FR3091391B1 - Method of autonomous identification of an application generating an IP flow - Google Patents

Method of autonomous identification of an application generating an IP flow Download PDF

Info

Publication number
FR3091391B1
FR3091391B1 FR1874323A FR1874323A FR3091391B1 FR 3091391 B1 FR3091391 B1 FR 3091391B1 FR 1874323 A FR1874323 A FR 1874323A FR 1874323 A FR1874323 A FR 1874323A FR 3091391 B1 FR3091391 B1 FR 3091391B1
Authority
FR
France
Prior art keywords
vector
flow
identification
application
collected
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
FR1874323A
Other languages
French (fr)
Other versions
FR3091391A1 (en
Inventor
Zied Aouini
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Softathome SA
Original Assignee
Softathome SA
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Softathome SA filed Critical Softathome SA
Priority to FR1874323A priority Critical patent/FR3091391B1/en
Publication of FR3091391A1 publication Critical patent/FR3091391A1/en
Application granted granted Critical
Publication of FR3091391B1 publication Critical patent/FR3091391B1/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/14Network analysis or design
    • H04L41/142Network analysis or design using statistical or mathematical methods
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L43/00Arrangements for monitoring or testing data switching networks
    • H04L43/02Capturing of monitoring data
    • H04L43/026Capturing of monitoring data using flow identification
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L43/00Arrangements for monitoring or testing data switching networks
    • H04L43/12Network monitoring probes
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L47/00Traffic control in data switching networks
    • H04L47/10Flow control; Congestion control
    • H04L47/24Traffic characterised by specific attributes, e.g. priority or QoS
    • H04L47/2441Traffic characterised by specific attributes, e.g. priority or QoS relying on flow classification, e.g. using integrated services [IntServ]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L47/00Traffic control in data switching networks
    • H04L47/10Flow control; Congestion control
    • H04L47/24Traffic characterised by specific attributes, e.g. priority or QoS
    • H04L47/2475Traffic characterised by specific attributes, e.g. priority or QoS for supporting traffic characterised by the type of applications
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L47/00Traffic control in data switching networks
    • H04L47/10Flow control; Congestion control
    • H04L47/24Traffic characterised by specific attributes, e.g. priority or QoS
    • H04L47/2483Traffic characterised by specific attributes, e.g. priority or QoS involving identification of individual flows

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Physics & Mathematics (AREA)
  • Algebra (AREA)
  • General Physics & Mathematics (AREA)
  • Mathematical Analysis (AREA)
  • Mathematical Optimization (AREA)
  • Mathematical Physics (AREA)
  • Probability & Statistics with Applications (AREA)
  • Pure & Applied Mathematics (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

Procédé d’identification autonome d’une application génératrice d’un flux IP. La présente invention concerne un procédé pour identifier une application ayant générée un flux IP au sein d’un réseau étendu comprenant un serveur distant et plusieurs passerelles connectées à des réseaux locaux respectifs, chaque passerelle comportant un modèle de classification statistique, le procédé comprenant les étapes suivantes pour un flux IP transitant par une passerelle vers ou depuis une machine hôte comportant une sonde d’identification : - au sein de la passerelle, application du modèle de classification statistique pour générer un vecteur collecté, - transmission du vecteur collecté vers le serveur distant, - au sein de la machine hôte, utilisation de la sonde d’identification pour générer un vecteur d’identification exacte de l’application ayant générée ce flux IP, - transmission du vecteur d’identification exacte vers le serveur distant, - comparaison entre le vecteur collecté et le vecteur d’identification exacte, - mise à jour autonome du modèle de classification statistique pour l’ensemble des passerelles lorsque le pourcentage de réussite pour plusieurs comparaisons entre des vecteurs collectés et des vecteurs d’identification exacte atteint un seuil prédéterminé. Figure pour l’abrégé : Fig. 1A method of autonomous identification of an application generating an IP flow. The present invention relates to a method for identifying an application having generated an IP flow within a wide area network comprising a remote server and several gateways connected to respective local networks, each gateway comprising a statistical classification model, the method comprising the steps of following for an IP flow passing through a gateway to or from a host machine comprising an identification probe: - within the gateway, application of the statistical classification model to generate a collected vector, - transmission of the collected vector to the remote server , - within the host machine, use of the identification probe to generate an exact identification vector of the application that generated this IP flow, - transmission of the exact identification vector to the remote server, - comparison between the collected vector and the exact identification vector, - autonomous update of the sta classification model tistic for all gateways when the percentage of success for multiple comparisons between collected vectors and exact identification vectors reaches a predetermined threshold. Figure for the abstract: Fig. 1

FR1874323A 2018-12-28 2018-12-28 Method of autonomous identification of an application generating an IP flow Active FR3091391B1 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
FR1874323A FR3091391B1 (en) 2018-12-28 2018-12-28 Method of autonomous identification of an application generating an IP flow

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
FR1874323A FR3091391B1 (en) 2018-12-28 2018-12-28 Method of autonomous identification of an application generating an IP flow

Publications (2)

Publication Number Publication Date
FR3091391A1 FR3091391A1 (en) 2020-07-03
FR3091391B1 true FR3091391B1 (en) 2021-04-16

Family

ID=66867331

Family Applications (1)

Application Number Title Priority Date Filing Date
FR1874323A Active FR3091391B1 (en) 2018-12-28 2018-12-28 Method of autonomous identification of an application generating an IP flow

Country Status (1)

Country Link
FR (1) FR3091391B1 (en)

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8539221B2 (en) * 2009-03-27 2013-09-17 Guavus, Inc. Method and system for identifying an application type of encrypted traffic

Also Published As

Publication number Publication date
FR3091391A1 (en) 2020-07-03

Similar Documents

Publication Publication Date Title
US9648462B2 (en) Method for tracking of motion of objects associated with wireless communication devices within a predefined area
US7860100B2 (en) Service path selection in a service network
JP2020519144A5 (en)
Dhote et al. A survey on feature selection techniques for internet traffic classification
JP5812282B2 (en) Traffic monitoring device
CN108881028B (en) SDN network resource scheduling method for realizing application awareness based on deep learning
JP2018504817A5 (en)
EP3544238A3 (en) Network node availability prediction based on past history data
CN109416680A (en) Hoist cable routing logic and load balancing
US20190182103A1 (en) In-situ oam (ioam) network risk flow-based "topo-gram" for predictive flow positioning
CN106817299B (en) The list item generation method and device and message forwarding method of software defined network
PH12021550707A1 (en) Methods for operation of a device, bootstrap server and network node
CN106899500B (en) Message processing method and device for cross-virtual extensible local area network
WO2017058188A1 (en) Identification of an sdn action path based on a measured flow rate
EP2924930A3 (en) Path discovery in data transport networks based on statistical inference
Shim et al. Application traffic classification using payload size sequence signature
US20210006471A1 (en) Fingerprinting application traffic in a network
JP2015050473A (en) Traffic monitoring device and program, and communication device
KR20190012928A (en) Load balancing apparatus and method
Archanaa et al. A comparative performance analysis on network traffic classification using supervised learning algorithms
FR3091391B1 (en) Method of autonomous identification of an application generating an IP flow
CN105471742B (en) A kind of message processing method and equipment
US10778610B2 (en) Deduplication of mirror traffic in analyzer aggregation network
Nazari et al. DSCA: An inline and adaptive application identification approach in encrypted network traffic
JP6743585B2 (en) Communication analysis device and communication analysis program

Legal Events

Date Code Title Description
PLFP Fee payment

Year of fee payment: 2

PLSC Publication of the preliminary search report

Effective date: 20200703

PLFP Fee payment

Year of fee payment: 3

PLFP Fee payment

Year of fee payment: 4

PLFP Fee payment

Year of fee payment: 5

PLFP Fee payment

Year of fee payment: 6