TW202101944A - Network connected apparatus and traffic estimation method thereof - Google Patents

Network connected apparatus and traffic estimation method thereof Download PDF

Info

Publication number
TW202101944A
TW202101944A TW108142511A TW108142511A TW202101944A TW 202101944 A TW202101944 A TW 202101944A TW 108142511 A TW108142511 A TW 108142511A TW 108142511 A TW108142511 A TW 108142511A TW 202101944 A TW202101944 A TW 202101944A
Authority
TW
Taiwan
Prior art keywords
network
traffic
domain name
queries
item
Prior art date
Application number
TW108142511A
Other languages
Chinese (zh)
Other versions
TWI718778B (en
Inventor
李原宏
蔡孟穎
Original Assignee
遠傳電信股份有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 遠傳電信股份有限公司 filed Critical 遠傳電信股份有限公司
Priority to US16/891,083 priority Critical patent/US11316772B2/en
Publication of TW202101944A publication Critical patent/TW202101944A/en
Application granted granted Critical
Publication of TWI718778B publication Critical patent/TWI718778B/en

Links

Images

Landscapes

  • Data Exchanges In Wide-Area Networks (AREA)
  • Telephonic Communication Services (AREA)

Abstract

A network connected apparatus and a traffic estimation method thereof are provided. In the method, multiple network packets are captured, the query frequency for at least one domain name in the network packets are counted, and the network traffic of each network layer or each service type is determined according to the query frequency. In addition, a corresponding type feature is generated for the user based on domain name query record in the embodiments. Accordingly, the Internet experience of the user can be improved based on the evaluated result.

Description

聯網裝置及其流量預估方法Networking device and its flow estimation method

本發明是有關於一種網路管理技術,且特別是有關於一種聯網裝置及其流量預估方法。The present invention relates to a network management technology, and particularly relates to a networked device and a method for estimating traffic.

現今,幾乎每個人都有可連接網際網路(Internet)的裝置(例如,行動電話、平板電腦、筆記型電腦、智慧手錶、智慧家電等),且這些裝置可經由行動網路、其他無線網路或有線網路連接至網際網路。而隨著網路應用服務(例如,社群媒體、串流媒體、線上遊戲、數位教育等)多元化發展,網路營運商的用戶數量及其使用量也指數增長。為了提供給用戶更好的上網體驗,營運商不斷積極增加或升級硬體設備。除了硬體方面的更新,營運商也會透過網路管理方式來配置網路資源。然而,不同用戶對於應用服務的需求不同。因此,如何針對各用戶、公司、政府或企業提供更合適的網路管理、設備佈建及軟硬體配置,是各營運商努力的目標之一。Nowadays, almost everyone has Internet-connected devices (for example, mobile phones, tablets, laptops, smart watches, smart home appliances, etc.), and these devices can be connected via mobile networks and other wireless networks. Connect to the Internet through a road or wired network. With the diversified development of network application services (for example, social media, streaming media, online games, digital education, etc.), the number of users and usage of network operators has also increased exponentially. In order to provide users with a better Internet experience, operators continue to actively increase or upgrade hardware devices. In addition to hardware updates, operators will also configure network resources through network management. However, different users have different requirements for application services. Therefore, how to provide more suitable network management, equipment deployment, and software and hardware configuration for each user, company, government or enterprise is one of the goals of each operator.

有鑑於此,本發明實施例提供一種聯網裝置及其流量預估方法,基於網域名稱查詢來得出網路流量,並據以評估用戶使用服務的行為,進而基於分析結果來調整設備佈建及軟硬體配置。In view of this, the embodiment of the present invention provides a networked device and a method for estimating its traffic. The network traffic is obtained based on the query of the domain name, and the behavior of the user using the service is evaluated accordingly, and the equipment deployment and deployment are adjusted based on the analysis result Software and hardware configuration.

本發明實施例的流量預估方法,其包括下列步驟:擷取數筆網路封包,統計那些網路封包中對於至少一個網域名稱(domain name)的查詢次數,並依據查詢次數判斷網路流量。The traffic estimation method of the embodiment of the present invention includes the following steps: capturing several network packets, counting the number of queries for at least one domain name in those network packets, and judging the network based on the number of queries flow.

本發明實施例的聯網裝置包括但不僅限於通訊收發器及處理器。通訊收發器用以接收數筆網路封包。處理器耦接通訊收發器。處理器擷取那些網路封包,統計那些網路封包中對於至少一個網域名稱的查詢次數。依據查詢次數判斷網路流量。The networking device of the embodiment of the present invention includes but is not limited to a communication transceiver and a processor. The communication transceiver is used to receive several network packets. The processor is coupled to the communication transceiver. The processor retrieves those network packets and counts the number of queries for at least one domain name in those network packets. Judge network traffic based on the number of queries.

基於上述,本發明實施例的聯網裝置及其流量預估方法,藉由分析網域名稱查詢來預測網路流量,並據以評估用戶所欲使用或常用的網路服務應用類型。這些流量及用戶特徵評估,可作為網路營運商後續對設備佈建、資源配置、管理組態等提供更佳的規劃,進而提升用戶的上網體驗。Based on the above, the networked device and the traffic estimation method of the embodiment of the present invention predicts the network traffic by analyzing the domain name query, and then evaluates the types of network service applications that users want to use or commonly used. These traffic and user characteristic assessments can be used as network operators to provide better plans for equipment deployment, resource allocation, management configuration, etc., so as to enhance users' online experience.

為讓本發明的上述特徵和優點能更明顯易懂,下文特舉實施例,並配合所附圖式作詳細說明如下。In order to make the above-mentioned features and advantages of the present invention more comprehensible, the following specific embodiments are described in detail in conjunction with the accompanying drawings.

圖1是依據本發明一實施例的聯網裝置100的元件方塊圖。請參照圖1,聯網裝置100包括但不僅限於通訊收發器110、儲存器130及處理器150。聯網裝置100可以是電腦、智慧型手機、平板電腦、伺服器、路由器、交換機、電信設備或其他電子裝置。FIG. 1 is a block diagram of components of a networked device 100 according to an embodiment of the invention. Please refer to FIG. 1, the networked device 100 includes but is not limited to a communication transceiver 110, a storage 130 and a processor 150. The networked device 100 may be a computer, a smart phone, a tablet computer, a server, a router, a switch, a telecommunication device, or other electronic devices.

通訊收發器110可以是支援諸如第四代(4G)或其他世代行動通訊、Wi-Fi、乙太網路(Ethernet)、光纖網路等通訊收發器,也可以是通用串列匯流排(Universal Serial Bus,USB)、Thunderbolt或其他通訊傳輸介面。在本發明實施例中,通訊收發器110用以接收網路封包。而網路封包是網路中傳輸的資料單元。The communication transceiver 110 can be a communication transceiver that supports fourth-generation (4G) or other generations of mobile communications, Wi-Fi, Ethernet, and fiber optic networks, or it can be a universal serial bus (Universal Serial Bus, USB), Thunderbolt or other communication transmission interface. In the embodiment of the present invention, the communication transceiver 110 is used to receive network packets. The network packet is the unit of data transmitted in the network.

儲存器130可以是任何型態的固定或可移動隨機存取記憶體(Random Access Memory,RAM)、唯讀記憶體(Read-Only Memory,ROM)、快閃記憶體(Flash Memory)、傳統硬碟(Hard Disk Drive,HDD)、固態硬碟(Solid-State Drive,SSD)或類似元件或上述元件之組合的儲存器。在本發明實施例中,儲存器130用於儲存暫存或永久的資料(例如,訓練樣本、預估模型、流量貢獻係數、網路服務應用類型等)、網路封包、軟體模組或其他檔案,且其詳細內容待後續實施例詳述。The storage 130 can be any type of fixed or removable random access memory (Random Access Memory, RAM), read-only memory (Read-Only Memory, ROM), flash memory (Flash Memory), and traditional hard drives. Hard Disk Drive (HDD), Solid-State Drive (SSD) or similar components or a combination of the above components. In the embodiment of the present invention, the storage 130 is used to store temporary or permanent data (for example, training samples, estimation models, traffic contribution coefficients, network service application types, etc.), network packets, software modules, or other File, and its detailed content will be detailed in subsequent embodiments.

處理器150耦接於通訊收發器110及儲存器130,處理器150並可以是中央處理單元(Central Processing Unit,CPU),或是其他可程式化之一般用途或特殊用途的微處理器(Microprocessor)、數位信號處理器(Digital Signal Processor,DSP)、可程式化控制器、特殊應用積體電路(Application-Specific Integrated Circuit,ASIC)或其他類似元件或上述元件的組合。在本發明實施例中,處理器150用以執行聯網裝置100的所有作業,且可載入並執行儲存器130所記錄的各軟體模組、檔案及資料。The processor 150 is coupled to the communication transceiver 110 and the storage 130. The processor 150 may be a central processing unit (CPU) or other programmable general-purpose or special-purpose microprocessors (Microprocessor ), Digital Signal Processor (DSP), programmable controller, Application-Specific Integrated Circuit (ASIC) or other similar components or a combination of the above components. In the embodiment of the present invention, the processor 150 is used to perform all operations of the networked device 100, and can load and execute various software modules, files, and data recorded in the storage 130.

需說明的是,聯網裝置100可設於任何網路中。舉例而言,圖2是依據本發明一實施例的通訊系統20的示意圖。請參照圖2,假設此通訊系統20屬於第三代(3G)、第四代(4G)或其他世代行動通訊網路。通訊系統20可包括使用者設備UE、基地台BS、接取(access)網路21、傳輸/網際網路協定(Internet Protocol,IP)網路22、核心網路23及網際網路24。視實際需求,聯網裝置100可設於傳輸/網際網路協定(Internet Protocol,IP) 網路22、核心網路23或由使用者設備UE與基地台BS所形成的無線網路中。即聯網裝置100是處於所屬網路的某一台網路節點(可以是兩個網路之間的輸入或輸出閘道(gateway),或是設於特定路由路徑上的節點)。It should be noted that the networked device 100 can be set in any network. For example, FIG. 2 is a schematic diagram of a communication system 20 according to an embodiment of the invention. Please refer to FIG. 2, assuming that the communication system 20 belongs to the third generation (3G), fourth generation (4G) or other generations of mobile communication networks. The communication system 20 may include a user equipment UE, a base station BS, an access network 21, a transmission/Internet Protocol (IP) network 22, a core network 23, and an Internet 24. Depending on actual needs, the networked device 100 can be set in a transmission/Internet Protocol (IP) network 22, a core network 23, or a wireless network formed by the user equipment UE and the base station BS. That is, the networked device 100 is located at a certain network node of the network to which it belongs (it may be an input or output gateway between two networks, or a node located on a specific routing path).

需說明的是,在其他實施例中,依據不同系統架構,圖2的無線網路也可以置換成Wi-Fi無線網路,或是置換成有線乙太網路、數位用戶迴路(Digital Subscriber Line,DSL)、光纖網路、或電纜網路,且接取網路21、傳輸/IP網路22、及/或核心網路23內設備也可對應改變,本發明不加以限制。It should be noted that in other embodiments, depending on different system architectures, the wireless network in Figure 2 can also be replaced with a Wi-Fi wireless network, or with a wired Ethernet network, or a digital subscriber line (Digital Subscriber Line). , DSL), optical fiber network, or cable network, and the equipment in the access network 21, transmission/IP network 22, and/or core network 23 can also be changed accordingly, and the present invention is not limited.

為了方便理解本新型創作實施例的操作流程,以下將舉諸多實施例詳細說明本新型創作實施例中聯網裝置100對網路流量的預估方法。下文中,將搭配聯網裝置100中的各項元件及模組說明本新型創作實施例所述之方法。本方法的各個流程可依照實施情形而隨之調整,且並不僅限於此。In order to facilitate the understanding of the operation flow of the creative embodiment of the present invention, a number of embodiments will be given below to describe in detail the method of estimating network traffic by the networked device 100 in the creative embodiment of the present invention. Hereinafter, various components and modules in the networked device 100 will be used to illustrate the method described in the creative embodiment of the present invention. Each process of the method can be adjusted accordingly according to the implementation situation, and is not limited to this.

圖3是依據本發明一實施例的流量預估方法的流程圖。請參照圖3,處理器150透過通訊收發器110擷取網路封包(步驟S310)。具體而言,處理器150可透過諸如Wireshark、tcpdump、SmartSniff、libpcap、winpcap或相似者的軟體或程式庫來抓取網路封包,並對接收的網路封包進一步解析。在一實施例中,處理器150至少具備解析網域名稱系統(Domain Name System,DNS)查詢(query)/要求(quest)、或DNS相關封包的功能,並可得出DNS相關封包中所欲查詢的網域名稱(及/或對應IP位址)。Fig. 3 is a flowchart of a flow estimation method according to an embodiment of the present invention. Referring to FIG. 3, the processor 150 captures the network packet through the communication transceiver 110 (step S310). Specifically, the processor 150 may capture network packets through software or libraries such as Wireshark, tcpdump, SmartSniff, libpcap, winpcap, or similar, and further analyze the received network packets. In one embodiment, the processor 150 has at least the function of resolving domain name system (Domain Name System, DNS) queries/quests, or DNS-related packets, and can derive all the desired DNS-related packets The query domain name (and/or corresponding IP address).

舉例而言,表(1)是一範例說明對DNS查詢的封包解析結果: 表(1) 時間戳 網域名稱 4/2 04:44:00 www.youtube.com 4/2 04:44:01 tw.linkedlin.com 4/2 04:44:03 onedrive.live.com 4/2 04:44:03 www.facebook.com 4/2 04:44:06 www.bing.com 4/2 04:44:10 www.youtube.com 4/2 04:44:11 tw.linkedlin.com 4/2 04:44:13 onedrive.live.com 4/2 04:44:13 www.facebook.com 4/2 04:44:16 www.bing.com 4/2 04:44:20 www.youtube.com 4/2 04:44:21 tw.linkedlin.com 4/2 04:44:23 onedrive.live.com 4/2 04:44:23 www.facebook.com 4/2 04:44:26 www.bing.com 4/2 04:44:30 www.youtube.com 4/2 04:44:31 tw.linkedlin.com For example, Table (1) is an example illustrating the results of packet parsing for DNS queries: Table (1) Timestamp Domain name 4/2 04:44:00 www.youtube.com 4/2 04:44:01 tw.linkedlin.com 4/2 04:44:03 onedrive.live.com 4/2 04:44:03 www.facebook.com 4/2 04:44:06 www.bing.com 4/2 04:44:10 www.youtube.com 4/2 04:44:11 tw.linkedlin.com 4/2 04:44:13 onedrive.live.com 4/2 04:44:13 www.facebook.com 4/2 04:44:16 www.bing.com 4/2 04:44:20 www.youtube.com 4/2 04:44:21 tw.linkedlin.com 4/2 04:44:23 onedrive.live.com 4/2 04:44:23 www.facebook.com 4/2 04:44:26 www.bing.com 4/2 04:44:30 www.youtube.com 4/2 04:44:31 tw.linkedlin.com

需說明的是,依據聯網裝置100的所處網路,其可監控的節點數可能高達上萬台,也可能少於10台,但本發明實施例不加以限制監控數量。It should be noted that, depending on the network where the networked device 100 is located, the number of nodes that can be monitored may be as high as tens of thousands, or may be less than 10, but the embodiment of the present invention does not limit the number of monitoring nodes.

接著,處理器150統計那些網路封包中對於一個或更多個網域名稱的查詢次數(步驟S330)。在一實施例中,處理器150可依據需求設定特定監聽網路封包(例如,來自使用者設備UE)的時間長度(例如,5、15、或30分鐘等)、及/或頻率(例如,每天一次、每周三次、每個月10次等),本發明不加以限制。處理器150可進一步在統計時間內(例如,15分鐘、一天、或一個月等)對各網域名稱的DNS查詢的數量加總,從而分別得出對於這些網域名稱的查詢數量。Next, the processor 150 counts the number of queries for one or more domain names in those network packets (step S330). In an embodiment, the processor 150 can set a specific time length (for example, 5, 15, or 30 minutes, etc.) and/or frequency (for example, Once a day, three times a week, 10 times a month, etc.), the present invention is not limited. The processor 150 may further add up the number of DNS queries for each domain name within a statistical time (for example, 15 minutes, one day, or one month, etc.) to obtain the number of queries for these domain names respectively.

舉例而言,表(2)是一範例說明對DNS查詢的統計結果: 表(2) 網域名稱 15分鐘的查詢次數 www.youtube.com 100 tw.linkedin.com 500 onedrive.live.com 100 www.facebook.com 20 www.bing.com 1000 For example, Table (2) is an example to illustrate the statistical results of DNS queries: Table (2) Domain name 15-minute queries www.youtube.com 100 tw.linkedin.com 500 onedrive.live.com 100 www.facebook.com 20 www.bing.com 1000

接著,處理器150依據查詢次數判斷網路流量(步驟S350)。具體而言,在多數網路行為的初始階段,用戶終端會發出DNS查詢以得到對應網路位址,並進一步依據此網路位址對遠端伺服器或其他電子裝置連線。由DNS查詢中可得知用戶終端所欲訪問的網域、網站甚至網路服務。例如,www.facebook.com是社群媒體服務,www.youtube.com是影音串流服務。此外,經實驗或數據統計結果,不同網路服務可能對應不同網路流量。基於前述層層關係,本發明實施例即是透過網域名稱查詢與網路流量的對應關係,來預估監控節點或群組的網路流量。Next, the processor 150 determines the network traffic based on the number of queries (step S350). Specifically, in the initial stage of most network behaviors, the user terminal will issue a DNS query to obtain the corresponding network address, and further connect to remote servers or other electronic devices based on the network address. The domain, website and even network service that the user terminal wants to access can be learned from the DNS query. For example, www.facebook.com is a social media service, and www.youtube.com is a video streaming service. In addition, after experiments or statistical results, different network services may correspond to different network traffic. Based on the foregoing layer-by-layer relationship, the embodiment of the present invention estimates the network traffic of the monitoring node or group by querying the corresponding relationship between the domain name and the network traffic.

在一實施例中,本發明借重人工智慧(Artificial Intelligence,AI)技術的高準確性推論的功效,並透過AI的機器學習(machine learning)技術(例如,人工神經網路(Artificial Neural Network,ANN)、決策樹(Decision tree)、或支援向量機(Support Vector Machine,SVM)等)來對網路流量的評估進行決策。處理器150可將數筆歷史網路封包(代表過去某一段時間接收的網路封包)及其實際流量作為數筆訓練樣本。相同或相似地,處理器150是解析並統計歷史網路封包中對各網域名稱的查詢次數,並統計各網域名稱對應的實際流量(自特定網域名稱接收及/或傳送的網路封包的大小總和)。處理器150基於機器學習技術使用那些訓練樣本(即,訓練集)來訓練預估模型。例如,處理器150透過誤差函數定義、特徵萃取、差異最小化、分類產生等步驟來得出預估模型。處理器150可將步驟S330統計的對各網域名稱的查詢次數輸入至此預估模型,即可得出對應網路流量。In one embodiment, the present invention relies on the high accuracy of artificial intelligence (AI) technology to infer the effect, and uses AI machine learning technology (for example, artificial neural network (Artificial Neural Network, ANN) ), decision tree (Decision tree), or Support Vector Machine (Support Vector Machine, SVM), etc.) to make decisions on the evaluation of network traffic. The processor 150 may use several historical network packets (representing network packets received in a certain period of time in the past) and their actual traffic as several training samples. Similarly or similarly, the processor 150 parses and counts the number of queries for each domain name in the historical network packets, and counts the actual traffic corresponding to each domain name (the network received and/or transmitted from the specific domain name) The total size of the packet). The processor 150 uses those training samples (ie, training set) to train the prediction model based on the machine learning technology. For example, the processor 150 obtains the prediction model through steps such as error function definition, feature extraction, difference minimization, and classification generation. The processor 150 can input the number of queries for each domain name counted in step S330 into this estimation model to obtain the corresponding network traffic.

圖4是一範例說明實際流量與預估流量的比較圖。請參照圖4,假設此預估模型是針對68個網域名稱。二月15日至二月26日間統計的查詢次數及對應實際流量作為訓練集,二月26日至四月14日期間統計的查詢次數作為驗證集的輸入。由圖中可得出,經預估模型得出的預估流量401幾乎與實際流量402重疊。訓練集的準確度幾乎是百分之百,而驗證集的準確度可高於百分之九十七(此值可能會變動且本發明不加以限制)。由此可知,現有機器學習演算法已經可提供極高的推論準確度。Figure 4 is an example illustrating the comparison between actual flow and estimated flow. Please refer to Figure 4, assuming that this estimation model is for 68 domain names. The number of queries counted from February 15 to February 26 and the corresponding actual traffic are used as the training set, and the number of queries counted from February 26 to April 14 is used as the input to the validation set. It can be drawn from the figure that the estimated flow rate 401 obtained by the prediction model almost overlaps the actual flow rate 402. The accuracy of the training set is almost 100%, and the accuracy of the verification set can be higher than 97% (this value may change and the present invention is not limited). It can be seen that the existing machine learning algorithms can already provide extremely high inference accuracy.

需說明的是,在其他實施例中,處理器150也可基於算術平均、推論統計等演算法得出查詢次數與網路流量的對應關係,並依據此對應關係來預估網路流量。It should be noted that, in other embodiments, the processor 150 may also obtain the corresponding relationship between the number of queries and the network traffic based on algorithms such as arithmetic average and inferential statistics, and estimate the network traffic based on the corresponding relationship.

在一實施例中,處理器150可取得各網域名稱的流量貢獻係數。此流量貢獻係數是對網域名稱查詢一次所對應的流量。處理器150可基於機器學習或其他演算法得出此流量貢獻係數。例如,特定網域名稱的查詢次數設定為一次,並基於前述對應關係得出網路流量。需說明的是,查詢次數也可能設定超過一次,但須對所有網域名稱的流量貢獻係數進行標準化運算。處理器150接著可分別依據這些網域名稱的流量貢獻係數判斷各網域名稱的查詢次數對應的網路流量。例如,處理器150將查詢次數乘以對應流量貢獻係數的結果作為預估的網路流量。需說明的是,在一些實施例中,前述算法可能依據需求而賦予權重、偏差(bias)或考量其他參數而有所不同。In an embodiment, the processor 150 may obtain the traffic contribution coefficient of each domain name. This traffic contribution factor is the traffic corresponding to one query of the domain name. The processor 150 may obtain the flow contribution coefficient based on machine learning or other algorithms. For example, the number of queries for a specific domain name is set to once, and network traffic is obtained based on the foregoing correspondence relationship. It should be noted that the number of queries may be set more than once, but the traffic contribution coefficient of all domain names must be standardized. The processor 150 can then determine the network traffic corresponding to the number of queries of each domain name according to the traffic contribution coefficients of these domain names. For example, the processor 150 multiplies the number of queries by the corresponding traffic contribution coefficient as the estimated network traffic. It should be noted that, in some embodiments, the aforementioned algorithm may be different depending on requirements for assigning weights, biases, or considering other parameters.

舉例而言,表(3)是一範例說明網路服務的統計資料: 網域 服務 查詢次數 .i9.ytime.com YouTube 6871 .apps-mzstatic-cdn-itunes-apple.com.akadns.net iTunes 1356 .r2---sn-45gx5unvox-u2xee.googlevideo.com YouTube 4110 .doc.google.com Google Docs 4614 .accounts.google.com Google Account(帳號) 19869 .r1—sn-45gx5nuvox-u2xee.googlevideo.com YouTube 4409 其中,預估的網路流量是流量貢獻係數乘以查詢次數的乘積。For example, Table (3) is an example to illustrate the statistics of network services: Domain service Number of queries .i9.ytime.com YouTube 6871 .apps-mzstatic-cdn-itunes-apple.com.akadns.net iTunes 1356 .r2---sn-45gx5unvox-u2xee.googlevideo.com YouTube 4110 .doc.google.com Google Docs 4614 .accounts.google.com Google Account 19869 .r1—sn-45gx5nuvox-u2xee.googlevideo.com YouTube 4409 Among them, the estimated network traffic is the product of the traffic contribution coefficient times the number of queries.

依據聯網裝置100的不同設置位置,步驟S310所接收的網路封包可能是流經接取網路、傳輸網路或核心網路。在一實施例中,處理器150可依據所有網路名稱對應的網路流量判斷流經接取網路、傳輸網路或核心網路的網路流量(即,代表所屬網路下的總網路流量)。例如,聯網裝置100處於核心網路,則處理器150將所有網域名稱對應的網路流量加總之值,即可代表核心網路的總網路流量。需說明的是,依據不同需求,特定網域名稱的網路流量可能賦予權重或偏差。而藉由預估的結果,營運商可評估此網路的設備佈建或管理組態是否合適或足夠。Depending on the location of the networked device 100, the network packet received in step S310 may flow through the access network, the transmission network, or the core network. In one embodiment, the processor 150 can determine the network traffic flowing through the access network, transmission network, or core network based on the network traffic corresponding to all network names (that is, representing the total network under the network to which it belongs). Road flow). For example, if the networked device 100 is in the core network, the processor 150 sums up the network traffic corresponding to all domain names to represent the total network traffic of the core network. It should be noted that, according to different requirements, network traffic of a specific domain name may be given weight or deviation. Based on the estimated result, the operator can evaluate whether the equipment deployment or management configuration of this network is appropriate or sufficient.

在一些實施例中,處理器150還能進一步依據路由策略預估網路節點的流量。In some embodiments, the processor 150 can further estimate the traffic of the network node according to the routing strategy.

在另一實施例中,處理器150可設定數個網路服務應用類型。例如,網路服務應用類型可以是影音串流、社群媒體、線上遊戲、購物網站等,或者是特定網路服務名稱(例如,YouTube、抖音、淘寶等)。各網域名稱可能對應到一個或更多個網路服務應用類型。例如,Facebook可能對應到社群媒體、直播串流、購物等類型。處理器150可依據一個用戶或更多個用戶(對應於使用者設備UE)對於那些網域名稱的查詢次數判斷此用戶或那些用戶使用各網路服務應用類型的對應網路流量。即,以網路服務取向,來分析各網路服務應用類型的網路流量。例如,表(3)中YouTube服務的流量總和。由於查詢次數及/或網路流量的多寡可反應用戶使用特定類型的喜好程度、或常用程度,處理器150還能進一步依據各網路服務應用類型的對應網路流量來判斷用戶所屬的網路服務應用類型。各用戶所屬的網路服務應用類型可能有一個或更多個。處理器150可依據類型分析結果來對各用戶產生類型特徵的標籤。例如,影音、購物、遊戲等標籤。以表(3)為例,YouTube的所有流量與權重之乘積所佔的比例最高,則處理器150判斷此用戶的標籤為影音用戶。藉由預估的結果,營運商可針對不同標籤的用戶額外提供諸如代理、快取伺服器來提升特定服務類型的上網體驗。In another embodiment, the processor 150 can set several network service application types. For example, the type of network service application may be video streaming, social media, online games, shopping websites, etc., or the name of a specific network service (for example, YouTube, Douyin, Taobao, etc.). Each domain name may correspond to one or more network service application types. For example, Facebook may correspond to social media, live streaming, shopping and other types. The processor 150 may determine the corresponding network traffic of each network service application type used by the user or those users according to the number of queries of those domain names by one user or more users (corresponding to the user equipment UE). That is, to analyze the network traffic of each network service application type based on the network service orientation. For example, the total traffic of YouTube services in Table (3). Since the number of queries and/or the amount of network traffic can reflect the user’s preference for a particular type or the degree of common use, the processor 150 can further determine the network to which the user belongs based on the corresponding network traffic of each network service application type. Service application type. Each user may belong to one or more types of web service applications. The processor 150 may generate a tag of the type feature for each user according to the type analysis result. For example, tags such as video, shopping, games, etc. Taking Table (3) as an example, the product of all YouTube traffic and weight accounts for the highest proportion, and the processor 150 determines that the user is tagged as an audiovisual user. Based on the estimated results, operators can provide additional services such as proxies and cache servers for users with different tags to improve the Internet experience of specific service types.

綜上所述,本發明實施例的聯網裝置及其流量預估方法,在每一層的網路,精確地預估網域名稱查詢與應用服務的網路流量之對應關係,並可進一步套用於核心網路、傳輸/IP網路,進而到接取及無線/有線網路。不僅可即時(或幾乎即時)預估每一層網路的服務流量,且可預估網路節點流量。另一方面,基於網域查詢紀錄自動對用戶產生類型特徵,並據以得出符合各用戶的標籤,以了解用戶的服務需求。藉此,可基於評估結果而進一步改善系統架構中軟硬體的管理規劃,進而改善用戶的上網體驗。In summary, the networking device and the traffic estimation method of the embodiment of the present invention accurately predict the correspondence between the domain name query and the network traffic of the application service in each layer of the network, and can be further applied to Core network, transmission/IP network, then access and wireless/wired network. Not only can the service traffic of each layer of the network be estimated in real time (or almost instantly), but also the network node traffic can be estimated. On the other hand, based on the domain query records, the type characteristics are automatically generated for the users, and the labels that meet each user are obtained accordingly to understand the service needs of the users. In this way, the management plan of the software and hardware in the system architecture can be further improved based on the evaluation result, thereby improving the user's online experience.

雖然本發明已以實施例揭露如上,然其並非用以限定本發明,任何所屬技術領域中具有通常知識者,在不脫離本發明的精神和範圍內,當可作些許的更動與潤飾,故本發明的保護範圍當視後附的申請專利範圍所界定者為準。Although the present invention has been disclosed in the above embodiments, it is not intended to limit the present invention. Anyone with ordinary knowledge in the technical field can make some changes and modifications without departing from the spirit and scope of the present invention. The scope of protection of the present invention shall be determined by the scope of the attached patent application.

100:聯網裝置 110:通訊收發器 130:儲存器 150:處理器 20:通訊系統 21:接取網路 22:傳輸/IP網路 23:核心網路 24:網際網路 UE:使用者設備 BS:基地台 S310~S350:步驟 401:預估流量 402:實際流量100: networked devices 110: Communication transceiver 130: storage 150: processor 20: Communication system 21: Access to the Internet 22: Transmission/IP network 23: core network 24: Internet UE: User Equipment BS: base station S310~S350: steps 401: Estimated traffic 402: Actual flow

圖1是依據本發明一實施例的聯網裝置的元件方塊圖。 圖2是依據本發明一實施例的通訊系統的示意圖。 圖3是依據本發明一實施例的流量預估方法的流程圖。 圖4是一範例說明實際流量與預估流量的比較圖。FIG. 1 is a block diagram of components of a networked device according to an embodiment of the invention. Fig. 2 is a schematic diagram of a communication system according to an embodiment of the invention. Fig. 3 is a flowchart of a flow estimation method according to an embodiment of the present invention. Figure 4 is an example illustrating the comparison between actual flow and estimated flow.

S310~S350:步驟 S310~S350: steps

Claims (10)

一種流量預估方法,包括: 擷取多個網路封包; 統計該些網路封包中對於至少一網域名稱(domain name)的一查詢次數;以及 依據該查詢次數判斷一網路流量。A flow estimation method, including: Capture multiple network packets; Count the number of queries for at least one domain name in the network packets; and Determine a network traffic based on the number of queries. 如申請專利範圍第1項所述的流量預估方法,其中依據該查詢次數判斷該網路流量的步驟包括: 將多個歷史網路封包及其對應實際流量作為多個訓練樣本; 基於機器學習技術使用該些訓練樣本來訓練一預估模型;以及 將該查詢次數輸入至該預估模型以得出該網路流量。For example, in the traffic estimation method described in item 1 of the scope of patent application, the step of judging the network traffic according to the number of queries includes: Take multiple historical network packets and their corresponding actual traffic as multiple training samples; Use the training samples to train a prediction model based on machine learning technology; and Input the number of queries into the estimation model to obtain the network traffic. 如申請專利範圍第1項或第2項所述的流量預估方法,其中依據該查詢次數判斷該網路流量的步驟包括: 取得每一該網域名稱的一流量貢獻係數,其中該流量貢獻係數是對該網域名稱查詢一次所對應的流量;以及 分別依據該至少一網域名稱的該流量貢獻係數判斷每一該網域名稱的該查詢次數對應的該網路流量。For example, in the traffic estimation method described in item 1 or item 2 of the scope of patent application, the steps of judging the network traffic based on the number of queries include: Obtain a traffic contribution coefficient for each domain name, where the traffic contribution coefficient is the traffic corresponding to one query for the domain name; and The network traffic corresponding to the number of queries of each domain name is determined according to the traffic contribution coefficient of the at least one domain name respectively. 如申請專利範圍第2項或第3項所述的流量預估方法,其中該些網路封包是流經一接取(access)網路、一傳輸網路及一核心網路中的一者,且依據該查詢次數判斷該網路流量的步驟包括: 依據所有該至少一網路名稱對應的該網路流量判斷流經該接取網路、該傳輸網路或該核心網路的該網路流量。Such as the traffic estimation method described in item 2 or item 3 of the scope of the patent application, wherein the network packets flow through one of an access network, a transmission network and a core network , And the steps for judging the network traffic based on the number of queries include: Determine the network traffic flowing through the access network, the transmission network or the core network based on all the network traffic corresponding to the at least one network name. 如申請專利範圍第2項或第3項所述的流量預估方法,其中依據該查詢次數判斷該網路流量的步驟包括: 設定多個網路服務應用類型,其中每一該網域名稱至少對應於一該網路服務應用類型; 依據一用戶對於該至少一網域名稱的該查詢次數判斷該用戶使用每一該網路服務應用類型的對應該網路流量;以及 依據每一該網路服務應用類型的對應該網路流量判斷該用戶所屬的一該網路服務應用類型。For example, in the method of traffic estimation described in item 2 or item 3 of the scope of patent application, the steps of judging the network traffic based on the number of queries include: Set multiple network service application types, where each domain name corresponds to at least one network service application type; Judging the corresponding network traffic of each network service application type used by the user according to the number of queries made by a user for the at least one domain name; and According to the corresponding network traffic of each network service application type, a network service application type to which the user belongs is determined. 一種聯網裝置,包括: 一通訊收發器,接收多個網路封包;以及 一處理器,耦接該通訊收發器,並經配置用以執行: 擷取該些網路封包; 統計該些網路封包中對於至少一網域名稱的一查詢次數;以及 依據該查詢次數判斷一網路流量。A networking device includes: A communication transceiver that receives multiple network packets; and A processor, coupled to the communication transceiver, and configured to execute: Capture these network packets; Count the number of queries for at least one domain name in the network packets; and Determine a network traffic based on the number of queries. 如申請專利範圍第6項所述的聯網裝置,其中該處理器經配置用以執行: 將多個歷史網路封包及其對應實際流量作為多個訓練樣本; 基於機器學習技術使用該些訓練樣本來訓練一預估模型;以及 將該查詢次數輸入至該預估模型以得出該網路流量。The networked device described in claim 6 wherein the processor is configured to execute: Take multiple historical network packets and their corresponding actual traffic as multiple training samples; Use the training samples to train a prediction model based on machine learning technology; and Input the number of queries into the estimation model to obtain the network traffic. 如申請專利範圍第6項或第7項所述的聯網裝置,其中該處理器經配置用以執行: 取得每一該網域名稱的一流量貢獻係數,其中該流量貢獻係數是對該網域名稱查詢一次所對應的流量;以及 分別依據該至少一網域名稱的該流量貢獻係數判斷每一該網域名稱的該查詢次數對應的該網路流量。Such as the networked device described in item 6 or item 7 of the scope of patent application, wherein the processor is configured to execute: Obtain a traffic contribution coefficient for each domain name, where the traffic contribution coefficient is the traffic corresponding to one query for the domain name; and The network traffic corresponding to the number of queries of each domain name is determined according to the traffic contribution coefficient of the at least one domain name respectively. 如申請專利範圍第7項或第8項所述的聯網裝置,其中該些網路封包是流經一接取網路、一傳輸網路及一核心網路中的一者,且該處理器經配置用以執行: 依據所有該至少一網路名稱對應的該網路流量判斷流經該接取網路、該傳輸網路或該核心網路的該網路流量。For example, the networked device described in item 7 or item 8 of the scope of patent application, wherein the network packets flow through one of an access network, a transmission network, and a core network, and the processor Configured to execute: Determine the network traffic flowing through the access network, the transmission network or the core network based on all the network traffic corresponding to the at least one network name. 如申請專利範圍第7項或第8項所述的聯網裝置,其中該處理器經配置用以執行: 設定多個網路服務應用類型,其中每一該網域名稱至少對應於一該網路服務應用類型; 依據一用戶對於該至少一網域名稱的該查詢次數判斷該用戶使用每一該網路服務應用類型的對應該網路流量;以及 依據每一該網路服務應用類型的對應該網路流量判斷該用戶所屬的一該網路服務應用類型。Such as the networked device described in item 7 or item 8 of the scope of patent application, wherein the processor is configured to execute: Set multiple network service application types, where each domain name corresponds to at least one network service application type; Judging the corresponding network traffic of each network service application type used by the user according to the number of queries made by a user for the at least one domain name; and According to the corresponding network traffic of each network service application type, a network service application type to which the user belongs is determined.
TW108142511A 2019-06-21 2019-11-22 Network connected apparatus and traffic estimation method thereof TWI718778B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
US16/891,083 US11316772B2 (en) 2019-06-21 2020-06-03 Network connected device and traffic estimation method thereof

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
US201962864507P 2019-06-21 2019-06-21
US62/864,507 2019-06-21

Publications (2)

Publication Number Publication Date
TW202101944A true TW202101944A (en) 2021-01-01
TWI718778B TWI718778B (en) 2021-02-11

Family

ID=72603202

Family Applications (2)

Application Number Title Priority Date Filing Date
TW108142511A TWI718778B (en) 2019-06-21 2019-11-22 Network connected apparatus and traffic estimation method thereof
TW108215511U TWM598572U (en) 2019-06-21 2019-11-22 Network connected apparatus and communication system

Family Applications After (1)

Application Number Title Priority Date Filing Date
TW108215511U TWM598572U (en) 2019-06-21 2019-11-22 Network connected apparatus and communication system

Country Status (1)

Country Link
TW (2) TWI718778B (en)

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114416972B (en) * 2021-12-10 2022-10-14 厦门市世纪网通网络服务有限公司 DGA domain name detection method based on density improvement unbalance sample

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US9473364B2 (en) * 2014-01-06 2016-10-18 Cisco Technology, Inc. Learning machine-based granular segment/path characteristic probing technique

Also Published As

Publication number Publication date
TWI718778B (en) 2021-02-11
TWM598572U (en) 2020-07-11

Similar Documents

Publication Publication Date Title
JP7178646B2 (en) Network security monitoring method, network security monitoring device and system
Wang et al. A smart home gateway platform for data collection and awareness
Zhang et al. Understanding the characteristics of cellular data traffic
US9282012B2 (en) Cognitive data delivery optimizing system
US10326848B2 (en) Method for modeling user behavior in IP networks
US8656284B2 (en) Method for determining a quality of user experience while performing activities in IP networks
US10530671B2 (en) Methods, systems, and computer readable media for generating and using a web page classification model
US8838820B2 (en) Method for embedding meta-commands in normal network packets
Mangla et al. VideoNOC: Assessing video QoE for network operators using passive measurements
CN109818820A (en) Data on flows monitoring method, device, electronic equipment and storage medium
US11316772B2 (en) Network connected device and traffic estimation method thereof
Umoren et al. Methodical Performance Modelling of Mobile Broadband Networks with Soft Computing Model
TWI718778B (en) Network connected apparatus and traffic estimation method thereof
Li et al. Cellular smartphone traffic and user behavior analysis
Middleton et al. Scalable classification of QoS for real-time interactive applications from IP traffic measurements
Manzoor et al. The curious case of parallel connections in http/2
Aouini et al. Towards understanding residential internet traffic: From packets to services
EP2605480B1 (en) Apparatus and method for HTTP analysis
AT&T
Goleva et al. 3G network traffic sources measurement and analysis
Sawabe et al. Data diet pills: in-network video quality control system for traffic usage reduction
Sahni et al. Real time monitoring and analysis of available bandwidth in cellular network-using big data analytics
Al-Shehri et al. Metrics for broadband networks in the context of the digital economies
Xiaolin et al. Fine-grained analysis of cellular smartphone usage characteristics based on massive network traffic
Torres et al. A popularity-aware method for discovering server IP addresses related to websites