TW201105065A - IP network information error checking and analyzing system - Google Patents

Abstract

An Internet protocol (IP) network information error checking and analyzing system includes two sub-systems, which are a distributed probe (DP) and a server host group, respectively responsible for the functions of collection and detection of information between any two nodes in the network, deep analysis and man-machine interface. The distributed probe (DP) is constructed on various nodes of each IP backbone. The server host group is connected to one of the nodes of the IP backbone network via network, thereby achieving the function of centrally controlling, managing and analyzing the information of each IP backbone network. The server host group includes: a website server, a database server, a real-time information duplication system (RIDS), an information analyzing apparatus module and a reporting form server module. The present invention makes use of the cloud computing architecture, so that, when being collected by distributed probe (DP) sub-system and introduced into the RIDS apparatus, the IP network information can be further introduced into various information analyzing apparatus modules for respectively analyzing and detecting information data, such asP2P (Peer-to-Peer) information, DDoS (Distributed Denial of Service) attack, VoIP (Voice over Internet Protocol) information, L7 (layer 7) communication protocol and information QoS (Quality of Service), in real time.

Description

201105065 VI. Description of the Invention: [Technical Fields of the Invention] The present invention relates to an IP network traffic error detection and analysis line, in particular to a cloud computing architecture to achieve collective control and analysis of various jp backbone networks. The function of the service. [Prior Art] At present, the traditional _ road traffic error detection and analysis, mainly using aiem Se mode, requires a variety of non-complex client settings to touch @& Sefvei. It lacks more than 5 kinds of traffic troubleshooting and analysis functions. Each module can be sent to more than 25 servers with more than 5 software implementations. If it is not integrated at this stage, It is not a viable model. In view of the shortcomings of the above-mentioned system technology, the inventor of the present invention has improved and innovated, and after years of painstaking research, he finally succeeded in research and development and completed the investigation and analysis of the money. Xiang Xiang ClGud CGmputing's "Distributed Branch" (& mumpmg) concept has taken a huge computational work into thousands of her small assignments, and simultaneously operated on the phase 'multiple feeders. SUMMARY OF THE INVENTION The purpose of the present invention is to provide an IP network traffic distributed arrangement, centralized control and money checking and disc analysis system, which can respectively target P2P communication, DD () S attack, verification service, U communication protocol. ^ Analysis and testing when discussing bribes (4) with QoS. Can achieve the secret IP network _ _ _ _ analysis of Wei, this Wei contains a distributed detector (DP) overturned host group and other two major money. The servant host group includes 201105065 website ship f, f library ship $, ie _瞒 copy Wei general device (RIDS), traffic analysis device module and report ship module. Instant messaging replication replays (rids) and traffic analysis device modules, using Cloud Computing architecture, #jpnet job* decentralized detector (DP) subsystem collection, and importing coffee 5 devices, further Import a variety of traffic analysis device modules, which can be used for individual analysis and detection of P2P bribes, DD〇s attacks, camping services, L7 communication protocols, and traffic QoS data. The analysis equipment of each module is composed of 35 different traffic analysis devices; after analyzing the traffic data, it is transmitted to the dedicated report server of each module. For five different traffic analysis, use the non-traffic analysis device module ‘with the modular (4) view of the service (7) for traffic troubleshooting and analysis. [Embodiment] > Reading is a system architecture diagram of the 1p network traffic error detection and analysis system of the present invention. As can be seen from the figure, the present invention is composed of a distributed probe (Dp) U oil (four) main Lin U and the like. The large subsystems are responsible for the deep analysis of the money detection and the human-machine boundary function of the communication between the nodes on the network. The towel dispersing _ device (Dp) u wire is set on each IP backbone network (positive backbone) at each (four) point 'butter m lin 12 through the net material (four) one of the backbone network 'points' into a centralized control And the function of analyzing the traffic of each ιρ backbone network. The θ 刀 月 月 detector u, in the hardware part, needs to be the same as the general commercial pc architecture, the expansion stability must be more reliable, enough to meet the long-term non-stop work requirements of the computer platform; the sister part needs to have Stable operation, _ allows multi-person multiplexes to go online and relatively less resource-intensive generations''. The main function of the distributed detector 11 is the instant network server! ', the operation of the usual N threat _ Lin router (five) ge r. Coffee) or customer 201105065 CustomerEnd (CustomerEnd), through the routing (or exchange) copy 埠 (Mirr〇rp〇rt) or network tap (Tap) to achieve the purpose of traffic retrieval and monitoring.

The server host group 12' of the present invention is composed of a website server 13, a sine server 14 and an instant message copy Wei ship H (RIDS) 15, a traffic analysis device module (AS) 16 and a report server module. Group 17 consists of. Among them, the _the ship 13 mainly provides a man-machine operation interface to view the scattered _· U state, the slave (4) touch device, and the fourth layer to the seventh layer information of the ιρ scale message. The database is (four) 14 and the bribes are stored in the package. Along the still, the packet data of the database Wei 14 is introduced into a plurality of traffic analysis device modules, which can synchronously divide the traffic and generate alarms for the development of the wire. The report server module 17 is responsible for outputting the final detection result generated by each traffic analysis module 16, including various packet analysis reports of the network, including p2p communication, DD〇s attack chat service, and port. Communication protocols, analysis and troubleshooting of traffic QoS. Please refer to FIG. 2 , which is a functional architecture diagram of the decentralized detector and the server host group of the network traffic error detection and analysis system of the present invention, wherein the distributed detector η, The Network Monitoringj data can be transmitted back to the server host group 12 using the FTP (File T_fer p) protocol. It is responsible for the man-machine interface _ship 13_rap (Hyp_prepr_) and the Java programming language to write dynamic web pages and utilize them. The RIDS 15 and the personnel of the traffic analysis equipment module 16 function, the personnel of the table data are controlled. The limited management mechanism will have the set online inquiry personnel and the output report, please refer to Figure 3, which is the IP network of the invention] The main module of the error detection and analysis system, the test module, can be seen, including the needle management such as 8 (that is, the main task) and the 201105065 Ganna node of the distributed detector 11 two parts. The system gathers the tender type 11 and turns it through, and the 5 core components of the coffee crepe are re-prepared, and the instant distribution is transmitted to each traffic analysis module I6 for analysis, and the result of the analysis of the equipment is reported to her. ,return The reporter can generate a report according to the received thief period. The client provides the client transfer interface, and can enter the system to observe the network status; the distributed detector U can collect the client's IP traffic immediately. 'And send the traffic axis to the core components of TMs 15 and distribute it to the weaving module for real-time network traffic analysis and troubleshooting. 4See Figure 4 for IP network traffic troubleshooting and analysis of the present invention. The solitary S of the system is integrated with the traffic analysis device module __, and the structure of the (five) C. kiosk (four), wherein the traffic analysis device module 16 includes a p2PAna (four) micro-meter s An_ module, alyzer 杈 group, L7 Protocol Anaiyzer module and network Q〇s (4) module and other five kinds of knife analysis, i, "Do not target P2p services, DDgS attacks, service, port protocol, and network (10) and other traffic information For analysis and error checking, each module is composed of n different servo blades, and the traffic data is analyzed and transmitted to the dedicated report server 20 of each module. The present invention can be directed to Different traffic, using different traffic analysis devices, to analyze and analyze the network. It can generate different _ _, can be synchronized with each other and analyze the location of the problem, and send a warning message to the report pin mG, which can help users in different money and different network conditions τ, remunerate female When the report server 0 receives the critical value of the network security critical value, it immediately transmits the abnormal return information to the traffic analysis device module 16 of the present invention in the network management, including the p2p Analyzer module, DD dip 201105065

Analyzer Module ' VoIP Analyzer Module, [7 Protocol Analyzer Module and Network Q〇S

Analyzer module _ 5 kinds of analysis modules, the towel p2p Αη & ι ^ module can be used to analyze the 'p2p application or p2p secret protocol in the network traffic> Frequently, it not only helps the administrator to understand the transmission of the overall network traffic, but also statistical analysis of the traffic. Through Cong 15, the signal is used to determine the SHIPPING and the specific network protocol for the uplink or downlink of the traffic surface for further p2p deep analysis. The DDoS Analyzer 4 can be used for D〇s attacks, including tcp (Transmission Control Protocol) Do8. UDP (User Datagram Protocol)

Flood DoS attack, DDoS attack, and ICMp ( Int_t c〇mr〇1 M(10) pr〇_

DoS attacks and other 'synchronous real-time monitoring of the number of packets in the regional network is abnormal, and with the dynamic packet transition, the purpose of the Mugget DgS attack is continued. #攻出域_Warning message Returned to the network administrator through the reward server. A VoIP Analyzer » iUHi SIP ( Session Initiation Protocol) > H.232

MGCP (check Gateway CG coffee iPfQt_丨) _ 彳 彳 尔, and can target

VoIP voice and video volume (four). For the analysis of Chi __ just carried out detailed statistical analysis _ road maintainers can palm _ road towel for the quality of communication. The L7Pr〇t0colAnalyzer module is a Layer 7 network analysis tool that uses “Deep Packet Inspection (DPI), instant detection and classification; and the Q()S parameter of the scale is actually transmitted through _, _ _ The road performance parameter value is displayed, and the alarm action is achieved in combination with the report generalizer 2; the detailed data is _ report dumping on the fine slave, the side road recording. The display of the sword table can clearly understand the network The distribution of the program of the service, let the network maintenance deduction 201105065 will test the various problems of the network, and the trend of the program is not required. The network QoS Analyzer module provides network quality. The status of the real-time gamma, mainly for packet loss, transmission delay, packet transmission order, and other erroneous (four) monitoring. For example, when the network causes the transmission delay to increase, or a large number of packets are lost, this analysis The nuclear group can fine-tune the situation of this shop. After the integration, the various types of QgS messages can be sent to the manager, and before the abnormal threshold is exceeded, the network can be pre-issued. qgS In addition, 'this module can also view the long-term network traffic @表' and then analyze the trend of future traffic.) The ip linxue bribes provided by the present invention are compared with other Longlin. It has the following advantages: 1. Using the IP network traffic error detection and analysis system of the present invention, with instant detection function, capable of viewing, measuring, and collecting related data such as stability and reliability of the IP network, as the current network The basis of road performance detection, diagnosis, simulation, and prediction of future traffic growth. 2. The IP network traffic error detection and analysis system of the present invention can provide various types of network detection services, such as enterprise network security and Performance check, etc. 3. Capture the packet records flowing through the network and the data exchange situation of the application, used to simulate the construction of real network traffic' and analyze the diagnostic secret layer, the program activity between the layers. The measurement device (Dp) and the Instant Messaging Reproducing Server (RIDS) of the standard detector of the unified function greatly reduce the cost of the installation service. 201105065 5. 6. The a〇ud CGmputing of the present invention麟实作Ip __Distributed cloth Centralized s control traffic error detection and analysis system is also applicable to ip' network unmanned computer room, with network management system, _ _ _ transport. Also can match the view of the kiss

Operating Center) Wei's _ road traffic analysis and troubleshooting. The invention can separately analyze and detect the traffic data such as P2P communication, DDqS attack, relay service, U communication protocol, and traffic (10).

The detailed description above is a detailed description of one of the possible embodiments of the present invention, but the embodiment is not intended to be used in the context of the patent (b), and the equivalent implementation or modification of the spirit of the present invention should be included in The patent scope of this case. The case is not only innovative in terms of technical thinking, but also able to enhance the above-mentioned multiple functions compared with conventional articles. 'It should be in full compliance with the new and progressive statutory invention patents, and Mai applied to apply for 'ride tree materials, paste _ Kang will be. [Simple diagram of the diagram] • _1 is the system frame of the positive network traffic error detection and analysis system of the present invention; Figure 2 is the distributed detector and the host group of the network communication error detection and analysis system. The functional architecture diagram between the two; Figure 3 is the 1p clear 1 瞒 check and analysis of the main _ test structure diagram of the money; The picture shows the "Hi IP 瞒 瞒 瞒 瞒 与 与 与 与 与 即时 即时 即时 即时 即时 即时Integrate the test architecture diagram with the traffic analysis device. [Main component symbol description] 11 distributed detector 201105065 12 server host group 13 website server 14 database server 15 instant message replication reproduction server 16 traffic analysis device module 17 report server module 18 centralized Management system 19 traffic analysis device 20 report server

Claims (1)

201105065 VII. Patent application scope: 1. A 1p network traffic error detection and analysis system, comprising at least: a distributed detector (10) ributed probe, DP) subsystem, comprising a plurality of distributed detectors, respectively erected on each IP The (4) points on the backbone network (IPbackb〇ne) are mainly responsible for the functions of traffic, set detection, deep analysis and human-machine interface between the paste nodes on the network; the station Wei H' provides the human-machine interface, and the reading is scattered. Ageing, setting and controlling the overall device to analyze IP network traffic data; a database health device's connection to one of the nodes on the IP backbone network by the website ship to store the scattered detectors Business information; 'Time communication copy reproduces (4) (deleted), f material library health (four) stored information data to generate copy backup data 'Lin time points transferred to each analysis device module; ^ traffic analysis equipment · , including not-to-do analysis devices, and instant messaging 2. The re-creation server is connected to the cloud computing architecture to analyze and measure different traffic data in a timely manner; - the report server, including the analysis device report output device of the service analysis group. Output analysis and error reporting of different traffic data. For example, the IP network traffic error detection and analysis system described in claim i, wherein the scattered detection II subsystem, Wei placed on the scale edge router (Edge ^ terminal gamma Γ 透过 through routing (or The exchange of the device (5) bribes or network taps (Tap) to achieve the purpose of traffic capture and homage, and the use of the agreement to collect the instant network of cheats to kiss the library server. 11 201105065 3. The IP network for error detection and analysis system as described in the scope of the patent application scope, wherein the traffic analysis device can analyze and analyze the traffic information, which may include p2p traffic, DD〇s attacks, VoIP services, L7 communication protocols, and network qoS and other traffic information. 4. The network traffic error detection and analysis system described in Patent Application No. w, wherein the analysis device of the traffic analysis device module 'Can include P2P Analyzer module, DD〇s A ring (10) module, VoIP AnaiyZer module, L7 Protocol Analyzer module, and network Q〇s Analyzer module. 5. If you apply for patent scope 4 M network traffic error detection and analysis system, wherein the P2P Analyzer module It can monitor the bandwidth of the p2p application or the p2p network protocol in the network traffic, and the deep P2P analysis of the traffic on the uplink or the downlink for specific services and specific network protocols through RIDS. 6. The IP network traffic error detection and analysis system described in claim 4, wherein the DDoS Analyzer module can synchronize the real-time monitoring area network by analyzing multiple network monitoring programs on the device. Whether the number of packets is abnormal and cooperates with the dynamic packet filtering function to defend against DoS attacks. 7_ As described in claim 6 of the scope of the patent, the network traffic error detection and analysis system, wherein the DoS attack may include TCP (Transmission Control Protocol) DoS attack, UDP (User Datagram Protocol) Flood DoS attack, DDoS attack, and ICMP (Internet Control Message Protocol) DoS attack, etc. 8. IP network traffic as described in claim 4 Error detection and analysis system, where the VoIP Analyzer module can analyze various protocols such as SIP, H.232, MGCp, and quantitatively measure VoIP voice and video. 12 201105065 9 · The IP network traffic error detection and analysis system described in claim 4, wherein the L7 Protocol Analyzer module utilizes deep packet inspection (Dpi) technology for network traffic to be analyzed. Perform real-time detection and classification; the Q〇s parameters of the network can be actually expressed through the network performance parameter values such as Dday and Jitter, so as to clear the distribution status of the application of the road traffic. 1 〇 · The IP network traffic error detection and analysis system described in the fourth paragraph of the patent, wherein the network QOS partial yzer module provides the instant side function of the network quality status, mainly for the packet Loss, transmission delay, packet transmission scale, and other errors for immediate monitoring, instant access to the QoS status of the network. Two 13