Method and apparatus for identifying application protocol
First Claim
1. A method of identifying an application protocol, the method comprising:
- A. classifying a data packet to be detected into an individual traffic flow;
B. searching for keywords in a valid payload of the traffic flow based upon a keyword database of identifiable application protocols, and determining a keyword weight vector of the traffic flow, wherein a weight of a keyword is related to a location of the keyword in a valid payload of a traffic flow;
C. determining similarities between the keyword weight vector of the traffic flow and feature keyword weight vectors of the identifiable application protocols; and
D. determining an application protocol corresponding to a feature keyword weight vector with the highest similarity to the keyword weight vector of the traffic flow as the application protocol of the traffic flow if a predetermined condition is satisfied.
11 Assignments
0 Petitions
Accused Products
Abstract
In an embodiment, the method of identifying an application protocol includes classifying a data packet to be detected into an individual traffic flow, searching for keywords in a valid payload of the traffic flow based upon a keyword database of identifiable application protocols, and determining a keyword weight vector of the traffic flow. The weight of a keyword is related to a location of the keyword in a valid payload of a traffic flow. Similarities between the keyword weight vector of the traffic flow and feature keyword weight vectors of the identifiable application protocols are determined; and an application protocol corresponding to a feature keyword weight vector with the highest similarity to the keyword weight vector of the traffic flow as the application protocol of the traffic flow is deteremined if a condition is satisfied.
15 Citations
14 Claims
-
1. A method of identifying an application protocol, the method comprising:
-
A. classifying a data packet to be detected into an individual traffic flow; B. searching for keywords in a valid payload of the traffic flow based upon a keyword database of identifiable application protocols, and determining a keyword weight vector of the traffic flow, wherein a weight of a keyword is related to a location of the keyword in a valid payload of a traffic flow; C. determining similarities between the keyword weight vector of the traffic flow and feature keyword weight vectors of the identifiable application protocols; and D. determining an application protocol corresponding to a feature keyword weight vector with the highest similarity to the keyword weight vector of the traffic flow as the application protocol of the traffic flow if a predetermined condition is satisfied. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. An apparatus for identifying an application protocol, the apparatus comprising:
-
a first device, in network equipment controlled by a processor, configured to classify a data packet to be detected into an individual traffic flow; a second device, in the network equipment controlled by the processor, configured to search for keywords in a valid payload of the traffic flow based upon a keyword database of identifiable application protocols, and to determine a keyword weight vector of the traffic flow, wherein a weight of a keyword is related to a location of the keyword in a valid payload of a traffic flow; a third device, in the network equipment controlled by the processor, configured to determine similarities between the keyword weight vector of the traffic flow and feature keyword weight vectors of the identifiable application protocols; and a fourth device, in the network equipment controlled by the processor, configured to determine an application protocol corresponding to a feature keyword weight vector with highest similarity to the keyword weight vector of the traffic flow as the application protocol of the traffic flow if a predetermined condition is satisfied. - View Dependent Claims (9, 10, 11, 12, 13, 14)
-
Specification