CN103561010A - Integrated marked network data flow characteristic marking method - Google Patents
Integrated marked network data flow characteristic marking method Download PDFInfo
- Publication number
- CN103561010A CN103561010A CN201310516057.2A CN201310516057A CN103561010A CN 103561010 A CN103561010 A CN 103561010A CN 201310516057 A CN201310516057 A CN 201310516057A CN 103561010 A CN103561010 A CN 103561010A
- Authority
- CN
- China
- Prior art keywords
- connection identifier
- data flow
- information
- data
- feature
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Landscapes
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
Provided is an integrated marked network data flow characteristic marking method. The statistical results of data flow characteristic recorded by connection mark satellite information are marked and managed through the data flow characteristic marking method. The method mainly comprises (1) a data flow characteristic statistical method based on connection marks, (2) a marking method of the data flow characteristics by the connection marks, and (3) a data flow managing method based on the connection marks. The data flow characteristic marking method is based on the logic connection of an integrated marked network transmission sub-layer, more accurate data flow marking is achieved in the integrated marked network, and the controllability and the manageability of the end to end transmission of the data flow in the integrated marked network is ensured.
Description
Technical field
The invention belongs to technical field of the computer network, content relates to a kind of method of integrated identification network data flow signature identification.
Background technology
Along with the development of Internet technology and scale, access way increases, the expansion of terminal diversity and COS, and data stream type and number in network all sharply increase.Existing stream identification method is when in the face of new types of data stream type, and as P2P, multimedia and various encrypting traffic, all exposed various deficiencies.
The stream identification method of conventional internet, according to the network layer at its place, can be divided into application layer and transport layer., itself there is the poor defect of autgmentability, thereby cannot adapt to the demand of application program miscellaneous in integrated identification network in the stream identification method realizing in application layer.
The stream identification method realizing in transport layer comprises three classes: a class is the stream identification based on port; Two classes are the identification methods based on data flow; Three classes are that data statistics and sign are carried out in the connection based on setting up.But, in view of the intrinsic defect of conventional internet framework, cannot effectively manage the connection of setting up and the data flow of transmission, all there is more or less the defect of practicality and applicability aspect in the scheme of these traffic identifier.
The framework of integrated identification network is divided into two-layer, comprises switching and routing layer and Pervasive Service layer.Connect sublayer, with respect to the concept of the transport layer of conventional internet, the concept of a logic just in integrated identification network, for being connected mutual route layer and Pervasive Service layer.Connection identifier is that this connects sublayer for the sign of logical connection information and resource.Connection identifier is that the resource in service acquisition procedure and information are identified.
The appearance of connection identifier, the management function that can facilitate for the transmitting procedure of data flow and the link information of foundation thereof and resource.By the stream identification method based on connection identifier in this patent, can regulate and control more easily attack and the destruction of integrated identification network data flow, especially malicious data flow simultaneously.
Summary of the invention
The object of the present invention is to provide a kind of stream identification method that is applicable to integrated identification network, for the data flow in differentiation and management integration marked network is given security.The present invention utilizes the identification function of connection identifier to logical connection information and resource in integrated identification network, by the differentiation of data flow and identification function by the analysis of connection identifier and management are realized.
In the present invention, comprise the feature of the data flow that statistics obtains in satellite information corresponding to connection identifier, these features have the advantage of single stream recognition method in the past that is incorporated into, and possess again the possibility of comprehensive measurement data flow feature simultaneously.These statistical natures mainly comprise the port information that data stream transmitting is used, data stream size, and transmission frequency, data package size and interval time, the transmitting continuous time, retransmits frequency.
By the classification of connection identifier satellite information is processed, the feature that the result of classification is had as connection identifier.Therefore to the sign of integrated identification network data flow and differentiation, be, the analysis based on to connection identifier feature.The feature of connection identifier can reflect the data traffic feature that logic connects.Because the introducing of connection identifier has facilitated integrated identification network to transmission data and the management that connects, the stream identification based on connection identifier just can be carried out Accurate Analysis from multiple angles.
Accompanying drawing explanation
Fig. 1 is the schematic diagram of connection identifier and satellite information thereof in the present invention;
Fig. 2 is the data flow characteristic statistics flow process based on connection identifier in the present invention;
Fig. 3 is the data structure schematic diagram of connection identifier satellite information in the present invention;
Fig. 4 the present invention specifically implements the flow process of the stream identification method based on connection identifier.
Embodiment
Relevant the technical content and a detailed description, existing accompanying drawings is as follows:
Fig. 1 is the schematic diagram that in the present invention, connection identifier and satellite information thereof arrive.In Fig. 1, connection identifier is the random string of 160, the satellite information of connection identifier comprises the service requester address that logic connects, ISP address, the port that service requester is used, the port that ISP uses, the inquiry times statistics of connection identifier, the data flow traffic feature that connection identifier is corresponding.
Fig. 2 is the data flow characteristic statistics flow process based on connection identifier in the present invention.In integrated identification network, data stream transmitting relates to the connection identifier distributing into this transmission, service requester and ISP's address and port information and be the headspace of data stream statistics characteristic, also relate to the inquiry to connection identifier and satellite information map entry thereof in transmitting procedure.When carry the data flow of connection identifier while transmitting in integrated identification network, the feature that the element that can relate to by it presents is analyzed and is added up the feature of data flow.The data flow feature that statistics obtains is updated to the satellite information of connection identifier by feedback function, by the analysis of satellite information and processing, they are reflected in connection identifier and satellite information thereof.
Fig. 3 is the data structure show that the invention provides a CID satellite information, has headspace, also has QoS information, and the statistics of data characteristics can arrange in headspace.
Fig. 4 is a kind of flow process that is compatible with the data flow signature identification method based on connection identifier of existing the Internet of the concrete enforcement of the present invention.In Fig. 3, with IP_S, indicate ISP's address, IP_C indication service initiator's address, CID_Map indication connection identifier manager, Auc indicates Verification System, ASR indication access switch router, GSR indication broad sense switch router, CID indicates connection identifier, the satellite information of CID_addi indication connection identifier, the statistical module of CID_statistic indication connection identifier satellite information, CID_Proxy indicating terminal agency.
CID_statistic statistical module need to carry out model parameter training by some data groups, according to predefined data flow feature, statistical model is trained, and along with the statistics and analysis to data flow feature in network, can revise model parameter.
In integrated identification network, the implementing procedure of the stream identification method based on connection identifier comprises the following steps:
1) packet being sent by IP_C carries CID, and while transmitting in integrated identification network, the CID management node that access IP_C connects, wherein contains CID and CIDaddi, access times is added to 1, the features such as size of record data bag;
2) after access CID management node, according to the address transmission data bag of CID and CIDaddi indication;
3) packet arrives behind opposite end, and the information inspection CID management node according to carrying, adds 1 by its access times, the feature of record data bag;
4) data, when incoming terminal, are analyzed the feature of data flow, and by the result feedback of analyzing, to CID_statistic module, complete paired data flows an analytic record of feature;
5), according to the data characteristics in CID_addi, by CID_statistic statistical module parameter, this connection identifier is identified and classified.The transmitting procedure of data is exactly a process that completes the data flow characteristic statistics based on connection identifier simultaneously.
Finally it should be noted that: obviously, above-described embodiment is only for example of the present invention is clearly described, and the not restriction to execution mode.For those of ordinary skill in the field, can also make other changes in different forms on the basis of the above description.Here exhaustive without also giving all execution modes.And the apparent variation of being amplified out thus or change are still among protection scope of the present invention.
Claims (4)
1. an integrated identification network data flow signature identification method, is characterized in that:
Under the network architecture of integrated identification network, connection identifier, sign is the acquisition process of service once, specifically comprise that the logic of setting up in this service acquisition procedure connects corresponding resource and information, connection identifier and satellite information thereof are carried the information of the end-to-end transmitting procedure of data, by the feature of institute's transmitting data stream is added up, statistics is marked in connection identifier and satellite information thereof, by the analysis of connection identifier being obtained to the information relevant to data flow feature, thereby by data flow classification, contribute to realize integrated identification network to the sign of data flow and management.
2. method according to claim 1, is characterized in that, the realization of described integrated identification network data flow signature identification method comprises the following steps:
1) serve initiator and send service request information to ISP, ISP responds the resource information connecting;
2) serve initiator according to the information of feedback and the information self connecting, generate connection identifier;
3) serve initiator generate carry connection identifier Packet Generation to ISP, ISP's feedback packet, the packet of same feedback carries connection identifier information;
4) in the process of data packet transmission, connection identifier, according to the information of transfer of data, comprises port, and the feature of packet and transmitted frequency information are added up, and are stored in the satellite information of connection identifier;
5), by the classification to the satellite information of connection identifier, logic corresponding to connection identifier connected and classify and add up.
3. method according to claim 2, it is characterized in that, described integrated identification network data flow signature identification method is for data stream size, transmission frequency, data package size and interval time and port numbers used, the transmitting continuous time, the statistics that retransmits frequecy characteristic is all supported in connection identifier using the characteristic statistics as traffic flow information and with specific form and data description.
4. method according to claim 1, it is characterized in that: the statistics of the data flow feature obtaining according to connection identifier, verify and calculate the accuracy of this traffic identifier method, feed back to connection identifier mapping management module and evaluate and improved reference as a traffic identifier process performance.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201310516057.2A CN103561010B (en) | 2013-10-28 | 2013-10-28 | A kind of integrated identification network data flow characteristics identification method |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201310516057.2A CN103561010B (en) | 2013-10-28 | 2013-10-28 | A kind of integrated identification network data flow characteristics identification method |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN103561010A true CN103561010A (en) | 2014-02-05 |
| CN103561010B CN103561010B (en) | 2016-10-12 |
Family
ID=50015160
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201310516057.2A Active CN103561010B (en) | 2013-10-28 | 2013-10-28 | A kind of integrated identification network data flow characteristics identification method |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN103561010B (en) |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1852241A (en) * | 2005-10-24 | 2006-10-25 | 华为技术有限公司 | Flow classification device and base station adopting same |
| WO2009112044A1 (en) * | 2008-03-10 | 2009-09-17 | Telefonaktiebolaget Lm Ericsson (Publ) | Technique for classifying network traffic and for validating a mechanism for calassifying network traffic |
| CN102148854A (en) * | 2010-10-19 | 2011-08-10 | 华为数字技术有限公司 | Method and device for identifying peer-to-peer (P2P) shared flows |
-
2013
- 2013-10-28 CN CN201310516057.2A patent/CN103561010B/en active Active
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1852241A (en) * | 2005-10-24 | 2006-10-25 | 华为技术有限公司 | Flow classification device and base station adopting same |
| WO2009112044A1 (en) * | 2008-03-10 | 2009-09-17 | Telefonaktiebolaget Lm Ericsson (Publ) | Technique for classifying network traffic and for validating a mechanism for calassifying network traffic |
| CN102148854A (en) * | 2010-10-19 | 2011-08-10 | 华为数字技术有限公司 | Method and device for identifying peer-to-peer (P2P) shared flows |
Non-Patent Citations (1)
| Title |
|---|
| 刘畅,宋飞,孙亮,张思东: "《基于连接标识的映射通信》", 《电子学报》, vol. 40, no. 10, 31 October 2012 (2012-10-31), pages 1921 - 1923 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN103561010B (en) | 2016-10-12 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN102724317B (en) | A kind of network traffic data sorting technique and device | |
| CN101562534B (en) | Network behavior analytic system | |
| CN102035698B (en) | HTTP tunnel detection method based on decision tree classification algorithm | |
| CN102315974B (en) | Stratification characteristic analysis-based method and apparatus thereof for on-line identification for TCP, UDP flows | |
| KR100523486B1 (en) | Traffic measurement system and traffic analysis method thereof | |
| CN103078897B (en) | A kind of system realizing Web service fine grit classification and management | |
| EP2429128B1 (en) | Flow statistics aggregation | |
| CN103765823B (en) | Method and system for the OAM that the controller of open flows encourages | |
| CN101282331B (en) | Method for recognizing P2P network flow based on transport layer characteristics | |
| CN111224940B (en) | Anonymous service traffic correlation identification method and system nested in encrypted tunnel | |
| US20120099465A1 (en) | Method and its devices of network tcp traffic online identification using features in the head of the data flow | |
| CN107733851A (en) | DNS tunnels Trojan detecting method based on communication behavior analysis | |
| CN104378264B (en) | A kind of virtual machine process flux monitoring method based on sFlow | |
| CN107800565A (en) | Method for inspecting, device, system, computer equipment and storage medium | |
| CN102474449A (en) | Switching apparatus and method based on virtual interfaces | |
| CN106657144B (en) | A kind of dynamic protection paths planning method based on enhancing study | |
| CN102571946B (en) | Realization method of protocol identification and control system based on P2P (peer-to-peer network) | |
| CN101960782A (en) | In-bound mechanism that verifies end-to-end service configuration with application awareness | |
| CN104333483A (en) | Identification method, system and identification device for internet application flow | |
| CN103281158A (en) | Method for detecting communication granularity of deep web and detection equipment thereof | |
| CN104639351B (en) | To the processing system and its method of structure network structure deployment diagram | |
| CN104333461A (en) | Identification method, system and identification device for internet application flow | |
| CN110932971A (en) | Inter-domain path analysis method based on layer-by-layer reconstruction of request information | |
| CN102648604A (en) | Method of monitoring network traffic by means of descriptive metadata | |
| CN101984635B (en) | Method and system for flow identification of point to point (P2P) protocol |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant |