CN104125105A - Method and device for classifying internet application places - Google Patents
Method and device for classifying internet application places Download PDFInfo
- Publication number
- CN104125105A CN104125105A CN201410400633.1A CN201410400633A CN104125105A CN 104125105 A CN104125105 A CN 104125105A CN 201410400633 A CN201410400633 A CN 201410400633A CN 104125105 A CN104125105 A CN 104125105A
- Authority
- CN
- China
- Prior art keywords
- layer protocol
- application layer
- data message
- network
- operator
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Landscapes
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention discloses a method and a device for classifying internet application places. The method includes: acquiring a data message sent by to-be-detected network equipment in preset time; acquiring at least one of the operator type, the network bandwidth, the terminal quantity and the application layer protocol characteristic proportion according to the data message; subjecting the at least one of the operator type, the network bandwidth, the terminal quantity and the application layer protocol characteristic proportion acquired in preset time to classified statistic analysis so as to obtain an application place classification result of the to-be-detected network. By the method and the device for classifying the internet application places, classification of application places of the to-be-detected network is realized.
Description
Technical field
The embodiment of the present invention relates to computer networking technology, relates in particular to a kind of method and apparatus to the classification of internet, applications place.
Background technology
Along with the fast development of the Internet is with universal rapidly, the network information is more and more abundanter, and the application places such as numerous government bodies, enterprises and institutions, community family, school have all been built the network of oneself, and network has become the valuable source of information age.Network, as the important tool that the information age produces, is faced with suitable monitoring, the reasonable problem using equally.
Therefore, need to classify to internet, applications place.Internet, applications place is sorted in to network resource usage, network resource planning and network security aspect will play an increasingly important role, but, in prior art, research to the classification of internet, applications place just just starts, and does not also have ripe technology to realize the classification to internet, applications place.
Summary of the invention
In view of this, the embodiment of the present invention provides a kind of method and apparatus to the classification of internet, applications place, to realize the classification to internet, applications place.
First aspect, the embodiment of the present invention provides a kind of method to the classification of internet, applications place, and described method comprises:
In Preset Time, obtain the data message that the network equipment to be detected sends;
According to described data message, obtain at least one in operator's type, the network bandwidth, terminal quantity and application layer protocol characteristic proportion;
At least one in the operator's type obtaining in Preset Time, the network bandwidth, terminal quantity and application layer protocol characteristic proportion carried out to statistic of classification analysis, obtain the application places classification results of described network to be detected.
Second aspect, the embodiment of the present invention also provides a kind of device to the classification of internet, applications place, and described device comprises:
The first acquisition module, in Preset Time, obtains the data message that the network equipment to be detected sends;
The second acquisition module, for according to described data message, obtains at least one in operator's type, the network bandwidth, terminal quantity and application layer protocol characteristic proportion;
Sort module, carries out statistic of classification analysis at least one of the operator's type to obtaining in Preset Time, the network bandwidth, terminal quantity and application layer protocol characteristic proportion, obtains the application places classification results of described network to be detected.
The method and apparatus to the classification of internet, applications place that the embodiment of the present invention provides, by obtaining the data message that in Preset Time, network to be detected sends, obtain operator's type according to described data message, the network bandwidth, at least one in terminal quantity and application layer protocol characteristic proportion, to the operator's type obtaining in Preset Time, the network bandwidth, at least one in terminal quantity and application layer protocol characteristic proportion carried out statistic of classification analysis, obtain the application places classification results of described network to be detected, realize the classification of the application places for the treatment of Sampling network.
Brief description of the drawings
Fig. 1 is the applicable network architecture diagram of method and apparatus to the classification of internet, applications place that the embodiment of the present invention provides;
Fig. 2 is the flow chart of the method to internet, applications place classification that provides of the embodiment of the present invention one
Fig. 3 is the schematic diagram of the device to internet, applications place classification that provides of the embodiment of the present invention two.
Embodiment
Below in conjunction with drawings and Examples, the present invention is described in further detail.Be understandable that, specific embodiment described herein is only for explaining the present invention, but not limitation of the invention.It also should be noted that, for convenience of description, in accompanying drawing, only show part related to the present invention but not full content.
Fig. 1 is the applicable network architecture diagram of method and apparatus to the classification of internet, applications place that the embodiment of the present invention provides.As shown in Figure 1, this network relates to application places unknown network 110, detects server 120 and the Internet 130, detects server 120 and is connected between application places unknown network 110 and the Internet 130, can capture mutual data between network by mirror image.Be network to be detected at application places unknown network, higher level's network in the Internet sends in the process of packet, detection server is analyzed packet by mirror image and is come access situation and the application layer protocol characteristic proportion situation of terminal equipment in Sampling network, thereby determines the classification of network to be detected.The method that the embodiment of the present invention provides can be carried out by detecting server, can be by a physical computer as server.
Embodiment mono-
Fig. 2 is the flow chart of the method to internet, applications place classification that provides of the embodiment of the present invention one, the present embodiment is classified applicable to the application places to the Internet, the method can be carried out as computer, server etc. by the equipment with communication capacity and data-handling capacity, specifically comprises the steps:
Step 210, in Preset Time, obtains the data message that the network equipment to be detected sends.
The Preset Time point of (as within the time cycle of continuous one week) in Preset Time (as 3 points of every day, 10 points, 15 points, 20 points, 23: 5 time points), detect server and carry out data sampling, obtain by data image the data message that the network equipment to be detected sends.Wherein, data image does not affect the data message that network equipment superior network to be detected sends, and just obtains by copy data the data message that the network equipment to be detected sends.
Step 220, according to described data message, obtains at least one in operator's type, the network bandwidth, terminal quantity and application layer protocol characteristic proportion.
Described data message is carried out to Decoding Analysis, to obtain at least one in ISP (Internet Service Provider, ISP) operator's type of network belonging to be detected, network of network bandwidth to be detected, the terminal quantity that accesses network to be detected and application layer protocol characteristic proportion.
Wherein, the network bandwidth refers within 1 second time, and the maximum number of digits that can pass through is according to being data transmission rate; Sampled data is calculated respectively, and the maximum data figure place of acquisition is the network bandwidth.Unique sequence number be by the software of the client of installing in terminal equipment with the Internet in server communicate, realize in the process of the operation such as system upgrade, software upgrading inquiry and generating, for physical terminal equipment of unique identification; Obtain the terminal quantity of access network to be detected by detecting the quantity of unique sequence number.Described application layer protocol characteristic can be divided into 12 large classes, comprise: HTTP (Hyper Text Transfer Protocol, HTML (Hypertext Markup Language)) individual application is (as finery, cuisines, social, the websites such as bank), HTTP office application is (as technology type, recruitment, express delivery, air ticket, the websites such as hotel), IM (Instant Messaging, instant messaging) individual application (Ru Wangwang, UC, E words are logical, the chat tools such as YY), IM office application is (as QQ, MSN etc.), (search content is as music for personal search, movable, hobby, cuisines etc.), information search (as news etc.), office search is (as technology, air ticket etc.), download (as FTP, electricity donkey etc.), Virtual Private Network (Virtual Private Network, VPN), Long-distance Control, Email and audio frequency and video.Application layer protocol characteristic proportion refers to the proportion that each application layer protocol characteristic is shared.
Step 230, carries out statistic of classification analysis at least one in the operator's type obtaining in Preset Time, the network bandwidth, terminal quantity and application layer protocol characteristic proportion, obtains the application places classification results of described network to be detected.
Wherein, internet, applications place type has 7 kinds, comprising: community family, Internet bar, school, social undertakings, public institution, hotel and other classes.
Detect server to the operator's type obtaining in Preset Time, the network bandwidth, at least one in terminal quantity and application layer protocol characteristic proportion carried out large Data classification statistical analysis, pass through operator's type, the network bandwidth, at least one parameter in terminal quantity and application layer protocol characteristic proportion is analyzed, find the internet, applications place Type model matching, in described application places Type model, be respectively equipped with the threshold value of above-mentioned four parameters, by at least one in above-mentioned four parameters compared with threshold value separately, obtain the internet, applications place Type model with net mate to be detected, by described network class to be detected in this internet, applications place type, obtain the application places classification results of described network to be detected.
The technical scheme of the present embodiment, by obtaining the data message that in Preset Time, network to be detected sends, obtain at least one in operator's type, the network bandwidth, terminal quantity and application layer protocol characteristic proportion according to described data message, at least one in the operator's type obtaining in Preset Time, the network bandwidth, terminal quantity and application layer protocol characteristic proportion carried out to statistic of classification analysis, obtain the application places classification results of described network to be detected, realized the classification of the application places for the treatment of Sampling network.
On the basis of technique scheme, according to described data message, after obtaining at least one in operator's type, the network bandwidth, terminal quantity and application layer protocol characteristic proportion, also preferably include: the operator's type getting, the network bandwidth, terminal quantity and application layer protocol characteristic proportion are saved in database.Detect server and first judge the information recording that whether comprises described operator type, the network bandwidth, terminal quantity and application layer protocol characteristic proportion in described database, if, according to the more parameters in new database of described operator type, the network bandwidth, terminal quantity and application layer protocol characteristic proportion, if not, newly-built list item in database, store this four kinds of parameter values, can save like this disk space that detects server, and be convenient to data to manage.
On the basis of technique scheme, according to described data message, obtain at least one in operator's type, the network bandwidth, terminal quantity and application layer protocol characteristic proportion, comprise: described data message is decoded and obtained source IP address, and obtain the operator's type under described source IP address according to described source IP address; According to the described data message analytical calculation network bandwidth; From described data message, extract unique sequence number, the terminal quantity of statistics access network; From described data message, extract application layer protocol characteristic, statistics application layer protocol feature proportion.Detect server and obtain source IP address by described data message being carried out to Decoding Analysis, be the public network IP address of network to be detected, detect server by search inquiry in database search comparison can obtain operator's type under this IP address (campus network, UNICOM, telecommunications, movement, other); Detect server and add up the maximum data figure place of the packet in the data message of the Preset Time point acquisition in Preset Time, the maximum data figure place of choosing each time point maximum is the network bandwidth; Data message is carried out Decoding Analysis and extracts unique sequence number, and the quantity of adding up unique sequence number obtains the terminal quantity of access network to be detected; Detect server Decoding Analysis from described data message, obtain 12 class application layer protocol characteristic information, protocol characteristic is extracted and is calculated quantity and the ratio of each protocol class session (session connection of TCP), thereby obtain the proportion of each application layer protocol characteristic, application layer protocol characteristic proportion can be used for identifying user network behavior situation.
On the basis of technique scheme, this method to internet, applications place classification also preferably includes: described source IP address and time of extracting described operator type, the network bandwidth, terminal quantity and application layer protocol characteristic proportion are saved in database.Detect server and first judge the information recording that whether comprises described operator type, the network bandwidth, terminal quantity and application layer protocol characteristic proportion in described database, if, more extract the temporal information of these four kinds of parameters in new database, if not, a newly-built list item in described database, stores these four kinds of parameter values and corresponding extraction time of each parameter value.According to the parameters value in time information renovation database, guarantee that the each parameter value in database is up-to-date obtaining, and can save the memory space of database.
Embodiment bis-
Fig. 3 is the schematic diagram of the device to internet, applications place classification that provides of the embodiment of the present invention two.As shown in Figure 3, the device to the classification of internet, applications place that the present embodiment provides comprises: the first acquisition module 310, the second acquisition module 320 and sort module 330.
Wherein, the first acquisition module 310, in Preset Time, obtains the data message that the network equipment to be detected sends; The second acquisition module 320, for according to described data message, obtains at least one in operator's type, the network bandwidth, terminal quantity and application layer protocol characteristic proportion; Sort module 330 is carried out statistic of classification analysis at least one of the operator's type to obtaining in Preset Time, the network bandwidth, terminal quantity and application layer protocol characteristic proportion, obtains the application places classification results of described network to be detected.Wherein, described application layer protocol characteristic comprises: HTML (Hypertext Markup Language) HTTP individual application, HTTP office application, instant messaging IM individual application, IM office application, personal search, information search, office search, download, Virtual Private Network, Long-distance Control, Email and audio frequency and video.
Preferably, also comprise: the first memory module, for the operator's type getting, the network bandwidth, terminal quantity and application layer protocol characteristic proportion are saved in to database.
Preferably, described the second acquisition module comprises: obtain submodule, obtain source IP address, and obtain the operator's type under described source IP address according to described source IP address for described data message is decoded; Calculating sub module, for according to the described data message analytical calculation network bandwidth; The first statistics submodule, for extracting unique sequence number from described data message, the terminal quantity of statistics access network; The second statistics submodule, for extracting application layer protocol characteristic from described data message, statistics application layer protocol feature proportion.
Preferably, also comprise: the second memory module, for described source IP address and time of extracting described operator type, the network bandwidth, terminal quantity and application layer protocol characteristic proportion are saved in to database.
The said goods can be carried out the method that any embodiment of the present invention provides, and possesses the corresponding functional module of manner of execution and beneficial effect.
Note, above are only preferred embodiment of the present invention and institute's application technology principle.Skilled person in the art will appreciate that and the invention is not restricted to specific embodiment described here, can carry out for a person skilled in the art various obvious variations, readjust and substitute and can not depart from protection scope of the present invention.Therefore, although the present invention is described in further detail by above embodiment, the present invention is not limited only to above embodiment, in the situation that not departing from the present invention's design, can also comprise more other equivalent embodiment, and scope of the present invention is determined by appended claim scope.
Claims (10)
1. the method to the classification of internet, applications place, is characterized in that, described method comprises:
In Preset Time, obtain the data message that the network equipment to be detected sends;
According to described data message, obtain at least one in operator's type, the network bandwidth, terminal quantity and application layer protocol characteristic proportion;
At least one in the operator's type obtaining in Preset Time, the network bandwidth, terminal quantity and application layer protocol characteristic proportion carried out to statistic of classification analysis, obtain the application places classification results of described network to be detected.
2. method according to claim 1, is characterized in that, according to described data message, after obtaining at least one in operator's type, the network bandwidth, terminal quantity and application layer protocol characteristic proportion, also comprises:
The operator's type getting, the network bandwidth, terminal quantity and application layer protocol characteristic proportion are saved in database.
3. method according to claim 1 and 2, is characterized in that, according to described data message, obtains at least one in operator's type, the network bandwidth, terminal quantity and application layer protocol characteristic proportion, comprising:
Described data message is decoded and obtained source IP address, and obtain the operator's type under described source IP address according to described source IP address;
According to the described data message analytical calculation network bandwidth;
From described data message, extract unique sequence number, the terminal quantity of statistics access network;
From described data message, extract application layer protocol characteristic, statistics application layer protocol feature proportion.
4. method according to claim 3, is characterized in that, also comprises:
Described source IP address and time of extracting described operator type, the network bandwidth, terminal quantity and application layer protocol characteristic proportion are saved in database.
5. method according to claim 1 and 2, it is characterized in that, described application layer protocol characteristic comprises: HTML (Hypertext Markup Language) HTTP individual application, HTTP office application, instant messaging IM individual application, IM office application, personal search, information search, office search, download, Virtual Private Network, Long-distance Control, Email and audio frequency and video.
6. the device to the classification of internet, applications place, is characterized in that, described device comprises:
The first acquisition module, in Preset Time, obtains the data message that the network equipment to be detected sends;
The second acquisition module, for according to described data message, obtains at least one in operator's type, the network bandwidth, terminal quantity and application layer protocol characteristic proportion;
Sort module, carries out statistic of classification analysis at least one of the operator's type to obtaining in Preset Time, the network bandwidth, terminal quantity and application layer protocol characteristic proportion, obtains the application places classification results of described network to be detected.
7. device according to claim 6, is characterized in that, also comprises:
The first memory module, for being saved in database by the operator's type getting, the network bandwidth, terminal quantity and application layer protocol characteristic proportion.
8. according to the device described in claim 6 or 7, it is characterized in that, described the second acquisition module comprises:
Obtain submodule, obtain source IP address for described data message is decoded, and obtain the operator's type under described source IP address according to described source IP address;
Calculating sub module, for according to the described data message analytical calculation network bandwidth;
The first statistics submodule, for extracting unique sequence number from described data message, the terminal quantity of statistics access network;
The second statistics submodule, for extracting application layer protocol characteristic from described data message, statistics application layer protocol feature proportion.
9. device according to claim 8, is characterized in that, also comprises:
The second memory module, for being saved in database by described source IP address and time of extracting described operator type, the network bandwidth, terminal quantity and application layer protocol characteristic proportion.
10. according to the device described in claim 6 or 7, it is characterized in that, described application layer protocol characteristic comprises: HTML (Hypertext Markup Language) HTTP individual application, HTTP office application, instant messaging IM individual application, IM office application, personal search, information search, office search, download, Virtual Private Network, Long-distance Control, Email and audio frequency and video.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410400633.1A CN104125105B (en) | 2014-08-14 | 2014-08-14 | The method and apparatus classified to the Internet, applications place |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410400633.1A CN104125105B (en) | 2014-08-14 | 2014-08-14 | The method and apparatus classified to the Internet, applications place |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN104125105A true CN104125105A (en) | 2014-10-29 |
| CN104125105B CN104125105B (en) | 2017-07-18 |
Family
ID=51770375
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201410400633.1A Active CN104125105B (en) | 2014-08-14 | 2014-08-14 | The method and apparatus classified to the Internet, applications place |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN104125105B (en) |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106131242A (en) * | 2016-08-17 | 2016-11-16 | 郑州埃文计算机科技有限公司 | A kind of sorting technique of IP application scenarios |
| CN111401397A (en) * | 2019-11-05 | 2020-07-10 | 杭州海康威视***技术有限公司 | Classification method, classification device, classification equipment and storage medium |
Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101202652A (en) * | 2006-12-15 | 2008-06-18 | 北京大学 | Device for classifying and recognizing network application flow quantity and method thereof |
| CN101547207A (en) * | 2009-05-07 | 2009-09-30 | 杭州迪普科技有限公司 | Protocol identification control method and equipment based on application behavior mode |
| CN101789887A (en) * | 2009-12-25 | 2010-07-28 | 成都市华为赛门铁克科技有限公司 | Method and device for classifying network users and system for monitoring network services |
| US7778194B1 (en) * | 2004-08-13 | 2010-08-17 | Packeteer, Inc. | Examination of connection handshake to enhance classification of encrypted network traffic |
| CN102916856A (en) * | 2012-10-30 | 2013-02-06 | 中国工商银行股份有限公司 | Application-oriented network flow monitoring method, device and system |
| CN103051725A (en) * | 2012-12-31 | 2013-04-17 | 华为技术有限公司 | Application identification method, data mining method, device and system |
-
2014
- 2014-08-14 CN CN201410400633.1A patent/CN104125105B/en active Active
Patent Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US7778194B1 (en) * | 2004-08-13 | 2010-08-17 | Packeteer, Inc. | Examination of connection handshake to enhance classification of encrypted network traffic |
| CN101202652A (en) * | 2006-12-15 | 2008-06-18 | 北京大学 | Device for classifying and recognizing network application flow quantity and method thereof |
| CN101547207A (en) * | 2009-05-07 | 2009-09-30 | 杭州迪普科技有限公司 | Protocol identification control method and equipment based on application behavior mode |
| CN101789887A (en) * | 2009-12-25 | 2010-07-28 | 成都市华为赛门铁克科技有限公司 | Method and device for classifying network users and system for monitoring network services |
| CN102916856A (en) * | 2012-10-30 | 2013-02-06 | 中国工商银行股份有限公司 | Application-oriented network flow monitoring method, device and system |
| CN103051725A (en) * | 2012-12-31 | 2013-04-17 | 华为技术有限公司 | Application identification method, data mining method, device and system |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106131242A (en) * | 2016-08-17 | 2016-11-16 | 郑州埃文计算机科技有限公司 | A kind of sorting technique of IP application scenarios |
| CN111401397A (en) * | 2019-11-05 | 2020-07-10 | 杭州海康威视***技术有限公司 | Classification method, classification device, classification equipment and storage medium |
Also Published As
| Publication number | Publication date |
|---|---|
| CN104125105B (en) | 2017-07-18 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN109726744B (en) | Network traffic classification method | |
| Nguyen et al. | Automatic image filtering on social networks using deep learning and perceptual hashing during crises | |
| CN109063745B (en) | Network equipment type identification method and system based on decision tree | |
| US11399288B2 (en) | Method for HTTP-based access point fingerprint and classification using machine learning | |
| CN105095211B (en) | The acquisition methods and device of multi-medium data | |
| CN111147394B (en) | Multi-stage classification detection method for remote desktop protocol traffic behavior | |
| US10984452B2 (en) | User/group servicing based on deep network analysis | |
| CN103458042A (en) | Microblog advertisement user detection method | |
| CN103218431A (en) | System and method for identifying and automatically acquiring webpage information | |
| CN107967488B (en) | Server classification method and classification system | |
| CN102984161B (en) | The recognition methods of a kind of reliable website and device | |
| EP3336739B1 (en) | A method for classifying attack sources in cyber-attack sensor systems | |
| CN109275045B (en) | DFI-based mobile terminal encrypted video advertisement traffic identification method | |
| WO2014029318A1 (en) | Method and apparatus for identifying webpage type | |
| CN114422211B (en) | HTTP malicious traffic detection method and device based on graph attention network | |
| CN112381119B (en) | Multi-scene classification method and system based on decentralized application encryption flow characteristics | |
| CN106713950A (en) | Video service system based on prediction and analysis of user behaviors | |
| CN111131070B (en) | Port time sequence-based network traffic classification method and device and storage medium | |
| CN102984242B (en) | A kind of automatic identifying method of application protocol and device | |
| CN110519228A (en) | A kind of black recognition methods and system for producing malice cloud robot under scene | |
| CN110225009A (en) | It is a kind of that user's detection method is acted on behalf of based on communication behavior portrait | |
| CN102984162A (en) | Identifying method and collecting system for credible websites | |
| CN104125105A (en) | Method and device for classifying internet application places | |
| CN108650145A (en) | Phone number characteristic automatic extraction method under a kind of home broadband WiFi | |
| CN110602059B (en) | Method for accurately restoring clear text length fingerprint of TLS protocol encrypted transmission data |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |