CN104125105B - The method and apparatus classified to the Internet, applications place - Google Patents
The method and apparatus classified to the Internet, applications place Download PDFInfo
- Publication number
- CN104125105B CN104125105B CN201410400633.1A CN201410400633A CN104125105B CN 104125105 B CN104125105 B CN 104125105B CN 201410400633 A CN201410400633 A CN 201410400633A CN 104125105 B CN104125105 B CN 104125105B
- Authority
- CN
- China
- Prior art keywords
- layer protocol
- network
- data message
- application layer
- terminal quantity
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Abstract
The invention discloses a kind of method and apparatus classified to the Internet, applications place.Methods described includes:In preset time, the data message that the network equipment to be detected is sent is obtained;According to the data message, at least one in operator types, the network bandwidth, terminal quantity and application layer protocol characteristic proportion is obtained;Statistic of classification analysis is carried out at least one in the operator types obtained in preset time, the network bandwidth, terminal quantity and application layer protocol characteristic proportion, the application places classification results of the network to be detected are obtained.The present invention realizes the classification of the application places to network to be detected.
Description
Technical field
The present embodiments relate to computer networking technology, more particularly to a kind of method classified to the Internet, applications place
And device.
Background technology
With the fast development and rapid popularization of internet, the network information is increasingly enriched, numerous government bodies, enterprise's thing
The application places such as industry unit, cell family, school have all built the network of oneself, and network has become the important money of information age
Source.The important tool that network is produced as the information age, the problem of being equally faced with appropriate monitoring, reasonable employment.
Accordingly, it would be desirable to classify to the Internet, applications place.The Internet, applications place is carried out to be sorted in Internet resources
It will be played an increasingly important role in terms of using, network resource planning and network security, still, in the prior art, to interconnection
The research of net application places classification has just just started, and also realizes the classification to the Internet, applications place without ripe technology.
The content of the invention
In view of this, the embodiment of the present invention provides a kind of method and apparatus classified to the Internet, applications place, to realize
Classification to the Internet, applications place.
In a first aspect, the embodiments of the invention provide a kind of method classified to the Internet, applications place, methods described bag
Include:
In preset time, the data message that the network equipment to be detected is sent is obtained;
According to the data message, operator types, the network bandwidth, terminal quantity and application layer protocol characteristic proportion are obtained
In at least one;
To in the operator types obtained in preset time, the network bandwidth, terminal quantity and application layer protocol characteristic proportion
At least one carry out statistic of classification analysis, obtain the application places classification results of the network to be detected.
Second aspect, the embodiment of the present invention additionally provides a kind of device classified to the Internet, applications place, described device
Including:
First acquisition module, in preset time, obtaining the data message that the network equipment to be detected is sent;
Second acquisition module, for according to the data message, obtain operator types, the network bandwidth, terminal quantity and
At least one in application layer protocol characteristic proportion;
Sort module, for being assisted to the operator types obtained in preset time, the network bandwidth, terminal quantity and application layer
At least one discussed in feature proportion carries out statistic of classification analysis, obtains the application places classification results of the network to be detected.
The method and apparatus provided in an embodiment of the present invention classified to the Internet, applications place, by obtaining in preset time
The data message that network to be detected is sent, obtains operator types, the network bandwidth, terminal quantity according to the data message and answers
With at least one in layer protocol feature proportion, to the operator types obtained in preset time, the network bandwidth, terminal quantity and
At least one in application layer protocol characteristic proportion carries out statistic of classification analysis, obtains the application places point of the network to be detected
Class result, realizes the classification of the application places to network to be detected.
Brief description of the drawings
Fig. 1 is the applicable network architecture of the method and apparatus provided in an embodiment of the present invention classified to the Internet, applications place
Figure;
Fig. 2 is the flow chart for the method classified to the Internet, applications place that the embodiment of the present invention one is provided
Fig. 3 is the schematic diagram for the device classified to the Internet, applications place that the embodiment of the present invention two is provided.
Embodiment
The present invention is described in further detail with reference to the accompanying drawings and examples.It is understood that this place is retouched
The specific embodiment stated is used only for explaining the present invention, rather than limitation of the invention.It also should be noted that, in order to just
Part related to the present invention rather than full content are illustrate only in description, accompanying drawing.
