Method and device for data packet feature extraction
A feature extraction and data packet technology, applied in the computer field, can solve the problems of cumbersome process and low efficiency, and achieve the effect of simple identification process, high identification efficiency, and low efficiency in solving cumbersome process
- Summary
- Abstract
- Description
- Claims
- Application Information
AI Technical Summary
Problems solved by technology
Method used
Image
Examples
Example Embodiment
[0066] Example one
[0067] The first embodiment of the present invention provides a data packet feature extraction method, such as figure 1 As shown, the method can include:
[0068] S101. Acquire a data packet including at least one message.
[0069] Wherein, the data packet is a data packet transmitted during network operation, and the data packet includes at least one message.
[0070] Specifically, the method for obtaining data packets may include but not limited to the following two methods:
[0071] Method 1. Obtain data packets by capturing data packets by real-time network card.
[0072] Exemplarily, if the executor of this embodiment obtains data packets by capturing data packets by a real-time network card, during network operation, the data packets captured in real time can be saved as packet capture in the INPUT directory. , Referred to as pcap) file. When S101 is executed, data packets are obtained by sequentially reading all pcap files in the INPUT directory.
[0073] Meth...
Example
[0132] Example 1. Assuming that data stream 1 is identified according to the protocol type of data stream 1, the host in the application layer protocol metadata of data stream 1 is A.B.C.D.
[0133] Then, before performing feature recognition, A.B.C.D is divided into multiple recognition contents step by step, namely: (.D), (.C.D), (.B.C.D), (A.B.C.D).
[0134] Assume that data stream 1 is the first data stream to be identified by the host in the data packet to which it belongs. Therefore, the feature set identified by the host is empty.
[0135] The following describes in detail the process of host identification for data stream 1:
[0136] First, match the identification content .D with the feature of each feature node in the feature set identified by the host. Since the feature set identified by the host is empty, there is no feature matching the identification content, so it is in the feature set identified by the host Add a new feature node (including feature: .D) that matches th...
Example Embodiment
[0219] Example two
[0220] The second embodiment of the present invention provides another data packet feature extraction method. The feature set is a tree structure, and specific examples are used to compare figure 1 The data packet feature extraction method shown is described in detail.
[0221] See Figure 4 , The method can include:
[0222] S401. Read a pcap file in the INPUT directory to obtain a data packet.
[0223] S402: Parse the data packet, and aggregate the same five-tuple packets in the data packet into one data stream to obtain 6 data streams.
[0224] Specifically, the 6 data streams are shown in Table 11:
[0225] Table 11
[0226]
[0227]
[0228] S403. For each data stream of the 6 data streams, each feature recognition model corresponding to the protocol type of the data stream in the preset database is used for identification, and all types of feature sets of the 6 data streams are obtained.
[0229] Among them, the preset database is shown in Table 1.
[0230] From t...
PUM
Abstract
Description
Claims
Application Information
- R&D Engineer
- R&D Manager
- IP Professional
- Industry Leading Data Capabilities
- Powerful AI technology
- Patent DNA Extraction
Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.
© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap