Method and device for data packet feature extraction

A feature extraction and data packet technology, applied in the computer field, can solve the problems of cumbersome process and low efficiency, and achieve the effect of simple identification process, high identification efficiency, and low efficiency in solving cumbersome process

Active Publication Date: 2015-07-22
ASIAINFO TECH NANJING
View PDF3 Cites 10 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0004] The above-mentioned detection and identification through the characteristics in the data packet load, because there are a large number of messages in the data packet, makes th

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Method and device for data packet feature extraction
  • Method and device for data packet feature extraction
  • Method and device for data packet feature extraction

Examples

Experimental program
Comparison scheme
Effect test

Example Embodiment

[0066] Example one

[0067] The first embodiment of the present invention provides a data packet feature extraction method, such as figure 1 As shown, the method can include:

[0068] S101. Acquire a data packet including at least one message.

[0069] Wherein, the data packet is a data packet transmitted during network operation, and the data packet includes at least one message.

[0070] Specifically, the method for obtaining data packets may include but not limited to the following two methods:

[0071] Method 1. Obtain data packets by capturing data packets by real-time network card.

[0072] Exemplarily, if the executor of this embodiment obtains data packets by capturing data packets by a real-time network card, during network operation, the data packets captured in real time can be saved as packet capture in the INPUT directory. , Referred to as pcap) file. When S101 is executed, data packets are obtained by sequentially reading all pcap files in the INPUT directory.

[0073] Meth...

Example

[0132] Example 1. Assuming that data stream 1 is identified according to the protocol type of data stream 1, the host in the application layer protocol metadata of data stream 1 is A.B.C.D.

[0133] Then, before performing feature recognition, A.B.C.D is divided into multiple recognition contents step by step, namely: (.D), (.C.D), (.B.C.D), (A.B.C.D).

[0134] Assume that data stream 1 is the first data stream to be identified by the host in the data packet to which it belongs. Therefore, the feature set identified by the host is empty.

[0135] The following describes in detail the process of host identification for data stream 1:

[0136] First, match the identification content .D with the feature of each feature node in the feature set identified by the host. Since the feature set identified by the host is empty, there is no feature matching the identification content, so it is in the feature set identified by the host Add a new feature node (including feature: .D) that matches th...

Example Embodiment

[0219] Example two

[0220] The second embodiment of the present invention provides another data packet feature extraction method. The feature set is a tree structure, and specific examples are used to compare figure 1 The data packet feature extraction method shown is described in detail.

[0221] See Figure 4 , The method can include:

[0222] S401. Read a pcap file in the INPUT directory to obtain a data packet.

[0223] S402: Parse the data packet, and aggregate the same five-tuple packets in the data packet into one data stream to obtain 6 data streams.

[0224] Specifically, the 6 data streams are shown in Table 11:

[0225] Table 11

[0226]

[0227]

[0228] S403. For each data stream of the 6 data streams, each feature recognition model corresponding to the protocol type of the data stream in the preset database is used for identification, and all types of feature sets of the 6 data streams are obtained.

[0229] Among them, the preset database is shown in Table 1.

[0230] From t...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

An embodiment of the invention discloses a method and device for data packet feature extraction and relates to the field of computers. The simple and efficient data packet extraction is achieved. The technical scheme is that the method comprises the steps of obtaining a data packet comprising at least one message; analyzing the data packet, collecting messages with five same tuples in the data packet into a data flow and obtaining X data flows; adopting each feature recognition model corresponding to the protocol type of the data flows in a preset database to recognize each data flow among the X data flows respectively and obtaining feature sets of all types of the X data flows; and selecting Y features from the feature sets of all types of the X data flows to serve as features of the data packet. The method and the device are used for data packet feature extraction.

Description

technical field [0001] The invention relates to the field of computers, in particular to a data packet feature extraction method and device. Background technique [0002] With the development of network technology, Deep Packet Inspection (DPI for short) emerges as the times require. DPI technology is a technology that has been successful in traffic management, security and network analysis. This technology identifies data packets by extracting the characteristics of data packets, and then performs content analysis on data packets. Traffic management, security and network analysis, etc. Aspects of analysis and operation. [0003] For the feature extraction of the data package, the method of comparing and summarizing with the naked eye was initially adopted, which was not only a heavy workload but also incomplete feature induction. After that, in order to solve the problems caused by comparing and summarizing the characteristics of the data packets with the naked eye, a more...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
IPC IPC(8): H04L12/26H04L12/24
CPCH04L41/0654H04L43/00
Inventor 陈俊俞海腾陈振辉张许辉
Owner ASIAINFO TECH NANJING
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap