| 摘要 |
A computer implemented method and system comprising receiving a data packet from a network source, extracting source and destination data from the received data packet, determining a user from the extracted source and destination data from the received data packet. If a label does not exist for the extracted source and destination data from the received data packet, creating a label for the data packet, the label comprising the extracted source data and historic source data for the determined user, calling a chaotic function with the label for the received data packet. If the chaotic function returns false, calling an alternative function for an output with the label for the received data packet. If the chaotic function returns true, capturing the output of the chaotic function, and updating the label with the output of the chaotic function or with the output of the alternative function. |
| 主权项 |
1. A computer implemented method, comprising:
receiving a data packet from a network source and a network device, including network traffic on one or more of: a fixed network, and a mobile network; extracting source and destination data from the received data packet using a network collector executing an algorithm, the extracting of source and destination data from the received data packet comprises extracting an IP source, a source port, an IP destination and a destination port from the received data packet; determining a user from the extracted source and destination data from the received data packet, the determining the user including extracting from a user data field in the data packet user information associated with the user via the network collector; creating a label for the data packet, in response to a determination that the label does not exist for the extracted source and destination data from the received data packet, the label including the extracted source data and historic source data for the determined user, the label includes the source port and a vector comprising last used ports of the determined user; calling a chaotic function using the network collector with the label for the received data packet, the calling of a chaotic function with the label for the received data packet comprises calling a Lorenz attractor function with the label for the received data packet; calling an alternative function for an output with the label for the received data packet, and updating the label with output of the alternative function, in response to the chaotic function being returned false, and, in response to the chaotic function being returned false, the algorithm being run by the network collector analysing the network flow using one or more of: pattern matching using ports, and IP addresses; capturing the output of the chaotic function, in response to the chaotic function being returned true, and updating the label with the output of the chaotic function; and the updating the label with the output of the chaotic function or with the output of the alternative function comprises extending the vector with the source port and the output of the chaotic function or the output of the alternative function. |
