| 摘要 |
The invention relates to a method and apparatus for identifying an application protocol. In an embodiment, the method of identifying an application protocol comprises the steps of: S11. classifying a data packet to be detected into an individual traffic flow; S12, searching for keywords in a valid payload of the traffic flow based upon a keyword database of identifiable application protocols, and determining a keyword weight vector of the traffic flow, wherein a weight of a keyword is related to a location of the keyword in a valid payload of a traffic flow; S 13. determining similarities between the keyword weight vector of the traffic flow and feature keyword weight vectors of the identifiable application protocols; and S 14. determining an application protocol corresponding to a feature keyword weight vector with the highest similarity to the keyword weight vector of the traffic flow as the application protocol of the traffic flow if a predetermined condition is satisfied. With the method and apparatus of the invention, the accuracy of identifying a protocol can be improved without introducing any significant performance overhead. |
