CN109412898A - Characteristic library generating method and device and corresponding flow method for sorting and device - Google Patents
Characteristic library generating method and device and corresponding flow method for sorting and device Download PDFInfo
- Publication number
- CN109412898A CN109412898A CN201811368052.9A CN201811368052A CN109412898A CN 109412898 A CN109412898 A CN 109412898A CN 201811368052 A CN201811368052 A CN 201811368052A CN 109412898 A CN109412898 A CN 109412898A
- Authority
- CN
- China
- Prior art keywords
- flow
- target
- data base
- target flow
- property data
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000000034 method Methods 0.000 title claims abstract description 77
- 238000000605 extraction Methods 0.000 claims abstract description 9
- 230000006870 function Effects 0.000 claims description 72
- 238000012360 testing method Methods 0.000 claims description 24
- 238000012795 verification Methods 0.000 claims description 24
- 235000013399 edible fruits Nutrition 0.000 claims 1
- 230000008569 process Effects 0.000 description 11
- 238000012545 processing Methods 0.000 description 9
- 238000004891 communication Methods 0.000 description 6
- 238000010586 diagram Methods 0.000 description 6
- 238000001514 detection method Methods 0.000 description 5
- 230000003993 interaction Effects 0.000 description 4
- 238000004458 analytical method Methods 0.000 description 3
- 238000013507 mapping Methods 0.000 description 3
- 238000005457 optimization Methods 0.000 description 3
- 238000004364 calculation method Methods 0.000 description 2
- 230000000694 effects Effects 0.000 description 2
- 239000000284 extract Substances 0.000 description 2
- 101000826116 Homo sapiens Single-stranded DNA-binding protein 3 Proteins 0.000 description 1
- 102100023008 Single-stranded DNA-binding protein 3 Human genes 0.000 description 1
- 230000000903 blocking effect Effects 0.000 description 1
- 230000008859 change Effects 0.000 description 1
- 230000007547 defect Effects 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- 238000010230 functional analysis Methods 0.000 description 1
- 230000000977 initiatory effect Effects 0.000 description 1
- 238000007689 inspection Methods 0.000 description 1
- 230000004807 localization Effects 0.000 description 1
- 239000002245 particle Substances 0.000 description 1
- 238000005192 partition Methods 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L43/00—Arrangements for monitoring or testing data switching networks
- H04L43/02—Capturing of monitoring data
- H04L43/026—Capturing of monitoring data using flow identification
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L43/00—Arrangements for monitoring or testing data switching networks
- H04L43/02—Capturing of monitoring data
- H04L43/028—Capturing of monitoring data by filtering
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
- Information Retrieval, Db Structures And Fs Structures Therefor (AREA)
Abstract
The invention discloses a kind of characteristic library generating methods, this method comprises: the corresponding target flow of crawl target application;Preliminary classification under default dimension is carried out to the target flow;Feature extraction is carried out to the sorted target flow, extracted feature is matched with the history feature database saved, to carry out function anticipation to the target flow;Using every anticipation result as a branch, the parsing tree for being directed to the target flow is generated;New property data base is generated according to the parsing tree.The present invention also provides a kind of property data base generating means and the flow method for sorting and device of the application property data base.Characteristic library generating method and device provided by the invention, flow method for sorting and device can carry out characteristic matching when flow sorting according to the property data base, optimize flow matches precision and efficiency.
Description
Technical field
The present invention relates to the network optimization and flow identification technology field more particularly to a kind of characteristic library generating method and
Device, flow method for sorting and device.
Background technique
As the very big of internet is popularized in recent years, the diversification of application market, the individual demand of user also mentions therewith
It rises, this ability for requiring network optimization platform to have lean operation is manipulated, adjusted, optimizing Internet resources to smaller particle size.Mesh
Preceding a large amount of business packed of different nature only relies on the preliminary flow identification of three, four layer protocols on standard IPV4 agreement
Much it is unable to satisfy demand, deep message detection (Deep Packet Inspection, DPI) equipment is exactly for into one
The feature of four layers of step identification or more.The common access way of DPI equipment be it is in series or in parallel, can separate unit work also more connection
Close work, from interconnection services mouth receive network in flow, decapsulated layer by layer by specific policy, until characteristic matching success or
Person fails to be matched to feature.
But this mode have the defects that it is as follows: in above-mentioned identification process, to what is runed on network optimization platform
For DPI equipment, it is passive reception flow side, i.e., is analyzed in real time when flow arrives, the hardware performance and inherence of system are patrolled
It collects efficiency and proposes very high request.Also, the direction of following network traffic trends certainty Xiang Geng great bandwidth demand is developed, in flow
In the case where very big, characteristic matching will expend higher system performance, it is likely that influence online service quality.
Summary of the invention
In view of this, the present invention proposes a kind of characteristic library generating method and device, flow method for sorting and device, with
Solve at least one above-mentioned technical problem.
Firstly, to achieve the above object, the present invention proposes a kind of characteristic library generating method, comprising:
Grab the corresponding target flow of target application;
Preliminary classification under default dimension is carried out to the target flow;
Feature extraction is carried out to the sorted target flow, by extracted feature and the history feature number saved
It is matched according to library, to carry out function anticipation to the target flow;
Using every anticipation result as a branch, the parsing tree for being directed to the target flow is generated;
New property data base is generated according to the parsing tree.
It optionally, include flow major class, group, feature description and corresponding function in the history feature database.
Optionally, described preliminary classification under default dimension is carried out to the target flow to include:
According in the history feature database flow major class and other default identification methods to the target flow into
Preliminary classification under the row default dimension.
Optionally, the default dimension includes: http class flow, https class flow, p2p class flow, other can identify
Preset kind flow and non-default type flow, need not processing flow, fail identify flow.
Optionally, described to match extracted feature with the history feature database saved, to the mesh
Mark flow carries out function anticipation
By extracted feature in the history feature database flow group and feature description match, obtain
The function of corresponding function, the as described target flow prejudges result.
Optionally, the method is before generating new property data base according to the parsing tree further include:
Foundation is branched into the parsing tree, test verifying is carried out to the corresponding objective function of the target flow, is sentenced
Whether disconnected verification result meets the anticipation result of the branch;
When the verification result does not meet the anticipation result, the anticipation of the branch is adjusted according to the verification result
As a result, then proceeding to the step of executing test verifying;And
When the verification result meets the anticipation result, execution is described to generate new characteristic according to the parsing tree
The step of according to library.
Optionally, described the step of carrying out test verifying to the corresponding objective function of the target flow, includes:
On the basis of the parsing tree, the function of being stressed according to the corresponding target application of the target flow is true
The branch of fixed verifying to be tested, the as described objective function;
It is tested by running the target application for the objective function, judges the corresponding mesh of the objective function
Whether mapping examination phenomenon occurs, to verify the target flow in the function of the target application, judges whether and described point
The anticipation result of branch is consistent.
In addition, to achieve the above object, the present invention also provides a kind of property data base generating means, including memory, place
Device is managed, the property data base that be stored on the memory to run on the processor generates program, the characteristic
Library generates when program is executed by the processor and realizes such as above-mentioned characteristic library generating method.
Further, to achieve the above object, the present invention also provides a kind of flow method for sorting, comprising:
Grab the corresponding target flow of target application;
The target flow is matched with preset property data base, to carry out classification and function to the target flow
It can prejudge, wherein the preset property data base is obtained according to such as above-mentioned characteristic library generating method.
Further, to achieve the above object, the present invention also provides a kind of flow sorting equipments, including memory, processing
Device is stored with the flow sort program that can be run on the processor on the memory, and the flow sort program is by institute
It states when processor executes and realizes such as above-mentioned flow method for sorting.
Compared to the prior art, characteristic library generating method proposed by the invention and device, flow method for sorting and
Device actively can carry out fining intelligent classification to target flow, and right on the basis of the flow collection to target application
The target flow of classification carries out verifying and feedback adjustment, has the function that determine function of the flow played in target application, and
Final result is integrated into new property data base, update to property data base and perfect is realized, for subsequent in flow
Traffic characteristic matching is carried out when sorting.Target flow pass through the flow sorting equipment when, using the property data base into
The high-precision matching of row, optimizes the flow matches depth and efficiency of the flow sorting equipment.
Detailed description of the invention
Fig. 1 is a kind of configuration diagram for property data base generating means that the embodiment of the present invention proposes;
Fig. 2 is a kind of flow diagram for characteristic library generating method that the embodiment of the present invention proposes;
Fig. 3 is the schematic diagram for carrying out preliminary classification in the present invention to target flow;
Fig. 4 is the flow diagram for another characteristic library generating method that the embodiment of the present invention proposes;
Fig. 5 is a kind of configuration diagram for flow sorting equipment that the embodiment of the present invention proposes;
Fig. 6 is a kind of flow diagram for flow method for sorting that the embodiment of the present invention proposes.
The embodiments will be further described with reference to the accompanying drawings for the realization, the function and the advantages of the object of the present invention.
Specific embodiment
In order to make the objectives, technical solutions, and advantages of the present invention clearer, with reference to the accompanying drawings and embodiments, right
The present invention is further elaborated.It should be appreciated that described herein, specific examples are only used to explain the present invention, not
For limiting the present invention.Based on the embodiments of the present invention, those of ordinary skill in the art are not before making creative work
Every other embodiment obtained is put, shall fall within the protection scope of the present invention.
As shown in fig.1, the embodiment of the present invention proposes that a kind of property data base for realizing characteristic library generating method is raw
At device 1.In the present embodiment, the property data base generating means 1 can be DPI equipment or other with calculation function
Electronic equipment.
The property data base generating means 1 include: memory 11, processor 13, network interface 15 and communication bus 17.
Wherein, network interface 15 optionally may include standard wireline interface and wireless interface (such as WI-FI interface).Communication bus 17
For realizing the connection communication between these components.
Memory 11 includes at least a type of readable storage medium storing program for executing.The readable storage medium storing program for executing of at least one type
It can be the non-volatile memory medium of such as flash memory, hard disk, multimedia card, card-type memory.In some embodiments, described to deposit
Reservoir 11 can be the internal storage unit of property data base generating means 1, such as this feature database generating means 1 is hard
Disk.In further embodiments, the memory 11 is also possible to the external memory unit of property data base generating means 1, example
Such as the plug-in type hard disk being equipped in property data base generating means 1, intelligent memory card (Smart Media Card, SMC), safety
Digital (Secure Digital, SD) card, flash card (Flash Card) etc..
The memory 11 can be used for storing the application software for being installed on property data base generating means 1 and all kinds of numbers
According to, such as the related data generated in the program code and its operational process of property data base generation program 10.
Processor 13 can be a central processing unit, microprocessor or other data processing chips in some embodiments,
Program code or processing data for being stored in run memory 11.
Fig. 1 illustrates only the property data base generating means that program 10 is generated with component 11-17 and property data base
1, it should be understood that Fig. 1 does not show that all components of property data base generating means 1, can substitute implementation it is more or
The less component of person.
In 1 embodiment of property data base generating means shown in Fig. 1, the memory as a kind of computer storage medium
The program code that property data base generates program 10 is stored in 11, processor 13 executes the property data base and generates program 10
When program code, following method is realized:
(1) the corresponding target flow of crawl target application.
(2) preliminary classification under default dimension is carried out to the target flow.
(3) feature extraction is carried out to the sorted target flow, extracted feature and the history saved is special
Sign database is matched, to carry out function anticipation to the target flow.
(4) using every anticipation result as a branch, the parsing tree for being directed to the target flow is generated.
(5) new property data base is generated according to the parsing tree.
Preferably, the method is before generating new property data base according to the parsing tree further include:
(6) foundation is branched into the parsing tree, test verifying is carried out to the corresponding objective function of the target flow,
Judge whether verification result meets the anticipation result of the branch.
(7) when the verification result does not meet the anticipation result, the branch is adjusted according to the verification result
Anticipation is as a result, then proceed to the step of executing test verifying.
(8) when the verification result meets the anticipation result, execution is described to generate new spy according to the parsing tree
The step of levying database.
The detailed description of the method please refers to following embodiments about characteristic library generating method, no longer superfluous herein
It states.
As shown in fig.2, the embodiment of the present invention also proposes a kind of characteristic library generating method, it is applied to the characteristic
According to library generating means 1.Method includes the following steps:
S10, the corresponding target flow of crawl target application.
Specifically, when operational objective in application, multiple processes that target application is initiated can be matched, and by each process
The flow of initiation carries out label with target application by flow associated tool and is associated with, then by the flow (target flow) after association
It is guided in the form of data flow.For the flow that non-targeted application is initiated, can be associated with without label, or carry out it
Its tag processes, realization distinguish target flow and non-targeted flow.Then, the property data base generating means 1
Target flow is grabbed according to the label.And the non-targeted flow generated for non-targeted application only makees forward process, no longer executes
Subsequent step.
S20 carries out the preliminary classification under default dimension to target flow.
Specifically, after grabbing out target flow, functional analysis is carried out to target flow for the ease of subsequent, first has to root
According in history feature database flow major class and other default identification methods the target flow is carried out under default dimension
Preliminary classification.The history feature database refers to the property data base generated before saved, the history feature data
It include the projects such as flow major class, group, feature description and corresponding function in library.For having been wrapped in the history feature database
The flow major class contained can identify the target flow by matching the target flow with the flow major class
Corresponding type.For the target flow that the flow major class in the history feature database can not match, need using it
He carries out preliminary classification at default identification method.Other described default identification methods can be it is existing it is all can be to various known
The technological means that is identified of discharge pattern.
In the present embodiment, the default dimension includes: http class flow, https class flow, p2p class flow, Qi Take
With the preset kind flow of identification and non-default type flow, need not processing flow, fail to identify flow (refering to shown in Fig. 3).
In other embodiments, specifically classification dimension can be adjusted according to actual needs, be had according to the feature of target application
Different division frames.
Wherein, http class flow, https class flow, p2p class flow are relatively common three categories discharge pattern.It is described
Other preset kind flows that can be identified refer to flow major class and other default identification sides in the history feature database
Which the common discharge pattern in addition to http class flow, https class flow, p2p class flow that formula can identify specifically includes
A little discharge patterns can be preset by user.Other non-default type flows that can be identified are including but not limited to such as postal
Part, all kinds of Virtual Private Network (Virtual Private Network, VPN), domain name system (Domain Name System,
DNS it) flows such as domain name mapping (possibly can not be summarized with some typonym), according to known publicly-owned agreement or can borrow
General utility tool is helped to be identified.The flow that need not handle refers to the flow with the unnecessary relevance of target application, such as address resolution
Agreement (Address Resolution Protocol, ARP), Simple Service Discovery Protocol (Simple Service
Discovery Protocol, SSDP) etc..It is described to fail to identify that flow refers to related to target application but not yet passes described go through
The flow that flow major class and other default identification methods in history property data base identify, in this section in flow, it is possible to
There is discharge pattern new specific to target application.
S30 carries out feature extraction to the sorted target flow, by extracted feature and the history feature number
It is matched according to library, to carry out function anticipation to the target flow.
Specifically, corresponding feature extraction is carried out to the various target flows after preliminary classification, thus into one
Step carries out fining cutting, intelligently by same subclass traffic partition at one kind, and adds individual features description and index value.It will
Extracted feature in the history feature database flow group and feature description matched, obtain corresponding function
Can, the function of the as described target flow prejudges result.
For example, for the feature extraction of the flow of http and https class, its function for having of selective analysis, example
Such as request server list, update, information reporting.
For example, for http class flow, including but not limited to following five characteristic dimensions: domain name, suffix, unified resource mark
Know symbol (Uniform Resource Identifier, URI) keyword, the head http, interaction data.
It is unified to extract domain name part according to certain sequence of extraction for domain name dimension, domain name is drawn by domain name analysis
Be divided into top level domain, second level domain, three-level domain name, level Four domain name, the function description of the corresponding target application of every kind of domain name with
Index value.
For suffix dimension, it may include picture, downloading, program request, live streaming, script etc., respectively correspond a kind of function description
With index value, if without suffix, be labeled as null.
For URI keyword dimension, the keyword in addition to domain name part is divided with slash "/", extracts emphasis keyword, is made
For one of the characteristic information of the URI, corresponding function description and index value will be generated respectively after emphasis key class.For
The head http dimension extracts the useful informations such as referer, content_type, divides corresponding function description and index value.
For interaction data dimension, the content that the interaction data refers to client and server is sent mutually, in interaction
Appearance divides into readable and unreadable part, and key message will be searched in readable portion, and key message is classified and is generated corresponding
Function description and index value.
By the stream in the corresponding function description of the feature of above-mentioned each dimension and index value and the history feature database
Amount group and feature description are matched, and corresponding function is obtained, and the function of the as described target flow prejudges result.
It is worth noting that, above-mentioned dimension can be made after can also combining separately as the foundation for distinguishing target flow
For the foundation for distinguishing target flow, but each target flow is at least tagged to by a dimension, with the history feature data
Library is matched.
In other embodiments, if the corresponding feature of the target flow can not be matched in the history feature database,
The target flow can also be carried out using other existing characteristic matching modes for various known discharge patterns special
Sign matching, to carry out function anticipation to the target flow.
S40 generates the parsing tree for being directed to the target flow using every anticipation result as a branch.
Specifically, according to function anticipation as a result, each target flow is marked by the feature of each dimension, often
Kind feature has corresponding function.Different weight factors is distributed for different dimensions, constructs target stream according to the weight factor
Parsing tree is measured, to generate test case, to carry out simplation verification.The weight factor is different, can produce different mesh
The mode classification of flow is marked, each mode classification indicates that each branch of parsing tree all illustrates one kind with a parsing tree
Target flow.Flow cutting is finer, and the branch of the parsing tree is accordingly finer.
S50 generates new property data base according to the parsing tree.
Specifically, one is generated according to the parsing tree exactly match the property data base that preferential, canonical matching is taken second place, institute
It states in property data base comprising the explication de texte to target flow as a result, being used for the traffic characteristic when the sorting of subsequent flow
Match.The information that the property data base specifically includes has: whether flow belongs to target application and each flow branch is corresponding
Function, all at least one corresponding label of label, the label specify the flow to these functions in the property data base
The function of branch.Similarly, the new property data base also includes flow major class, group, feature description and corresponding function etc.
Project.
Characteristic library generating method provided in this embodiment, can on the basis of the flow collection to target application,
Fining intelligent classification actively is carried out to target flow, determines the effect of function of the target flow played in target application, and
Final result is integrated into new property data base, update to property data base and perfect is realized, for subsequent in flow
Traffic characteristic matching is carried out when sorting.
As shown in fig.4, the embodiment of the present invention also proposes a kind of characteristic library generating method.In the present embodiment, institute
The S12-S42 stated in characteristic library generating method is similar with the S10-S40 of above-described embodiment, and difference is that this method is also wrapped
Include S52-S72.
S12, the corresponding target flow of crawl target application.
S22 carries out the preliminary classification under default dimension to target flow.
S32 carries out feature extraction to the sorted target flow, by extracted feature and the history feature number
It is matched according to library, to carry out function anticipation to the target flow.
S42 generates the parsing tree for being directed to the target flow using every anticipation result as a branch.
S52 branches into foundation with the parsing tree, carries out test to the corresponding objective function of the target flow and tests
Card, judges whether verification result meets the anticipation result of the branch.When the verification result does not meet the anticipation result,
Execute step S62.When the verification result meets the anticipation result, step S72 is executed.
Firstly, determining the branch of verifying to be tested on the basis of the parsing tree.Each target application has specifically
The function of being stressed selects corresponding branch according to function actually required to carry out test and functional verification.According to the mesh
The function that the corresponding target application of mark flow is stressed determines the branch of verifying to be tested, the as described objective function.
Then, it is tested by running the target application for the objective function, such as blocking test flow, mould
Quasi- network delay or packet loss, the different line outlets of switching etc., judge whether the corresponding target detection phenomenon of the objective function goes out
It is existing, to verify the target flow in the function of the target application, judge whether consistent with the anticipation result of the branch.
When target detection phenomenon occurs, indicates that verification result is consistent with the anticipation result of the branch, otherwise indicate inconsistent, it is described
Branch needs to be adjusted.
In verification process, can individually branch it verify, it can also be with multiple branch combinations, until the corresponding mesh of function of verifying
Mapping is tried phenomenon and is occurred.The result of every wheel test verifying is compared with the anticipation result of the branch, if being consistent, the branch
Verifying terminate, if the anticipation result with the branch is variant, by this test verifying branch information feed back, with right
It is adjusted.
For example, being interfered, i.e. analog network congestion, packet loss etc. the http request with some head feature.Example again
Such as, the https with same domain name critical field feature is requested, different operators outlet is walked in guidance.After interference or guidance, then
These interference or guidance operate in terms of the result finally generated, on what kind of influence caused by the use of the target application, are
It is no target detection phenomenon occur.
S62 adjusts the anticipation of the branch according to the verification result as a result, then return step 52, continue to adjustment
The branch afterwards carries out test verifying.
Specifically, which is to adjust the pre- of each branch of the parsing tree to test the actual result in verification process
Sentence as a result, adjusting target by the description of associated with target flow function and the index value such as being increased, deleting, change
The functional localization of flow is adjusted or is supplemented to the traffic classification of parsing tree, flow concrete function with verification result, then
Next one test verifying is carried out according to parsing tree adjusted, this process may need repeatedly to test verifying and feedback ability
Target detection phenomenon is obtained, to reach an ideal analysis result.
For example, analyzing the verifying when the verification result does not meet the anticipation result and which kind of test occur now
As what the corresponding function of test phenomenon is, to be adjusted to the corresponding function of the branch.Then, for adjustment
The branch afterwards carries out test verifying again, until verification result meets the anticipation result of the branch.
S72 generates new property data base according to the parsing tree.
Specifically, when the verification result meets the anticipation result, indicate that the branch is verified, when being needed
After the branch of test is all verified, can be exported according to the parsing tree to the explication de texte of the target flow as a result, from
And the new property data base is generated, it is matched for subsequent traffic characteristic.
Characteristic library generating method provided in this embodiment, can on the basis of the flow collection to target application,
Fining intelligent classification actively is carried out to target flow, and verifying and feedback adjustment are carried out to the target flow of classification, reaches and sentences
The effect of function of the constant flow played in target application, and final result is integrated into new property data base, it realizes to spy
The update of database and perfect is levied, to carry out traffic characteristic matching in flow sorting for subsequent.
As shown in fig.5, the embodiment of the present invention also proposes a kind of flow sorting equipment 2 for realizing flow method for sorting.?
In the present embodiment, the flow sorting equipment 2 can be DPI equipment or other electronic equipments with calculation function.
The flow sorting equipment 2 includes: memory 21, processor 23, network interface 25 and communication bus 27.Wherein,
Network interface 25 optionally may include standard wireline interface and wireless interface (such as WI-FI interface).Communication bus 27 is for real
Connection communication between these existing components.
Memory 21 includes at least a type of readable storage medium storing program for executing.The readable storage medium storing program for executing of at least one type
It can be the non-volatile memory medium of such as flash memory, hard disk, multimedia card, card-type memory.In some embodiments, described to deposit
Reservoir 21 can be the internal storage unit of flow sorting equipment 2, such as the hard disk of the flow sorting equipment 2.In other realities
It applies in example, the memory 21 is also possible to match on the external memory unit of flow sorting equipment 2, such as flow sorting equipment 2
Standby plug-in type hard disk, SMC card, SD card, flash card etc..
The memory 21 can be used for storing the application software and Various types of data for being installed on flow sorting equipment 2, such as
The related data generated in the program code and its operational process of flow sort program 20.
Processor 23 can be a central processing unit, microprocessor or other data processing chips in some embodiments,
Program code or processing data for being stored in run memory 21.
Fig. 5 illustrates only the flow sorting equipment 2 with component 21-27 and flow sort program 20, it should be understood that
, Fig. 5 do not show that all components of flow sorting equipment 2, can substitute and implement more or less component.
In 2 embodiment of flow sorting equipment shown in Fig. 5, as being deposited in a kind of memory 21 of computer storage medium
The program code for storing up flow sort program 20 when processor 23 executes the program code of the flow sort program 20, is realized such as
Lower method:
(1) the corresponding target flow of crawl target application.
(2) target flow is matched with preset property data base, to classify to the target flow
It is prejudged with function.Wherein the preset property data base is obtained according to features described above data library generating method, is specifically generated
Details are not described herein for journey.
As shown in fig.6, the embodiment of the present invention also proposes a kind of flow method for sorting, it is applied to the flow sorting equipment
2.Method includes the following steps:
S14, the corresponding target flow of crawl target application.
S24 matches the target flow, with preset property data base to classify to the target flow
It is prejudged with function.Wherein the preset property data base is obtained according to such as above-mentioned characteristic library generating method, specific raw
At process, details are not described herein.After determining the classification and function of the target flow, backend application may be output to, with further
The target flow is handled, for example, accelerating guidance, charge on traffic etc..
Flow method for sorting provided in this embodiment can be utilized when target flow passes through the flow sorting equipment
The property data base carries out high-precision matching, optimizes the flow matches depth and efficiency of the flow sorting equipment.
Through the above description of the embodiments, those skilled in the art can be understood that above-described embodiment side
Method can be realized by means of software and necessary general hardware platform, naturally it is also possible to by hardware, but in many cases
The former is more preferably embodiment.Based on this understanding, technical solution of the present invention substantially in other words does the prior art
The part contributed out can be embodied in the form of software products, which is stored in a storage medium
In (such as ROM/RAM, magnetic disk, CD), including some instructions are used so that a client (can be mobile phone, computer, electronics
Equipment, air conditioner or network equipment etc.) execute method described in each embodiment of the present invention.
The above is only a preferred embodiment of the present invention, is not intended to limit the scope of the invention, all to utilize this hair
Equivalent structure or equivalent flow shift made by bright specification and accompanying drawing content is applied directly or indirectly in other relevant skills
Art field, is included within the scope of the present invention.
Claims (10)
1. a kind of characteristic library generating method, which is characterized in that the described method includes:
Grab the corresponding target flow of target application;
Preliminary classification under default dimension is carried out to the target flow;
Feature extraction is carried out to the sorted target flow, by extracted feature and the history feature database saved
It is matched, to carry out function anticipation to the target flow;
Using every anticipation result as a branch, the parsing tree for being directed to the target flow is generated;
New property data base is generated according to the parsing tree.
2. characteristic library generating method as described in claim 1, which is characterized in that include in the history feature database
Flow major class, group, feature description and corresponding function.
3. characteristic library generating method as claimed in claim 2, which is characterized in that described to be carried out in advance to the target flow
If the preliminary classification under dimension includes:
According in the history feature database flow major class and other default identification methods institute is carried out to the target flow
State the preliminary classification under default dimension.
4. characteristic library generating method as claimed in claim 3, which is characterized in that the default dimension includes: http class
Flow, https class flow, p2p class flow, other preset kind flows that can be identified and non-default type flow need not be located
Reason flow fails to identify flow.
5. characteristic library generating method as claimed in claim 2, which is characterized in that it is described by extracted feature with protected
The history feature database deposited is matched, and includes: to carry out function anticipation to the target flow
By extracted feature in the history feature database flow group and feature description match, corresponded to
Function, the function of the as described target flow prejudges result.
6. characteristic library generating method as described in claim 1, which is characterized in that the method is according to the parsing tree
Before generating new property data base further include:
Foundation is branched into the parsing tree, test verifying is carried out to the corresponding objective function of the target flow, judgement is tested
Whether card result meets the anticipation result of the branch;
When the verification result does not meet the anticipation result, the anticipation knot of the branch is adjusted according to the verification result
Fruit then proceedes to the step of executing test verifying;And
When the verification result meets the anticipation result, execution is described to generate new property data base according to the parsing tree
The step of.
7. characteristic library generating method as claimed in claim 6, which is characterized in that described corresponding to the target flow
Objective function carries out testing the step of verifying
On the basis of the parsing tree, the function of being stressed according to the corresponding target application of the target flow determine to
Test the branch of verifying, the as described objective function;
It is tested by running the target application for the objective function, judges that the corresponding target of the objective function is surveyed
Whether examination phenomenon occurs, to verify the target flow in the function of the target application, judges whether and the branch
It is consistent to prejudge result.
8. a kind of property data base generating means, which is characterized in that described device includes memory, processor, the memory
On be stored with the property data base that can run on the processor and generate program, it is described that the property data base generates program
Such as claim 1-7 described in any item characteristic library generating methods are realized when processor executes.
9. a kind of flow method for sorting, which is characterized in that the described method includes:
Grab the corresponding target flow of target application;
The target flow is matched with preset property data base, with to the target flow carry out classification and function it is pre-
Sentence, wherein the preset property data base is obtained according to the described in any item characteristic library generating methods of such as claim 1-7
It arrives.
10. a kind of flow sorting equipment, which is characterized in that described device includes memory, processor, is stored on the memory
There is the flow sort program that can be run on the processor, is realized such as when the flow sort program is executed by the processor
Flow method for sorting as claimed in claim 9.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201811368052.9A CN109412898B (en) | 2018-11-16 | 2018-11-16 | Feature database generation method and device and corresponding flow sorting method and device |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201811368052.9A CN109412898B (en) | 2018-11-16 | 2018-11-16 | Feature database generation method and device and corresponding flow sorting method and device |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN109412898A true CN109412898A (en) | 2019-03-01 |
| CN109412898B CN109412898B (en) | 2021-02-02 |
Family
ID=65473576
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201811368052.9A Expired - Fee Related CN109412898B (en) | 2018-11-16 | 2018-11-16 | Feature database generation method and device and corresponding flow sorting method and device |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN109412898B (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN111865724A (en) * | 2020-07-28 | 2020-10-30 | 公安部第三研究所 | Information acquisition control implementation method for video monitoring equipment |
Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102394827A (en) * | 2011-11-09 | 2012-03-28 | 浙江万里学院 | Hierarchical classification method for internet flow |
| CN103634146A (en) * | 2013-11-27 | 2014-03-12 | 华为技术有限公司 | Network data processing method and device |
| US20150161024A1 (en) * | 2013-12-06 | 2015-06-11 | Qualcomm Incorporated | Methods and Systems of Generating Application-Specific Models for the Targeted Protection of Vital Applications |
| CN104796282A (en) * | 2015-03-12 | 2015-07-22 | 南京邮电大学 | Evaluating system and evaluating method for deep packet inspection product |
| CN106341285A (en) * | 2016-11-25 | 2017-01-18 | 杭州华三通信技术有限公司 | Traffic identification method and device |
| CN108289093A (en) * | 2017-12-29 | 2018-07-17 | 北京拓明科技有限公司 | The construction method and structure system in App application condition codes library |
-
2018
- 2018-11-16 CN CN201811368052.9A patent/CN109412898B/en not_active Expired - Fee Related
Patent Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102394827A (en) * | 2011-11-09 | 2012-03-28 | 浙江万里学院 | Hierarchical classification method for internet flow |
| CN103634146A (en) * | 2013-11-27 | 2014-03-12 | 华为技术有限公司 | Network data processing method and device |
| US20150161024A1 (en) * | 2013-12-06 | 2015-06-11 | Qualcomm Incorporated | Methods and Systems of Generating Application-Specific Models for the Targeted Protection of Vital Applications |
| CN104796282A (en) * | 2015-03-12 | 2015-07-22 | 南京邮电大学 | Evaluating system and evaluating method for deep packet inspection product |
| CN106341285A (en) * | 2016-11-25 | 2017-01-18 | 杭州华三通信技术有限公司 | Traffic identification method and device |
| CN108289093A (en) * | 2017-12-29 | 2018-07-17 | 北京拓明科技有限公司 | The construction method and structure system in App application condition codes library |
Non-Patent Citations (3)
| Title |
|---|
| 井丽南 等: "决策树网包分类算法综述", 《网络新媒体技术》 * |
| 陈金富 等: "P2P应用流量的高效分类方法研究", 《计算机应用与软件》 * |
| 陶晓玲 等: "基于本体的网络流量分类方法", 《计算机工程与设计》 * |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN111865724A (en) * | 2020-07-28 | 2020-10-30 | 公安部第三研究所 | Information acquisition control implementation method for video monitoring equipment |
| CN111865724B (en) * | 2020-07-28 | 2022-02-08 | 公安部第三研究所 | Information acquisition control implementation method for video monitoring equipment |
Also Published As
| Publication number | Publication date |
|---|---|
| CN109412898B (en) | 2021-02-02 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| Vlăduţu et al. | Internet traffic classification based on flows' statistical properties with machine learning | |
| CN106815112B (en) | Massive data monitoring system and method based on deep packet inspection | |
| CN105007282B (en) | The Malware network behavior detection method and system of network-oriented service provider | |
| CN105591973B (en) | Application identification method and device | |
| CN105187392B (en) | Mobile terminal from malicious software detecting method and its system based on Network Access Point | |
| CN106407002B (en) | Data processing task executes method and apparatus | |
| CN109151880A (en) | Mobile application flow identification method based on multilayer classifier | |
| RU2015156608A (en) | NETWORK DEVICE AND SERVICE PROCESS MANAGEMENT METHOD | |
| CN110245273B (en) | Method for acquiring APP service feature library and corresponding device | |
| CN108737213A (en) | A kind of parallel big handling capacity Permeation Test System of height based on FPGA and method | |
| CN113825129B (en) | Industrial Internet asset mapping method in 5G network environment | |
| US11558769B2 (en) | Estimating apparatus, system, method, and computer-readable medium, and learning apparatus, method, and computer-readable medium | |
| CN105657677A (en) | Short message sending method, short message gateway and service platform | |
| CN104618410B (en) | Resource supplying method and apparatus | |
| CN105516395A (en) | Network address assignment method and device | |
| CN104348638A (en) | Method for identifying service type of session flow and system and equipment thereof | |
| CN102752275B (en) | Matching route generation method and related device for signature library | |
| CN110034970A (en) | The network equipment distinguishes method of discrimination and device | |
| CN111404768A (en) | DPI recognition realization method and equipment | |
| CN116055448A (en) | Identification data management platform for electric power operation | |
| CN109412898A (en) | Characteristic library generating method and device and corresponding flow method for sorting and device | |
| CN107704494B (en) | User information collection method and system based on application software | |
| CN108347465B (en) | Method and device for selecting network data center | |
| CN116956252A (en) | Self-adaptive management method and system for platform multi-user renting | |
| CN106649678B (en) | Data processing method and system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant | ||
| CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20210202 |
|
| CF01 | Termination of patent right due to non-payment of annual fee |