WO2024111088A1 - Dispositif d'analyse, procédé d'analyse et programme d'analyse - Google Patents

Dispositif d'analyse, procédé d'analyse et programme d'analyse Download PDF

Info

Publication number
WO2024111088A1
WO2024111088A1 PCT/JP2022/043380 JP2022043380W WO2024111088A1 WO 2024111088 A1 WO2024111088 A1 WO 2024111088A1 JP 2022043380 W JP2022043380 W JP 2022043380W WO 2024111088 A1 WO2024111088 A1 WO 2024111088A1
Authority
WO
WIPO (PCT)
Prior art keywords
processing
information
key
source data
data
Prior art date
Application number
PCT/JP2022/043380
Other languages
English (en)
Japanese (ja)
Inventor
里美 井上
裕平 林
篤史 須藤
Original Assignee
日本電信電話株式会社
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 日本電信電話株式会社 filed Critical 日本電信電話株式会社
Priority to PCT/JP2022/043380 priority Critical patent/WO2024111088A1/fr
Publication of WO2024111088A1 publication Critical patent/WO2024111088A1/fr

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L43/00Arrangements for monitoring or testing data switching networks
    • H04L43/02Capturing of monitoring data
    • H04L43/026Capturing of monitoring data using flow identification

Definitions

  • the present invention relates to an analysis device, an analysis method, and an analysis program.
  • xFlow is known as a technology for network monitoring and traffic trend analysis.
  • xFlow is a method for collecting and analyzing traffic by transferring statistical information calculated from the header information of sampled packets, or the header portion itself (header sample).
  • a packet encapsulation technique that embeds a packet in the payload of another packet on a network and transfers the other packet.
  • Elastic's Ingest Pipelines are known as a function for linking information, as they process documents containing information in a specified manner to format them.
  • the flow information includes data in a key-value format such as 5-tuple that identifies the flow.
  • the analysis device is characterized by having a storage unit that stores association information, which is information that associates definition information that defines the processing content with the source data, the definition information, a receiving unit that receives data in a key-value format that indicates information related to the network as the source data, and a processing unit that identifies the processing content of the source data received by the receiving unit based on the association information and processes the source data in accordance with the processing content.
  • association information is information that associates definition information that defines the processing content with the source data, the definition information
  • a receiving unit that receives data in a key-value format that indicates information related to the network as the source data
  • a processing unit that identifies the processing content of the source data received by the receiving unit based on the association information and processes the source data in accordance with the processing content.
  • the processing content of flow information can be easily changed.
  • FIG. 1 is a diagram illustrating an example of the configuration of an analysis apparatus according to the first embodiment.
  • FIG. 2 is a diagram for explaining a process for changing the processing contents.
  • FIG. 3 is a diagram for explaining a process for changing the processing contents.
  • FIG. 4 is a diagram showing a change in flow statistical information accompanying a change in processing content.
  • FIG. 5 is a diagram showing an example of a process for adding a VPN user.
  • FIG. 6 is a diagram for explaining a method for speeding up the process of changing the processing contents.
  • FIG. 7 is a diagram for explaining a method for speeding up the process of changing the processing contents.
  • FIG. 8 is a diagram for explaining a method for speeding up the process of changing the processing contents.
  • FIG. 1 is a diagram illustrating an example of the configuration of an analysis apparatus according to the first embodiment.
  • FIG. 2 is a diagram for explaining a process for changing the processing contents.
  • FIG. 3 is a diagram for explaining a process for changing the
  • FIG. 9 is a diagram for explaining a method for speeding up the process of changing the processing contents.
  • FIG. 10 is a diagram illustrating optimization of association information.
  • FIG. 11 is a diagram illustrating parallel processing.
  • FIG. 12 is a flow chart illustrating the flow of processing performed by the analysis device.
  • FIG. 13 is a flow chart illustrating the flow of processing performed by the analysis device.
  • FIG. 14 illustrates an example of a computer that executes an analysis program.
  • Fig. 1 is a diagram showing an example of the configuration of an analysis device according to a first embodiment.
  • the analysis device 10 is connected to an OpS (Operation System) 20, a conversion device 30, and a terminal device 40.
  • OpS Operaation System
  • OpS20 provides the analysis device 10 with information that associates VPN users with outer information.
  • the conversion device 30 obtains xFlow packets from a network (e.g., a core network).
  • a network e.g., a core network
  • tunnels which are virtual communication paths, are configured.
  • communication is performed using a VPN, and encapsulated packets are sent and received.
  • a VPN user a user who communicates using a VPN is called a VPN user.
  • the conversion device 30 acquires xFlow packets via a network device that samples packets transmitted and received over a network.
  • the network device extracts the outer header (header of the outer packet) and inner header (header of the inner packet) of the sampled packet, and transfers the xFlow packet encapsulating each of the extracted headers to the conversion device 30.
  • encapsulation means embedding data in the payload section of the xFlow packet.
  • the network device transfers xFlow packets encapsulating statistical information about the sampled packets to the conversion device 30.
  • the statistical information is calculated based on the inner header or the outer header.
  • the statistical information is the number of packets for each flow (inner flow or outer flow) based on the inner header or the outer header, the amount of communication data (example unit: Mbps), etc.
  • the conversion device 30 can obtain an xFlow packet that includes the Outer header and Inner header of the sampled packet, and an xFlow packet that includes statistical information.
  • the conversion device 30 converts the format of the acquired xFlow packets and transfers the xFlow packets obtained by the conversion to the analysis device 10.
  • the conversion device 30 extracts outer flow statistical information (outer statistics) from the acquired xFlow, and transfers the xFlow packet encapsulating the extracted statistical information to the analysis device 10.
  • outer flow statistical information outer statistics
  • each device on the network forwards packets in the tunnel based on the packet's outer header.
  • the analysis device 10 identifies information about the VPN of the flow based on the outer statistics contained in the xFlow packet received from the conversion device 30. For example, the analysis device 10 can identify the user of the VPN that is the source of the flow.
  • the analysis device 10 can store a 5-tuple (source IP address, source port number, destination IP address, destination port number, protocol) in association with a VPN user, and identify the VPN user by comparing the stored 5-tuple with a 5-tuple included in the outer statistics.
  • the analysis device 10 can obtain information such as the 5-tuple for identifying a VPN from the OpS 20.
  • the analysis device 10 processes the outer statistics appropriately (e.g., adds a key) based on the information contained in the xFlow packet and the identified information, and transmits them to the terminal device 40.
  • the terminal device 40 is used by a user who analyzes the network.
  • the subject of processing by the analysis device 10 is not limited to outer statistics, and may be, for example, inner statistics (statistical information of the inner flow).
  • the analysis device 10 includes a collection unit 11, an association information DB 12, a processing unit 13, a receiving unit 14, a flow statistics information DB 15, and a definition information DB 16.
  • the association information DB12, the flow statistics information DB15, and the definition information DB16 are stored in a memory unit provided in the analysis device 10.
  • the memory unit stores the association information DB12, the flow statistics information DB15, and the definition information DB16.
  • the memory unit is a storage device such as a hard disk drive (HDD), a solid state drive (SSD), or an optical disk.
  • the memory unit may also be a semiconductor memory in which data can be rewritten, such as a random access memory (RAM), flash memory, or non-volatile static random access memory (NVSRAM).
  • RAM random access memory
  • NVSRAM non-volatile static random access memory
  • the memory unit stores the operating system (OS) and various programs executed by the analysis device 10.
  • the collection unit 11, processing unit 13, and receiving unit 14 are realized by a control unit provided in the analysis device 10.
  • the control unit controls the entire analysis device 10.
  • the control unit is, for example, an electronic circuit such as a CPU (Central Processing Unit), MPU (Micro Processing Unit), or GPU (Graphics Processing Unit), or an integrated circuit such as an ASIC (Application Specific Integrated Circuit) or FPGA (Field Programmable Gate Array).
  • the control unit also has an internal memory for storing programs that define various processing procedures and control data, and executes each process using the internal memory.
  • FIGS 2 and 3 are diagrams explaining the process of changing the processing content.
  • the receiver 14 receives an xFlow packet from the conversion device 30 as source data.
  • the xFlow packet received by the receiver 14 is flow statistical information in key-value format.
  • the source data "nw_data” contains “key1", “key2”, and "key3" as keys.
  • the source data received by the receiver 14 is not limited to xFlow packets sent by the conversion device 30.
  • the receiver 14 receives data in a key-value format indicating information related to the network as source data.
  • the receiver 14 may receive data provided by Telemetry (Reference: https://www.janog.gr.jp/wg/telemetry-wg/wp-content/uploads/2018/06/20180518_Cisco_Telemetry_WG01.pdf) as source data instead of xFlow packets.
  • the processing unit 13 acquires the original data from the receiving unit 14. Then, the processing unit 13 identifies the processing content of the original data received by the receiving unit 14 based on the association information, and processes the original data in accordance with the processing content.
  • the definition information DB16 stores definition information that defines the processing content.
  • the association information DB12 stores association information that associates the definition information with the source data.
  • the processing unit 13 first reads a processing content definition named "VPN user specific" from the definition information DB 16. Then, the processing unit 13 reads association information associated with the processing content definition "VPN user specific" from the association information DB 12.
  • association information read by the processing unit 13 shows "key2:yyy” as the condition.
  • the association information shows the condition in key-value format. Note that "key2" is an example of a key, and “yyy” is an example of a value.
  • the processing unit 13 checks the condition "key2:yyy" against the source data and determines whether the source data contains "key2:yyy". In the example of FIG. 2, since the source data contains "key2:yyy", the processing unit 13 processes the source data according to the processing content indicated by the processing content definition "VPN user identification".
  • the "input” in the processing content definition is information that identifies the data to be processed. Also, the “output” in the processing content definition is information that indicates the data to be processed or the data to be output as the result of processing.
  • the processing content definition "VPN user identification” defines that a new key “hoge” is added to the original data “nw_data” according to “add new_key:hoge” and output as “nw_data_result”.
  • the processing unit 13 outputs "nw_data_result” as the processing result.
  • add is a command that means adding a key.
  • other commands include “delete,” which deletes a key, “link,” which adds a value, and “calculate,” which performs calculations using a numerical value.
  • the processing unit 13 adds "new_key” to the processing result.
  • "new_key” corresponds to the first key whose addition is defined by the definition information.
  • "key2” corresponds to the second key included in the source data.
  • Figure 4 shows the change in flow statistics information associated with a change in processing content.
  • the processing unit 13 stores the processed xFlow packets in the flow statistics information DB 15.
  • Flow statistical information DB15a is the flow statistical information DB15 before the processing described in Figures 2 and 3 is performed.
  • Flow statistical information DB15b is the flow statistical information DB15 after the processing described in Figures 2 and 3 is performed.
  • a record to which "new_key" has been added is registered in the flow statistical information DB15 by the processing unit 13.
  • FIG. 5 is a diagram showing an example of processing when adding a VPN user.
  • the xFlow packet received by the receiver 14 contains the flow statistics information "ExporterIP:10.0.0.1”, “outer srcIP:10.1.0.1”, “outer dstIP:10.2.0.1”, “tunnelID:AAAAA”, and "sessionID:aaa”.
  • the processing unit 13 reads the processing content definition named "VPN user specific" from the definition information DB 16. The processing unit 13 then reads the association information associated with the processing content definition "VPN user specific" from the association information DB 12.
  • the processing content definition includes information that defines the addition of a key that identifies a VPN user.
  • the association information includes information that associates the processing content definition with a key that identifies the VPN.
  • the processing unit 13 checks the value "10.1.0.1&10.2.0.1&AAAAA&aaa” separated by "&” in the association information against the values of the keys "outer srcIP”, “outer dstIP”, “tunnelID”, and "sessionID” in the source data.
  • the matching result shows that the condition indicated by the association information matches the source data, so the processing unit 13 executes the processing content "link” and performs processing to add the value "User A” to the key "vpn_user”.
  • the association information stored in the association information DB 12 and the processing content definition stored in the definition information DB 16 can be set by the user as desired. This allows for flexible definition of the processing content. For example, the user can set the key and value in the range from " ⁇ " to " ⁇ " in the association information. In addition, for example, the user can set the "input” and "output” of the processing content definition and the processing content.
  • search target key condition: key name
  • search target value condition: value
  • assigned value equivalent to " ⁇ hoge ⁇ "
  • the receiving unit 14 obtains the original data "nw_data” (e.g., flow statistical information) from the conversion device 30.
  • "nw_data” includes “key1", “key2”, and “key3" as keys.
  • the processing unit 13 reads "input nw_data" and the search target key "key2" from the definition information DB 16. At this point, the processing unit 13 does not read any information (processing contents, etc.) other than the search target key.
  • “key2" is an example of a third key.
  • the processing unit 13 searches for the key "key2" among the keys of the source data. If the search is a hit, i.e., if the key "key2" is among the keys of the source data, the processing unit 13 reads information other than the key to be searched for in the processing content definition from the definition information DB 16.
  • the processing unit 13 reads the value of the search target and the assigned value associated with the processing content definition "VPN user identification" from the association information DB 12.
  • the assigned value is the value of the key added by the command "add”.
  • the processing unit 13 adds the key "new_key” to the source data "nw_data” in accordance with the processing content definition "VPN user identification”, sets the value of the key to "hoge”, and outputs the processing result "nw_data_result”.
  • Fig. 10 is a diagram for explaining optimization of association information.
  • the analysis device 10 extracts the necessary key information from the multiple pieces of association information that have been input, optimizes the association information by combining the information based on the key, and stores the association information in the association information DB 12.
  • the analysis device 10 can speed up processing by storing association information that consolidates multiple pieces of information that associate definition information that defines the processing content with the source data.
  • the processing unit 13 can execute data processing processes in parallel for multiple source data.
  • Fig. 11 is a diagram for explaining parallel processing.
  • the data processing process includes a series of processes for each source data, such as referencing association information, matching, processing, and registering the processing results.
  • the processing unit 13 performs parallel processing using a multi-core processor.
  • the number of parallel processes can be set in advance by the user.
  • the receiving unit 14 receives multiple xFlow packets as source data.
  • the processing unit 13 identifies the processing content for each of the multiple source data received by the receiving unit 14, and executes in parallel the process of processing the source data in accordance with the processing content.
  • Fig. 12 is a flow chart for explaining the flow of processing by the analysis device.
  • the analysis device 10 reads the target association information and source data from the processing content definition (step S101).
  • the analysis device 10 when the analysis device 10 acquires the source data, it refers to the definition information DB 16, acquires association information corresponding to the processing content definition from the association information DB 12, and further reads the source data (e.g., "input") to be matched as indicated in the processing content definition.
  • the source data e.g., "input”
  • the analysis device 10 compares the key:value of the original data with that of the association information (step S102). If the key:value of the original data and the association information do not match (step S103, No), the analysis device 10 ends the process.
  • step S104 the analysis device 10 executes the processing content of the processing content definition (step S104). Then, the analysis device 10 outputs the result of the processing content (step S105).
  • FIG. 13 is a flow chart that explains the process flow of the analysis device.
  • the analysis device 10 reads the condition:key name and source data (e.g., "input") from the processing content definition (step S201).
  • condition:key name and source data e.g., "input”
  • the analysis device 10 searches the source data, and if the data contains the condition:key name, it reads the association information of the processing content definition and the processing content (step S202). Furthermore, the analysis device 10 obtains the condition:value corresponding to the condition:key name from the association information (step S203).
  • the analysis device 10 compares the conditions with the key:value of the source data, and if they match, executes the processing content of the processing content definition (step S204).
  • the analysis device 10 stores definition information and association information that associates definition information that defines processing contents with source data.
  • the analysis device 10 also has a receiving unit 14 and a processing unit 13.
  • the receiving unit 14 receives data in a key-value format that indicates information related to the network as source data.
  • the processing unit 13 identifies the processing contents of the source data received by the receiving unit 14 based on the association information, and processes the source data in accordance with the processing contents.
  • the user can easily change the processing contents of the flow information by setting the definition information and association information.
  • the analysis device 10 stores association information that associates definition information that defines the addition of a first key with a second key included in the source data. Furthermore, when the source data includes a second key, the processing unit 13 adds the first key to the source data. This makes it possible to easily execute processing that adds a key.
  • the analysis device 10 stores definition information that defines the addition of a first key that identifies a VPN user, and association information that associates a second key that identifies the VPN. This makes it possible to easily perform processing to add a key that identifies a VPN user.
  • the analysis device 10 stores information identifying the third key and the processing content as definition information. Furthermore, when the source data received by the receiving unit 14 contains the third key, the processing unit 13 reads the processing content associated with the third key from the definition information and processes the source data according to the read processing content. In this case, the analysis device 10 only needs to read the processing content when the source data contains the third key, which speeds up processing.
  • the analysis device 10 stores association information that consolidates multiple pieces of information that associate definition information that defines the processing content with the source data. This reduces the number of times the association information is referenced, and speeds up the processing of the analysis device 10.
  • the receiving unit 14 receives multiple pieces of source data.
  • the processing unit 13 identifies the processing content for each of the multiple pieces of source data received by the receiving unit 14, and executes in parallel the process of processing the source data according to the processing content. This makes it possible to speed up the processing of the multiple pieces of source data by the analysis device 10.
  • each component of each device shown in the figure is functionally conceptual, and does not necessarily have to be physically configured as shown in the figure.
  • the specific form of distribution and integration of each device is not limited to that shown in the figure, and all or a part of it can be functionally or physically distributed or integrated in any unit according to various loads, usage conditions, etc.
  • each processing function performed by each device can be realized in whole or in any part by a CPU (Central Processing Unit) and a program analyzed and executed by the CPU, or can be realized as hardware by wired logic.
  • the program may be executed not only by the CPU but also by other processors such as a GPU.
  • the analysis device 10 can be implemented by installing an analysis program that executes the above-mentioned analysis process as package software or online software on a desired computer.
  • the above-mentioned analysis program can be executed by an information processing device, causing the information processing device to function as the analysis device 10.
  • the information processing device here includes desktop or notebook personal computers.
  • the information processing device also includes mobile communication terminals such as smartphones, mobile phones, and PHS (Personal Handyphone Systems), as well as slate terminals such as PDAs (Personal Digital Assistants).
  • the analysis device 10 can also be implemented as an analysis server device that provides services related to the above-mentioned analysis processing to a client, the client being a terminal device used by a user.
  • the analysis server device is implemented as a server device that provides an analysis service that takes as input key-value format data (e.g., xFlow packets) that indicates information about the network, and outputs the analysis results.
  • the analysis server device may be implemented as a web server, or may be implemented as a cloud that provides services related to the above-mentioned analysis processing through outsourcing.
  • FIG. 14 is a diagram showing an example of a computer that executes an analysis program.
  • the computer 1000 has, for example, a memory 1010 and a CPU 1020.
  • the computer 1000 also has a hard disk drive interface 1030, a disk drive interface 1040, a serial port interface 1050, a video adapter 1060, and a network interface 1070. Each of these components is connected by a bus 1080.
  • the memory 1010 includes a ROM (Read Only Memory) 1011 and a RAM (Random Access Memory) 1012.
  • the ROM 1011 stores a boot program such as a BIOS (Basic Input Output System).
  • BIOS Basic Input Output System
  • the hard disk drive interface 1030 is connected to a hard disk drive 1090.
  • the disk drive interface 1040 is connected to a disk drive 1100.
  • a removable storage medium such as a magnetic disk or optical disk is inserted into the disk drive 1100.
  • the serial port interface 1050 is connected to a mouse 1110 and a keyboard 1120, for example.
  • the video adapter 1060 is connected to a display 1130, for example.
  • the hard disk drive 1090 stores, for example, an OS 1091, an application program 1092, a program module 1093, and program data 1094. That is, the programs that define each process of the analysis device 10 are implemented as program modules 1093 in which computer-executable code is written.
  • the program modules 1093 are stored, for example, in the hard disk drive 1090.
  • a program module 1093 for executing processes similar to the functional configuration of the analysis device 10 is stored in the hard disk drive 1090.
  • the hard disk drive 1090 may be replaced by an SSD (Solid State Drive).
  • the setting data used in the processing of the above-mentioned embodiment is stored as program data 1094, for example, in memory 1010 or hard disk drive 1090.
  • the CPU 1020 reads out the program module 1093 or program data 1094 stored in memory 1010 or hard disk drive 1090 into RAM 1012 as necessary, and executes the processing of the above-mentioned embodiment.
  • the program module 1093 and program data 1094 may not necessarily be stored in the hard disk drive 1090, but may be stored in a removable storage medium, for example, and read by the CPU 1020 via the disk drive 1100 or the like.
  • the program module 1093 and program data 1094 may be stored in another computer connected via a network (such as a LAN (Local Area Network), WAN (Wide Area Network)).
  • the program module 1093 and program data 1094 may then be read by the CPU 1020 from the other computer via the network interface 1070.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

Le dispositif d'analyse (10) selon l'invention stocke des informations de définition, qui définissent un contenu de traitement, et des informations d'association, qui sont des informations qui associent les informations de définition à des données de source de traitement. Le dispositif d'analyse (10) comprend également une unité de réception (14) et une unité de traitement (13). L'unité de réception (14) reçoit des données de format clé-valeur (par exemple, des paquets xFlow) indiquant des informations concernant le réseau en tant que données de source de traitement. L'unité de traitement (13) spécifie le contenu de traitement des données de source de traitement reçues par l'unité de réception (14) sur la base des informations d'association, et traite les données de source de traitement selon le contenu de traitement.
PCT/JP2022/043380 2022-11-24 2022-11-24 Dispositif d'analyse, procédé d'analyse et programme d'analyse WO2024111088A1 (fr)

Priority Applications (1)

Application Number Priority Date Filing Date Title
PCT/JP2022/043380 WO2024111088A1 (fr) 2022-11-24 2022-11-24 Dispositif d'analyse, procédé d'analyse et programme d'analyse

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/JP2022/043380 WO2024111088A1 (fr) 2022-11-24 2022-11-24 Dispositif d'analyse, procédé d'analyse et programme d'analyse

Publications (1)

Publication Number Publication Date
WO2024111088A1 true WO2024111088A1 (fr) 2024-05-30

Family

ID=91196028

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/JP2022/043380 WO2024111088A1 (fr) 2022-11-24 2022-11-24 Dispositif d'analyse, procédé d'analyse et programme d'analyse

Country Status (1)

Country Link
WO (1) WO2024111088A1 (fr)

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2009033215A (ja) * 2007-07-24 2009-02-12 Nippon Telegr & Teleph Corp <Ntt> Vpnユーザ管理方法、vpnサービスネットワークシステム、vpn接続サーバ、vpn転送装置およびプログラム
JP2011166375A (ja) * 2010-02-08 2011-08-25 Nippon Telegr & Teleph Corp <Ntt> アクセス制御設定装置、アクセス制御設定方法、アクセス制御設定プログラム、アクセス制御設定システム、及びアクセス制御装置
JP2012044601A (ja) * 2010-08-23 2012-03-01 Nippon Telegr & Teleph Corp <Ntt> 設定システム、設定方法、及び設定プログラム
JP2018528699A (ja) * 2015-09-11 2018-09-27 新華三技術有限公司New H3C Technologies Co., Ltd パケット処理
WO2022176035A1 (fr) * 2021-02-16 2022-08-25 日本電信電話株式会社 Dispositif de conversion, procédé de conversion et programme de conversion

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2009033215A (ja) * 2007-07-24 2009-02-12 Nippon Telegr & Teleph Corp <Ntt> Vpnユーザ管理方法、vpnサービスネットワークシステム、vpn接続サーバ、vpn転送装置およびプログラム
JP2011166375A (ja) * 2010-02-08 2011-08-25 Nippon Telegr & Teleph Corp <Ntt> アクセス制御設定装置、アクセス制御設定方法、アクセス制御設定プログラム、アクセス制御設定システム、及びアクセス制御装置
JP2012044601A (ja) * 2010-08-23 2012-03-01 Nippon Telegr & Teleph Corp <Ntt> 設定システム、設定方法、及び設定プログラム
JP2018528699A (ja) * 2015-09-11 2018-09-27 新華三技術有限公司New H3C Technologies Co., Ltd パケット処理
WO2022176035A1 (fr) * 2021-02-16 2022-08-25 日本電信電話株式会社 Dispositif de conversion, procédé de conversion et programme de conversion

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
ZEYDAN ENGIN, MANGUES-BAFALLUY JOSEP: "Recent Advances in Data Engineering for Networking", IEEE ACCESS, IEEE, USA, vol. 10, 1 January 2022 (2022-01-01), USA , pages 34449 - 34496, XP093173061, ISSN: 2169-3536, DOI: 10.1109/ACCESS.2022.3162863 *

Similar Documents

Publication Publication Date Title
CN107665191B (zh) 一种基于扩展前缀树的私有协议报文格式推断方法
JP6571883B2 (ja) フロー情報解析装置、フロー情報解析方法及びフロー情報解析プログラム
US6324637B1 (en) Apparatus and method for loading objects from a primary memory hash index
CN104063425B (zh) 通过数据库中间件查询数据的方法和数据库中间件
US9104582B1 (en) Optimized data storage
RU2608874C2 (ru) Способ и устройство для модификации и переадресации сообщения в сети передачи данных
CN112154420B (zh) 自动智能云服务测试工具
CN109948334B (zh) 一种漏洞检测方法、系统及电子设备和存储介质
EP3364627B1 (fr) Prolongateur d&#39;intelligence adaptative de session
CN111683066A (zh) 异构系统集成方法、装置、计算机设备和存储介质
US11558283B2 (en) Information collecting system and information collecting method
CN108845843A (zh) 一种函数处理方法、装置以及相关设备
WO2024111088A1 (fr) Dispositif d&#39;analyse, procédé d&#39;analyse et programme d&#39;analyse
US11838322B2 (en) Phishing site detection device, phishing site detection method and phishing site detection program
CN113204683B (zh) 信息重构方法和装置、存储介质及电子设备
WO2023144946A1 (fr) Dispositif, procédé et programme d&#39;analyse
KR20120084880A (ko) 하둡 맵리듀스에서 네트워크 패킷 분석을 위한 입력포맷
US20220400079A1 (en) Sort device, sort method, and sort program
CN113938462A (zh) 域名解析方法、装置、电子设备和存储介质
CN111597198A (zh) 一种对于异构资源接入的物联网数据查询方法及相关设备
WO2022176034A1 (fr) Dispositif de conversion, procédé de conversion et programme de conversion
US20240015049A1 (en) Transfer device, transfer method, and transfer program
WO2024024058A1 (fr) Dispositif d&#39;analyse, procédé d&#39;analyse, programme d&#39;analyse et système d&#39;analyse
US20200358706A1 (en) Computer-readable recording medium recording packet classification program, packet classification method, and information processing apparatus
US12028234B2 (en) Conversion device, conversion method, and conversion program