CN107787003A - A kind of method and apparatus of flow detection - Google Patents
A kind of method and apparatus of flow detection Download PDFInfo
- Publication number
- CN107787003A CN107787003A CN201610712704.0A CN201610712704A CN107787003A CN 107787003 A CN107787003 A CN 107787003A CN 201610712704 A CN201610712704 A CN 201610712704A CN 107787003 A CN107787003 A CN 107787003A
- Authority
- CN
- China
- Prior art keywords
- address
- traffic
- acquiring
- api
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000001514 detection method Methods 0.000 title claims abstract description 29
- 238000000034 method Methods 0.000 title claims abstract description 19
- 238000007689 inspection Methods 0.000 claims description 4
- 230000000368 destabilizing effect Effects 0.000 abstract 1
- 238000012360 testing method Methods 0.000 abstract 1
- 230000004044 response Effects 0.000 description 12
- 230000006870 function Effects 0.000 description 10
- 238000005516 engineering process Methods 0.000 description 6
- 238000010586 diagram Methods 0.000 description 4
- 230000000977 initiatory effect Effects 0.000 description 4
- 230000008859 change Effects 0.000 description 2
- 238000010276 construction Methods 0.000 description 2
- 238000010295 mobile communication Methods 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 238000012986 modification Methods 0.000 description 2
- 230000000737 periodic effect Effects 0.000 description 2
- 230000008569 process Effects 0.000 description 2
- 238000006467 substitution reaction Methods 0.000 description 2
- 230000005540 biological transmission Effects 0.000 description 1
- 230000000903 blocking effect Effects 0.000 description 1
- 238000004891 communication Methods 0.000 description 1
- 230000006872 improvement Effects 0.000 description 1
- 230000003993 interaction Effects 0.000 description 1
- 230000011664 signaling Effects 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W24/00—Supervisory, monitoring or testing arrangements
- H04W24/08—Testing, supervising or monitoring using real traffic
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L43/00—Arrangements for monitoring or testing data switching networks
- H04L43/08—Monitoring or testing based on specific metrics, e.g. QoS, energy consumption or environmental parameters
- H04L43/0876—Network utilisation, e.g. volume of load or congestion level
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Environmental & Geological Engineering (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention discloses a kind of flow rate testing methods, including:Internet-ip address list is periodically obtained from wechat server according to preset parameter;The IP address of the wechat server is obtained according to the IP address list;The IP address is loaded into deep message detection DPI feature databases and the flow of the wechat server is identified according to the IP address.Know method for distinguishing so as to carry out flow using wechat server IP address is dynamically loaded into DPI feature databases, solve when wechat edition upgrading protocol characteristic changes situation, the renewal of DPI feature databases causes wechat flow to leak the problem of identifying or misidentifying not in time;Also solve due to network environment destabilizing factor, the problem of leading to not identify some imperfect wechat flows.
Description
Technical Field
The invention relates to the field of communication, in particular to a method and a device for detecting flow.
Background
In a Packet domain mobile communication network, a telecom operator usually deploys a Deep Packet Inspection (DPI) function in gateway equipment or independent network traffic analysis equipment, and identifies a protocol/Service application classification condition of user internet traffic by using the DPI function, and the operator can output functions such as an application classification statistical report, an application level Quality of Service (QoS) policy, an application level blocking or speed limiting, and application level content charging, according to an identification result of the DPI.
The DPI technology is an important basic technology for intelligent pipeline and flow management of telecommunication operators. In some application scenarios, the DPI identification accuracy is extremely high, for example, content charging is performed on the micro traffic, and if the DPI identification is not accurate, two situations may occur: one is that all the WeChat traffic is not identified, so the operator will receive less user fee, resulting in revenue loss; another is to misidentify other application traffic as WeChat, the operator may receive more user charges, which may lead to user complaints and decrease operator reputation.
Common DPI technologies include a shallow detection method based on an IP (Internet Protocol) address or a TCP/UDP (Transmission Control Protocol/User data program) port number, a deep detection method based on a Protocol or a keyword feature, a detection method based on a single stream, a heuristic detection method based on a multi-stream strong association relationship, a heuristic detection method based on an event weak association relationship, a detection method based on a network packet statistical feature, and the like. These detection methods either have untimely updating or have the potential that the detection rate may not be 100% accurate or may be misidentified.
In a mobile communication network, an instant messaging service platform, such as WeChat, is a very important application service. For the identification capability of the WeChat, telecom operators have high expectations. In the existing DPI technology, when protocol features change after a WeChat version is upgraded, a DPI feature library may not be updated timely, so that missed identification or false identification of WeChat flow is caused; in addition, because of network environment instability, the WeChat may generate some incomplete traffic (typically, only the uplink TCP SYN packet, or the number of packets in a flow is less than the expected number of DPI feature library), and the existing DPI technology may not be able to recognize the incomplete traffic. For these cases, there is no solution in the prior art.
Disclosure of Invention
The invention provides a flow detection method and a flow detection device, which at least solve the problem that the existing DPI technology cannot accurately identify WeChat flow.
According to an aspect of the present invention, there is provided a traffic detection method, including: periodically acquiring an internet IP address list from a WeChat server according to preset parameters; acquiring the IP address of the WeChat server according to the IP address list; and loading the IP address into a Deep Packet Inspection (DPI) feature library and identifying the flow of the WeChat server according to the IP address.
According to an aspect of the present invention, there is also provided a flow rate detection apparatus, including:
the first acquisition module is used for periodically acquiring an Internet IP address list from the WeChat server according to preset parameters;
the second acquisition module is used for acquiring the IP address of the WeChat server according to the IP address list;
and the DPI functional module is used for loading the IP address into a DPI characteristic library and identifying the flow of the WeChat server according to the IP address.
Has the advantages that: the method for dynamically loading the IP address of the WeChat server into the DPI feature library to identify the flow is adopted, so that the problem that the WeChat flow is not identified or identified by mistake due to the fact that the DPI feature library is not updated timely when the characteristics of the WeChat version upgrading protocol are changed is solved; the problem that incomplete WeChat flow cannot be identified due to unstable network environment is solved.
Drawings
The accompanying drawings, which are included to provide a further understanding of the invention and are incorporated in and constitute a part of this application, illustrate embodiment(s) of the invention and together with the description serve to explain the invention without limiting the invention. In the drawings:
FIG. 1 is a flow chart of a method of traffic detection according to an embodiment of the present invention;
fig. 2 is a signaling interaction diagram of a traffic detection method according to an embodiment of the present invention;
FIG. 3 is a block diagram of a flow detection device according to an embodiment of the present invention;
fig. 4 is a block diagram of a traffic detection device according to an embodiment of the present invention.
Detailed Description
It should be noted that the embodiments and features of the embodiments in the present application may be combined with each other without conflict. The present invention will be described in detail below with reference to the embodiments with reference to the attached drawings. It should be particularly noted that the references to "first" and "second" in the following text do not limit the embodiments of the present invention, but are used merely for convenience of distinction.
An embodiment of the present invention provides a traffic detection method, and fig. 1 is a traffic detection method according to an embodiment of the present invention, as shown in fig. 1, including the following steps:
s102, periodically acquiring an Internet IP address list from a WeChat server according to preset parameters;
s104, acquiring the IP address of the WeChat server according to the IP address list;
s106, loading the IP address to a Deep Packet Inspection (DPI) feature library and identifying the flow of the WeChat server according to the IP address.
Optionally, S102 includes constructing, according to the preset parameter, an API (Application Programming Interface) website for acquiring the access token and an API website for acquiring the IP address list; and periodically and regularly acquiring an Internet IP address list according to the API website.
The preset parameters comprise an application unique identifier, an application key, an application programming interface, an API website template and timing duration.
S106, when the IP address is matched with a destination address of traffic from a user to a network direction, marking an IP message corresponding to the traffic as WeChat; or when the IP address is matched with the source address of the traffic from the network to the user, the IP message corresponding to the traffic is marked as WeChat.
By adopting the method for dynamically loading the IP address of the WeChat server into the DPI feature library to identify the flow, the problem that the WeChat flow is not identified or identified by mistake because the DPI feature library is not updated timely when the characteristics of the WeChat version upgrading protocol are changed is solved; the problem that incomplete WeChat flow cannot be identified due to unstable network environment is solved.
In order to make the technical solution and implementation method of the present invention clearer, the following describes the implementation process in detail with reference to the preferred embodiments.
As shown in fig. 2, the following describes the implementation of the technical solution in further detail with reference to the attached drawings:
as shown in fig. 2, an embodiment of the present invention provides a flow detection method, including:
s200, presetting necessary parameters for flow detection, such as: the unique identifier is applied to the WeChat public number, the key is applied to the WeChat public number, the API website template is used for constructing and obtaining the access token, the timing duration is used for periodically and regularly obtaining the access token, the API website template is used for constructing and obtaining the IP address list, the timing duration is used for periodically and regularly obtaining the IP address list, and other related parameters.
For example, the wechat public application unique identifier may be in the form of: wx0123456789 abcdef. The WeChat public application Key may be in the form of: 01234567890abcdef01234567890 abcdef. The API web site template used to construct the get access token may be in the form of: https:// api. weixin. qq. com/cgi-bin/token? grant _ type ═ client _ creattial & appid ═ application unique identification > & secret ═ application key >. The timing duration for periodic timing reacquisition of the access token may be as follows: 7200 seconds. The API web site template used to construct the list of retrieved IP addresses may be in the form of: https:// api. weixin. qq. com/cgi-bin/getcalllbackip? access token < access token >. The timing duration for periodic timing reacquisition of the list of IP addresses may be as follows: 3600 seconds.
S202, periodically and regularly reading the configuration parameters, and substituting the application unique identifier and the application key into the API website template for obtaining the access token to construct the API website for obtaining the access token.
By way of example, the API website for generating the access token after substitution may be as follows:
https://api.weixin.qq.com/cgi-bin/token?grant_type=client_credential&appid=wx0123456789abcdef&secret=01234567890abcdef01234567890abcdef。
periodically initiating an HTTP request to the API website for acquiring the access token generated by the construction so as to acquire a corresponding HTTP response, and extracting the access token from the response.
In an HTTP response, there may also be a validity period for the access token, typically 7200 seconds, along with the access token. Preferably, the validity period duration is extracted, a duration slightly less than the value is taken, for example 7000 seconds, and the timing duration for periodically timing reacquiring the access token in the system is dynamically updated, so that the access token can be reacquired in time before it fails.
And if the effective duration exists in the HTTP response, the effective duration is preferably selected. And if the effective duration does not exist in the HTTP response, the configured timing duration is taken.
Periodically and regularly reading the configuration, and substituting the latest access token into the API website template for acquiring the IP address list to construct the API website for acquiring the IP address list.
The API web address that generates the list of acquired IP addresses after substitution may be like:
https:// api. weixin. qq. com/cgi-bin/getcalllbackip? GAKUI, where the ellipses represent a large number of similar characters, typically an access token may have over one hundred characters.
Periodically and regularly initiating an HTTP request to the API website successfully constructed to obtain the IP address list so as to obtain a corresponding HTTP response, and then extracting the IP address list from the response. In an HTTP response, the returned IP address list may contain tens or hundreds or more IP address/IP address segment records, where the IP address segments may be embodied in a masked form or other form. Typically, the possible shapes are:
{"ip_list":[
"101.226.62.77","101.226.62.78","101.226.62.79",
……
"180.163.15.168","180.163.15.169","101.226.103.0\/25",
……
"58.247.206.128\/25","103.7.30.21","103.7.30.64\/26"]}
the list of IP addresses contains a number of IP addresses of the trusted server. And dynamically adding the IP addresses or IP address network segments into a feature library of the DPI function and enabling the DPI function to be effective.
S204, using the updated WeChat server IP address to identify the WeChat flow:
based on a DPI method adopting the IP message-by-IP message matching, the destination address of the flow from the user to the network direction is matched; for traffic in the direction from the network to the user, its source address is matched. If the IP address of the WeChat server is matched with the IP address of the WeChat server, the corresponding IP message is marked as WeChat and then used or output by a DPI function.
Based on the DPI method adopting TCP/UDP flow matching, the destination address of the flow from the user to the network direction is matched as long as the first message or the first messages of the flow are matched; for traffic in the direction from the network to the user, its source address is matched. If the IP address of the WeChat server is matched with the IP address of the WeChat server, the corresponding IP message is marked as WeChat, and meanwhile, the TCP/UDP flow where the IP message is located is marked as WeChat, so that the TCP/UDP flow is used for a DPI function or output.
