Network flow data index method and system
A technology of network traffic and data indexing, which is applied in the direction of network data indexing, network data retrieval, and other database retrieval, etc., to achieve the effects of small index disk space consumption, fast insertion speed, and fast query response
Active Publication Date: 2014-04-09
INST OF COMPUTING TECH CHINESE ACAD OF SCI
View PDF4 Cites 27 Cited by
- Summary
- Abstract
- Description
- Claims
- Application Information
AI Technical Summary
Problems solved by technology
[0009] In order to solve the above problems, the purpose of the present invention is to provide a network traffic data indexing method and system that can effectively support the indexing work of real-time high-speed traffic records, even in the case of small index disk space consumption, it can also support Fast index query operation
Method used
the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View moreImage
Smart Image Click on the blue labels to locate them in the text.
Smart ImageViewing Examples
Examples
Experimental program
Comparison scheme
Effect test
Embodiment Construction
[0042] Different from previous indexing methods, the present invention digs deep into the characteristics of network traffic and index fields, and uses these characteristics to propose corresponding indexing methods, which can effectively overcome many defects. The characteristics of network traffic and index fields through in-depth mining are as follows:
[0043] (1) Because network traffic and index files are often only used for query functions, that is, after network traffic data and index files are written to disk, no modification or update operations will occur.
[0044] (2) There are generally only six fields in the network traffic index: source IP address, destination IP address, source port number, destination port number, protocol number, and timestamp. The above fields either have strong local characteristics, or their value ranges are distributed in a very small interval. Since the IP address and timestamp share a common prefix, for the port number and protocol num...
the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More PUM
Login to View More Abstract
The invention discloses a network flow data index method and system. The method includes the steps of capturing network flow data in real time; establishing and storing an index structure of the network flow data in an internal storage by maintaining one bitmap-dictionary tree of each index field of the network flow data to update index structures of the index fields; querying the index structure of the network flow data according to query requests of users to obtain storage location information of the network flow data, returning the storage location information to the users and obtaining responsive data by the users according to the storage location information. Thus, the network flow data index method and system can effectively support operation for establishing indexes recorded through flow in real time at a high speed, and quick index query operations can also be supported even under the circumstance of low index disk space consumption.
Description
technical field [0001] The invention relates to computer network flow storage, in particular to a network flow data indexing method and system. Background technique [0002] With the increase of network applications and users, the scale of network flow data is getting larger and larger. The bandwidth of ordinary small networks or campus-scale network traffic has reached the speed of 1-10Gbps. Such a high-speed network link brings network traffic storage and A huge challenge for retrieval systems. In order to meet the needs of network management and network forensics, the system should ensure that it can not only store network data traffic in real time, but also perform efficient retrieval operations on large-scale network data sets. For example, in network forensics operations, operators need tools that can easily and efficiently scan stored data sets to detect intrusion activity. At present, the following two storage methods are mostly used for historical network traffic:...
Claims
the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More Application Information
Patent Timeline
Login to View More Patent Type & Authority Applications(China)
IPC IPC(8): G06F17/30
CPCG06F16/951
Inventor 贺泰华张广兴谢高岗董尚文付乔宾
Owner INST OF COMPUTING TECH CHINESE ACAD OF SCI