Network behaviour active analyzing and diagnosing method

A diagnostic method and behavior analysis technology, applied in data exchange networks, special data processing applications, instruments, etc., can solve problems such as hysteresis, maintenance methods cannot quickly adapt to actual needs, and achieve the effect of avoiding hysteresis.

Active Publication Date: 2009-12-16
网经科技(苏州)有限公司
View PDF0 Cites 21 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

However, this method has a defect, that is, it relies on passive collection of data for analysis. This passive method has a significant defect: no matter what method is used to upgrade and maintain, there is always a lag
Today's new network applications emerge in endlessly, and passive maintenance methods cannot quickly adapt to actual needs, so protocol analysis technology based on active methods is needed

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Network behaviour active analyzing and diagnosing method

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0022] The active protocol analysis module of the present invention includes three major steps: basic protocol analysis, unknown message protocol analysis, and analysis result output. If the message analyzed by the basic protocol is not identified as a known application, the message can be selectively sent to the unknown message analysis module, and the message analysis module searches for the protocol characteristics in the message and returns the result.

[0023] The method of automatically analyzing network data can actively analyze specific protocol data and provide corresponding analysis results. The detailed process is as follows: First, the message is initially detected, and the message is matched with the known protocol library, and the known protocol message is eliminated; only the unrecognized protocol needs to be analyzed, and if necessary, sampling can also be used for analysis Part; then, unknown packet protocol analysis: for unknown packets, specify port, IP, and...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention provides a network behaviour active analyzing and diagnosing method; firstly, messages are initially tested, the messages and a known protocol library are matched to remove the known protocol messages; sequentially, unknown messages are subjected to protocol analysis, the unknown messages are designated with port, IP and time interval information, and the messages are extracted to protocol automatic analysis flow to be analyzed; and finally, the analysis result is output, the protocol automatic analysis flow establishes DPI and DFI models for the designated messages and outputs the analysis result. The method of the invention can analyze and diagnose unknown messages, is a beneficial supplement by combining a prior protocol analysis model, can carry out active analysis and diagnosis on sudden network situation and newly appeared network application as well as network behaviours in which users are interested, and avoids hystereticnature of passive tracing.

Description

technical field [0001] The invention relates to a network behavior active analysis and diagnosis method, which is suitable for open network application scenarios. Background technique [0002] Most of the current network protocol identification technologies break away from the traditional "five-tuple" matching, and are based on the analysis of the content of the application layer. The two most commonly used technologies in application layer analysis are DPI (Deep Packet Inspection, deep packet inspection) and DFI (Deep Flow Inspection, deep flow inspection). [0003] On the basis of analyzing the packet header, DPI technology adds the analysis of the application layer. It is a traffic detection and identification technology based on the application layer message. When the network datagram flows through the DPI device, the device automatically performs according to the 7-layer protocol. Split, and adopt different processing methods according to different protocols at the app...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): H04L12/26H04L12/56H04L29/06G06F17/30
Inventor 钱鋆谢晖刘继明
Owner 网经科技(苏州)有限公司
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap