CN114124744A - Flow data display method and device, electronic equipment and storage medium - Google Patents

Flow data display method and device, electronic equipment and storage medium Download PDF

Info

Publication number
CN114124744A
CN114124744A CN202111400857.9A CN202111400857A CN114124744A CN 114124744 A CN114124744 A CN 114124744A CN 202111400857 A CN202111400857 A CN 202111400857A CN 114124744 A CN114124744 A CN 114124744A
Authority
CN
China
Prior art keywords
target service
level
safety protection
cylinder
network safety
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN202111400857.9A
Other languages
Chinese (zh)
Other versions
CN114124744B (en
Inventor
苏浩伟
杨年
朱珍亮
张龙
张小勇
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Nsfocus Technologies Inc
Nsfocus Technologies Group Co Ltd
Original Assignee
Nsfocus Technologies Inc
Nsfocus Technologies Group Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Nsfocus Technologies Inc, Nsfocus Technologies Group Co Ltd filed Critical Nsfocus Technologies Inc
Priority to CN202111400857.9A priority Critical patent/CN114124744B/en
Publication of CN114124744A publication Critical patent/CN114124744A/en
Application granted granted Critical
Publication of CN114124744B publication Critical patent/CN114124744B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L43/00Arrangements for monitoring or testing data switching networks
    • H04L43/04Processing captured monitoring data, e.g. for logfile generation
    • H04L43/045Processing captured monitoring data, e.g. for logfile generation for graphical visualisation of monitoring data
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L43/00Arrangements for monitoring or testing data switching networks
    • H04L43/08Monitoring or testing based on specific metrics, e.g. QoS, energy consumption or environmental parameters
    • H04L43/0876Network utilisation, e.g. volume of load or congestion level
    • H04L43/0888Throughput
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/30Network architectures or network communication protocols for network security for supporting lawful interception, monitoring or retaining of communications or communication related information
    • H04L63/308Network architectures or network communication protocols for network security for supporting lawful interception, monitoring or retaining of communications or communication related information retaining data, e.g. retaining successful, unsuccessful communication attempts, internet access, or e-mail, internet telephony, intercept related information or call content
    • YGENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
    • Y02TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
    • Y02DCLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
    • Y02D30/00Reducing energy consumption in communication networks
    • Y02D30/50Reducing energy consumption in communication networks in wire-line communication networks, e.g. low power modes or reduced link rate

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Data Mining & Analysis (AREA)
  • Technology Law (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Environmental & Geological Engineering (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The application discloses a flow data display method, a device, electronic equipment and a storage medium, wherein the flow data display method comprises the following steps: acquiring target service flow protection data; respectively determining the residual service flow of the target service flow after flowing through each level of network safety protection equipment according to the target service flow in the target service flow protection data and the attack flow intercepted by each level of network safety protection equipment; determining the cross-sectional area of a first cylinder for displaying the target service flow according to the target service flow, and determining the cross-sectional area of a second cylinder for displaying the residual service flow of the target service flow after passing through each level of network safety protection equipment according to the residual service flow of the target service flow after passing through each level of network safety protection equipment; and connecting the first cylinder, the preset display shapes corresponding to the network safety protection devices at all levels and each second cylinder according to a preset sequence, and then displaying.

Description

Flow data display method and device, electronic equipment and storage medium
Technical Field
The present application relates to the field of network security traffic data display, and in particular, to a method and an apparatus for displaying traffic data, an electronic device, and a storage medium.
Background
With the rapid development of network technologies such as cloud computing, internet of things, 5G, WIFI6, and the like, the types of network attacks become more complex and diverse, and thus more and more network attack flows are generated. Common network security protection devices include a Firewall (Firewall), a WAF (Web Application Firewall), an IPS (Intrusion Prevention System), and the like, different types of attack flows that different network security protection devices can clean are different, in protection against the attack flows, several different types of network security protection devices are generally used in cooperation to clean different types of attack flows in service flows, after the network security protection devices perform protection processing on the service flows, flow data needs to be displayed, at present, display of the flow data is generally statistical data, for example, a flow data statistical table is generated according to formats such as the flow types, the flow sizes, and the like cleaned by the network security protection devices in the protection process, and is provided for a user to check. However, the way of displaying the flow data based on the statistical table is not intuitive, and the displaying effect is not good.
Disclosure of Invention
In order to solve the problems that the display of the traffic data is not intuitive and the effect is not good in the process of protecting the attack traffic, the embodiment of the application provides a method and a device for displaying the traffic data, an electronic device and a storage medium.
In a first aspect, an embodiment of the present application provides a method for displaying traffic data, including:
obtaining target service traffic protection data, wherein the target service traffic protection data comprises: the size of target service flow and the size of attack flow intercepted by each level of network safety protection equipment from the target service flow;
respectively determining the residual service flow of the target service flow after flowing through the network safety protection devices at all levels according to the target service flow and the attack flow intercepted by the network safety protection devices at all levels from the target service flow;
determining the cross-sectional area of a first cylinder for displaying the target service flow according to the target service flow, and determining the cross-sectional area of a second cylinder for displaying the residual service flow of the target service flow after passing through each level of network safety protection equipment according to the residual service flow of the target service flow after passing through each level of network safety protection equipment;
and connecting the first cylinder, the preset display shapes corresponding to the network safety protection devices at all levels and the second cylinders according to a preset sequence, and then displaying.
In a possible embodiment, the preset display shape is a funnel shape; the network safety protection equipment comprises N levels; the target traffic flow protection data further comprises: the throughput of each level of network safety protection equipment, a first time delay from the acquisition of the target service flow to the arrival of the target service flow at the first level of network safety protection equipment, a second time delay from the arrival of the target service flow at the next level of network safety protection equipment after the target service flow passes through the first level of network safety protection equipment to the N-1 level of network safety protection equipment, and a third time delay from the arrival of the residual service flow flowing through the N level of network safety protection equipment at the target server.
In a possible implementation manner, the cross-sectional area of the end part of the funnel corresponding to each stage of the network safety protection device is determined by the following method:
and determining the cross sectional area of the end part of the funnel corresponding to each level of network safety protection equipment according to the throughput of each level of network safety protection equipment.
In a possible implementation, the length of the first cylinder is used to characterize the first time delay, the length of the first one of the second cylinders to the length of the N-1 th one of the second cylinders are used to characterize the corresponding second time delay, and the length of the nth one of the second cylinders is used to characterize the third time delay; and
the length of each cylinder is calculated by the following formula:
Figure BDA0003371464270000031
wherein, when i is 0, l0Represents the length of the first cylinder, t0Representing the first time delay;
when i is 1 to N-1, l1~lN-1Respectively represent the lengths, t, of the 1 st to N-1 st second cylinders1~tN-1Respectively represent the 1 st to the N-1 st second time delay;
when i ═ N, lNRepresents the length, t, of the Nth of said second cylinderNRepresenting the nth said third time delay.
In one possible embodiment, the cross-sectional area of each cylinder is calculated by the following formula:
Si=lnfi,i=0,1,2,……,N
wherein, when i is 0, S0Representing the cross-sectional area of the first cylinder, f0Representing the target traffic flow size;
when i is 1 to N, S1~SNRespectively represent the cross sections of 1 st to N second cylindersArea, f1~fNRespectively representing the residual service flow after the target service flow flows through the 1 st to N-stage network safety protection equipment.
In a possible implementation mode, the cross-sectional area of the end part of the funnel corresponding to each stage of the network safety protection device is calculated by the following formula:
S′j=lnpj,j=1,2,……,N
wherein, S'jShowing the cross sectional area of the end part of a funnel for displaying the j-th level network safety protection equipment;
pjrepresenting the throughput of the jth level network security protection device.
In a possible embodiment, the first cylinder and the second cylinder are displayed in the same first preset color; and the funnels corresponding to the network safety protection devices at all levels are displayed by adopting second preset colors corresponding to the network safety protection devices at all levels respectively.
In one possible embodiment, the method further includes:
determining the cross-sectional area of a third cylinder for representing the attack flow intercepted by each level of network safety protection equipment from the target service flow according to the attack flow intercepted by each level of network safety protection equipment from the target service flow;
and displaying the cross section of the third cylinder corresponding to each level of network safety protection equipment on the cross section of the end part of the first cylinder according to the corresponding cross section area, wherein the color of the cross section of the third cylinder corresponding to each level of network safety protection equipment is the same as the corresponding second preset color of each level of network safety protection equipment.
In a second aspect, an embodiment of the present application provides a flow data display apparatus, including:
an obtaining unit, configured to obtain target service traffic protection data, where the target service traffic protection data includes: the size of target service flow and the size of attack flow intercepted by each level of network safety protection equipment from the target service flow;
a first determining unit, configured to respectively determine, according to the target service traffic and the attack traffic intercepted by each level of network security protection device from the target service traffic, the size of remaining service traffic after the target service traffic flows through each level of network security protection device;
a second determining unit, configured to determine, according to the size of the target service traffic, a cross-sectional area of a first cylinder used for displaying the target service traffic, and determine, according to the size of remaining service traffic after the target service traffic passes through each level of network security protection equipment, a cross-sectional area of a second cylinder used for displaying the remaining service traffic after the target service traffic passes through each level of network security protection equipment;
and the display unit is used for displaying the first cylinder, the preset display shapes corresponding to the network safety protection devices at all levels and the second cylinders after being connected according to a preset sequence.
In a possible embodiment, the preset display shape is a funnel shape; the network safety protection equipment comprises N levels; the target traffic flow protection data further comprises: the throughput of each level of network safety protection equipment, a first time delay from the acquisition of the target service flow to the arrival of the target service flow at the first level of network safety protection equipment, a second time delay from the arrival of the target service flow at the next level of network safety protection equipment after the target service flow passes through the first level of network safety protection equipment to the N-1 level of network safety protection equipment, and a third time delay from the arrival of the residual service flow flowing through the N level of network safety protection equipment at the target server.
In a possible embodiment, the display unit is specifically configured to determine the cross-sectional area of the end of the funnel corresponding to each stage of the network safety protection device by:
and determining the cross sectional area of the end part of the funnel corresponding to each level of network safety protection equipment according to the throughput of each level of network safety protection equipment.
In a possible implementation, the length of the first cylinder is used to characterize the first time delay, the length of the first one of the second cylinders to the length of the N-1 th one of the second cylinders are used to characterize the corresponding second time delay, and the length of the nth one of the second cylinders is used to characterize the third time delay; and
the display unit is specifically used for calculating the length of each cylinder through the following formula:
Figure BDA0003371464270000051
wherein, when i is 0, l0Represents the length of the first cylinder, t0Representing the first time delay;
when i is 1 to N-1, l1~lN-1Respectively represent the lengths, t, of the 1 st to N-1 st second cylinders1~tN-1Respectively represent the 1 st to the N-1 st second time delay;
when i ═ N, lNRepresents the length, t, of the Nth of said second cylinderNRepresenting the nth said third time delay.
In a possible embodiment, the second determination unit is specifically configured to calculate the cross-sectional area of each cylinder by the following formula:
Si=lnfi,i=0,1,2,……,N
wherein, when i is 0, S0Representing the cross-sectional area of the first cylinder, f0Representing the target traffic flow size;
when i is 1 to N, S1~SNRespectively represent the cross-sectional areas of 1 st to N second cylinders, f1~fNRespectively representing the residual service flow after the target service flow flows through the 1 st to N-stage network safety protection equipment.
In a possible embodiment, the display unit is specifically configured to calculate the cross-sectional area of the end of the funnel corresponding to each stage of the network safety protection device by using the following formula:
S′j=lnpj,j=1,2,……,N
wherein, S'jShowing the cross sectional area of the end part of a funnel for displaying the j-th level network safety protection equipment;
pjrepresenting the throughput of the jth level network security protection device.
In a possible embodiment, the first cylinder and the second cylinder are displayed in the same first preset color; and the funnels corresponding to the network safety protection devices at all levels are displayed by adopting second preset colors corresponding to the network safety protection devices at all levels respectively.
In a possible implementation manner, the second determining unit is further configured to determine, according to the size of the attack traffic intercepted by each level of network security protection device from the target traffic, a cross-sectional area of a third cylinder used for characterizing the attack traffic intercepted by each level of network security protection device from the target traffic;
the display unit is further configured to display the cross section of the third cylinder corresponding to each level of network safety protection equipment on the cross section of the end of the first cylinder according to the corresponding cross sectional area, where the color of the cross section of the third cylinder corresponding to each level of network safety protection equipment is the same as the second preset color corresponding to each level of network safety protection equipment.
For technical effects of the flow data display device provided by the present application, reference may be made to the technical effects of the first aspect or each implementation manner of the first aspect, and details are not described here.
In a third aspect, an embodiment of the present application provides an electronic device, which includes a memory, a processor, and a computer program stored on the memory and executable on the processor, where the processor implements the flow data presentation method described in the present application when executing the program.
In a fourth aspect, an embodiment of the present application provides a computer-readable storage medium, on which a computer program is stored, where the computer program, when executed by a processor, implements the steps in the traffic data presentation method described in the present application.
The beneficial effects of the embodiment of the application are as follows:
the method, the device, the electronic device and the storage medium for displaying the traffic data, provided by the embodiment of the application, are used for acquiring target service traffic protection data, wherein the target service traffic protection data comprise: the method comprises the steps of determining the size of target service flow and the size of attack flow intercepted by each level of network safety protection equipment from the target service flow, respectively determining the size of residual service flow of the target service flow after flowing through each level of network safety protection equipment according to the size of the target service flow and the size of the attack flow intercepted by each level of network safety protection equipment from the target service flow, determining the cross sectional area of a first cylinder for displaying the target service flow according to the size of the target service flow, respectively determining the cross sectional area of a second cylinder for displaying the residual service flow of the target service flow after flowing through each level of network safety protection equipment according to the size of the residual service flow of the target service flow after flowing through each level of network safety protection equipment, and correspondingly presetting display shapes of the first cylinder, each level of network safety protection equipment and each second cylinder, the method comprises the steps of connecting according to a preset sequence and then displaying, compared with the prior art that flow data in the network safety protection process are displayed through a statistical table, displaying target service flow and residual service flow of the target service flow after flowing through each level of network safety protection equipment by using cylinders, determining the size of the cross section area of a first cylinder for displaying the target service flow according to the size of the target service flow, determining the size of the cross section area of a second cylinder for displaying the residual service flow of the target service flow after flowing through each level of network safety protection equipment according to the size of the residual service flow of the target service flow after flowing through each level of network safety protection equipment, and displaying the first cylinder for displaying the target service flow, the preset display shape of each level of network safety protection equipment and the second cylinder for displaying the residual service flow of the target service flow after flowing through each level of network safety protection equipment after being connected in sequence Therefore, important flow data can be displayed in the same view to the maximum extent, a user can obtain a more visual flow data visual display effect, and the reading efficiency of the flow data is improved.
Additional features and advantages of the application will be set forth in the description which follows, and in part will be obvious from the description, or may be learned by the practice of the application. The objectives and other advantages of the application may be realized and attained by the structure particularly pointed out in the written description and claims hereof as well as the appended drawings.
Drawings
The accompanying drawings, which are included to provide a further understanding of the application and are incorporated in and constitute a part of this application, illustrate embodiment(s) of the application and together with the description serve to explain the application and not to limit the application. In the drawings:
fig. 1 is a schematic view of an application scenario of a flow data display method according to an embodiment of the present application;
fig. 2 is a schematic flow chart illustrating an implementation of a flow data displaying method according to an embodiment of the present application;
fig. 3 is an implementation flowchart illustrating a cross section of a third cylinder representing attack traffic intercepted by each level of network security protection equipment according to an embodiment of the present application;
fig. 4 is an example of a traffic data presentation graph provided by an embodiment of the present application;
fig. 5 is a cross-sectional illustration of an end portion of a first cylinder showing a cross-section of a third cylinder characterizing attack traffic intercepted by a firewall and a cross-section of a third cylinder characterizing attack traffic intercepted by an IPS device, provided by an embodiment of the present application;
fig. 6 is a schematic structural diagram of a flow data display device according to an embodiment of the present application;
fig. 7 is a schematic structural diagram of an electronic device according to an embodiment of the present application.
Detailed Description
In order to solve the problems that the display of the traffic data is not intuitive and the effect is not good in the process of protecting the attack traffic, the embodiment of the application provides a method and a device for displaying the traffic data, an electronic device and a storage medium.
The preferred embodiments of the present application will be described below with reference to the accompanying drawings of the specification, it should be understood that the preferred embodiments described herein are merely for illustrating and explaining the present application, and are not intended to limit the present application, and that the embodiments and features of the embodiments in the present application may be combined with each other without conflict.
Referring to fig. 1, an application scenario diagram of the traffic data presentation method according to the embodiment of the present application is shown, where the application scenario diagram may include N-level (i.e., N) network security devices: network security protection equipment 1-network security protection equipment N, each level of network security protection equipment performs network connection according to a preset sequence, each level of network security protection equipment is different types of equipment, for example, network security protection equipment 1 in fig. 1 may be a firewall, and network security protection equipment 2 may be an IPS device, which is not limited in this embodiment of the present application. When the target service flow is sent to the corresponding service server, the target service flow needs to sequentially flow through each level of network safety protection equipment for cleaning, each level of network safety protection equipment detects the flowing service flow and cleans the preventable attack type service flow so as to intercept the attack flow in the target service flow and prevent the attack flow from entering the next node, and finally, after the target service flow passes through the 1 st to N levels of network safety protection equipment 1 to N, the network safety protection equipment N sends the output residual service flow to the service server, thereby ensuring the network safety. The total number N of the network security protection devices may be 1 or multiple, which is not limited in the embodiment of the present application.
Based on the above application scenarios, exemplary embodiments of the present application will be described in more detail below with reference to fig. 2 to 5, it should be noted that the above application scenarios are only shown for facilitating understanding of the spirit and principles of the present application, and the embodiments of the present application are not limited thereto. Rather, embodiments of the present application may be applied to any scenario where applicable.
As shown in fig. 2, which is a schematic flow chart of an implementation of the flow data display method provided in the embodiment of the present application, the method specifically includes the following steps:
s11, obtaining target service traffic protection data, wherein the target service traffic protection data comprises: the size of the target service flow and the size of the attack flow intercepted by each level of network safety protection equipment from the target service flow.
In specific implementation, the security management platform obtains target service traffic protection data, where the target service traffic protection data may include, but is not limited to, the following data: the network security protection device comprises a target service flow size and attack flows intercepted by network security protection devices of all levels from the target service flow, wherein the network security protection devices can comprise N levels.
And S12, respectively determining the residual service flow of the target service flow after flowing through each level of network safety protection equipment according to the target service flow and the attack flow intercepted by each level of network safety protection equipment from the target service flow.
In specific implementation, the size of the remaining service flow after the target service flow flows through each level of network security protection equipment is determined by the following method:
the network safety protection equipment at each level can determine the residual service flow of the target service flow after flowing through the network safety protection equipment by subtracting the attack flow intercepted by the network safety protection equipment from the currently received service flow flowing through the network safety protection equipment. Assume that initially the target traffic flow is f0The sizes of the attack flows intercepted by the 1 st-Nth level network safety protection equipment 1-N are respectively delta f1~ΔfNThen, the remaining service flows after the target service flow flows through the level 1 to level N network security protection devices 1 to N are respectively: f. of1=f0-Δf1,f2=f1-Δf2,……,fN=fN-1-ΔfNAnd after intercepting the attack flow in the received service flow, the remaining service flow is the service flow received by the node below.
In a possible implementation manner, the target service traffic protection data may further include throughput of each level of network security protection device, a first time delay from when the target service traffic is obtained to when the target service traffic reaches the first level of network security protection device, a second time delay from when the target service traffic passes through the second level of network security protection device to when the target service traffic passes through the N-1 level of network security protection device, when the corresponding remaining service traffic reaches the next level of network security protection device, and a third time delay from when the remaining service traffic flowing through the N level of network security protection device reaches the target server.
Taking fig. 1 as an example for explanation, the first time delay is a time period from when the security management platform acquires the target service traffic to when the target service traffic reaches the network security protection device 1, a time period from when the target service traffic passes through the network security protection device 1 to when the corresponding remaining service traffic reaches the network security protection device 2 is a second time delay from when the target service traffic reaches the network security protection device 2 from the network security protection device 1, a time period from when the corresponding remaining service traffic passes through the network security protection device 2 to when the corresponding remaining service traffic reaches the network security protection device 3 is a second time delay from when the target service traffic reaches the network security protection device 3 from the network security protection device 2, and a time period from when the corresponding remaining service traffic passes through the network security protection device 3 to when the target service traffic reaches the network security protection device 4 from the network security protection device 3 to when the target service traffic reaches the network security protection device 4, by analogy, the time for the corresponding residual service traffic after passing through the network safety protection device N-1 to reach the network safety protection device N is the second time delay for the target service traffic to reach the network safety protection device N from the network safety protection device N-1, and the time for the residual service traffic after the target service traffic passes through the network safety protection device N to reach the service server (i.e., the target server) is the third time delay for the target service traffic to reach the service server from the network safety protection device N. In a specific implementation process, the security management platform records the time for acquiring the target service traffic, each level of network security protection equipment records the time for the target service traffic to flow through the security management platform, the service server records the time for receiving the remaining service traffic sent by the last level of network security protection equipment (namely, the network security protection equipment), and the security management platform can determine the first time delay, each second time delay and the third time delay only by acquiring the respective recorded time from each level of network security protection equipment and the service server. The throughput of each level of network safety protection equipment is preset, and the safety management platform can be directly obtained from each level of network safety protection equipment.
S13, determining the cross-sectional area of the first cylinder for displaying the target service flow according to the target service flow, and determining the cross-sectional area of the second cylinder for displaying the residual service flow of the target service flow after passing through each level of network safety protection equipment according to the residual service flow of the target service flow after passing through each level of network safety protection equipment.
During specific implementation, the cylinder can be used for displaying the change of the flow rate of the target service flow after the target service flow passes through each level of network safety protection equipment, the size of the service flow rate is represented by the cross sectional area of the cylinder, the time delay of the target service flow reaching the next node through each level of network safety protection equipment is represented by the length of the cylinder, and in the implementation process, the service flow rate can be displayed by adopting other shapes except the shape of the cylinder, such as a cuboid, a pipeline and the like, which is not limited by the embodiment of the application.
Specifically, the safety management platform determines the cross-sectional area of a first cylinder for displaying the target service flow according to the target service flow, and determines the cross-sectional area of a second cylinder for displaying the residual service flow of the target service flow after passing through each level of network safety protection equipment according to the residual service flow of the target service flow after passing through each level of network safety protection equipment.
Specifically, the cross-sectional area of each cylinder can be calculated by the following formula:
Si=lnfi,i=0,1,2,……,N
wherein, when i is 0, S0Represents the cross-sectional area of the first cylinder (i.e., the cross-sectional area of the first cylinder for showing the target traffic flow), f0Indicating the target traffic flow size;
When i is 1 to N, S1~SNRespectively showing the cross sectional areas of the 1 st to N second cylinders (namely, the cross sectional areas of the 1 st to N second cylinders respectively corresponding to the residual service flows after the target service flows pass through the 1 st to N stages of network safety protection equipment), f1~fNRespectively representing the residual service flow after the target service flow flows through the 1 st to N-level network safety protection equipment.
In the implementation process, other formulas representing the corresponding relationship between the cross section area of the cylinder and the size of the service flow rate may also be preset, or a formula representing the corresponding relationship between the radius of the cross section area of the cylinder and the size of the service flow rate may also be set, and after the radius of the cross section area of the cylinder is calculated through the size of the service flow rate, the cross section area of the cylinder is calculated through the radius.
In specific implementation, the length of the first cylinder may be used to represent a first time delay, the length of the first second cylinder to the length of the N-1 th second cylinder may be used to represent respective corresponding second time delays, and the length of the nth second cylinder may be used to represent a third time delay. Namely: the length of the first cylinder is used for representing a first time delay from the acquisition of the target service flow to the arrival of the target service flow at the first-level network security protection device, the length of the first second cylinder is used for representing a second time delay from the arrival of the target service flow at the second-level network security protection device after passing through the first-level network security protection device, the length of the second cylinder is used for representing a second time delay from the arrival of the target service flow at the third-level network security protection device after passing through the second-level network security protection device, and so on, the length of the N-1 second cylinder is used for representing a second time delay from the arrival of the target service flow at the nth-level network security protection device after passing through the nth-level network security protection device, and the length of the nth second cylinder is used for representing a third time delay from the arrival of the target service flow at the target server (i.e., the service server in fig. 1) after passing through the nth-level network security protection device.
Specifically, the length of the first cylinder may be determined according to the first time delay, the length of the corresponding second cylinder may be determined according to each second time delay, and the length of the corresponding second cylinder may be determined according to the third time delay.
Specifically, the length of each cylinder can be calculated according to the following formula:
Figure BDA0003371464270000121
wherein, when i is 0, l0Denotes the length of the first cylinder, t0Representing a first time delay;
when i is 1 to N-1, l1~lN-1Respectively represent the lengths, t, of the 1 st to N-1 st second cylinders1~tN-1Respectively represent the 1 st to the N-1 st second time delays;
when i ═ N, lNDenotes the length of the Nth second cylinder, tNRepresenting the nth third delay.
It should be noted that, in the implementation process, the length of each cylinder may also be calculated by presetting other expression formulas for the time delay and the length of the cylinder, which is not limited in this application.
S14, connecting the first cylinder, the preset display shapes corresponding to the network safety protection devices at all levels and the second cylinders according to a preset sequence, and then displaying.
During specific implementation, the preset display shape corresponding to the network safety protection equipment can be set to be funnel-shaped, the protection effect of the network safety protection equipment can be highlighted, the cross-sectional area of the end part of the funnel corresponding to each level of the network safety protection equipment is determined according to the throughput of each level of the network safety protection equipment, and the leak end part refers to one end of the opening of the funnel in the embodiment of the application.
Specifically, the cross-sectional area of the end of the funnel corresponding to each level of the network safety protection device can be calculated by, but is not limited to, the following formula:
S′j=lnpj,j=1,2,……,N
wherein, S'jShowing means for presenting a j-th level of network security protection equipmentThe cross-sectional area of the end of the funnel;
pjrepresenting the throughput of the jth level network security protection device.
When the network safety protection equipment is specifically implemented, the safety management platform connects the first cylinder, the funnel corresponding to each level of network safety protection equipment and each second cylinder according to the sequence corresponding to each level of network safety protection equipment and then displays the connected cylinders.
Specifically, the connection sequence is as follows: the first cylinder for displaying the target service flow is connected with the funnel for displaying the first-stage network safety protection equipment, the second cylinder for displaying the residual service flow of the target service flow after passing through the first-stage network safety protection equipment is connected behind the funnel for displaying the first-stage network safety protection equipment, the funnel for displaying the second-stage network safety protection equipment is connected behind the second cylinder for displaying the residual service flow of the target service flow after passing through the first-stage network safety protection equipment, the second cylinder for displaying the residual service flow of the target service flow after passing through the second-stage network safety protection equipment is connected behind the funnel for displaying the second-stage network safety protection equipment, and the third-stage network safety protection equipment is connected behind the second cylinder for displaying the residual service flow of the target service flow after passing through the second-stage network safety protection equipment, and analogizing until the funnel is connected to the funnel for displaying the Nth-level network safety protection equipment, connecting the funnel for displaying the Nth-level network safety protection equipment with the second cylinder for displaying the residual service flow of the target service flow passing through the Nth-level network safety protection equipment, and connecting the second cylinder for displaying the residual service flow of the target service flow passing through the Nth-level network safety protection equipment with the target server (namely, the service server).
As a possible implementation manner, in order to further distinguish the target service traffic from the network security protection device and further distinguish different network security protection devices, the first cylinder and each second cylinder may be displayed in the same first preset color, and the funnel corresponding to each level of network security protection device may be displayed in the second preset color corresponding to each level of network security protection device. In implementation, the first preset display color of the first cylinder for displaying the target service traffic and the first preset display color of the second cylinder for displaying the remaining service traffic after the target service traffic passes through each level of network security equipment can be set by themselves, and different second preset display colors corresponding to different network security protection equipment can be set by itself.
As a possible implementation manner, the cross section of the cylinder representing the attack traffic intercepted by each level of network security protection equipment may be displayed on the cross section of the end of the first cylinder, so that a user may more intuitively see the proportion of the attack traffic intercepted by each level of network security protection equipment in the target service traffic.
In specific implementation, the displaying of the cross section of the third cylinder, which represents the attack traffic intercepted by each level of network security protection equipment, on the cross section of the end of the first cylinder according to the flow shown in fig. 3 may include the following steps:
s21, determining the cross-sectional area of a third cylinder for representing the attack flow intercepted by each level of network safety protection equipment from the target service flow according to the attack flow intercepted by each level of network safety protection equipment from the target service flow.
In specific implementation, the same as the calculation of the cross-sectional areas of the first cylinder and the second cylinder, the security management platform may calculate, by using the following formula, the cross-sectional area of a third cylinder for characterizing attack traffic intercepted by each level of network security protection device from the target traffic:
S″i=lnΔfi,i=1,2,……,N
wherein, S ″)iRepresenting the cross-sectional area of a third cylinder for characterizing attack traffic intercepted by the ith-level network security protection equipment;
Δfiand the size of the attack traffic intercepted by the ith level network security protection equipment is represented.
And S22, displaying the cross section of the third cylinder corresponding to each level of network safety protection equipment on the cross section of the end part of the first cylinder according to the corresponding cross section area.
During specific implementation, the safety management platform displays the cross sections of the third cylinders corresponding to the network safety protection devices of all levels on the cross section of the end part of the first cylinder according to the calculated cross sections corresponding to the third cylinders, wherein the color of the cross section of the third cylinder corresponding to the network safety protection devices of all levels is the same as the second preset color corresponding to the network safety protection devices of all levels.
To illustrate a final flow data display result diagram, as shown in fig. 4, it is an example of a flow data display diagram, and it is assumed that two levels of network security devices are included, a first level of network security device is a firewall, a second level of network security device is an IPS device, a color of a funnel for displaying the firewall is set to light blue, a color of the funnel for displaying the IPS device is dark blue, a display color for displaying a target service flow is green, it can be seen from fig. 4 that a first cylinder 30 for displaying the target service flow is connected to a firewall 31 of the first level of network security device 31, a second cylinder 32 for displaying a remaining service flow after the target service flow passes through the firewall 31 is connected behind the firewall 31, and a second level of network security device 33 is connected to the second cylinder 32: the IPS device 33, a second cylinder 34 for displaying the remaining service traffic after the target service traffic flows through the IPS device 33 is connected behind the IPS device 33, and the second cylinder 34 is connected with the service server 35. The first cylinder 30, the second cylinder 32 and the second cylinder 34 are displayed in green, the funnel of the display firewall 31 is displayed in light blue, the funnel of the display IPS device 33 is displayed in dark blue, and the color of the service server can be set by itself. A cross section of a third cylinder representing the attack traffic intercepted by the firewall 31 and a cross section of the third cylinder representing the attack traffic intercepted by the IPS device are shown on a cross section of an end portion (i.e., a left side in the figure) of the first cylinder 30, a color of the cross section of the third cylinder representing the attack traffic intercepted by the firewall 31 is the same as a display color of a funnel showing the firewall 31, that is, light blue, and a color of the cross section of the third cylinder representing the attack traffic intercepted by the IPS device 33 is the same as a display color of the funnel showing the IPS device 33, that is, dark blue, as shown in fig. 5. The length of the first cylinder 30 is calculated according to the time delay from the acquisition of the target service flow to the arrival of the target service flow at the firewall 31, the length of the second cylinder 32 is calculated according to the time delay from the acquisition of the target service flow to the arrival of the target service flow at the IPS device 33 from the firewall 31, and the length of the second cylinder 34 is calculated according to the time delay from the arrival of the target service flow at the service server 35 from the IPS device 33. The cross-sectional area of the open end of the funnel showing the firewall 31 (i.e., the left end in the figure) is calculated from the throughput of the firewall 31, and the cross-sectional area of the open end of the funnel showing the IPS device 33 is calculated from the throughput of the IPS device 33. From fig. 4, it can be seen that the target traffic flow is changed by the network security protection devices at different levels, after passing through the firewall 31 and the IPS device 33, the target traffic flow is gradually decreased, and from the cross section of the end of the first cylinder 30, the proportion of the attack traffic intercepted by the firewall 31 and the IPS device 33 from the target traffic flow to the target traffic flow can be seen visually.
In the embodiment of the application, due to the fact that the throughput of each level of network safety protection equipment has certain difference, the network safety protection equipment has certain difference on the time delay influence of service flow in network transmission, the difference of the throughput of each level of network safety protection equipment can be visually seen by a user by displaying the difference of the cross sectional areas of the end parts of the funnels of each level of network safety protection equipment, the time delay of the target service flow flowing through each level of network safety equipment to the next node can be visually seen by the user through the difference of the lengths of the cylinders, the protection effect of each level of network safety protection equipment can be directly seen by the user through the change of the cross sectional area of each cylinder, and the difference between each level of network safety protection equipment can be seen by the user.
Based on the same inventive concept, embodiments of the present application further provide a flow data display apparatus, and because the principle of the flow data display apparatus for solving the problem is similar to the flow data display method, the implementation of the apparatus can refer to the implementation of the method, and repeated details are not repeated.
As shown in fig. 6, which is a schematic structural diagram of a flow data display device provided in the embodiment of the present application, the flow data display device may include:
an obtaining unit 41, configured to obtain target service traffic protection data, where the target service traffic protection data includes: the size of target service flow and the size of attack flow intercepted by each level of network safety protection equipment from the target service flow;
a first determining unit 42, configured to respectively determine, according to the size of the target service traffic and the size of attack traffic intercepted by each level of network security protection device from the target service traffic, the size of remaining service traffic after the target service traffic flows through each level of network security protection device;
a second determining unit 43, configured to determine, according to the size of the target service traffic, a cross-sectional area of a first cylinder for displaying the target service traffic, and determine, according to sizes of remaining service traffic after the target service traffic passes through the network security devices at each level, a cross-sectional area of a second cylinder for displaying remaining service traffic after the target service traffic passes through the network security devices at each level, respectively;
and the display unit 44 is configured to connect the first cylinder, the preset display shapes corresponding to the various levels of network safety protection devices, and the second cylinders according to a preset sequence and then display the preset display shapes.
In a possible embodiment, the preset display shape is a funnel shape; the network safety protection equipment comprises N levels; the target traffic flow protection data further comprises: the throughput of each level of network safety protection equipment, a first time delay from the acquisition of the target service flow to the arrival of the target service flow at the first level of network safety protection equipment, a second time delay from the arrival of the target service flow at the next level of network safety protection equipment after the target service flow passes through the first level of network safety protection equipment to the N-1 level of network safety protection equipment, and a third time delay from the arrival of the residual service flow flowing through the N level of network safety protection equipment at the target server.
In a possible embodiment, the display unit 44 is specifically configured to determine the cross-sectional area of the end of the funnel corresponding to each stage of the network safety protection device by:
and determining the cross sectional area of the end part of the funnel corresponding to each level of network safety protection equipment according to the throughput of each level of network safety protection equipment.
In a possible implementation, the length of the first cylinder is used to characterize the first time delay, the length of the first one of the second cylinders to the length of the N-1 th one of the second cylinders are used to characterize the corresponding second time delay, and the length of the nth one of the second cylinders is used to characterize the third time delay; and
the display unit 44 is specifically configured to calculate the length of each cylinder by the following formula:
Figure BDA0003371464270000171
wherein, when i is 0, l0Represents the length of the first cylinder, t0Representing the first time delay;
when i is 1 to N-1, l1~lN-1Respectively represent the lengths, t, of the 1 st to N-1 st second cylinders1~tN-1Respectively represent the 1 st to the N-1 st second time delay;
when i ═ N, lNRepresents the length, t, of the Nth of said second cylinderNRepresenting the nth said third time delay.
In a possible embodiment, the second determining unit 43 is specifically configured to calculate the cross-sectional area of each cylinder by the following formula:
Si=lnfi,i=0,1,2,……,N
wherein, when i is 0, S0Representing the cross-sectional area of the first cylinder, f0Representing the target traffic flow size;
when i is 1 to N, S1~SNRespectively represent the cross-sectional areas of 1 st to N second cylinders, f1~fNRespectively representing the residual service flow after the target service flow flows through the 1 st to N-stage network safety protection equipment.
In a possible embodiment, the display unit 44 is specifically configured to calculate the cross-sectional area of the end of the funnel corresponding to each stage of the network safety protection device by using the following formula:
S′j=lnpj,j=1,2,……,N
wherein, S'jShowing the cross sectional area of the end part of a funnel for displaying the j-th level network safety protection equipment;
pjrepresenting the throughput of the jth level network security protection device.
In a possible embodiment, the first cylinder and the second cylinder are displayed in the same first preset color; and the funnels corresponding to the network safety protection devices at all levels are displayed by adopting second preset colors corresponding to the network safety protection devices at all levels respectively.
In a possible implementation manner, the second determining unit 43 is further configured to determine, according to the size of the attack traffic intercepted by each level of network security protection device from the target traffic, a cross-sectional area of a third cylinder used for characterizing the attack traffic intercepted by each level of network security protection device from the target traffic;
the display unit 44 is further configured to display the cross section of the third cylinder corresponding to each level of network security equipment on the cross section of the end of the first cylinder according to the corresponding cross sectional area, where the color of the cross section of the third cylinder corresponding to each level of network security equipment is the same as the second preset color corresponding to each level of network security equipment.
Based on the same technical concept, an embodiment of the present application further provides an electronic device 500, and referring to fig. 7, the electronic device 500 is configured to implement the traffic data display method described in the foregoing method embodiment, where the electronic device 500 of this embodiment may include: a memory 501, a processor 502, and a computer program, such as a traffic data presentation program, stored in the memory and executable on the processor. The processor, when executing the computer program, implements the steps in the above-described embodiments of the traffic data presentation method, such as step S11 shown in fig. 2. Alternatively, the processor, when executing the computer program, implements the functions of the modules/units in the above-described device embodiments, for example, 41.
The embodiment of the present application does not limit the specific connection medium between the memory 501 and the processor 502. In the embodiment of the present application, the memory 501 and the processor 502 are connected by the bus 503 in fig. 5, the bus 503 is represented by a thick line in fig. 5, and the connection manner between other components is merely illustrative and is not limited thereto. The bus 503 may be divided into an address bus, a data bus, a control bus, etc. For ease of illustration, only one thick line is shown in FIG. 5, but this is not intended to represent only one bus or type of bus.
The memory 501 may be a volatile memory (volatile memory), such as a random-access memory (RAM); the memory 501 may also be a non-volatile memory (non-volatile memory) such as, but not limited to, a read-only memory (rom), a flash memory (flash memory), a Hard Disk Drive (HDD) or a solid-state drive (SSD), or any other medium which can be used to carry or store desired program code in the form of instructions or data structures and which can be accessed by a computer. The memory 501 may be a combination of the above memories.
The processor 502 is configured to implement a traffic data display method shown in fig. 2, and includes:
the processor 502 is configured to call the computer program stored in the memory 501 to execute steps S11 to S14 shown in fig. 2.
The embodiment of the present application further provides a computer-readable storage medium, which stores computer-executable instructions required to be executed by the processor, and includes a program required to be executed by the processor.
In some possible embodiments, the various aspects of the traffic data presentation method provided in this application may also be implemented in the form of a program product, which includes program code for causing an electronic device to perform the steps in the traffic data presentation method according to various exemplary embodiments of this application described above in this specification when the program product runs on the electronic device, for example, the electronic device may perform steps S11 to S14 shown in fig. 2.
As will be appreciated by one skilled in the art, embodiments of the present application may be provided as a method, apparatus, or computer program product. Accordingly, the present application may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, the present application may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein.
The present application is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (devices), and computer program products according to embodiments of the application. It will be understood that each flow and/or block of the flow diagrams and/or block diagrams, and combinations of flows and/or blocks in the flow diagrams and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
While the preferred embodiments of the present application have been described, additional variations and modifications in those embodiments may occur to those skilled in the art once they learn of the basic inventive concepts. Therefore, it is intended that the appended claims be interpreted as including preferred embodiments and all alterations and modifications as fall within the scope of the application.
It will be apparent to those skilled in the art that various changes and modifications may be made in the present application without departing from the spirit and scope of the application. Thus, if such modifications and variations of the present application fall within the scope of the claims of the present application and their equivalents, the present application is intended to include such modifications and variations as well.

Claims (10)

1. A method for displaying flow data is characterized by comprising the following steps:
obtaining target service traffic protection data, wherein the target service traffic protection data comprises: the size of target service flow and the size of attack flow intercepted by each level of network safety protection equipment from the target service flow;
respectively determining the residual service flow of the target service flow after flowing through the network safety protection devices at all levels according to the target service flow and the attack flow intercepted by the network safety protection devices at all levels from the target service flow;
determining the cross-sectional area of a first cylinder for displaying the target service flow according to the target service flow, and determining the cross-sectional area of a second cylinder for displaying the residual service flow of the target service flow after passing through each level of network safety protection equipment according to the residual service flow of the target service flow after passing through each level of network safety protection equipment;
and connecting the first cylinder, the preset display shapes corresponding to the network safety protection devices at all levels and the second cylinders according to a preset sequence, and then displaying.
2. The method of claim 1, wherein the predetermined display shape is a funnel shape; the network safety protection equipment comprises N levels; the target traffic flow protection data further comprises: the throughput of each level of network safety protection equipment, a first time delay from the acquisition of the target service flow to the arrival of the target service flow at the first level of network safety protection equipment, a second time delay from the arrival of the target service flow at the next level of network safety protection equipment after the target service flow passes through the first level of network safety protection equipment to the N-1 level of network safety protection equipment, and a third time delay from the arrival of the residual service flow flowing through the N level of network safety protection equipment at the target server; and
the first cylinder and the second cylinder are displayed by adopting the same first preset color; and the funnels corresponding to the network safety protection devices at all levels are displayed by adopting second preset colors corresponding to the network safety protection devices at all levels respectively.
3. The method of claim 2, wherein the cross-sectional area of the end of the funnel corresponding to each stage of the network security device is determined by:
and determining the cross sectional area of the end part of the funnel corresponding to each level of network safety protection equipment according to the throughput of each level of network safety protection equipment.
4. The method of claim 2, wherein the length of the first cylinder is used for characterizing the first time delay, the length of a first one of the second cylinders to the length of an N-1 th one of the second cylinders are respectively used for characterizing the corresponding second time delay, and the length of an nth one of the second cylinders is used for characterizing the third time delay; and
the length of each cylinder is calculated by the following formula:
Figure FDA0003371464260000021
wherein, when i is 0, l0Represents the length of the first cylinder, t0Representing the first time delay;
when i is 1 to N-1, l1~lN-1Respectively represent the lengths, t, of the 1 st to N-1 st second cylinders1~tN-1Respectively represent the 1 st to the N-1 st second time delay;
when i ═ N, lNRepresents the length, t, of the Nth of said second cylinderNRepresenting the nth said third time delay.
5. The method of claim 4, wherein the cross-sectional area of each cylinder is calculated by the following formula:
Si=lnfi,i=0,1,2,……,N
wherein, when i is 0, S0Representing the cross-sectional area of the first cylinder, f0Representing the target traffic flow size;
when i is 1 to N, S1~SNRespectively represent the cross-sectional areas of 1 st to N second cylinders, f1~fNRespectively representing the residual service flow after the target service flow flows through the 1 st to N-stage network safety protection equipment.
6. The method of claim 3, wherein the cross-sectional area of the end of the funnel corresponding to each stage of the network security device is calculated by the following formula:
S′j=lnpj,j=1,2,……,N
wherein, S'jShowing the cross sectional area of the end part of a funnel for displaying the j-th level network safety protection equipment;
pjrepresenting the throughput of the jth level network security protection device.
7. The method of claim 2, further comprising:
determining the cross-sectional area of a third cylinder for representing the attack flow intercepted by each level of network safety protection equipment from the target service flow according to the attack flow intercepted by each level of network safety protection equipment from the target service flow;
and displaying the cross section of the third cylinder corresponding to each level of network safety protection equipment on the cross section of the end part of the first cylinder according to the corresponding cross section area, wherein the color of the cross section of the third cylinder corresponding to each level of network safety protection equipment is the same as the corresponding second preset color of each level of network safety protection equipment.
8. A flow data presentation device, comprising:
an obtaining unit, configured to obtain target service traffic protection data, where the target service traffic protection data includes: the size of target service flow and the size of attack flow intercepted by each level of network safety protection equipment from the target service flow;
a first determining unit, configured to respectively determine, according to the target service traffic and the attack traffic intercepted by each level of network security protection device from the target service traffic, the size of remaining service traffic after the target service traffic flows through each level of network security protection device;
a second determining unit, configured to determine, according to the size of the target service traffic, a cross-sectional area of a first cylinder used for displaying the target service traffic, and determine, according to the size of remaining service traffic after the target service traffic passes through each level of network security protection equipment, a cross-sectional area of a second cylinder used for displaying the remaining service traffic after the target service traffic passes through each level of network security protection equipment;
and the display unit is used for displaying the first cylinder, the preset display shapes corresponding to the network safety protection devices at all levels and the second cylinders after being connected according to a preset sequence.
9. An electronic device comprising a memory, a processor and a computer program stored on the memory and executable on the processor, wherein the processor implements the method of presenting traffic data according to any one of claims 1 to 7 when executing the program.
10. A computer-readable storage medium, on which a computer program is stored, which, when being executed by a processor, carries out the steps of the method for presenting traffic data according to any one of claims 1 to 7.
CN202111400857.9A 2021-11-24 2021-11-24 Flow data display method and device, electronic equipment and storage medium Active CN114124744B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202111400857.9A CN114124744B (en) 2021-11-24 2021-11-24 Flow data display method and device, electronic equipment and storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202111400857.9A CN114124744B (en) 2021-11-24 2021-11-24 Flow data display method and device, electronic equipment and storage medium

Publications (2)

Publication Number Publication Date
CN114124744A true CN114124744A (en) 2022-03-01
CN114124744B CN114124744B (en) 2023-06-02

Family

ID=80440764

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202111400857.9A Active CN114124744B (en) 2021-11-24 2021-11-24 Flow data display method and device, electronic equipment and storage medium

Country Status (1)

Country Link
CN (1) CN114124744B (en)

Citations (15)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20080262990A1 (en) * 2000-09-25 2008-10-23 Harsh Kapoor Systems and methods for processing data flows
CN105939234A (en) * 2016-06-15 2016-09-14 乐视控股(北京)有限公司 Data monitoring method and device
CN106453434A (en) * 2016-12-20 2017-02-22 北京启明星辰信息安全技术有限公司 Monitoring method and monitoring system for network traffic
CN107196910A (en) * 2017-04-18 2017-09-22 国网山东省电力公司电力科学研究院 Threat early warning monitoring system, method and the deployment framework analyzed based on big data
US20180020016A1 (en) * 2016-07-15 2018-01-18 Alibaba Group Holding Limited Processing network traffic to defend against attacks
CN107800709A (en) * 2017-11-06 2018-03-13 杭州迪普科技股份有限公司 A kind of method and device for generating network attack detection strategy
CN108833397A (en) * 2018-06-08 2018-11-16 武汉思普崚技术有限公司 A kind of big data safety analysis plateform system based on network security
WO2019062193A1 (en) * 2017-09-29 2019-04-04 北京金山安全软件有限公司 Information display method and device
US20190173901A1 (en) * 2016-10-31 2019-06-06 Tencent Technology (Shenzhen) Company Limited Traffic attack protection method and system, controller, router, and storage medium
CN110113435A (en) * 2019-05-27 2019-08-09 北京神州绿盟信息安全科技股份有限公司 A kind of method and apparatus of flow cleaning
CN110445770A (en) * 2019-07-18 2019-11-12 平安科技(深圳)有限公司 Attack Source positioning and means of defence, electronic equipment and computer storage medium
US10880329B1 (en) * 2019-08-26 2020-12-29 Nanning Fugui Precision Industrial Co., Ltd. Method for preventing distributed denial of service attack and related equipment
CN112242933A (en) * 2019-07-16 2021-01-19 贵州白山云科技股份有限公司 TCPCOPY test method, device, medium and equipment
CN112751712A (en) * 2020-12-30 2021-05-04 绿盟科技集团股份有限公司 Network-based traffic visualization method, device and equipment
CN113364722A (en) * 2020-03-04 2021-09-07 阿里巴巴集团控股有限公司 Network security protection method and device

Patent Citations (16)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20080262990A1 (en) * 2000-09-25 2008-10-23 Harsh Kapoor Systems and methods for processing data flows
CN105939234A (en) * 2016-06-15 2016-09-14 乐视控股(北京)有限公司 Data monitoring method and device
US20180020016A1 (en) * 2016-07-15 2018-01-18 Alibaba Group Holding Limited Processing network traffic to defend against attacks
US20190173901A1 (en) * 2016-10-31 2019-06-06 Tencent Technology (Shenzhen) Company Limited Traffic attack protection method and system, controller, router, and storage medium
CN106453434A (en) * 2016-12-20 2017-02-22 北京启明星辰信息安全技术有限公司 Monitoring method and monitoring system for network traffic
CN107196910A (en) * 2017-04-18 2017-09-22 国网山东省电力公司电力科学研究院 Threat early warning monitoring system, method and the deployment framework analyzed based on big data
WO2019062193A1 (en) * 2017-09-29 2019-04-04 北京金山安全软件有限公司 Information display method and device
CN107800709A (en) * 2017-11-06 2018-03-13 杭州迪普科技股份有限公司 A kind of method and device for generating network attack detection strategy
CN108833397A (en) * 2018-06-08 2018-11-16 武汉思普崚技术有限公司 A kind of big data safety analysis plateform system based on network security
CN110113435A (en) * 2019-05-27 2019-08-09 北京神州绿盟信息安全科技股份有限公司 A kind of method and apparatus of flow cleaning
CN112242933A (en) * 2019-07-16 2021-01-19 贵州白山云科技股份有限公司 TCPCOPY test method, device, medium and equipment
CN110445770A (en) * 2019-07-18 2019-11-12 平安科技(深圳)有限公司 Attack Source positioning and means of defence, electronic equipment and computer storage medium
US10880329B1 (en) * 2019-08-26 2020-12-29 Nanning Fugui Precision Industrial Co., Ltd. Method for preventing distributed denial of service attack and related equipment
US20210067546A1 (en) * 2019-08-26 2021-03-04 Nanning Fugui Precision Industrial Co., Ltd. Method for preventing distributed denial of service attack and related equipment
CN113364722A (en) * 2020-03-04 2021-09-07 阿里巴巴集团控股有限公司 Network security protection method and device
CN112751712A (en) * 2020-12-30 2021-05-04 绿盟科技集团股份有限公司 Network-based traffic visualization method, device and equipment

Also Published As

Publication number Publication date
CN114124744B (en) 2023-06-02

Similar Documents

Publication Publication Date Title
CN108234524B (en) Method, device, equipment and storage medium for network data anomaly detection
US20180309770A1 (en) An anomaly detection method for the virtual machines in a cloud system
CN103828298B (en) For the system and method for network Asset operation relevance score
CN109450956B (en) Network security evaluation method, system, medium, and computer system
CN105721188A (en) Firewall strategy check method and system
JP7333814B2 (en) Automated assessment of information security risks
WO2017101301A1 (en) Data information processing method and device
CN109286511A (en) The method and device of data processing
US20170109654A1 (en) Identifying intervals of unusual activity in information technology systems
CN110147926A (en) A kind of risk class calculation method, storage medium and the terminal device of type of service
CN110647447A (en) Abnormal instance detection method, apparatus, device and medium for distributed system
Li et al. MBm-based scalings of traffic propagated in internet
CN111582771A (en) Risk assessment method, device, equipment and computer readable storage medium
CN114363212B (en) Equipment detection method, device, equipment and storage medium
Chydzinski et al. Burst ratio in the finite-buffer queue with batch Poisson arrivals
CN114124744A (en) Flow data display method and device, electronic equipment and storage medium
CN110300008A (en) A kind of method and device of the state of the determining network equipment
CN107741910A (en) Application program installation capability method of testing, device, computing device and storage medium
Feuillet et al. A scaling analysis of a transient stochastic network
CN108536812A (en) Sweep-out method, device, equipment and the computer-readable medium of invalid data resource
CN107193839A (en) Data aggregation method and device
Ostroukh et al. Computer scenarios of business games for personnel training at industrial enterprises
CN109257454A (en) A kind of contract address resolution method, device, equipment and medium based on block chain
US10055522B2 (en) Automated checker generation
WO2018215062A1 (en) System and method for stream processing

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant