111 results about "Classful network" patented technology

Adaptive network traffic classification using historical context. Network traffic may be monitored and classified by considering several attributes using packet filters, regular expressions, context-free grammars, rule sets, and/or protocol dissectors, among other means and by applying a variety of techniques such as signature matching and statistical analysis. Unlike static systems, the classification decisions may be reexamined from time to time or after subsequent processing determines that the traffic does not conform to the protocol specification corresponding to the classification decision. Historical context may be used to adjust the classification strategy for similar or related traffic.

The present invention is directed towards systems and methods for providing discovery of applications for classification of a network packet for performing QoS and acceleration techniques. Remote display protocol traffic associated with a new application not previously included in a list of predetermined applications may be parsed for application information, and the new application may be added to the application list. The remote display protocol traffic may then be classified according to the new application, and network performance may be enhanced and optimized by providing QoS and acceleration engines with packet- or data-specific information corresponding to the newly identified application.

A method of adaptively classifying information using a binary tree comprises establishing a binary tree including a set of binary sequences each representing one or more network addresses. Once network traffic is received having identifiers describing network traffic sources, the identifiers are correlated to binary sequences within the binary tree. A revision metric is formed based on this correlating, and the binary tree is then revised according to this revision metric.

A method of blocking a DDOS attack comprises establishing a binary tree including a set of binary sequences, each of these binary sequences representing one or more network addresses. When network traffic is received having identifiers describing network traffic sources, the identifiers are correlated to binary sequences within the binary tree. Once a DDOS attack notification signal is received, a selected binary tree path within the binary tree is identified as a low cost blocking path within the binary tree. Network traffic correlated to a binary sequence corresponding to the selected binary tree path is blocked.

A search method of a roaming service for registering a mobile station to a network service includes searching for a home public land mobile network (HPLMN) when the mobile station is first switched on or recovering from lack of service, or sorting an available public land mobile network (PLMN) list, or using a scaling method to obtain a temporary timer period for a periodic search. Sorting the available PLMN list includes sorting according to a location-based order of preferred PLMNs, or sorting according to a data transfer speed supported by each PLMN. The scaling method includes examining a change ratio in the available PLMN list, or a data transfer speed of the RPLMN, or a status of Mobile Country Code (MCC) in order to obtain the temporary timer period.

Systems and methods of classifying data flows being communicated on a network by one or more network elements. One method includes creating a table including information of packet timestamps and pre-defined packet header fields, grouping packets into data flows based on information in the table, assigning flow identifiers to each data flow, determining a plurality of feature/characteristic sets having one or more features and/or one or more characteristics of the data flows, determining one or more classifiers to predict flow labels using the plurality of feature/characteristic sets, and generating a classification policy that includes the one or more classifiers to classify data flows on the network. The method can also include storing the classification policy in at least one non-transitory computer medium that is accessible by a network element that is classifying data flows on the network, and using the classification policy to classify data flows.

The invention discloses a method of application classification in Tor anonymous communication flow, which mainly solves the problem of acquisition of upper-layer application type information in the Tor anonymous communication flow and relates to the correlation technique, such as feature selection, sampling preprocessing and flow modeling. The method comprises the following steps of: firstly, defining a concept of a flow burst section by utilizing a data packet scheduling mechanism of Tor, and serving a volume value and a direction of the flow burst section as classification features; secondly, preprocessing a data sample based on a K-means clustering algorithm and a multiple sequence alignment algorithm, and solving the problems of over-fitting and inconsistent length of the data sample through the manners of value symbolization and gap insertion; and lastly, respectively modeling uplink Tor anonymous communication flow and downlink Tor anonymous communication flow of different applications by utilizing a Profile hidden Markov model, providing a heuristic algorithm to establish the Profile hidden Markov model quickly, during specific classification, substituting features of network flow to be classified into the Profile hidden Markov models of different applications, respectively figuring up probabilities corresponding to an uplink flow model and a downlink flow model, and deciding the upper-layer application type included by the Tor anonymous communication flow to be classified through a maximum joint probability value.

The invention discloses a Faster-RCNN target object detection method based on deep reinforcement learning. The comprises the steps: storing the state of the regional suggested network RPN at each moment by adopting an experience pool of deep reinforcement learning, outputting two actions by adopting a convolution gating circulation unit, selectively executing corresponding actions by adopting a random strategy, and removing redundant detection boxes by adopting a self-defined non-maximum suppression method to obtain a detection box closest to a labeling box; classifying the detection frames byadopting a classification network, and carrying out quadratic regression on the detection frames to realize detection and identification of the target object. By adopting the technical scheme, the target positioning is accurate, and the target detection precision is high.

The embodiment of the invention provides a method for training an event prediction model, the method can be applied to a transfer learning scene, and data isolation and privacy security protection ofa source domain participant and a target domain participant are realized by setting a neutral server, wherein the source domain participant deploys a source domain feature extractor, the target domainparticipant deploys a target domain feature device, and a model sharing part in an event prediction model is deployed in a neutral server and specifically comprises a sharing feature extractor, a graph neural network and a classification network. For any participant, feature extraction is performed on a sample in a local domain by utilizing a feature extractor of the local domain to obtain localdomain feature representations, and the local domain feature representation is processed by using the current parameters of the model sharing part obtained from the server to obtain a corresponding event classification result, model updating based on the event classification result and the local domain sample is performed, and an updating result of the model sharing part is uploaded to the serverto enable the server to perform centralized updating.

A network apparatus of a communication system classifies traffic flows containing packets based on packet features. The network apparatus provides a copy of a packet contained in a traffic flow to a cluster node, and controls the cluster node to select at least one detector node based on the features of the packet and to forward said copy to the selected detector node to find out based on said copy whether the packet is malicious or not. In response to receiving from the detector node a flow indication on the traffic flow, the network apparatus controls a switch node to perform at least one flow control action on the traffic flow, the action including one or more of flow removal, flow modification and flow installation

The invention discloses a deep fake face video positioning method based on space-time fusion. The method comprises the following steps: (1) constructing a convolutional neural network; (2) constructing a classification network fusing time domain and space domain features; (3) constructing a segmentation positioning task network; (4) constructing a reconstruction task network; (5) constructing a multi-task fusion network; (6) generating a multi-task fusion loss function; (7) generating a training set; (8) training the multi-task fusion network; (9) identifying and positioning the deeply-forged face video. According to the method, the classification network fusing the time domain and space domain features is constructed to extract the features, more complete intra-frame and inter-frame features can be extracted, and higher accuracy is obtained; meanwhile, the multi-task fusion loss function used for training the multi-task fusion network is constructed, and the accuracy of the multi-task fusion network is improved. The problem that generalization ability and function completeness are affected due to the fact that no attack category exists and tasks are simplified is solved.

The invention discloses an adversarial sample attack method for a voice keyword classification network. The adversarial sample attack method comprises the following steps: (1) selecting training dataand a target tag of trained batch sizes according to a training strategy; (2) inputting the data and the tags into a generator G, generating adversarial disturbance, and constructing a corresponding adversarial sample; (3) respectively inputting the generated adversarial samples into a discriminator D and a target victim model to obtain corresponding losses, calculating the corresponding losses, and updating parameters of the network; (4) repeating steps (1) to (4) until a training stop condition is met, and finally obtaining a trained model; and (5) using the model, loading model parameters,and inputting a voice sample and the target tag to quickly generate an adversarial sample. By using the method provided by the invention, the adversarial sample attack based on the voice keyword classification network application in a real-time scene can be realized.

The invention discloses a method for calculating popularity of network information data, which relates to the technical field of computers and comprises the following steps of: crawling web portals with preset grade values to obtain a plurality of pieces of network information data; performing network information label classification; carrying out overall clustering when the network information event library has a plurality of network information event subsets, otherwise, carrying out incremental clustering; counting the network information quantity, the network information release time and the user behavior data in each network information event subset; sorting and assigning each piece of network information data of each network information event subset to obtain a first weight; processing to obtain the forwarded and reshipped quantity of each network information data; and carrying out weighted summation on the preset grade value, the network information label, the network informationquantity, the network information report time, the user behavior data, the first weight, the forwarded quantity and the transshipment quantity to obtain a network information data popularity value. According to the method, multiple influence factors are considered, and the network information data popularity value is more comprehensive and reasonable.

The invention discloses a route advertising method and network equipment, wherein the method comprises the following steps: determining route information protocol versions run by all neighborhood equipment by first network equipment running a second version RIPv2 (Routing Information Protocol version 2) of a route information protocol; and splitting a hypernet route into continuous routes of classful networks contained in a hypernet and advertising the split continuous routes of the classful networks to the neighborhood equipment running RIPv1 (Routing Information Protocol version 1) through the first network equipment when the first network equipment advertises the hypenet routes to the neighborhood equipment running the RIPv1 (Routing Information Protocol version 1) of the route information protocol. The invention can ensure that equipment running the RIPv1 (Routing Information Protocol version 1) can correctly learn all continuous routes of the classful networks contained in the hypernet in a network running the RIPv1 protocol and the RIPv2 protocol, thereby avoiding the problem of route black hole.

The invention belongs to the technical field of malicious traffic detection, and discloses an encrypted malicious traffic detection method, a detection system and computer equipment, wherein the method comprises the steps of: supervising and controlling network card traffic and capturing traffic data packets; performing data preprocessing; carrying out byte dimension feature extraction; carrying out data packet dimension feature extraction; constructing a classification network; and generating and transmitting an alarm log. The invention provides a C&C encrypted malicious traffic detection method, and particularly relates to a deep learning detection model for C&C encrypted malicious traffic. The C&C traffic is traffic which utilizes an encryption technology and a multi-stage attack mode at the same time. The model has good generalization performance, and attack instructions outside a training set can be detected. The model has good classification performance, and malicious traffic types with high similarity can be distinguished.

The embodiment of the invention provides a multi-model fusion training method and a text classification method and device. The multi-model fusion training method comprises the steps: performing targetcontent extraction and classification on text data, and constructing a target data set; performing fusion processing on a preset single classification network model, and constructing a multi-model fusion network structure; and training the multi-model fusion network structure based on the target data set to obtain a fusion classification network model. According to the multi-model fusion trainingmethod disclosed by the embodiment of the invention, the single classification network model can be fused with the learning ability of other models, and the generalization ability of the single classification network model is improved, so that the training efficiency and the recognition accuracy of the model are effectively improved.

Discrimination of application specific network traffic from other from general or unclassified network traffic is provided. Users may specify particular applications or data strings to be monitored.

The invention discloses a traffic sign target detection method based on a multilevel divide-and-conquer network, which is used for solving the technical problems of low traffic sign detection precision and low recall rate in the prior art. The method comprises the following specific steps: generating a training set and a test set; training a target detection network; extracting a background category of a sample of a traffic sign-free target in the test set; enhancing the data in the training set; generating a training set of label categories and a training set of label and background categories; training a classification network; positioning and roughly classifying a to-be-detected target; and carrying out fine classification on the pictures after rough classification. The multi-level divide-and-conquer network constructed by the invention overcomes the defect that excellent results cannot be obtained on the aspects of positioning and classification of the traffic sign targets in the prior art, so the positioning and classification accuracy of the traffic sign targets is effectively improved by the multi-level divide-and-conquer network.

The invention belongs to the technical field of radar signal processing, and discloses a radar signal intra-pulse modulation identification method based on deep learning. The method comprises the following steps: S1, carrying out filtering and de-noising preprocessing on radar sampling signals; S2, performing Cohen type time-frequency distribution processing on the preprocessed sampling signals to obtain a time-frequency image; S3, after the time-frequency image is processed, inputting the time-frequency image into a trained DCNN-C network model, and automatically judging the type of input radar intra-pulse modulation signals through the network model to complete identification, wherein the DCNN-C network model comprises a DCNN network and a classification network spliced with the DCNN network. According to the method, the Choi-Williams time-frequency distribution processing is carried out by using a double-sphere kernel function, so that the cross term suppression effect on the radar signals is better, and the signal robustness characteristic is more obvious; background denoising processing is carried out on a time-frequency image by using the DCNN network, information loss of signal energy caused by time-frequency preprocessing can be effectively avoided, so that the accuracy of radiation source identification is improved, and the identification method is simple, practical, and effective.

The invention discloses an image classification network training method based on massive single-class and single-amplitude images. The training data sets of double data forms of the single-class and single images and the single-class and multi-amplitude images are used to train an image classification network of the massive single-class and single-amplitude images alternately and cyclically, a training data input layer is replaced with two network layers of one input layer of a training data set 1 and two input layers of a training data set 2. When the number of training iterations is odd, thetraining data set is used as the input data of the image classification network base on the massive single-class and single-amplitude images, a dynamic loss function based on iteration times adopts an inter-class distance loss function to train the network. When the number of iterations is even, the training data set 2 is used as the input data of the image classification network base on the massive single-class and single-amplitude images, and the dynamic loss function based on the iteration times combines the center loss and Soft-max loss functions as the loss functions of the training network to train the network, thereby obtaining an image classification model.