Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

A Traffic Identification Method Based on Deep Packet Inspection

A traffic identification and message technology, applied in the field of communication, to achieve the effect of easy implementation and optimization of the identification process

Active Publication Date: 2017-08-08
BEIJING SAPLING TECH
View PDF6 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0013] e) The system detection module needs to be upgraded irregularly

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • A Traffic Identification Method Based on Deep Packet Inspection

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0030] Embodiment 1 of the present invention provides a method for identifying TCP traffic using DPI technology, including:

[0031] Step 202, receiving a TCP connection message, which includes network control data and data sent by the user;

[0032] Step 204, identifying the port number of the source end included in the message, and judging the port number;

[0033] Step 206, if the port number is greater than the preset first threshold, go to step 212, otherwise go to step 208;

[0034] Step 208, perform DPI processing on the message, extract the character string in the message, pass the character string through a Bloom Filter composed of 1 hash function, and perform rough matching, if the match is successful, directly report the matching result, and enter step 210; If the matching is unsuccessful, then enter fine matching, the string is passed through the Bloom Filter formed by n hash functions, where n>1, to obtain the matching result, and enter step 210;

[0035] Step 2...

Embodiment 2

[0039] After step 214 of the first embodiment is completed, proceed to step 216, store the feature of the abnormal message, and identify the subsequent message with reference to the feature, the feature includes at least one of the following: the TCP connection A quintuple, the matching result.

Embodiment 3

[0041] With reference to this feature of embodiment two, follow-up message is identified, specifically: according to the source IP address and destination IP address of the TCP where abnormal message is located, identify the communication parties that send the abnormal message, for all ports of the communication parties The data sent above is processed by DPI, the matching result is obtained, analyzed, and the abnormal result is reported.

[0042] Those of ordinary skill in the art can understand that all or part of the processes in the methods of the above embodiments can be implemented through computer programs to instruct related hardware, and the programs can be stored in a computer-readable storage medium. During execution, it may include the processes of the embodiments of the above-mentioned methods. Wherein, the storage medium may be a magnetic disk, an optical disk, a read-only memory (Read-Only Memory, ROM) or a random access memory (Random Access Memory, RAM) and th...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

A traffic identification method based on deep packet inspection, firstly judge whether the TCP port number in the received message is greater than a first threshold, if greater than the first threshold, use DPI technology to judge, otherwise use TCP connection information to judge. By applying the above technologies, the identification results can be obtained more accurately and quickly in traffic identification, and the identification process is also greatly optimized, which can be more easily implemented in existing equipment.

Description

technical field [0001] The invention relates to the technical field of communication, in particular to a method for deep packet detection. Background technique [0002] With the continuous development of new network applications based on the P2P (peer to peer) traffic model in recent years, the consumption of network bandwidth resources has been accelerating, and traditional online services have also been increasingly impacted and affected. P2P itself is a very good technology with broad application prospects, but at the same time P2P is also a very lethal technology. At present, most of the P2P-based applications are bandwidth-depleting download services, which exhaust the originally abundant access, convergence and backbone bandwidth resources, and the network links are often at full load, resulting in the deterioration of network service quality (packet loss Rate, delay and jitter are greatly increased), which greatly affects the development of some voice, video and game...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Patents(China)
IPC IPC(8): H04L12/26H04L12/801
Inventor 不公告发明人
Owner BEIJING SAPLING TECH
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products