As shown in fig. 3, an embodiment of the present invention provides a flow rate detection apparatus, including:
a first obtaining module 300, configured to periodically and regularly obtain an internet IP address list from a wechat server according to preset parameters;
a second obtaining module 302, configured to obtain an IP address of the wechat server according to the IP address list;
a DPI function module 304, configured to load the IP address into a DPI feature library and identify the traffic of the WeChat server according to the IP address.
Optionally, the preset parameters in the scheme include: the unique identifier is applied to the WeChat public number, the key is applied to the WeChat public number, the API website template is used for constructing an access token acquisition device, the timing duration is used for periodically and regularly acquiring the access token again, the API website template is used for constructing an IP address list acquisition device, the timing duration is used for periodically and regularly acquiring the IP address list again, and other related parameters.
300 and 302 are specifically configured to periodically read parameters of the configuration module at regular time, and substitute the application unique identifier and the application key into the API website template for obtaining the access token to construct the API website for obtaining the access token.
Periodically initiating an HTTP request to the API website for acquiring the access token generated by the construction so as to acquire a corresponding HTTP response, and extracting the access token from the response. Periodically and regularly reading the configuration, and substituting the latest access token into the API website template for acquiring the IP address list to construct the API website for acquiring the IP address list. Periodically and regularly initiating an HTTP request to the API website successfully constructed to obtain the IP address list so as to obtain a corresponding HTTP response, and then extracting the IP address list from the response.
304, for DPI method based on adopting matching message by message, matching destination address of flow from user to network direction; for traffic in the direction from the network to the user, its source address is matched. If the IP address of the WeChat server is matched with the IP address of the WeChat server, the corresponding IP message is marked as WeChat and then used or output by a DPI function.
For the DPI method based on TCP/UDP flow matching, it is usually only necessary to match the first packet or the first few packets in the flow, and the destination address of the traffic from the user to the network is matched; for traffic in the direction from the network to the user, its source address is matched. If the IP address of the WeChat server is matched with the IP address of the WeChat server, the corresponding IP message is marked as WeChat, and meanwhile, the TCP/UDP flow where the IP message is located is marked as WeChat, so that the TCP/UDP flow is used for a DPI function or output.
It should be noted that the content described in the apparatus embodiment corresponds to the method embodiment described above, and the specific implementation process thereof has been described in detail in the method embodiment, and is not described herein again.
In summary, according to the method for dynamically loading the IP address of the wechat server to the DPI feature library to perform traffic identification in the above embodiment of the present invention, the problem that when the characteristics of the wechat version upgrade protocol change, the DPI feature library is not updated in time, so that the wechat traffic is not identified or identified incorrectly is solved; the problem that incomplete WeChat flow cannot be identified due to unstable network environment is solved.
The method provided by the embodiment of the application can be executed in a computer terminal or a similar operation device. Taking the example of running on a computer terminal, fig. 4 is a hardware structure block diagram of the computer terminal of the traffic detection method according to the embodiment of the present invention. As shown in fig. 4, the computer terminal 40 may include one or more processors 402 (only one shown in fig. 4), memory 404 for storing data. It will be understood by those skilled in the art that the structure shown in fig. 4 is only an illustration and is not intended to limit the structure of the electronic device. For example, the computer terminal 40 may also include more or fewer components than shown in FIG. 4, or have a different configuration than shown in FIG. 4.
The memory 404 may be used to store software programs and modules of application software, such as program instructions/modules corresponding to the flow detection method in the embodiment of the present invention, and the processor 402 executes various functional applications and data processing by running the software programs and modules stored in the memory 404, so as to implement the method described above. The memory 104 may include high speed random access memory, and may also include non-volatile memory, such as one or more magnetic storage devices, flash memory, or other non-volatile solid-state memory.
It will be apparent to those skilled in the art that the modules or steps of the present invention described above may be implemented by a general purpose computing device, they may be centralized on a single computing device or distributed over a network of multiple computing devices, and they may alternatively be implemented by program code executable by a computing device, such that they may be stored in a storage medium and executed by a computing device, or they may be separately fabricated into various integrated circuit modules, or multiple modules or steps thereof may be fabricated into a single integrated circuit module. Thus, the present invention is not limited to any specific combination of hardware and software.
The above description is only a preferred embodiment of the present invention and is not intended to limit the present invention, and various modifications and changes may be made by those skilled in the art. Any modification, equivalent replacement, or improvement made within the spirit and principle of the present invention should be included in the protection scope of the present invention.
Claims (8)
1. A method for detecting traffic, comprising:
periodically acquiring an internet IP address list from a WeChat server according to preset parameters;
acquiring the IP address of the WeChat server according to the IP address list;
and loading the IP address into a Deep Packet Inspection (DPI) feature library and identifying the flow of the WeChat server according to the IP address.
2. The traffic detection method according to claim 1, wherein said periodically obtaining a list of Internet IP addresses from the WeChat Server according to preset parameters comprises,
constructing an Application Programming Interface (API) website for acquiring the access token and an API website for acquiring an IP address list according to the preset parameters;
and periodically acquiring an internet IP address list according to the API website.
3. The traffic detection method according to claim 1 or 2, wherein the preset parameters include application unique identifier, application key, application programming interface, API web site template, and timing duration.
4. The traffic detection method of claim 1, wherein the identifying traffic of the WeChat Server according to the IP address comprises:
when the IP address is matched with a destination address of traffic in the direction from the terminal to the server, the IP message corresponding to the traffic is marked as WeChat; or,
and when the IP address is matched with the source address of the traffic from the server to the terminal, marking the IP message corresponding to the traffic as WeChat.
5. A flow sensing device, comprising:
the first acquisition module is used for periodically acquiring an Internet IP address list from the WeChat server according to preset parameters;
the second acquisition module is used for acquiring the IP address of the WeChat server according to the IP address list;
and the DPI functional module is used for loading the IP address into a DPI characteristic library and identifying the flow of the WeChat server according to the IP address.
6. The apparatus of claim 5, wherein the first obtaining module is further configured to,
constructing an API website for acquiring the access token and an API website for acquiring the IP address list according to the preset parameters; and periodically and regularly acquiring an Internet IP address list according to the API website.
7. The apparatus according to claim 5 or 6, wherein the preset parameters comprise application unique identifier, application key, application programming interface API web site template, and timing duration.
8. The apparatus of claim 5, wherein the identification module is further configured to:
when the IP address is matched with a destination address of traffic in the direction from the terminal to the server, the IP message corresponding to the traffic is marked as WeChat; or,
and when the IP address is matched with the source address of the traffic from the server to the terminal, marking the IP message corresponding to the traffic as WeChat.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201610712704.0A CN107787003A (en) | 2016-08-24 | 2016-08-24 | A kind of method and apparatus of flow detection |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201610712704.0A CN107787003A (en) | 2016-08-24 | 2016-08-24 | A kind of method and apparatus of flow detection |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN107787003A true CN107787003A (en) | 2018-03-09 |
Family
ID=61388144
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201610712704.0A Pending CN107787003A (en) | 2016-08-24 | 2016-08-24 | A kind of method and apparatus of flow detection |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN107787003A (en) |
Citations (25)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20070001723A1 (en) * | 2005-07-01 | 2007-01-04 | Via Technologies, Inc. | Clock and data recovery circuit and method thereof |
| CN101184000A (en) * | 2007-12-14 | 2008-05-21 | 北京交通大学 | Internet application traffic identification method based on packet sampling and application signature |
| CN101202652A (en) * | 2006-12-15 | 2008-06-18 | 北京大学 | Device and method for classifying and identifying network application traffic |
| CN101321097A (en) * | 2008-05-27 | 2008-12-10 | 南京邮电大学 | Recognition Method of Tencent Webcast Service Based on Payload Depth Detection |
| CN101442541A (en) * | 2008-12-30 | 2009-05-27 | 北京畅讯信通科技有限公司 | Method for recognizing P2P application encipher flux |
| EP2092765A2 (en) * | 2006-12-07 | 2009-08-26 | Starent Networks Corporation | Providing interaction management for communication networks |
| WO2009107117A2 (en) * | 2008-02-28 | 2009-09-03 | Alcatel Lucent | Compressed ip flow recognition for in-line integrated mobile dpi |
| CN101540772A (en) * | 2009-04-15 | 2009-09-23 | 成都市华为赛门铁克科技有限公司 | DPI (deep packet inspection) equipment and communication method thereof |
| CN101668035A (en) * | 2009-09-28 | 2010-03-10 | 中国人民解放军理工大学指挥自动化学院 | Method for recognizing various P2P-TV application video flows in real time |
| CN102347870A (en) * | 2010-07-29 | 2012-02-08 | 中国电信股份有限公司 | Flow rate security detection method, equipment and system |
| CN102710504A (en) * | 2012-05-16 | 2012-10-03 | 华为技术有限公司 | Application identification method and application identification device |
| CN103297270A (en) * | 2013-05-24 | 2013-09-11 | 华为技术有限公司 | Application type recognition method and network equipment |
| WO2014025225A1 (en) * | 2012-08-10 | 2014-02-13 | 주식회사 아이디어웨어 | Apparatus for detecting application packet data pattern |
| CN103618792A (en) * | 2013-11-29 | 2014-03-05 | 华为技术有限公司 | Data stream identification method and device |
| CN103873356A (en) * | 2012-12-11 | 2014-06-18 | 中国电信股份有限公司 | Household gateway based application identification method and system, and household gateway |
| WO2014093900A1 (en) * | 2012-12-13 | 2014-06-19 | Huawei Technologies Co., Ltd. | Content based traffic engineering in software defined information centric networks |
| CN102325061B (en) * | 2011-09-16 | 2014-07-02 | 北京星网锐捷网络技术有限公司 | Network monitoring method, equipment and system |
| CN104219339A (en) * | 2014-09-17 | 2014-12-17 | 北京金山安全软件有限公司 | Method and device for detecting address resolution protocol attack in local area network |
| CN104639391A (en) * | 2015-01-04 | 2015-05-20 | 中国联合网络通信集团有限公司 | Method for generating network flow record and corresponding flow detection equipment |
| CN104796406A (en) * | 2015-03-20 | 2015-07-22 | 杭州华三通信技术有限公司 | Method and device for identifying application |
| CN105357082A (en) * | 2014-12-22 | 2016-02-24 | 成都科来软件有限公司 | Method and device for identifying network flow |
| WO2016054179A1 (en) * | 2014-09-30 | 2016-04-07 | Convida Wireless, Llc | Dynamic policy control |
| CN105592449A (en) * | 2014-10-20 | 2016-05-18 | 中国电信股份有限公司 | Service identification method and system |
| CN105790960A (en) * | 2014-12-24 | 2016-07-20 | 中国电信股份有限公司 | Traffic identification method and system and traffic gateway |
| CN105792265A (en) * | 2014-12-23 | 2016-07-20 | 中国电信股份有限公司 | Malicious traffic detection method and system and monitoring platform |
-
2016
- 2016-08-24 CN CN201610712704.0A patent/CN107787003A/en active Pending
Patent Citations (25)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20070001723A1 (en) * | 2005-07-01 | 2007-01-04 | Via Technologies, Inc. | Clock and data recovery circuit and method thereof |
| EP2092765A2 (en) * | 2006-12-07 | 2009-08-26 | Starent Networks Corporation | Providing interaction management for communication networks |
| CN101202652A (en) * | 2006-12-15 | 2008-06-18 | 北京大学 | Device and method for classifying and identifying network application traffic |
| CN101184000A (en) * | 2007-12-14 | 2008-05-21 | 北京交通大学 | Internet application traffic identification method based on packet sampling and application signature |
| WO2009107117A2 (en) * | 2008-02-28 | 2009-09-03 | Alcatel Lucent | Compressed ip flow recognition for in-line integrated mobile dpi |
| CN101321097A (en) * | 2008-05-27 | 2008-12-10 | 南京邮电大学 | Recognition Method of Tencent Webcast Service Based on Payload Depth Detection |
| CN101442541A (en) * | 2008-12-30 | 2009-05-27 | 北京畅讯信通科技有限公司 | Method for recognizing P2P application encipher flux |
| CN101540772A (en) * | 2009-04-15 | 2009-09-23 | 成都市华为赛门铁克科技有限公司 | DPI (deep packet inspection) equipment and communication method thereof |
| CN101668035A (en) * | 2009-09-28 | 2010-03-10 | 中国人民解放军理工大学指挥自动化学院 | Method for recognizing various P2P-TV application video flows in real time |
| CN102347870A (en) * | 2010-07-29 | 2012-02-08 | 中国电信股份有限公司 | Flow rate security detection method, equipment and system |
| CN102325061B (en) * | 2011-09-16 | 2014-07-02 | 北京星网锐捷网络技术有限公司 | Network monitoring method, equipment and system |
| CN102710504A (en) * | 2012-05-16 | 2012-10-03 | 华为技术有限公司 | Application identification method and application identification device |
| WO2014025225A1 (en) * | 2012-08-10 | 2014-02-13 | 주식회사 아이디어웨어 | Apparatus for detecting application packet data pattern |
| CN103873356A (en) * | 2012-12-11 | 2014-06-18 | 中国电信股份有限公司 | Household gateway based application identification method and system, and household gateway |
| WO2014093900A1 (en) * | 2012-12-13 | 2014-06-19 | Huawei Technologies Co., Ltd. | Content based traffic engineering in software defined information centric networks |
| CN103297270A (en) * | 2013-05-24 | 2013-09-11 | 华为技术有限公司 | Application type recognition method and network equipment |
| CN103618792A (en) * | 2013-11-29 | 2014-03-05 | 华为技术有限公司 | Data stream identification method and device |
| CN104219339A (en) * | 2014-09-17 | 2014-12-17 | 北京金山安全软件有限公司 | Method and device for detecting address resolution protocol attack in local area network |
| WO2016054179A1 (en) * | 2014-09-30 | 2016-04-07 | Convida Wireless, Llc | Dynamic policy control |
| CN105592449A (en) * | 2014-10-20 | 2016-05-18 | 中国电信股份有限公司 | Service identification method and system |
| CN105357082A (en) * | 2014-12-22 | 2016-02-24 | 成都科来软件有限公司 | Method and device for identifying network flow |
| CN105792265A (en) * | 2014-12-23 | 2016-07-20 | 中国电信股份有限公司 | Malicious traffic detection method and system and monitoring platform |
| CN105790960A (en) * | 2014-12-24 | 2016-07-20 | 中国电信股份有限公司 | Traffic identification method and system and traffic gateway |
| CN104639391A (en) * | 2015-01-04 | 2015-05-20 | 中国联合网络通信集团有限公司 | Method for generating network flow record and corresponding flow detection equipment |
| CN104796406A (en) * | 2015-03-20 | 2015-07-22 | 杭州华三通信技术有限公司 | Method and device for identifying application |
Non-Patent Citations (1)
| Title |
|---|
| 陆晨: "基于流量采集IP定位及查询应用系统的设计与实现", 《中国优秀硕士学位论文库》 * |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US10812513B1 (en) | Correlation and consolidation holistic views of analytic data pertaining to a malware attack | |
| CN111953770B (en) | Route forwarding method and device, route equipment and readable storage medium | |
| CN102884764B (en) | Message receiving method, deep packet inspection device, and system | |
| CN110708215B (en) | Deep packet inspection rule base generation method, device, network equipment and storage medium | |
| US10218717B1 (en) | System and method for detecting a malicious activity in a computing environment | |
| CN111314285B (en) | Method and device for detecting route prefix attack | |
| CN112272179B (en) | Network security processing method, device, equipment and machine readable storage medium | |
| CN114143086B (en) | Web application identification method and device, electronic equipment and storage medium | |
| CN111104675A (en) | Method and device for detecting system security vulnerability | |
| CN113472831B (en) | Service access method, device, gateway equipment and storage medium | |
| WO2016119420A1 (en) | Method, apparatus and communication gateway for detecting malicious access to network resources | |
| CN105959294B (en) | A kind of malice domain name discrimination method and device | |
| EP4246891A1 (en) | System and method for detecting fraudulent network traffic | |
| CN111654556B (en) | Method and device for matching flow corresponding relation before and after translation of SNAT (network node attachment) equipment | |
| CN110995756B (en) | Method and device for calling service | |
| US10700879B2 (en) | Charging method and device, access device, service quality control method and device | |
| CN114070624B (en) | Message monitoring method, device, electronic equipment and medium | |
| CN109462589B (en) | Method, device and equipment for controlling network access of application program | |
| CN110768865B (en) | Deep packet inspection engine activation method and device and electronic equipment | |
| CN112104765A (en) | Illegal website detection method and device | |
| CN112073504A (en) | Request forwarding method, device, equipment and storage medium | |
| CN107787003A (en) | A kind of method and apparatus of flow detection | |
| CN114222002B (en) | Service request processing method and device, storage medium and electronic equipment | |
| EP3322124A1 (en) | Control method for application feature rules and application feature server | |
| CN108768987B (en) | Data interaction method, device and system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20180309 |