Traffic measurement system and traffic analysis method thereof

US 20050249125A1
Filed: 10/23/2003
Published: 11/10/2005
Est. Priority Date: 12/13/2002
Status: Active Grant

First Claim

Patent Images

1. A traffic measurement system comprising:

a plurality of measurement devices that collect all of packets flowing through Internet links, extract traffic data required to analyze traffic from the collected packets, and process the extracted data into predetermined flow types; and

an analysis server that identifies applications of traffic by analyzing the traffic data transferred from the plurality of measurement devices as a whole, classifies the identified applications into predetermined traffic types, and outputs the classification result.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A traffic measurement system and a traffic analysis method are provided. The traffic measurement system includes a plurality of measurement devices that collect all of packets flowing through Internet links, extract traffic data required to analyze traffic from the collected packets, and process the extracted data into predetermined flow types, and an analysis server that identifies applications of traffic by analyzing the traffic data transferred from the plurality of measurement devices as a whole, classifies the identified applications into predetermined traffic types, and outputs the classification result. The traffic measurement system measures the traffics in the Internet network and processes the measured traffics to generate detailed traffic statistical data according to applications. In particular, the traffics are analyzed considering measurement data from various points, and the data for identifying the applications are extracted from headers of the applications included in payloads of IP packets in real time. Accordingly, detailed traffic analysis result is provided.

Citations

16 Claims

1. A traffic measurement system comprising:
- a plurality of measurement devices that collect all of packets flowing through Internet links, extract traffic data required to analyze traffic from the collected packets, and process the extracted data into predetermined flow types; and
  
  an analysis server that identifies applications of traffic by analyzing the traffic data transferred from the plurality of measurement devices as a whole, classifies the identified applications into predetermined traffic types, and outputs the classification result.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The traffic measurement system of claim 1, further comprising a plurality of time receiving devices that extract time signals from a GPS satellite or a CDMA base station to synchronize the times of the plurality of measurement devices.
  - 3. The traffic measurement system of any one of claims 1 and 2, wherein each of the plurality of measurement devices comprises:
    - a packet collection unit that collects the packets flowing through the Internet lines from router connection lines and records the collection times of the packets;
      
      a flow generation unit that generates flows using the packets having the same data, such as a target address, a protocol, and a port number, from the packets collected by the packet collection unit, extracts data required for detailed analysis of the applications after analyzing the contents of the packets, and stores the extracted data according to the flow; and
      
      a transfer unit that transfers the data stored in the flow generation unit to the analysis server according to a predetermined time interval.
  - 4. The traffic measurement system of claim 3, wherein the packet collection unit collects the packets by using one of tapping, port mirroring, and signal distribution.
  - 5. The traffic measurement system of claim 3, wherein the data required for detailed analysis of the applications are application signatures for identifying the applications in payload of the packets.
  - 6. The traffic measurement system of any one of claims 1 and 2, wherein the analysis server comprises:
    - a data receiving unit that receives the packet data from the plurality of measurement devices;
      
      a traffic analysis unit that analyzes the data provided from the plurality of measurement devices via the data receiving unit as a whole, and classifies the applications into the traffic types according to the analysis result;
      
      a data storing unit that stores the traffic analysis result of the traffic analysis unit; and
      
      a user interface that displays the traffic analysis result stored in the data storing unit to a user after processing the traffic analysis result into various types desired by the user.
  - 7. The traffic measurement system of claim 6, wherein the analysis server further comprises a report output unit that processes the traffic analysis result from the traffic analysis unit into a predetermined report type and stores the processed data in the data storing unit, and the report is displayed to the user through the user interface.
  - 8. The traffic measurement system of claim 1, wherein the traffic types comprise:
    - a first traffic type whose applications are identified using only TCP/UDP port numbers;
      
      a second traffic type whose applications are identified by collecting application headers and application signatures that are included in payloads of the packets;
      
      a third traffic type whose applications are identified by extracting application data from the second traffic type, since application data is not included in reverse traffic of the second traffic type;
      
      a fourth traffic type whose applications are assigned predetermined port numbers are identified based on application signature of other flows since the port numbers are exchanged through an other control flows; and
      
      a fifth traffic type whose applications are not classified into the first through the fourth traffic types.

9. A traffic analysis method performed in a traffic measurement system that collects packets flowing through Internet links, analyzes traffic, and identifies the applications of the packets, the method comprising:
- classifying a first traffic type whose applications are identified using only port numbers included in flow data that is processed into a predetermined type;
  
  classifying a second traffic type whose applications are identified by collecting application headers and application signature that are included in payload of the packets, from the flow data remaining after the first traffic type is classified;
  
  classifying a third traffic type whose applications are identified by analyzing the flow data remaining after the second traffic type is classified and reverse-direction flow data of the flow that are measured at different points as a whole;
  
  classifying a fourth traffic type whose applications are identified by analyzing the flow data remaining after the third traffic type is classified and flow data measured at different points, since port numbers for the applications are not predetermined; and
  
  classifying a fifth traffic type whose applications cannot be identified using the flow data remaining after the fourth traffic type is classified.
- View Dependent Claims (10, 11, 12, 13, 14, 15, 16)
- - 10. The traffic analysis method of claim 9, wherein the flow data is packets having the same target address, the same protocol, and the same port number among the packets flowing through the Internet lines.
  - 11. The traffic analysis method of claim 9, further comprising determining whether identification data of the fourth traffic type is present in traffic included classified into the first traffic type and extracting and storing the application signature of the fourth traffic type, after classifying the first traffic type.
  - 12. The traffic analysis method of claim 9, further comprising extracting and storing the application signature of traffic classified into the third traffic type when traffic classified into the second traffic type is backward traffic of traffic classified into the third traffic type, after classifying the second traffic type.
  - 13. The traffic analysis method of claim 9, further comprising determining whether identification data of the fourth traffic type is present in traffic classified into the second traffic type and extracting and storing the application signature of the fourth traffic type, after classifying the second traffic type.
  - 14. The traffic analysis method of claim 9, further comprising taking statistics on traffic classified into the fifth traffic type in order to monitor the applications and storing the statistics result, after classifying the fifth traffic type.
  - 15. The traffic analysis method of claim 9, further comprising processing the classified traffic types into predetermined report types desired by a user and storing or providing the processed report through a user interface, after classifying the fifth traffic type.
  - 16. A recording medium on which a traffic analysis method of claims 9 through 15 is recorded using program codes that are operated in a computer.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Electronics and Telecommunications Research Institute
Original Assignee
Electronics and Telecommunications Research Institute
Inventors
Yoon, Seung Hyun, Kim, Chang Hoon, Choi, Tae Sang, Jeong, Tae Soo, Park, Jeong Sook, Chung, Hyung Seok, Kim, Hyung Hwan

Granted Patent

US 7,508,768 B2
Time in Patent Office

Days
Field of Search
US Class Current

370/252
CPC Class Codes

H04L 43/026   using flow identification

H04L 43/045   for graphical visualisation...

H04L 43/062   related to network traffic

Traffic measurement system and traffic analysis method thereof

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

16 Claims

Specification

Solutions

Use Cases

Quick Links

Traffic measurement system and traffic analysis method thereof

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

16 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links