Fig. 1 is the applicable network architecture of the method and apparatus provided in an embodiment of the present invention classified to the Internet, applications place
Figure.As shown in figure 1, the network is related to application places unknown network 110, detection service device 120 and internet 130, detection service
Device 120 is connected between application places unknown network 110 and internet 130, can mirror image crawl network between interaction data.Answering
It is network to be detected with place unknown network, during the upper network into internet sends packet, detection service device
The access situation and application layer protocol characteristic proportion situation of terminal device in network are detected by mirror image analyze data bag, from
And determine the classification of network to be detected.Method provided in an embodiment of the present invention can be performed by detection service device, can be by one
Platform physical computer is used as server.
Embodiment one
Fig. 2 is the flow chart for the method classified to the Internet, applications place that the embodiment of the present invention one is provided, the present embodiment
It is applicable to classify to the application places of internet, this method can be by setting with communication capacity and data-handling capacity
Performed for such as computer, server, specifically include following steps:
Step 210, in preset time, the data message that the network equipment to be detected is sent is obtained.
In preset time (such as within the time cycle of continuous one week) preset time point (such as daily 3 points, 10 points,
15 points, 20 points, 23: 5 time points), detection service device carries out data sampling, obtains network to be detected by data image and sets
The data message that preparation goes out.Wherein, data image has no effect on the data message that network equipment superior network to be detected is sent,
The data message that the network equipment to be detected is sent is obtained simply by replicate data.
Step 220, according to the data message, operator types, the network bandwidth, terminal quantity and application layer protocol are obtained
At least one in feature proportion.
Decoding Analysis is carried out to the data message, to obtain ISP (the Internet Service of network belonging to be detected
Provider, ISP) operator types, the network bandwidth of network to be detected, the end of access network to be detected
Hold at least one in quantity and application layer protocol characteristic proportion.
Wherein, the network bandwidth referred within 1 second time, and the maximum number of digits that can pass through is according to i.e. data transmission rate;To hits
According to being respectively calculated, the maximum data digit of acquisition is the network bandwidth.Unique sequence numbers in terminal device by installing
The software of client is communicated with the server in internet, realizes the mistake of the operations such as system upgrade, software upgrading inquiry
Generated in journey, for one physical terminal device of unique mark;By detecting that it is to be detected that the quantity of unique sequence numbers obtains access
The terminal quantity of network.The application layer protocol characteristic can be divided into 12 major classes, including:HTTP(Hyper Text
Transfer Protocol, HTTP) individual application (such as finery, cuisines, social activity, bank website), HTTP do
Public affairs application (such as technology class, recruitment, express delivery, air ticket, hotel website), IM (Instant Messaging, instant messaging) are personal
(content is searched for using (chat tool such as logical, YY of Ru Wangwang, UC, E words), IM office applications (such as QQ, MSN), personal search such as
Music, activity, hobby, cuisines etc.), information search (such as news), office search (such as technology, air ticket), download (such as FTP,
Electric donkey etc.), Virtual Private Network (Virtual Private Network, VPN), remote control, Email and audio frequency and video.Should
Refer to the proportion shared by each application layer protocol characteristic with layer protocol feature proportion.
Step 230, it is special to the operator types obtained in preset time, the network bandwidth, terminal quantity and application layer protocol
At least one levied in proportion carries out statistic of classification analysis, obtains the application places classification results of the network to be detected.
Wherein, the Internet, applications location type has 7 kinds, including:Cell family, Internet bar, school, social undertakings, cause list
Position, hotel and other classes.
Detection service device is to the operator types obtained in preset time, the network bandwidth, terminal quantity and application layer protocol
At least one in feature proportion carries out big data statistic of classification analysis, i.e., by operator types, the network bandwidth, number of terminals
At least one parameter in amount and application layer protocol characteristic proportion is analyzed, and finds matching the Internet, applications place class
The threshold value of aforementioned four parameter is respectively equipped with pattern type, the application places Type model, by aforementioned four parameter
At least one be compared with respective threshold value, obtain the Internet, applications location type model with net mate to be detected,
Then by the network class to be detected into the Internet, applications location type, that is, obtain the application places of the network to be detected
Classification results.
The technical scheme of the present embodiment, by obtaining the data message that network to be detected is sent in preset time, according to institute
At least one in data message acquisition operator types, the network bandwidth, terminal quantity and application layer protocol characteristic proportion is stated, it is right
At least one in the operator types, the network bandwidth, terminal quantity and the application layer protocol characteristic proportion that obtain in preset time
Statistic of classification analysis is carried out, the application places classification results of the network to be detected is obtained, realizes and network to be detected is answered
With the classification in place.
On the basis of above-mentioned technical proposal, according to the data message, operator types, the network bandwidth, end are obtained
Hold after at least one in quantity and application layer protocol characteristic proportion, further preferably include:By the operator types got, net
Network bandwidth, terminal quantity and application layer protocol characteristic proportion are saved in database.Detection service device first determines whether the data
Whether the information record of the operator types, the network bandwidth, terminal quantity and application layer protocol characteristic proportion is included in storehouse, such as
Fruit is then to be updated the data according to the operator types, the network bandwidth, terminal quantity and application layer protocol characteristic proportion in storehouse
Parameters, if it is not, then a newly-built list item in database, stores these four parameter values, can so save detection clothes
The disk space of business device, and be easy to be managed data.
On the basis of above-mentioned technical proposal, according to the data message, operator types, the network bandwidth, terminal are obtained
At least one in quantity and application layer protocol characteristic proportion, including:Decoding is carried out to the data message and obtains source IP address,
And the operator types according to belonging to the source IP address obtains the source IP address;Net is calculated according to data message analysis
Network bandwidth;Unique sequence numbers are extracted from the data message, the terminal quantity of access network is counted;From the data message
Extract application layer protocol characteristic, statistics application layer protocol feature proportion.Detection service device to the data message by solving
Code division analysis obtains source IP address, i.e., the public network IP address of network to be detected, detection service device is in database by search inquiry
Middle search comparison can obtain belonging to the IP address operator types (campus network, UNICOM, telecommunications, movement, other);Detection service
The maximum data digit of packet in the data message that preset time point in device statistics preset time is obtained, when choosing each
Between put maximum maximum data digit be the network bandwidth;Decoding Analysis is carried out to data message and unique sequence numbers are extracted, united
The quantity for counting unique sequence numbers obtains the terminal quantity of access network to be detected;Detection service device is decoded from the data message
Analysis, obtain 12 class application layer protocol characteristic information, protocol characteristic is extracted and calculate each protocol class session (TCP's
Session connection) quantity and ratio, so as to obtain the proportion of each application layer protocol characteristic, application layer protocol characteristic proportion can be used for
Identify user network behavior situation.
On the basis of above-mentioned technical proposal, the method for this pair of the Internet, applications place classification further preferably includes:Will be described
Source IP address and the time preservation for extracting the operator types, the network bandwidth, terminal quantity and application layer protocol characteristic proportion
Into database.Detection service device first determines whether whether include the operator types, the network bandwidth, terminal in the database
The information record of quantity and application layer protocol characteristic proportion, if it is, update the data extracted in storehouse these four parameters when
Between information, if it is not, then a newly-built list item in the database, stores these four parameter values and each parameter value is carried accordingly
Take the time.Parameters value in time information renovation database, it is ensured that each parameter value in database is newest
Obtain, and the memory space of database can be saved.
Embodiment two
Fig. 3 is the schematic diagram for the device classified to the Internet, applications place that the embodiment of the present invention two is provided.Such as Fig. 3 institutes
Show, what the present embodiment was provided includes to the device that the Internet, applications place is classified:First acquisition module 310, the second acquisition module
320 and sort module 330.
Wherein, the first acquisition module 310 is used in preset time, obtains the datagram that the network equipment to be detected is sent
Text;Second acquisition module 320 is used to, according to the data message, obtain operator types, the network bandwidth, terminal quantity and application
At least one in layer protocol feature proportion;Sort module 330 is for the operator types to being obtained in preset time, Netowrk tape
At least one in wide, terminal quantity and application layer protocol characteristic proportion carries out statistic of classification analysis, obtains the survey grid to be checked
The application places classification results of network.Wherein, the application layer protocol characteristic includes:HTTP HTTP individual applications,
HTTP office applications, instant messaging IM individual applications, IM office applications, personal search, information search, office search, download, void
Intend private network, remote control, Email and audio frequency and video.
It is preferred that, also include:First memory module, for by the operator types got, the network bandwidth, terminal quantity
It is saved in application layer protocol characteristic proportion in database.
It is preferred that, second acquisition module includes:Submodule is obtained, for carrying out decoding acquisition to the data message
Source IP address, and the operator types according to belonging to the source IP address obtains the source IP address;Calculating sub module, for root
The network bandwidth is calculated according to data message analysis;First statistic submodule, for extracting unique sequence from the data message
Row number, counts the terminal quantity of access network;Second statistic submodule, for extracting application layer protocol from the data message
Feature, statistics application layer protocol feature proportion.
It is preferred that, also include:Second memory module, for by the source IP address and extracting the operator types, net
The time of network bandwidth, terminal quantity and application layer protocol characteristic proportion is saved in database.
The said goods can perform the method that any embodiment of the present invention is provided, and possess the corresponding functional module of execution method
And beneficial effect.
Note, above are only presently preferred embodiments of the present invention and institute's application technology principle.It will be appreciated by those skilled in the art that
The invention is not restricted to specific embodiment described here, can carry out for a person skilled in the art it is various it is obvious change,
Readjust and substitute without departing from protection scope of the present invention.Therefore, although the present invention is carried out by above example
It is described in further detail, but the present invention is not limited only to above example, without departing from the inventive concept, also
Other more Equivalent embodiments can be included, and the scope of the present invention is determined by scope of the appended claims.
Claims (8)
1. a kind of method classified to the Internet, applications place, it is characterised in that methods described includes:
Preset time point in preset time, the data message that the network equipment to be detected is sent is obtained by data image;
According to the data message, obtain in operator types, the network bandwidth, terminal quantity and application layer protocol characteristic proportion
At least one, wherein, the application layer protocol characteristic is done including HTTP individual applications, HTTP office applications, IM individual applications, IM
Public application, personal search, information search, office search, download, Virtual Private Network, remote control, Email and audio frequency and video;
To in the operator types obtained in preset time, the network bandwidth, terminal quantity and application layer protocol characteristic proportion extremely
Few progress statistic of classification analysis, obtains the application places classification results of the network to be detected.
2. according to the method described in claim 1, it is characterised in that according to the data message, obtain operator types, net
After at least one in network bandwidth, terminal quantity and application layer protocol characteristic proportion, also include:
The operator types got, the network bandwidth, terminal quantity and application layer protocol characteristic proportion are saved in database.
3. method according to claim 1 or 2, it is characterised in that according to the data message, obtain operator types,
At least one in the network bandwidth, terminal quantity and application layer protocol characteristic proportion, including:
Decoding is carried out to the data message and obtains source IP address, and according to belonging to the source IP address obtains the source IP address
Operator types;
The network bandwidth is calculated according to data message analysis;
Unique sequence numbers are extracted from the data message, the terminal quantity of access network is counted;
Application layer protocol characteristic, statistics application layer protocol feature proportion are extracted from the data message.
4. method according to claim 3, it is characterised in that also include:
By the source IP address and the extraction operator types, the network bandwidth, terminal quantity and application layer protocol characteristic proportion
Time be saved in database.
5. a kind of device classified to the Internet, applications place, it is characterised in that described device includes:
First acquisition module, for the preset time point in preset time, the network equipment to be detected is obtained by data image
The data message sent;
Second acquisition module, for according to the data message, obtaining operator types, the network bandwidth, terminal quantity and application
At least one in layer protocol feature proportion, wherein, the application layer protocol characteristic includes HTTP individual applications, HTTP offices should
Searched for, IM individual applications, IM office applications, personal search, information, office search, download, Virtual Private Network, remote control,
Email and audio frequency and video;
Sort module, for special to the operator types obtained in preset time, the network bandwidth, terminal quantity and application layer protocol
At least one levied in proportion carries out statistic of classification analysis, obtains the application places classification results of the network to be detected.
6. device according to claim 5, it is characterised in that also include:
First memory module, for by the operator types got, the network bandwidth, terminal quantity and application layer protocol characteristic ratio
It is saved in again in database.
7. the device according to claim 5 or 6, it is characterised in that second acquisition module includes:
Submodule is obtained, source IP address is obtained for carrying out decoding to the data message, and obtain according to the source IP address
Operator types belonging to the source IP address;
Calculating sub module, for calculating the network bandwidth according to data message analysis;
First statistic submodule, for extracting unique sequence numbers from the data message, counts the terminal quantity of access network;
Second statistic submodule, for extracting application layer protocol characteristic, statistics application layer protocol feature from the data message
Proportion.
8. device according to claim 7, it is characterised in that also include:
Second memory module, for by the source IP address and extracting the operator types, the network bandwidth, terminal quantity and should
It is saved in the time of layer protocol feature proportion in database.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410400633.1A CN104125105B (en) | 2014-08-14 | 2014-08-14 | The method and apparatus classified to the Internet, applications place |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410400633.1A CN104125105B (en) | 2014-08-14 | 2014-08-14 | The method and apparatus classified to the Internet, applications place |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN104125105A CN104125105A (en) | 2014-10-29 |
| CN104125105B true CN104125105B (en) | 2017-07-18 |
Family
ID=51770375
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201410400633.1A Active CN104125105B (en) | 2014-08-14 | 2014-08-14 | The method and apparatus classified to the Internet, applications place |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN104125105B (en) |
Families Citing this family (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106131242B (en) * | 2016-08-17 | 2020-04-28 | 郑州埃文计算机科技有限公司 | Classification method of IP application scenes |
| CN111401397A (en) * | 2019-11-05 | 2020-07-10 | 杭州海康威视***技术有限公司 | Classification method, classification device, classification equipment and storage medium |
Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101202652A (en) * | 2006-12-15 | 2008-06-18 | 北京大学 | Device for classifying and recognizing network application flow quantity and method thereof |
| CN101547207A (en) * | 2009-05-07 | 2009-09-30 | 杭州迪普科技有限公司 | Protocol identification control method and equipment based on application behavior mode |
| CN101789887A (en) * | 2009-12-25 | 2010-07-28 | 成都市华为赛门铁克科技有限公司 | Method and device for classifying network users and system for monitoring network services |
| US7778194B1 (en) * | 2004-08-13 | 2010-08-17 | Packeteer, Inc. | Examination of connection handshake to enhance classification of encrypted network traffic |
| CN102916856A (en) * | 2012-10-30 | 2013-02-06 | 中国工商银行股份有限公司 | Application-oriented network flow monitoring method, device and system |
| CN103051725A (en) * | 2012-12-31 | 2013-04-17 | 华为技术有限公司 | Application identification method, data mining method, device and system |
-
2014
- 2014-08-14 CN CN201410400633.1A patent/CN104125105B/en active Active
Patent Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US7778194B1 (en) * | 2004-08-13 | 2010-08-17 | Packeteer, Inc. | Examination of connection handshake to enhance classification of encrypted network traffic |
| CN101202652A (en) * | 2006-12-15 | 2008-06-18 | 北京大学 | Device for classifying and recognizing network application flow quantity and method thereof |
| CN101547207A (en) * | 2009-05-07 | 2009-09-30 | 杭州迪普科技有限公司 | Protocol identification control method and equipment based on application behavior mode |
| CN101789887A (en) * | 2009-12-25 | 2010-07-28 | 成都市华为赛门铁克科技有限公司 | Method and device for classifying network users and system for monitoring network services |
| CN102916856A (en) * | 2012-10-30 | 2013-02-06 | 中国工商银行股份有限公司 | Application-oriented network flow monitoring method, device and system |
| CN103051725A (en) * | 2012-12-31 | 2013-04-17 | 华为技术有限公司 | Application identification method, data mining method, device and system |
Also Published As
| Publication number | Publication date |
|---|---|
| CN104125105A (en) | 2014-10-29 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US11354364B2 (en) | Client application fingerprinting based on analysis of client requests | |
| CN111865815B (en) | Flow classification method and system based on federal learning | |
| US20150046458A1 (en) | Method for recommending users in social network and the system thereof | |
| CN110321424B (en) | AIDS (acquired immune deficiency syndrome) personnel behavior analysis method based on deep learning | |
| US8997229B1 (en) | Anomaly detection for online endorsement event | |
| CN110768875A (en) | Application identification method and system based on DNS learning | |
| CN111953552B (en) | Data flow classification method and message forwarding equipment | |
| CN108289093A (en) | The construction method and structure system in App application condition codes library | |
| CN103745014A (en) | False and true mapping method and system of social network users | |
| CN114338064B (en) | Method, device, system, equipment and storage medium for identifying network traffic type | |
| CN109275045B (en) | DFI-based mobile terminal encrypted video advertisement traffic identification method | |
| CN108234345A (en) | A kind of traffic characteristic recognition methods of terminal network application, device and system | |
| CN111131070B (en) | Port time sequence-based network traffic classification method and device and storage medium | |
| CN114338600B (en) | Equipment fingerprint selection method and device, electronic equipment and medium | |
| CN104125105B (en) | The method and apparatus classified to the Internet, applications place | |
| WO2019019373A1 (en) | Event processing method and terminal device | |
| Elekar | Combination of data mining techniques for intrusion detection system | |
| CN112822121A (en) | Traffic identification method, traffic determination method and knowledge graph establishment method | |
| CN102984242A (en) | Automatic identification method and device of application protocols | |
| CN108650145A (en) | Phone number characteristic automatic extraction method under a kind of home broadband WiFi | |
| Psallidas et al. | Soc web: Efficient monitoring of social network activities | |
| CN108076032A (en) | A kind of abnormal behaviour user identification method and device | |
| CN109272005B (en) | Identification rule generation method and device and deep packet inspection equipment | |
| CN106899947A (en) | Short message method for cleaning and device | |
| CN116170227A (en) | Flow abnormality detection method and device, electronic equipment and storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |