CN101645892B - Flow detection method and equipment - Google Patents
Flow detection method and equipment Download PDFInfo
- Publication number
- CN101645892B CN101645892B CN200910091585A CN200910091585A CN101645892B CN 101645892 B CN101645892 B CN 101645892B CN 200910091585 A CN200910091585 A CN 200910091585A CN 200910091585 A CN200910091585 A CN 200910091585A CN 101645892 B CN101645892 B CN 101645892B
- Authority
- CN
- China
- Prior art keywords
- application
- rank
- application characteristic
- flow detection
- characteristic information
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Landscapes
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The embodiment of the invention provides a flow detection method and equipment, wherein the flow detection method comprises the following steps: carrying out flow detection on application protocols corresponding to all application feature information; when detection switch conditions of the application protocols are satisfied, carrying out flow detection on the application protocols corresponding to the application feature information generated in advance in a ranking application feature library. The embodiment of the invention adopts the ranking application feature library only comprising frequently-used application feature information in partial application protocols to carry out flow detection, and therefore, resources consumed by identification flow can be reduced. Under the condition that the deploying cost is not increased, the flow detection ability can be improved, and the system resource is saved.
Description
Technical field
The embodiment of the invention relates to the detection technique field, relates in particular to a kind of flow rate testing methods and equipment.
Background technology
Traditional flow and the detection of bandwidth management are based on OSI (OpenSystem Interconnection; Be called for short: second to the 4th layer (L2-L4 layer) OSI), through IP (Internet Protocol; Be called for short: IP) the five-tuple information in packet header is carried out check and analysis, is commonly referred to " common message detects ", and wherein the five-tuple information in IP packet header comprises information such as source address, destination address, source port, destination interface and protocol type." common message detects " be the content below 4 layers of analyzing IP bag only, according to port numbers recognition application type.Some application on the current network can be adopted mode hiding or the personation port numbers to hide and detect and supervision; Cause the data flow of counterfeit legal message to corrode network; For example: the P2P downloaded software adopts dynamic negotiation port mechanism mostly, adopts " common message detects " of L2-L4 layer to analyze P2P flow and bandwidth.
For to carrying out discriminance analysis based on open port, random port or the application type that adopts cipher mode etc. to transmit, available technology adopting deep-packet detection (Deep Packet Inspection; Be called for short: DPI).The DPI technology is a kind of flow detection and control technology based on application layer, to the different protocol type, can be divided into following three types based on DPI The Application of Technology recognition technology:
The first kind is based on the recognition technology of " tagged word ": different application characteristics depends on different protocol usually; And different protocol all has its special " fingerprint ", and these " fingerprints " possibly be specific port, specific character string or specific bit (bit) sequence.
Second type is the ALG recognition technology: some professional control flows is separated with Business Stream, and Business Stream has no characteristic.ALG need identify control flows earlier, and it is resolved through certain applications layer gateway according to the agreement of control flows, from protocol contents, identifies corresponding business stream.
The 3rd type is the behavior pattern recognition technology: the behavior pattern recognition technology is analyzed based on the behavior that the terminal has been implemented, the action of judging the ongoing action of user or being about to implement.
The inventor finds that at least there is following problem in prior art in realizing process of the present invention:
Because there is remarkable drop in the flow in the network on peak and low ebb, if it is high to dispose the required cost of DPI equipment according to the top of flow, and idle at a large amount of handling property of non-peak period, the system resource of waste resource DPI equipment.
Summary of the invention
Flow rate testing methods that the embodiment of the invention provides and equipment, the ability of raising flow detection, conserve system resources.
The embodiment of the invention provides a kind of flow rate testing methods, comprising:
The application protocol corresponding to all application characteristic information carries out flow detection;
When satisfying application protocol detection switching condition, the pairing application protocol of application characteristic information in the rank application characteristic storehouse that generates is in advance carried out flow detection;
Application characteristic information in the said rank application characteristic storehouse that generates in advance is effectively to gather in the duration, and the identification fluxion satisfies the pairing application characteristic information of pre-conditioned application protocol.
The embodiment of the invention provides a kind of flow detection equipment, comprising:
Detection module is used for the corresponding application protocol of all application characteristic information is carried out flow detection;
Handover module is used for when satisfying application protocol detection switching condition, the pairing application protocol of application characteristic information in the rank application characteristic storehouse that generates in advance being carried out flow detection; Application characteristic information in the said rank application characteristic storehouse that generates in advance is effectively to gather in the duration, and the identification fluxion satisfies the pairing application characteristic information of pre-conditioned application protocol.
Description of drawings
The flow rate testing methods that provides and the equipment of the embodiment of the invention; Adopt the rank application characteristic storehouse of the application characteristic information that only comprises certain applications agreement commonly used to carry out flow detection; The resource that identification stream is consumed can be reduced, the ability of flow detection can be improved, conserve system resources.
The flow chart of the flow rate testing methods that Fig. 1 provides for the embodiment of the invention one;
The flow chart of the flow rate testing methods that Fig. 2 provides for the embodiment of the invention two;
The structural representation of the flow detection equipment that Fig. 3 provides for the embodiment of the invention three;
The structural representation of the flow detection equipment that Fig. 4 provides for the embodiment of the invention four.
Embodiment
Further specify the technical scheme of the embodiment of the invention below in conjunction with accompanying drawing and specific embodiment.
The flow chart of the flow rate testing methods that Fig. 1 provides for the embodiment of the invention one, as shown in Figure 1, this flow rate testing methods comprises:
For example in the DPI technology, flow detection equipment adopts the application characteristic information in the complete application feature database to carry out flow detection to using agreement, comprises all application characteristic information that can discern in the complete application feature database in flow detection and control technology.When new application protocol occurring, the complete application feature database is arrived in the application characteristic information updating of new application protocol, thereby guarantee to comprise all application characteristic information that to discern in the complete application feature database.
Flow detection equipment can generate rank application characteristic storehouse in advance, and the application characteristic information in the rank application characteristic storehouse that generates in advance is effectively to gather in the duration, and the identification fluxion satisfies the pairing application characteristic information of pre-conditioned application protocol.Particularly; The acquisition time section that generates rank application characteristic storehouse can be set in advance; Wherein the acquisition time section can be chosen the comparatively busy period of flow detection equipment; For example: " 18:00~24:00 " totally six hours, for example be arranged on effective collection duration required among these six hours: " 2 hours " for example can also be provided with effective identification fluxion in advance: " 1000 ", for example select ranking: " 300 ".The rank application characteristic can comprise in the storehouse: in the acquisition time section that is provided with; When continuous collecting time during more than or equal to the said effective collection duration that is provided with; Identification fluxion to the various application protocols that collect is carried out rank according to order from big to small, satisfy rank before the selection ranking that is provided with and the identification fluxion greater than the pairing application characteristic information of application protocol of the effective identification fluxion that is provided with.For example: in acquisition time section " 18:00~24:00 "; The continuous collecting time of acquisition applications agreement relevant information is " 2 hours 15 minutes "; Greater than effectively gathering duration " 2 hours "; Then this time gather effectively, the identification fluxion of the various application protocols that collect is carried out rank according to order from big to small; Rank (can comprise " 300 ") before in the selection ranking " 300 " that is provided with, and the identification fluxion satisfies the condition that generates rank application characteristic storehouse greater than the application characteristic information of the application protocol of the effective identification fluxion " 1000 " that is provided with.Suppose that rank is TCP at the application protocol of selecting name order " 300 " name; The identification fluxion is " 1030 " greater than effective identification fluxion " 1000 ", can extract rank and generate rank application characteristic storehouse in the application characteristic information of all application protocols of preceding " 300 " (comprising " 300 ").
" stream " wherein discerned in the fluxion is meant an information flow that comprises the IP packet header of five-tuple information; Five-tuple information comprises information such as source address, destination address, source port, destination interface and protocol type, and wherein protocol type for example: TCP, UDP, ICMP etc.The identification fluxion just is meant for each application protocol, detects the number of the information flow in the IP packet header of identifying that comprises five-tuple information.
The effective collection duration that in the acquisition time section that is provided with, satisfies, select ranking and effectively discern the condition of fluxion, can generate rank application characteristic storehouse.Rank application characteristic storehouse can regenerate every day, also can be set the update cycle, gathers, generates rank application characteristic storehouse periodically again according to the update cycle.In addition; When the complete application feature database for example upgrades: when in the complete application feature database new application protocol being arranged; Original rank application data base can be deleted; And when the acquisition time section begins, can gather and generate said rank application characteristic storehouse again according to the method in above-mentioned generation rank application characteristic storehouse.
Generally speaking, flow detection equipment adopts the complete application feature database to carry out flow detection.When satisfying application protocol detection switching condition, switch to the rank application characteristic storehouse that generates in advance and carry out flow detection.Flow detection equipment can be provided with the switching condition that switches to rank application characteristic storehouse from the complete application feature database in advance, and switching condition can be considered packet rate, CPU usage, memory usage, flow or retention time etc.For example: when the total flow of detected application protocol greater than the flow switching threshold that is provided with; And the time that continues is during greater than retention time of setting; Switch to the rank application characteristic storehouse that generates in advance, the pairing application protocol of application characteristic information in the rank application characteristic storehouse that generates is in advance carried out flow detection; Or; When the packet rate of detected application protocol greater than the packet rate switching threshold that is provided with; And the time that continues is during greater than retention time of setting; Switch to the rank application characteristic storehouse that generates in advance, the pairing application protocol of application characteristic information in the rank application characteristic storehouse that generates is in advance carried out flow detection; Or; When the CPU usage switching threshold of the CPU usage of detected application protocol in flow detection equipment greater than setting; And the time that continues is during greater than retention time of setting; Switch to the rank application characteristic storehouse that generates in advance, the pairing application protocol of application characteristic information in the rank application characteristic storehouse that generates is in advance carried out flow detection; Or; When the memory usage switching threshold of the memory usage of detected application protocol in flow detection equipment greater than setting; And the time that continues is during greater than retention time of setting; Switch to the rank application characteristic storehouse that generates in advance, the pairing application protocol of application characteristic information in the rank application characteristic storehouse that generates is in advance carried out flow detection.For example: the characteristic that comprises the application protocol that " 1000 " individual needs detect in the complete application feature database.If flow detection equipment adopts the complete application feature database detected flow maximum to be about " 420M ", then can be set to " 420M " by the flow switching threshold, the retention time is set to " 5 minutes ".When the total flow of flow detection equipment during greater than " 420M "; And the time that continues is greater than " 5 minutes "; Can switch to rank application characteristic storehouse, only need this moment to detect the flow of rank, can detected flow maximum be about " 500M " at the application protocol of preceding " 300 ".More than just switching condition is illustrated, switching condition can be provided with as the case may be, does not enumerate one by one at this.
In addition; When if flow detection equipment adopts the application characteristic information that comprises in the rank application characteristic storehouse to detect; Variation has taken place in switching conditions such as detected packet rate, CPU usage, memory usage, flow or retention time, possibly switch to the complete application feature database again and carry out flow detection.For example: if the total flow of detected application protocol is less than or equal to the flow switching threshold, and the time that continues greater than the retention time of setting, switch to said complete application feature database and carry out flow detection.For example: the flow switching threshold is set to " 420M "; Retention time is set to " 5 minutes "; When the total flow of flow detection equipment is less than or equal to " 420M ", and time that continues during greater than " 5 minutes ", can switch back the complete application feature database and carry out flow detection.
Therefore; If rank account in the total flow of the application protocol of preceding " 300 " all application protocols total flow 99%; Characteristic with 300 the most frequently used application protocols is carried out flow detection, and then the ability of the flow of identification can improve 15% to 20%, improves 80M approximately to 100M; Use the flow detection ability in complete application characteristic storehouse to calculate by flow detection equipment, then use the flow detection ability in rank application characteristic storehouse can bring up to " 500M " for " 420M ".If the total flow that flow detection equipment need detect at present reaches " 488M "; When flow detection equipment adopts rank application characteristic storehouse to carry out flow detection; Only can reduce by 1% stream discrimination (dropping to 68%), other " 500M ", the flow of actual identification " 483M " from 69%; And flow detection equipment is when adopting rank application characteristic storehouse to carry out flow detection, and common recognition is the flow of " 420M " not; Be equivalent to exchange for the flow detection ability of " 80M " with the unidentified flow of 5M, and the identification flow of " 63M ".
Present embodiment adopts the application characteristic information of certain applications agreement commonly used to generate rank application characteristic storehouse; Carry out flow detection according to rank application characteristic storehouse; Can reduce and detect the resource that flow consumed; Under the situation that does not increase lower deployment cost, can improve the ability of flow detection, conserve system resources.
The flow chart of the flow rate testing methods that Fig. 2 provides for the embodiment of the invention two, as shown in Figure 2, on the basis of the embodiment of the invention one, this flow rate testing methods specifically may further comprise the steps:
Flow detection equipment switches to rank application characteristic storehouse and carries out flow detection, need satisfy switching condition, and for example: whether (1) has successfully generated up-to-date rank application characteristic storehouse; (2) whether the total flow of detected flow detection equipment is greater than the flow switching threshold; (3) whether the total flow of detected flow detection equipment has surpassed the retention time greater than the duration of flow switching threshold.
If satisfy switching condition, then flow detection equipment switches to rank application characteristic storehouse, and execution in step 205, otherwise execution in step 207 continue to use complete application characteristic storehouse to carry out flow detection.Wherein switching condition except can consideration of flow rate whether greater than the flow switching threshold; Whether the value that also can consider packet rate, CPU usage, memory usage etc. greater than certain preset threshold, and according to the scene of reality for example: the DPI of fixed network, wireless network, various scenes etc. can specifically set.Associated description in the flow rate testing methods that specifically can provide with reference to the embodiment of the invention one.
Flow detection is carried out in the storehouse if flow detection equipment uses the rank application characteristic, when satisfying certain condition, also can switch back the complete application feature database and carry out flow detection.For example: when the total flow of detected flow detection equipment is less than or equal to flow switching threshold and duration when having surpassed the retention time that is provided with; Flow detection equipment switches to the complete application feature database and carries out flow detection; Execution in step 207, otherwise execution in step 205.
Present embodiment is when detected total flow is higher; Adopt the rank application characteristic storehouse of the application characteristic information that only comprises certain applications agreement commonly used to carry out flow detection; Can reduce the resource that identification stream is consumed; Under the situation that does not increase lower deployment cost, can improve the ability of flow detection, conserve system resources; And can when total flow fall after rise, can dynamically switch to the complete application feature database and carry out flow detection, detection mode is flexible, and adaptability is strong.
The structural representation of the flow detection equipment that Fig. 3 provides for the embodiment of the invention three, as shown in Figure 3, this flow detection equipment comprises: detection module 31 and handover module 32.
Wherein, detection module 31 is used for the corresponding application protocol of all application characteristic information is carried out flow detection.Handover module 32 is used for when satisfying application protocol detection switching condition, the pairing application protocol of application characteristic information in the rank application characteristic storehouse that generates in advance being carried out flow detection.
Wherein switching condition can be provided with in advance.Concrete flow rate testing methods can be with reference to the associated description of the embodiment of the invention one.
The application characteristic information of the certain applications agreement that the present embodiment generation module is high with utilization rate generates rank application characteristic storehouse; Handover module switches to rank application characteristic storehouse or complete application feature database and carries out flow detection and carry out flow detection satisfying under the situation of switching condition; Can reduce the resource that identification stream is consumed; Under the situation that does not increase lower deployment cost, improve the ability of flow detection, conserve system resources.
The structural representation of the flow detection equipment that Fig. 4 provides for the embodiment of the invention four, as shown in Figure 4, on the basis of the embodiment of the invention three, handover module 32 can comprise: the first monitoring submodule 320 and first switching submodule 321.
Wherein first monitor submodule 320, whether the total flow that is used to monitor application protocol is greater than the flow switching threshold that is provided with, and whether the time that continues is greater than the retention time of setting.First switching submodule 321; The total flow that is used for working as the application protocol that monitors is greater than the flow switching threshold that is provided with; And the time that continues is during greater than retention time of setting; Switch to the rank application characteristic storehouse that generates in advance, the pairing application protocol of application characteristic information in the rank application characteristic storehouse that generates is in advance carried out flow detection.
Perhaps handover module 32 can comprise: the second monitoring submodule 322 and second switching submodule 323.Wherein second monitor submodule 322, whether the packet rate that is used to monitor application protocol is greater than the packet rate switching threshold that is provided with, and whether the time that continues is greater than the retention time of setting.Second switching submodule 323; The packet rate that is used for working as the application protocol that monitors is greater than the packet rate switching threshold that is provided with; And the time that continues is during greater than retention time of setting; Switch to the rank application characteristic storehouse that generates in advance, the pairing application protocol of application characteristic information in the rank application characteristic storehouse that generates is in advance carried out flow detection.
Further; Flow detection equipment can also comprise: generation module 33; The rank application characteristic storehouse that is used for generating in advance, the application characteristic information in the said rank application characteristic storehouse are effectively to gather in the duration, and the identification fluxion satisfies the pairing application characteristic information of pre-conditioned application protocol.Wherein generation module 33 can comprise: gather submodule 331, rank submodule 332 and generate submodule 333.
Wherein, gather submodule 331, be used in the acquisition time section that is provided with, the identification fluxion of all application protocols being gathered.Rank submodule 332 was used for when continuous collecting time during more than or equal to the said effective collection duration that is provided with, and the identification fluxion of the various application protocols that collect is carried out rank according to order from big to small.Generate submodule 333, be used for according to satisfy rank before the selection ranking that is provided with and the identification fluxion greater than the pairing application characteristic information of application protocol of the effective identification fluxion that is provided with, generate rank application characteristic storehouse.
In addition, generation module 33 can also comprise: updating submodule 334, when being used for the acquisition time section and beginning, gather and generate said rank application characteristic storehouse again.Particularly; Be provided with in advance the acquisition time section that generates rank application characteristic storehouse, effectively gather duration, effectively discern fluxion, select the inferior information of name after; Generation module 33 according to the acquisition time section, effectively gather duration, effectively discern fluxion, select the inferior information of name; Generate rank application characteristic storehouse, the process that generates rank application characteristic storehouse can be the process of one-period property, and week for example update cycle can be set in advance; When arriving the update cycle, just can gather and generate rank application characteristic storehouse again.In addition; If the complete application feature database upgrades; When the application characteristic information of new application protocol is for example arranged; Even without arriving the update cycle, rank also can gathered and obtain to updating submodule 334 in the application characteristic information of selecting ranking and all application protocols before thereof, so that generate said rank application characteristic storehouse.
If successfully generated rank application characteristic storehouse, and satisfy the switching condition of setting, handover module 32 can determine to adopt rank application characteristic storehouse or the complete application feature database carries out flow detection.Remove aforesaid switching condition; Its switching condition also can comprise other situation; Do not limit at embodiment; For example: when the CPU usage of detected application protocol in flow detection equipment greater than the CPU usage switching threshold that is provided with, and time that continues during, switch to the rank application characteristic storehouse that generates in advance greater than retention time of setting; Perhaps, when the memory usage of detected application protocol in flow detection equipment greater than the memory usage switching threshold that is provided with, and time that continues during, switch to the rank application characteristic storehouse that generates in advance etc. greater than retention time of setting.
Wherein generate rank application characteristic storehouse, according to the concrete grammar that switching condition switches, can adopt the associated description in the embodiment of the invention one, two.
The application characteristic information of the certain applications agreement that each sub-module of present embodiment generation module is high with utilization rate generates rank application characteristic storehouse; When total flow, packet rate, CPU usage or the memory usage of flow detection equipment are too high; Switch to rank application characteristic storehouse and carry out flow detection satisfying under the situation of switching condition first, second switching submodule, when total flow, packet rate, CPU usage or the memory usage of flow detection equipment fall after rise, satisfying under the situation of switching condition; Can switch back the complete application feature database and carry out flow detection; Can reduce the resource that identification stream is consumed, under the situation that does not increase lower deployment cost, improve the ability of flow detection; Conserve system resources, and switching mode is flexible, adaptability is strong.
One of ordinary skill in the art will appreciate that: all or part of step that realizes said method embodiment can be accomplished through the relevant hardware of program command; Aforesaid program can be stored in the computer read/write memory medium; This program the step that comprises said method embodiment when carrying out; And aforesaid storage medium comprises: various media that can be program code stored such as ROM, RAM, magnetic disc or CD.
What should explain at last is: above embodiment is only in order to explaining technical scheme of the present invention, but not to its restriction; Although with reference to previous embodiment the present invention has been carried out detailed explanation, those of ordinary skill in the art is to be understood that: it still can be made amendment to the technical scheme that aforementioned each embodiment put down in writing, and perhaps part technical characterictic wherein is equal to replacement; And these are revised or replacement, do not make the spirit and the scope of the essence disengaging various embodiments of the present invention technical scheme of relevant art scheme.
Claims (9)
1. a flow rate testing methods is characterized in that, comprising:
The application protocol corresponding to all application characteristic information carries out flow detection;
When satisfying application protocol detection switching condition, the pairing application protocol of application characteristic information in the rank application characteristic storehouse that generates is in advance carried out flow detection;
Application characteristic information in the said rank application characteristic storehouse that generates in advance is effectively to gather in the duration, and the identification fluxion satisfies the pairing application characteristic information of pre-conditioned application protocol.
2. flow rate testing methods according to claim 1 is characterized in that, said identification fluxion satisfies the pairing application characteristic information of pre-conditioned application protocol, comprising:
In the acquisition time section that is provided with,, the identification fluxion of the various application protocols that collect is carried out rank according to order from big to small when continuous collecting time during more than or equal to the said effective collection duration that is provided with; Satisfy rank before the selection ranking that is provided with and the identification fluxion greater than the pairing application characteristic information of application protocol of the effective identification fluxion that is provided with.
3. flow rate testing methods according to claim 1 is characterized in that, saidly when satisfying application protocol and detect switching condition, the pairing application protocol of application characteristic information in the rank application characteristic storehouse that generates is in advance carried out flow detection, comprising:
When the total flow of detected application protocol greater than the flow switching threshold that is provided with; And the time that continues is during greater than retention time of setting; Switch to the rank application characteristic storehouse that generates in advance, the pairing application protocol of application characteristic information in the rank application characteristic storehouse that generates is in advance carried out flow detection; Or
When the packet rate of detected application protocol greater than the packet rate switching threshold that is provided with; And the time that continues is during greater than retention time of setting; Switch to the rank application characteristic storehouse that generates in advance, the pairing application protocol of application characteristic information in the rank application characteristic storehouse that generates is in advance carried out flow detection.
4. according to the arbitrary described flow rate testing methods of claim 1-3, it is characterized in that, also comprise: when the acquisition time section begins, gather and generate said rank application characteristic storehouse again.
5. a flow detection equipment is characterized in that, comprising:
Detection module is used for the corresponding application protocol of all application characteristic information is carried out flow detection;
Handover module is used for when satisfying application protocol detection switching condition, the pairing application protocol of application characteristic information in the rank application characteristic storehouse that generates in advance being carried out flow detection; Application characteristic information in the said rank application characteristic storehouse that generates in advance is effectively to gather in the duration, and the identification fluxion satisfies the pairing application characteristic information of pre-conditioned application protocol.
6. flow detection equipment according to claim 5 is characterized in that, said handover module comprises:
Whether the first monitoring submodule, the total flow that is used to monitor application protocol be greater than the flow switching threshold that is provided with, and whether the time that continues is greater than the retention time of setting;
First switching submodule; The total flow that is used for working as the application protocol that monitors is greater than the flow switching threshold that is provided with; And the time that continues is during greater than retention time of setting; Switch to the rank application characteristic storehouse that generates in advance, the pairing application protocol of application characteristic information in the rank application characteristic storehouse that generates is in advance carried out flow detection;
Perhaps comprise:
Whether the second monitoring submodule, the packet rate that is used to monitor application protocol be greater than the packet rate switching threshold that is provided with, and whether the time that continues is greater than the retention time of setting;
Second switching submodule; The packet rate that is used for working as the application protocol that monitors is greater than the packet rate switching threshold that is provided with; And the time that continues is during greater than retention time of setting; Switch to the rank application characteristic storehouse that generates in advance, the pairing application protocol of application characteristic information in the rank application characteristic storehouse that generates is in advance carried out flow detection.
7. according to claim 5 or 6 described flow detection equipment, it is characterized in that, also comprise:
Generation module, the rank application characteristic storehouse that is used for generating in advance, the application characteristic information in the said rank application characteristic storehouse is effectively to gather in the duration, the identification fluxion satisfies the pairing application characteristic information of pre-conditioned application protocol.
8. flow detection equipment according to claim 7 is characterized in that, said generation module comprises:
Gather submodule, be used in the acquisition time section that is provided with, the identification fluxion of all application protocols being gathered;
The rank submodule was used for when continuous collecting time during more than or equal to the said effective collection duration that is provided with, and the identification fluxion of the various application protocols that collect is carried out rank according to order from big to small;
Generate submodule, be used for according to satisfy rank before the selection ranking that is provided with and the identification fluxion greater than the pairing application characteristic information of application protocol of the effective identification fluxion that is provided with, generate rank application characteristic storehouse.
9. flow detection equipment according to claim 7 is characterized in that, said generation module also comprises:
Said rank application characteristic storehouse is gathered and generated to updating submodule when being used for the acquisition time section and beginning, again.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN200910091585A CN101645892B (en) | 2009-08-26 | 2009-08-26 | Flow detection method and equipment |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN200910091585A CN101645892B (en) | 2009-08-26 | 2009-08-26 | Flow detection method and equipment |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN101645892A CN101645892A (en) | 2010-02-10 |
| CN101645892B true CN101645892B (en) | 2012-09-05 |
Family
ID=41657612
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN200910091585A Active CN101645892B (en) | 2009-08-26 | 2009-08-26 | Flow detection method and equipment |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN101645892B (en) |
Families Citing this family (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104052738A (en) * | 2014-05-22 | 2014-09-17 | 汉柏科技有限公司 | IPS implementation method and system based on applications |
| CN104486143B (en) * | 2014-12-01 | 2018-07-06 | 中国联合网络通信集团有限公司 | A kind of deep message detection method, detecting system |
| WO2016185721A1 (en) * | 2015-05-21 | 2016-11-24 | 日本電気株式会社 | Packet analysis device and packet analysis method |
| CN106385402B (en) * | 2016-08-31 | 2021-07-30 | 东软集团股份有限公司 | Application identification method and device, method for sending application session table and server |
| CN109936829B (en) * | 2017-12-19 | 2021-05-14 | 中国电信股份有限公司 | Method, system and charging system for improving network disconnection precision |
| CN111953554B (en) * | 2019-05-16 | 2022-09-27 | 北京车和家信息技术有限公司 | Data traffic management method and device |
Citations (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101350765A (en) * | 2007-07-20 | 2009-01-21 | 中国科学院声学研究所 | Network flow detection method |
-
2009
- 2009-08-26 CN CN200910091585A patent/CN101645892B/en active Active
Patent Citations (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101350765A (en) * | 2007-07-20 | 2009-01-21 | 中国科学院声学研究所 | Network flow detection method |
Also Published As
| Publication number | Publication date |
|---|---|
| CN101645892A (en) | 2010-02-10 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN101645892B (en) | Flow detection method and equipment | |
| CN101695035B (en) | Flow rate identification method and device thereof | |
| CN102523137B (en) | Fault monitoring method, device and system | |
| CN103582512A (en) | Feature extraction device and network flow identification method, device and system | |
| CN108287905B (en) | Method for extracting and storing network flow characteristics | |
| CN104270275A (en) | Auxiliary analysis method for causes of exceptions, server and intelligent equipment | |
| CN106656577B (en) | The user behavior statistical method and intelligent router of a kind of APP and browser | |
| CN107704360A (en) | Processing method, equipment, server and the storage medium of monitoring data | |
| CN101867932B (en) | Harmful information filtration system based on mobile Internet and method thereof | |
| CN103631830A (en) | Method and device for detecting web spiders | |
| CN103268183A (en) | Processing method and device for information report | |
| CN113542263B (en) | Firewall policy migration method and device | |
| CN111181923A (en) | Flow detection method and device, electronic equipment and storage medium | |
| CN103685281A (en) | Network address protocol switching method and device | |
| CN104331601A (en) | Method and device for optimizing game scenes | |
| CN104281477A (en) | Automatic software deployment method for computer system | |
| CN103684851A (en) | Data acquiring method and data acquiring device | |
| CN109086149A (en) | A kind of method that micro services interface calls analysis of central issue | |
| CN110362993A (en) | Malicious process recognition methods, terminal, server, system and storage medium | |
| CN113114636A (en) | Process flow auditing method and system of controlled host | |
| CN103152340B (en) | A kind of protocol recognition method across resource access | |
| CN111884883A (en) | Quick auditing processing method for service interface | |
| CN106161403A (en) | Application program restored method, device and system | |
| CN103746968A (en) | CDN server removal method, CDN control center and system thereof | |
| CN114047881A (en) | Network data packet storage device and method based on user strategy |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| C56 | Change in the name or address of the patentee |
Owner name: HUAWEI DIGITAL TECHNOLOGY (CHENGDU) CO., LTD. Free format text: FORMER NAME: CHENGDU HUAWEI SYMANTEC TECHNOLOGIES CO., LTD. |
|
| CP01 | Change in the name or title of a patent holder |
Address after: 611731 Chengdu high tech Zone, Sichuan, West Park, Qingshui River Patentee after: HUAWEI DIGITAL TECHNOLOGIES (CHENG DU) Co.,Ltd. Address before: 611731 Chengdu high tech Zone, Sichuan, West Park, Qingshui River Patentee before: CHENGDU HUAWEI SYMANTEC TECHNOLOGIES Co.,Ltd. |
|
| TR01 | Transfer of patent right | ||
| TR01 | Transfer of patent right |
Effective date of registration: 20220831 Address after: No. 1899 Xiyuan Avenue, high tech Zone (West District), Chengdu, Sichuan 610041 Patentee after: Chengdu Huawei Technologies Co.,Ltd. Address before: 611731 Qingshui River District, Chengdu hi tech Zone, Sichuan, China Patentee before: HUAWEI DIGITAL TECHNOLOGIES (CHENG DU) Co.,Ltd. |