A method and device for detecting p2p traffic

A P2P traffic and quantity technology, applied in the field of network security, can solve the problems of high recognition error rate, many detection indicators, long detection time, etc., and achieve the effect of high detection accuracy, improved recognition accuracy, and improved recognition efficiency.

Active Publication Date: 2016-05-11
BEIJING TOPSEC TECH
View PDF5 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

The disadvantages of this method are: 1. There are too many detection indicators and the efficiency is too low; 2. The detection time is long, and it takes a long time to identify; 3. The recognition error rate is high

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • A method and device for detecting p2p traffic
  • A method and device for detecting p2p traffic
  • A method and device for detecting p2p traffic

Examples

Experimental program
Comparison scheme
Effect test

no. 1 example

[0049] In the first embodiment of the present invention, a method for detecting P2P traffic, such as figure 1 shown, including the following specific steps:

[0050] In step S101, the source host is monitored to obtain the number of destination hosts connected to the source host and the number of active sessions on the source host. When the source host accesses the destination host, it initiates a connection request to the destination host, and the destination host is a host that provides download resources.

[0051] Specifically, the acquisition process of the number of destination hosts connected to the source host is as follows:

[0052] Determine the number of destination hosts connected to the source host by counting the IP addresses of the destination hosts accessed by the source host;

[0053] Such as figure 2 As shown, the acquisition process of the number of active sessions on the source host is as follows:

[0054] S1. Determine the activity level of the session...

no. 2 example

[0065] In the second embodiment of the present invention, a device for detecting P2P traffic, such as Figure 4 shown, including the following components:

[0066] The monitoring module 100 is used to monitor the source host to obtain the number of destination hosts connected to the source host and the number of active sessions on the source host; when the source host accesses the destination host, it initiates a connection request to the destination host, and the destination host provides download resources host.

[0067] The judging module 200 is configured to judge whether the source host has P2P features according to the number of destination hosts connected to the source host and the number of active sessions on the source host.

[0068] Specifically, when acquiring the number of destination hosts connected to the source host, the monitoring module 100 is specifically used to:

[0069] Determine the number of destination hosts connected to the source host by counting th...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses a method and a device for P2P (peer-to-peer) flow inspection. The method includes monitoring a source host, and judging whether the source host has P2P features or not according to the number of destination hosts in connection with the source host and the number of active sessions on the source host. The device comprises a monitoring module and a judging module. Compared with an existing service type recognition method based on a DFI (deep / dynamic flow inspection) means, the method has the advantages that implementation is simple, same or higher inspection precision can be achieved by fewer inspection indexes, and accordingly P2P flow inspection efficiency is improved, and inspection time is shortened. By the technical scheme combined with the DPI means, P2P flow recognition precision can be further improved and is improved by 70-80% as compared with recognition precision by the aid of a pure DIP means, and active applications can be recognized only at short time.

Description

technical field [0001] The invention relates to the technical field of network security, in particular to a method and device for detecting P2P (Peer-to-Peer, point-to-point) traffic. Background technique [0002] Various applications based on the P2P protocol are becoming more and more widespread, but at the same time it brings convenience to people, it has gradually evolved into a killer of network bandwidth, which easily causes network congestion and seriously affects the quality of network service. At present, P2P traffic is identified mainly through two detection methods, DPI (Deep Packet Inspection, deep packet inspection) and DFI (Deep / Dynamic Flow Inspection, deep / dynamic flow inspection). The recognition rate has its own advantages and disadvantages. Since DPI adopts packet-by-packet analysis and keyword matching technology, it can accurately identify the known specific application types and protocols in the traffic, but the detection speed is relatively slow; while...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Patents(China)
IPC IPC(8): H04L12/26H04L29/08
Inventor 陈强
Owner BEIJING TOPSEC TECH
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap