Unlock instant, AI-driven research and patent intelligence for your innovation.

Method and device for restoring network session

A technology for network sessions and network traffic, applied in transmission systems, electrical components, etc., to solve problems such as the inability to restore network sessions

Active Publication Date: 2020-09-22
神州绿盟武汉科技有限公司
View PDF5 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0005] The embodiment of the present invention provides a method and device for restoring network sessions to solve the problem in the prior art that network session restoration based on NetFlow cannot be realized

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Method and device for restoring network session
  • Method and device for restoring network session
  • Method and device for restoring network session

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0033] figure 1 A schematic diagram of a process of restoring a network session provided by an embodiment of the present invention, the process includes the following steps:

[0034] S101: For the data packet transmission in the unidirectional network flow Netflow within a set time length, group according to the identification information of the sender and receiver carried in the data packet in the Netflow, and determine each group of senders in the Netflow and the receiver.

[0035] The method for restoring a network session provided by the embodiment of the present invention is applied to an electronic device, and the electronic device may be a gateway device, a network traffic analysis device, and the like.

[0036] The electronic device has a preset time length. Within the preset time length, the sender and the receiver have data packet transmission in Netflow, and the electronic device is grouped according to the identification information of the sender and receiver carr...

Embodiment 2

[0048] In order to restore the network session more accurately, on the basis of the above-mentioned embodiments, in the embodiment of the present invention, the traffic statistics information related to the data packet includes at least one of the following:

[0049] The total number of data packets sent by this group of senders, the number of synchronous SYN data packets sent, the number of non-duplicate source ports and the number of non-duplicate destination ports.

[0050] According to the data packet transmission in Netflow within the set time length, for each group of senders and receivers, the electronic device can determine the total number of data packets sent by the group of senders, the number of syn data packets sent, and the number of data packets sent. The number of unique source ports and the number of unique destination ports used to receive packets.

[0051] When the electronic device determines the network session initiator and the network session responder, ...

Embodiment 3

[0062] On the basis of the above embodiments, in the embodiment of the present invention, for each first network traffic statistics table, searching for the second network traffic statistics table mapped to the first network traffic statistics table includes:

[0063] For each first network traffic statistics table, according to the identification information of the sender and the receiver in the first network traffic statistics table, search for the identification information of the receiver and the sender to be respectively related to the sender in the first network traffic statistics table. The identification information of the party and the receiver correspond to the same network traffic statistics table, and the network traffic statistics table is a second network traffic statistics table mapped to the found first network traffic statistics table.

[0064] When the electronic device searches the second network traffic statistics table mapped to the first network traffic st...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention discloses a method and apparatus for restoring a network session. The method comprises the following steps: for each first network traffic statistical table, searching a second network traffic statistical table mapped by the first network traffic statistical table, judging whether first traffic statistical information in the first network traffic statistical table is greater than second traffic statistical information in the second network traffic statistical table, if so, determining a sender in the first network traffic statistical table as a network session initiator, and determining a receiver as a network session responder, and otherwise, determining the sender in the second network traffic statistical table as the network session responder, and determining the receiveras the network session responder; and then restoring the network session. In the embodiment of the invention, according to the size relationship between the first traffic statistical information and the second traffic statistical information, the network session initiator and the network session responder can be determined to restore the network session, therefore the scheme provided by the embodiment of the invention can restore the network session.

Description

technical field [0001] The invention relates to the technical field of network flow data packet transmission, in particular to a method and device for restoring network sessions. Background technique [0002] One-way network flow (Network flow, Netflow) can collect the number and information of data packets entering and leaving the network. It was first developed by Cisco and applied to products such as routers and switches. By analyzing the information collected by Netflow, network administrators can know the source and destination of data packets, the types of network services, and the causes of network congestion. Security analysis researchers use Netflow traffic for security class provenance and machine learning research. [0003] A network session is an uninterrupted request-response sequence between the network session initiator and the network session responder, and the network session is determined by the network five-tuple attribute. The network quintuple attribut...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Patents(China)
IPC IPC(8): H04L29/08
CPCH04L67/14
Inventor 袁帅肖岩军皮靖潘登
Owner 神州绿盟武汉科技有限公司