WO2009089701A1 - Procédé et système d'inspection de paquet - Google Patents

Procédé et système d'inspection de paquet Download PDF

Info

Publication number
WO2009089701A1
WO2009089701A1 PCT/CN2008/072525 CN2008072525W WO2009089701A1 WO 2009089701 A1 WO2009089701 A1 WO 2009089701A1 CN 2008072525 W CN2008072525 W CN 2008072525W WO 2009089701 A1 WO2009089701 A1 WO 2009089701A1
Authority
WO
WIPO (PCT)
Prior art keywords
data packet
detection
policy
packet
module
Prior art date
Application number
PCT/CN2008/072525
Other languages
English (en)
Chinese (zh)
Inventor
Peilin Yang
Rong ZOU
Original Assignee
Huawei Technologies Co., Ltd.
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Huawei Technologies Co., Ltd. filed Critical Huawei Technologies Co., Ltd.
Publication of WO2009089701A1 publication Critical patent/WO2009089701A1/fr

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L43/00Arrangements for monitoring or testing data switching networks
    • H04L43/02Capturing of monitoring data
    • H04L43/026Capturing of monitoring data using flow identification

Definitions

  • the embodiments of the present invention relate to network security technologies, and in particular, to a packet detection method and system. Background technique
  • IP networks are gradually carrying a single Internet service to carry data, voice, video, large customer lines, 3G, Next Generation Network (hereinafter referred to as NGN).
  • IP Multimedia Subsystem IP Multimedia Subsystem
  • IPTV Internet Protocol Television
  • IP networks are safe and reliable. There will also be fundamental changes in the quality of business and business services.
  • P2P peer-to-peer
  • online games Internet TV and other emerging services
  • P2P cross-domain traffic occupies 80% of the bandwidth in the trunk line.
  • most of the bandwidth of the network is occupied by a small number of users, and these users do not pay the corresponding cost overhead.
  • it affects the network quality of most other users, causing different degrees of congestion on the network and greatly reducing the user experience of other applications.
  • the main reason for the above phenomenon is that the operator lacks an effective control and zone for the user.
  • the operator does not know what the user is doing on the Internet, nor does it provide a different quality of service and service level guarantee for different users.
  • a new technology means deep packet inspection (Deep Packet Inspection, hereinafter referred to as DPI) and Deep/Dynamic Flow Inspection (DFI), which can sense network applications and provide operators with operators. Provides means of network control and management.
  • the so-called "depth” is compared with the detection level of ordinary messages.
  • the normal message detection only detects the content below the 4th layer of the IP packet, including the source address, the destination address, the source port, the destination port, and the service type, and the DPI.
  • /DFI also adds application layer detection, which can identify various applications and their contents, and control and manage them.
  • FIG. 1 it is a schematic diagram of a system for performing DPI detection in a series manner in the prior art.
  • a DPI/DFI detection device is located between an aggregation layer and an access layer, and may also be deployed in an aggregation layer and an IP.
  • MPLS Multiprotocol Label Switch
  • FIG. 2 it is a schematic diagram of a system for performing DPI detection in parallel in the prior art.
  • the DPI/DFI detection device is hanged beside the network access server (hereinafter referred to as NAS). It can also be hanged next to other network devices according to the actual situation of the network. All packets entering or accessing the access network need to pass through the NAS.
  • the NAS copies the packets to the DPI/DFI detection device for detection.
  • the packet continues to enter the access network or is sent from the access network, and is not affected.
  • the DPI/DFI detection device recognizes the illegal service, it drops into the access network through the NAS or leaves. A packet of an illegal service that accesses the network. Summary of the invention
  • the embodiment of the invention provides a packet detection method and system, which can detect packets in a hierarchical manner, can meet the requirements of real-time services, and prevent the DPI/DFI detection device from becoming a bottleneck for message forwarding.
  • the embodiment of the invention provides a packet detection method, including:
  • the embodiment of the invention further provides a packet detection method, including:
  • the embodiment of the invention further provides a packet detection method, including:
  • the data packet When the data packet satisfies the detection policy, it is determined according to the configuration policy whether the data packet needs to be copied, and if so, the data packet is copied, and the copied data packet is detected according to the deep-level detection policy.
  • the embodiment of the invention provides a message detection system, including:
  • a detecting module configured to detect the received data packet according to the detection policy
  • a forwarding module configured to forward the data packet when the data packet meets the detection policy
  • a determining module configured to determine, according to the configuration policy, whether to copy the data packet
  • a copying module configured to: when it is determined that the data packet needs to be copied, copy the data packet
  • the deep layer detecting module is configured to detect the copied data packet according to the deep layer detection policy.
  • the embodiment of the invention further provides a message detection system, including:
  • a detecting module configured to detect the received data packet according to the detection policy
  • a copying module configured to: when the data packet meets the detection policy, copy the data packet;
  • a deep detection module configured to detect a copied data packet according to a deep-level detection policy
  • a determining module configured to determine, according to the configuration policy, whether to forward the data packet
  • a forwarding module configured to forward the data packet when determining to forward the data packet.
  • the embodiment of the invention further provides a message detection system, including:
  • a detecting module configured to detect the received data packet according to the detection policy
  • a determining module configured to determine, according to the configuration policy, whether to copy the data packet when the data packet meets the detection policy
  • a copying module configured to: when it is determined that the data packet needs to be copied, copy the data packet; and the deep-level detection module is configured to detect the copied data packet according to the deep-level detection policy.
  • the method and system for detecting a packet according to the embodiment of the present invention firstly detects a data packet according to the detection policy, and further detects the data packet according to the deep-layer policy, thereby implementing hierarchical detection of the data packet, and solving the data packet detection and fast.
  • the balance between data packet forwarding performance meets the requirements of real-time services, which avoids the DPI/DFI detection device becoming the bottleneck of packet forwarding, and realizes the network operator's perception and control functions.
  • FIG. 1 is a schematic diagram of a system for performing DPI detection in a series manner in the prior art
  • FIG. 2 is a schematic diagram of a system for performing DPI detection in a parallel manner in the prior art
  • FIG. 3 is a schematic diagram of a network architecture according to an embodiment of the present invention
  • FIG. 4 is a flowchart of a message detecting method according to an embodiment of the present invention
  • FIG. 5 is a flowchart of a packet detecting method according to Embodiment 2 of the present invention.
  • FIG. 6 is a flowchart of a method for detecting a packet according to Embodiment 3 of the present invention.
  • FIG. 7 is a schematic diagram of a message detection system according to an embodiment of the present invention.
  • FIG. 8 is a schematic diagram of a message detecting system according to Embodiment 2 of the present invention.
  • FIG. 9 is a schematic diagram of an NGN network architecture based on data packet detection according to an embodiment of the present invention
  • FIG. 10 is a schematic diagram of a packet detection system according to Embodiment 3 of the present invention. detailed description
  • the DPI detection scheme is performed in series, and all the packets pass the DPI/DFI detection device, resulting in the DPI/DFI detection device. It becomes the bottleneck of packet forwarding, which causes transmission delay, especially for real-time services.
  • the detection policy is not flexible, and it is impossible to deploy detection policies according to network conditions and dynamic requirements.
  • the DPI detection scheme is implemented in parallel. Because the DPI/DFI detection device is connected to the network, the real-time control capability of the service is weak, which reduces the control effect.
  • the detection strategy is not flexible, and the detection cannot be deployed according to the network conditions and dynamic requirements. Strategy.
  • FIG. 3 it is a schematic diagram of a network architecture according to an embodiment of the present invention.
  • the network includes a user terminal, an access network, a NAS, an internal measurement and control module, and an IP/MPLS backbone network, where the NAS includes a flow detection module.
  • the method is configured to detect a data packet according to the detection policy
  • the content detection and control module is configured to detect the data packet according to the deep detection policy.
  • the content detection and control module pre-configures the detection policy and the deep-level detection policy, and specifically includes the following steps:
  • Step 1 Detect the received data packet according to the detection policy.
  • the NAS receives the data packet, and the flow detection module detects the data packet according to the detection policy.
  • Step 2 When the data packet meets the detection policy, determine whether the data packet needs to be copied according to the configuration policy, and if yes, perform step 3;
  • the configuration policy can be a policy configured by the operator according to the network operation.
  • the pre-configuration determines whether the deep detection is required when the data packet meets the detection policy.
  • Step 3 Copy the data packet.
  • Step 4 Detecting the copied data packet according to the deep-level detection strategy; specifically, the content detection and control module detects the copied data packet according to the deep-level detection strategy.
  • the packet detection and related policies are distributed to different functional entities, and the packets are detected at different levels, which solves the problem of balance between data packet detection and fast data packet forwarding performance, and satisfies the real-time service.
  • the requirement avoids the DPI/DFI detection device becoming the bottleneck of packet forwarding, and can control and manage the service flow, and realize the network operator's perception and control function for the service.
  • the content detection and control module pre-configures the detection policy and the deep-level detection strategy. Specifically, the content detection and control module configures a deep-level detection policy internally according to the needs of the operation, and configures the NAS for the NAS. Detection strategy.
  • the detection policy can be a quintuple (source address, sink address, source port, sink port, and protocol type) and a traffic characteristic model (such as packet length, connection rate, transmission byte amount, packet interval, etc.)
  • the detection strategy can be a five-tuple and a service agreement basic feature word strategy.
  • Step 1 01 The NAS receives the data packet.
  • Step 1 02 The flow detection module detects the data packet according to the detection policy, and if the data packet does not satisfy the detection policy, step 106 is performed; otherwise, step 103 is performed;
  • Step 1 03 Forward the data packet according to the normal process, determine whether to copy the data packet according to the configuration policy, and if yes, perform step 104;
  • the configuration policy may be a policy configured by the operator according to network operation conditions, and the The configuration determines whether further deep detection is required when the data packet meets the detection policy.
  • Step 104 The data packet is copied, and the content detection and control module detects the copied data packet according to the deep-level detection policy. If the data packet meets the deep-level detection policy, step 105 is performed; otherwise, step 106 is performed;
  • Step 105 Processing the next data packet, and ending;
  • Step 106 Send an alarm notification to discard the data packet.
  • the flow detection module detects a data packet that is not normally transmitted by the quintuple; or, when the user uses the voice service, the flow detection module detects that the packet length of the data packet is 400 bytes (usually the packet length of the voice service data packet is about 150 bytes), and the duration is very long, indicating that the data packet is not a voice service packet; or, when the user watches the IPTV service stream, the flow detection The module detects the real-time transport protocol (Rea lt ime Transpor t Protocol, hereinafter referred to as RTP) service protocol basic feature word, but the feature word of other services; the stream detection module can write the data packet In the blacklist, the flow detection module may send an alarm notification to the NAS, and the NAS directly discards the data packet. Alternatively, the flow detection module reduces the priority of the data packet, and during the processing of the data packet, the priority is prioritized. The data packets of the highest level will be processed first.
  • RTP real-time transport protocol
  • the internal detection and control module sends an alarm notification to the NAS; the NAS discards the data packet according to the alarm notification; for example, when the user watches the IPTV service flow, the internal detection and the The control module detects that the IPTV service stream to which the packet belongs has no copyright or is an illegal service flow packet, and notifies the NAS to discard the data packet sent from the quintuple.
  • the content detection and control module may further classify the data packet according to the result of the deep detection policy detection, and perform traffic management on the data packet, where the traffic management may include management and scheduling of the data packet queue, and Supervision and shaping of data packet traffic.
  • the packet detection and related policies are distributed to different functional entities, and the packets are detected at different levels, which solves the problem of balance between data packet detection and fast data packet forwarding performance, and satisfies the real-time service.
  • the need to avoid the DPI/DFI detection device becomes the bottleneck of packet forwarding. It can also control and manage the service flow, and realize the network operator's perception and control functions.
  • FIG. 6 which is a flowchart of a packet detection method according to Embodiment 3 of the present invention, before performing the steps in this embodiment, a detection policy and a deep detection strategy need to be configured. Specifically, the content detection and control module is operated according to the operation.
  • the detection policy can be a quintuple (source address, sink address, source port, sink port, and protocol type) and a traffic characteristic model (such as packet length, connection rate, transmission byte amount, packet interval, etc.)
  • the detection strategy can be a five-tuple and a service agreement basic feature word strategy.
  • Step 201 The NAS receives the data packet.
  • Step 202 The flow detection module detects the data packet according to the detection policy. If the data packet does not satisfy the detection policy, step 206 is performed; otherwise, step 203 is performed;
  • Step 203 Copy the data packet, and the content detection and control module detects the copied data packet according to the deep-level detection policy. If the data packet satisfies the deep-level detection policy, step 204 is performed;
  • Step 204 Determine, according to the configuration policy, whether to forward the data packet, and if yes, perform the step.
  • the configuration policy may be a policy configured by the operator according to the network operation, and may be configured to determine whether the data packet needs to be forwarded when the data packet satisfies the detection policy, or may be determined by using the result of the deep-level detection policy, for example,
  • the configuration policy can be set to: When the data packet meets the deep detection policy, the data packet is forwarded.
  • Step 205 Forward the data packet, and end
  • Step 206 Send an alarm notification, discard the data packet, and end.
  • the flow detection module detects a data packet that is not normally transmitted by the quintuple; or, when the user uses the voice service, the flow detection module detects that the packet length of the data packet is 400 bytes (usually the voice service data packet has a packet length of about 150 bytes) The above, and the duration is very long, indicating that the data packet is not a voice service packet; or, when the user views the IPTV service stream, the stream detection module detects the basic feature word of the RTP service protocol that is not required for the IPTV, but other services.
  • the stream detection module can write the data packet to the blacklist. Further, the stream detection module can send an alarm notification to the NAS, and the NAS directly discards the data packet. Alternatively, the stream detection module reduces the data. Priority of the packet. During the processing of the data packet, the data packet with the highest priority will be processed first.
  • the internal detection and control module sends an alarm notification to the NAS; the NAS discards the data packet according to the alarm notification; for example, when the user watches the IPTV service flow, the internal detection and the The control module detects that the IPTV service stream to which the packet belongs has no copyright or is an illegal service flow packet, and notifies the NAS to discard the data packet sent from the quintuple.
  • the content detection and control module may further classify the data packet according to the result of the deep detection policy detection, and perform traffic management on the data packet, where the traffic management may include management and scheduling of the data packet queue, and Supervision and shaping of data packet traffic.
  • the packet detection and related policies are distributed to different functional entities, and the packets are detected at different levels, which solves the problem of balance between data packet detection and fast data packet forwarding performance, and satisfies the real-time service.
  • the requirement avoids the DPI/DFI detection device becoming the bottleneck of packet forwarding, and can control and manage the service flow, and realize the network operator's perception and control function for the service.
  • a schematic diagram of a packet detection system includes: a detection module 1 configured to detect a received data packet according to a detection policy; and a determination module 2 configured to: when the data packet satisfies When detecting the policy, determining whether to copy the data packet according to the configuration policy; the copying module 3 is configured to: when determining that the data packet needs to be copied, copying the data packet; and the deep detection module 4 is configured to detect the replication according to the deep detection policy.
  • Data message As shown in FIG. 7, a schematic diagram of a packet detection system according to an embodiment of the present invention includes: a detection module 1 configured to detect a received data packet according to a detection policy; and a determination module 2 configured to: when the data packet satisfies When detecting the policy, determining whether to copy the data packet according to the configuration policy; the copying module 3 is configured to: when determining that the data packet needs to be copied, copying the data packet; and the deep detection module 4 is configured to detect the replication according to the deep detection policy. Data message.
  • a schematic diagram of a packet detection system includes: a detection module 11 configured to detect a received data packet according to a detection policy; and a forwarding module 12 configured to be used as the datagram When the file satisfies the detection policy, the data packet is forwarded; the determining module 13 is configured to determine whether to copy the data packet according to the configuration policy; and the copying module 14 is configured to: when determining that the data packet needs to be restored When the data message is processed, the data message is copied; the deep level detecting module 15 is configured to detect the copied data message according to the deep level detection policy.
  • the embodiment may further include: a configuration module 16 configured to configure the detection policy and the deep-level detection policy; the alarm module 17 is configured to: when the data packet does not satisfy the detection policy, or when When the copied data packet does not satisfy the deep detection policy, the alarm notification is sent; the processing module 18 is configured to: when the data packet does not satisfy the detection policy, write the data packet into the blacklist;
  • the processing module may include a discarding module, configured to discard the data packet in the blacklist according to the alarm notification, and may further include a priority module, configured to reduce the priority of the data packet in the blacklist. level.
  • FIG. 9 a schematic diagram of an NGN network architecture based on data packet detection according to an embodiment of the present invention, where a detection module is located at a network transmission layer, and in a device that accesses a network and an IP/MPLS backbone network, is subjected to a deep detection module.
  • the control mainly performs basic identification on data packets, and reports various traffic information to the deep detection module.
  • the deep detection module is located at the network control layer of the network transport layer, and further may be part of the network attachment control system and/or the resource admission control system, or may be used as an internal measurement and control system alone in the network control layer, independent of Current network attachment control systems and resource admission control systems.
  • the deep detection module is mainly used for deep detection and content identification of data packets; configuring detection strategies for detection modules in the NAS; providing control functions for the detection modules; providing traffic management control, and optimizing reports according to network needs
  • the file is forwarded to ensure the quality of service of the data packet.
  • This embodiment solves the problem of balance between packet detection and fast data forwarding performance. It not only satisfies the requirements of real-time services, but also prevents DPI/DFI detection equipment from becoming a bottleneck for packet forwarding, and can control and manage service flows. , realizes the network operator's perception and control functions for the business.
  • a schematic diagram of a packet detection system includes: a detection module 21, configured to detect a received data packet according to a detection policy; and a replication module 22, configured to: when the datagram is used When the text satisfies the detection policy, the data packet is copied; the deep detection module 23, The determining module 24 is configured to determine whether to forward the data packet according to the configuration policy, and the forwarding module 25 is configured to: when determining to forward the data packet, forward the Data message.
  • the embodiment may further include: a configuration module 26, configured to configure the detection policy and the deep-level detection policy; and an alarm module 27, configured to: when the data packet does not satisfy the detection policy, or when When the copied data packet does not satisfy the deep detection policy, the alarm notification is sent; the processing module 28 is configured to: when the data packet does not satisfy the detection policy, write the data packet into the blacklist.
  • the processing module may include a discarding module, configured to discard the data packet in the blacklist according to the alarm notification, and may further include a priority module, configured to reduce the priority of the data packet in the blacklist. level.
  • the detection module 21 can be located in the network transmission layer, and the deep level detection module 23 is located in the network control layer, which is the same as described in the message detection system of the first embodiment of the present invention.
  • This embodiment solves the problem of balance between packet detection and fast data forwarding performance. It not only satisfies the requirements of real-time services, but also prevents DPI/DFI detection equipment from becoming a bottleneck for packet forwarding, and can control and manage service flows. , realizes the network operator's perception and control functions for the business.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

L'invention porte sur un procédé et un système d'inspection de paquet. Le procédé comprend les opérations consistant à : inspecter un paquet de données reçu conformément à une politique d'inspection ; transmettre le paquet de données lorsque le paquet de données satisfait la politique d'inspection ; déterminer si le paquet de données doit être copié ou non conformément à une politique de configuration, si oui, copier le paquet de données et inspecter le paquet de données copié conformément à une politique d'inspection en profondeur. Un autre procédé comprend les opérations consistant à : inspecter un paquet de données reçu conformément à une politique d'inspection ; copier le paquet de données et inspecter le paquet de données copié si le paquet de données satisfait la politique d'inspection ; déterminer si le paquet de données doit être transmis ou non, si oui, transmettre le paquet de données. En conséquence, l'exigence de service d'exécution est satisfaite. Il est évité qu'un dispositif d'inspection DPI/DFI ne devienne un goulot d'étranglement de transmission de paquet. Une fonction de perception et de contrôle de service par opérateur réseau est réalisée.
PCT/CN2008/072525 2008-01-16 2008-09-25 Procédé et système d'inspection de paquet WO2009089701A1 (fr)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN200810056265.8 2008-01-16
CNA2008100562658A CN101488946A (zh) 2008-01-16 2008-01-16 报文检测方法及系统

Publications (1)

Publication Number Publication Date
WO2009089701A1 true WO2009089701A1 (fr) 2009-07-23

Family

ID=40885062

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2008/072525 WO2009089701A1 (fr) 2008-01-16 2008-09-25 Procédé et système d'inspection de paquet

Country Status (2)

Country Link
CN (1) CN101488946A (fr)
WO (1) WO2009089701A1 (fr)

Cited By (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102025623A (zh) * 2010-12-07 2011-04-20 苏州迈科网络安全技术股份有限公司 智能化网络流控方法
CN102868638A (zh) * 2012-08-16 2013-01-09 苏州迈科网络安全技术股份有限公司 动态调整带宽方法及系统
CN103152277A (zh) * 2011-12-07 2013-06-12 北京网康科技有限公司 一种提高网络流量控制性能的方法及其设备
CN105743681A (zh) * 2014-12-12 2016-07-06 国家电网公司 一种过程层通信网络的时延可视化分析方法及系统
US10003614B2 (en) 2013-09-23 2018-06-19 Zte Corporation Method, device, and storage medium for deep packet inspection control
CN109275045A (zh) * 2018-09-06 2019-01-25 东南大学 基于dfi的移动端加密视频广告流量识别方法
US10673898B2 (en) 2010-08-25 2020-06-02 International Business Machines Corporation Two-tier deep analysis of HTML traffic

Families Citing this family (13)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101986609A (zh) * 2009-07-29 2011-03-16 中兴通讯股份有限公司 一种实现网络流量清洗的方法及系统
CN101997826A (zh) * 2009-08-28 2011-03-30 中兴通讯股份有限公司 一种控制网元、转发网元及因特网协议网络的路由方法
CN101741744B (zh) * 2009-12-17 2011-12-14 东南大学 一种网络流量识别方法
CN101764754B (zh) * 2009-12-28 2012-07-25 东南大学 基于dpi和dfi的业务识别系统中的样本获取方法
CN103096166B (zh) * 2011-10-18 2017-07-11 南京中新赛克科技有限责任公司 一种iptv前端监控系统与方法
CN103888307B (zh) * 2012-12-20 2017-11-17 中国电信股份有限公司 用于优化深度包检测的方法、用户侧板卡和宽带接入网关
CN103237039A (zh) * 2013-05-10 2013-08-07 汉柏科技有限公司 一种报文转发方法及设备
CN103618641B (zh) * 2013-11-25 2017-01-11 北京邮电大学 一种基于众核网络处理器并可快速部署的数据包检测监控系统
CN103607354B (zh) * 2013-11-26 2016-09-07 中国联合网络通信集团有限公司 一种流量控制方法、dpi设备及系统
CN105406977A (zh) * 2014-09-01 2016-03-16 中兴通讯股份有限公司 深度包检测的实现方法及装置
CN106507414B (zh) * 2016-10-12 2020-02-11 杭州迪普科技股份有限公司 报文转发方法及装置
CN107172107B (zh) * 2017-07-24 2019-08-13 中国人民解放军信息工程大学 一种区分业务流早期回传的透明管控方法及设备
CN111817917B (zh) * 2020-07-03 2021-12-24 中移(杭州)信息技术有限公司 一种深度包检测的方法、装置、服务器及存储介质

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1801854A (zh) * 2004-12-21 2006-07-12 朗迅科技公司 不想要的消息(垃圾消息)的检测
WO2006108281A1 (fr) * 2005-04-13 2006-10-19 Zeugma Systems Canada, Inc. Architecture d'element de reseau permettant une inspection des paquets en profondeur
CN1937623A (zh) * 2006-10-18 2007-03-28 华为技术有限公司 一种控制网络业务的方法及系统
CN1996892A (zh) * 2006-12-25 2007-07-11 杭州华为三康技术有限公司 网络攻击检测方法及装置
CN101056222A (zh) * 2007-05-17 2007-10-17 华为技术有限公司 一种深度报文检测方法、网络设备及系统

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1801854A (zh) * 2004-12-21 2006-07-12 朗迅科技公司 不想要的消息(垃圾消息)的检测
WO2006108281A1 (fr) * 2005-04-13 2006-10-19 Zeugma Systems Canada, Inc. Architecture d'element de reseau permettant une inspection des paquets en profondeur
CN1937623A (zh) * 2006-10-18 2007-03-28 华为技术有限公司 一种控制网络业务的方法及系统
CN1996892A (zh) * 2006-12-25 2007-07-11 杭州华为三康技术有限公司 网络攻击检测方法及装置
CN101056222A (zh) * 2007-05-17 2007-10-17 华为技术有限公司 一种深度报文检测方法、网络设备及系统

Cited By (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US10673898B2 (en) 2010-08-25 2020-06-02 International Business Machines Corporation Two-tier deep analysis of HTML traffic
US10673897B2 (en) 2010-08-25 2020-06-02 International Business Machines Corporation Two-tier deep analysis of HTML traffic
CN102025623A (zh) * 2010-12-07 2011-04-20 苏州迈科网络安全技术股份有限公司 智能化网络流控方法
CN102025623B (zh) * 2010-12-07 2013-03-20 苏州迈科网络安全技术股份有限公司 智能化网络流控方法
CN103152277A (zh) * 2011-12-07 2013-06-12 北京网康科技有限公司 一种提高网络流量控制性能的方法及其设备
CN102868638A (zh) * 2012-08-16 2013-01-09 苏州迈科网络安全技术股份有限公司 动态调整带宽方法及系统
US10003614B2 (en) 2013-09-23 2018-06-19 Zte Corporation Method, device, and storage medium for deep packet inspection control
CN105743681A (zh) * 2014-12-12 2016-07-06 国家电网公司 一种过程层通信网络的时延可视化分析方法及系统
CN105743681B (zh) * 2014-12-12 2019-04-05 国家电网公司 一种过程层通信网络的时延可视化分析方法及系统
CN109275045A (zh) * 2018-09-06 2019-01-25 东南大学 基于dfi的移动端加密视频广告流量识别方法
CN109275045B (zh) * 2018-09-06 2020-12-25 东南大学 基于dfi的移动端加密视频广告流量识别方法

Also Published As

Publication number Publication date
CN101488946A (zh) 2009-07-22

Similar Documents

Publication Publication Date Title
WO2009089701A1 (fr) Procédé et système d'inspection de paquet
Baker et al. IETF recommendations regarding active queue management
CN100474819C (zh) 一种深度报文检测方法、网络设备及系统
US8149705B2 (en) Packet communications unit
US7764612B2 (en) Controlling access to a host processor in a session border controller
JP4122232B2 (ja) インテリジェント配信に関するネットワークサービスレベルを保証するシステム及び方法
KR101172491B1 (ko) 네트워크의 서비스 품질을 향상시키는 시스템 및 방법
US8392991B2 (en) Proactive test-based differentiation method and system to mitigate low rate DoS attacks
TW201032542A (en) Network intrusion protection
US10637792B2 (en) Real-time analysis of quality of service for multimedia traffic in a local area network
WO2008046326A1 (fr) Procédé et système de contrôle de service de réseau
WO2017143897A1 (fr) Procédé, dispositif, et système de gestion d'attaques
US9942161B1 (en) Methods and systems for configuring and updating session-based quality of service for multimedia traffic in a local area network
JP5177366B2 (ja) サービス提供システム、フィルタリング装置、及びフィルタリング方法
WO2011012004A1 (fr) Procédé et système permettant de réaliser un nettoyage d'un flux réseau
KR101211147B1 (ko) 네트워크 검사 시스템 및 그 제공방법
WO2022057647A1 (fr) Procédé, système et dispositif de traitement de paquets
US7870285B2 (en) Mitigating subscriber side attacks in a cable network
Fowler et al. Impact of denial of service solutions on network quality of service
KR101466895B1 (ko) VoIP 불법 검출 방법, 이를 수행하는 VoIP 불법 검출 장치 및 이를 저장하는 기록매체
Wahanani et al. Performance analysis of video on demand and video streaming on the network MPLS Traffic Engineering
KR101003505B1 (ko) 망 부하에 따른 트래픽의 동적 제어방법 및 그 장치
WO2023045865A1 (fr) Procédé et appareil d'émission de route de spécification de flux (flowspec) de bgp, et support de stockage, et dispositif électronique
Rodríguez‐Pérez et al. An OAM function to improve the packet loss in MPLS‐TP domains for prioritized QoS‐aware services
WO2022199316A1 (fr) Procédé et appareil de commande, et dispositif informatique

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 08800996

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 08800996

Country of ref document: EP

Kind code of ref document: A1