[go: up one dir, main page]

CN101558604B - Method and apparatus for peer-to-peer network traffic analysis - Google Patents

Method and apparatus for peer-to-peer network traffic analysis Download PDF

Info

Publication number
CN101558604B
CN101558604B CN200780044054.6A CN200780044054A CN101558604B CN 101558604 B CN101558604 B CN 101558604B CN 200780044054 A CN200780044054 A CN 200780044054A CN 101558604 B CN101558604 B CN 101558604B
Authority
CN
China
Prior art keywords
peer
identifying
nodes
list
supernode
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Expired - Fee Related
Application number
CN200780044054.6A
Other languages
Chinese (zh)
Other versions
CN101558604A (en
Inventor
J·里萨南
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Nokia Technologies Oy
Original Assignee
Nokia Inc
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Priority claimed from US11/907,780 external-priority patent/US20090106364A1/en
Application filed by Nokia Inc filed Critical Nokia Inc
Publication of CN101558604A publication Critical patent/CN101558604A/en
Application granted granted Critical
Publication of CN101558604B publication Critical patent/CN101558604B/en
Expired - Fee Related legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network
    • H04L67/104Peer-to-peer [P2P] networks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/66Arrangements for connecting between networks having differing types of switching systems, e.g. gateways
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L43/00Arrangements for monitoring or testing data switching networks
    • H04L43/02Capturing of monitoring data
    • H04L43/026Capturing of monitoring data using flow identification
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network
    • H04L67/104Peer-to-peer [P2P] networks
    • H04L67/1061Peer-to-peer [P2P] networks using node-based peer discovery mechanisms

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

Methods and apparatus may be provided for identifying and separately processing peer to peer traffic in a network. For example, the method may include: intelligent heuristics are used to identify supernodes of a peer-to-peer network. The method may also include using the feedback to identify additional nodes of the peer-to-peer network. The method may further comprise: the super node and the additional nodes are marked as peer nodes in the list. In some embodiments, the method may additionally include updating the list using intelligent updates.

Description

用于对等网络业务分析的方法和设备Method and device for peer-to-peer network traffic analysis

相关申请的交叉参考Cross References to Related Applications

本申请涉及并要求于2006年11月29日提交的、美国临时专利申请号No.60/661,447的优先权,通过参考将其全部在此并入。This application is related to and claims priority to US Provisional Patent Application No. 60/661,447, filed November 29, 2006, which is hereby incorporated by reference in its entirety.

技术领域 technical field

本发明总体上涉及用于从多个已有网络连接发现对等(P2P)网络连接的网络业务分析。已知的是P2P网络业务会在某些计算机网络中引起拥塞。在诸如通用分组无线服务(GPRS)的移动网络中标识并处理这种业务对于将网络资源的效率最大化而言是有帮助的。The present invention generally relates to network traffic analysis for discovering a peer-to-peer (P2P) network connection from a plurality of existing network connections. It is known that P2P network traffic can cause congestion in certain computer networks. Identifying and handling such traffic in a mobile network such as General Packet Radio Service (GPRS) is helpful in maximizing the efficiency of network resources.

背景技术 Background technique

在诸如传输控制协议/互联网协议(TCP/IP)网络的计算机网络中的网络连接通常由五元组(tuple)标识,诸如,使用的网络协议、源地址、源端口、目的地址和目的地端口。这五个特征或者五元组足以唯一地标识网络连接。在执行网络业务分析时,可以以各种方式标识并处理这五个设置。例如,将超文本传输协议(HTTP)业务标识为:协议=TCP/IP,目的地端口80,并且五元组中的其他设置可以变化。这样,可见,如果已知了五元组中的两个设置,则可以标识业务类型并对其进行分类。在流中数据的字节的方面,业务的内容还可以用于标识可应用的协议,但是有时可能对业务进行加密。这种加密可能使得难以获知正在传输的数据类型,并由此使网络分析复杂化。A network connection in a computer network such as a Transmission Control Protocol/Internet Protocol (TCP/IP) network is typically identified by a 5-tuple, such as the network protocol used, source address, source port, destination address, and destination port . These five characteristics, or quintuples, are sufficient to uniquely identify a network connection. These five settings can be identified and addressed in various ways when performing network traffic analysis. For example, Hypertext Transfer Protocol (HTTP) traffic is identified as: protocol=TCP/IP, destination port 80, and other settings in the quintuple can vary. In this way, it can be seen that if two settings in the quintuple are known, the business type can be identified and classified. The content of the traffic may also be used to identify the applicable protocol in terms of bytes of data in the stream, but traffic may sometimes be encrypted. This encryption can make it difficult to know what type of data is being transmitted and thus complicate network analysis.

发明内容 Contents of the invention

本发明的一个实施方式可以是一种方法。该方法可以包括标识对等连接模式。该方法还可以包括:将通过模式标识的业务标记为对等业务。该方法还可以包括将所述业务的目的地址标识为对等主机。该方法还可以附加地包括:将所述对等主机标记为超级节点(supernode)。该方法还可以包括将去往所述超级节点的网络连接视为对等网络连接。在某些实施方式中,该方法还可以包括标识不再接收对等业务的对等节点;以及一旦标识了不接收对等业务的节点,则终止将所述节点视为对等客户端。An embodiment of the invention may be a method. The method may include identifying a peer-to-peer connection mode. The method may also include marking the traffic identified by the pattern as peer-to-peer traffic. The method may also include identifying the destination address of the traffic as a peer host. The method may additionally include marking the peer host as a supernode. The method may also include treating network connections to said supernodes as peer-to-peer network connections. In some implementations, the method may also include identifying peer nodes that no longer receive peer-to-peer traffic; and once a node that does not receive peer-to-peer traffic is identified, ceasing to treat the node as a peer-to-peer client.

本申请的另一个实施方式可以是一种设备。该设备可以包括第一标识单元,配置用于基于连接模式来标识对等业务。该设备还可以包括标记单元,配置用于将所述业务标记为对等业务。该设备还可以包括主控单元,配置用于将所述业务的目的地主机规定为对等主机,以及将所述主机标记为超级节点,其中所述主控单元被配置用于将去往所述超级节点的所有业务和去往所述超级节点的所有网络连接视为对等网络连接。应当注意,如本申请中所使用的,“主控单元”使用术语“主控”并不因为该单元主控(参与主控某事物的动作),而是因为该单元例如可以将节点分类为主机。在某些实施方式中,该设备可以进一步包括:第二标识单元,配置用于标识不再接收对等业务的对等指定节点,以及移除将节点作为对等客户端的指定。Another embodiment of the present application may be an apparatus. The device may include a first identifying unit configured to identify peer-to-peer traffic based on a connection mode. The device may further include a marking unit configured to mark the service as a peer-to-peer service. The device may also include a master control unit configured to specify a destination host for the traffic as a peer host and to mark the host as a supernode, wherein the master control unit is configured to direct traffic destined for All services of the super node and all network connections to the super node are regarded as peer-to-peer network connections. It should be noted that "mastering unit" as used in this application uses the term "master" not because the unit masters (participates in the action of mastering something), but because the unit can, for example, classify nodes as host. In some implementations, the device may further include: a second identifying unit configured to identify a peer-to-peer designated node that no longer receives peer-to-peer services, and remove the designation of the node as a peer-to-peer client.

本发明的另一实施方式是另一方法。该方法可以包括:使用智能启发(heuristics)来标识对等网络的超级节点。该方法还可以包括:使用反馈来标识所述对等网络的附加节点。该方法还可以包括将所述超级节点和附加节点标记为列表中的对等节点。在某些实施方式中,该方法可以附加地包括:使用智能更新来更新所述列表。Another embodiment of the invention is another method. The method may include using intelligent heuristics to identify supernodes of the peer-to-peer network. The method may also include using the feedback to identify additional nodes of the peer-to-peer network. The method may also include marking the supernode and additional nodes as peer nodes in the list. In some implementations, the method may additionally include updating the list using smart updates.

本发明的附加实施方式是另一设备。该设备可以包括:第一标识单元,配置用于使用智能启发来标识对等网络的超级节点。该设备还可以包括第二标识单元,配置用于使用反馈来标识所述对等网络的附加节点。该设备还可以包括标记单元,配置用于将所述超级节点和附加节点标记为列表中的对等节点。在某些实施方式中,该设备可以附加地包括:使用智能更新来更新所述列表。An additional embodiment of the invention is another device. The device may include: a first identification unit configured to use intelligent heuristics to identify super nodes of the peer-to-peer network. The device may also include a second identifying unit configured to use the feedback to identify additional nodes of the peer-to-peer network. The device may further comprise a marking unit configured to mark said supernode and additional nodes as peer nodes in the list. In some implementations, the device may additionally include updating the list using smart updates.

本发明的又一实施方式可以是有形地包含在编码指令的计算机可读介质上的计算机程序,该指令用于执行各种功能。该计算机程序可以包括用于使用智能启发来标识对等网络的超级节点的指令。该计算机程序还可以包括使用反馈来标识所述对等网络的附加节点的指令。该计算机程序还可以包括将所述超级节点和附加节点标记为列表中的对等节点的指令。在某些实施方式中,该计算机程序可以附加地包括使用智能更新来更新所述列表的指令。Yet another embodiment of the present invention may be a computer program tangibly embodied on a computer-readable medium encoding instructions for performing various functions. The computer program may include instructions for using intelligent heuristics to identify supernodes of the peer-to-peer network. The computer program may also include instructions for using the feedback to identify additional nodes of the peer-to-peer network. The computer program may also include instructions for marking the supernode and additional nodes as peer nodes in the list. In some embodiments, the computer program may additionally include instructions for updating said list using smart update.

本发明的附加实施方式可以是又一设备。该设备可以包括标识装置,用于使用智能启发来标识对等网络的超级节点和使用反馈来标识所述对等网络的附加节点。该设备还可以包括标记装置,用于将所述超级节点和附加节点标记为列表中的对等节点。在本发明的某些实施方式中,该设备还可以包括更新装置,用于使用智能更新来更新所述列表。An additional embodiment of the invention may be yet another device. The apparatus may comprise identifying means for using intelligent heuristics to identify supernodes of the peer-to-peer network and feedback to identify additional nodes of said peer-to-peer network. The device may also include marking means for marking said supernode and additional nodes as peer nodes in the list. In some embodiments of the present invention, the device may further include updating means for updating the list by using intelligent updating.

附图说明 Description of drawings

为了正确理解本发明,对附图进行参考,在附图中:For a proper understanding of the invention, reference is made to the accompanying drawings, in which:

图1示出了根据本发明实施方式的流程图;Fig. 1 shows a flowchart according to an embodiment of the present invention;

图2是P2P网络的一般性图示,其中多个节点可以通过集线器或交换机彼此虚拟直连;Figure 2 is a general illustration of a P2P network, where multiple nodes can be virtually directly connected to each other through a hub or a switch;

图3示出了被配置用于实现本发明的设备框图;以及Figure 3 shows a block diagram of a device configured to implement the present invention; and

图4是示出了本发明另一实施方式的流程图。FIG. 4 is a flowchart illustrating another embodiment of the present invention.

具体实施方式 Detailed ways

根据本发明的示例性方法可以是这样的方法,其执行网络分析以标识P2P业务,并阻止P2P业务、对P2P业务进行收费或者对该P2P业务执行特定处理,以便最大化对宝贵的网络资源的有效使用。Exemplary methods according to the present invention may be methods that perform network analysis to identify P2P traffic, and block P2P traffic, charge for P2P traffic, or perform specific processing on the P2P traffic in order to maximize the use of valuable network resources. Use effectively.

在诸如例如SkypeTM的P2P网络中,业务进行了加密,并且不存在P2P客户端持续连接的中央服务器。这种配置使得难以标识对P2P协议的利用进行标识的五元组。某些P2P网络可以特殊对待某些P2P节点;例如,如果节点具有足够的网络容量,则在某些情况下,P2P业务可以通过此节点被路由。由于其用于携带大量数据和/或业务的运载力或容量,这种节点通常被称为超级节点。In a P2P network such as eg Skype traffic is encrypted and there is no central server to which P2P clients are constantly connected. This configuration makes it difficult to identify the five-tuples that identify the utilization of the P2P protocol. Certain P2P networks may treat certain P2P nodes specially; for example, P2P traffic may be routed through this node in some cases if the node has sufficient network capacity. Such nodes are often referred to as supernodes due to their capacity or capacity for carrying large amounts of data and/or traffic.

在网络业务分析方法和系统中,对超级节点的标识可以有助于简化对业务的处理。通常,去往和来自超级节点的大量业务(或者有时所有业务)是P2P业务。这样,通常,去往和来自超级节点的所有连接是P2P连接。In the network service analysis method and system, the identification of super nodes can help to simplify service processing. Typically, a large amount of traffic (or sometimes all traffic) to and from supernodes is P2P traffic. As such, generally, all connections to and from supernodes are P2P connections.

本发明的某些实施方式可以使用具有反馈的智能启发来在网络业务分析中标识P2P五元组。例如,可以称为节点A的P2P客户端可以由这样的事实来标识:其在短时间窗口(在很多情况下,可以短于1秒)内创建去往其他对等体的大量连接。Certain embodiments of the invention may use intelligent heuristics with feedback to identify P2P quintuples in network traffic analysis. For example, a P2P client, which may be referred to as Node A, may be identified by the fact that it creates a large number of connections to other peers within a short time window (in many cases, may be less than 1 second).

根据本发明的某些方法和系统可以标识此连接模式,并将该业务标记为P2P业务。本发明的某些实施方式例如可以标识五元组中的两个特征,即,协议和源地址。因此,网络连接可以被分类为P2P业务。这一阶段的分析可以称为智能启发式阶段。Certain methods and systems according to the present invention can identify this connection mode and mark the traffic as P2P traffic. Certain embodiments of the invention may, for example, identify two characteristics in the quintuple, namely, protocol and source address. Therefore, network connections can be classified as P2P traffic. This stage of analysis can be called the intelligent heuristic stage.

当找到五元组时,则P2P网络中可以称为(为了方便)节点B的目的地主机或其他对等体可以视为潜在的P2P主机/客户端。如果有去往节点B的很多连接,则节点B也可以被标记为超级节点,并且去往其的网络连接都可以被视为P2P网络连接。这一分析阶段可以称为反馈阶段。When a quintuple is found, then a destination host or other peer in the P2P network, which may be called (for convenience) a Node B, may be considered a potential P2P host/client. If there are many connections to Node B, then Node B can also be marked as a super node, and all network connections to it can be regarded as P2P network connections. This analysis phase can be called the feedback phase.

本发明的某些实施方式还可以标识不再接收P2P业务的P2P节点。在很多情况下,计算机网络可以使用动态互联网协议(IP)地址指派。换言之,主机或客户端的IP地址可以随着时间而变化。本发明的某些实施方式可以标识:在某段时间内,已有P2P客户端/主机(例如,节点A)并未收到任何P2P数据或业务。因此,本发明的该实施方式将不再把节点A视为P2P客户端。这可以称为分析的智能更新阶段。Certain embodiments of the present invention may also identify P2P nodes that no longer receive P2P traffic. In many cases, computer networks may use dynamic Internet Protocol (IP) address assignments. In other words, the IP address of a host or client can change over time. Some embodiments of the present invention may identify that: within a certain period of time, the existing P2P client/host (for example, node A) has not received any P2P data or service. Therefore, this embodiment of the invention will no longer consider node A to be a P2P client. This can be called the intelligent update phase of the analysis.

这样,本发明的某些实施方式可以使用智能启发、反馈和智能更新从网络业务标识P2P五元组信息。这种标识可以支持P2P网络业务分类,并支持以不同于其他网络业务的方式来对待P2P业务。As such, certain embodiments of the present invention may identify P2P quintuple information from network traffic using intelligent heuristics, feedback, and intelligent updates. This identification can support the classification of P2P network services, and support the treatment of P2P services in a manner different from other network services.

这种实施方式可以有助于显著增大网络资源的有效使用,并潜在地避免耗尽宝贵的网络资源。现有网络分析方法和系统不能以在优势方面与本发明的实施方式媲美的方式来标识和分析P2P网络业务。Such an implementation can help to significantly increase the efficient use of network resources and potentially avoid exhausting valuable network resources. Existing network analysis methods and systems cannot identify and analyze P2P network traffic in a manner comparable in advantages to embodiments of the present invention.

因此,根据本发明实施方式的某些方法和设备能够检测到节点在预定时间内至少发起去往其他节点的预定数量的连接;以及将这种发起节点分类为P2P节点和/或获得P2P五元组。本发明的某些实施方式还可以检测这样连接的节点是否具有去往其他节点的多于预定数量的连接。Therefore, some methods and devices according to embodiments of the present invention can detect that a node initiates at least a predetermined number of connections to other nodes within a predetermined time; and classify such initiating nodes as P2P nodes and/or obtain P2P quintuple Group. Certain embodiments of the invention may also detect whether such connected nodes have more than a predetermined number of connections to other nodes.

本发明的某些实施方式随后可以将这种节点分类为P2P节点。用于标识是否做出预定数量连接的预定时间窗口例如可以是1秒,并且预定数量的连接例如可以是在1秒时间段内的五个连接。本发明的某些实施方式可以使这种参数可配置。Certain embodiments of the invention may then classify such nodes as P2P nodes. The predetermined time window for identifying whether to make a predetermined number of connections may be, for example, 1 second, and the predetermined number of connections may be, for example, five connections within a time period of 1 second. Certain embodiments of the invention may make such parameters configurable.

本发明的各种实施方式可以以多种类型的网络和系统实现,包括其中部署有许多P2P节点的计算机网络,和蜂窝/IP多媒体子系统(IMS)网络,在该IMS网络中,蜂窝或移动用户设备通过基站通信或者直接通信,其中用户终端可以是或者包括节点和/或基站可以是或者包括节点。Various embodiments of the invention can be implemented in many types of networks and systems, including computer networks in which many P2P nodes are deployed, and cellular/IP Multimedia Subsystem (IMS) networks in which cellular or mobile The user equipment communicates via a base station or directly, wherein the user terminal may be or include a node and/or the base station may be or include a node.

本发明特定实施方式还可以实现为在计算机可读介质上包含的计算机软件,其中软件能够在处理器上运行,并控制处理器执行例如上述方法的步骤。这种软件还使得处理器被配置为此处讨论的各种硬件元件。Certain embodiments of the present invention can also be implemented as computer software contained on a computer-readable medium, where the software can run on a processor and control the processor to perform, for example, the steps of the above-mentioned methods. Such software also enables the processor to be configured as the various hardware elements discussed herein.

更具体地,本发明的某些实施方式可以例如具体化为业务分析器和/或防火墙计算机硬件、计算机软件或其混合。这样,本发明的某些实施方式例如可以实现在通用计算机或专用集成电路(ASIC)上。More specifically, certain embodiments of the invention may, for example, be embodied in traffic analyzer and/or firewall computer hardware, computer software, or a mixture thereof. As such, certain embodiments of the invention may be implemented on, for example, a general purpose computer or an application specific integrated circuit (ASIC).

图1示出了根据本发明实施方式的流程图。根据图1,进行检查110,以便查看P2P客户端是否在给定时段内发起了预定数量的连接。如果答案是“是”,则将发起节点标识120为P2P节点。随后,进行检查130以确定连接至发起节点的其他节点在给定的时段内是否具有足够的连接容量。如果是(例如,如果它们具有足够触发这样推断的容量,即,它们是超级节点),则这些其他节点被分类140为P2P节点。Fig. 1 shows a flowchart according to an embodiment of the present invention. According to Fig. 1, a check 110 is made to see if the P2P client has initiated a predetermined number of connections within a given period of time. If the answer is "yes", then the initiating node is identified 120 as a P2P node. A check 130 is then made to determine if other nodes connected to the initiating node have sufficient connection capacity for a given period of time. If so (eg, if they have sufficient capacity to trigger an inference that they are supernodes), these other nodes are classified 140 as P2P nodes.

图1中所示实施方式和本发明的各种其他实施方式可以随后监控150去往P2P节点的业务,以便确定针对该节点的P2P业务是否仍在传输。如果在预定时段内没有接收到P2P业务,则不再将节点视为160P2P节点。The embodiment shown in FIG. 1 and various other embodiments of the invention may then monitor 150 traffic to a P2P node to determine whether P2P traffic for that node is still being transmitted. If no P2P traffic is received within a predetermined period, the node is no longer considered a 160 P2P node.

图2是P2P网络的一般性图示,其中多个节点可以通过集线器或交换机(集线器或交换机未示出)彼此虚拟直接连接。这种网络可以不同于客户端-服务器网络,在客户端-服务器网络中,所有网络节点逻辑上都连接至用于文件服务的公共文件服务器。Fig. 2 is a general illustration of a P2P network in which multiple nodes can be virtually directly connected to each other through a hub or switch (hub or switch not shown). Such a network may differ from a client-server network in which all network nodes are logically connected to a common file server for file serving.

例如,在一种流行的P2P网络实施方式中,节点直接与另一节点共享文件,而不用将文件上传至文件服务器以供后续取回。如前所述,图2的节点可以包括各种类型的用户设备,包括蜂窝电话、基站、计算机、膝上型计算机、台式计算机等。For example, in one popular implementation of a P2P network, a node directly shares a file with another node without uploading the file to a file server for subsequent retrieval. As previously mentioned, the nodes of FIG. 2 may include various types of user equipment, including cellular telephones, base stations, computers, laptops, desktops, and the like.

这样,例如节点A、节点B、节点C、节点D和节点E例如可以是这样的移动通信设备:其能够例如通过移动交换中心(MSC)、基站(BS)或类似技术彼此通信。备选地,节点可以是由在物理星形拓扑中的单个路由器或交换机连接的LAN的节点。不需要所有的节点都是同一物理网络的部分。Thus, eg Node A, Node B, Node C, Node D and Node E may eg be mobile communication devices capable of communicating with each other eg via a Mobile Switching Center (MSC), Base Station (BS) or similar technology. Alternatively, the nodes may be nodes of a LAN connected by a single router or switch in a physical star topology. All nodes need not be part of the same physical network.

图3示出了被配置用于实现本发明的设备的框图。该设备可以包括发起单元310,该单元310监控客户端节点发起的连接。标识单元320可以将发起节点标识为P2P节点,以及标记单元330可以将业务标记为P2P业务。Fig. 3 shows a block diagram of a device configured to implement the present invention. The device may comprise an initiating unit 310 that monitors connections initiated by client nodes. The identifying unit 320 may identify the originating node as a P2P node, and the marking unit 330 may mark the service as a P2P service.

标识单元320可以依赖于P2P业务的各种指标,诸如,在特定时间帧内生成的连接的数量。用于将P2P业务形式与例如传统web浏览HTTP业务相区分的其他技术也可以使用。这些单元可以执行分析的智能启发阶段。The identification unit 320 may rely on various indicators of the P2P traffic, such as the number of connections generated within a certain time frame. Other techniques for distinguishing P2P traffic forms from eg traditional web browsing HTTP traffic may also be used. These units can perform the intelligent heuristic phase of the analysis.

另一标识单元340随后可以基于符合特定标准的、去往其他P2P节点的连接数量而标识该其他P2P节点,并返回标记单元330以标记其他P2P节点。这些单元可以执行分析的反馈阶段。去分类单元350可以监控去往已经被标识为P2P节点的那些节点的P2P业务,并可以从不再接收P2P业务的P2P节点中移除P2P目的地。Another identification unit 340 may then identify other P2P nodes based on the number of connections to other P2P nodes meeting certain criteria, and return to the marking unit 330 to mark other P2P nodes. These units can perform the feedback phase of the analysis. The declassification unit 350 may monitor P2P traffic destined for those nodes that have been identified as P2P nodes, and may remove P2P destinations from P2P nodes that no longer receive P2P traffic.

去分类单元350可以与标识单元320、标记单元330和另一标识单元340合作,以便执行其操作。这些单元可以执行分析的智能更新阶段。The declassification unit 350 may cooperate with the identification unit 320, the marking unit 330 and another identification unit 340 in order to perform its operations. These units can perform the intelligent update phase of the analysis.

图4是示出了本发明另一实施方式的流程图。根据图4,在401处,P2P客户端在给定时间量内创建预定数量的连接。在402处,将来自于该P2P客户端的业务标记为P2P业务。在403处,使用协议和源地址(其是五元组中的两项),将连接分类为P2P连接。FIG. 4 is a flowchart illustrating another embodiment of the present invention. According to FIG. 4, at 401, a P2P client creates a predetermined number of connections within a given amount of time. At 402, traffic from the P2P client is marked as P2P traffic. At 403, the connection is classified as a P2P connection using the protocol and source address, which are two items in the quintuple.

在404处,如图4所示,目的地主机可以基于五元组被标识。如果连接容量符合在一段时间内针对连接容量的预定标准,则在405处将该目的地主机分类为P2P主机或超级节点。At 404, as shown in FIG. 4, the destination host can be identified based on the five-tuple. If the connection capacity meets predetermined criteria for connection capacity over a period of time, then at 405 the destination host is classified as a P2P host or supernode.

在406处,当P2P业务低于预定阈值或下降为0时,P2P节点被去分类为非P2P节点。图4中所示过程可以重复执行,并且所描述的步骤不必须仅仅因为其被以该顺序示出就按照该示出的顺序执行。At 406, when the P2P traffic falls below a predetermined threshold or drops to 0, the P2P node is declassified as a non-P2P node. The process shown in FIG. 4 may be performed repeatedly, and the steps described do not have to be performed in the order shown just because they are shown in that order.

本领域普通技术人员容易理解,上述本发明可以利用不同顺序的步骤执行,和/或利用不同于此处公开的配置中的硬件元件实现。因此,尽管基于这些优选实施方式描述了本发明,但是对于本领域技术人员而言,某些修改、变体和备选结构是显然的,并同时落入本发明的精神和范围内。因此,为了确定本发明的边界和范围,应当参考所附权利要求书。Those of ordinary skill in the art will readily appreciate that the present invention described above may be performed using steps in a different order, and/or implemented using hardware elements in configurations other than those disclosed herein. Therefore, while the invention has been described based on these preferred embodiments, certain modifications, variations, and alternative constructions will be apparent to those skilled in the art, while falling within the spirit and scope of the invention. In order to determine the metes and bounds of the invention, therefore, reference should be made to the appended claims.

Claims (28)

1.一种用于对等网络业务分析的方法,包括:1. A method for peer-to-peer network traffic analysis, comprising: 标识对等连接模式,其中标识对等连接模式包括确定在预定时间内已经发起预定数目的连接;identifying a peer-to-peer connection mode, wherein identifying the peer-to-peer connection mode includes determining that a predetermined number of connections have been initiated within a predetermined time; 将通过所述对等连接模式标识的业务标记为对等业务;marking traffic identified by said peer-to-peer connection mode as peer-to-peer traffic; 将所述业务的目的地址标识为对等主机;identifying the destination address of the traffic as a peer host; 将所述对等主机标记为超级节点;以及mark the peer host as a supernode; and 将去往标记的超级节点的网络连接视为对等网络连接。Treat network connections to marked supernodes as peer-to-peer network connections. 2.根据权利要求1所述的方法,进一步包括:2. The method of claim 1, further comprising: 标识不再接收对等业务的对等节点;以及Identify peer nodes that are no longer receiving peer-to-peer traffic; and 一旦标识了不接收对等业务的节点,则终止将所述节点视为对等客户端。Once a node that does not receive peer-to-peer traffic is identified, the node is ceased to be considered a peer-to-peer client. 3.一种用于对等网络业务分析的设备,包括:3. A device for peer-to-peer network service analysis, comprising: 第一标识单元,配置用于基于连接模式来标识对等业务,其中标识对等业务包括确定在预定时间内已经发起预定数目的连接;A first identification unit configured to identify a peer-to-peer service based on a connection mode, wherein identifying the peer-to-peer service includes determining that a predetermined number of connections have been initiated within a predetermined time; 标记单元,配置用于将所述业务标记为对等业务;a marking unit configured to mark the service as a peer-to-peer service; 主控单元,配置用于将所述业务的目的地主机规定为对等主机,以及将所述主机标记为超级节点,其中所述主控单元被配置用于将去往标记的超级节点的所有业务和去往所述超级节点的所有网络连接视为对等网络连接。a master control unit configured to specify a destination host for the traffic as a peer host and to mark the host as a supernode, wherein the master control unit is configured for all traffic destined for the marked supernode Business and all network connections to the supernodes are considered peer-to-peer network connections. 4.根据权利要求3所述的设备,进一步包括:4. The apparatus of claim 3, further comprising: 第二标识单元,配置用于标识不再接收对等业务的对等指定节点,以及移除将节点作为对等客户端的指定。The second identifying unit is configured to identify peer-to-peer designated nodes that no longer receive peer-to-peer services, and remove the designation of the node as a peer-to-peer client. 5.一种用于对等网络业务分析的方法,包括:5. A method for peer-to-peer network traffic analysis, comprising: 使用智能启发来标识对等网络的超级节点,其中标识对等网络的超级节点包括确定在预定时间内已经发起预定数目的连接;using intelligent heuristics to identify supernodes of the peer-to-peer network, wherein identifying supernodes of the peer-to-peer network includes determining that a predetermined number of connections have been initiated within a predetermined time; 使用反馈来标识所述对等网络的附加节点;以及using feedback to identify additional nodes of the peer-to-peer network; and 将所述超级节点和附加节点标记为列表中的对等节点。Mark the supernode and additional nodes as peers in the list. 6.根据权利要求5所述的方法,进一步包括:6. The method of claim 5, further comprising: 使用智能更新来更新所述列表。Use Smart Update to update the list. 7.根据权利要求6所述的方法,其中更新所述列表包括:当节点不再参与对等网络业务时,将所述节点从所述列表中移除。7. The method of claim 6, wherein updating the list comprises removing a node from the list when the node is no longer participating in peer-to-peer network traffic. 8.根据权利要求5所述的方法,其中标识所述超级节点包括:标识所述超级节点的五元组的至少两个特征。8. The method of claim 5, wherein identifying the supernode comprises identifying at least two characteristics of a quintuple of the supernode. 9.根据权利要求8所述的方法,其中所述至少两个特征包括协议和源地址。9. The method of claim 8, wherein the at least two characteristics include protocol and source address. 10.根据权利要求5所述的方法,其中标识所述超级节点包括:标识所述超级节点遇到的连接数量大于预定时间量内的预定阈值。10. The method of claim 5, wherein identifying the supernode comprises identifying that the number of connections encountered by the supernode is greater than a predetermined threshold for a predetermined amount of time. 11.根据权利要求10所述的方法,其中所述预定时间量为1秒,并且其中所述预定阈值为5。11. The method of claim 10, wherein the predetermined amount of time is 1 second, and wherein the predetermined threshold is five. 12.根据权利要求5所述的方法,其中标识附加节点包括:标识与所述超级节点通信的节点。12. The method of claim 5, wherein identifying additional nodes comprises identifying nodes in communication with the supernode. 13.根据权利要求5所述的方法,进一步包括:13. The method of claim 5, further comprising: 基于所述列表,阻止与所述列表上的节点的通信。Based on the list, communication with nodes on the list is blocked. 14.根据权利要求5所述的方法,进一步包括:14. The method of claim 5, further comprising: 基于所述列表,对所述列表上的节点计费或收费。Based on the list, the nodes on the list are billed or charged. 15.根据权利要求5所述的方法,其中标记所述超级节点和附加节点包括:具体区分普通节点和超级节点。15. The method of claim 5, wherein marking the supernodes and additional nodes comprises specifically distinguishing between normal nodes and supernodes. 16.一种用于对等网络业务分析的设备,包括:16. A device for peer-to-peer network traffic analysis, comprising: 第一标识单元,配置用于使用智能启发来标识对等网络的超级节点,其中标识对等网络的超级节点包括确定在预定时间内已经发起预定数目的连接;A first identifying unit configured to identify a supernode of the peer-to-peer network using intelligent heuristics, wherein identifying the supernode of the peer-to-peer network includes determining that a predetermined number of connections have been initiated within a predetermined time; 第二标识单元,配置用于使用反馈来标识所述对等网络的附加节点;以及a second identification unit configured to use feedback to identify additional nodes of the peer-to-peer network; and 标记单元,配置用于将所述超级节点和附加节点标记为列表中的对等节点。A marking unit configured to mark the supernode and additional nodes as peer nodes in the list. 17.根据权利要求16所述的设备,进一步包括:17. The apparatus of claim 16, further comprising: 使用智能更新来更新所述列表。Use Smart Update to update the list. 18.根据权利要求17所述的设备,其中更新所述列表包括:当节点不再参与对等网络业务时,将所述节点从所述列表移除。18. The apparatus of claim 17, wherein updating the list comprises removing a node from the list when the node is no longer participating in peer-to-peer network traffic. 19.根据权利要求16所述的设备,其中标记所述超级节点和附加节点包括:具体区分普通节点和超级节点。19. The apparatus of claim 16, wherein labeling the supernodes and additional nodes comprises specifically distinguishing normal nodes from supernodes. 20.根据权利要求16所述的设备,其中标识所述超级节点包括:标识所述超级节点的五元组的至少两个特征。20. The apparatus of claim 16, wherein identifying the supernode comprises identifying at least two characteristics of a quintuple of the supernode. 21.根据权利要求20所述的设备,其中所述至少两个特征包括协议和源地址。21. The apparatus of claim 20, wherein the at least two characteristics include a protocol and a source address. 22.根据权利要求16所述的设备,其中标识所述超级节点包括:标识所述超级节点遇到的连接数量大于预定时间量内的预定阈值。22. The apparatus of claim 16, wherein identifying the supernode comprises identifying that the number of connections encountered by the supernode is greater than a predetermined threshold for a predetermined amount of time. 23.根据权利要求22所述的设备,其中所述预定时间量为1秒,并且其中所述预定阈值为5。23. The apparatus of claim 22, wherein the predetermined amount of time is 1 second, and wherein the predetermined threshold is five. 24.根据权利要求16所述的设备,其中标识附加节点包括:标识与所述超级节点通信的节点。24. The apparatus of claim 16, wherein identifying additional nodes comprises identifying nodes in communication with the supernode. 25.根据权利要求16所述的设备,进一步包括:25. The device of claim 16, further comprising: 基于所述列表,阻止与所述列表上的节点的通信。Based on the list, communication with nodes on the list is blocked. 26.根据权利要求16所述的设备,进一步包括:26. The device of claim 16, further comprising: 基于所述列表,对所述列表上的节点计费或收费。Based on the list, the nodes on the list are billed or charged. 27.一种用于对等网络业务分析的设备,包括:27. A device for peer-to-peer network traffic analysis, comprising: 标识装置,用于使用智能启发来标识对等网络的超级节点和使用反馈来标识所述对等网络的附加节点,其中标识对等网络的超级节点包括确定在预定时间内已经发起预定数目的连接;以及identifying means for identifying supernodes of a peer-to-peer network using intelligent heuristics and identifying additional nodes of said peer-to-peer network using feedback, wherein identifying supernodes of a peer-to-peer network comprises determining that a predetermined number of connections have been initiated within a predetermined time ;as well as 标记装置,用于将所述超级节点和附加节点标记为列表中的对等节点。marking means for marking said supernode and additional nodes as peer nodes in the list. 28.根据权利要求27所述的设备,进一步包括:28. The apparatus of claim 27, further comprising: 更新装置,用于使用智能更新来更新所述列表。updating means, configured to update the list using intelligent updating.
CN200780044054.6A 2006-11-29 2007-11-19 Method and apparatus for peer-to-peer network traffic analysis Expired - Fee Related CN101558604B (en)

Applications Claiming Priority (5)

Application Number Priority Date Filing Date Title
US86144706P 2006-11-29 2006-11-29
US60/861,447 2006-11-29
US11/907,780 2007-10-17
US11/907,780 US20090106364A1 (en) 2007-10-17 2007-10-17 Method and apparatus for peer-to-peer network traffic analysis
PCT/IB2007/003545 WO2008065496A2 (en) 2006-11-29 2007-11-19 Method and apparatus for peer-to-peer network traffic analysis

Publications (2)

Publication Number Publication Date
CN101558604A CN101558604A (en) 2009-10-14
CN101558604B true CN101558604B (en) 2013-04-24

Family

ID=39315330

Family Applications (1)

Application Number Title Priority Date Filing Date
CN200780044054.6A Expired - Fee Related CN101558604B (en) 2006-11-29 2007-11-19 Method and apparatus for peer-to-peer network traffic analysis

Country Status (2)

Country Link
CN (1) CN101558604B (en)
WO (1) WO2008065496A2 (en)

Families Citing this family (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2010050912A1 (en) 2008-10-30 2010-05-06 Thomson Licensing Method and apparatus for monitoring a kad network
US10567986B2 (en) * 2016-09-06 2020-02-18 Qualcomm Incorporated Back-off mechanisms for fair joint access of unlicensed sidelink

Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2005079020A1 (en) * 2004-02-09 2005-08-25 Cachelogic Limited Methods and apparatus for routing in a network

Family Cites Families (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7457293B2 (en) * 2004-04-05 2008-11-25 Panasonic Corporation Communication apparatus, method and program for realizing P2P communication
US20090299937A1 (en) * 2005-04-22 2009-12-03 Alexander Lazovsky Method and system for detecting and managing peer-to-peer traffic over a data network

Patent Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2005079020A1 (en) * 2004-02-09 2005-08-25 Cachelogic Limited Methods and apparatus for routing in a network

Also Published As

Publication number Publication date
WO2008065496A2 (en) 2008-06-05
CN101558604A (en) 2009-10-14
WO2008065496A3 (en) 2008-08-07

Similar Documents

Publication Publication Date Title
CN113037500B (en) Network device and method for network communication
CN111770028B (en) Method and network device for computer network
CN106953737B (en) Provide application metadata using an output protocol within a computer network
US9191219B2 (en) Network multicast peer discovery methods
CN108512885A (en) Network packet to being identified as message queue telemetering transmission packet executes specific action
CN103051497B (en) Business Stream mirror method and mirroring device
CN103457803B (en) Device and method for recognizing P2P flow
CN114650253A (en) Network policy application based on session state
JP2011159247A (en) Network system, controller, and network control method
CN107409047B (en) Method for coordinated packet delivery for encrypted sessions
CN101558604B (en) Method and apparatus for peer-to-peer network traffic analysis
CN101964741B (en) A node list sending method and device
Reddy et al. Heuristic-based real-time p2p traffic identification
KR101211147B1 (en) System for network inspection and providing method thereof
CN102480503B (en) P2P (peer-to-peer) traffic identification method and P2P traffic identification device
Othman et al. Design and implementation of application based routing using openflow
CN101657994A (en) Discovering disconnected components in a distributed communication network
CN112153001A (en) WAF-based network communication method, system, electronic device and storage medium
US20090106364A1 (en) Method and apparatus for peer-to-peer network traffic analysis
Ngiwlay et al. Bittorrent peer identification based on behaviors of a choke algorithm
CN100362809C (en) A control method for data transmission of BT client
Ilie et al. Statistical models for Gnutella signaling traffic
Chen et al. Pbc: A novel method for identifying qq traffic
Othman et al. On demand content anycasting to enhance content server using P2P network
RU2690758C1 (en) Method for automatic classification of network traffic based on heuristic analysis

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
C14 Grant of patent or utility model
GR01 Patent grant
CI01 Publication of corrected invention patent application

Correction item: International Day of publication

Correct: 20080605

False: 20080807

Number: 17

Volume: 29

CI03 Correction of invention patent

Correction item: International Day of publication

Correct: 20080605

False: 20080807

Number: 17

Page: The title page

Volume: 29

ERR Gazette correction

Free format text: CORRECT: INTERNATIONAL PROCLAMATION DATE; FROM: 2008.08.07 TO: 2008.06.05

RECT Rectification
C41 Transfer of patent application or patent right or utility model
TR01 Transfer of patent right

Effective date of registration: 20160205

Address after: Espoo, Finland

Patentee after: NOKIA TECHNOLOGIES OY

Address before: Espoo, Finland

Patentee before: NOKIA Corp.

CF01 Termination of patent right due to non-payment of annual fee
CF01 Termination of patent right due to non-payment of annual fee

Granted publication date: 20130424