CN102137022A - Method for identifying information of data packet, crawler engine and network system - Google Patents

Method for identifying information of data packet, crawler engine and network system Download PDF

Info

Publication number
CN102137022A
CN102137022A CN2011100822360A CN201110082236A CN102137022A CN 102137022 A CN102137022 A CN 102137022A CN 2011100822360 A CN2011100822360 A CN 2011100822360A CN 201110082236 A CN201110082236 A CN 201110082236A CN 102137022 A CN102137022 A CN 102137022A
Authority
CN
China
Prior art keywords
application protocol
network entity
information
query source
reptile
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN2011100822360A
Other languages
Chinese (zh)
Other versions
CN102137022B (en
Inventor
何有树
唐华新
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Global Innovation Polymerization LLC
Gw Partnership Co ltd
Original Assignee
Huawei Technologies Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Huawei Technologies Co Ltd filed Critical Huawei Technologies Co Ltd
Priority to CN 201110082236 priority Critical patent/CN102137022B/en
Publication of CN102137022A publication Critical patent/CN102137022A/en
Application granted granted Critical
Publication of CN102137022B publication Critical patent/CN102137022B/en
Expired - Fee Related legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Landscapes

  • Computer And Data Communications (AREA)

Abstract

The embodiment of the invention discloses a method for identifying the information of a data packet, a crawler engine and a network system. The method for identifying the information of the data packet comprises the following steps of: establishing a corresponding relation between an application protocol and the information of a network entity using the application protocol by utilizing a crawler program of the application protocol; and sending identifying information including the corresponding relation to deep packet inspection (DPI) equipment to enable the DPI equipment to identify the application protocol to which the data packet belongs by utilizing the corresponding relation, wherein the information of the network entity using the application protocol includes the address of the network entity using the application protocol and transport layer protocol identification used by the network entity using the application protocol. By adopting the technical scheme provided by the embodiment of the invention, the recognition time and the performance cost of the DIP equipment can be reduced during identification of a code stream.

Description

Be provided for method, reptile engine and the network system of the information of recognition data bag
Technical field
The present invention relates to communication technical field, particularly a kind of method, reptile engine and network system that is provided for the information of recognition data bag.
Background technology
(Deep Packet Inspection, DPI) to be DPI equipment discern concrete application protocol under this code stream by characteristic character in the code stream or characteristic behavior to technology to deep-packet detection.Follow-uply can carry out various upper-layer service, such as charging, flow-control operation etc. according to recognition result.The network design position of DPI equipment is the same with gateway, all code streams of all users that gateway is administered all need the equipment through DPI, it is up to a million or more that number of users may reach, but need to guarantee to cause because of code stream identification the delay of code stream transmission and subsequent treatment.
Can discern code stream in order to make DPI equipment, the concrete character feature that then needs some application protocol code streams of off-line analysis, generate knowledge base according to analysis result, knowledge base is loaded on the DPI equipment, the concrete application protocol under the code stream that follow-up this knowledge base of DPI equipment utilization is determined to be received.
Prior art has following problem:
After certain application protocol upgrades in the network, the concrete character feature that needs the code stream of this application protocol after off-line analysis upgrades, and generate new knowledge base, have only and new knowledge base is loaded into the code stream of this application protocol just can be identified behind the DPI equipment, generating new knowledge base and new knowledge base is being loaded in the process of DPI equipment like this, just can not discern the code stream of this application protocol, increase the time of identification; And DPI equipment need be deciphered earlier for the code stream of some encryptions in the identifying of code stream, and then discerns according to characteristic character or characteristic behavior in the code stream after the deciphering, needs to consume a large amount of performance cost like this.
Summary of the invention
The embodiment of the invention provides a kind of method, reptile engine and network system that is provided for the information of recognition data bag, flows through DPI recognition of devices time and performance cost in the journey to reduce in identification code.
In view of this, the embodiment of the invention provides:
A kind of method that is provided for the information of recognition data bag comprises:
Utilize the reptile program of application protocol, set up the corresponding relation of the network entity information of described application protocol and the described application protocol of use;
Send the identifying information that comprises described corresponding relation to deep-packet detection DPI equipment, make the affiliated application protocol of the described corresponding relation recognition data of described DPI equipment utilization bag;
Wherein, use the network entity information of described application protocol to comprise: the address and the employed transport layer protocol sign of the network entity that uses described application protocol of using the network entity of described application protocol.
A kind of web crawlers comprises:
Set up the unit, be used to utilize the reptile program of application protocol, set up the corresponding relation of the network entity information of described application protocol and the described application protocol of use;
Transmitting element is used for sending the identifying information that comprises described corresponding relation to DPI equipment, makes the affiliated application protocol of the described corresponding relation recognition data of described DPI equipment utilization bag;
Wherein, use the network entity information of described application protocol to comprise: the address and the employed transport layer protocol sign of the network entity that uses described application protocol of using the network entity of described application protocol.
A kind of network system comprises: above-mentioned web crawlers and deep-packet detection DPI equipment, wherein, DPI equipment is used to receive the described identifying information that described web crawlers sends, and utilizes the affiliated application protocol of described corresponding relation recognition data bag.
Utilize the reptile program of application protocol to set up this application protocol in the embodiment of the invention and use the corresponding relation of information of the network entity of this application protocol, and send to DPI equipment, make the affiliated application protocol of this corresponding relation recognition data bag of DPI equipment utilization, like this, DPI equipment does not just need decrypted data packet, reduced performance cost, DPI equipment is also without the concrete character feature of the code stream of this application protocol of off-line analysis, the time of having reduced code stream identification.
Description of drawings
In order to be illustrated more clearly in the technical scheme of the embodiment of the invention, to do to introduce simply to the accompanying drawing of required use among the embodiment below, apparently, accompanying drawing in describing below only is some embodiments of the present invention, for those of ordinary skills, under the prerequisite of not paying creative work, can also obtain other accompanying drawing according to these accompanying drawings.
Fig. 1 be one embodiment of the invention provide be provided for the method flow diagram of the information of recognition data bag to DPI equipment;
Fig. 2 A be another embodiment of the present invention provide be provided for the method flow diagram of the information of recognition data bag to DPI equipment;
Fig. 2 B is the schematic diagram that reptile engine that another embodiment of the present invention provides obtains Peer information;
Fig. 3 be further embodiment of this invention provide be provided for the method flow diagram of the information of recognition data bag to DPI equipment;
Fig. 4 is the method flow diagram of application protocol under the DPI device identification data bag that provides of the embodiment of the invention;
Fig. 5 is the schematic diagram of the identification application protocol that provides of the embodiment of the invention;
Fig. 6 be application protocol that the embodiment of the invention provides when being the non-DHT agreement of Bittorent the reptile engine obtain the method flow diagram of Peer information;
Fig. 7 be application protocol that the embodiment of the invention provides when being Bittorent DHT agreement the reptile engine obtain the method flow diagram of Peer information;
Fig. 8 is the shared schematic diagram of a kind of identifying information that the embodiment of the invention provides;
Fig. 9 is the shared schematic diagram of another kind of identifying information that the embodiment of the invention provides;
Figure 10 is a kind of web crawlers structure chart that the embodiment of the invention provides;
Figure 11 is the another kind of web crawlers structure chart that the embodiment of the invention provides;
Figure 12 is another web crawlers structure chart that the embodiment of the invention provides;
Figure 13 is a kind of network architecture figure that the embodiment of the invention provides;
Figure 14 is the another kind of network architecture figure that the embodiment of the invention provides.
Embodiment
Consult Fig. 1, the embodiment of the invention provides a kind of and is provided for the method for the information of recognition data bag to DPI, and it comprises:
101, utilize the reptile program of application protocol, set up the corresponding relation of the network entity information of described application protocol and the described application protocol of use.
Wherein, the executive agent of this embodiment can be the reptile engine, and this reptile engine can be positioned on the DPI equipment, also can be positioned at the self-existent equipment of DPI equipment on, do not influence realization of the present invention.
Wherein, the information of described network entity comprises: the employed transport layer protocol sign of the address of described network entity and described network entity.The address of described network entity comprises: the IP address and the port numbers of network entity; Perhaps, the address of described network entity comprises: the domain name of described network entity.Wherein, described application protocol and use the corresponding relation of the network entity information of described application protocol specifically can be: the sign of application protocol and use the corresponding relation of the network entity information of described application protocol.Wherein, the sign of application protocol can be the title of the ID or the application protocol of application protocol.
Concrete, each network entity in the network can adopt different application protocols, also can adopt identical application protocol by a plurality of network entities, the corresponding reptile program of each application protocol, the reptile program that different application protocols is corresponding different, the reptile program of concrete application protocol can have: BT program, eDonkey program, QQ program etc.
This step can realize by following dual mode:
First kind of mode: the network entity of the reptile program of the application protocol in the reptile engine sequence call reptile collection of programs in network sends probe request message, up to receiving till expression that described network entity returns surveys successful response message, set up the corresponding relation of the information of the employed application protocol of probe request message of corresponding response message and described network entity.
Wherein, the reptile program that multiple application protocol is arranged in the reptile collection of programs, such as BT program, eDonkey program, QQ program etc., the network entity of reptile program in network of each application protocol of reptile engine sequence call surveyed, and whether uses this application protocol to survey this network entity.If this network entity uses certain application protocol, network entity receives the reptile engine and utilizes after the probe request message that the reptile program of this application protocol sends, and can represent to survey successful response message to the reptile engine feedback.
Preferably, adopt under the situation of this implementation, before this step, can also comprise: the information of the network entity of the needs identification application protocol that reptile engine reception DPI equipment sends; Wherein, the described network entity that need discern application protocol is the network entity that DPI equipment fails to identify used application protocol.Then in this step, the reptile program of application protocol sends probe request message to this network entity that need discern application protocol in the reptile engine sequence call reptile collection of programs, up to receiving till expression that this network entity that need discern application protocol returns surveys successful response message.
The second way comprises the steps:
A, definite network entity as query source; Wherein, this network entity as query source uses described application protocol.
B, utilize the reptile program of application protocol to obtain the information of the network entity related from this query source with this query source; Wherein, the network entity related with this query source is for using this application protocol and having the network entity of same asset with this query source.
Wherein, the network entity that has a same asset with this query source can be a network entity of sharing same file with this query source.Such as, download the network entity of identical file with this query source, perhaps, this query source is being uploaded a file, downloads the network entity of this document that this query source uploads.
C, do not do query source in will the network entity related with query source network entity as the query source of upgrading, when not reaching the poll-final condition, return execution in step B, the query source among this moment described step B is the query source of described renewal; When reaching the poll-final condition, set up the corresponding relation of the described application protocol and the information of the network entity that uses described application protocol.Wherein, use the network entity of described application protocol to comprise: the network entity in the steps A, and the network entity that gets access among the step B as query source.
Wherein, the poll-final condition can be that the network entity number that gets access to has reached predetermined number, perhaps timer expiry, and the time (promptly carrying out the time of above-mentioned steps A, B and C) of promptly carrying out query manipulation has surpassed preset time.
Wherein, can be the network entity of this application protocol of use of being scheduled to as the network entity of query source in the steps A; Also can be the network entity that from the seed file of specific resources, extracts and use this application protocol, perhaps, tracked and the network entity that use this application protocol of tracker Tracker that extracts from the seed file of specific resources; Certain network entity of reptile program trial in network that also can be the application protocol in the reptile engine sequence call reptile collection of programs sends probe request message, up to receiving till expression that this network entity returns surveys successful response message, after determining the employed application protocol of probe request message that should response message is the employed application protocol of this network entity, with this network entity as query source; It also can be DPI equipment notice reptile engine, concrete, DPI equipment receives after certain packet, can utilize deep packet inspection technical to determine application protocol under this packet, set up the mapping relations of the source end of this packet and/or destination and this application protocol identification and send to the reptile engine; The reptile engine is according to the mapping relations that DPI equipment sends, and determines that the pairing network entity of application protocol identification in the described mapping relations is the network entity as query source.Wherein, DPI equipment utilization deep packet inspection technical determines that the application protocol under this packet is specifically as follows: DPI equipment utilization feature identification mode, behavior RM, heuristic RM or related RM are discerned the application protocol under this packet.Wherein, adopt the specific implementation of feature identification mode, behavior RM, heuristic RM or related RM recognition data bag type of service not repeat them here with reference to existing scheme.
Wherein, the application protocol reptile program that is suitable for this mode is the application protocol reptile program that is applicable to point-to-point, such as: BT program, eDonkey program etc.
102, send the identifying information that comprises described corresponding relation to DPI equipment, make the affiliated application protocol of the described corresponding relation recognition data of described DPI equipment utilization bag.
Wherein, described identifying information also comprises: the aging suggestion time of described corresponding relation, make this DPI equipment after the aging suggestion time of this corresponding relation arrives, it is invalid to control this corresponding relation, such as, directly with this corresponding relation deletion etc., make after the aging suggestion time of this corresponding relation arrives, DPI equipment can not be again according to the application protocol under this corresponding relation specified data bag.
Wherein, the network entity in the embodiment of the invention can be peer-to-peer network entity (Peer), also can be other network entity, does not influence realization of the present invention.
Utilize the reptile program of application protocol to set up the sign of this application protocol in the embodiment of the invention and use the corresponding relation of information of the network entity of this application protocol, and send to DPI equipment, make the affiliated application protocol of this corresponding relation recognition data bag of DPI equipment utilization, like this, DPI equipment does not just need decrypted data packet, reduced performance cost, DPI equipment has reduced the time of code stream identification also without the concrete character feature of the code stream of this application protocol of off-line analysis.
In order to make technique scheme of the present invention clearer, following embodiment is that peer (peer-to-peer network entity) is example with the network entity, and the method that is provided for the information of recognition data bag to DPI provided by the invention is described in detail, and it specifically comprises:
Reptile engine in 201A, the DPI equipment determines that the peer-to-peer network entity as query source is Peer1, utilizes the reptile program of application protocol to send inquiry request message to Peer1.
The reptile engine is preserved the promising reptile program of developing without application protocol among this embodiment, when needs visit Peer, according to the definite peer-to-peer network entity of predetermined information as query source, call the reptile program of application protocol, send query requests to this query source.Wherein, predetermined information can be the corresponding specifically information of the query source of application protocol of being scheduled to, such as, the query source that can be scheduled to corresponding this agreement of Bittorent_DHT is Peer1, then predetermined information can be address information and the applied transport layer protocol of this Peer1 of this Peer1.
Optionally, the information that also can report according to the identification engine of DPI equipment of the reptile engine in the DPI equipment is determined the peer-to-peer network entity as query source.Concrete, identification engine in the DPI equipment receives after certain packet, utilize deep packet inspection technical to determine the application protocol that this packet is affiliated, set up the mapping relations of the source end of this packet and/or destination and this application protocol identification and send to the reptile engine, the reptile engine with this application protocol identification pairing source end and/or destination in these mapping relations as query source.
202A, Peer1 send query response message to the reptile engine, and it comprises: the information of the Peer related with Peer1.
Wherein, the information of the Peer related with Peer1 comprises: with the address information of the related Peer of Peer1 and with the related employed transport layer protocol of Peer of Peer1, wherein, the address information of this Peer can comprise IP address and port numbers, perhaps comprises domain name etc.
Wherein, the Peer related with Peer1 be for using this application protocol and have the Peer of same asset with this Peer1, such as having identical media resource, concrete as, with this Peer1 at the Peer that downloads same film.The supposition Peer related with Peer1 is Peer2 and Peer3 among this embodiment.
Reptile engine in 203A, the DPI equipment as query source, utilizes the reptile program of this application protocol to send inquiry request message to Peer2 Peer2.
204A, Peer2 send query response message to the reptile engine, and it comprises: the information of the Peer related with Peer2, wherein, the Peer related with Peer2 is for using this application protocol and having the Peer of same asset with this Peer2.
205A, reptile engine as query source, utilize the reptile program of this application protocol to send inquiry request message to Peer3 Peer3.
206A, Peer3 send query response message to the reptile engine, and it comprises: the information of the Peer related with Peer3, wherein, the Peer related with Peer3 is for using this application protocol and having the Peer of same asset with this Peer3.
Need to prove, step 203A and step 204A are that order is carried out, and step 205A and step 206A are that order is carried out, but the sequencing on not having between step 203A-step 204A and the step 205A-step 206A to carry out, also can carry out side by side, not influence realization of the present invention.
Reptile engine in 207A, the DPI equipment judges whether to reach the poll-final condition, if not, and execution in step 208A, if, execution in step 210A.
Wherein, judging whether to reach the poll-final condition can be whether the number of judging the Peer of this application protocol of use that inquires satisfies predetermined number, judges perhaps whether timer is overtime, and promptly whether the query manipulation time has reached preset time.
Before this step, the reptile engine is when the query response message that returns according to each query source, when determining among the Peer of this application protocol of use of each query source feedback the node of repetition to be arranged, remove the Peer that repeats among the Peer of this application protocol of use of each query source feedback, then above-mentioned " Peer of this application protocol of use that inquires " that judges do not comprise the Peer of this repetition.
Wherein, this step be from each Peer related with Peer2 and with related each Peer of Peer3 remove the Peer of repetition.Wherein, invalid Peer removes among the Peer of this application protocol of use that this step also can be fed back each query source, and wherein invalid Peer can be the current node that is in malfunction.
Behind the Peer that reptile engine in 208A, the DPI equipment repeats in the Peer of this application protocol of use that removes each query source feedback, as the query source of upgrading, utilize the reptile program of this application protocol to send inquiry request message remaining Peer to the query source of upgrading.
This embodiment supposition Peer related with Peer2 is Peer4, Peer5 and Peer6, and the Peer related with Peer3 is Peer5, Peer6, and then the query source in the step 208 is Peer4, Peer5 and Peer6.
Reptile engine in 209A, the DPI equipment can receive the query response message at this inquiry request message, and it comprises the information of the Peer related with the query source of above-mentioned renewal, returns execution in step 207A.
Wherein, the information of the Peer related with the query source of above-mentioned renewal is: use this application protocol and have address and the employed transport layer protocol of this Peer of the Peer of same asset with the query source of above-mentioned renewal.
The identification engine of reptile engine in 210A, the DPI equipment in DPI equipment reports identifying information, and this identifying information comprises: use the information of Peer of this application protocol and the corresponding relation of application protocol identification.
Wherein, use the information of the Peer of this application protocol to comprise: the address and the employed transport layer protocol of Peer that uses this application protocol of using the Peer of this application protocol.
Wherein, can also preserve the pairing aging suggestion time of each application protocol on the reptile engine in the DPI equipment, so, in this step, the reptile engine can also comprise to this identifying information that the identification engine reports: the aging suggestion time, when aging aging this corresponding relation of suggestion time representation is.Change after suggestion time arrives at this, this uses the corresponding relation of the information of Peer of this application protocol and this application protocol identification no longer valid.
Identification engine in 211A, the DPI equipment receives and preserves the identifying information that the reptile engine sends.
Fig. 2 B shows the schematic diagram that the pairing reptile engine of above-mentioned Fig. 2 A illustrated embodiment obtains Peer information, wherein, suppose that Peer1 is the query source of being scheduled to, " 1 " expression phase I query manipulation among Fig. 2 B, promptly inquire about Peer1, the resulting Peer related with Peer1 of inquiry Peer1 is Peer2 and Peer3; " 2 " expression second stage query manipulation is promptly inquired about Peer2 and Peer3, and wherein, the resulting Peer related with Peer2 of inquiry Peer2 is Peer4, Peer5 and Peer6, and the resulting Peer related with Peer3 of inquiry Peer3 is Peer4 and Peer5; " 3 " expression phase III query manipulation is promptly inquired about Peer4, Peer5 and Peer6.
Optionally, the reptile engine is Peer that is virtually reality like reality, after the information that from inquiry response, gets access to certain Peer, this reptile engine just can be simulated this Peer, initiatively the information with this Peer offers other Peer, also can be after receiving the association requests of other Peer, the information of this Peer is offered other Peer.
Utilize the reptile program of application protocol in the embodiment of the invention, get access to the Peer information that is associated with this query source from network entity as query source, and then the query source that the conduct that will get access to is upgraded is obtained the Peer information that is associated with the query source of upgrading again, in this way, get access to the Peer information of using this application protocol in the network, with the sign of this application protocol with use the corresponding relation of the Peer information of this application protocol to send to identification engine in the DPI equipment, make the identification engine in the DPI equipment utilize the affiliated application protocol of this corresponding relation recognition data bag, like this, DPI equipment does not just need decrypted data packet, reduce performance cost, DPI equipment has reduced the time of code stream identification also without the concrete character feature of the code stream of this application protocol of off-line analysis.
Consult Fig. 3, to be the another kind that provides of the embodiment of the invention be provided for the method for the information of recognition data bag to DPI to following embodiment, and this method specifically comprises:
301, after the identification engine in the DPI equipment receives packet, the local application protocol identification of preserving of inquiry and the corresponding relation of network entity information, if according to the corresponding relation of being preserved, can not determine the pairing application protocol identification of network entity of this packet correspondence, then the reptile engine in DPI equipment sends the network entity information of this packet correspondence, wherein, the pairing network entity of this packet is the network entity that needs the identification application protocol.
Wherein, the pairing network entity of this packet can be the source end and/or the destination of this packet.
Optionally, identification engine in the DPI equipment also can be according to the corresponding relation of being preserved, after can not determine the pairing application protocol identification of network entity of this packet correspondence, can adopt deep packet inspection technical to discern the affiliated application protocol of this packet, promptly discern according to characteristic character in this packet or characteristic behavior etc., if can not successfully discern the application protocol under this packet in the given time, then the reptile engine in DPI equipment sends the network entity information of this packet correspondence.
302, the reptile program of application protocol sends probe request message to the network entity of needs identification application protocol in the reptile engine sequence call reptile collection of programs in the DPI equipment, up to receiving till expression that this network entity returns surveys successful response message.
Such as, the BT program that reptile engine in the DPI equipment can call in the reptile collection of programs sends probe request message to the network entity of needs identification application protocol, if receive the successful response message of expression detection that this network entity that need discern application protocol sends, then carry out follow-up 303; If do not receive the successful response message of expression detection that this network entity that need discern application protocol sends, then continue to call the QQ program and send probe request message, till successful response message is surveyed in the expression that receives this network entity that need discern application protocol transmission to the network entity of needs identification application protocol.
303, the reptile engine in the DPI equipment is set up the corresponding relation of sign and the information of the network entity that needs the identification application protocol of the employed application protocol of probe request message of corresponding response message.
Continuous above-mentioned example, if call the QQ program when the network entity of needs identification application protocol sends probe request message, successful response message is surveyed in the expression that the network entity that receiving needs the identification application protocol sends, then set up the corresponding relation of QQ program identification and the information of the network entity that needs the identification application protocol, promptly set up QQ program identification and the address of the network entity that needs the identification application protocol and the corresponding relation of its employed transport layer protocol sign.
304, the identification engine of the reptile engine in the DPI equipment in DPI equipment sends identifying information, comprises this corresponding relation in this identifying information, optionally, can also comprise the aging suggestion time of this corresponding relation in this identifying information.
The network entity that the reptile program of application protocol is discerned application protocol to needs in the sequence call reptile collection of programs in the embodiment of the invention sends probe request message, up to receiving till expression that this network entity returns surveys successful response message, set up the corresponding relation of this network entity information and the employed application protocol identification of probe request message of corresponding response message and send to DPI equipment, make the identification engine in the DPI equipment utilize the affiliated application protocol of this corresponding relation recognition data bag, like this, DPI equipment does not just need decrypted data packet, reduced performance cost, DPI equipment has reduced the time of code stream identification also without the concrete character feature of the code stream of this application protocol of off-line analysis.
Fig. 4 shows the method for application protocol under a kind of DPI device identification data bag that the embodiment of the invention provides, wherein, the network entity among this embodiment can be Peer (peer-to-peer network entity) it comprise:
401, the identification engine in the DPI equipment receives packet, carries five-tuple in this packet.
This five-tuple comprises: the port numbers of the IP address of source network entity, the IP address of purpose network entity, source network entity, the port numbers of purpose network entity and transport layer protocol sign.
Wherein, source network entity is to send the network entity of this packet, and the purpose network entity is the network entity that receives this packet.
402, the identification engine in the DPI equipment is determined the employed application protocol of this packet according to the corresponding relation of having preserved.
Wherein, the corresponding relation of having preserved comprises: the sign of application protocol and use the corresponding relation of information of the network entity of this application protocol, wherein, use the information of the network entity of this application protocol to comprise: the address of using the network entity of this application protocol, with the employed transport layer protocol sign of this network entity, the address of network entity comprises the IP address and the port numbers of this network entity.
Concrete, this step compares the information of five-tuple and network entity, if it is identical that the transport layer protocol in the information of network entity sign and transport layer protocol in the five-tuple identify represented transport layer protocol, and, if the IP address and the port numbers of the source network entity in the address of network entity and the five-tuple are identical, perhaps IP address and the port numbers with the purpose network entity is identical, determines that then the application protocol that this packet uses is the pairing application protocol of this network entity in this corresponding relation.
Need to prove, if it is inequality that the transport layer protocol in sign of the transport layer protocol in the information of network entity and the five-tuple identifies represented transport layer protocol, perhaps, if the IP address of source network entity in the address of network entity and the five-tuple and purpose network entity and port numbers are all inequality, then can identify the application protocol that this packet is suitable for according to characteristic character in the packet or characteristic behavior, concrete how identification according to the characteristic character in the packet or characteristic behavior is general knowledge known in this field, do not repeat them here.
In order to make technique scheme clearer, following giving an actual example describes: the corresponding relation that supposition identification engine has been set up is:
TCP?192.168.0.1:5566<-->Bittorent_DATA?1800;
UDP?192.168.0.1:5566<-->Bittorent_DHT_Control?1801;
UDP?192.168.0.16:5566<-->Bittorent_DHT_Control?1801;
TCP?192.168.0.16:5566<-->Bittorent_DATA?1800;
Wherein, TCP and UDP are the title of transport layer protocol; Bittorent_DATA, DHT_Control are respectively the title of application protocol, and 1800,1801 are respectively the ID of application protocol.
Suppose that the employed transport layer protocol of the network entity that carries in the packet that receives is a Transmission Control Protocol, source network entity IP address is 192.168.0.16, and port numbers is 5566; Then discern engine according to the corresponding relation set up, the ID that the application protocol name that finds this network entity correspondence is called Bittorent_DATA, application protocol is 1800.
Need to prove that above-mentioned identification engine and reptile engine can be deployed on the same equipment, promptly on the DPI equipment, also can be deployed on the different equipment that promptly discern engine and be deployed on the DPI equipment, the reptile engine is deployed on the different equipment.When the identification engine was deployed on the different equipment with the reptile engine, both can be arranged in consolidated network, also can be deployed in the different networks.Can dispose identification engine and reptile engine according to some particularity demands, such as, because the identification engine can be deployed on the DPI equipment, and DPI equipment also has the function of deciphering to encrypted packets, if DPI is deployed in the machine room of operator, may collect the sensitive information of some operators, therefore some operator does not allow the DPI equipment external network of access operator privately, prevent the outside reveal sensitive information of DPI equipment, in this case, if DPI equipment wants to collect the information of reptile engine, just need be deployed in the external network of operator.
Need to prove that agreements such as Bittorent can be subdivided into a plurality of sub-protocols, such as the non-DHT of Bittorent (Distributed Hash Table, distributed hashtable) agreement and Bittorent DHT agreement.Following two embodiment are respectively the non-DHT of Bittorent (Distributed Hash Table with the application protocol, distributed hashtable) agreement, with Bittorent DHT agreement be example, describe the reptile engine respectively and obtain Peer information and report the process of identifying information to the identification engine.
Consult Fig. 6, this embodiment is that the non-DHT agreement of Bittorent, network entity are that Peer (map network entity) describes the process that the reptile engine obtains Peer information and reports identifying information to the identification engine for example with the application protocol, search for Peer information based on specific resources among this embodiment, specific resources can be a predetermined configurations, also can obtain from other equipment, wherein, obtain Peer information and to identification engine report the process of identifying information specifically to comprise:
601, the reptile engine utilizes the reptile program of application protocol, creates searching request, utilizes this searching request search specific resources, searches the seed file of this specific resources.
Wherein, specific resources can be a video resource, such as film foundation great cause, also can be audio resource, does not influence realization of the present invention.
602, the reptile engine extracts Tracker information and Peer information by resolving seed file, and Peer information is write the Peer tabulation.
Wherein, the Peer information of extracting in this step is the information of the Peer of this application protocol of use.Concrete, Peer information comprises: the employed transport layer protocol sign of the address of Peer and this Peer.
603, the reptile engine utilizes the reptile program creation query requests of application protocol, according to the Tracker information of extracting, send query requests to corresponding Tracker, Tracker returns inquiry response to the reptile engine, and it comprises: use this application protocol and address and the employed transport layer protocol sign of this Peer of the Peer that tracked by this Tracker.
Optionally, in this step, the reptile engine can also be judged the validity of the inquiry response that receives, when inquiry response is effective, and execution in step 605, otherwise process ends.Wherein, the reptile engine judges that the concrete mode of the validity of the inquiry response receive can be: the message format that passes through the inquiry response that received judges whether this inquiry response is effective; Also can be to judge by the content in the received inquiry response whether this inquiry response is effective; Also can be to judge according to the interaction flow of query requests and inquiry response whether this inquiry response is effective, can also judge that whether this inquiry response is effective, do not influence realization of the present invention by other modes.
604, the reptile engine with the Peer that extracts in the step 602 as query source, utilize the reptile program creation query requests of application protocol, send query requests to Peer as query source, this Peer returns inquiry response to the reptile engine, and it comprises: the address of the Peer related with this Peer and employed transport layer protocol thereof.
Wherein, the Peer related with this Peer is for using this application protocol and having the Peer of same asset with this Peer.
Optionally, in this step, the reptile engine can also be judged the validity of the inquiry response that receives, and when inquiry response was effective, the address of follow-up Peer that again will be related with this Peer and employed transport layer protocol write the Peer tabulation.Wherein, the reptile engine is judged and not to be repeated them here identical in concrete mode and the step 603 of validity of the inquiry response receive.
605, the reptile engine removes in step 603, the step 604 information of the Peer that repeats and the information of invalid Peer, and remaining Peer information is write the Peer tabulation.
606, the reptile engine judges whether the quantity of the Peer that is write in the Peer tabulation has reached threshold value, if, carry out 608, if not, carry out 607;
607, the reptile engine as the query source of upgrading, returns above-mentioned remaining Peer (being effective Peer) to execution in step 604, utilizes the reptile program creation query requests of application protocol, sends query requests to the query source of upgrading.
608, the reptile engine sends identifying information to the identification engine, comprises in the identifying information: the Peer information in the Peer tabulation, the sign and the aging suggestion time of application protocol.
Wherein, the Peer information in the Peer tabulation comprises: the employed transport layer protocol sign of the address of Peer and this Peer.
Wherein, the step of this step and front can realize in same thread, also can realize in different threads or process, does not influence realization of the present invention.
Consult Fig. 7, this embodiment is that to be Peer (map network entity) describe the reptile engine for example obtains Peer information and report the process of identifying information to comprise to the identification engine for Bittorent DHT agreement, network entity with the application protocol:
701, the reptile engine utilizes the reptile program creation query requests of application protocol, sends query requests to known Peer, and this Peer returns inquiry response to the reptile engine, and it comprises: the information of the Peer related with this Peer.
Wherein, related with this Peer Peer is: use this application protocol and have the Peer of same asset with this Peer; The information of the Peer related with this Peer comprises: with the address of the related Peer of this Peer and with the related employed transport layer protocol sign of Peer of this Peer.
Wherein, known Peer is predetermined Peer in this step, carry in the query response message that perhaps receives effectively and be not the Peer of query source.Wherein, Yu Ding Peer is the Peer of the query source of this Bittorent DHT agreement of conduct of being scheduled to.
Optionally, the reptile engine receives after the inquiry response, can judge the validity of inquiry response, and when this inquiry response was effective, wherein, the corresponding description with the foregoing description of mode of the validity of judgement inquiry response was identical, does not repeat them here.When this inquiry response is effective, carry out subsequent step again.
702, the reptile engine removes the information of Peer invalid in the step 701, and remaining effective Peer address information is write the Peer tabulation.
703, the reptile engine judges whether the quantity of the Peer that is write in the Peer tabulation has reached threshold value, if, carry out 705, if not, carry out 704.
704, the reptile engine with among the Peer of inquiry response feedback effectively and the Peer that did not do query source as the query source of upgrading, return execution in step 701 and utilize the reptile program creation query requests of application protocol, send query requests to the query source of upgrading.
705, the reptile engine sends identifying information to the identification engine, comprises in the identifying information: the Peer information in the Peer tabulation, the sign and the aging suggestion time of application protocol.
Wherein, the step of this step and front can realize in same thread, also can realize in different threads or process, does not influence realization of the present invention.
Optionally, the identification engine gets access to after the identifying information, it can be shared to other identification engines and use, wherein, identifying information comprises: the corresponding relation of the information of the network entity of the sign of application protocol and this application protocol of use, this identifying information can also comprise: the aging suggestion time of this corresponding relation.Concrete, following two kinds of sharing modes can be arranged:
1, the identification engine in each DPI equipment reports information sharing control centre with identifying information, obtains this identifying information for the identification engine in other DPI equipment from this information sharing control centre, as shown in Figure 8.
2, the identification engine in each DPI equipment is announced identifying information each other, as shown in Figure 9.
Wherein, the identification engine in the DPI equipment can obtain identifying information in the following way: first kind of mode: the identifying information that the reptile engine sends to the identification engine, described in the various embodiments described above; The second way: the identification engine in the DPI equipment identifies the application protocol that this packet is suitable for according to characteristic character in the packet or characteristic behavior, the record identifying information, it comprises: the sign of this application protocol and transmission and/or receive the corresponding relation of information of the network entity of this packet.Optionally, this identifying information can also comprise: the aging suggestion time.
Consult Figure 10, the embodiment of the invention provides a kind of web crawlers, and it comprises:
Set up unit 50, be used to utilize the reptile program of application protocol, set up the corresponding relation of the network entity information of described application protocol and the described application protocol of use;
Transmitting element 60 is used for sending the identifying information that comprises described corresponding relation to DPI equipment, makes the affiliated application protocol of the described corresponding relation recognition data of described DPI equipment utilization bag; Wherein, use the network entity information of described application protocol to comprise: the address and the employed transport layer protocol sign of the network entity that uses described application protocol of using the network entity of described application protocol.
Wherein,, do not repeat them here referring to the associated description under the method embodiment step 101 for the description of information of network entity etc.
Utilize the reptile program of application protocol to set up this application protocol in the embodiment of the invention and use the corresponding relation of information of the network entity of this application protocol, and send to DPI equipment, make the affiliated application protocol of this corresponding relation recognition data bag of DPI equipment utilization, like this, DPI equipment does not just need decrypted data packet, reduce performance cost, DPI equipment is also without the concrete character feature of the code stream of this application protocol of off-line analysis, the time of having reduced code stream identification.
Consult Figure 11, in one embodiment, set up unit 50 and specifically comprise: query source determining unit 51 is used for definite network entity as query source; Wherein, described network entity as query source uses described application protocol; Query unit 52 is used to utilize the reptile program of application protocol to obtain the information of the network entity related with described query source from described query source; Wherein, the network entity related with described query source is for using described application protocol and having the network entity of same asset with described query source; With query source updating block 53, be used for when not reaching the poll-final condition, the network entity of not doing query source in the network entity that will be related with described query source is as the query source of upgrading, the query source of described renewal is sent to described query unit, trigger described query unit and utilize the reptile program of application protocol to obtain the information of the network entity related from network entity with the query source of described renewal as the query source of upgrading; Corresponding relation is set up unit 54, be used for when reaching the poll-final condition the corresponding relation of setting up that the information of the network entity that described application protocol and described query unit get access to and described query source determining unit determine as the information of the network entity of query source.Concrete, query source determining unit 51, be used for according to the network entity information of DPI equipment transmission and the mapping relations of application protocol identification, determine that the pairing network entity of application protocol identification in the described mapping relations is the network entity as query source, wherein, described DPI equipment is to utilize the definite network entity information of deep packet inspection technical and the mapping relations of application protocol identification.Perhaps, query source determining unit 51 determines that extract and network entity that use this application protocol is the network entity as query source from the seed file of specific resources; Perhaps, query source determining unit 51 determines that tracked and the network entity that use this application protocol of the tracker Tracker that extracts from the seed file of specific resources is the network entity as query source.
This execution mode utilizes the reptile program of application protocol by order, get access to the Peer information that is associated with this query source from query source, and then the query source that the conduct that will get access to is upgraded again, obtain the Peer information that is associated with the query source of upgrading again, in this way, get access to the Peer information of using this application protocol in the network, with this application protocol with use the corresponding relation of the Peer information of this application protocol to send to identification engine in the DPI equipment, make identification engine in the DPI equipment utilize application protocol under this corresponding relation recognition data bag.
Consult Figure 12, in another embodiment, setting up unit 50 specifically comprises: call unit 56, the network entity of the reptile program that is used for sequence call reptile collection of programs application protocol in network sends probe request message, up to receiving till expression that described network entity returns surveys successful response message; Corresponding relation is set up unit 57, is used to set up the corresponding relation of the information of the employed application protocol of probe request message of corresponding response message and described network entity.In this mode, this web crawlers also comprises: receiving element 61 is used to receive the information of the network entity of the needs identification application protocol that DPI equipment sends; Call unit 56, the reptile program that is used for sequence call reptile collection of programs application protocol sends probe request message to the network entity of described needs identification application protocol, up to receiving till expression that the described network entity that needs the identification application protocol returns surveys successful response message.This execution mode sends probe request message by the reptile program of application protocol in the sequence call reptile collection of programs to the network entity of needs identification application protocol, up to receiving till expression that this network entity returns surveys successful response message, set up the corresponding relation of this network entity information and the employed application protocol of probe request message of corresponding response message and send to DPI equipment, make identification engine in the DPI equipment utilize application protocol under this corresponding relation recognition data bag.
In this embodiment, reptile program by application protocol in the sequence call reptile collection of programs sends probe request message to the network entity of needs identification application protocol, up to receiving till expression that this network entity returns surveys successful response message, set up the corresponding relation of this network entity information and the employed application protocol of probe request message of corresponding response message and send to DPI equipment, make identification engine in the DPI equipment utilize application protocol under this corresponding relation recognition data bag.
Consult Figure 13, the embodiment of the invention provides a kind of network system, it is characterized in that, comprising: web crawlers 70 and DPI equipment, wherein,
Web crawlers 70 is used to utilize the reptile program of application protocol, sets up described application protocol and uses the corresponding relation of the network entity information of described application protocol; Wherein,, do not repeat them here referring to the associated description under the method embodiment step 101 for the description of information of network entity etc.
DPI equipment 80 is used to receive the described identifying information that described reptile engine sends, and utilizes the affiliated application protocol of described corresponding relation recognition data bag.
Wherein, web crawlers 70 can be integrated on the DPI equipment 80.The structure of web crawlers 70 and above-mentioned Figure 10, Figure 11 do not repeat them here with embodiment illustrated in fig. 12 similar.
In order to realize sharing of above-mentioned identifying information, in one embodiment, this network system also comprises: information sharing control centre 90, wherein,
DPI equipment 70 also is used for the described identifying information that described web crawlers sends is sent to information sharing control centre 90.Information sharing control centre 90 is used to receive the identifying information that DPI equipment 70 sends, and obtains described identifying information for other DPI equipment except described DPI equipment 70 in the network from described information sharing control centre 90.Optionally, DPI equipment 70 can also send to the identifying information that obtains by deep packet inspection technical information sharing control centre, wherein, the identifying information that obtains by deep packet inspection technical comprises: the corresponding relation of application protocol under the source end of packet and/or the address of destination and employed transport layer protocol and this packet, optionally, it can also comprise: the aging suggestion time of this corresponding relation.
In another embodiment, described DPI equipment 70 also is used for the described identifying information that described web crawlers sends is sent to network other DPI equipment except that described DPI equipment.
Utilize the reptile program of application protocol to set up this application protocol in the embodiment of the invention and use the corresponding relation of information of the network entity of this application protocol, and send to DPI equipment, make the affiliated application protocol of this corresponding relation recognition data bag of DPI equipment utilization, like this, DPI equipment does not just need decrypted data packet, reduce performance cost, DPI equipment is also without the concrete character feature of the code stream of this application protocol of off-line analysis, the time of having reduced code stream identification.
Wherein, above-mentioned DPI equipment can be used for network system shown in Figure 14, wherein, DPI equipment can exist with GGSN (Gateway GPRS Support Node, Gateway GPRS Support Node) is independent, also can be integrated on the equipment, not influence realization of the present invention with GGSN.Among the figure, GGSN is by SGSN (Serving GPRS Support Node, Serving GPRS Support Node) with GPRS (General Packet Radio Service, the general packet radio service technology)/UMTS (Universal Mobile Telecommunications System, universal mobile telecommunications system) connects, DPI equipment is connected with Internet by fire compartment wall, and Peer is arranged in GPRS/UMTS or Internet.
One of ordinary skill in the art will appreciate that all or part of step that realizes in the foregoing description method is to instruct relevant hardware to finish by program, described program can be stored in a kind of computer-readable recording medium, read-only memory for example, disk or CD etc.
More than method from the information of recognition data bag to DPI, web crawlers and network system that the embodiment of the invention provided is provided for are described in detail, used specific case herein principle of the present invention and execution mode are set forth, the explanation of above embodiment just is used for helping to understand method of the present invention and core concept thereof; Simultaneously, for one of ordinary skill in the art, according to thought of the present invention, the part that all can change in specific embodiments and applications, in sum, this description should not be construed as limitation of the present invention.

Claims (13)

1. a method that is provided for the information of recognition data bag is characterized in that, comprising:
Utilize the reptile program of application protocol, set up the corresponding relation of the network entity information of described application protocol and the described application protocol of use;
Send the identifying information that comprises described corresponding relation to deep-packet detection DPI equipment, make the affiliated application protocol of the described corresponding relation recognition data of described DPI equipment utilization bag;
Wherein, use the network entity information of described application protocol to comprise: the address and the employed transport layer protocol sign of the network entity that uses described application protocol of using the network entity of described application protocol.
2. method according to claim 1 is characterized in that, the described reptile program of utilizing application protocol, and the corresponding relation of setting up the described application protocol and the information of the network entity that uses described application protocol comprises:
A, definite network entity as query source; Wherein, described network entity as query source uses described application protocol;
B, utilize the reptile program of application protocol to obtain the information of the network entity related from described query source with described query source; Wherein, the network entity related with described query source is for using described application protocol and having the network entity of same asset with described query source;
C, will be related with described query source network entity in do not make query source network entity as the query source of upgrading, when not reaching the poll-final condition, return execution in step B, at this moment, the query source among the described step B is the query source of described renewal; When reaching the poll-final condition, set up the corresponding relation of the described application protocol and the information of the network entity that uses described application protocol.
3. method according to claim 2 is characterized in that, described definite query source comprises:
The network entity information that sends according to DPI equipment and the mapping relations of application protocol identification determine that the pairing network entity of application protocol identification in the described mapping relations is the network entity as query source.
4. method according to claim 1 is characterized in that, the described reptile program of utilizing application protocol, and the corresponding relation of setting up the described application protocol and the information of the network entity that uses described application protocol comprises:
The reptile program of application protocol sends probe request message to network entity in the sequence call reptile collection of programs, up to receiving till expression that described network entity returns surveys successful response message, set up the corresponding relation of the information of the employed application protocol of probe request message of corresponding response message and described network entity.
5. method according to claim 4 is characterized in that, the reptile program of application protocol is before network entity sends probe request message in sequence call reptile collection of programs, and this method also comprises:
The needs that receive the transmission of DPI equipment are discerned the information of the network entity of application protocol;
The reptile program of application protocol comprises to network entity transmission probe request message in the described sequence call reptile collection of programs:
The reptile program of application protocol sends probe request message to the described network entity of identification application protocol that needs in the sequence call reptile collection of programs.
6. a web crawlers is characterized in that, comprising:
Set up the unit, be used to utilize the reptile program of application protocol, set up the corresponding relation of the network entity information of described application protocol and the described application protocol of use;
Transmitting element is used for sending the identifying information that comprises described corresponding relation to DPI equipment, makes the affiliated application protocol of the described corresponding relation recognition data of described DPI equipment utilization bag;
Wherein, use the network entity information of described application protocol to comprise: the address and the employed transport layer protocol sign of the network entity that uses described application protocol of using the network entity of described application protocol.
7. web crawlers according to claim 6 is characterized in that,
The described unit of setting up comprises:
The query source determining unit is used for definite network entity as query source; Wherein, described network entity as query source uses described application protocol;
Query unit is used to utilize the reptile program of application protocol to obtain the information of the network entity related with described query source from described query source; Wherein, the network entity related with described query source is for using described application protocol and having the network entity of same asset with described query source;
The query source updating block, be used for when not reaching the poll-final condition, the network entity of not doing query source in the network entity that will be related with described query source is as the query source of upgrading, the query source of described renewal is sent to described query unit, trigger described query unit and utilize the reptile program of application protocol to obtain the information of the network entity related from network entity with the query source of described renewal as the query source of upgrading;
Corresponding relation is set up the unit, is used for when reaching the poll-final condition, the corresponding relation as the information of the network entity of query source of setting up that the information of the network entity that described application protocol and described query unit get access to and described query source determining unit determine.
8. web crawlers according to claim 7 is characterized in that,
Described query source determining unit is used for the network entity information that sends according to DPI equipment and the mapping relations of application protocol identification, determines that the pairing network entity of application protocol identification in the described mapping relations is the network entity as query source.
9. web crawlers according to claim 6 is characterized in that,
The described unit of setting up comprises:
Call unit, the network entity of the reptile program that is used for sequence call reptile collection of programs application protocol in network sends probe request message, up to receiving till expression that described network entity returns surveys successful response message;
Corresponding relation is set up the unit, is used to set up the corresponding relation of the information of the employed application protocol of probe request message of corresponding response message and described network entity.
10. web crawlers according to claim 9 is characterized in that,
Also comprise:
Receiving element is used to receive the information of the network entity of the needs identification application protocol that DPI equipment sends;
Described call unit, the reptile program that is used for sequence call reptile collection of programs application protocol sends probe request message to the network entity of described needs identification application protocol, up to receiving till expression that the described network entity that needs the identification application protocol returns surveys successful response message.
11. a network system is characterized in that, comprising: described web crawlers of claim 6-10 and deep-packet detection DPI equipment, wherein,
DPI equipment is used to receive the described identifying information that described web crawlers sends, and utilizes the affiliated application protocol of described corresponding relation recognition data bag.
12. system according to claim 11 is characterized in that,
Described DPI equipment also is used for the described identifying information that described web crawlers sends is sent to information sharing control centre, obtains described identifying information for other DPI equipment except described DPI equipment in the network from described information sharing control centre;
Perhaps, described DPI equipment also is used for the described identifying information that described web crawlers sends is sent to network other DPI equipment except that described DPI equipment.
13. system according to claim 11 is characterized in that,
Described identifying information also comprises: the aging suggestion time of described corresponding relation;
Described DPI equipment also is used for when the described aging suggestion time arrives, and it is invalid to control described corresponding relation.
CN 201110082236 2011-04-01 2011-04-01 Method for identifying information of data packet, crawler engine and network system Expired - Fee Related CN102137022B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN 201110082236 CN102137022B (en) 2011-04-01 2011-04-01 Method for identifying information of data packet, crawler engine and network system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN 201110082236 CN102137022B (en) 2011-04-01 2011-04-01 Method for identifying information of data packet, crawler engine and network system

Publications (2)

Publication Number Publication Date
CN102137022A true CN102137022A (en) 2011-07-27
CN102137022B CN102137022B (en) 2013-11-06

Family

ID=44296681

Family Applications (1)

Application Number Title Priority Date Filing Date
CN 201110082236 Expired - Fee Related CN102137022B (en) 2011-04-01 2011-04-01 Method for identifying information of data packet, crawler engine and network system

Country Status (1)

Country Link
CN (1) CN102137022B (en)

Cited By (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102567513A (en) * 2011-12-27 2012-07-11 北京神州绿盟信息安全科技股份有限公司 Method and equipment for collecting phishing websites
CN104408195A (en) * 2014-12-15 2015-03-11 北京国双科技有限公司 Crawler working state judging method and device
CN106941459A (en) * 2017-05-02 2017-07-11 武汉绿色网络信息服务有限责任公司 The processing method and system of HTTP downlink traffics in asymmetric routed environment
CN108200586A (en) * 2016-12-08 2018-06-22 中国电信股份有限公司 For the associated method and system of mobile network perception data
CN110771116A (en) * 2017-10-16 2020-02-07 Oppo广东移动通信有限公司 Method, device, storage medium and system for identifying encrypted data stream
CN111371655A (en) * 2020-04-07 2020-07-03 中移雄安信息通信科技有限公司 Deep packet inspection method, DPI device, transit device, system and storage medium
CN113765728A (en) * 2020-06-04 2021-12-07 深信服科技股份有限公司 Network detection method, device, equipment and storage medium

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101534248A (en) * 2009-04-14 2009-09-16 华为技术有限公司 Deep packet identification method, system and business board
WO2009116020A2 (en) * 2008-03-21 2009-09-24 Alcatel Lucent In-band dpi application awareness propagation enhancements
CN101582897A (en) * 2009-06-02 2009-11-18 中兴通讯股份有限公司 Deep packet inspection method and device
CN101621504A (en) * 2008-06-30 2010-01-06 中兴通讯股份有限公司 Deep packet inspection method and system
CN101714952A (en) * 2009-12-22 2010-05-26 北京邮电大学 Method and device for identifying traffic of access network
CN101984598A (en) * 2010-11-04 2011-03-09 成都市华为赛门铁克科技有限公司 Message forwarding method and deep packet inspection (DPI) device

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2009116020A2 (en) * 2008-03-21 2009-09-24 Alcatel Lucent In-band dpi application awareness propagation enhancements
CN101621504A (en) * 2008-06-30 2010-01-06 中兴通讯股份有限公司 Deep packet inspection method and system
CN101534248A (en) * 2009-04-14 2009-09-16 华为技术有限公司 Deep packet identification method, system and business board
CN101582897A (en) * 2009-06-02 2009-11-18 中兴通讯股份有限公司 Deep packet inspection method and device
CN101714952A (en) * 2009-12-22 2010-05-26 北京邮电大学 Method and device for identifying traffic of access network
CN101984598A (en) * 2010-11-04 2011-03-09 成都市华为赛门铁克科技有限公司 Message forwarding method and deep packet inspection (DPI) device

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
简光垚: "《基于启发式识别的深层数据包检测P2P流的研究与实现》", 《中国优秀硕士学位论文全文数据库(电子期刊)信息科技辑2009年第03期》 *

Cited By (13)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102567513B (en) * 2011-12-27 2014-09-17 北京神州绿盟信息安全科技股份有限公司 Method and equipment for collecting phishing websites
CN102567513A (en) * 2011-12-27 2012-07-11 北京神州绿盟信息安全科技股份有限公司 Method and equipment for collecting phishing websites
CN104408195A (en) * 2014-12-15 2015-03-11 北京国双科技有限公司 Crawler working state judging method and device
CN104408195B (en) * 2014-12-15 2017-12-19 北京国双科技有限公司 The determination methods and device of crawlers working condition
CN108200586B (en) * 2016-12-08 2021-03-23 中国电信股份有限公司 Method and system for mobile network aware data association
CN108200586A (en) * 2016-12-08 2018-06-22 中国电信股份有限公司 For the associated method and system of mobile network perception data
CN106941459A (en) * 2017-05-02 2017-07-11 武汉绿色网络信息服务有限责任公司 The processing method and system of HTTP downlink traffics in asymmetric routed environment
CN110771116B (en) * 2017-10-16 2021-02-26 Oppo广东移动通信有限公司 Method, device, storage medium and system for identifying encrypted data stream
CN110771116A (en) * 2017-10-16 2020-02-07 Oppo广东移动通信有限公司 Method, device, storage medium and system for identifying encrypted data stream
US11418951B2 (en) 2017-10-16 2022-08-16 Guangdong Oppo Mobile Telecommunications Corp., Ltd. Method for identifying encrypted data stream, device, storage medium and system
CN111371655A (en) * 2020-04-07 2020-07-03 中移雄安信息通信科技有限公司 Deep packet inspection method, DPI device, transit device, system and storage medium
CN111371655B (en) * 2020-04-07 2022-02-25 中移雄安信息通信科技有限公司 Deep packet inspection method, DPI device, transit device, system and storage medium
CN113765728A (en) * 2020-06-04 2021-12-07 深信服科技股份有限公司 Network detection method, device, equipment and storage medium

Also Published As

Publication number Publication date
CN102137022B (en) 2013-11-06

Similar Documents

Publication Publication Date Title
CN102137022B (en) Method for identifying information of data packet, crawler engine and network system
JP5889445B2 (en) Method and apparatus for identifying an application associated with an IP flow using DNS data
US9871850B1 (en) Enhanced browsing using CDN routing capabilities
KR20120137726A (en) A transmission node and a receiver node of a contents centric network and a communination method thereof
WO2017066359A1 (en) Determining direction of network sessions
CN102640467A (en) Enhanced anycast for edge server selection
CN106332183B (en) Flow control method, flow control processing device and terminal
CN103888928A (en) Business strategy control method and system
US8341285B2 (en) Method and system for transferring files
CN102484653A (en) Measuring attributes of client-server applications
CN103781055A (en) Data downloading method and associated device
CN108207012B (en) Flow control method, device, terminal and system
CN105471748A (en) Application shunting method and device
CN105790960A (en) Traffic identification method and system and traffic gateway
CN103595808B (en) A kind of file update information method for pushing and device
CN104506450A (en) Media resource feedback method and device
CN103200231A (en) Strategy control method and system
CN104639555A (en) Request processing method, system and device
CN114390044B (en) File uploading method, system, equipment and storage medium
US20170171092A1 (en) Network analysis and monitoring tool
CN103746768A (en) Data packet identification method and equipment thereof
Zavodovski et al. edisco: Discovering edge nodes along the path
CN108011801A (en) Method, unit and the system of data transfer
CN109639788A (en) Cross-domain name joint debugging method and system for voice dialogue platform
CN110278558A (en) The exchange method and wlan system of message

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
C14 Grant of patent or utility model
GR01 Patent grant
TR01 Transfer of patent right

Effective date of registration: 20180507

Address after: California, USA

Patentee after: Global innovation polymerization LLC

Address before: London, England

Patentee before: GW partnership Co.,Ltd.

Effective date of registration: 20180507

Address after: London, England

Patentee after: GW partnership Co.,Ltd.

Address before: 518129 Bantian HUAWEI headquarters office building, Longgang District, Guangdong, Shenzhen

Patentee before: HUAWEI TECHNOLOGIES Co.,Ltd.

TR01 Transfer of patent right
CF01 Termination of patent right due to non-payment of annual fee

Granted publication date: 20131106

CF01 Termination of patent right due to non-payment of annual fee