Stratification characteristic analysis-based method and apparatus thereof for on-line identification for TCP, UDP flows

Abstract

The invention relates to a stratification characteristic analysis-based method and an apparatus thereof for on-line identification for TCP, UDP flows. The method comprises the following steps that: an off-line phase determines a common port number of a first layer to-be-identified service type and a characteristic field of a second layer to-be-identified service data flow through a protocol analysis; a port number and characteristic field database is constructed; meanwhile, a third layer Bayesian decision tree model is obtained by training by employing a machine study method; and service type identification on a flow is completed by utilizing the characteristic database and a study model at an on-line classification phase. In addition, the apparatus provided in the invention comprises a data flow separating module, a characteristic extraction module, a characteristic storage module, a characteristic matching module, an attribute extraction module, a model construction and classification module and a classification result display module. According to the embodiment of the invention, various application layer services based on TCP and UDP are accurately identified; moreover, the identification process is simple and highly efficient; therefore, the method and the apparatus are suitable for realization of a hardware apparatus and can be applied for equipment and systems that require on-line flow identification in a high speed backbone network and an access network.

Description

technical field [0001] The present invention relates to the technical field of computer network and communication, in particular to a flow identification method and device. Background technique [0002] With the growing importance of the Internet and the increasingly complex network structure, the number of network users has increased rapidly, and various new network applications, services, standards and protocols have emerged one after another. Accurate identification of traffic in the network is the basis of many network activities, such as security monitoring, accounting, ensuring the QoS of transmission services, and providing operators with useful predictions from a long-term perspective. At the same time, network administrators can control the network appropriately only if they know the current network running status at any time and grasp the various traffic conditions in the network, which all involve the technology of traffic identification. Therefore, it is particu...

AI Technical Summary

Problems solved by technology

However, the detection method based on traffic characteristics is not perfect. Its disadvantages are: (1) the identification method is more complicated; (2) the identification accuracy is not as good as that based on the application layer signature traffic identification method, and it is difficult to accurately and real-time monitor the application layer traffic. Classification

[0004] At present, due to the abuse of port numbers, especially the use of dynamic port numbers for services such as P2P and passive FTP, the method of service identification based solely on the port number of the transport layer loses its effectiveness

However, the method for load characteristics is not suitable for traffic identification of high-speed backbone networks due to the relatively complicated operations involved.

At the same time, the method of traffic identification using machine learning methods is not suitable for hardware implementation of network equipment due to its computational complexity and accuracy, thus limiting its application in high-speed backbone networks.

Images