41 results about "Network traffic measurement" patented technology

A method and system for profiling network flows at a measurement point within a computer network is provided. The method includes measuring network flows having invariant features at a measurement point located within routing infrastructure of the computer network to obtain flow statistics. The method also includes aggregating the flow statistics to obtain a traffic profile of the network flows at the measurement point. The method and system utilize the natural hierarchy in the Internet addressing scheme to provide a means for making tractable measurements of network traffic in high-speed networks. Moreover, the method and system adapt dynamically to the changing underlying traffic characteristics to maintain a maximum memory footprint for the profiles. The method and system adapt by adjusting the level of aggregation of the traffic endpoints along a scale from Interface to fully specified network address.

Traffic measurement should make it possible to obtain the spatial flow of traffic through the domain, i.e., the paths or trajectories followed by packets between any ingress and egress point of the domain. A method of sampling packet trajectories in a packet switching network allows the direct inference of traffic flows through a measurement domain by observing the trajectories of a subset of all packets traversing the network. A method which assumes that the measurement domain does not change comprises the steps of selecting packets for sampling in accordance with a sampling function of the packet content and generating a practically unique label for each sampled packet. The method does not rely on routing state, its implementation cost is small, and the measurement reporting traffic is modest and can be controlled precisely. Using the same hash function will yield the same sample set of packets in the entire domain, and enables us to reconstruct packet trajectories. An alternate embodiment which assumes no constraints and that the measurement domain may change comprises the steps of applying a sampling function and altering an invariant bit position as a signaling flag in each packet selected for sampling.

Methods, apparatuses and systems directed to an adaptive network traffic monitoring and measurement system. In one implementation, the present invention provides a measurement engine that monitors data flows on the packet processing path of a network device and executes measurement policy that control the granularity with which measurement data is recorded. In one implementation, the present invention provides a filtering and aggregation mechanism that can seamlessly adapt to changes in measurement policy configuration.

A method, network entity and test controller for establishing a Session Initiation Protocol (SIP) session between a plurality of SIP-based network entities and performing test measurements over the SIP session. The test controller instructs the network entities to establish the SIP session and specifies which test measurements are to be performed. The SIP session is established between the network entities, the test measurements are carried out, and the results are reported back to the test controller by at least one of the network entities, which may be terminals or packet data nodes such as a CDMA2000 Packet data Switched Node (PDSN) or Base Station Controller (BSC). The network entities may comprise SIP user agents and test modules in the forms of software and/or hardware.

A measurement system is provided. In that measurement system, an active measurement device and passive measurement devices can cooperate to perform flexible measurement. The measurement system comprises passive measurement devices, each of which receives packets flowing through a network and performs measurement according to a measurement rule; an active measurement device that sends a request for a measurement to a content providing server according to a measurement rule, and acquires information relating to contents as measurement objects based on a response to said request for a measurement; and an analysis device that derives characteristics relating to provision of the contents, by performing calculation according to an analysis rule, with said calculation using measurement results corresponding to the information acquired by said active measurement device among measurement results of said passive measurement devices.

A system and method for measuring network performance include a first element in a network, the first element operable to receive a data packet and to create a clone packet based on the data packet, the clone packet having a destination the same as a destination of the data packet and having information identifying the clone packet as a clone, the first element operable to insert the clone packet into a data stream with the data packet.

The invention discloses a network traffic measurement method based on an RBF neural network. The network traffic measurement method based on the RBF neural network comprises the following steps in sequence: establishment of an RBF neural network model, normalization processing of network traffic data lines, a learning algorithm of the RBF neural network model, the training algorithm of the RBF neural network model and evaluation of performance of the RBF neural network model. According to the network traffic measurement method based on the RBF neural network, the traffic measurement model based on the RBF neural network is established to give out structural design of the RBF neural network and the learning algorithm based on orthogonal least squares, the RBF method is higher in prediction accuracy relative to a BP traffic prediction model, the RBF method can describe the change rules of network traffic quite well, and has the advantages of being strong in generalization ability and good in stability, and the method has high practical value in network traffic prediction.

Systems and methods may be used to assess network communications by generating one or more thresholds for network traffic parameters based at least in part on a generated baseline for the network traffic parameter in the supervisory control and data acquisition system based on communications within the industrial network. Network communications may be assessed by determining whether the communications in the industrial network fall within the one or more thresholds for the network traffic parameter.

The invention discloses a DDoS (Distributed Denial of Service) attack detection method based on chaos theory analysis, which comprises the following steps: step 1, collecting information network flowdata, and preprocessing the collected flow data; 2, establishing a network normal flow model by adopting a sequence prediction algorithm in the time sequence model; 3, performing subtraction on the network flow normal model and the network flow measurement value to obtain a corresponding new sequence, thereby obtaining an abnormal subsequence of the network flow; 4, analyzing the abnormal subsequence by adopting a Lyapunov exponent in a chaos theory, and judging the state of the system at the current moment. The technical problems that in the prior art, due to the fact that most of attack flows speak from single data, no obvious malicious feature exists, and even a legal normal request appears, the DDoS attack has great difficulty in detection, and at present, there is no effective solution to detect the DDoS attack to eradicate or reduce the brought harm can be solved.

The invention discloses a network flow measurement algorithm based on sampling. The method comprises the following steps: (1) reasonably configuring parameters of a Counting Bloom Filter structure; (2) judging whether the network flow of an arrival data packet is new flow by using the Counting Bloom Filter structure; (3) if the arrival data packet is judged as the new flow, inserting the new flow into the Counting Bloom Filter, adding 1 to a flow counter, calculating an error probability P of the number of the inserted flow, adjusting the sampling frequency (the formula is as shown in the specification) at the same time, wherein f is the sampling frequency of the entire algorithm, perform random sampling on the new flow according to the adjusted frequency, continuing to process the next packet, repeating the step (2) to continue the circulation; and (4) if it is judged that no new flow arrives, continuing to process the next packet, and repeating the step (2) to continue the circulation. By adoption of the network flow measurement algorithm based on sampling, equal probability sampling of the network flow is realized, the network flow data can be reduced, the feature information of the network flow data can be maintained, and the storage resources of the system are saved.

The invention relates to the field of network traffic measurement and estimation of the SDN, and provides an online estimation method for a traffic matrix of an SDN based data center interconnection (SDN-DCI) network which can be used for simply, rapidly and accurately estimating the traffic matrix of the SDN-DCI large-scale network in an online mode. The method comprises the following steps: firstly, rapidly determining k OD flows with relatively large traffic of the current network by using a modified generalized gravity model; uniformly issuing corresponding flow tables according to an SDN flow table without changing the original route so as to measure the k OD flows with relatively large traffic, guarantee the estimation accuracy of the OD flows and ensure the load balancing of the device node flow table; and then positioning a link L with relatively large estimation errors according to the relative error between the link load measurement information of an SNMP protocol and the estimation value; and finally, defining the error factors of the OD flows, finding out n OD flows that have larger influence on the estimation error from a positioned link set L with relatively large estimation errors, and issuing the corresponding SDN flow table to measure the flow value so as to ensure that the estimation error of the traffic matrix can be reduced to a maximum extent.

The invention provides a network flow measuring instrument and a network flow payment system using the measuring instrument, wherein the network flow measuring instrument is low in cost, high in measuring precision and good in security; the network flow measuring instrument comprises an MCU (Microprogrammed Control Unit), a flow measuring chip, a memory cell, a network switching module, a user IC (Integrated Circuit) card and a software management system; the MCU is used as the control center of the whole system, and the MCU is used for being responsible for controlling orderly operation of the whole hardware system and realizing network control by controlling the flow measuring chip; the Ethernet connecting of multiple users is realized by controlling a multi-port switching module; the storage of flow data and user data is realized by controlling the memory cell; real-time monitoring of network flow is realized through the software management system mounted at a PC (Personable Computer) end; and the information updating of remaining flow inside the memory cell is realized by controlling the user IC card. The user IC card is a logic encryption card, different memory areas are encrypted by adopting different encryption factors, and the flow measuring chip is corresponding to the characteristic information of the user IC card uniquely.

The invention relates to the technical field of measurement of network flow, and discloses a calibration device for a mobile terminal flow measurement system. The calibration device comprises a calibration box body and a calibration device circuit, wherein the calibration device circuit comprises a system mainboard, a wireless module group, a touch screen display and a lithium battery pack; the wireless module group is arranged on one side of the system mainboard; a touch screen panel is arranged above the system mainboard; an SIM card insertion slot group and an external USB interface are arranged on the touch screen panel; an equipment restart key switch, a changeover knob switch and a main power supply switch are arranged on the other side of the system mainboard. According to the calibration device, the flow of a three-network mobile terminal is calibrated by adopting a source end and target end joint monitoring mode, so that precise counting of the data flow actually used by a customer from a user terminal is realized; by comparison with charged data of an operator, counting calibration and supervision of a mobile operator charging system are realized, and the legal interest of the customer is maintained.

The invention relates to an adaptive fair sampling method based on reduction of number of flows, belonging to the field of network traffic measurement. The adaptive fair sampling method comprises: according to whether the arrival packet is an existing flow table entries, different network flow fairness sampling strategies are obtained; according to the reduction of number of flows, the size flow is distinguished and counted, and the selective extraction ratio is obtained, and the flow table entries in the memory cache are established; according to the speed of new flow table entries arriving at the measure point, all sample flow sets with flow integer compression are obtained; a new sampling probability function cluster is proposed based on the size flow distribution of all sample flow sets; according to the probability function cluster, the sample stream set is sampled fairly, and the fair sampling results of the size flow in the sample are obtained. The adaptive fair sampling method based on reduction of number of flows can realize the accuracy of the sampling algorithm in the network flow measurement. And the adaptive fair sampling method based on reduction of number of flows can not only solve the scalability problem of the sampling algorithm on the high-speed chain path, but also effectively improve the fairness of the algorithm.

A data structure is provided for storing network contact information based on an array of physical memory locations. Virtual vectors are constructed for each source, wherein each element in each virtual vector is assigned to a corresponding physical memory location within the array. The physical memory locations are shared between the virtual vectors uniformly at random so that the noise introduced by sharing can be predicted and removed. A method for storing network contact information is also provided in which a hash function is performed using the address of a source host to find a virtual vector for holding information about the source host. A second hash function is performed using the address of a destination host to find a virtual memory location, within the virtual vector, for holding information about the destination host. Finally, information is stored at a physical memory location assigned to the virtual memory location. Estimation range enhancement is further provided by performing multiple estimations with different sampling probabilities and selecting a best estimation based on a maximum likelihood method.

The invention belongs to the technical field of network flow measurement, discloses a network flow measurement method and system, computer equipment, a storage medium and application, and adopts a novel extensible reversible data compression fusion model capable of simultaneously realizing efficient and accurate network flow measurement of a memory. The model can dynamically and adaptively expand and compress the size of the memory occupied by the fusion model according to the distribution condition of network traffic information. The core idea of the invention is that counters with different sizes are utilized to monitor a low-cardinal-number host and a high-cardinal-number host respectively, that is, a small-sized counter is utilized to monitor the low-cardinal-number host, and a counter capable of adaptively expanding the size is utilized to monitor the high-cardinal-number host; and efficient memory utilization during low-cardinal-number host monitoring and high accuracy during high-cardinal-number host monitoring are ensured. Based on the model, the invention designs a rapid and efficient network flow measurement method to accurately analyze the cardinal number of the host, rapidly identify the super host and efficiently reconstruct the abnormal address.