opsawg WJL. Wang, Ed.
Internet-Draft MCC. Miao, Ed.
Intended status: Informational ZSY. Zhuang, Ed.
Expires: April 16, 2020 ZQL. Zhang, Ed.
Tsinghua University
CJF. Chen, Ed.
CETC
October 14, 2019

Framework for Network Resources Categorization
draft-jilongwang-opsawg-crc-02

Abstract

This memo presents the definition of cyberspace resource, and then discusses a classification framework for cyberspace resources. Cyberspace is widely applied in people's daily life and it is regarded as a new space, paralleled to the geographic space. There are various resources in cyberspace. However, they have not been systematically defined and classified. The objective of this draft is to present the deifinition of cyberspace resource and a standard classification framework, thus, supporting the unified resource storage and shares.

Status of This Memo

This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79.

Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet-Drafts is at https://datatracker.ietf.org/drafts/current/.

Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress."

This Internet-Draft will expire on April 16, 2020.

Copyright Notice

Copyright (c) 2019 IETF Trust and the persons identified as the document authors. All rights reserved.

This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (https://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Simplified BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Simplified BSD License.


Table of Contents

1. Introduction

Cyberspace, created by communication technologies especially the Internet, is a virtual space where people can easily communicate with others regardless of geographic distance. Due to its convenience, cyberspace has been widely applied in people' daily life and it is regarded as a new space, paralleled to the geographic space. The widely adoption of cyberspace has promote the rapid growth of cyberspace resources.

Since the resources in cyberspace have exsited objectively, such as traditional network facilities, access devices, network applications and network datas, it is even not defined up to now. Furthermore, there are not any systematical classification frameworks for cyberspace resources. Most of them are given corresponding names depending on their purpose or vendor, but they seem to be in a "divine" state. Therefore, the resources in cyberspace are not able to stored and shared unifiedly.

In order to provide a unified description of cyberspace resources, this draft firstly gives the definition of resources in cyberspace. Then it designs a standard classification framework to classify the resource in cyberspace. This standard framework helps to establish a unified cyberspace resources database, which can be used as the basis for network information storage and sharing in both academia and industry field.

1.1. Requirements Language

The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in RFC 2119.

2. Terminology

Methods of linear classification: The classification objects are divided into several levels according to specific forms and attributes, and each level is divided into several categories. The same level category constitutes a parallel relationship, and different level categories form a affiliation relationship.

category in higher level: In the methods of linear classification , a category is called category in higher level relative to the next-level category directly divided by it.

category in lower level: In the methods of linear classification, a category is called category in lower level relative to the upper-level category that classifies the category.

category in same level: In the methods of linear classification, a number of lower-level categories directly classified by a category are called category in same level.

3. Use cases

The following sections highlight some of the most common framework for network resources categorization use case scenarios and are in no way exhaustive.

3.1. Network Management

Network management is the process of administering and managing computer networks. Services provided by this discipline include fault analysis, performance management, provisioning of networks and maintaining the quality of service. Now The variety of resources lead to confusion in network. Network resources as the object of network management need to be paid more attention. But for network managers, there is a lack of uniform identification, location and management of resources.

The framework for network resources categorization offers a way for network managers to divide the managed resources. It provides unique identities for each resource, that is, all resources can find the appropriate location in the resources framework tree. Then the corresponding code, name and attributes are added into the database to facilitate unified management. At the same time, for resources with abnormal properties ,it can be located and fixed vulnerabilities in time.

3.2. Network Search

Now many platforms(Shodan, Censys etc.) detect network from the network layer to the application layer based on multiple detection technologies. The main goal is to identify network resources, including websites, network hardware, etc and provide network identifiable resources search and classification, establish corresponding database to support user full-text search, regular expression, boolean logic and digital range search. But the lack of a unified standardized model will lead to inaccurate and incomplete retrieval of resources.

This framework classifies the resources of the whole network. It can be used to fill the resources search database, and cover the resources that have not been covered before. At the same time, standardize the storage of network resources and improve the search efficiency.

3.3. Network Security

Network viruses and worms themselves are also a kind of network resources. With the deepening of network opening and complexity, network viruses and worms are evolving constantly, and the characteristics of diversity and spatial discretization are increasing, resulting in a great hidden danger of network security.

The framework for network resources categorization can locate the network resources more accurately and distinguish the benign or malignant network resources, study the process of virus evolution and the possible effects according to the attached attributes , and provide a clearer way to safeguard the operation of network space security, such as anti virus, antivirus and so on.

4. Methodology for Network Resources Categorization

4.1. Basic Principles

The network resources categorization rules SHOULD follow the following principles to meet the completeness, measurability, scalability and relative orthogonality of resources categorization.

4.1.1. Scientific principle

Categorization rules SHOULD be consistent with the basic. organizational rules of network resources.

The resources categorization perspective SHOULD meet the traditional internet resources integration requirements, and meet the mapping entity integration requirements of the multi-sources mapping platform.

The resources categorization system SHOULD start from the traditional network resources system and cover resource elements and have certain compatibility.

4.1.2. Systematic principle

The network resources categorization architecture can sort and systemize all network resources according to their characteristics, correctly reflect the vertical and horizontal architecture, and form a reasonable categorization system.

Each resource in the system occupies a position. And it SHALL reflect the certain relationship between resources, and profoundly reveal the network relationship and the whole picture between resources.

4.1.3. Orthogonality principle

Each taxonomic unit of each categorization level in the resources categorization system SHOULD be mutually incompatible, so that any network resource cannot belong to two groups at the same time. That is, the unique encoding allows the network resources to be uniquely identified and described.

4.1.4. Consistency principle

Categorization design SHOULD be consistent with other national standards in related fields, and at the same time meets the original information concept and semantic consistency when resources coding and code expansion, addition and deletion.

4.1.5. Scalable principle

It SHALL meet the needs of the development and change of network resources to a great extent. It can increase the categorization of different levels and can also be extended for expansion of unknown resources.

4.2. Requirements on categorization

This section describes the requirements for categorization of network resources . The network resources categorization SHOULD meet these requirements to make sure it is orthogonal and accurate. Note that the requirements listed in this section have been separated from the context in which they may appear.

The following template is used for the definition of the Requirements:

Req-ID: An ID composed of a unique two-digit number.

Description: The rationale and description of the requirement.

The detail requirements on categorization are listed as following:

Req-ID: 01

Description: The total range of categories in lower level classified by categories in higher level SHOULD be the same as the range of categories in higher level.

Req-ID: 02

Description: When dividing category in higher level, SHOULD choose the same classification perspective to get the categories in lower level.

Req-ID: 03

Description: The categories in same level SHALL do not intersect, do not repeat, and only correspond to a category in higher level.

Req-ID: 04

Description: Categorization SHOULD be carried out from high to low, and there MUST be no jump.

5. Framework for Network Resources Categorization

This framework for network resources categorization uses methods of linear classification to classify them into five categories: category, sub-category, large, medium and small-category based on the above principles and requirements. It specifies the classification names of the categories, Class-I, Class-II, Class-III, Class-IV, Class-V, and the small-categories are subdivided and named according to the application requirements.

5.1. Class-I

Firstly, The categories of network resources are divided into four categories: the network infrastructure, the network application service, the network data resource and the network virtual body based on the sources, applications and activities of network resources. Then the 4 categories are further subdivided into 12 sub-categories.

The following template is used for the definition of the categorization of network resources:

Class-I: The name of network resources category in highest level

EnCode-q: An ID organized in OID format to identify network resources. It can be added to 1.3.6.1.2 mgmt RFC3232.

Upper-Class: The name of its category in higher level.

Attribute:The characteristics of this network resource category from different levels of internet.

Class-I: Network Infrastructure

EnCode-q:1

Upper-Class: None

Attribute:MAC Address\IP Address\DNS Address\ DHCP Address\Gateway address\ Operating System\

Class-I: Network application service

EnCode-q:2

Upper-Class: None

Attribute:MAC Address\IP Address\Port\Service\ Protocol\Performance\

Class-I: Network data source

EnCode-q:3

Upper-Class: None

Attribute:IP Address\Port\Service\ Protocol\ Data Format\ Data size\Data Permission\

Class-I: Network virtual subject

EnCode-q:4

Upper-Class: None

Attribute:IP Address\Port\Service\ Protocol\Account Name\ Landing Time\

5.2. Class-II

The following template is used for the definition of the categorization of network resources category in second category level:

Class-II: The name of network resources category in second level

EnCode-q: An ID organized in OID format to identify network resources. It can be added to 1.3.6.1.2 mgmt RFC3232.

Upper-Class: The name of its category in higher level.

Attribute: The characteristics of this network resource category from different levels of internet.

5.2.1. Network Infrastructure

The Network infrastructure is the physical part of the network resources which provides basic support, including various hardware devices. It is the material basis of all network services and is divided into the following 5 sub-category based on the internet architecture and its network functions, device roles and network levels .

Class-II: Autonomous domain

EnCode-q:1.1

Upper-Class: Network Infrastructure (EnCode-q:1)

Attribution: MAC Address\IP Address\DNS Address\ DHCP Address\Gateway address\ Operating System\ASN\ISP\Institutions\Organizations\Operators\

Class-II: Network

EnCode-q:1.2

Upper-Class: Network Infrastructure (EnCode-q:1)

Attribution: MAC Address\IP Address\DNS Address\ DHCP Address\Gateway address\ Operating System\Network

Class-II: Intermediate node

EnCode-q:1.3

Upper-Class: Network Infrastructure (EnCode-q:1)

Attribution: MAC Address\IP Address\DNS Address\ DHCP Address\Gateway address\ Operating System\Model Number Code

Class-II: Terminal node

EnCode-q:1.4

Upper-Class: Network Infrastructure (EnCode-q:1)

Attribution: MAC Address\IP Address\DNS Address\ DHCP Address\Gateway address\ Operating System\ Model Number Code\

Class-II: Link

EnCode-q:1.5

Upper-Class: Network Infrastructure (EnCode-q:1)

Attribution: MAC Address\IP Address\DNS Address\ DHCP Address\Gateway address\ Operating System\ Transmission medium\Protocol\

5.2.2. Network application service

Network application service is an application running on top of the network application layer and provide data storage, manipulation, rendering, communication, or other capabilities. These capabilities typically use an application layer network protocol. It is classified into inorganic services and organic services based on the internet architecture and the unity of a network application service.

Class-II: Inorganic service

EnCode-q:2.1

Upper-Class: Network application service (EnCode-q:2)

Attribution: MAC Address\IP Address\Port\Service\ Protocol\Performance\

Class-II: Organic service

EnCode-q:2.2

Upper-Class: Network application service (EnCode-q:2)

Attribution: MAC Address\IP Address\Port\Service\ Protocol\Performance\

5.2.3. Network data source

Network data is defined as a resource that is stored on the Internet and is not running. We divide it into five categories based on resource content.

Class-II: Code

EnCode-q:3.1

Upper-Class: Network data source(EnCode-q:3)

Attribution: IP Address\Port\Service\ Protocol\ Data Format\ Data size\Data Permission\ Programming Language\

Class-II: Text resource

EnCode-q:3.2

Upper-Class: Network data source(EnCode-q:3)

Attribution: IP Address\Port\Service\ Protocol\ Data Format\ Data size\Data Permission\

Class-II: Picture resource

EnCode-q:3.3

Upper-Class: Network data source(EnCode-q:3)

Attribution: IP Address\Port\Service\ Protocol\ Data Format\ Data size\Data Permission\

Class-II: Audio resource

EnCode-q:3.4

Upper-Class: Network data source(EnCode-q:3)

Attribution: IP Address\Port\Service\ Protocol\ Data Format\ Data size\Data Permission\

Class-II: Video resource

EnCode-q:3.5

Upper-Class: Network data source(EnCode-q:3)

Attribution: IP Address\Port\Service\ Protocol\ Data Format\ Data size\Data Permission\

5.2.4. Network virtual subject

The virtual subject of network refers to the account behavior of the network virtual feature stored on the Internet. The carrier of the user in network is a virtual account, So The network virtual subject is divided into the following sub- category.

Class-II: Network account

EnCode-q:4.1

Upper-Class: Network virtual subject (EnCode-q:4)

Attribution: IP Address\Port\Service\ Protocol\Account Name\ Landing Time\

5.3. Class-III and Class-IV

Note that Network infrastructure, the categorization of the large-categories are organized from the hierarchical location of the network infrastructure in the network architecture and the role played by it.

Note that Network application service, first organize the categorization of large-category from the perspective of whether the application is based on ports, and then classify these categories according to the types of services provided by the application.

Note that Network data source, firstly the categorization of large-categories are organized from whether the data resources need to be compiled, the storage mode , structure of the data resources and the functions of the data resources are completed. And then classify these categories according to the application scenarios of the data and the data are performed.

On the basis of category and sub-category, the resources are further classified and named according to methods of linear classification. On the basis of 4 Class-I and 13 Class-II, there are 22 categories, of which there are 10 network infrastructure categories,5 network application services categories and 7 network data resources categories.

5.3.1. Autonomous domain

We continue "Autonomous domain" sub-category categorization.

Class-III: Autonomous domain.

EnCode-q:1.1.1

Upper-Class: Autonomous domain (EnCode-q:1.1)

Attribution: MAC Address\IP Address\DNS Address\ DHCP Address\Gateway address\ Operating System\ASN\ISP\Institutions\Organizations\Operators\

According to the division of the number of digits of the autonomous system number ASN which is owned by each autonomous region. This large-category is divided into 16 autonomous regions and 32 autonomous regions, with a total of 2 categories.

Class-IV:Autonomous domain(16 bits)

EnCode-q:1.1.1.1

Upper-Class: Autonomous domain (EnCode-q:1.1.1)

Attribution: MAC Address\IP Address\DNS Address\ DHCP Address\Gateway address\ Operating System\ASN\ISP\Institutions\Organizations\Operators\

Class-IV:Autonomous domain(32 bits)

EnCode-q:1.1.1.2

Upper-Class: Autonomous domain (EnCode-q:1.1.1)

Attribution: MAC Address\IP Address\DNS Address\ DHCP Address\Gateway address\ Operating System\ASN\ISP\Institutions\Organizations\Operators\

5.3.2. Network

The subcategories of "network" are organized in accordance with the characteristics of whether the application layer is only oriented to the application layer or the main application layer.

Class-III: physical network

EnCode-q:1.2.1

Upper-Class: Network (EnCode-q:1.2)

Attribution: MAC Address\IP Address\DNS Address\ DHCP Address\Gateway address\ Operating System\Network\

Class-III: overlay network

EnCode-q:1.2.2

Upper-Class: Network (EnCode-q:1.2)

Attribution: MAC Address\IP Address\DNS Address\ DHCP Address\Gateway address\ Operating System\Network\

The physical network is divided into categories: the backbone network, the access network, the Internet of things, the industrial network and the other network according to the hierarchical position of the network ,the deployed area, and the production and life tasks undertaken in the entire network architecture.

Class-IV: backbone network

EnCode-q:1.2.1.1

Upper-Class: physical network (EnCode-q:1.2.1)

Attribution: MAC Address\IP Address\DNS Address\ DHCP Address\Gateway address\ Operating System\Network\ Organization\

Class-IV: access network

EnCode-q:1.2.1.2

Upper-Class: physical network (EnCode-q:1.2.1)

Attribution: MAC Address\IP Address\DNS Address\ DHCP Address\Gateway address\ Operating System\Network\ Organization\

Class-IV: Internet of things

EnCode-q:1.2.1.3

Upper-Class: physical network (EnCode-q:1.2.1)

Attribution: MAC Address\IP Address\DNS Address\ DHCP Address\Gateway address\ Operating System\Network\

Class-IV: industrial network

EnCode-q:1.2.1.4

Upper-Class: physical network (EnCode-q:1.2.1)

Attribution: MAC Address\IP Address\DNS Address\ DHCP Address\Gateway address\ Operating System\Network\Protocol\

Class-IV: other network

EnCode-q:1.2.1.5

Upper-Class: physical network (EnCode-q:1.2.1)

Attribution: MAC Address\IP Address\DNS Address\ DHCP Address\Gateway address\ Operating System\Network\

The overlay network is divided into 4 categories:Content Delivery Network, peer-to-peer network, virtual private network and the other network.

Class-IV:Content Delivery Network

EnCode-q:1.2.2.1

Upper-Class: overlay network (EnCode-q:1.2.2)

Attribution: MAC Address\IP Address\DNS Address\ DHCP Address\Gateway address\ Operating System\Network\

Class-IV:peer-to-peer network

EnCode-q:1.2.2.2

Upper-Class: overlay network (EnCode-q:1.2.2)

Attribution: MAC Address\IP Address\DNS Address\ DHCP Address\Gateway address\ Operating System\Network\

Class-IV:virtual private network RFC2764

EnCode-q:1.2.2.3

Upper-Class: overlay network (EnCode-q:1.2.2)

Attribution: MAC Address\IP Address\DNS Address\ DHCP Address\Gateway address\ Operating System\Network\

Class-IV:other network

EnCode-q:1.2.2.4

Upper-Class: overlay network (EnCode-q:1.2.2)

Attribution: MAC Address\IP Address\DNS Address\ DHCP Address\Gateway address\ Operating System\Network\

5.3.3. Intermediate node

The "intermediate node" sub-category organizes a large-category according to the functions that nodes play in the network architecture. It is divided into routing node, switching node, and controlling node.

Class-III: routing node

EnCode-q:1.3.1

Upper-Class: Intermediate node(EnCode-q:1.3)

Attribution: MAC Address\IP Address\DNS Address\ DHCP Address\Gateway address\ Operating System\Model Number Code\ Routing Protocol\

Class-III: switching node

EnCode-q:1.3.2

Upper-Class: Intermediate node(EnCode-q:1.3)

Attribution: MAC Address\IP Address\DNS Address\ DHCP Address\Gateway address\ Operating System\Model Number Code\

Class-III: controlling node

EnCode-q:1.3.3

Upper-Class: Intermediate node(EnCode-q:1.3)

Attribution: MAC Address\IP Address\DNS Address\ DHCP Address\Gateway address\ Operating System\Model Number Code\

The routing node is classified into categories inter-domain routing node and intra-domain routing node according to the working level of the routing.

Class-IV: inter-domain routing node RFC904

EnCode-q:1.3.1.1

Upper-Class: routing node (EnCode-q:1.3.1)

Attribution: MAC Address\IP Address\DNS Address\ DHCP Address\Gateway address\Operating System\Model Number Code\ Routing Protocol\

Class-IV: intra-domain routing node

EnCode-q:1.3.1.2

Upper-Class: routing node (EnCode-q:1.3.1)

Attribution: MAC Address\IP Address\DNS Address\ DHCP Address\Gateway address\Operating System\Model Number Code\ Routing Protocol\ASN\ISP\

The switching node is organized into different categories according to different network segments where the node is located.

Class-IV: hub

EnCode-q:1.3.2.1

Upper-Class: switching node (EnCode-q:1.3.2)

Attribution: MAC Address\IP Address\DNS Address\ DHCP Address\Gateway address\ Operating System\Model Number Code\

Class-IV: bridge RFC1242

EnCode-q:1.3.2.2

Upper-Class: switching node (EnCode-q:1.3.2)

Attribution: MAC Address\IP Address\DNS Address\ DHCP Address\Gateway address\ Operating System\Model Number Code\

Class-IV: switch

EnCode-q:1.3.2.3

Upper-Class: switching node (EnCode-q:1.3.2)

Attribution: MAC Address\IP Address\DNS Address\ DHCP Address\Gateway address\ Operating System\Model Number Code\

Class-IV: gateway

EnCode-q:1.3.2.4

Upper-Class: switching node (EnCode-q:1.3.2)

Attribution: MAC Address\IP Address\DNS Address\ DHCP Address\Gateway address\ Operating System\Model Number Code\

Class-IV: other

EnCode-q:1.3.2.5

Upper-Class: switching node (EnCode-q:1.3.2)

Attribution: MAC Address\IP Address\DNS Address\ DHCP Address\Gateway address\ Operating System\Model Number Code\

The controlling node is no longer to be classified here.

5.3.4. Terminal node

The "Terminal node" sub-category organizes a large-category according to the functions played by the terminal in actual production and life. It is divided into client, site, hybrid node, and a total of three major categories.

Class-III: client

EnCode-q:1.4.1

Upper-Class: Terminal node (EnCode-q:1.4)

Attribution: MAC Address\IP Address\DNS Address\ DHCP Address\Gateway address\ Operating System\ Model Number Code\

Class-III: server

EnCode-q:1.4.2

Upper-Class: Terminal node (EnCode-q:1.4)

Attribution: MAC Address\IP Address\DNS Address\ DHCP Address\Gateway address\ Operating System\ Model Number Code\Performance\

Class-III: hybrid node

EnCode-q:1.4.3

Upper-Class: Terminal node (EnCode-q:1.4)

Attribution: MAC Address\IP Address\DNS Address\ DHCP Address\Gateway address\ Operating System\ Model Number Code\

The client category is subdivided into desktop device, mobile device, sensor device, and other according to the physical device types of the nodes.

Class-IV: desktop device

EnCode-q:1.4.1.1

Upper-Class: client (EnCode-q:1.4.1)

Attribution: MAC Address\IP Address\DNS Address\ DHCP Address\Gateway address\ Operating System\ Model Number Code\

Class-IV: mobile device

EnCode-q:1.4.1.2

Upper-Class: client (EnCode-q:1.4.1)

Attribution: MAC Address\IP Address\DNS Address\ DHCP Address\Gateway address\ Operating System\ Model Number Code\

Class-IV: sensor device

EnCode-q:1.4.1.3

Upper-Class: client (EnCode-q:1.4.1)

Attribution: MAC Address\IP Address\DNS Address\ DHCP Address\Gateway address\ Operating System\ Model Number Code\ Detection information\

Class-IV: other

EnCode-q:1.4.1.4

Upper-Class: client (EnCode-q:1.4.1)

Attribution: MAC Address\IP Address\DNS Address\ DHCP Address\Gateway address\ Operating System\ Model Number Code\

The server and hybrid node continue the division of their sub- category

5.3.5. Link

The "Link" sub-category is organized into a large-category of transmission links according to the transmission medium used by the network, and is divided into two categories: wired link and wireless link.

Class-III: wired link

EnCode-q:1.5.1

Upper-Class: Link (EnCode-q:1.5)

Attribution: MAC Address\IP Address\DNS Address\ DHCP Address\Gateway address\ Operating System\ Transmission medium\Protocol\

Class-III: wireless link

EnCode-q:1.5.2

Upper-Class: Link (EnCode-q:1.5)

Attribution: MAC Address\IP Address\DNS Address\ DHCP Address\Gateway addre

The wired link category is organized according to the material of the transmission medium and the winding mode of the transmission medium. It is divided into twisted pair, coaxial cable, digital subscriber line ,optical fiber and other.

Class-IV: twisted pair

EnCode-q:1.5.1.1

Upper-Class: wired link (EnCode-q:1.5.1)

Attribution: MAC Address\IP Address\DNS Address\ DHCP Address\Gateway address\ Operating System\ Transmission medium\Protocol\

Class-IV: coaxial cable

EnCode-q:1.5.1.2

Upper-Class: wired link (EnCode-q:1.5.1)

Attribution: MAC Address\IP Address\DNS Address\ DHCP Address\Gateway address\ Operating System\ Transmission medium\Protocol\

Class-IV: digital subscriber line

EnCode-q:1.5.1.3

Upper-Class: wired link (EnCode-q:1.5.1)

Attribution: MAC Address\IP Address\DNS Address\ DHCP Address\Gateway address\ Operating System\ Transmission medium\Protocol\

Class-IV: optical fiber

EnCode-q:1.5.1.4

Upper-Class: wired link (EnCode-q:1.5.1)

Attribution: MAC Address\IP Address\DNS Address\ DHCP Address\Gateway address\ Operating System\ Transmission medium\Protocol\

Class-IV: other

EnCode-q:1.5.1.5

Upper-Class: wired link (EnCode-q:1.5.1)

Attribution: MAC Address\IP Address\DNS Address\ DHCP Address\Gateway address\ Operating System\ Transmission medium\Protocol\

The wireless is no longer to be classified here.

5.3.6. Inorganic service

The "Inorganic Service" sub-category, according to the port type used by the application, the tight program bound to the application and the port RFC6346, organizes a large-category. which is divided into generic port service , registered port service , and dynamic/private port service.

Class-III: generic port service

EnCode-q:2.1.1

Upper-Class: Inorganic service (EnCode-q:2.1)

Attribution: MAC Address\IP Address\Port\Service\ Protocol\Performance\

Class-III: registered port service

EnCode-q:2.1.2

Upper-Class: Inorganic service (EnCode-q:2.1)

Attribution: MAC Address\IP Address\Port\Service\ Protocol\Performance\

Class-III: dynamic/private port service

EnCode-q:2.1.3

Upper-Class: Inorganic service (EnCode-q:2.1)

Attribution: MAC Address\IP Address\Port\Service\ Protocol\Performance\

According to the port used and the type of service provided, the generic port service is divided into website service (HTTP, HTTPS), file transfer service (FTP, TFTP), mail service (SMTP, POP3, IMAP), network management service (SNMP) RFC1157, domain name service (DNS) and other.

Class-IV: website service

EnCode-q:2.1.1.1

Upper-Class: generic port service (EnCode-q:2.1.1)

Attribution: MAC Address\IP Address\Port\Service\ Protocol\Performance\URL\

Class-IV: file transfer service

EnCode-q:2.1.1.2

Upper-Class: generic port service (EnCode-q:2.1.1)

Attribution: MAC Address\IP Address\Port\Service\ Protocol\Performance\

Class-IV: mail service

EnCode-q:2.1.1.3

Upper-Class: generic port service (EnCode-q:2.1.1)

Attribution: MAC Address\IP Address\Port\Service\ Protocol\Performance\

Class-IV: network management service

EnCode-q:2.1.1.4

Upper-Class: generic port service (EnCode-q:2.1.1)

Attribution: MAC Address\IP Address\Port\Service\ Protocol\Performance\

Class-IV: domain name service

EnCode-q:2.1.1.5

Upper-Class: generic port service (EnCode-q:2.1.1)

Attribution: MAC Address\IP Address\Port\Service\ Protocol\Performance\

Class-IV: other

EnCode-q:2.1.1.6

Upper-Class: generic port service (EnCode-q:2.1.1)

Attribution: MAC Address\IP Address\Port\Service\ Protocol\Performance\

The registered port service is no longer to be classified here. According to the type of services provided by the application, the dynamic/private port service is divided into search query service, audio and video service, shopping service, social service and other.

Class-IV: search query service

EnCode-q:2.1.3.1

Upper-Class: dynamic/private port service (EnCode-q:2.1.3)

Attribution: MAC Address\IP Address\Port\Service\ Protocol\Performance\

Class-IV: audio and video service

EnCode-q:2.1.3.2

Upper-Class: dynamic/private port service (EnCode-q:2.1.3)

Attribution: MAC Address\IP Address\Port\Service\ Protocol\Performance\

Class-IV: shopping service

EnCode-q:2.1.3.3

Upper-Class: dynamic/private port service (EnCode-q:2.1.3)

Attribution: MAC Address\IP Address\Port\Service\ Protocol\Performance\

Class-IV: social service

EnCode-q:2.1.3.4

Upper-Class: dynamic/private port service (EnCode-q:2.1.3)

Attribution: MAC Address\IP Address\Port\Service\ Protocol\Performance\

Class-IV: other

EnCode-q:2.1.3.5

Upper-Class: dynamic/private port service (EnCode-q:2.1.3)

Attribution: MAC Address\IP Address\Port\Service\ Protocol\Performance\

5.3.7. Organic service

The "organic service" continues the sub-category classification.

Class-III: Organic service

EnCode-q:2.2.1

Upper-Class: Organic service (EnCode-q:2.2)

Attribution: MAC Address\IP Address\Port\Service\ Protocol\Performance\

The organic service categories are classified into P2P service , CDN service and other according to the scenario where the application is located and the network service function.

Class-IV: P2P service

EnCode-q:2.2.1.1

Upper-Class: Organic service (EnCode-q:2.2.1)

Attribution: MAC Address\IP Address\Port\Service\ Protocol\Performance\

Class-IV: CDN service

EnCode-q:2.2.1.2

Upper-Class: Organic service (EnCode-q:2.2.1)

Attribution: MAC Address\IP Address\Port\Service\ Protocol\Performance\

Class-IV: other

EnCode-q:2.2.1.3

Upper-Class: Organic service (EnCode-q:2.2.1)

Attribution: MAC Address\IP Address\Port\Service\ Protocol\Performance\

5.3.8. Code

The "Code" continues the sub-category classification and is no longer subdivided.

Class-III: Code

EnCode-q:3.1.1

Upper-Class: Code (EnCode-q:3.1)

Attribution: IP Address\Port\Service\ Protocol\ Data Format\ Data size\Data Permission\ Programming Language\

5.3.9. Text resource

The "Text resource" sub-category, according to the storage form of text, whether the text can be represented by unified data or format to organize large categories, is divided into structured text, semi-structured text, unstructured text.

Class-III: structured text

EnCode-q:3.2.1

Upper-Class: Text resource (EnCode-q:3.2)

Attribution: IP Address\Port\Service\ Protocol\ Data Format\ Data size\Data Permission\

Class-III: semi-structured text

EnCode-q:3.2.2

Upper-Class: Text resource (EnCode-q:3.2)

Attribution: IP Address\Port\Service\ Protocol\ Data Format\ Data size\Data Permission\

Class-III: unstructured text

EnCode-q:3.2.3

Upper-Class: Text resource (EnCode-q:3.2)

Attribution: IP Address\Port\Service\ Protocol\ Data Format\ Data size\Data Permission\

The " structured text", "semi-structured text" and " structured text "continues the large-category classification and is no longer subdivided.

5.3.10. Picture resource

The "picture resource" continues the sub-category classification and is no longer subdivided.

Class-III: Picture resource

EnCode-q:3.3.1

Upper-Class: Picture resource (EnCode-q:3.3)

Attribution: IP Address\Port\Service\ Protocol\ Data Format\ Data size\Data Permission\

5.3.11. Audio resource

The Audio resource continues the sub-category classification and is no longer subdivided.

Class-III: Audio resource

EnCode-q:3.4.1

Upper-Class: Audio resource (EnCode-q:3.4)

Attribution: IP Address\Port\Service\ Protocol\ Data Format\ Data size\Data Permission\

5.3.12. Video resource

The " Video resource" continues the sub-category classification. and is no longer subdivided.

Class-III: Video resource

EnCode-q:3.5.1

Upper-Class: Video resource (EnCode-q:3.5)

Attribution: IP Address\Port\Service\ Protocol\ Data Format\ Data size\Data Permission\

6. Acknowledgements

The authors would like to thank the support of Tsinghua. University and China Electronic Technology Group Corporation thirtieth Research Institute. We also thank the following persons for their suggestions on earlier versions of this work: Zhi Sun, Jianfeng Chen, Da He, Rui Xu, Zhihong Rao, etc, for their. discussion, comments and suggestions.

7. IANA Considerations

This memo includes no request to IANA.

8. Security Considerations

This document only defines a framework for network resources categorization. This document itself does not directly introduce security issues.

9. Normative References

[RFC1157] Case, J., "A Simple Network Management Protocol (SNMP)", RFC 1157, May 1990.
[RFC1242] Bradner, S., "Benchmarking Terminology for Network Interconnection Devices", RFC 1242, July 1991.
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", RFC 2119, March 1997.
[RFC2764] Gleeson, B., "A Framework for IP Based Virtual Private Networks", RFC 2764, February 2000.
[RFC3232] Reynolds, J., "Assigned Numbers: RFC 1700 is Replaced by an On-line Database", RFC 3232, January 2002.
[RFC6346] Bush, R., "The Address plus Port (A+P) Approach to the IPv4 Address Shortage", RFC 6346, August 2011.
[RFC904] Mills, D., "A Framework for IP Based Virtual Private Networks", RFC 904, April 1984.

Authors' Addresses

Jilong Wang (editor) Tsinghua University Beijing, 100084 China EMail: wjl@tsinghua.edu.cn
Congcong Miao (editor) Tsinghua University Beijing, 100084 China EMail: mccmiao@163.com
Shuying Zhuang (editor) Tsinghua University Beijing, 100084 China EMail: 17751034616@163.com
Qianli Zhang (editor) Tsinghua University Beijing, 100084 China EMail: zhang@cernet.edu.cn
Jianfeng Chen (editor) CETC Chengdu, 610000 China EMail: atrix@163.com