Summary of the invention
To overcome the problems in correlation technique, the disclosure provides the detection method and device and meter of a kind of Traffic AnomalyCalculation machine readable storage medium storing program for executing.
According to the first aspect of the embodiments of the present disclosure, a kind of detection method of Traffic Anomaly is provided, comprising:
Obtain the time interval sequence of the included message of measurement of discharge to be checked;
Conversion process is carried out to the time interval sequence, obtains low frequency signal to be detected and high-frequency signal to be detected;
Extract the default feature of the low frequency signal to be detected and the default feature of high-frequency signal to be detected;
If the default feature of the low frequency signal to be detected deviates the low frequency formation axis being previously obtained and/or described to be checkedThe default feature for surveying high-frequency signal deviates the high frequency series baseline being previously obtained, it is determined that the Traffic Anomaly to be detected.
In one embodiment, the time interval sequence for obtaining the included message of measurement of discharge to be checked, comprising:
The measurement of discharge to be checked institute is grouped comprising message based on presupposed information, obtains at least one set of to be checked observe and predictText;
Count the time interval of adjacent message in every group of message to be detected;
Based on the time interval of adjacent message in the every group of message to be detected counted on, every group of message to be detected is obtainedThe time interval sequence.
In one embodiment, it is described to the time interval sequence carry out conversion process, obtain low frequency signal to be detected andHigh-frequency signal to be detected, comprising:
Ha Er Haar wavelet transformation is carried out to the time interval sequence of every group of message to be detected, is obtained described everyThe group corresponding low frequency signal to be detected of message to be detected and the high-frequency signal to be detected;
If the default feature of the low frequency signal to be detected deviates the low frequency formation axis being previously obtained and/or describedThe default feature of high-frequency signal to be detected deviates the high frequency series baseline being previously obtained, it is determined that the Traffic Anomaly to be detected,Include:
What if the default feature deviation of the low frequency signal to be detected of any one group of message to be detected was previously obtainedThe low frequency formation axis of corresponding group message and/or the described of the high-frequency signal to be detected of any one group of message to be detected are presetFeature deviates the high frequency series baseline for the corresponding group message being previously obtained, it is determined that the Traffic Anomaly to be detected.
In one embodiment, the default feature includes period and fluctuation range.
In one embodiment, the presupposed information includes source internet protocol IP, source port, destination IP, destination port, reportLiterary type and setting keyword.
In one embodiment, the method also includes:
Acquire history normal discharge of the equipment under default environment;
Obtain the time interval reference sequences of the included message of history normal discharge;
Conversion process is carried out to the time interval reference sequences, obtains low frequency signal and high-frequency signal;
Extract the default feature of the low frequency signal and the default feature of the high-frequency signal;
It, will be described in the high-frequency signal using the default feature of the low frequency signal as the low frequency formation axisFeature is preset as the high frequency series baseline.
According to the second aspect of an embodiment of the present disclosure, a kind of detection device of Traffic Anomaly is provided, described device includes:
Module is obtained, for obtaining the time interval sequence of the included message of measurement of discharge to be checked;
Processing module, for it is described acquisition module obtain the time interval sequence carry out conversion process, obtain toDetect low frequency signal and high-frequency signal to be detected;
Extraction module, for extracting the default feature of the low frequency signal to be detected that the processing module obtains and to be checkedSurvey the default feature of high-frequency signal;
Determining module, if the default feature of the low frequency signal to be detected for extraction module extraction deviates in advanceThe default feature for the high-frequency signal to be detected that obtained low frequency formation axis and/or the extraction module extract deviates preparatoryObtained high frequency series baseline, it is determined that the Traffic Anomaly to be detected.
In one embodiment, the acquisition module includes:
Be grouped submodule, for being grouped to the measurement of discharge to be checked institute comprising message based on presupposed information, obtain toFew one group of message to be detected;
Statistic submodule, for counting the time of adjacent message in every group of message to be detected that the grouping submodule obtainsInterval;
Acquisition submodule, in every group of message to be detected for being counted on based on the statistic submodule adjacent message whenBetween be spaced, obtain the time interval sequence of every group of message to be detected.
In one embodiment, the processing module, is specifically used for:
Ha Er Haar wavelet transformation is carried out to the time interval sequence of every group of message to be detected, is obtained described everyThe group corresponding low frequency signal to be detected of message to be detected and the high-frequency signal to be detected;
The determining module, is specifically used for:
What if the default feature deviation of the low frequency signal to be detected of any one group of message to be detected was previously obtainedThe low frequency formation axis of corresponding group message and/or the described of the high-frequency signal to be detected of any one group of message to be detected are presetFeature deviates the high frequency series baseline for the corresponding group message being previously obtained, it is determined that the Traffic Anomaly to be detected.
In one embodiment, the default feature includes period and fluctuation range.
In one embodiment, the presupposed information includes source internet protocol IP, source port, destination IP, destination port, reportLiterary type and setting keyword.
In one embodiment, described device further include:
Acquisition module, for acquiring history normal discharge of the equipment under default environment;
Retrieval module, for obtain acquisition module acquisition the included message of history normal discharge whenBetween spacing reference sequence;
Conversion process module, the time interval reference sequences for obtaining to the retrieval module convertProcessing, obtains low frequency signal and high-frequency signal;
Characteristic extracting module, for extracting the default feature for the low frequency signal that the conversion process module obtainsThe default feature of the high-frequency signal obtained with the conversion process module;
The default feature of baseline determining module, the low frequency signal for extracting the characteristic extracting module is madeFor the low frequency formation axis, the default feature for the high-frequency signal that the characteristic extracting module is extracted is as described inHigh frequency series baseline.
According to the third aspect of an embodiment of the present disclosure, a kind of computer readable storage medium is provided, the storage medium is depositedComputer program is contained, the computer program is used to execute the detection method of above-mentioned Traffic Anomaly.
According to a fourth aspect of embodiments of the present disclosure, a kind of detection device of Traffic Anomaly is provided, comprising:
Processor;
Memory for storage processor executable instruction;
Wherein, the processor is configured to:
Obtain the time interval sequence of the included message of measurement of discharge to be checked;
Conversion process is carried out to the time interval sequence, obtains low frequency signal to be detected and high-frequency signal to be detected;
Extract the default feature of the low frequency signal to be detected and the default feature of high-frequency signal to be detected;
If the default feature of the low frequency signal to be detected deviates the low frequency formation axis being previously obtained and/or described to be checkedThe default feature for surveying high-frequency signal deviates the high frequency series baseline being previously obtained, it is determined that the Traffic Anomaly to be detected.
The technical scheme provided by this disclosed embodiment can include the following benefits: pass through the time interval to acquisitionSequence carries out conversion process, obtains low frequency signal to be detected and high-frequency signal to be detected, can accurately obtain flow measurement to be checkedLow frequency signal and high-frequency signal in amount, then extract low frequency signal to be detected default feature and high-frequency signal to be detected it is pre-If feature, if the default feature of low frequency signal to be detected deviates the low frequency formation axis being previously obtained and/or high frequency to be detected letterNumber default feature deviate the high frequency series baseline that is previously obtained, it is determined that Traffic Anomaly to be detected, detection method detection are quasi-True rate is high, calculates efficiently and has universality.
It should be understood that above general description and following detailed description be only it is exemplary and explanatory, notThe disclosure can be limited.
Specific embodiment
Example embodiments are described in detail here, and the example is illustrated in the accompanying drawings.Following description is related toWhen attached drawing, unless otherwise indicated, the same numbers in different drawings indicate the same or similar elements.Following exemplary embodimentDescribed in embodiment do not represent all embodiments consistented with the present invention.On the contrary, they be only with it is such as appendedThe example of device and method being described in detail in claims, some aspects of the invention are consistent.
Fig. 1 is a kind of flow chart of the detection method of Traffic Anomaly shown according to an exemplary embodiment, such as Fig. 1 instituteShow, the detection method of the Traffic Anomaly includes:
Step S101 obtains the time interval sequence of the included message of measurement of discharge to be checked.
Wherein, the time interval sequence of the included message of measurement of discharge to be checked can refer to that every group that measurement of discharge to be checked is included is waited forThe time interval sequence of detection messages, time interval sequence can refer to the sequence as composed by the time interval of adjacent message.
As shown in Figure 2 A, the time interval sequence for obtaining the included message of measurement of discharge to be checked may include:
Step S1011 treats detection flows institute based on presupposed information and is grouped comprising message, obtains at least one set of to be checkedObserve and predict text.
Wherein, presupposed information may include source internet protocol (IP), source port, destination IP, destination port, type of messageWith setting keyword.
In this embodiment it is possible to according to source IP, source port, destination IP, destination port, type of message and setting keywordDetection flows are treated to be grouped comprising message.
Step S1012 counts the time interval of adjacent message in every group of message to be detected.
Wherein, adjacent message refers to by nonseptate two messages for receiving timing arrangement.For example, currently organize it is received toDetection messages are followed successively by message 1, message 2, message 3 and message 4, then message 1 and message 2 are adjacent message, message 2 and message 3For adjacent message, message 3 and message 4 are adjacent message.
Step S1013, based on the time interval of adjacent message in the every group of message to be detected counted on, obtain every group it is to be checkedObserve and predict the time interval sequence of text.
In this embodiment it is possible to which the time interval of all adjacent messages in the every group of message to be detected counted on is formedOne sequence, the sequence are exactly the time interval sequence of every group of message to be detected.For the time to different groups of messages to be detectedIntervening sequence distinguishes, and difference organizes the time interval sequence of message to be detected in addition between the time including all adjacent messagesEvery can also include the mark of all messages in corresponding group message to be detected.
Continue upper example to be described, it is assumed that the time of reception of message 1 is t1, and the time of reception of message 2 is t2, message 3The time of reception is t3, and the time of reception of message 4 is t4, then the time interval of message 1 and message 2 is t2-t1, message 2 and message 3Time interval be t3-t2, the time interval of message 3 and message 4 is t4-t3, it is assumed that message 1 is identified as M1, the mark of message 2Knowing is M2, and message 3 is identified as M3, and message 4 is identified as M4, then the time interval sequence of group message to be detected be (M1,M2, M3, M4:t2-t1, t3-t2, t4-t3).
The embodiment is grouped comprising message by treating detection flows based on presupposed information, obtains at least one setMessage to be detected counts the time interval of adjacent message in every group of message to be detected, based on the every group of message to be detected counted onThe time interval of middle adjacent message obtains the time interval sequence of every group of message to be detected, to be subsequent accurately detection streamWhether amount is abnormal to provide condition.
Step S102 carries out conversion process to the time interval sequence of acquisition, obtains low frequency signal to be detected and to be detectedHigh-frequency signal.
Different from Internet, the network flow of industrial control system is mostly the types of service such as poll, diagnosis, periodic refresh,Its working mechanism makes discharge characteristic show stronger periodicity.When industrial control system by network intrusions operation irregularity,Slight change would generally occur for the time series of flow, be carried out using Ha Er (Haar) small echo to network flow discrete-time seriesFiltering transformation can show this slight change, and therefore, it is small which can carry out Haar to time intervening sequenceWave conversion processing, it is whether abnormal with detection flows.
Specifically, can the time interval sequence to every group of message to be detected carry out Haar wavelet transformation, obtain every group and wait forThe corresponding low frequency signal to be detected of detection messages and high-frequency signal to be detected.
Step S103 extracts the default feature of low frequency signal to be detected and the default feature of high-frequency signal to be detected.
Wherein, default feature may include period and fluctuation range.
Step S104, if the default feature of low frequency signal to be detected deviate the low frequency formation axis that is previously obtained and/or toThe default feature of detection high-frequency signal deviates the high frequency series baseline being previously obtained, it is determined that Traffic Anomaly to be detected.
In this embodiment, if the default feature of the low frequency signal to be detected of any one group of message to be detected deviates preparatory obtainThe default feature of the high-frequency signal to be detected of the low frequency formation axis or any one group of message to be detected of the corresponding group message arrived is inclinedHigh frequency series baseline from the corresponding group message being previously obtained, then can determine Traffic Anomaly to be detected.
Optionally, if the default feature of the low frequency signal to be detected of any one group of message to be detected deviates pair being previously obtainedThe default feature that the low frequency formation axis of message and the high-frequency signal to be detected of any one group of message to be detected should be organized deviates in advanceThe high frequency series baseline of obtained corresponding group message, then can determine Traffic Anomaly to be detected.
Wherein, the default feature of low frequency signal deviates low frequency formation axis and may include but be not limited to following any oneOr several:
11) period of low frequency signal is different from the period of low frequency formation axis.
12) fluctuation range of low frequency signal is different from the fluctuation range of low frequency formation axis.
Wherein, the default feature of high-frequency signal deviates high frequency series baseline and may include but be not limited to following any oneOr several:
21) period of high-frequency signal is different from the period of high frequency series baseline.
22) fluctuation range of high-frequency signal is different from the fluctuation range of high frequency series baseline.
For example, Fig. 2 B shows the schematic diagram for the high frequency series baseline being previously obtained, Fig. 2 C show be previously obtained it is lowThe schematic diagram of frequency sequence baseline, Fig. 2 D show the schematic diagram of high-frequency signal to be detected, and Fig. 2 E shows low frequency signal to be detectedSchematic diagram, can be seen that the period of high-frequency signal to be detected and amplitude deviate the high frequency series base being previously obtained from Fig. 2 DLine can then determine Traffic Anomaly to be detected.
The embodiment becomes the time interval sequence of acquisition based on the periodic characteristics of industrial control system network flowProcessing is changed, so as to the exception being recognized accurately in industrial control system flow, and this method is suitable for all industrial control systems, fitsIt is strong with property.
Above-described embodiment, by carrying out conversion process to the time interval sequence of acquisition, obtain low frequency signal to be detected andHigh-frequency signal to be detected can accurately obtain low frequency signal and high-frequency signal in measurement of discharge to be checked, then extract to be checkedThe default feature of low frequency signal and the default feature of high-frequency signal to be detected are surveyed, if the default feature of low frequency signal to be detected deviatesThe default feature of the low frequency formation axis and/or high-frequency signal to be detected that are previously obtained deviates the high frequency series base being previously obtainedLine, it is determined that Traffic Anomaly to be detected, the detection method Detection accuracy is high, calculates efficiently and has universality.
Optionally, in order to which whether detection flows are abnormal, need to be previously obtained low frequency formation axis and high frequency series baseline.
As shown in figure 3, the process for generating low frequency formation axis and high frequency series baseline may include:
Step S301, history normal discharge of the acquisition equipment under default environment.
Wherein, the real traffic environment for having network attack can not only have been referred to by presetting environment, but also can refer to the people of no network attackWork constructs traffic environment.Step S302 obtains the time interval reference sequences of the included message of history normal discharge.
Wherein, it obtains the process of the time interval reference sequences of the included message of history normal discharge and obtains flow measurement to be checkedThe process for measuring the time interval sequence of included message is the same.
Specifically, the time interval reference sequences of the included message of history normal discharge are obtained, comprising:
The message for including to history normal discharge based on presupposed information is grouped, and obtains at least one set of message, and statistics is everyThe time interval of adjacent message obtains every group based on the time interval of adjacent message in the every group of message counted in group messageThe time interval reference sequences of message.
The presupposed information used herein is identical as the presupposed information in step S1011.
Step S303 carries out conversion process to time spacing reference sequence, obtains low frequency signal and high-frequency signal.
In this embodiment it is possible to which the time interval reference sequences to every group of message carry out Haar wavelet transformation, obtain everyThe corresponding low frequency signal of group message and high-frequency signal.
Step S304 extracts the default feature of low frequency signal and the default feature of high-frequency signal.
Wherein, it is identical as the default feature in step S103 to preset feature, for example, period and fluctuation range.
Step S305 makees the default feature of high-frequency signal using the default feature of low frequency signal as low frequency formation axisFor high frequency series baseline.
The generating process of above-mentioned low frequency formation axis and high frequency series baseline does not need to determine that parameter, accuracy rate are high.
Above-described embodiment obtains history normal discharge institute by history normal discharge of the acquisition equipment under default environmentTime interval reference sequences comprising message carry out conversion process to time spacing reference sequence, obtain low frequency signal and high frequencySignal extracts the default feature of low frequency signal and the default feature of high-frequency signal, and using the default feature of low frequency signal as lowFrequency sequence baseline, using the default feature of high-frequency signal as high frequency series baseline, to whether be mentioned extremely for subsequent detection flowFoundation is supplied.
Corresponding with the detection method embodiment of aforementioned flow exception, the disclosure additionally provides the detection device of Traffic AnomalyEmbodiment.
Fig. 4 is a kind of block diagram of the detection device of Traffic Anomaly shown according to an exemplary embodiment, as shown in figure 4,The detection device of Traffic Anomaly includes:
Obtain the time interval sequence that module 41 is used to obtain the included message of measurement of discharge to be checked.
Wherein, the time interval sequence of the included message of measurement of discharge to be checked can refer to that every group that measurement of discharge to be checked is included is waited forThe time interval sequence of detection messages, time interval sequence can refer to the sequence as composed by the time interval of adjacent message.
Processing module 42 is used to carry out conversion process to the time interval sequence for obtaining the acquisition of module 41, obtains to be detected lowFrequency signal and high-frequency signal to be detected.
Different from Internet, the network flow of industrial control system is mostly the types of service such as poll, diagnosis, periodic refresh,Its working mechanism makes discharge characteristic show stronger periodicity.When industrial control system by network intrusions operation irregularity,Slight change would generally occur for the time series of flow, be carried out using Ha Er (Haar) small echo to network flow discrete-time seriesFiltering transformation can show this slight change, and therefore, it is small which can carry out Haar to time intervening sequenceWave conversion processing.
Specifically, can the time interval sequence to every group of message to be detected carry out Haar wavelet transformation, obtain every group and wait forThe corresponding low frequency signal to be detected of detection messages and high-frequency signal to be detected.
The default feature for the low frequency signal to be detected that extraction module 43 is obtained for extraction process module 42 and height to be detectedThe default feature of frequency signal.
Wherein, default feature may include period and fluctuation range.
If the default feature deviation for the low frequency signal to be detected that determining module 44 is extracted for extraction module 43 is previously obtainedLow frequency formation axis and/or the default feature of high-frequency signal to be detected extracted of extraction module 43 deviate the high frequency that is previously obtainedFormation axis, it is determined that Traffic Anomaly to be detected.
In this embodiment, if the default feature of the low frequency signal to be detected of any one group of message to be detected deviates preparatory obtainThe default feature of the high-frequency signal to be detected of the low frequency formation axis or any one group of message to be detected of the corresponding group message arrived is inclinedHigh frequency series baseline from the corresponding group message being previously obtained, it is determined that Traffic Anomaly to be detected.
Optionally, if the default feature of the low frequency signal to be detected of any one group of message to be detected deviates pair being previously obtainedThe default feature that the low frequency formation axis of message and the high-frequency signal to be detected of any one group of message to be detected should be organized deviates in advanceThe high frequency series baseline of obtained corresponding group message, then can determine Traffic Anomaly to be detected.
Wherein, the default feature of low frequency signal deviates low frequency formation axis and may include but be not limited to following any oneOr several:
11) period of low frequency signal is different from the period of low frequency formation axis.
12) fluctuation range of low frequency signal is different from the fluctuation range of low frequency formation axis.
Wherein, the default feature of high-frequency signal deviates high frequency series baseline and may include but be not limited to following any oneOr several:
21) period of high-frequency signal is different from the period of high frequency series baseline.
22) fluctuation range of high-frequency signal is different from the fluctuation range of high frequency series baseline.
For device as shown in Figure 4 for realizing above-mentioned method flow as shown in Figure 1, the related content being related to describes phaseTogether, it does not repeat herein.
Above-described embodiment, by carrying out conversion process to the time interval sequence of acquisition, obtain low frequency signal to be detected andHigh-frequency signal to be detected can accurately obtain low frequency signal and high-frequency signal in measurement of discharge to be checked, then extract to be checkedThe default feature of low frequency signal and the default feature of high-frequency signal to be detected are surveyed, if the default feature of low frequency signal to be detected deviatesThe default feature of the low frequency formation axis and/or high-frequency signal to be detected that are previously obtained deviates the high frequency series base being previously obtainedLine, it is determined that Traffic Anomaly to be detected, the detection method Detection accuracy is high, calculates efficiently and has universality.
Fig. 5 is the block diagram of the detection device of another Traffic Anomaly shown according to an exemplary embodiment, such as Fig. 5 instituteShow, on the basis of above-mentioned embodiment illustrated in fig. 4, obtaining module 41 may include:
Grouping submodule 411 is used to treat detection flows based on presupposed information and be grouped comprising message, obtains at leastOne group of message to be detected.
Wherein, presupposed information may include source internet protocol (IP), source port, destination IP, destination port, type of messageWith setting keyword.
In this embodiment it is possible to according to source IP, source port, destination IP, destination port, type of message and setting keywordDetection flows are treated to be grouped comprising message.
In every group of message to be detected that statistic submodule 412 is obtained for statistical packet submodule 411 adjacent message whenBetween be spaced.
Adjacent message in every group of message to be detected that acquisition submodule 413 is used to count on based on statistic submodule 412Time interval obtains the time interval sequence of every group of message to be detected.
For realizing above-mentioned method flow as shown in Figure 2 A, the related content being related to is described device as shown in Figure 5It is identical, it does not repeat herein.
Above-described embodiment is grouped comprising message by treating detection flows based on presupposed information, obtains at least oneGroup message to be detected, counts the time interval of adjacent message in every group of message to be detected, observes and predicts based on every group counted on is to be checkedThe time interval of adjacent message in text obtains the time interval sequence of every group of message to be detected, to accurately detect to be subsequentWhether flow provides condition extremely.
Fig. 6 is the block diagram of the detection device of another Traffic Anomaly shown according to an exemplary embodiment, such as Fig. 6 instituteShow, on the basis of above-mentioned Fig. 4 or embodiment illustrated in fig. 5, which can also include:
Acquisition module 45 is used to acquire history normal discharge of the equipment under default environment.
Retrieval module 46 was used to obtain between the time of the included message of history normal discharge of the acquisition of acquisition module 45Every reference sequences.
Wherein, it obtains the process of the time interval reference sequences of the included message of history normal discharge and obtains flow measurement to be checkedThe process for measuring the time interval sequence of included message is the same.
Specifically, the time interval reference sequences of the included message of history normal discharge are obtained, comprising:
The message for including to history normal discharge based on presupposed information is grouped, and obtains at least one set of message, and statistics is everyThe time interval of adjacent message obtains every group based on the time interval of adjacent message in the every group of message counted in group messageThe time interval reference sequences of message.
The time interval reference sequences that conversion process module 47 is used to obtain retrieval module 46 carry out conversion process,Obtain low frequency signal and high-frequency signal.
In this embodiment it is possible to which the time interval reference sequences to every group of message carry out Haar wavelet transformation, obtain everyThe corresponding low frequency signal of group message and high-frequency signal.
Characteristic extracting module 48 is used to extract at the default feature and transformation of the low frequency signal that conversion process module 47 obtainsThe default feature for the high-frequency signal that reason module obtains.
The default feature for the low frequency signal that baseline determining module 49 is used to extract characteristic extracting module 48 is as low frequency sequenceColumn baseline, the default feature for the high-frequency signal that characteristic extracting module is extracted is as high frequency series baseline.
For device as shown in FIG. 6 for realizing above-mentioned method flow as shown in Figure 3, the related content being related to describes phaseTogether, it does not repeat herein.
Above-described embodiment obtains history normal discharge institute by history normal discharge of the acquisition equipment under default environmentTime interval reference sequences comprising message carry out conversion process to time spacing reference sequence, obtain low frequency signal and high frequencySignal extracts the default feature of low frequency signal and the default feature of high-frequency signal, and using the default feature of low frequency signal as lowFrequency sequence baseline, using the default feature of high-frequency signal as high frequency series baseline, to whether be mentioned extremely for subsequent detection flowFoundation is supplied.
About the device in above-described embodiment, the concrete mode that wherein modules, submodule execute operation is havingIt closes and is described in detail in the embodiment of this method, no detailed explanation will be given here.
Fig. 7 is a kind of block diagram of detection device suitable for Traffic Anomaly shown according to an exemplary embodiment.For example,Device 700 can be mobile phone, computer, digital broadcasting terminal, messaging device, game console, tablet device, doctorTreat equipment, body-building equipment, personal digital assistant, aircraft etc..
Referring to Fig. 7, device 700 may include following one or more components: processing component 702, memory 704, power supplyComponent 706, multimedia component 708, audio component 710, the interface 712 of input/output (I/O), sensor module 714, andCommunication component 716.
The integrated operation of the usual control device 700 of processing component 702, such as with display, telephone call, data communication, phaseMachine operation and record operate associated operation.Processing element 702 may include that one or more processors 720 refer to executeIt enables, to perform all or part of the steps of the methods described above.In addition, processing component 702 may include one or more modules, justInteraction between processing component 702 and other assemblies.For example, processing component 702 may include multi-media module, it is more to facilitateInteraction between media component 708 and processing component 702.
Memory 704 is configured as storing various types of data to support the operation in equipment 700.These data are shownExample includes the instruction of any application or method for operating on device 700, contact data, and telephone book data disappearsBreath, picture, video etc..Memory 704 can be by any kind of volatibility or non-volatile memory device or their groupIt closes and realizes, such as static random access memory (SRAM), electrically erasable programmable read-only memory (EEPROM) is erasable to compileJourney read-only memory (EPROM), programmable read only memory (PROM), read-only memory (ROM), magnetic memory, flashDevice, disk or CD.
Power supply module 706 provides electric power for the various assemblies of device 700.Power supply module 706 may include power management systemSystem, one or more power supplys and other with for device 700 generate, manage, and distribute the associated component of electric power.
Multimedia component 708 includes the screen of one output interface of offer between device 700 and user.In some realitiesIt applies in example, screen may include liquid crystal display (LCD) and touch panel (TP).If screen includes touch panel, screen canTo be implemented as touch screen, to receive input signal from the user.Touch panel include one or more touch sensors withSense the gesture on touch, slide, and touch panel.Touch sensor can not only sense the boundary of a touch or slide action, andAnd also detect duration and pressure relevant to touch or slide.In some embodiments, multimedia component 708 includesOne front camera and/or rear camera.It is such as in a shooting mode or a video mode, preceding when equipment 700 is in operation modeIt sets camera and/or rear camera can receive external multi-medium data.Each front camera and rear camera canBe a fixed optical lens system or have focusing and optical zoom capabilities.
Audio component 710 is configured as output and/or input audio signal.For example, audio component 710 includes a MikeWind (MIC), when device 700 is in operation mode, when such as call mode, recording mode, and voice recognition mode, microphone is matchedIt is set to reception external audio signal.The received audio signal can be further stored in memory 704 or via communication setPart 716 is sent.In some embodiments, audio component 710 further includes a loudspeaker, is used for output audio signal.
I/O interface 712 provides interface between processing component 702 and peripheral interface module, and above-mentioned peripheral interface module canTo be keyboard, click wheel, button etc..These buttons may include, but are not limited to: home button, volume button, start button and lockDetermine button.
Sensor module 714 includes one or more sensors, and the state for providing various aspects for device 700 is commentedEstimate.For example, sensor module 714 can detecte the state that opens/closes of equipment 700, and the relative positioning of component, for example, it is describedComponent is the display and keypad of device 700, and sensor module 714 can be with 700 1 components of detection device 700 or devicePosition change, the existence or non-existence that user contacts with device 700,700 orientation of device or acceleration/deceleration and device 700Temperature change.Sensor module 714 may include proximity sensor, be configured to detect without any physical contactPresence of nearby objects.Sensor module 714 can also include optical sensor, such as CMOS or ccd image sensor, atAs being used in application.In some embodiments, which can also include acceleration transducer, gyro sensorsDevice, Magnetic Sensor, pressure sensor or temperature sensor.
Communication component 716 is configured to facilitate the communication of wired or wireless way between device 700 and other equipment.Device700 can access the wireless network based on communication standard, such as WiFi, 2G or 3G or their combination.In an exemplary implementationIn example, communication component 716 receives broadcast singal or broadcast related information from external broadcasting management system via broadcast channel.In one exemplary embodiment, the communication component 716 further includes near-field communication (NFC) module, to promote short range communication.ExampleSuch as, NFC module can be based on radio frequency identification (RFID) technology, Infrared Data Association (IrDA) technology, ultra wide band (UWB) technology,Bluetooth (BT) technology and other technologies are realized.
In the exemplary embodiment, device 700 can be believed by one or more application specific integrated circuit (ASIC), numberNumber processor (DSP), digital signal processing appts (DSPD), programmable logic device (PLD), field programmable gate array(FPGA), controller, microcontroller, microprocessor or other electronic components are realized, for executing the above method.
In the exemplary embodiment, a kind of non-transitorycomputer readable storage medium including instruction, example are additionally providedIt such as include the memory 704 of instruction, above-metioned instruction can be executed by the processor 720 of device 700 to complete the above method.For example,The non-transitorycomputer readable storage medium can be ROM, random access memory (RAM), CD-ROM, tape, floppy diskWith optical data storage devices etc..
Those skilled in the art will readily occur to its of the disclosure after considering specification and practicing disclosure disclosed hereinIts embodiment.This application is intended to cover any variations, uses, or adaptations of the disclosure, these modifications, purposes orPerson's adaptive change follows the general principles of this disclosure and including the undocumented common knowledge in the art of the disclosureOr conventional techniques.The description and examples are only to be considered as illustrative, and the true scope and spirit of the disclosure are by followingClaim is pointed out.
It should be understood that the present disclosure is not limited to the precise structures that have been described above and shown in the drawings, andAnd various modifications and changes may be made without departing from the scope thereof.The scope of the present disclosure is only limited by the accompanying claims.