CN112468373A - Accurate positioning analysis system and method for network flow of fingerprint equipment - Google Patents
Accurate positioning analysis system and method for network flow of fingerprint equipment Download PDFInfo
- Publication number
- CN112468373A CN112468373A CN202011421041.XA CN202011421041A CN112468373A CN 112468373 A CN112468373 A CN 112468373A CN 202011421041 A CN202011421041 A CN 202011421041A CN 112468373 A CN112468373 A CN 112468373A
- Authority
- CN
- China
- Prior art keywords
- data
- flow
- equipment
- network
- fingerprint
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 40
- 238000004458 analytical method Methods 0.000 title claims abstract description 38
- 238000012544 monitoring process Methods 0.000 claims abstract description 41
- 238000007726 management method Methods 0.000 claims abstract description 35
- 230000000737 periodic effect Effects 0.000 claims description 6
- 238000004891 communication Methods 0.000 claims description 4
- 239000003999 initiator Substances 0.000 claims description 4
- 230000002159 abnormal effect Effects 0.000 claims description 3
- 230000005540 biological transmission Effects 0.000 claims description 3
- 230000000977 initiatory effect Effects 0.000 claims description 3
- 230000006399 behavior Effects 0.000 abstract description 2
- 238000005516 engineering process Methods 0.000 description 5
- 238000010586 diagram Methods 0.000 description 4
- 238000005206 flow analysis Methods 0.000 description 4
- 238000013461 design Methods 0.000 description 3
- 230000010354 integration Effects 0.000 description 3
- 230000007547 defect Effects 0.000 description 2
- 238000007792 addition Methods 0.000 description 1
- 230000009286 beneficial effect Effects 0.000 description 1
- 238000010224 classification analysis Methods 0.000 description 1
- 238000012217 deletion Methods 0.000 description 1
- 230000037430 deletion Effects 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 238000012545 processing Methods 0.000 description 1
- 238000011144 upstream manufacturing Methods 0.000 description 1
- 238000012800 visualization Methods 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L43/00—Arrangements for monitoring or testing data switching networks
- H04L43/08—Monitoring or testing based on specific metrics, e.g. QoS, energy consumption or environmental parameters
- H04L43/0876—Network utilisation, e.g. volume of load or congestion level
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/20—Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
- G06F16/24—Querying
- G06F16/245—Query processing
- G06F16/2455—Query execution
- G06F16/24568—Data stream processing; Continuous queries
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
- G06F21/32—User authentication using biometric data, e.g. fingerprints, iris scans or voiceprints
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L43/00—Arrangements for monitoring or testing data switching networks
- H04L43/16—Threshold monitoring
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L43/00—Arrangements for monitoring or testing data switching networks
- H04L43/50—Testing arrangements
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Signal Processing (AREA)
- Computer Networks & Wireless Communication (AREA)
- General Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- Physics & Mathematics (AREA)
- Computer Security & Cryptography (AREA)
- Software Systems (AREA)
- Computer Hardware Design (AREA)
- Computational Linguistics (AREA)
- Data Mining & Analysis (AREA)
- Databases & Information Systems (AREA)
- Environmental & Geological Engineering (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention provides a fingerprint equipment network flow accurate positioning analysis system which comprises an equipment fingerprint identification card identification method module, a data flow fingerprint analysis and calibration method module, a data flow direction accurate identification method module, a data session fingerprint analysis method module, a data flow dynamic threshold monitoring rule configuration module and an automatic monitoring management method module. And the application behaviors and data trends of the devices in the network are dynamically tracked, accurately positioned and intelligently managed according to different application levels and management angles.
Description
Technical Field
The invention relates to the field of network security, in particular to a system and a method for accurately positioning and analyzing network flow of fingerprint equipment.
Background
Along with the continuous development of the information technology, the information product type is diversified, the type is complicated, the difficult assurance of data communication protocol standardization target, novel network equipment and terminal type equipment increase in the frequency of intranet use, and the control granularity of current equipment identification technology and flow monitoring means is difficult to satisfy current management requirement, brings certain control management degree of difficulty for intranet data protection.
1. The traditional device identification method is based on the IP address of the device as the unique identification of the device identity, but the variability and the modifiability of the IP address cause that the traditional device identification method cannot guarantee the unique authentication of the device.
2. The existing flow monitoring technology is based on monitoring the total size of data flow of the whole network, can not track and position the direct source of the flow in detail, and can not analyze the uplink and downlink flow and the conversation number of all network nodes of the whole network, namely all ports of all network switches in real time.
3. The monitoring of the flow conversation is only limited to the size, and the tracking analysis of the conversation source end, the destination end, the IP and the MAC cannot be realized.
Disclosure of Invention
In view of the problems in the prior art, the invention provides a system and a method for accurately positioning and analyzing network traffic of a fingerprint device, which are used for dynamically tracking, accurately positioning and intelligently managing application behaviors and data trends of devices in a network according to different application levels and management angles.
In order to achieve the above object, the present invention adopts a technical solution that a system for accurately positioning and analyzing network traffic of a fingerprint device includes:
the device fingerprint identification card identification method module is used for carrying out uniqueness identification and calibration on the devices in the network, ensuring the uniqueness of the device data and establishing an asset fingerprint identification card library of the devices in the network;
the data flow fingerprint analysis and calibration method module is used for carrying out unique identity identification and calibration on application data in the network so as to ensure the uniqueness of each piece of application data;
the data flow direction accurate identification method module is used for calibrating data flow initiating and target nodes and tracking the access flow of data in an omnibearing manner;
the data session fingerprint analysis method module is used for analyzing the uniqueness of the application session and totaling the total session number and the session type in the analysis data stream;
the data flow dynamic threshold monitoring rule configuration module is used for configuring and managing data monitoring rules and applying session monitoring rules; and the automatic monitoring management method module is used for automatically matching the rule content according to the rule configuration of the configuration module and automatically monitoring and managing the flow use condition and the session condition of the application data in the network.
Preferably, the device fingerprint identification method module uses the MAC address of the device as a unique identification number as a fingerprint identification basic element, associates and analyzes the device IP address and the device-connected switch port as a physical connection location, and uses four key data of the device type as an identification card of the device.
Preferably, the data stream fingerprint analysis and calibration method module is configured to, according to TCP/IP data stream quintuple information, specifically, a source IP, a destination IP, a source port, a destination port, a transmission type of the data stream, and equipment asset id information, fast locate an asset id of a data stream initiator and an id of a receiver through the source IP and the destination IP of the quintuple information in the data stream, fast retrieve a data source, accurately locate the source id and the destination id of each data stream, create a data stream id session information fingerprint analysis result database, and the id data stream session information octatuple is: source identity card asset information, destination identity card asset information, source IP, destination IP, source port, destination port, transport type, data application protocol.
Preferably, the data flow direction accurate identification method module determines the direction information of the data flow: the uplink flow, the downlink flow and the ID card session information are analyzed and judged according to the data communication protocol, the specific source and the destination of the data flow are analyzed and judged, and the data flow direction is tracked in an all-round way.
Preferably, the data session fingerprint analysis method module analyzes the session application type and number according to the data session characteristic data, and classifies and analyzes the total number of global sessions, the total number of specific network device nodes, the total number of data sessions and the total number of sessions on specific ports of the device nodes.
Preferably, the data flow dynamic threshold monitoring rule configuration module counts uplink flows, downlink flows and session numbers of all switches and ports accessed in real time, calculates average values and peak values of the uplink flows, the downlink flows and the session numbers of the switches, the switch ports and the equipment in a statistical period, dynamically sets a flow threshold rule or manually sets a flow threshold rule, and passes through the foreground flow rule configuration module.
Preferably, the automatic monitoring management method module can automatically associate the management rules according to the configuration rules, realize all-around automatic monitoring management for all application data streams and application sessions in the network, monitor whether the periodic flow values of all switches and ports exceed the set threshold value, alarm in real time after the periodic flow values exceed the set threshold value, and accurately analyze which terminal devices the exceeded abnormal flow or session comes from.
A method for accurately positioning and analyzing network flow of fingerprint equipment is characterized in that network switches in a network are uniformly input, all flow of a lower connection port of a mirror image core switch is used for analyzing uplink flow, downlink flow and session number of data flow from a mirror image, dynamically analyzing which terminal asset the data flow comes from and which terminal asset the data flow goes to, accurately analyzing which switch and which port the data flow is distributed at, acquiring all application data in the network, formulating flow data and session management rules, and realizing real-time monitoring of data and sessions in the whole network.
The invention has the beneficial effects that: the intelligent processing is realized through six modules, namely equipment fingerprint identification card identification, data flow fingerprint analysis and calibration, data flow direction accurate identification, data session fingerprint analysis, data flow dynamic threshold monitoring rule configuration and automatic monitoring management, so that the functions of accurate analysis and positioning of network flow are realized. The system adopts a multi-module integrated design, does not need to deploy each module function independently, adopts centralized and integrated deployment, and adopts a port mirroring technology to obtain the data flow in the network, wherein an integrated software system belongs to a bypass mode in the intranet. The method makes up the defects that only the data size and the total flow are analyzed in the traditional flow analysis, improves the flow analysis fineness and the backtracking function of the application session, and greatly improves the network flow monitoring management level and the data safety protection management level.
Drawings
Fig. 1 is a functional block diagram of a system for accurately positioning and analyzing network traffic of a fingerprint device according to the present invention;
FIG. 2 is a schematic diagram of a fingerprint identification card recognition method of the device;
fig. 3 is a schematic diagram of logic deployment of a network traffic accurate positioning analysis system of a fingerprint device;
FIG. 4 is a flow diagram of a data stream fingerprinting and calibration method module process.
Detailed Description
The present application will be described in detail below with reference to the accompanying drawings and examples. It is to be understood that the following detailed description is intended to illustrate and not to limit the invention. Meanwhile, for convenience of description, only portions related to the present invention will be shown in the drawings.
A fingerprint equipment network flow accurate positioning analysis system comprises an equipment fingerprint identification card identification method module, a data flow fingerprint analysis and calibration method module, a data flow direction accurate identification method module, a data session fingerprint analysis method module, a data flow dynamic threshold monitoring rule configuration module and an automatic monitoring management method module. The data application condition and the data trend of the in-network terminal and other service system servers are tracked, positioned and backtracked through a built-in equipment identification algorithm and an application data identification algorithm of the system, and the visualization and automatic management of the in-network data are ensured from the application and management aspects.
And the equipment fingerprint identity card identification method module is used for carrying out uniqueness identification and calibration on the equipment in the network, ensuring the uniqueness of the equipment data and establishing an asset fingerprint identity card library of the equipment in the network. The fingerprint identity card comprises four elements: 1. identification card number: MAC address 2 name: IP address 3 address: port number of access switch (e.g. port number 3 at a switch) 4 type: computers (printers, cameras, IP phones, testers, industrial equipment, cell phones, etc.). The method can use the MAC address of the equipment as the unique identity card number as a fingerprint identification basic element, and correlate and analyze four key data of the equipment name IP address and the equipment address as physical connection positions, namely, connected switch ports, and what type of the equipment is as the identification identity card of the equipment, thereby ensuring the uniqueness and uniqueness of the equipment. The identity card number of the equipment is unique and can not be changed, the name IP address and the address can be changed and have no uniqueness, and some equipment has no name IP address and is a common phenomenon in a network equipment identity card library. The module adopts an equipment asset fingerprint identity card identification method to acquire equipment MAC and IP information, associates equipment access positions, namely specific physical ports of a network switch, identifies unique identity fingerprints of the equipment in the network, and analyzes the type and the model of the equipment.
And the data flow fingerprint analysis and calibration method module is used for carrying out unique identity identification and calibration on the application data in the network, ensuring the uniqueness of each piece of application data and providing a flow identity card concept for the first time. According to the quintuple information of the TCP/IP data flow, the quintuple information specifically includes the source IP, the destination IP, the source port, the destination port, the transmission type (TCP or UDP) and the equipment asset ID card information of the data flow, and as mentioned above, the specific information mainly includes the ID card number MAC, the name IP address, and the address is the access switch position and the equipment type. Through the source IP and the destination IP of the quintuple information in the data stream, the asset identity card of the data stream initiator and the identity card of the receiver can be quickly positioned, the data source can be quickly retrieved, the source identity card and the destination identity card of each data stream can be accurately positioned, a data stream identity card session information fingerprint analysis result database is created, and the traceability of data is guaranteed. The identity card data stream session information octave group: source identification card asset information, destination identification card asset information, source IP, destination IP, source port, destination port, transport type (TCP or UDP), data application protocol. The module is used for realizing the disassembly and analysis of the data packets, acquiring the octave information of each data stream and calibrating the uniqueness characteristic of the data.
And the data flow direction accurate identification method module is used for calibrating data flow initiating and target nodes and tracking the access flow of data in an all-around manner. To determine the direction information of the data flow: uplink flow, downlink flow and ID card session information. According to a data communication protocol: for example, the TCP three-way handshake feature analyzes and determines the specific source and destination of the data flow, and tracks the data flow direction in all directions, which is simply understood that the data packet sent by the device actively is the uplink flow, the data packet received by the device is the downlink flow, and all the uplink flow and the downlink flow have a unique corresponding id card session information as described above. The module is used for quickly positioning an initiator and a receiver according to asset identity card information on the basis of data session, wherein the flow sent by the equipment is uplink flow, and the flow received by the equipment is downlink flow. The classification analysis of the data flow in the network is realized, and the data flow comprises the data flow of the whole network, the data flow of a specific switch, the data flow of a specific port and the data flow of specific equipment, so that the data flow is analyzed and calibrated through multiple dimensions.
And the data session fingerprint analysis method module is used for analyzing the uniqueness of the application session and totaling the total session number and the session type in the analysis data stream. Analyzing the type and the number of the session applications according to data session characteristics (such as session information octaves), and classifying and analyzing the total number of global sessions, the total number of data sessions at specific network equipment nodes (switches) and the total number of sessions at specific ports of the equipment nodes. The module realizes accurate analysis of data sessions, including the total number of sessions and the number of sessions on the ports of the switch.
And the data flow dynamic threshold monitoring rule configuration module is used for configuring and managing the data monitoring rule and applying the session monitoring rule. The method comprises the steps of counting uplink flow, downlink flow and session number of all access switches and ports in real time, wherein the counting period can be in units of seconds, minutes, hours, days or weeks, calculating average values and peak values of the uplink flow, the downlink flow and the session number of the switches, the ports of the switches and equipment in the counting period, dynamically setting flow threshold rules or manually setting flow threshold rules, and flexibly configuring management rules according to management requirements through a foreground flow rule configuration module, checking, deleting and modifying the configuration of the management rules, so that daily management and use are facilitated. The module adds a management rule for monitoring the data flow through an HTTPS login management system, can realize the addition, modification, deletion and check of the rule, and the dynamic threshold value rule can be formulated according to the standards of uplink, downlink, total session number and the like.
And the automatic monitoring management method module is used for automatically matching the rule content according to the rule configuration of the configuration module and automatically monitoring and managing the flow use condition and the session condition of the application data in the network. The method can automatically associate the management rules according to the configuration rules, realize all-around automatic monitoring management aiming at all application data flows and application sessions in the network, monitor whether the periodic flow values of all switches and ports exceed the set threshold value, alarm in real time after the periodic flow values exceed the set threshold value, and accurately analyze which terminal devices the excessive abnormal flow or session comes from. The module automatically matches data flow monitoring rules set inside, monitors access conditions and data trends of data flow in the network in real time, finds illegal data application in time, and automatically blocks and gives an alarm.
And after the system is started, the functions of the modules are orderly operated. During normal use, need unify earlier to network switch in the net and type in, through all flows of image core switch lower antithetical couplet mouth, the analysis mirror image is come the upstream flow of dataflow, downstream flow, the conversation number, and dynamic analysis goes out which terminal asset that the dataflow comes from, to which terminal asset, and accurate analysis goes out that data flow distributes at which switch and which port, can acquire all application data in the net, formulate flow data and conversation management rule, the realization is to the real time monitoring of whole network data and conversation.
Abbreviations and noun explanations:
fingerprint equipment ID card: the unique identification number MAC, the name IP address and the address of the equipment can be calibrated to be the port of the access switch and the type of the equipment.
Fingerprint identification card data: the method can calibrate the unique identifier of a data stream, and mainly comprises data octave information: source identification card asset information, destination identification card asset information, source IP, destination IP, source port, destination port, transport type (TCP or UDP), data application protocol.
This accurate positioning analysis system of fingerprint device network flow adopts the design of multimode integration with the modularized design, need not to deploy each module function alone, adopts centralization, integration deployment, and integration software system belongs to the bypass mode in the intranet, adopts port mirror image technique to obtain the interior data flow of net. The automatic monitoring management of the flow and the data is realized by matching the self-management flow rule through equipment fingerprint identification card identification, data flow fingerprint analysis and calibration, data session fingerprint analysis. The method makes up the defects that only the data size and the total flow are analyzed in the traditional flow analysis, improves the flow analysis fineness and the backtracking function of the application session, and greatly improves the network flow monitoring management level and the data safety protection management level.
The above description is only a preferred embodiment of the application and is illustrative of the principles of the technology employed. It will be appreciated by a person skilled in the art that the scope of the invention as referred to in the present application is not limited to the embodiments with a specific combination of the above-mentioned features, but also covers other embodiments with any combination of the above-mentioned features or their equivalents without departing from the inventive concept. For example, the above features may be replaced with (but not limited to) features having similar functions disclosed in the present application.
Claims (8)
1. The utility model provides an accurate location analytic system of fingerprint equipment network flow which characterized in that includes:
the device fingerprint identification card identification method module is used for carrying out uniqueness identification and calibration on the devices in the network, ensuring the uniqueness of the device data and establishing an asset fingerprint identification card library of the devices in the network;
the data flow fingerprint analysis and calibration method module is used for carrying out unique identity identification and calibration on application data in the network so as to ensure the uniqueness of each piece of application data;
the data flow direction accurate identification method module is used for calibrating data flow initiating and target nodes and tracking the access flow of data in an omnibearing manner;
the data session fingerprint analysis method module is used for analyzing the uniqueness of the application session and totaling the total session number and the session type in the analysis data stream;
the data flow dynamic threshold monitoring rule configuration module is used for configuring and managing data monitoring rules and applying session monitoring rules;
and the automatic monitoring management method module is used for automatically matching the rule content according to the rule configuration of the configuration module and automatically monitoring and managing the flow use condition and the session condition of the application data in the network.
2. The system for accurately positioning and analyzing the network traffic of the fingerprint equipment as claimed in claim 1, wherein the equipment fingerprint identification method module uses the MAC address of the equipment as a unique identification number as a fingerprint identification basic element, associates and analyzes the IP address of the equipment and the port of the equipment-connected switch as a physical connection position, and uses four key data of the equipment type as an identification card of the equipment.
3. The system for accurately positioning and analyzing network traffic of fingerprint equipment according to claim 2, wherein the data stream fingerprint analysis and calibration method module is configured to quickly locate the asset id card of the data stream initiator and the id card of the receiver by using the source IP and the destination IP of the quintuple information in the data stream according to the quintuple information of the TCP/IP data stream, specifically, the source IP, the destination IP, the source port, the destination port, the transmission type of the data stream, and the asset id card information of the equipment, quickly retrieve the data source, accurately position the source id card and the destination id card of each data stream, create a data stream id card session information fingerprint analysis result database, and the data stream session information octave of the id card is: source identity card asset information, destination identity card asset information, source IP, destination IP, source port, destination port, transport type, data application protocol.
4. The system for accurately positioning and analyzing network traffic of fingerprint equipment according to claim 3, wherein the method module for accurately identifying the direction of data flow determines the direction information of the data flow: the uplink flow, the downlink flow and the ID card session information are analyzed and judged according to the data communication protocol, the specific source and the destination of the data flow are analyzed and judged, and the data flow direction is tracked in an all-round way.
5. The system for accurately positioning and analyzing network traffic of fingerprint equipment as claimed in claim 3, wherein the data session fingerprint analysis method module analyzes the type and number of the session applications according to the data session characteristic data, and classifies and analyzes the total number of global sessions, the total number of data sessions at specific network equipment nodes and the total number of sessions at specific ports of the equipment nodes.
6. The system for accurately positioning and analyzing network traffic of fingerprint equipment as claimed in claim 1, wherein the module for configuring the dynamic threshold monitoring rule for data flow is configured to count the uplink traffic, downlink traffic, and the number of sessions of all switches and ports accessed in real time, calculate the average value and the peak value of the uplink traffic, downlink traffic, and the number of sessions of the switches, the ports of the switches, and the equipment in the statistical period, dynamically set the rule for the traffic threshold or manually set the rule for the traffic threshold, and configure the module for the traffic rule through the foreground.
7. The system for accurately positioning and analyzing network traffic of fingerprint equipment according to claim 6, wherein the automatic monitoring management method module is capable of automatically associating management rules according to configuration rules, implementing omnibearing automatic monitoring management for all application data streams and application sessions in the network, monitoring whether periodic traffic values of all switches and ports exceed a set threshold value, and alarming in real time after the periodic traffic values exceed the threshold value and accurately analyzing which terminal equipment the excessive abnormal traffic or session comes from.
8. An accurate positioning analysis method for network flow of fingerprint equipment is characterized by comprising the following steps: the method comprises the steps of carrying out unified input on network switches in the network, analyzing uplink flow, downlink flow and session number of data flows from a mirror image through all flows of a lower connection port of a mirror image core switch, dynamically analyzing which terminal asset the data flows come from and which terminal asset the data flows to, accurately analyzing which switch and which port the data flows are distributed at, acquiring all application data in the network, formulating flow data and session management rules, and realizing real-time monitoring on the data and the sessions in the whole network.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202011421041.XA CN112468373A (en) | 2020-12-08 | 2020-12-08 | Accurate positioning analysis system and method for network flow of fingerprint equipment |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202011421041.XA CN112468373A (en) | 2020-12-08 | 2020-12-08 | Accurate positioning analysis system and method for network flow of fingerprint equipment |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN112468373A true CN112468373A (en) | 2021-03-09 |
Family
ID=74800862
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202011421041.XA Pending CN112468373A (en) | 2020-12-08 | 2020-12-08 | Accurate positioning analysis system and method for network flow of fingerprint equipment |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN112468373A (en) |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN115883241A (en) * | 2022-12-13 | 2023-03-31 | 北京马赫谷科技有限公司 | Network security tracing method and system and electronic device |
| WO2024164828A1 (en) * | 2023-02-07 | 2024-08-15 | 华为技术有限公司 | Data stream identification method, apparatus and electronic device |
Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20070280123A1 (en) * | 2004-01-27 | 2007-12-06 | Atkins Jeffrey B | Monitoring System For A Mobile Communication Network For Traffic Analysis Using A Hierarchial Approach |
| US8520540B1 (en) * | 2010-07-30 | 2013-08-27 | Cisco Technology, Inc. | Remote traffic monitoring through a network |
| US20130286872A1 (en) * | 2010-11-09 | 2013-10-31 | Plustech Inc. | Session-based traffic analysis system |
| US10263868B1 (en) * | 2012-04-11 | 2019-04-16 | Narus, Inc. | User-specific policy enforcement based on network traffic fingerprinting |
| CN110855576A (en) * | 2015-12-31 | 2020-02-28 | 杭州数梦工场科技有限公司 | Application identification method and device |
| CN111711616A (en) * | 2020-05-29 | 2020-09-25 | 武汉蜘易科技有限公司 | Network zone boundary safety protection system, method and equipment |
-
2020
- 2020-12-08 CN CN202011421041.XA patent/CN112468373A/en active Pending
Patent Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20070280123A1 (en) * | 2004-01-27 | 2007-12-06 | Atkins Jeffrey B | Monitoring System For A Mobile Communication Network For Traffic Analysis Using A Hierarchial Approach |
| US8520540B1 (en) * | 2010-07-30 | 2013-08-27 | Cisco Technology, Inc. | Remote traffic monitoring through a network |
| US20130286872A1 (en) * | 2010-11-09 | 2013-10-31 | Plustech Inc. | Session-based traffic analysis system |
| US10263868B1 (en) * | 2012-04-11 | 2019-04-16 | Narus, Inc. | User-specific policy enforcement based on network traffic fingerprinting |
| CN110855576A (en) * | 2015-12-31 | 2020-02-28 | 杭州数梦工场科技有限公司 | Application identification method and device |
| CN111711616A (en) * | 2020-05-29 | 2020-09-25 | 武汉蜘易科技有限公司 | Network zone boundary safety protection system, method and equipment |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN115883241A (en) * | 2022-12-13 | 2023-03-31 | 北京马赫谷科技有限公司 | Network security tracing method and system and electronic device |
| CN115883241B (en) * | 2022-12-13 | 2024-07-09 | 北京马赫谷科技有限公司 | Network security tracing method and system and electronic equipment |
| WO2024164828A1 (en) * | 2023-02-07 | 2024-08-15 | 华为技术有限公司 | Data stream identification method, apparatus and electronic device |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US9860257B1 (en) | Anomaly detection and threat prediction through combined power and network analytics | |
| US20160352759A1 (en) | Utilizing Big Data Analytics to Optimize Information Security Monitoring And Controls | |
| KR101234326B1 (en) | Distributed traffic analysis | |
| Da Silva et al. | Identification and selection of flow features for accurate traffic classification in SDN | |
| US20090238088A1 (en) | Network traffic analyzing device, network traffic analyzing method and network traffic analyzing system | |
| EP2084854B1 (en) | Media session identification method for ip networks | |
| CN110086776A (en) | Intelligent substation Network Intrusion Detection System and detection method based on deep learning | |
| CN103491060B (en) | A kind of method, apparatus and system of defence Web attacks | |
| KR20180120558A (en) | System and method for predicting communication apparatuses failure based on deep learning | |
| CN111181971B (en) | System for automatically detecting industrial network attack | |
| CN112468373A (en) | Accurate positioning analysis system and method for network flow of fingerprint equipment | |
| Letteri et al. | Performance of Botnet Detection by Neural Networks in Software-Defined Networks. | |
| CN102387044A (en) | Method for testing communication network | |
| CN108600003A (en) | A kind of intrusion detection method, the apparatus and system of facing video monitoring network | |
| US9479539B2 (en) | Distributed network instrumentation system | |
| Wang et al. | Source-based defense against DDoS attacks in SDN based on sFlow and SOM | |
| CN118413379A (en) | Intelligent identification and defense system of botnet in industrial environment | |
| CN113301560A (en) | Electric power Internet of things terminal control method and system | |
| CN119316226B (en) | A method, device and storage medium for detecting illegal external connection of a terminal | |
| TWI797962B (en) | Method for sase based ipv6 cloud edge network secure connection | |
| Qian et al. | Characterization of 3g data-plane traffic and application towards centralized control and management for software defined networking | |
| CN111490991B (en) | Multiple server connection request system and method based on communication equipment | |
| CN116939589A (en) | Student internet monitoring system based on campus wireless network | |
| CN110995733A (en) | Intrusion detection system in industrial control field based on remote measuring technology | |
| Rinaldi et al. | Softwarization of SCADA: lightweight statistical SDN-agents for anomaly detection |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| WD01 | Invention patent application deemed withdrawn after publication | ||
| WD01 | Invention patent application deemed withdrawn after publication |
Application publication date: 20210309 |