Traffic measurement system and traffic analysis method thereof
First Claim
1. A traffic measurement system comprising:
- a plurality of measurement devices that collect all of packets flowing through Internet links, extract traffic data required to analyze traffic from the collected packets, and process the extracted data into predetermined flow types; and
an analysis server that identifies applications of traffic by analyzing the traffic data transferred from the plurality of measurement devices as a whole, classifies the identified applications into predetermined traffic types, and outputs the classification result.
1 Assignment
0 Petitions
Accused Products
Abstract
A traffic measurement system and a traffic analysis method are provided. The traffic measurement system includes a plurality of measurement devices that collect all of packets flowing through Internet links, extract traffic data required to analyze traffic from the collected packets, and process the extracted data into predetermined flow types, and an analysis server that identifies applications of traffic by analyzing the traffic data transferred from the plurality of measurement devices as a whole, classifies the identified applications into predetermined traffic types, and outputs the classification result. The traffic measurement system measures the traffics in the Internet network and processes the measured traffics to generate detailed traffic statistical data according to applications. In particular, the traffics are analyzed considering measurement data from various points, and the data for identifying the applications are extracted from headers of the applications included in payloads of IP packets in real time. Accordingly, detailed traffic analysis result is provided.
-
Citations
16 Claims
-
1. A traffic measurement system comprising:
-
a plurality of measurement devices that collect all of packets flowing through Internet links, extract traffic data required to analyze traffic from the collected packets, and process the extracted data into predetermined flow types; and
an analysis server that identifies applications of traffic by analyzing the traffic data transferred from the plurality of measurement devices as a whole, classifies the identified applications into predetermined traffic types, and outputs the classification result. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A traffic analysis method performed in a traffic measurement system that collects packets flowing through Internet links, analyzes traffic, and identifies the applications of the packets, the method comprising:
-
classifying a first traffic type whose applications are identified using only port numbers included in flow data that is processed into a predetermined type;
classifying a second traffic type whose applications are identified by collecting application headers and application signature that are included in payload of the packets, from the flow data remaining after the first traffic type is classified;
classifying a third traffic type whose applications are identified by analyzing the flow data remaining after the second traffic type is classified and reverse-direction flow data of the flow that are measured at different points as a whole;
classifying a fourth traffic type whose applications are identified by analyzing the flow data remaining after the third traffic type is classified and flow data measured at different points, since port numbers for the applications are not predetermined; and
classifying a fifth traffic type whose applications cannot be identified using the flow data remaining after the fourth traffic type is classified. - View Dependent Claims (10, 11, 12, 13, 14, 15, 16)
-
Specification