WO2015085850A1 - Application identification method and device - Google Patents

Application identification method and device Download PDF

Info

Publication number
WO2015085850A1
WO2015085850A1 PCT/CN2014/091494 CN2014091494W WO2015085850A1 WO 2015085850 A1 WO2015085850 A1 WO 2015085850A1 CN 2014091494 W CN2014091494 W CN 2014091494W WO 2015085850 A1 WO2015085850 A1 WO 2015085850A1
Authority
WO
WIPO (PCT)
Prior art keywords
domain name
application
address
server
dns
Prior art date
Application number
PCT/CN2014/091494
Other languages
French (fr)
Chinese (zh)
Inventor
段海峰
Original Assignee
华为技术有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 华为技术有限公司 filed Critical 华为技术有限公司
Publication of WO2015085850A1 publication Critical patent/WO2015085850A1/en

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L61/00Network arrangements, protocols or services for addressing or naming
    • H04L61/45Network directories; Name-to-address mapping
    • H04L61/4505Network directories; Name-to-address mapping using standardised directories; using standardised directory access protocols
    • H04L61/4511Network directories; Name-to-address mapping using standardised directories; using standardised directory access protocols using domain name system [DNS]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L61/00Network arrangements, protocols or services for addressing or naming
    • H04L61/45Network directories; Name-to-address mapping
    • H04L61/4541Directories for service discovery

Definitions

  • Embodiments of the present invention relate to communication technologies, and in particular, to an application identification method and apparatus.
  • the network access server (NAS) or the service gateway (SGW) receives the service request message sent by the terminal, or the service response message sent by the application server. Because some types of applications usually use the encryption protocol or the private protocol to process the packets sent between the terminal and the APP server, the NAS device or the SGW device cannot identify the service request packet or the service response packet, and thus cannot identify the packets. The application corresponding to the text cannot control and charge these applications.
  • the embodiment of the invention provides an application identification method and device to solve the problem that the NAS device or the SGW device cannot identify certain applications.
  • an embodiment of the present invention provides an application identification method, including:
  • the application corresponding to the target domain name is determined according to a preset mapping relationship between the application and the domain name.
  • the method before the receiving the service packet, the method further includes:
  • the method after receiving the DNS response packet sent by the domain name service DNS server, the method further includes:
  • mapping relationship between the application server IP address and the domain name is established and saved.
  • the DNS response packet further carries an IP address of the DNS server, where the determining the DNS Before the domain name carried in the response packet is included in the mapping between the preset application and the domain name, the method further includes:
  • the service packet is: the terminal The service request packet sent or the service response packet sent by the application server.
  • mapping relationship between the domain name and the application corresponding to the target domain name include:
  • the determined application corresponding to the target domain name is charged, and/or the determined application corresponding to the target domain name is controlled.
  • an application identification apparatus including:
  • a receiving module configured to receive a service packet, where the service packet carries a network protocol IP address of the application server;
  • a processing module configured to determine, according to a mapping relationship between an application server IP address and a domain name, a target domain name corresponding to the IP address of the application server; and, according to a mapping relationship between the preset application and the domain name, determine an application corresponding to the target domain name .
  • the receiving module is further configured to:
  • the DNS response packet Before receiving the service packet, receiving a DNS response packet sent by the domain name service DNS server, where the DNS response packet carries at least a domain name corresponding to the application and an application server IP address;
  • the processing module is further configured to establish a mapping relationship between the application server IP address and the domain name.
  • the processing module is further configured to:
  • the DNS response packet further carries an IP address of the DNS server
  • the processing module further uses to:
  • determining whether the domain name carried in the DNS response packet is included in the mapping relationship between the preset application and the domain name determining whether the DNS server is an authorization server according to an IP address of the DNS server; And determining whether the domain name carried in the DNS response packet is included in the mapping relationship between the preset application and the domain name.
  • the service packet is: the terminal The service request packet sent or the service response packet sent by the application server.
  • any one of the first to fourth possible implementation manners of the second aspect in a fifth possible implementation manner of the second aspect, is further configured to:
  • the mapping between the application and the domain name is retrieved according to the preset domain name, and the application corresponding to the target domain name is determined, the determined application corresponding to the target domain name is charged, and/or the determined location is determined.
  • the application corresponding to the target domain name is controlled.
  • the mapping between the IP address of the application server and the domain name is queried according to the IP address of the application server carried in the service packet, and the target domain name corresponding to the IP address of the application server is determined; and then the application is queried according to the target domain name.
  • the mapping relationship between the domain names determines the application corresponding to the target domain name, thereby effectively identifying the application.
  • Embodiment 1 is a flowchart of Embodiment 1 of an application identification method according to the present invention.
  • Embodiment 2 is a flowchart of Embodiment 2 of an application identification method according to the present invention.
  • FIG. 3 is a schematic structural diagram of Embodiment 1 of an application identification device according to the present invention.
  • Embodiment 1 is a flowchart of Embodiment 1 of an application identification method according to the present invention.
  • the method is implemented by an application identification device, and the device may be integrated in a NAS device or an SGW device, and the NAS device may be a fixed network broadband access server (Broadband Remote Access). Server, abbreviation: BRAS) or a mobile network device, e.g., gateway GPRS support node (gateway GPRS support node, abbreviation: GGSN) and a packet data serving node (packet data serving node, abbreviation: PDSN), etc., which in the execution means
  • BRAS Broadband Remote Access Server
  • a mobile network device e.g., gateway GPRS support node (gateway GPRS support node, abbreviation: GGSN) and a packet data serving node (packet data serving node, abbreviation: PDSN), etc.
  • the specifics can be implemented by software, or hardware,
  • the service packet carries an Internet Protocol (IP) address of the application server.
  • IP Internet Protocol
  • the service packet can be sent by the service request packet sent by the terminal or the application server.
  • Each application may correspond to multiple domain names.
  • the domain name corresponding to the Taobao application may be taobao.com or taobao.com.uk and so on.
  • the configuration of domain names usually follows certain rules. For example, domain name configuration needs to support wildcards and regular expressions.
  • the NAS device or the SGW device establishes a mapping relationship between the application server IP address and the domain name according to the domain name authentication table.
  • the domain name authentication table is preset by the operator according to the operational requirements. For example, the domain name of the mainstream social application is set to facebook.com or whatspp.com.
  • a domain name may correspond to multiple application server IP addresses.
  • the physical database and memory cache of the above device (for example, a NAS device or an SGW device) may simultaneously store a domain name and a corresponding plurality of application server IP addresses.
  • the IP address of the application server may be retrieved in the mapping relationship between the application server IP address and the domain name, so as to determine the target domain name corresponding to the IP address of the application server.
  • Domain names are generally named according to the domain name naming rules, that is, domain names can be divided into different levels, including top-level domains and second-level domain names.
  • the top-level domain name includes the country code and the international domain name, the country code, for example, the domain name of China is .cn; the international domain name, for example, the domain name of the business enterprise is .com, the domain name of the non-profit organization is .org, etc.;
  • the domain name refers to the domain name under the top-level domain name.
  • Under the international top-level domain name it refers to the online name of the domain name registrant, such as ibm, yahoo, microsoft, etc.
  • Under the national top-level domain name it is a symbol indicating the registered enterprise category. For example, com, edu, gov, net, etc.
  • the operator pre-sets the applications of interest and the domain names corresponding to the applications according to the operational requirements, and establishes a mapping relationship between the application and the domain name, and stores them in, for example, a NAS device or an SGW device.
  • step S102 And searching, according to the target domain name determined in step S102, the target domain name in the mapping relationship between the application and the domain name to determine an application corresponding to the target domain name.
  • the mapping between the IP address and the domain name of the application server is queried according to the IP address of the application server carried in the service packet, and the target domain name corresponding to the IP address of the application server is determined; and then the application and the domain name are queried according to the target domain name.
  • the mapping relationship determines an application corresponding to the target domain name, thereby realizing identification of an application that communicates using a private protocol or an encryption protocol.
  • FIG. 2 is a flowchart of Embodiment 2 of an application identification method according to the present invention.
  • this embodiment is used to install an application terminal, a NAS device, or an SGW device (the mapping relationship between the preset application and the domain name and the DNS authentication table, that is, the IP address list of the authorized DNS server) and the domain name.
  • the interaction process between the server (Domain Name Service, DNS for short) server and the application server illustrates a specific implementation process of the application identification method provided by the present invention, wherein S201-S207 is a mapping relationship between the application server IP address and the domain name.
  • the process is established (or stored), S208-S210 is the process of determining the application, and S211 is the charging and/or control of the application.
  • S201-S207 is a mapping relationship between the application server IP address and the domain name.
  • S208-S210 is the process of determining the application
  • S211 is the charging and/or control of the application.
  • S211 is the charging and/or control of the
  • the terminal sends a DNS request packet to the NAS device or the SGW device.
  • the terminal can send a DNS request message through an application client installed by itself. Specifically, when the user accesses, for example, a social service through the application client, the terminal first sends a DNS request message carrying the domain name corresponding to the application to the NAS device or the SGW device, and the NAS device or the SGW device forwards the message to the DNS server; After the device or the SGW device receives the DNS request packet, S202 is performed.
  • an application client installed by itself. Specifically, when the user accesses, for example, a social service through the application client, the terminal first sends a DNS request message carrying the domain name corresponding to the application to the NAS device or the SGW device, and the NAS device or the SGW device forwards the message to the DNS server; After the device or the SGW device receives the DNS request packet, S202 is performed.
  • the NAS device or the SGW device forwards the DNS request packet to the DNS server.
  • the DNS server After receiving the DNS request packet, the DNS server assembles the DNS response packet according to the domain name carried in the DNS request packet and the IP address of the application server corresponding to the domain name pre-stored by the DNS server, and sends the response packet to the NAS device or SGW device.
  • the NAS device or the SGW device receives the DNS response packet sent by the DNS server.
  • the DNS response packet carries at least the domain name corresponding to the application and the IP address of the application server.
  • the NAS device or the SGW device determines whether the DNS server is an authorization server according to the IP address of the DNS server in the DNS response packet.
  • the NAS device or the SGW device determines whether the source address of the DNS response packet is an IP address of an authorized DNS server configured in the DNS authentication table, and if yes, the DNS response packet Performing parsing, and executing S205 according to the parsed domain name; if not, executing S207 directly.
  • the DNS authentication table may be used to authenticate the DNS server.
  • the IP address of the DNS server existing in the DNS authentication table may be deemed to be authorized. , thereby improving the reliability of the domain name and application server IP address obtained by parsing.
  • the DNS server IP address in the DNS authentication table can be maintained according to the requirements of the operator.
  • the NAS device or the SGW device determines whether the domain name carried in the DNS response packet is included in the mapping relationship between the preset application and the domain name.
  • the NAS device or the SGW device determines, according to the domain name obtained by the DNS response packet, whether the domain name matches the domain name configured in the mapping relationship between the preset application and the domain name. If yes, execute S206; if not, go to step 207.
  • the S206, the NAS device, or the SGW device establishes a mapping relationship between the IP address and the domain name of the application server, and saves the relationship.
  • the mapping between the IP address and the domain name of the application server is established according to the domain name and the IP address of the application server, and the mapping relationship between the IP address and the domain name of the application server is stored in the physical database.
  • mapping relationship between the application server IP address and the domain name may be cached in the memory.
  • the NAS device or the SGW device forwards the DNS response packet to the terminal.
  • the NAS device or the SGW device receives the service packet.
  • the NAS device or the SGW device receives the service request packet sent by the terminal.
  • the NAS device or the SGW device receives the service response packet sent by the application server.
  • the service request packet or the service response packet carries the IP address of the application server.
  • the NAS device or the SGW device After receiving the service packet initiated by the terminal, the NAS device or the SGW device checks the IP address and domain name of the application server through the IP address of the application server carried in the service packet (where the uplink is the destination IP address and the downlink is the source IP address). Mapping relationship.
  • S209 and S210 are the same as S102 and S103 in the first embodiment, and are not described herein again.
  • control may be to block, release, redirect, control Gating control or bandwidth control of the service packets of the application;
  • the charging may be the traffic accounting and duration charging of the application. , event billing or superimposed billing for the above types of billing.
  • the NAS device or the SGW device parses the DNS response packet, and obtains a mapping relationship between the domain name of the application and the IP address of the application server, and then the domain name and the destination IP address according to the destination IP address or the source IP address in the service packet.
  • the application server IP address mapping relationship and the preset mapping relationship between the application and the domain name are used to determine the application corresponding to the destination IP address or the source IP address, thereby improving the recognition rate and accuracy of the application using the private protocol or the encryption protocol communication in the data service.
  • the cached data in the memory and the physical database are periodically The data in the data is synchronized, and the aging data and the long-term unused garbage data are regularly cleaned up.
  • FIG. 3 is a schematic structural diagram of Embodiment 1 of an application identification device according to the present invention.
  • the apparatus of this embodiment may be integrated in a NAS device or an SGW device, which may be a BRAS or a mobile network device, for example, a gateway GGSN, a PDSN, or the like.
  • the apparatus of this embodiment includes a receiving module 31 and a processing module 32.
  • the receiving module 31 is configured to receive a service packet, where the service packet carries an application server.
  • the processing module 32 is configured to determine a target domain name corresponding to the IP address of the application server according to the mapping relationship between the IP address and the domain name of the application server, and determine the target domain name corresponding according to the mapping relationship between the preset application and the domain name.
  • the application identification device of this embodiment may be used to implement the technical solution of the application identification method embodiment shown in FIG. 1 and FIG. 2, and the implementation principle and the technical effect are similar, and details are not described herein again.
  • the receiving module 32 may be further configured to: before receiving the service packet, receive a DNS response packet sent by the DNS server, where the DNS response packet carries at least the domain name corresponding to the application and the IP address of the application server;
  • the processing module 31 can also be used to establish a mapping relationship between the application server IP address and the domain name.
  • the processing module 32 is further configured to determine whether the domain name carried in the foregoing DNS response packet received by the receiving module 31 is included in the mapping relationship between the preset application and the domain name; if yes, establishing an application server IP address and The mapping relationship of the domain name is saved.
  • the foregoing DNS response packet may further carry an IP address of the DNS server
  • the processing module 32 may be further configured to determine whether the domain name carried in the DNS response packet is included in the mapping relationship between the preset application and the domain name.
  • the IP address of the DNS server is used to determine whether the DNS server is an authorization server. If yes, it is determined whether the domain name carried in the DNS response packet is included in the mapping relationship between the preset application and the domain name.
  • the service packet may be: a service request packet sent by the terminal or a service response packet sent by the application server.
  • the processing module 32 may be further configured to: after determining the mapping relationship between the application and the domain name according to the preset domain name, determine the application corresponding to the target domain name, and then perform charging on the determined application corresponding to the target domain name, and/or The determined application corresponding to the target domain name is controlled.
  • the mapping between the IP address and the domain name of the application server is queried according to the IP address of the application server carried in the service packet, and the target domain name corresponding to the IP address of the application server is determined; and then the application and the domain name are queried according to the target domain name.
  • the mapping relationship determines an application corresponding to the target domain name, thereby realizing identification of an application that communicates using a private protocol or an encryption protocol.
  • the aforementioned program can be stored in a computer readable storage medium.
  • the program when executed, performs the steps including the various method embodiments described above;
  • the foregoing storage medium includes various media that can store program codes, such as a ROM, a RAM, a magnetic disk, or an optical disk.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

An application identification method and device, the method comprising: receiving a service packet carrying an internet protocol (IP) address of an application server; determining the target domain name corresponding to the IP address of the application server according to a mapping relation between the IP address of the application server and the domain name; determining the application corresponding to the target domain name according to the mapping relation between a preset application and the domain name. An embodiment of the present invention determines an application corresponding to the IP address of the application server according to the IP address of the application server carried in the service packet, the mapping relation between the IP address of the application server and the domain name, and the mapping relation between an application and the domain name, thus identifying the application communicating using a private protocol or an encryption protocol.

Description

应用识别方法及装置Application identification method and device 技术领域Technical field
本发明实施例涉及通信技术,尤其涉及一种应用识别方法及装置。Embodiments of the present invention relate to communication technologies, and in particular, to an application identification method and apparatus.
背景技术Background technique
随着移动互联网的兴起,越来越多的互联网企业和电商平台将应用(Application,简称:APP)作为销售的主战场之一。事实表明,各大电商平台向移动APP的倾斜也十分明显,原因不仅是每天增加的流量,更重要的是由于移动终端的便捷,为企业积累了更多的用户,更有一些用户体验不错的APP使得用户的忠诚度、活跃度都得到了很大程度的提升,从而为企业的创收和未来的发展起到了关键性的作用。With the rise of the mobile Internet, more and more Internet companies and e-commerce platforms will use Application (APP) as one of the main battlefields for sales. The facts show that the tilt of major e-commerce platforms to mobile apps is also very obvious. The reason is not only the increased traffic every day, but more importantly, because of the convenience of mobile terminals, more users are accumulated for enterprises, and some users have better experience. The app has greatly improved the loyalty and activity of users, which has played a key role in the company's revenue generation and future development.
在现有技术中,网络接入服务器(Network Access Server,简称:NAS)或业务网关(Service Gateway,简称:SGW)接收终端发送的业务请求报文,或者应用服务器发送的业务响应报文后,由于某些类别的应用通常采用加密协议或私有协议处理终端与APP服务器之间发送的报文,导致NAS设备或SGW设备无法对业务请求报文或者业务响应报文进行识别,从而无法识别这些报文对应的应用,进而无法实现对这些应用进行控制和计费。In the prior art, the network access server (NAS) or the service gateway (SGW) receives the service request message sent by the terminal, or the service response message sent by the application server. Because some types of applications usually use the encryption protocol or the private protocol to process the packets sent between the terminal and the APP server, the NAS device or the SGW device cannot identify the service request packet or the service response packet, and thus cannot identify the packets. The application corresponding to the text cannot control and charge these applications.
发明内容Summary of the invention
本发明实施例提供一种应用识别方法及装置,以解决NAS设备或SGW设备无法识别某些应用的问题。The embodiment of the invention provides an application identification method and device to solve the problem that the NAS device or the SGW device cannot identify certain applications.
第一方面,本发明实施例提供一种应用识别方法,包括:In a first aspect, an embodiment of the present invention provides an application identification method, including:
接收业务报文,所述业务报文中携带应用服务器的网络协议IP地址;Receiving a service packet, where the service packet carries a network protocol IP address of the application server;
根据应用服务器IP地址和域名的映射关系,确定所述应用服务器的IP地址对应的目标域名;Determining, according to the mapping relationship between the IP address of the application server and the domain name, the target domain name corresponding to the IP address of the application server;
根据预设的应用和域名的映射关系,确定所述目标域名对应的应用。The application corresponding to the target domain name is determined according to a preset mapping relationship between the application and the domain name.
结合第一方面,在第一方面的第一种可能的实现方式中,所述接收业务报文之前,还包括: With reference to the first aspect, in a first possible implementation manner of the first aspect, before the receiving the service packet, the method further includes:
接收域名服务DNS服务器发送的DNS响应报文,所述DNS响应报文中至少携带应用对应的域名和应用服务器IP地址;Receiving a DNS response message sent by the domain name service DNS server, where the DNS response message carries at least a domain name corresponding to the application and an application server IP address;
建立所述应用服务器IP地址和域名的映射关系。Establish a mapping relationship between the application server IP address and the domain name.
结合第一方面的第一种可能的实现方式,在第一方面的第二种可能的实现方式中,所述接收域名服务DNS服务器发送的DNS响应报文之后,还包括:With the first possible implementation of the first aspect, in a second possible implementation manner of the first aspect, after receiving the DNS response packet sent by the domain name service DNS server, the method further includes:
判断所述DNS响应报文中携带的域名是否包含在所述预设的应用和域名的映射关系中;Determining whether the domain name carried in the DNS response packet is included in the mapping relationship between the preset application and the domain name;
若是,则建立所述应用服务器IP地址和域名的映射关系,并保存。If yes, the mapping relationship between the application server IP address and the domain name is established and saved.
结合第一方面的第二种可能的实现方式,在第一方面的第三种可能的实现方式中,所述DNS响应报文中还携带所述DNS服务器的IP地址,所述判断所述DNS响应报文中携带的域名是否包含在所述预设的应用和域名的映射关系中之前,还包括:In conjunction with the second possible implementation of the first aspect, in a third possible implementation manner of the first aspect, the DNS response packet further carries an IP address of the DNS server, where the determining the DNS Before the domain name carried in the response packet is included in the mapping between the preset application and the domain name, the method further includes:
根据所述DNS服务器的IP地址判断所述DNS服务器是否为授权服务器;Determining, according to the IP address of the DNS server, whether the DNS server is an authorization server;
若是,则判断所述DNS响应报文中携带的域名是否包含在所述预设的应用和域名的映射关系中。If yes, it is determined whether the domain name carried in the DNS response packet is included in the mapping relationship between the preset application and the domain name.
结合第一方面、第一方面的第一种至第三种可能的实现方式中的任意一种,在第一方面的第四种可能的实现方式中,所述业务报文为:所述终端发送的业务请求报文或所述应用服务器发送的业务响应报文。With reference to the first aspect, any one of the first to the third possible implementation manners of the first aspect, in the fourth possible implementation manner of the first aspect, the service packet is: the terminal The service request packet sent or the service response packet sent by the application server.
结合第一方面、第一方面的第一种至第四种可能的实现方式中的任意一种,在第一方面的第五种可能的实现方式中,所述根据预设的域名检索应用和域名的映射关系,确定所述目标域名对应的应用之后,还包括:With reference to the first aspect, any one of the first to fourth possible implementation manners of the first aspect, in a fifth possible implementation manner of the first aspect, The mapping relationship between the domain name and the application corresponding to the target domain name include:
对所确定的所述目标域名对应的应用进行计费,和/或,对所确定的所述目标域名对应的应用进行控制。The determined application corresponding to the target domain name is charged, and/or the determined application corresponding to the target domain name is controlled.
第二方面,本发明实施例提供一种应用识别装置,包括:In a second aspect, an embodiment of the present invention provides an application identification apparatus, including:
接收模块,用于接收业务报文,所述业务报文中携带应用服务器的网络协议IP地址; a receiving module, configured to receive a service packet, where the service packet carries a network protocol IP address of the application server;
处理模块,用于根据应用服务器IP地址和域名的映射关系,确定所述应用服务器的IP地址对应的目标域名;及,根据预设的应用和域名的映射关系,确定所述目标域名对应的应用。a processing module, configured to determine, according to a mapping relationship between an application server IP address and a domain name, a target domain name corresponding to the IP address of the application server; and, according to a mapping relationship between the preset application and the domain name, determine an application corresponding to the target domain name .
结合第二方面,在第二方面的第一种可能的实现方式中,所述接收模块还用于:In conjunction with the second aspect, in a first possible implementation manner of the second aspect, the receiving module is further configured to:
在接收所述业务报文之前,接收域名服务DNS服务器发送的DNS响应报文,所述DNS响应报文中至少携带应用对应的域名和应用服务器IP地址;Before receiving the service packet, receiving a DNS response packet sent by the domain name service DNS server, where the DNS response packet carries at least a domain name corresponding to the application and an application server IP address;
则所述处理模块还用于建立所述应用服务器IP地址和域名的映射关系。The processing module is further configured to establish a mapping relationship between the application server IP address and the domain name.
结合第二方面的第一种可能的实现方式,在第二方面的第二种可能的实现方式中,所述处理模块还用于:In conjunction with the first possible implementation of the second aspect, in a second possible implementation of the second aspect, the processing module is further configured to:
判断所述接收模块接收的所述DNS响应报文中携带的域名是否包含在所述预设的应用和域名的映射关系中;若是,则建立所述应用服务器IP地址和域名的映射关系,并保存。Determining whether the domain name carried in the DNS response packet received by the receiving module is included in the mapping relationship between the preset application and the domain name; if yes, establishing a mapping relationship between the IP address and the domain name of the application server, and save.
结合第二方面的第二种可能的实现方式,在第二方面的第三种可能的实现方式中,所述DNS响应报文中还携带所述DNS服务器的IP地址,所述处理模块还用于:With the second possible implementation of the second aspect, in a third possible implementation manner of the second aspect, the DNS response packet further carries an IP address of the DNS server, and the processing module further uses to:
在所述判断所述DNS响应报文中携带的域名是否包含在所述预设的应用和域名的映射关系中之前,根据所述DNS服务器的IP地址判断所述DNS服务器是否为授权服务器;若是,则判断所述DNS响应报文中携带的域名是否包含在所述预设的应用和域名的映射关系中。Before determining whether the domain name carried in the DNS response packet is included in the mapping relationship between the preset application and the domain name, determining whether the DNS server is an authorization server according to an IP address of the DNS server; And determining whether the domain name carried in the DNS response packet is included in the mapping relationship between the preset application and the domain name.
结合第二方面、第二方面的第一种至第三种可能的实现方式中的任意一种,在第二方面的第四种可能的实现方式中,所述业务报文为:所述终端发送的业务请求报文或所述应用服务器发送的业务响应报文。With reference to the second aspect, the first to the third possible implementation manner of the second aspect, in the fourth possible implementation manner of the second aspect, the service packet is: the terminal The service request packet sent or the service response packet sent by the application server.
结合第二方面、第二方面的第一种至第四种可能的实现方式中的任意一种,在第二方面的第五种可能的实现方式中,所述处理模块还用于:With reference to the second aspect, any one of the first to fourth possible implementation manners of the second aspect, in a fifth possible implementation manner of the second aspect, the processing module is further configured to:
在所述根据预设的域名检索应用和域名的映射关系,确定所述目标域名对应的应用之后,对所确定的所述目标域名对应的应用进行计费,和/或,对所确定的所述目标域名对应的应用进行控制。 After the mapping between the application and the domain name is retrieved according to the preset domain name, and the application corresponding to the target domain name is determined, the determined application corresponding to the target domain name is charged, and/or the determined location is determined. The application corresponding to the target domain name is controlled.
在本发明实施例中,根据业务报文中携带的应用服务器的IP地址查询应用服务器IP地址和域名的映射关系,确定该应用服务器的IP地址对应的目标域名;然后根据该目标域名查询应用和域名的映射关系,确定该目标域名对应的应用,从而实现对应用的有效识别。In the embodiment of the present invention, the mapping between the IP address of the application server and the domain name is queried according to the IP address of the application server carried in the service packet, and the target domain name corresponding to the IP address of the application server is determined; and then the application is queried according to the target domain name. The mapping relationship between the domain names determines the application corresponding to the target domain name, thereby effectively identifying the application.
附图说明DRAWINGS
为了更清楚地说明本发明实施例或现有技术中的技术方案,下面将对实施例或现有技术描述中所需要使用的附图做一简单地介绍,显而易见地,下面描述中的附图是本发明的一些实施例,对于本领域普通技术人员来讲,在不付出创造性劳动性的前提下,还可以根据这些附图获得其他的附图。In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, a brief description of the drawings used in the embodiments or the prior art description will be briefly described below. Obviously, the drawings in the following description It is a certain embodiment of the present invention, and other drawings can be obtained from those skilled in the art without any inventive labor.
图1为本发明应用识别方法实施例一的流程图;1 is a flowchart of Embodiment 1 of an application identification method according to the present invention;
图2为本发明应用识别方法实施例二的流程图;2 is a flowchart of Embodiment 2 of an application identification method according to the present invention;
图3为本发明应用识别装置实施例一的结构示意图。FIG. 3 is a schematic structural diagram of Embodiment 1 of an application identification device according to the present invention.
具体实施方式detailed description
为使本发明实施例的目的、技术方案和优点更加清楚,下面将结合本发明实施例中的附图,对本发明实施例中的技术方案进行清楚、完整地描述,显然,所描述的实施例是本发明一部分实施例,而不是全部的实施例。基于本发明中的实施例,本领域普通技术人员在没有做出创造性劳动前提下所获得的所有其他实施例,都属于本发明保护的范围。The technical solutions in the embodiments of the present invention will be clearly and completely described in conjunction with the drawings in the embodiments of the present invention. It is a partial embodiment of the invention, and not all of the embodiments. All other embodiments obtained by those skilled in the art based on the embodiments of the present invention without creative efforts are within the scope of the present invention.
实施例一Embodiment 1
图1为本发明应用识别方法实施例一的流程图,该方法由应用识别装置执行,该装置可以集成在NAS设备或SGW设备中,该NAS设备可以为固网宽带接入服务器(Broadband Remote Access Server,简称:BRAS)或移动网络设备,例如,网关GPRS支持节点(Gateway GPRS Support Node,简称:GGSN)和分组数据服务节点(Packet Data Serving Node,简称:PDSN)等,该方法在上述执行装置中具体可以通过软件,或硬件,或软件和硬件相结合的方式实现。该方法具体包括:1 is a flowchart of Embodiment 1 of an application identification method according to the present invention. The method is implemented by an application identification device, and the device may be integrated in a NAS device or an SGW device, and the NAS device may be a fixed network broadband access server (Broadband Remote Access). Server, abbreviation: BRAS) or a mobile network device, e.g., gateway GPRS support node (gateway GPRS support node, abbreviation: GGSN) and a packet data serving node (packet data serving node, abbreviation: PDSN), etc., which in the execution means The specifics can be implemented by software, or hardware, or a combination of software and hardware. The method specifically includes:
S101、接收业务报文。S101. Receive a service packet.
其中,上述业务报文中携带应用服务器的网络协议(Internet Protocol简称:IP)地址。该业务报文可以为终端发送的业务请求报文或应用服务器发 送的业务响应报文。The service packet carries an Internet Protocol (IP) address of the application server. The service packet can be sent by the service request packet sent by the terminal or the application server. The service response message sent.
S102、根据应用服务器IP地址和域名的映射关系,确定该应用服务器的IP地址对应的目标域名。S102. Determine a target domain name corresponding to the IP address of the application server according to the mapping relationship between the IP address of the application server and the domain name.
每一个应用可能对应多个域名,例如,淘宝应用对应的域名可以为taobao.com或taobao.com.uk等等。域名的配置通常遵循一定的规律,例如,域名配置需要支持通配符以及正则表达式。可选地,NAS设备或SGW设备根据域名鉴权表建立应用服务器IP地址和域名的映射关系。其中,域名鉴权表是由运营商根据运营需求预先设置的,例如,设置主流的社交类应用的域名facebook.com或whatspp.com等。Each application may correspond to multiple domain names. For example, the domain name corresponding to the Taobao application may be taobao.com or taobao.com.uk and so on. The configuration of domain names usually follows certain rules. For example, domain name configuration needs to support wildcards and regular expressions. Optionally, the NAS device or the SGW device establishes a mapping relationship between the application server IP address and the domain name according to the domain name authentication table. The domain name authentication table is preset by the operator according to the operational requirements. For example, the domain name of the mainstream social application is set to facebook.com or whatspp.com.
一个域名可能对应多个应用服务器IP地址,上述设备(例如NAS设备或SGW设备)的物理数据库和内存缓存可以同时保存一个域名及其对应的多个应用服务器IP地址。A domain name may correspond to multiple application server IP addresses. The physical database and memory cache of the above device (for example, a NAS device or an SGW device) may simultaneously store a domain name and a corresponding plurality of application server IP addresses.
基于一个域名对应多个应用服务器IP地址的场景,可以在上述应用服务器IP地址和域名的映射关系中检索应用服务器的IP地址,从而确定该应用服务器的IP地址对应的目标域名。The IP address of the application server may be retrieved in the mapping relationship between the application server IP address and the domain name, so as to determine the target domain name corresponding to the IP address of the application server.
S103、根据预设的应用和域名的映射关系,确定上述目标域名对应的应用。S103. Determine, according to a mapping relationship between the preset application and the domain name, an application corresponding to the target domain name.
域名,一般是按照域名命名规则进行命名,即:域名可分为不同级别,包括顶级域名和二级域名等。其中,顶级域名包括国家代码和国际域名,国家代码,例如,中国的域名为.cn等;国际域名,例如,工商企业的域名为.com,非盈利组织的域名为.org,等等;二级域名是指顶级域名之下的域名,在国际顶级域名下,它是指域名注册人的网上名称,例如ibm,yahoo,microsoft等;在国家顶级域名下,它是表示注册企业类别的符号,例如com,edu,gov,net等。Domain names are generally named according to the domain name naming rules, that is, domain names can be divided into different levels, including top-level domains and second-level domain names. Among them, the top-level domain name includes the country code and the international domain name, the country code, for example, the domain name of China is .cn; the international domain name, for example, the domain name of the business enterprise is .com, the domain name of the non-profit organization is .org, etc.; The domain name refers to the domain name under the top-level domain name. Under the international top-level domain name, it refers to the online name of the domain name registrant, such as ibm, yahoo, microsoft, etc. Under the national top-level domain name, it is a symbol indicating the registered enterprise category. For example, com, edu, gov, net, etc.
基于上述域名命名规则,运营商根据运营需求预先设置所关注的应用及该些应用所对应的域名,建立应用和域名的映射关系,并存储在例如NAS设备或SGW设备中。Based on the above-mentioned domain name naming rules, the operator pre-sets the applications of interest and the domain names corresponding to the applications according to the operational requirements, and establishes a mapping relationship between the application and the domain name, and stores them in, for example, a NAS device or an SGW device.
根据步骤S102中确定的目标域名,在上述应用和域名的映射关系中检索该目标域名,以确定该目标域名对应的应用。 And searching, according to the target domain name determined in step S102, the target domain name in the mapping relationship between the application and the domain name to determine an application corresponding to the target domain name.
本发明实施例,根据业务报文中携带的应用服务器的IP地址查询应用服务器IP地址和域名的映射关系,确定该应用服务器的IP地址对应的目标域名;然后根据该目标域名查询应用和域名的映射关系,确定该目标域名对应的应用,从而实现对采用私有协议或加密协议进行通信的应用的识别。In the embodiment of the present invention, the mapping between the IP address and the domain name of the application server is queried according to the IP address of the application server carried in the service packet, and the target domain name corresponding to the IP address of the application server is determined; and then the application and the domain name are queried according to the target domain name. The mapping relationship determines an application corresponding to the target domain name, thereby realizing identification of an application that communicates using a private protocol or an encryption protocol.
实施例二Embodiment 2
图2为本发明应用识别方法实施例二的流程图。如图2所示,本实施例通过安装应用的终端、NAS设备或SGW设备(该些设备中预设应用和域名的映射关系及DNS鉴权表,即授权DNS服务器的IP地址列表)、域名服务(Domain Name Service,简称:DNS)服务器及应用服务器之间的交互过程说明本发明提供的应用识别方法的一种具体实现过程,其中,S201-S207为应用服务器IP地址和域名的映射关系的建立(或者存储)过程,S208-S210为应用的确定过程,S211为对应用进行计费和/或控制。具体包括:FIG. 2 is a flowchart of Embodiment 2 of an application identification method according to the present invention. As shown in FIG. 2, this embodiment is used to install an application terminal, a NAS device, or an SGW device (the mapping relationship between the preset application and the domain name and the DNS authentication table, that is, the IP address list of the authorized DNS server) and the domain name. The interaction process between the server (Domain Name Service, DNS for short) server and the application server illustrates a specific implementation process of the application identification method provided by the present invention, wherein S201-S207 is a mapping relationship between the application server IP address and the domain name. The process is established (or stored), S208-S210 is the process of determining the application, and S211 is the charging and/or control of the application. Specifically include:
S201、终端发送DNS请求报文给NAS设备或SGW设备。S201. The terminal sends a DNS request packet to the NAS device or the SGW device.
其中,终端可以通过其自身所安装的应用客户端来发送DNS请求报文。具体地,用户使用终端通过应用客户端访问诸如社交类服务时,终端首先发送携带该应用所对应域名的DNS请求报文给NAS设备或SGW设备,由NAS设备或SGW设备转发给DNS服务器;NAS设备或SGW设备接收到的DNS请求报文后,执行S202。The terminal can send a DNS request message through an application client installed by itself. Specifically, when the user accesses, for example, a social service through the application client, the terminal first sends a DNS request message carrying the domain name corresponding to the application to the NAS device or the SGW device, and the NAS device or the SGW device forwards the message to the DNS server; After the device or the SGW device receives the DNS request packet, S202 is performed.
S202、NAS设备或SGW设备转发该DNS请求报文给DNS服务器。S202. The NAS device or the SGW device forwards the DNS request packet to the DNS server.
其中,DNS服务器在接收到DNS请求报文之后,根据该DNS请求报文中携带的域名及其自身预先存储的该域名对应的应用服务器的IP地址组装DNS响应报文,并发送给NAS设备或SGW设备。After receiving the DNS request packet, the DNS server assembles the DNS response packet according to the domain name carried in the DNS request packet and the IP address of the application server corresponding to the domain name pre-stored by the DNS server, and sends the response packet to the NAS device or SGW device.
S203、NAS设备或SGW设备接收DNS服务器发送的DNS响应报文。S203. The NAS device or the SGW device receives the DNS response packet sent by the DNS server.
其中,该DNS响应报文中至少携带应用对应的域名和应用服务器IP地址。The DNS response packet carries at least the domain name corresponding to the application and the IP address of the application server.
S204、NAS设备或SGW设备根据DNS响应报文中的DNS服务器IP地址,判断该DNS服务器是否为授权服务器。S204. The NAS device or the SGW device determines whether the DNS server is an authorization server according to the IP address of the DNS server in the DNS response packet.
具体地,NAS设备或SGW设备判断DNS响应报文的源地址是否是DNS鉴权表中配置的授权DNS服务器的IP地址,若是,则对该DNS响应报文 进行解析,并根据解析得到的域名,执行S205;若否,则直接执行S207。Specifically, the NAS device or the SGW device determines whether the source address of the DNS response packet is an IP address of an authorized DNS server configured in the DNS authentication table, and if yes, the DNS response packet Performing parsing, and executing S205 according to the parsed domain name; if not, executing S207 directly.
由于不同局点或不同应用对应的DNS服务器可能不一样,所以,可以使用DNS鉴权表来实现DNS服务器的鉴权,存在于DNS鉴权表中的DNS服务器IP地址可以被认定为经过授权的,从而提高通过解析所得到的域名和应用服务器IP地址的可靠性。其中,DNS鉴权表中的DNS服务器IP地址可以根据运营商的需求来维护。Since the DNS servers corresponding to different sites or different applications may be different, the DNS authentication table may be used to authenticate the DNS server. The IP address of the DNS server existing in the DNS authentication table may be deemed to be authorized. , thereby improving the reliability of the domain name and application server IP address obtained by parsing. The DNS server IP address in the DNS authentication table can be maintained according to the requirements of the operator.
S205、NAS设备或SGW设备判断该DNS响应报文中携带的域名是否包含在上述预设的应用和域名的映射关系中。S205. The NAS device or the SGW device determines whether the domain name carried in the DNS response packet is included in the mapping relationship between the preset application and the domain name.
NAS设备或SGW设备根据解析DNS响应报文获得的域名,判断该域名是否匹配预设的应用和域名的映射关系中配置的域名,若匹配,则执行S206;若不匹配,则执行步骤207。The NAS device or the SGW device determines, according to the domain name obtained by the DNS response packet, whether the domain name matches the domain name configured in the mapping relationship between the preset application and the domain name. If yes, execute S206; if not, go to step 207.
该步骤中,只有需要进行域名和IP对应关系管理的域名才需要继续解析DNS响应报文获得应用服务器IP地址,从而,避免因存储所有的应用服务器IP地址和域名的映射关系带来的系统性能的降低,增强系统性能的稳定性。In this step, only the domain name that needs to be managed by the domain name and the IP address needs to continue to resolve the DNS response packet to obtain the IP address of the application server. Therefore, the system performance caused by the mapping between the IP address and the domain name of all application servers is avoided. Reduced and enhanced system performance stability.
S206、NAS设备或SGW设备建立应用服务器IP地址和域名的映射关系,并保存。The S206, the NAS device, or the SGW device establishes a mapping relationship between the IP address and the domain name of the application server, and saves the relationship.
根据上述解析获得的域名和应用服务器IP地址,建立应用服务器IP地址和域名的映射关系,并在物理数据库中存储该应用服务器IP地址和域名的映射关系。The mapping between the IP address and the domain name of the application server is established according to the domain name and the IP address of the application server, and the mapping relationship between the IP address and the domain name of the application server is stored in the physical database.
可选地,为了快速获得该应用服务器IP地址和域名的映射关系,可以在内存中对应用服务器IP地址和域名的映射关系进行缓存。Optionally, in order to quickly obtain the mapping relationship between the application server IP address and the domain name, the mapping relationship between the application server IP address and the domain name may be cached in the memory.
S207、NAS设备或SGW设备转发DNS响应报文给终端。S207. The NAS device or the SGW device forwards the DNS response packet to the terminal.
S208、NAS设备或SGW设备接收业务报文。S208. The NAS device or the SGW device receives the service packet.
具体地,本领域技术人员可以将该步骤理解为两种具体场景,满足其中之一即可:Specifically, those skilled in the art can understand the step as two specific scenarios, and one of them can be satisfied:
S2081、NAS设备或SGW设备接收终端发送的业务请求报文。S2081: The NAS device or the SGW device receives the service request packet sent by the terminal.
S2082、NAS设备或SGW设备接收应用服务器发送的业务响应报文。S2082: The NAS device or the SGW device receives the service response packet sent by the application server.
该业务请求报文或业务响应报文中携带应用服务器的IP地址。 The service request packet or the service response packet carries the IP address of the application server.
NAS设备或者SGW设备在接收到终端发起的业务报文后,通过该业务报文携带的应用服务器IP地址(其中,上行是目的IP地址;下行是源IP地址)反查应用服务器IP地址和域名的映射关系。After receiving the service packet initiated by the terminal, the NAS device or the SGW device checks the IP address and domain name of the application server through the IP address of the application server carried in the service packet (where the uplink is the destination IP address and the downlink is the source IP address). Mapping relationship.
S209、根据应用服务器IP地址和域名的映射关系,确定应用服务器的IP地址对应的目标域名。S209. Determine a target domain name corresponding to the IP address of the application server according to the mapping relationship between the IP address of the application server and the domain name.
S210、根据预设的域名检索应用和域名的映射关系,确定该目标域名对应的应用。S210. Search for a mapping relationship between the application and the domain name according to the preset domain name, and determine an application corresponding to the target domain name.
其中,S209和S210同实施例一中S102和S103,此处不再赘述。S209 and S210 are the same as S102 and S103 in the first embodiment, and are not described herein again.
S211、对所确定的目标域名对应的应用进行计费,和/或,对所确定的目标域名对应的应用进行控制。S211. Perform charging on an application corresponding to the determined target domain name, and/or control an application corresponding to the determined target domain name.
需要说明的是,控制可以为对应用的业务报文进行阻断、放通、重定向、门限控制(Gating Control)或带宽控制等;计费可以为对应用的业务流量计费、时长计费、事件计费或上述几类计费的叠加计费。It should be noted that the control may be to block, release, redirect, control Gating control or bandwidth control of the service packets of the application; the charging may be the traffic accounting and duration charging of the application. , event billing or superimposed billing for the above types of billing.
在本发明实施例中,NAS设备或SGW设备解析DNS响应报文,得到应用对应的域名与应用服务器IP地址的映射关系,然后根据业务报文中的目的IP地址或源IP地址,上述域名与应用服务器IP地址的映射关系以及预设的应用和域名的映射关系,确定目的IP地址或源IP地址对应的应用,从而提高数据业务中使用私有协议或者加密协议通信的应用的识别率和准确率,且无需动态跟踪应用服务器IP地址的变化情况,降低系统维护复杂度,进而实现对该应用进行计费和/或控制。In the embodiment of the present invention, the NAS device or the SGW device parses the DNS response packet, and obtains a mapping relationship between the domain name of the application and the IP address of the application server, and then the domain name and the destination IP address according to the destination IP address or the source IP address in the service packet. The application server IP address mapping relationship and the preset mapping relationship between the application and the domain name are used to determine the application corresponding to the destination IP address or the source IP address, thereby improving the recognition rate and accuracy of the application using the private protocol or the encryption protocol communication in the data service. There is no need to dynamically track changes in the IP address of the application server, reduce system maintenance complexity, and thereby enable billing and/or control of the application.
另需说明的是,为保证应用服务器IP地址和域名的映射关系的准确性和时效性,以及减轻长期未使用数据对内存资源的占用,可选地,定期对内存中的缓存数据以及物理数据库中的数据进行同步,同时定期清理老化数据以及长期未使用的垃圾数据。In addition, in order to ensure the accuracy and timeliness of the mapping relationship between the application server IP address and the domain name, and to reduce the occupation of memory resources by long-term unused data, optionally, the cached data in the memory and the physical database are periodically The data in the data is synchronized, and the aging data and the long-term unused garbage data are regularly cleaned up.
图3为本发明应用识别装置实施例一的结构示意图。本实施例的装置可集成在NAS设备或SGW设备中,该NAS设备可以为BRAS或移动网络设备,例如,网关GGSN和PDSN等中。如图3所示,本实施例的装置包括接收模块31和处理模块32。FIG. 3 is a schematic structural diagram of Embodiment 1 of an application identification device according to the present invention. The apparatus of this embodiment may be integrated in a NAS device or an SGW device, which may be a BRAS or a mobile network device, for example, a gateway GGSN, a PDSN, or the like. As shown in FIG. 3, the apparatus of this embodiment includes a receiving module 31 and a processing module 32.
其中,接收模块31用于接收业务报文,该业务报文中携带应用服务器 的IP地址;处理模块32用于根据应用服务器IP地址和域名的映射关系,确定上述应用服务器的IP地址对应的目标域名;及,根据预设的应用和域名的映射关系,确定上述目标域名对应的应用。The receiving module 31 is configured to receive a service packet, where the service packet carries an application server. The processing module 32 is configured to determine a target domain name corresponding to the IP address of the application server according to the mapping relationship between the IP address and the domain name of the application server, and determine the target domain name corresponding according to the mapping relationship between the preset application and the domain name. Applications.
本实施例的应用识别装置,可以用于执行如图1和图2所示的应用识别方法实施例的技术方案,其实现原理和技术效果类似,此处不再赘述。The application identification device of this embodiment may be used to implement the technical solution of the application identification method embodiment shown in FIG. 1 and FIG. 2, and the implementation principle and the technical effect are similar, and details are not described herein again.
在上述基础上,接收模块32还可以用于在接收所述业务报文之前,接收DNS服务器发送的DNS响应报文,该DNS响应报文中至少携带应用对应的域名和应用服务器IP地址;则处理模块31还可以用于建立上述应用服务器IP地址和域名的映射关系。On the basis of the foregoing, the receiving module 32 may be further configured to: before receiving the service packet, receive a DNS response packet sent by the DNS server, where the DNS response packet carries at least the domain name corresponding to the application and the IP address of the application server; The processing module 31 can also be used to establish a mapping relationship between the application server IP address and the domain name.
可选地,处理模块32还可以用于判断接收模块31接收的上述DNS响应报文中携带的域名是否包含在上述预设的应用和域名的映射关系中;若是,则建立应用服务器IP地址和域名的映射关系,并保存。Optionally, the processing module 32 is further configured to determine whether the domain name carried in the foregoing DNS response packet received by the receiving module 31 is included in the mapping relationship between the preset application and the domain name; if yes, establishing an application server IP address and The mapping relationship of the domain name is saved.
进一步地,上述DNS响应报文中还可以携带DNS服务器的IP地址,处理模块32还可以用于在判断上述DNS响应报文中携带的域名是否包含在上述预设的应用和域名的映射关系中之前,根据DNS服务器的IP地址判断该DNS服务器是否为授权服务器;若是,则判断上述DNS响应报文中携带的域名是否包含在上述预设的应用和域名的映射关系中。Further, the foregoing DNS response packet may further carry an IP address of the DNS server, and the processing module 32 may be further configured to determine whether the domain name carried in the DNS response packet is included in the mapping relationship between the preset application and the domain name. The IP address of the DNS server is used to determine whether the DNS server is an authorization server. If yes, it is determined whether the domain name carried in the DNS response packet is included in the mapping relationship between the preset application and the domain name.
其中,上述业务报文可以为:终端发送的业务请求报文或应用服务器发送的业务响应报文。The service packet may be: a service request packet sent by the terminal or a service response packet sent by the application server.
处理模块32还可以用于在上述根据预设的域名检索应用和域名的映射关系,确定目标域名对应的应用之后,对所确定的该目标域名对应的应用进行计费,和/或,对所确定的该目标域名对应的应用进行控制。The processing module 32 may be further configured to: after determining the mapping relationship between the application and the domain name according to the preset domain name, determine the application corresponding to the target domain name, and then perform charging on the determined application corresponding to the target domain name, and/or The determined application corresponding to the target domain name is controlled.
本发明实施例,根据业务报文中携带的应用服务器的IP地址查询应用服务器IP地址和域名的映射关系,确定该应用服务器的IP地址对应的目标域名;然后根据该目标域名查询应用和域名的映射关系,确定该目标域名对应的应用,从而实现对采用私有协议或加密协议进行通信的应用的识别。In the embodiment of the present invention, the mapping between the IP address and the domain name of the application server is queried according to the IP address of the application server carried in the service packet, and the target domain name corresponding to the IP address of the application server is determined; and then the application and the domain name are queried according to the target domain name. The mapping relationship determines an application corresponding to the target domain name, thereby realizing identification of an application that communicates using a private protocol or an encryption protocol.
本领域普通技术人员可以理解:实现上述各方法实施例的全部或部分步骤可以通过程序指令相关的硬件来完成。前述的程序可以存储于一计算机可读取存储介质中。该程序在执行时,执行包括上述各方法实施例的步骤;而 前述的存储介质包括:ROM、RAM、磁碟或者光盘等各种可以存储程序代码的介质。One of ordinary skill in the art will appreciate that all or part of the steps to implement the various method embodiments described above may be accomplished by hardware associated with the program instructions. The aforementioned program can be stored in a computer readable storage medium. The program, when executed, performs the steps including the various method embodiments described above; The foregoing storage medium includes various media that can store program codes, such as a ROM, a RAM, a magnetic disk, or an optical disk.
最后应说明的是:以上各实施例仅用以说明本发明的技术方案,而非对其限制;尽管参照前述各实施例对本发明进行了详细的说明,本领域的普通技术人员应当理解:其依然可以对前述各实施例所记载的技术方案进行修改,或者对其中部分或者全部技术特征进行等同替换;而这些修改或者替换,并不使相应技术方案的本质脱离本发明各实施例技术方案的范围。 Finally, it should be noted that the above embodiments are merely illustrative of the technical solutions of the present invention, and are not intended to be limiting; although the present invention has been described in detail with reference to the foregoing embodiments, those skilled in the art will understand that The technical solutions described in the foregoing embodiments may be modified, or some or all of the technical features may be equivalently replaced; and the modifications or substitutions do not deviate from the technical solutions of the embodiments of the present invention. range.

Claims (12)

  1. 一种应用识别方法,其特征在于,包括:An application identification method, comprising:
    接收业务报文,所述业务报文中携带应用服务器的网络协议IP地址;Receiving a service packet, where the service packet carries a network protocol IP address of the application server;
    根据应用服务器IP地址和域名的映射关系,确定所述应用服务器的IP地址对应的目标域名;Determining, according to the mapping relationship between the IP address of the application server and the domain name, the target domain name corresponding to the IP address of the application server;
    根据预设的应用和域名的映射关系,确定所述目标域名对应的应用。The application corresponding to the target domain name is determined according to a preset mapping relationship between the application and the domain name.
  2. 根据权利要求1所述的方法,其特征在于,所述接收业务报文之前,还包括:The method according to claim 1, wherein before receiving the service message, the method further includes:
    接收域名服务DNS服务器发送的DNS响应报文,所述DNS响应报文中至少携带应用对应的域名和应用服务器IP地址;Receiving a DNS response message sent by the domain name service DNS server, where the DNS response message carries at least a domain name corresponding to the application and an application server IP address;
    建立所述应用服务器IP地址和域名的映射关系。Establish a mapping relationship between the application server IP address and the domain name.
  3. 根据权利要求2所述的方法,其特征在于,所述接收域名服务DNS服务器发送的DNS响应报文之后,还包括:The method according to claim 2, wherein after receiving the DNS response message sent by the domain name service DNS server, the method further includes:
    判断所述DNS响应报文中携带的域名是否包含在所述预设的应用和域名的映射关系中;Determining whether the domain name carried in the DNS response packet is included in the mapping relationship between the preset application and the domain name;
    若是,则建立所述应用服务器IP地址和域名的映射关系,并保存。If yes, the mapping relationship between the application server IP address and the domain name is established and saved.
  4. 根据权利要求3所述的方法,其特征在于,所述DNS响应报文中还携带所述DNS服务器的IP地址,所述判断所述DNS响应报文中携带的域名是否包含在所述预设的应用和域名的映射关系中之前,还包括:The method according to claim 3, wherein the DNS response message further carries an IP address of the DNS server, and the determining whether the domain name carried in the DNS response message is included in the preset Before the application and domain name mapping relationship, it also includes:
    根据所述DNS服务器的IP地址判断所述DNS服务器是否为授权服务器;Determining, according to the IP address of the DNS server, whether the DNS server is an authorization server;
    若是,则判断所述DNS响应报文中携带的域名是否包含在所述预设的应用和域名的映射关系中。If yes, it is determined whether the domain name carried in the DNS response packet is included in the mapping relationship between the preset application and the domain name.
  5. 根据权利要求1-4任一项所述的方法,其特征在于,所述业务报文为:所述终端发送的业务请求报文或所述应用服务器发送的业务响应报文。The method according to any one of claims 1-4, wherein the service message is: a service request message sent by the terminal or a service response message sent by the application server.
  6. 根据权利要求1-5任一项所述的方法,其特征在于,所述根据预设的域名检索应用和域名的映射关系,确定所述目标域名对应的应用之后,还包括:The method according to any one of claims 1-5, wherein after the mapping of the mapping between the application and the domain name is performed according to the preset domain name, and the application corresponding to the target domain name is determined, the method further includes:
    对所确定的所述目标域名对应的应用进行计费,和/或,对所确定的所述 目标域名对应的应用进行控制。Accounting for the determined application corresponding to the target domain name, and/or, for the determined The application corresponding to the target domain name is controlled.
  7. 一种应用识别装置,其特征在于,包括:An application identification device, comprising:
    接收模块,用于接收业务报文,所述业务报文中携带应用服务器的网络协议IP地址;a receiving module, configured to receive a service packet, where the service packet carries a network protocol IP address of the application server;
    处理模块,用于根据应用服务器IP地址和域名的映射关系,确定所述应用服务器的IP地址对应的目标域名;及,根据预设的应用和域名的映射关系,确定所述目标域名对应的应用。a processing module, configured to determine, according to a mapping relationship between an application server IP address and a domain name, a target domain name corresponding to the IP address of the application server; and, according to a mapping relationship between the preset application and the domain name, determine an application corresponding to the target domain name .
  8. 根据权利要求7所述的装置,其特征在于,所述接收模块还用于:The device according to claim 7, wherein the receiving module is further configured to:
    在接收所述业务报文之前,接收域名服务DNS服务器发送的DNS响应报文,所述DNS响应报文中至少携带应用对应的域名和应用服务器IP地址;Before receiving the service packet, receiving a DNS response packet sent by the domain name service DNS server, where the DNS response packet carries at least a domain name corresponding to the application and an application server IP address;
    则所述处理模块还用于建立所述应用服务器IP地址和域名的映射关系。The processing module is further configured to establish a mapping relationship between the application server IP address and the domain name.
  9. 根据权利要求8所述的装置,其特征在于,所述处理模块还用于:The device according to claim 8, wherein the processing module is further configured to:
    判断所述接收模块接收的所述DNS响应报文中携带的域名是否包含在所述预设的应用和域名的映射关系中;若是,则建立所述应用服务器IP地址和域名的映射关系,并保存。Determining whether the domain name carried in the DNS response packet received by the receiving module is included in the mapping relationship between the preset application and the domain name; if yes, establishing a mapping relationship between the IP address and the domain name of the application server, and save.
  10. 根据权利要求9所述的装置,其特征在于,所述DNS响应报文中还携带所述DNS服务器的IP地址,所述处理模块还用于:The device according to claim 9, wherein the DNS response message further carries an IP address of the DNS server, and the processing module is further configured to:
    在所述判断所述DNS响应报文中携带的域名是否包含在所述预设的应用和域名的映射关系中之前,根据所述DNS服务器的IP地址判断所述DNS服务器是否为授权服务器;若是,则判断所述DNS响应报文中携带的域名是否包含在所述预设的应用和域名的映射关系中。Before determining whether the domain name carried in the DNS response packet is included in the mapping relationship between the preset application and the domain name, determining whether the DNS server is an authorization server according to an IP address of the DNS server; And determining whether the domain name carried in the DNS response packet is included in the mapping relationship between the preset application and the domain name.
  11. 根据权利要求7-10任一项所述的装置,其特征在于,所述业务报文为:所述终端发送的业务请求报文或所述应用服务器发送的业务响应报文。The device according to any one of claims 7 to 10, wherein the service message is: a service request message sent by the terminal or a service response message sent by the application server.
  12. 根据权利要求7-11任一项所述的装置,其特征在于,所述处理模块还用于:The device according to any one of claims 7 to 11, wherein the processing module is further configured to:
    在所述根据预设的域名检索应用和域名的映射关系,确定所述目标域名对应的应用之后,对所确定的所述目标域名对应的应用进行计费,和/或,对所确定的所述目标域名对应的应用进行控制。 After the mapping between the application and the domain name is retrieved according to the preset domain name, and the application corresponding to the target domain name is determined, the determined application corresponding to the target domain name is charged, and/or the determined location is determined. The application corresponding to the target domain name is controlled.
PCT/CN2014/091494 2013-12-10 2014-11-19 Application identification method and device WO2015085850A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201310684800.5A CN103685601A (en) 2013-12-10 2013-12-10 Application identification method and device
CN201310684800.5 2013-12-10

Publications (1)

Publication Number Publication Date
WO2015085850A1 true WO2015085850A1 (en) 2015-06-18

Family

ID=50321870

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2014/091494 WO2015085850A1 (en) 2013-12-10 2014-11-19 Application identification method and device

Country Status (2)

Country Link
CN (1) CN103685601A (en)
WO (1) WO2015085850A1 (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN115189954A (en) * 2022-07-12 2022-10-14 北京天融信网络安全技术有限公司 Mining message processing method and device, electronic equipment and storage medium

Families Citing this family (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103685601A (en) * 2013-12-10 2014-03-26 华为技术有限公司 Application identification method and device
WO2016177167A1 (en) * 2015-07-08 2016-11-10 中兴通讯股份有限公司 Control method for application feature rules and application feature server
CN106341804B (en) 2015-07-08 2020-11-20 中兴通讯股份有限公司 Control method for application characteristic rule and application characteristic server
CN105872121A (en) * 2015-12-15 2016-08-17 乐视移动智能信息技术(北京)有限公司 Method for connecting terminal with server, terminal and domain name server
CN107154917B (en) * 2016-03-03 2020-06-02 华为技术有限公司 Data transmission method and server
CN106452940A (en) * 2016-08-22 2017-02-22 中国联合网络通信有限公司重庆市分公司 Method and device for identifying Internet business flow ownership
CN108509811B (en) * 2017-02-28 2022-03-22 菜鸟智能物流控股有限公司 Identification method and related device of application installation equipment
CN110808921B (en) * 2019-11-05 2023-01-03 赵宇飞 Application identification method, system and network equipment
CN113453321A (en) * 2020-03-27 2021-09-28 北京小米移动软件有限公司 Terminal wake-up processing method, device and medium

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101390087A (en) * 2006-02-28 2009-03-18 微软公司 Global names zone
CN102143509A (en) * 2010-12-16 2011-08-03 华为终端有限公司 Method, device and system for managing wireless repeater by using access point (AP)
CN102833249A (en) * 2012-08-24 2012-12-19 北京百度网讯科技有限公司 Method and system of logging network server by application client of mobile terminal
CN103685601A (en) * 2013-12-10 2014-03-26 华为技术有限公司 Application identification method and device

Family Cites Families (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2006090392A2 (en) * 2005-02-24 2006-08-31 Rsa Security Inc. System and method for detecting and mitigating dns spoofing trojans
CN102055813A (en) * 2010-11-22 2011-05-11 杭州华三通信技术有限公司 Access controlling method for network application and device thereof
CN102347876B (en) * 2011-09-30 2013-11-13 鞠洪尧 Multilink aggregation control device for cloud computing network
WO2013097194A1 (en) * 2011-12-30 2013-07-04 华为技术有限公司 Method, system and device for triggering service
CN102710504A (en) * 2012-05-16 2012-10-03 华为技术有限公司 Application identification method and application identification device
KR101769222B1 (en) * 2012-12-26 2017-08-17 후아웨이 테크놀러지 컴퍼니 리미티드 Method and device for preventing service illegal access

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101390087A (en) * 2006-02-28 2009-03-18 微软公司 Global names zone
CN102143509A (en) * 2010-12-16 2011-08-03 华为终端有限公司 Method, device and system for managing wireless repeater by using access point (AP)
CN102833249A (en) * 2012-08-24 2012-12-19 北京百度网讯科技有限公司 Method and system of logging network server by application client of mobile terminal
CN103685601A (en) * 2013-12-10 2014-03-26 华为技术有限公司 Application identification method and device

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN115189954A (en) * 2022-07-12 2022-10-14 北京天融信网络安全技术有限公司 Mining message processing method and device, electronic equipment and storage medium

Also Published As

Publication number Publication date
CN103685601A (en) 2014-03-26

Similar Documents

Publication Publication Date Title
WO2015085850A1 (en) Application identification method and device
US20210360399A1 (en) Mobile authentication in mobile virtual network
WO2021057889A1 (en) Data processing method and apparatus, electronic device, and storage medium
WO2021120969A1 (en) Domain name resolution method, domain name resolution server, and terminal device
US9401962B2 (en) Traffic steering system
US9554276B2 (en) System and method for on the fly protocol conversion in obtaining policy enforcement information
JP5710596B2 (en) User-based authentication for real-time communication
WO2014000303A1 (en) Method for receiving message, and deep packet inspection device and system
US20130290563A1 (en) Answer augmentation system for authoritative dns servers
US8914510B2 (en) Methods, systems, and computer program products for enhancing internet security for network subscribers
CN103078877B (en) Based on the user authentication of DNS and domain name access control method and system
US10250564B2 (en) Dynamically allowing traffic flow through a firewall to allow an application server device to perform mobile-terminated communications
JP2014527326A (en) Wireless LAN connection device and operation method thereof
CN104038917B (en) The method and device of terminal roaming certification
US9954815B2 (en) Domain name collaboration service using domain name dependency server
CN106470251B (en) Domain name resolution method and virtual DNS authoritative server
WO2017041562A1 (en) Method and device for identifying user identity of terminal device
US20140164645A1 (en) Routing table maintenance
KR20140007363A (en) Site-aware distributed file system access from outside enterprise network
WO2014075450A1 (en) Resource download method, service server and cellular phone client
CN113595907A (en) Aggregation method and device for issuing routing strategy based on SSLVPN
CN105813078A (en) Network authentication method, device and system and AP (ACCESS POINT) with authentication function
US9973906B2 (en) Identifiers for enterprise messages
US9398171B1 (en) Deploying a toll-free data service campaign for secure content
CN115250264A (en) Controlling network traffic associated with a domain name based on DNS-IP mapping

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 14870355

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 14870355

Country of ref document: EP

Kind code of ref document: A1