GB2564057A - Method for analyzing source and destination of internet traffic - Google Patents
Method for analyzing source and destination of internet traffic Download PDFInfo
- Publication number
- GB2564057A GB2564057A GB1816212.3A GB201816212A GB2564057A GB 2564057 A GB2564057 A GB 2564057A GB 201816212 A GB201816212 A GB 201816212A GB 2564057 A GB2564057 A GB 2564057A
- Authority
- GB
- United Kingdom
- Prior art keywords
- source
- logs
- dns
- log
- domain name
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Withdrawn
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L61/00—Network arrangements, protocols or services for addressing or naming
- H04L61/45—Network directories; Name-to-address mapping
- H04L61/4505—Network directories; Name-to-address mapping using standardised directories; using standardised directory access protocols
- H04L61/4511—Network directories; Name-to-address mapping using standardised directories; using standardised directory access protocols using domain name system [DNS]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
- H04L63/0227—Filtering policies
Abstract
The present invention provides a method for analyzing the source and destination of Internet traffic. In the method, the source and destination of Internet traffic are obtained by processing DNS logs. The method comprises the following steps: a log filtering step of filtering DNS logs that cannot reflect a real access path of a user; a log segmentation step of sequentially segmenting, according to a source IP, a timestamp difference, and a central domain, the DNS logs obtained after the log filtering step to obtain segmented access paths; and a data summarization step of summarizing all the segmented access paths. By means of the analysis method of the present invention, the source and destination of Internet traffic can be mastered, so that analysis and optimization of website traffic can be better facilitated. Furthermore, by completely knowing about the flow direction state of the entire Internet traffic, the traffic state of other websites can be analyzed and understood from the whole perspective.
Description
METHOD FOR ANALYZING SOURCE AND DESTINATION OF INTERNET
TRAFFIC
Technical Field
The disclosure relates to the field of Internet DNS name resolution, and in particular to a method for analyzing a source and a destination of Internet traffic.
Background Art
The so-called source and destination of Internet traffic refers to a series of website access paths including a certain website a user first accesses and other websites the user later accesses. There is only one mainstream approach to confirm the website traffic source, that is, to add a JavaScript monitoring code to a website page. Third-party detection tools such as Google Analytics and Baidu Analytics are the most common.
The above-described statistical methods have great limitations as follows: each website may only know the website accessed by the visitor last time, and cannot learn about the multiple websites accessed by the visitor before and know where the visitor will go after leaving it.DNS (Domain Name System) is a distributed database which provides a mapping between a domain name and an IP address on the Internet. DNS can allow the user to access Internet more conveniently without memorizing IP strings of numbers that can be directly read by machine. “The DNS name Resolution technique” means that: when a user needs to access a website, the user needs to type its domain name in the browser; after the user presses an enter key, the browser first initiates a DNS request; and with the DNS technique, the browser obtains an IP address of the server corresponding to the domain name, and then initiates an HTTP request for the IP address. DNS logs can record a response content of each DNS request, and almost record domain name information of all user requests. However, the logs may contain too much abnormal and invalid information. For example, the server may also initiate DNS requests so as to generate a large amount of domain name information, and Internet crawlers and even network attacks may generate a large number of DNS requests. These requests are unable to reflect the real access paths of a user truly and effectively.
Currently, there are no good methods to analyze the entire access paths of Internet visitors on the market. The disclosure fill this gap, which provides a method for analyzing website traffic to know which websites it comes from and which websites it will go after leaving, by reprocessing DNS logs.
Summary of the Disclosure
In view of the above-described defects, the disclosure provides a method for analyzing a source and a destination of Internet traffic. By means of the method of the disclosure, the behavior of non-human accesses in the logs is cleaned as much as possible, so that the source and the destination of the Internet traffic can be effectively obtained.
The method for analyzing a source and a destination of Internet traffic in the disclosure, which obtains the source and the destination of the Internet traffic by processing a DNS log, includes the following steps: a log filtering step of filtering DNS logs that cannot reflect a real access path of a user; a log segmentation step of sequentially segmenting, based on a source IP, a time stamp difference and a central domain, the DNS logs obtained after the log filtering step to obtain segmented access paths; and a data summarization step of summarizing all the segmented access paths.
Preferably, by setting a black list and a white list in the log filtering step, DNS logs containing domain name requests of significant interest are retained, and DNS logs containing non-human domain name requests generated by a server are removed.
Preferably, the removal of the DNS logs further includes removing logs accessed by an enterprise IP and logs where the IP is not resolved.
Preferably, the DNS log segmentation based on the source IP is to obtain continuous DNS logs with the same source IP over a period of time.
Preferably, the segmentation of logs based on the time stamp difference is to segment, based on the time stamp difference in DNS logs, the logs after being segmented based on the source IP, and if the time stamp difference in two DNS logs is longer than a specified time length, the two DNS logs are split up.
Preferably, the specified time length is three seconds.
Preferably, the analysis method further includes, after the step of segmenting the DNS logs based on the time stamp diiference, a merging step of converting the domain name in the access paths obtained by the segmentation into a domain, and merging continuous identical domains, so as to obtain a path of the source IP.
Preferably, the segmentation based on the central domain is to segment the path of the source IP based on the central domain, and the access path obtained after the segmentation is: source domain name n+...+source domain name 1+central domain name+destination domain name 1+..+destination domain name n, and the central domain is a domain to be mainly analyzed based on user/system requirements.
Preferably, all the access paths of the source IP, which are obtained after the segmentation step based on the central domain, are summarized in the data summarization step.
By means of the analysis method of the disclosure, the source and the destination of the Internet traffic can be mastered, so that analysis and optimization of website traffic can be better facilitated. Furthermore, by completely knowing about the flow direction of the entire Internet traffic, the traffic state of other websites can be analyzed and understood from the whole perspective so as to know everything.
Brief Description of Drawings FIGs. I (a) and 1(b) are flow diagrams of a method for analyzing a source and a destination of Internet traffic in the disclosure; and FIGs. 2(a) and 2(b) are schematic diagrams of a traffic source obtained by the method for analyzing a source and a destination of Internet traffic in the disclosure.
Description of Embodiments
The disclosure will be described in detail below with reference to the accompanying drawings and embodiments. The following embodiments are not intended to limit the invention. Variations and advantages that can be conceived by those skilled in the art are included in the disclosure without departing from the spirit and scope of the disclosure.
As mentioned above, DNS (Domain Name System) is a distributed database which provides a mapping between a domain name and an IP address on the Internet. DNS can allow a user to access Internet more conveniently without memorizing the IP strings of numbers that can be directly read by machine. When accessing a website, the user type its domain name in the browser first and press an enter key. Then the browser initiates a DNS request. With the DNS technique, the browser obtains an IP address of the server corresponding to the domain name, and then initiates an HTTP request for the IP address. The above-described steps are the DNS name resolution technique.
The DNS logs can be generated during the above-described domain name resolution process.DNS logs can record a response content of each DNS request, and can almost record domain name information of all the user requests. A format for the DNS logs will be described below: l4.***.***.10|www.baidu.com|201412110359321180.***.***. 107:180.***.***.1 08|0
Source IP | Domain Name | Time stamp | Resolution IP | Status Code i.e., the DNS log consist of “Source IP”, “Domain name”, “Time stamp”, “Resolution IP” and “Status code”.
Since the DNS log include the domain name information of all the user requests, the present inventors contemplate that the source and the destination of the website traffic is analyzed by reprocessing the DNS log. However, the log also includes a large amount of abnormal and invalid information. For example, the server may also initiate DNS requests so as to generate a large amount of domain name information, and Internet crawlers and even network attacks may generate a large number of DNS requests. These requests are unable to reflect the real access path of a user truly and effectively. Based on the above situation, the present inventors contemplate that the source and destination of Internet traffic is effectively obtained by cleaning behaviors of non-human accesses in the log as much as possible. FIG. lisa flow diagram of the method for analyzing a source and a destination of Internet traffic in the disclosure. As shown in FIG. 1, the method for analyzing a source and a destination of Internet traffic in the disclosure include the following steps.
First, DNS logs that cannot reflect the real access path of a user are filtered (step SI).As described above, since the DNS request includes many domain names that cannot truly and effectively reflect the real access path of a user, cleaning is required. For example, by setting a black list and a white list, DNS logs containing domain name requests of significant concern are retained, and DNS logs containing non-human domain name requests generated by a server are removed. The non-human domain name requests generated by a server can be removed by setting a black list. Some domain names of significant concern can be retained by setting a white list. The white list has a higher priority than that of the black list. Additionally, the removal of the DNS logs further includes removing logs accessed by an enterprise IP, and logs where the IP is not resolved, in which the enterprise IP is removed because it may generate logs accessed by multiple persons simultaneously, and affects the judgment of a personal access track; and a log with unresolved IP is removed, that is, a log with access failure is removed. Log filtering is performed with different dimensions, so that the DNS logs reflecting the real access path of a user can be obtained.
Then, the DNS logs obtained after the log filtering step is segmented based on the source IP, the time stamp difference, and the central domain, so that the segmented domain is obtained (step S2).
The detailed steps are as follows. 1) Segmentations based on the source IP (step S21) are provided. The DNS log is segmented based on the source IP so as to obtain continuous DNS logs with the same source IP over a period of time.
For example, source IP1.1.1.1 is different from source IP2.2.2.2, so that the log is segmented. It is shown as follows:
Source IP | Domain Name | Time stamp | Resolution IP | Status Code l.l.l.l|www.baidu.com|20141211035932ll80. ***.***.107;180.***.***.108|0 l.l.l.l|www.qq.com|201412110359321180.***.***. 107:180.***.***. 10810 ---------------------------------------Log cutting Line----------------------------------------- 2.2.2.2|www.baidu.com|20141211035932ll80.***.***.107:180.***.***.10810 2.2.2.2|www.qq.com|20141211035932ll80.***.***. 107:180.***.***.10810 2) Then, the logs segmented based on the source IP are segmented based on the time stamp difference (step S22).The segmentation based on the time stamp difference means that the logs after being segmented based on the source IP are segmented based on the time stamp difference in the DNS logs. If the time stamp difference in two DNS logs is longer than a specified time length, the two DNS logs are split up (the reason for the segmentation is that the interval of the logs is so long that the two logs are considered as two different behaviors).The specified time length can be adjusted as needed. In the embodiment, the specified time length is three seconds, i.e., the log may be segmented if the intervals of the time stamps is longer than three seconds.
For example, as shown below, the DNS log of source IP2.2.2.2 is further segmented based on the time stamp difference thereof (Time stamp 20141211035932 indicates 3 (hour):59 (minute):32 (second) on December 11, 2014).
Source IP | Domain Name | Time stamp | Resolution IP | Status Code 2.2.2.2|www.baidu.com|20141211000001ll80.***.***.107:180.***.***.10810 2.2.2.2|a.qq.com|20141211000002ll80.***.***.107:180.***.***. 10810 2.2.2.2|b.baidu.com|20141211000003ll80.***.***.107:180.***.***.10810 2.2.2.2|c.tanx.com|20141211000004ll80.***.***.107:180.***.***. 10810 2.2.2.2|c.allves.com|20141211000005ll80.***.***.107:180.***.***. 10810 ---------------------------------------Log cutting line------------------------------------------- 2.2.2.2|www.sina.com|20141211000009ll80.***.***. 107:180.***.***.10810 ---------------------------------------Log cutting line------------------------------------------- 2.2.2.2|www.qq.com|201412110000015ll80.***.***. 107:180.***.***. 10810 ---------------------------------------Log cutting line------------------------------------------- 2.2.2.2|www.qq.com|201412110000019ll80.***.***. 107:180.***.***. 10810 ---------------------------------------Log cutting line------------------------------------------- 2.2.2.2|www.a.com|201412110000024ll80. ***.***,107;180.***.***.108|0 ---------------------------------------Log cutting line------------------------------------------- 2.2.2.2|www.b.com|201412110000029ll80.***.***. 107:180.***. ***.10810
As shown above, since the difference between 05 seconds in the time stamp 20141211000005 and 09 seconds in the time stamp 20141211000009 is four seconds (longer than three seconds), the log is split up. The difference between 20141211000009 and 201412110000015 is six seconds, thus the log is also split up.
As described above, the log is segmented into six parts. The source IP:2.2.2.2 in the first part of the log accessed five domain names consisting of www.baidu.com, a.qq.com, b.baidu.com, c.tanx.com, and c.allyes.com.According to a judgment method of an access behavior of a user, it can be concluded that the user actually only accesses www.baidu.com, and the remaining four domain names are only domain name requests additionally generated after the user clicks www.baidu.com, and are not the real access behaviors of a user. Therefore, it can be concluded from the first part of the log that, the user accesses the path of the domain name, that is,www.baidu.com. A method for determining the access behavior of a user mentioned here is as follows: when a user clicks a URL, some other domain names besides the domain name of the current URL are requested. All the other domain name requests after the URL domain name request can be obtained by the crawler technique, and the crawled domain name requests are matched with the domain name part segmented from the DNS log, so that the correspondence between the DNS log and the domain name actually accessed by the user can be obtained. From the correspondence obtained by this method, it can be known that this part of log reflects that the user actually accesses www.baidu.com. The second part of the log only has www.sina.com, so that www.sina.com is the domain name path accessed by the user.
After the paths of the above logs are connected, the obtained paths are shown as follows: www.baidu.com > www.sina.com > www.qq.com > www.qq.com > www.a.com > www.b.com.
Then, the paths obtained by segmentation based on the time stamp diiference are merged in accordance with the same domain, i.e., the second-level domain here, and the merged result is as follows: baidu.com>sina.com>qq.com>a.com>b.com.
The above-described path is a path among the access behaviors of the source IP, and all the access paths of all the source IP can be calculated according to such a rule. 3) Next, the above-described results are segmented based on the central domain (step S23).The central domain which is mainly analyzed based on the user/system requirements is analyzed to know that, from where the user comes to the central domain and to which domains the user then goes from the central domain.For example, a.com in the log is considered as a central domain, and it is shown as follows: baidu.com > sina.com > qq.com >a.com > b.com.
For example, the four paths of the foregoing source IP are listed below, and only the source domains of the first three layers of the central domain in each path are exemplified, and the path processing logic behind the central domain is consistent with the path processing logic prior to a processing of the central domain. The actual number of layers can be adjusted according to specific needs. They are also shown in FIG. 2(a):
Source Domain 3 > Source Domain 2 > Source Domain 1 > Central Domain
Path 1: baidu.com > sina.com > qq.com >a.com (central domain)
Path 2: sina.com > baidu.com > qq.com >a.com (central domain)
Path 3: youku.com > sina.com > baidu.com >a.com (central domain)
Path 4: baidu.com > qq.com > youku.com >a.com (central domain)
Finally, all the four access paths of the foregoing source IP are summarized in the data summarization step.The summarization diagram is shown in FIG. 2(b).
The summary of the central domain is four a. com.
The summary of the Source Domain 1 is two qq.com, one baidu.com, and one youku.com.
The summary of the Source Domain 2 is two sina.com, one baidu.com, and one qq.com.
The summary of the Source Domain 3 is twobadu.com, one sina.com, and one youku.com.
From a visualization drawing as shown in FIG. 2(b), it can be clearly seen which domains were accessed by the user accessing the central domain a.com in the last step, and which domains were accessed by the user before, and so on.
When all source IPs are processed according to the logic, the source and destination of the entire Internet traffic can be seen.
By means of the analysis method of the disclosure, the source and the destination of the Internet traffic can be mastered based on the central domain name to be analyzed, so that analysis and optimization of website traffic of central domain name website can be better facilitated. Furthermore, by completely knowing about the flow direction of the entire Internet traffic, the traffic state of other websites can be analyzed and understood from the whole perspective so as to know everything.
The above-described aspects are only the preferred embodiments of the disclosure and are not intended to limit the scope of the disclosure. Any equivalent variations and modifications made according to the claims of the disclosure should fall within the technical scope of the disclosure.
Claims (9)
1. A method for analyzing a source and a destination of Internet traffic, which obtains the source and the destination of the Internet traffic by processing a DNS log, the method comprising the following steps: a log filtering step of filtering DNS logs that can not reflect a real access path of a user; a log segmentation step of sequentially segmenting, according to a source IP, a time stamp difference and a central domain, the DNS logs obtained after the log filtering step to obtain segmented access paths; and a data summarization step of summarizing all the segmented access paths.
2. The analysis method according to claim 1, wherein by setting a black list and a white list in the log filtering step, DNS logs containing domain name requests of significant interest are retained, and DNS logs containing non-human domain name requests generated by a server are removed.
3. The analysis method according to claim 2, wherein the removal of the DNS logs further includes removing logs accessed by an enterprise IP and logs where the IP is not resolved.
4. The analysis method according to claim 3, wherein the DNS log segmentation based on the source IP is to obtain continuous DNS logs with the same source IP over a period of time.
5. The analysis method according to claim 4, wherein the segmentation of logs based on the time stamp difference is to segment, based on the time stamp difference in DNS logs, the logs after being segmented based on the source IP, and if the time stamp difference in two DNS logs is longer than a specified time length, the two DNS logs are split up.
6. The analysis method according to claim 5, wherein the specified time length is three seconds.
7. The analysis method according to claim 6, further comprising, after the step of segmenting the DNS logs based on the time stamp diiference, a merging step of converting the domain name in the access paths obtained by the segmentation into a domain, and merging continuous identical domains, so as to obtain a path of the source IP.
8. The analysis method according to claim 7, wherein the segmentation based on the central domain is to segment the path of the source IP based on the central domain, the access path obtained after the segmentation being: source domain name n+...+source domain name 1+central domain name+destination domain name l+...+destination domain name n, and the central domain is a domain to be mainly analyzed based on user/system requirements.
9. The analysis method according to claim 8, wherein all the access paths of the source IP, which are obtained after the segmentation step based on the central domain, are summarized in the data summarization step.
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201610231212.XA CN105704260B (en) | 2016-04-14 | 2016-04-14 | A kind of analysis method of internet traffic source whereabouts |
PCT/CN2016/095672 WO2017177591A1 (en) | 2016-04-14 | 2016-08-17 | Method for analyzing source and destination of internet traffic |
Publications (1)
Publication Number | Publication Date |
---|---|
GB2564057A true GB2564057A (en) | 2019-01-02 |
Family
ID=56216713
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
GB1816212.3A Withdrawn GB2564057A (en) | 2016-04-14 | 2016-08-17 | Method for analyzing source and destination of internet traffic |
Country Status (5)
Country | Link |
---|---|
JP (1) | JP7075348B2 (en) |
CN (1) | CN105704260B (en) |
GB (1) | GB2564057A (en) |
RU (1) | RU2702048C1 (en) |
WO (1) | WO2017177591A1 (en) |
Families Citing this family (8)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN105763633B (en) * | 2016-04-14 | 2019-05-21 | 上海牙木通讯技术有限公司 | A kind of correlating method of domain name and website visiting behavior |
CN105704260B (en) * | 2016-04-14 | 2019-05-21 | 上海牙木通讯技术有限公司 | A kind of analysis method of internet traffic source whereabouts |
CN107846480B (en) * | 2016-09-19 | 2021-04-20 | 贵州白山云科技股份有限公司 | NXDOMAIN response packet processing method and device |
CN107707545B (en) * | 2017-09-29 | 2021-06-04 | 深信服科技股份有限公司 | Abnormal webpage access fragment detection method, device, equipment and storage medium |
CN109150819B (en) * | 2018-01-15 | 2019-06-11 | 北京数安鑫云信息技术有限公司 | A kind of attack recognition method and its identifying system |
US10834214B2 (en) | 2018-09-04 | 2020-11-10 | At&T Intellectual Property I, L.P. | Separating intended and non-intended browsing traffic in browsing history |
CN110138684B (en) * | 2019-04-01 | 2022-04-29 | 贵州力创科技发展有限公司 | Traffic monitoring method and system based on DNS log |
CN111526065A (en) * | 2020-04-13 | 2020-08-11 | 苏宁云计算有限公司 | Website page flow analysis method and system |
Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20030188119A1 (en) * | 2002-03-26 | 2003-10-02 | Clark Lubbers | System and method for dynamically managing memory allocated to logging in a storage area network |
CN102004883A (en) * | 2010-12-03 | 2011-04-06 | 中国软件与技术服务股份有限公司 | Trace tracking method for electronic files |
CN105357054A (en) * | 2015-11-26 | 2016-02-24 | 上海晶赞科技发展有限公司 | Website traffic analysis method and apparatus, and electronic equipment |
CN105704260A (en) * | 2016-04-14 | 2016-06-22 | 上海牙木通讯技术有限公司 | Method for analyzing where Internet traffic comes from and goes to |
Family Cites Families (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
AU2001265051A1 (en) * | 2000-05-26 | 2001-12-11 | Akamai Technologies, Inc. | Global load balancing across mirrored data centers |
JP5159899B2 (en) * | 2008-02-11 | 2013-03-13 | ドルビー ラボラトリーズ ライセンシング コーポレイション | Dynamic DNS system for private networks |
US8380870B2 (en) * | 2009-08-05 | 2013-02-19 | Verisign, Inc. | Method and system for filtering of network traffic |
RU105758U1 (en) * | 2010-11-23 | 2011-06-20 | Валентина Владимировна Глазкова | ANALYSIS AND FILTRATION SYSTEM FOR INTERNET TRAFFIC BASED ON THE CLASSIFICATION METHODS OF MULTI-DIMENSIONAL DOCUMENTS |
-
2016
- 2016-04-14 CN CN201610231212.XA patent/CN105704260B/en active Active
- 2016-08-17 RU RU2018139991A patent/RU2702048C1/en active
- 2016-08-17 WO PCT/CN2016/095672 patent/WO2017177591A1/en active Application Filing
- 2016-08-17 JP JP2018554481A patent/JP7075348B2/en active Active
- 2016-08-17 GB GB1816212.3A patent/GB2564057A/en not_active Withdrawn
Patent Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20030188119A1 (en) * | 2002-03-26 | 2003-10-02 | Clark Lubbers | System and method for dynamically managing memory allocated to logging in a storage area network |
CN102004883A (en) * | 2010-12-03 | 2011-04-06 | 中国软件与技术服务股份有限公司 | Trace tracking method for electronic files |
CN105357054A (en) * | 2015-11-26 | 2016-02-24 | 上海晶赞科技发展有限公司 | Website traffic analysis method and apparatus, and electronic equipment |
CN105704260A (en) * | 2016-04-14 | 2016-06-22 | 上海牙木通讯技术有限公司 | Method for analyzing where Internet traffic comes from and goes to |
Also Published As
Publication number | Publication date |
---|---|
WO2017177591A1 (en) | 2017-10-19 |
CN105704260A (en) | 2016-06-22 |
JP2019514303A (en) | 2019-05-30 |
CN105704260B (en) | 2019-05-21 |
RU2702048C1 (en) | 2019-10-03 |
JP7075348B2 (en) | 2022-05-25 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
GB2564057A (en) | Method for analyzing source and destination of internet traffic | |
CN109905288B (en) | Application service classification method and device | |
CN107251526A (en) | The network address translation | |
CN103888490A (en) | Automatic WEB client man-machine identification method | |
CN102065147A (en) | Method and device for obtaining user login information based on enterprise application system | |
CN104579773A (en) | Domain name system analysis method and device | |
WO2015141665A1 (en) | Website information extraction device, system, website information extraction method, and website information extraction program | |
CN109214647B (en) | Method for analyzing overflow effect among online access channels based on network access log data | |
Hemdan et al. | Spark-based log data analysis for reconstruction of cybercrime events in cloud environment | |
Jyothi et al. | A study on raise of web analytics and its benefits | |
KR101055871B1 (en) | Apparatus and method for extracting user session information through real-time analysis of web logs | |
WO2017177590A1 (en) | Method for associating domain name with website access behavior | |
Castellana et al. | Noise-induced transitions of the Atlantic Meridional Overturning Circulation in CMIP5 models | |
Shu-yue et al. | The study on the preprocessing in web log mining | |
CN113453076B (en) | User video service quality evaluation method, device, computing equipment and storage medium | |
CN112738221B (en) | Auditing method and device for object storage flow | |
CN115333971A (en) | IPv6 support degree monitoring method and related equipment | |
Verma et al. | Web Usage mining framework for Data Cleaning and IP address Identification | |
Shrivastava et al. | Extracting knowledge from user access logs | |
Kobayashi et al. | amulog: A general log analysis framework for comparison and combination of diverse template generation methods | |
Muhammad et al. | Visualizing web server logs insights with elastic stack–a case study of ummail’s access logs | |
Mowla et al. | Analysis of web server logs to understand internet user behaviour and develop digital marketing strategies | |
Ganibardi et al. | Weblog Data Structuration: A Stream-centric approach for improving session reconstruction quality | |
Pande et al. | A study of web traffic analysis | |
CN112818278B (en) | Method and system for checking internet hosting website |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
789A | Request for publication of translation (sect. 89(a)/1977) |
Ref document number: 2017177591 Country of ref document: WO |
|
WAP | Application withdrawn, taken to be withdrawn or refused ** after publication under section 16(1) |