and medium based on SIP message adaptive traffic analysis |
Country Status (1)
| Country | Link |
|---|---|
| CN (2) | CN117591854A (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20230275921A1 (en) * | 2020-12-30 | 2023-08-31 | T-Mobile Usa, Inc. | Cybersecurity system for services of interworking wireless telecommunications networks |
-
2023
- 2023-11-10 CN CN202311499229.XA patent/CN117591854A/en not_active Withdrawn
-
2024
- 2024-11-11 CN CN202411597863.1A patent/CN119449430A/en active Pending
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20230275921A1 (en) * | 2020-12-30 | 2023-08-31 | T-Mobile Usa, Inc. | Cybersecurity system for services of interworking wireless telecommunications networks |
| US12113825B2 (en) * | 2020-12-30 | 2024-10-08 | T-Mobile Usa, Inc. | Cybersecurity system for services of interworking wireless telecommunications networks |
Also Published As
| Publication number | Publication date |
|---|---|
| CN119449430A (en) | 2025-02-14 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US20230114050A1 (en) | Firewall rules intelligence | |
| US9961157B2 (en) | Adaptive compression management for web services | |
| CN110232630A (en) | The recognition methods of malice account, device and storage medium | |
| WO2019184640A1 (en) | Indicator determination method and related device thereto | |
| WO2024098699A1 (en) | Entity object thread detection method and apparatus, device, and storage medium | |
| CN114448830B (en) | Equipment detection system and method | |
| WO2021133791A1 (en) | Method for network traffic analysis | |
| CN117591854A (en) | Self-adaptive flow analysis method, system, electronic equipment and medium | |
| WO2019062404A1 (en) | Application program processing method and apparatus, storage medium, and electronic device | |
| US11003513B2 (en) | Adaptive event aggregation | |
| US20240078189A1 (en) | Multi-tenant distributed cache architecture for object access and expiration and systems and methods for customized computer vision-oriented convolutional neural networks | |
| CN114301757B (en) | Network asset processing method, device, equipment and storage medium | |
| CN117201340A (en) | Message feature recognition method, device, equipment and storage medium | |
| CN115396128A (en) | Malicious traffic detection method and device, storage medium and electronic equipment | |
| CN112202686A (en) | An adaptive access identification method and terminal device for differential flow control | |
| CN118509267B (en) | Asset information monitoring system and method for network security | |
| CN116720023B (en) | Browser operation data processing method and device and electronic equipment | |
| US11233828B1 (en) | Methods, systems, and media for protecting computer networks using adaptive security workloads | |
| CN118200046A (en) | Flow safety detection method, device and equipment for electric power Internet of things equipment | |
| CN117614692A (en) | Security protection method, device, equipment and medium based on intelligent network card | |
| CN118118370A (en) | Detection result generation method and device for router | |
| CN117714200A (en) | Network security defense method, device, equipment and storage medium | |
| CN118260526A (en) | Data processing method, device, equipment and storage medium | |
| Roponena et al. | NetFlow Anomaly Detection Dataset Creation for Traffic Analysis | |
| CN118802270A (en) | Abnormal flow detection method, device, electronic equipment and storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| WW01 | Invention patent application withdrawn after publication |
Application publication date: 20240223 |
|
| WW01 | Invention patent application withdrawn after publication |