CN103561010A - Integrated marked network data flow characteristic marking method - Google Patents
Integrated marked network data flow characteristic marking method Download PDFInfo
- Publication number
- CN103561010A CN103561010A CN201310516057.2A CN201310516057A CN103561010A CN 103561010 A CN103561010 A CN 103561010A CN 201310516057 A CN201310516057 A CN 201310516057A CN 103561010 A CN103561010 A CN 103561010A
- Authority
- CN
- China
- Prior art keywords
- connection identifier
- information
- data flow
- data
- identification
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000000034 method Methods 0.000 title claims abstract description 41
- 230000005540 biological transmission Effects 0.000 claims abstract description 9
- 239000003999 initiator Substances 0.000 claims description 4
- 238000013507 mapping Methods 0.000 claims 1
- 238000007726 management method Methods 0.000 abstract description 8
- 238000007619 statistical method Methods 0.000 abstract 1
- 230000007547 defect Effects 0.000 description 3
- 238000010586 diagram Methods 0.000 description 3
- 230000004069 differentiation Effects 0.000 description 3
- 238000005516 engineering process Methods 0.000 description 2
- 230000006378 damage Effects 0.000 description 1
- 230000007812 deficiency Effects 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 238000007689 inspection Methods 0.000 description 1
- 230000010354 integration Effects 0.000 description 1
- 238000005259 measurement Methods 0.000 description 1
- 238000012545 processing Methods 0.000 description 1
- 238000013179 statistical model Methods 0.000 description 1
- 238000012549 training Methods 0.000 description 1
- 238000012795 verification Methods 0.000 description 1
Images
Landscapes
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
一种一体化标识网络数据流特征标识方法,所述数据流特征标识方法是对连接标识附属信息所记录的数据流特征统计结果进行标识和管理。该方法的主要内容如下:1)基于连接标识的数据流特征统计方法;2)连接标识对数据流特征的标记方法;3)基于连接标识的数据流管理方法。本发明中的数据流标识方法是基于一体化标识网络传输子层的逻辑连接,在一体化标识网络中实现更加准确地数据流标识,为一体化标识网络中数据流端到端传输的可控可管性提供保证。
A method for integrally identifying network data stream feature identification. The data stream feature identification method is to identify and manage the statistical results of data stream features recorded in the connection identification auxiliary information. The main content of the method is as follows: 1) A statistical method of data flow characteristics based on connection identification; 2) A method of marking data flow characteristics by connection identification; 3) A data flow management method based on connection identification. The data flow identification method in the present invention is based on the logical connection of the transmission sublayer of the integrated identification network, and realizes more accurate data flow identification in the integrated identification network, which is a controllable end-to-end transmission of data streams in the integrated identification network. Manageability is guaranteed.
Description
Technical field
The invention belongs to technical field of the computer network, content relates to a kind of method of integrated identification network data flow signature identification.
Background technology
Along with the development of Internet technology and scale, access way increases, the expansion of terminal diversity and COS, and data stream type and number in network all sharply increase.Existing stream identification method is when in the face of new types of data stream type, and as P2P, multimedia and various encrypting traffic, all exposed various deficiencies.
The stream identification method of conventional internet, according to the network layer at its place, can be divided into application layer and transport layer., itself there is the poor defect of autgmentability, thereby cannot adapt to the demand of application program miscellaneous in integrated identification network in the stream identification method realizing in application layer.
The stream identification method realizing in transport layer comprises three classes: a class is the stream identification based on port; Two classes are the identification methods based on data flow; Three classes are that data statistics and sign are carried out in the connection based on setting up.But, in view of the intrinsic defect of conventional internet framework, cannot effectively manage the connection of setting up and the data flow of transmission, all there is more or less the defect of practicality and applicability aspect in the scheme of these traffic identifier.
The framework of integrated identification network is divided into two-layer, comprises switching and routing layer and Pervasive Service layer.Connect sublayer, with respect to the concept of the transport layer of conventional internet, the concept of a logic just in integrated identification network, for being connected mutual route layer and Pervasive Service layer.Connection identifier is that this connects sublayer for the sign of logical connection information and resource.Connection identifier is that the resource in service acquisition procedure and information are identified.
The appearance of connection identifier, the management function that can facilitate for the transmitting procedure of data flow and the link information of foundation thereof and resource.By the stream identification method based on connection identifier in this patent, can regulate and control more easily attack and the destruction of integrated identification network data flow, especially malicious data flow simultaneously.
Summary of the invention
The object of the present invention is to provide a kind of stream identification method that is applicable to integrated identification network, for the data flow in differentiation and management integration marked network is given security.The present invention utilizes the identification function of connection identifier to logical connection information and resource in integrated identification network, by the differentiation of data flow and identification function by the analysis of connection identifier and management are realized.
In the present invention, comprise the feature of the data flow that statistics obtains in satellite information corresponding to connection identifier, these features have the advantage of single stream recognition method in the past that is incorporated into, and possess again the possibility of comprehensive measurement data flow feature simultaneously.These statistical natures mainly comprise the port information that data stream transmitting is used, data stream size, and transmission frequency, data package size and interval time, the transmitting continuous time, retransmits frequency.
By the classification of connection identifier satellite information is processed, the feature that the result of classification is had as connection identifier.Therefore to the sign of integrated identification network data flow and differentiation, be, the analysis based on to connection identifier feature.The feature of connection identifier can reflect the data traffic feature that logic connects.Because the introducing of connection identifier has facilitated integrated identification network to transmission data and the management that connects, the stream identification based on connection identifier just can be carried out Accurate Analysis from multiple angles.
Accompanying drawing explanation
Fig. 1 is the schematic diagram of connection identifier and satellite information thereof in the present invention;
Fig. 2 is the data flow characteristic statistics flow process based on connection identifier in the present invention;
Fig. 3 is the data structure schematic diagram of connection identifier satellite information in the present invention;
Fig. 4 the present invention specifically implements the flow process of the stream identification method based on connection identifier.
Embodiment
Relevant the technical content and a detailed description, existing accompanying drawings is as follows:
Fig. 1 is the schematic diagram that in the present invention, connection identifier and satellite information thereof arrive.In Fig. 1, connection identifier is the random string of 160, the satellite information of connection identifier comprises the service requester address that logic connects, ISP address, the port that service requester is used, the port that ISP uses, the inquiry times statistics of connection identifier, the data flow traffic feature that connection identifier is corresponding.
Fig. 2 is the data flow characteristic statistics flow process based on connection identifier in the present invention.In integrated identification network, data stream transmitting relates to the connection identifier distributing into this transmission, service requester and ISP's address and port information and be the headspace of data stream statistics characteristic, also relate to the inquiry to connection identifier and satellite information map entry thereof in transmitting procedure.When carry the data flow of connection identifier while transmitting in integrated identification network, the feature that the element that can relate to by it presents is analyzed and is added up the feature of data flow.The data flow feature that statistics obtains is updated to the satellite information of connection identifier by feedback function, by the analysis of satellite information and processing, they are reflected in connection identifier and satellite information thereof.
Fig. 3 is the data structure show that the invention provides a CID satellite information, has headspace, also has QoS information, and the statistics of data characteristics can arrange in headspace.
Fig. 4 is a kind of flow process that is compatible with the data flow signature identification method based on connection identifier of existing the Internet of the concrete enforcement of the present invention.In Fig. 3, with IP_S, indicate ISP's address, IP_C indication service initiator's address, CID_Map indication connection identifier manager, Auc indicates Verification System, ASR indication access switch router, GSR indication broad sense switch router, CID indicates connection identifier, the satellite information of CID_addi indication connection identifier, the statistical module of CID_statistic indication connection identifier satellite information, CID_Proxy indicating terminal agency.
CID_statistic statistical module need to carry out model parameter training by some data groups, according to predefined data flow feature, statistical model is trained, and along with the statistics and analysis to data flow feature in network, can revise model parameter.
In integrated identification network, the implementing procedure of the stream identification method based on connection identifier comprises the following steps:
1) packet being sent by IP_C carries CID, and while transmitting in integrated identification network, the CID management node that access IP_C connects, wherein contains CID and CIDaddi, access times is added to 1, the features such as size of record data bag;
2) after access CID management node, according to the address transmission data bag of CID and CIDaddi indication;
3) packet arrives behind opposite end, and the information inspection CID management node according to carrying, adds 1 by its access times, the feature of record data bag;
4) data, when incoming terminal, are analyzed the feature of data flow, and by the result feedback of analyzing, to CID_statistic module, complete paired data flows an analytic record of feature;
5), according to the data characteristics in CID_addi, by CID_statistic statistical module parameter, this connection identifier is identified and classified.The transmitting procedure of data is exactly a process that completes the data flow characteristic statistics based on connection identifier simultaneously.
Finally it should be noted that: obviously, above-described embodiment is only for example of the present invention is clearly described, and the not restriction to execution mode.For those of ordinary skill in the field, can also make other changes in different forms on the basis of the above description.Here exhaustive without also giving all execution modes.And the apparent variation of being amplified out thus or change are still among protection scope of the present invention.
Claims (4)
1. an integrated identification network data flow signature identification method, is characterized in that:
Under the network architecture of integrated identification network, connection identifier, sign is the acquisition process of service once, specifically comprise that the logic of setting up in this service acquisition procedure connects corresponding resource and information, connection identifier and satellite information thereof are carried the information of the end-to-end transmitting procedure of data, by the feature of institute's transmitting data stream is added up, statistics is marked in connection identifier and satellite information thereof, by the analysis of connection identifier being obtained to the information relevant to data flow feature, thereby by data flow classification, contribute to realize integrated identification network to the sign of data flow and management.
2. method according to claim 1, is characterized in that, the realization of described integrated identification network data flow signature identification method comprises the following steps:
1) serve initiator and send service request information to ISP, ISP responds the resource information connecting;
2) serve initiator according to the information of feedback and the information self connecting, generate connection identifier;
3) serve initiator generate carry connection identifier Packet Generation to ISP, ISP's feedback packet, the packet of same feedback carries connection identifier information;
4) in the process of data packet transmission, connection identifier, according to the information of transfer of data, comprises port, and the feature of packet and transmitted frequency information are added up, and are stored in the satellite information of connection identifier;
5), by the classification to the satellite information of connection identifier, logic corresponding to connection identifier connected and classify and add up.
3. method according to claim 2, it is characterized in that, described integrated identification network data flow signature identification method is for data stream size, transmission frequency, data package size and interval time and port numbers used, the transmitting continuous time, the statistics that retransmits frequecy characteristic is all supported in connection identifier using the characteristic statistics as traffic flow information and with specific form and data description.
4. method according to claim 1, it is characterized in that: the statistics of the data flow feature obtaining according to connection identifier, verify and calculate the accuracy of this traffic identifier method, feed back to connection identifier mapping management module and evaluate and improved reference as a traffic identifier process performance.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201310516057.2A CN103561010B (en) | 2013-10-28 | 2013-10-28 | A kind of integrated identification network data flow characteristics identification method |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201310516057.2A CN103561010B (en) | 2013-10-28 | 2013-10-28 | A kind of integrated identification network data flow characteristics identification method |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN103561010A true CN103561010A (en) | 2014-02-05 |
| CN103561010B CN103561010B (en) | 2016-10-12 |
Family
ID=50015160
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201310516057.2A Active CN103561010B (en) | 2013-10-28 | 2013-10-28 | A kind of integrated identification network data flow characteristics identification method |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN103561010B (en) |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1852241A (en) * | 2005-10-24 | 2006-10-25 | 华为技术有限公司 | Flow classification device and base station adopting same |
| WO2009112044A1 (en) * | 2008-03-10 | 2009-09-17 | Telefonaktiebolaget Lm Ericsson (Publ) | Technique for classifying network traffic and for validating a mechanism for calassifying network traffic |
| CN102148854A (en) * | 2010-10-19 | 2011-08-10 | 华为数字技术有限公司 | Method and device for identifying peer-to-peer (P2P) shared flows |
-
2013
- 2013-10-28 CN CN201310516057.2A patent/CN103561010B/en active Active
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1852241A (en) * | 2005-10-24 | 2006-10-25 | 华为技术有限公司 | Flow classification device and base station adopting same |
| WO2009112044A1 (en) * | 2008-03-10 | 2009-09-17 | Telefonaktiebolaget Lm Ericsson (Publ) | Technique for classifying network traffic and for validating a mechanism for calassifying network traffic |
| CN102148854A (en) * | 2010-10-19 | 2011-08-10 | 华为数字技术有限公司 | Method and device for identifying peer-to-peer (P2P) shared flows |
Non-Patent Citations (1)
| Title |
|---|
| 刘畅,宋飞,孙亮,张思东: "《基于连接标识的映射通信》", 《电子学报》, vol. 40, no. 10, 31 October 2012 (2012-10-31), pages 1921 - 1923 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN103561010B (en) | 2016-10-12 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN102315974B (en) | Stratification characteristic analysis-based method and apparatus thereof for on-line identification for TCP, UDP flows | |
| CN102307123B (en) | NAT (Network Address Translation) flow identification method based on transmission layer flow characteristic | |
| CN101562534B (en) | Network behavior analytic system | |
| CN102035698B (en) | HTTP tunnel detection method based on decision tree classification algorithm | |
| US20120099465A1 (en) | Method and its devices of network tcp traffic online identification using features in the head of the data flow | |
| CN102474449A (en) | Switching apparatus and method based on virtual interfaces | |
| CN107800565A (en) | Method for inspecting, device, system, computer equipment and storage medium | |
| CN111224940A (en) | An anonymous service traffic association identification method and system embedded in an encrypted tunnel | |
| CN103312565A (en) | Independent learning based peer-to-peer (P2P) network flow identification method | |
| CN107147535A (en) | A Distributed Statistical Analysis Method of Network Measurement Data | |
| CN106657144B (en) | A kind of dynamic protection paths planning method based on enhancing study | |
| CN102611706A (en) | Network protocol identification method and system based on semi-supervised learning | |
| CN109247065A (en) | Enable the lasting stream identifier of different application | |
| CN109039959A (en) | A kind of the consistency judgment method and relevant apparatus of SDN network rule | |
| CN107181760A (en) | A kind of distributed nearly threat source attack blocking-up method and its device | |
| CN104333461A (en) | Identification method, system and identification device for internet application flow | |
| CN104639351B (en) | Processing system and method for constructing network structure deployment diagram | |
| CN113726809B (en) | IoT device identification method based on traffic data | |
| CN110932971A (en) | Inter-domain path analysis method based on layer-by-layer reconstruction of request information | |
| CN103532908A (en) | P2P protocol identification method based on secondary decision tree | |
| CN114172731A (en) | Method, device, equipment and medium for quickly verifying and tracing IPv6 address | |
| CN106850344B (en) | Encryption method for recognizing flux based on stream gradient guiding | |
| CN105812204B (en) | An Online Recognition Method of Recursive Domain Name Server Based on Estimation of Connectivity | |
| CN101984635B (en) | Method and system for flow identification of point to point (P2P) protocol | |
| CN103561010A (en) | Integrated marked network data flow characteristic marking method |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant |