This is a continuation-in-part of PCT international application No. PCT/CN2009/074858, filed Nov. 9, 2009.
The present invention relates to the technical field of network management and network safety, and specifically relates to an analysis system for unknown application layer protocols.
On the Internet, apart from various applications based on common and standard application layer protocols, there are also many other kinds of non-standard protocol applications and new types of network attacks. It is a very difficult task for network managers to separate, analyze, identify and thereby to control unknown applications or attacks from massive collected data. Existing protocol analysis tools and also flow management apparatus based on application identification are only applicable to known and standard protocols but not applicable to unknown and new types of protocols, nor can they discover and analyze new types of attacks. The present invention has the following distinctive advantage: It remedies defects of network management and network safety in the technical field of network management and network safety by providing a kind of technology for automatic discovery, automatic clustering, automatic analysis and automatic identification of unknown application layer protocols.