CN107483267B - EIGRP route fault identification method - Google Patents

EIGRP route fault identification method Download PDF

Info

Publication number
CN107483267B
CN107483267B CN201710844637.2A CN201710844637A CN107483267B CN 107483267 B CN107483267 B CN 107483267B CN 201710844637 A CN201710844637 A CN 201710844637A CN 107483267 B CN107483267 B CN 107483267B
Authority
CN
China
Prior art keywords
fault
eigrp
model
sample
routing
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201710844637.2A
Other languages
Chinese (zh)
Other versions
CN107483267A (en
Inventor
钱叶魁
叶立新
王丙坤
李宇翀
钱叶刚
杜江
杨瑞朋
夏军波
刘桂奇
黄浩
雒朝峰
郭煜
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Chinese People's Liberation Army Air Defense Command College
CETC 54 Research Institute
Original Assignee
Chinese People's Liberation Army Air Defense Command College
CETC 54 Research Institute
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Chinese People's Liberation Army Air Defense Command College, CETC 54 Research Institute filed Critical Chinese People's Liberation Army Air Defense Command College
Priority to CN201710844637.2A priority Critical patent/CN107483267B/en
Publication of CN107483267A publication Critical patent/CN107483267A/en
Application granted granted Critical
Publication of CN107483267B publication Critical patent/CN107483267B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L45/00Routing or path finding of packets in data switching networks
    • H04L45/28Routing or path finding of packets in data switching networks using route fault recovery
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/14Network analysis or design
    • H04L41/145Network analysis or design involving simulating, designing, planning or modelling of a network
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/06Management of faults, events, alarms or notifications
    • H04L41/0631Management of faults, events, alarms or notifications using root cause analysis; using analysis of correlation between notifications, alarms or events based on decision criteria, e.g. hierarchy, tree or time analysis
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/06Management of faults, events, alarms or notifications
    • H04L41/0677Localisation of faults

Abstract

The invention discloses an EIGRP route fault identification method. The method includes the steps that a monitoring node is merged into a monitored routing system through a hub, EIGRP data messages entering and exiting a core router in the monitored routing system are captured through a packet capturing program, useful fields are extracted from the captured EIGRP data messages to serve as data sample characteristics, specific sample characteristic values are determined, a training sample set is established, a fault type identification model is established through the training sample set, an FDDT model and an FDRF model are mainly used, and unknown EIGRP routing fault samples are identified through the fault type identification models. The method has self-learning capability, and is high in EIGRP routing fault identification and classification accuracy and strong in robustness.

Description

EIGRP route fault identification method
Technical Field
The invention relates to the field of computer network communication, in particular to an EIGRP route fault identification method.
Background
In computer network communication, a router is a key device for connecting a computer to realize data message routing, and the quality of computer network communication is directly influenced when the router generates a fault.
A routing failure refers to a condition where the routing protocol is running out of normal. The Routing fault identification is divided into intra-domain Routing identification and inter-domain Routing identification, an EIGRP (Enhanced inter-Gateway Routing Protocol) Routing Protocol is an intra-domain Routing Protocol, is easy to deploy and good in robustness, is often applied to the fields with high reliability and high safety, and can cause serious consequences if the EIGRP Routing fails in the operation process.
In the prior art, a method for effectively diagnosing an EIGRP routing fault is lacked, and therefore, an identification method capable of diagnosing the EIGRP routing fault and obtaining good performance is required to be provided.
Disclosure of Invention
The invention mainly solves the technical problem of providing an EIGRP route fault identification method, and solves the problems of low intelligent level, low robustness and the like of EIGRP route fault identification in the prior art.
In order to solve the technical problems, the invention adopts a technical scheme that: the EIGRP routing fault identification method is provided, a monitoring node is merged into a monitored routing system through a hub, and the monitoring node captures EIGRP data messages of an access core router in the monitored routing system through a packet capturing program; extracting useful fields from the captured EIGRP data message to serve as data sample characteristics, determining specific sample characteristic values, and establishing a training sample set T; and establishing a fault type identification model by using the training sample set, and identifying unknown EIGRP routing fault samples by using the fault type identification model.
In another embodiment of the EIGRP routing failure identification method of the present invention, the data sample characteristics include data packet length, source router, target router, packet type, target router, unicast identifier, additional routing identifier, restart identifier, initialization end, router number, AS domain number, bandwidth, load, delay, reliability, packet loss rate, extended attribute, automatic aggregation, manual aggregation, loopback interface, internal routing number, subnet mask bit number, external routing number, sample type, distribution list, routing entry of IP address and/or IP address continuity of router port.
In another embodiment of the EIGRP routing fault identification method of the present invention, the fault category identification model established by using the sample set T is an FDDT model, and the establishing process includes:
inputting a sample set (T, A), wherein A is a characteristic value set, and if the fault types in the training sample set T are the same type of fault F, generating F type leaf nodes corresponding to the fault F; if the feature value set A is not an empty set or the feature values of the samples in the training sample set T in the feature value set A are the same, generating M types of leaf nodes corresponding to the types with the largest number of samples in the training sample set T; if the eigenvalues of the samples in the training sample set T in the eigenvalue set A are different, calculating the information gain of different attributes in the eigenvalue set A to obtain a sample subset Ta with optimal attributes, if Ta is an empty set, generating Y-type leaf nodes, otherwise, if Ta is not an empty set, circularly and recursively inputting the sample set (Ta, A).
In another embodiment of the EIGRP routing failure identification method of the present invention, the information gain calculation method is:
Figure BDA0001411522220000021
wherein the characteristic value a has V selectable values { a1,a2,…,aVDividing the training set D by using the eigenvalue a to generate V branch nodes, wherein the V-th branch node contains all values a of the eigenvalue a in the training set DvSample of (2), denoted as DvEnt (D) represents information entropy, calculation formulaComprises the following steps:
Figure BDA0001411522220000022
pkis the proportion of the kth sample in the training set D, and y represents the number of sample classes.
In another embodiment of the EIGRP routing fault identification method of the present invention, the fault category identification model established by using the sample set T is an FDRF model, and the establishing process includes:
inputting a sample set (T, A), wherein A is a characteristic value set, n training sets are obtained through a Bagging method, n base decision tree models corresponding to the n training sets are established, and each training set is all training data of each base decision tree model; at each node of each base decision tree model, a subset of m eigenvalues is randomly selected from the eigenvalue set a of the node, and then an optimal eigenvalue partition is selected from the m eigenvalues.
In another embodiment of the EIGRP route fault identification method of the present invention, the optimal eigenvalue division method is:
Figure BDA0001411522220000031
wherein the characteristic value a has V selectable values { a1,a2,…,aVDividing the training set D by using the eigenvalue a to generate V branch nodes, wherein the V-th branch node contains all values a of the eigenvalue a in the training set DvSample of (2), denoted as Dv
In another embodiment of the EIGRP routing fault identification method of the present invention, the method for identifying an unknown EIGRP routing fault sample using the FDRF model is as follows: inputting unknown EIGRP routing fault samples into the FDRF model, judging the class of the EIGRP routing fault samples by each base decision tree model in the FDRF model, collecting the classification results of all the base decision tree models, and obtaining the final classification result by using a voting formula.
In another embodiment of the EIGRP routing failure identification method of the present invention, the voting formula is:
Figure BDA0001411522220000032
wherein, cpExpressing the voting results, p expressing the proportion of each category, ntreeIs a function of the number of base decision tree models in the FDRF model
Figure BDA0001411522220000033
Is a function of the nature of the exponential function,
Figure BDA0001411522220000034
the classification result of the decision tree h on the class c is referred to.
In another embodiment of the EIGRP routing fault identification method of the present invention, a simulation experiment is constructed to analyze the EIGRP routing fault identification method based on the FDDT model, including: firstly, an experimental platform is built by using GNS3 network simulation software to complete the initialization configuration of each router in the EIGRP routing system; then, various parameters in the router are set manually, faults and abnormity in the EIGRP routing system are reproduced, and when the faults occur, real-time routing data messages of the core router are collected by using Wireshark; after relevant data of EIGRP faults are collected, formatting processing is carried out on the data, corresponding sample characteristics are extracted from the routing data messages according to fault types, specific sample characteristic values are determined, the samples have eight types including normal types and fault types, the fault types include subnet mask mismatching, K value mismatching, AS number mismatching, distribution list configuration errors, excessive summary in a discontinuous network, ROUTER-ID conflicts and manual summary errors; carrying out FDDT classification experiments by adopting different random seed values; the robustness of the EIGRP routing fault identification method based on the FDDT model is verified by changing the pre-selected characteristic number M of the tree nodes.
In another embodiment of the EIGRP routing fault identification method of the present invention, a simulation experiment is constructed to analyze the EIGRP routing fault identification method based on the FDRF model, including: firstly, an experimental platform is built by using GNS3 network simulation software to complete the initialization configuration of each router in the EIGRP routing system; then, various parameters in the router are set manually, faults and abnormity in the EIGRP routing system are reproduced, and when the faults occur, real-time routing data messages of the core router are collected by using Wireshark; after relevant data of EIGRP faults are collected, formatting processing is carried out on the data, corresponding sample characteristics are extracted from the routing data messages according to fault types, specific sample characteristic values are determined, the samples have eight types including normal types and fault types, the fault types include subnet mask mismatching, K value mismatching, AS number mismatching, distribution list configuration errors, excessive summary in a discontinuous network, ROUTER-ID conflicts and manual summary errors; carrying out FDRF classification experiments by adopting different random seed values; the robustness of the EIGRP routing fault identification method based on the FDRF model is verified by changing the pre-selected characteristic number M of the tree nodes.
The invention has the beneficial effects that: the EIGRP routing fault identification method comprises the steps of merging a monitoring node into a monitored routing system through a hub, capturing EIGRP data messages entering and exiting a core router in the monitored routing system through a packet capturing program, extracting useful fields from the captured EIGRP data messages to serve as data sample characteristics, determining specific sample characteristic values, establishing a training sample set, establishing a fault type identification model by using the training sample set, mainly comprising an FDDT model and an FDRF model, and identifying unknown EIGRP routing fault samples by using the fault type identification models. The method has self-learning capability, and is high in EIGRP routing fault identification and classification accuracy and strong in robustness.
Drawings
FIG. 1 is a flow chart of one embodiment of an EIGRP route fault identification method in accordance with the present invention;
FIG. 2 is a schematic diagram of a network configuration according to another embodiment of the EIGRP routing failure identification method of the present invention;
FIG. 3 is a flow chart of FDDT modeling according to another embodiment of the EIGRP routing failure identification method of the present invention;
FIG. 4 is a schematic diagram of an FDRF model application according to another embodiment of the EIGRP routing failure identification method of the present invention;
FIG. 5 is an analysis diagram of FDDT model detection accuracy according to another embodiment of the EIGRP routing failure identification method of the present invention;
FIG. 6 is a diagram of FDRF model detection accuracy analysis according to another embodiment of the EIGRP routing failure identification method of the present invention;
FIG. 7 is a diagram of FDDT model classification accuracy analysis according to another embodiment of the EIGRP route fault identification method of the present invention;
FIG. 8 is a diagram of FDRF model classification accuracy analysis according to another embodiment of the EIGRP routing failure identification method of the present invention;
fig. 9 is a diagram of FDRF model classification accuracy analysis according to another embodiment of the EIGRP routing failure identification method of the present invention.
Detailed Description
In order to facilitate an understanding of the invention, the invention is described in more detail below with reference to the accompanying drawings and specific examples. Preferred embodiments of the present invention are shown in the drawings. This invention may, however, be embodied in many different forms and should not be construed as limited to the embodiments set forth herein. Rather, these embodiments are provided so that this disclosure will be thorough and complete.
It is to be noted that, unless defined otherwise, all technical and scientific terms used herein have the same meaning as commonly understood by one of ordinary skill in the art to which this invention belongs. The terminology used in the description of the invention herein is for the purpose of describing particular embodiments only and is not intended to be limiting of the invention. As used herein, the term "and/or" includes any and all combinations of one or more of the associated listed items.
Fig. 1 is a flowchart of an embodiment of an EIGRP route failure identification method according to the present invention. In fig. 1, in step S11, a monitoring node is incorporated into a monitored routing system through a hub, and the monitoring node captures, through a packet capture program, EIGRP data packets entering and exiting a core router in the monitored routing system; in step S12, extracting useful fields from the captured EIGRP data packets as data sample features and determining specific sample feature values to establish a training sample set T; in step S13, a fault class identification model is established using the training sample set, and then an unknown EIGRP route fault sample is identified using the fault type identification model.
Further, it can be seen from step S11 that, in the embodiment of the present invention, the EIGRP data packet is obtained by merging the EIGRP data packet into the monitoring node in the measured routing system, and this way can implement online work, and the normal work of the monitored routing system is not affected in the process of collecting the data packet.
Fig. 2 shows a network connection according to an embodiment of the present invention. As can be seen from fig. 2, in an actual computer interconnection network, a common router 22 is connected to a core router 21, and in order to implement the EIGRP routing failure identification in the embodiment of the present invention, in an existing computer network accessed through a hub 23, it can be seen that the hub 23 is interconnected with the core router 21, and in addition, the hub 23 is interconnected with a monitoring node 24, that is, the monitoring node 24 is accessed into the computer network through the hub 23. Therefore, the monitoring node 24 captures the EIGRP data message entering and exiting the core router 21 in the routing system in the monitored computer network through the packet capturing program. The monitoring nodes are accessed into the computer network through the hub 23, so that the operation of the existing computer network is not influenced, and fault characteristic analysis and fault detection can be performed.
Preferably, in step S12, the data sample characteristics extracted from the EIGRP data packet are as shown in table 1:
TABLE 1 data sample characterization and its implications
Figure BDA0001411522220000071
Specifically, AS shown in Table 1, the sample characteristics include Length of a data packet (Length), Source Router (Source), packet type (Opcode), Destination Router (Destination), Unicast identifier (Unicast), additional route identifier (Init), Restart identifier (Restart), End of initialization (End _ of _ Table), Router number (Router _ ID), AS domain number (AS), bandwidth (K1), load (K2), delay (K3), reliability (K4), packet loss rate (K5), extended attribute (K6), automatic Summary (Auto _ Summary), manual Summary (manual _ Summary), Loopback interface (Loopback), number of Internal routes (Internal _ Route _ Num), number of bits of Subnet mask (Subnet _ mask), number of External routes (External _ Route _ Num), sample Type (Type), distribution list (Distr _ list), Route entry of IP address (Specific _ IP) and/or IP address continuity of router port (Continuous _ IP).
Preferably, in step S13, the fault category identification model established by using the sample set T is an fddt (fault Detection based on Decision tree) model, that is, a fault identification model based on a Decision tree. The specific setup process is shown in fig. 3.
Firstly, inputting a sample set (T, A), wherein T is a training sample set, A is a characteristic value set, and if the fault type in the training sample set T is the same type of fault F, generating a F type leaf node corresponding to the fault F.
Further, if the feature value set a is not an empty set or the feature values of the samples in the training sample set T in the feature value set a are the same, generating M types of leaf nodes corresponding to the class with the largest number of samples in the training sample set T;
further, if the eigenvalues of the samples in the training sample set T in the eigenvalue set a are different, calculating information gains of different attributes in the eigenvalue set a to obtain a sample subset Ta with optimal attributes, if Ta is an empty set, generating Y-class leaf nodes, otherwise, if Ta is not an empty set, circularly recursively inputting the sample set (Ta, a), and repeating the above process.
Preferably, in the FDDT model, an information gain (information gain) is introduced:
Figure BDA0001411522220000081
wherein the characteristic value a has V selectable values { a }1,a2,…,aVDividing the training set D by using the eigenvalue a to generate V branch nodes, wherein the V-th branch node contains all values a of the eigenvalue a in the training set DvSample of (2), denoted as DvEnt (D) represents the entropy, which is the most common index for measuring the purity of a sample set, and is calculated by the formula:
Figure BDA0001411522220000082
pkis the proportion of the kth sample in the set D, y represents the number of sample types, and the smaller the value of Ent (D), the higher the sample purity. In general, the larger the information gain, the higher the node "purity" obtained by dividing using the attribute a. And (3) selecting one feature for tree growth each time by calculating the information gain of the features, and repeating the process until all the features are used up to obtain the complete FDDT model.
Preferably, in step S13, the fault category identification model established by using the sample set T is an fdrf (fault Detection based on Random forest) model, that is, a fault identification model based on a Random forest. The specific setup process is shown in fig. 4.
Firstly, inputting a sample set (T, A), wherein T is a training sample set, A is a characteristic value set, obtaining n training sets by a Bagging method, and establishing n base decision tree models corresponding to the n training sets, wherein each training set is all training data of each base decision tree model;
randomly selecting a subset containing m characteristic values from a characteristic value set A of each node at each node of each base decision tree model, then selecting an optimal characteristic value from the m characteristic values for division, and establishing an FDRF model;
and inputting unknown EIGRP routing fault samples into the FDRF model as a test data set, judging the class of the EIGRP routing fault samples by each base decision tree model in the FDRF model, collecting the classification results of all the base decision tree models, namely the results 1 to the results n in the graph 4, and obtaining the final classification result by using a voting formula.
Preferably, the optimal eigenvalue division method is as follows:
Figure BDA0001411522220000091
wherein the characteristic value a has V selectable values { a1,a2,…,aVDividing the training set D by using the eigenvalue a to generate V branch nodes, wherein the V-th branch node contains all values a of the eigenvalue a in the training set DvSample of (2), denoted as Dv
Preferably, the voting formula is:
Figure BDA0001411522220000092
wherein, cpExpressing the voting results, p expressing the proportion of each category, ntreeIs a function of the number of base decision tree models in the FDRF model
Figure BDA0001411522220000093
Is a function of the nature of the exponential function,
Figure BDA0001411522220000094
the classification result of the decision tree h on the class c is referred to.
In order to objectively evaluate the objective effect of the fault analysis of the EIGRP routing system based on the FDDT model and the FDRF model, a series of simulation experiments are carried out, and the experimental results are deeply analyzed. Simulation experiments are all based on a Windows operating system, firstly, an experiment platform is built by using GNS3 (a network virtual software) network simulation software, and initialization configuration of each router in the EIGRP routing system is completed. Then, various parameters in the router are set artificially, faults and abnormity in the EIGRP routing system are reproduced, and when the faults occur, Wireshark (network packet analysis software) is used for collecting real-time routing data messages of the core router.
After relevant data of EIGRP faults are collected, formatting processing is carried out on the data, corresponding sample characteristics are extracted from the data messages according to specific fault types, and specific sample characteristic values are determined.
A complete sample set is formed after data processing, after a large number of repeated and useless samples are removed, the final sample amount is 1004, eight types are shared in the samples, including one type of normal type and seven types of optimized fault types, the fault types comprise subnet mask mismatching (corresponding to the sample characteristics in the table 1: the number of bits of the subnet mask), K value mismatching (corresponding to the sample characteristics in the table 1: the characteristic values K1 to K6), AS number mismatching (corresponding to the sample characteristics in the table 1: the AS domain number), distribution list configuration errors (corresponding to the sample characteristics in the table 1: the distribution list), excessive summarization in a discontinuous network (corresponding to the sample characteristics in the table 1: automatic summarization), ROUTER-ID conflict (corresponding to the sample characteristics in the table 1: the ROUTER number), and manual summarization errors (corresponding to the sample characteristics in the table 1: manual summarization).
In order to accurately evaluate the above embodiments of the EIGRP routing fault identification method based on the FDDT model and the FDRF model, different Random seed values (Random _ seed) are used for performing classification experiments of FDDT and FDRF.
It can be seen that fig. 5 is an embodiment of the EIGRP route fault identification method based on the FDDT model, the seed values are 1, 2, and 3 … 10, respectively, and according to the data in fig. 5, the average value of all the accuracies is 94.63%, and the upper and lower floating is 0.1248%. Fig. 6 shows an embodiment of an EIGRP route fault identification method based on an FDRF model, where seed values are 1, 2, and 3 … 10, respectively, and an average value of 99.07% and a fluctuation of 0.0946% are obtained according to the data in fig. 6. The classification accuracy of these two method embodiments does not increase linearly as the seed values increase or decrease.
In order to realize accurate identification of faults by the EIGRP route fault identification method embodiment based on the FDDT model and the FDRF model, the robustness of the EIGRP route fault identification method embodiment based on the two models is verified by changing the pre-selected feature number M of the tree nodes in an experiment.
As shown in fig. 7, when the M value is less than 10, the classification accuracy of the FDDT model-based route fault identification method embodiment is greatly reduced; when the value of M is between 10 and 26, the accuracy remains substantially unchanged.
As shown in fig. 8, the classification accuracy of the embodiment of the EIGRP routing fault identification method based on the FDRF model is abruptly reduced with the decrease of the M value when the M value is lower than 17, and the classification accuracy is substantially maintained when the M value is greater than 17, so that the optimal performance can be obtained.
Since the embodiment of the EIGRP routing fault identification method based on the FDRF model is based on ensemble learning, the method needs a proper number of trees, N is the number of the trees in the embodiment, and when the value of N is proper, the model can be ensured to have higher precision. The number of transform trees is 10-1000, and N is [10,20,30,40,50,100,150,200,400,600,800,1000], and fig. 9 shows the classification accuracy variation curve of the embodiment at different N values. It can be seen that the classification accuracy of this embodiment does not change linearly with the value of N, and the accuracy stabilizes at the highest level when the number of trees in the forest is between 20 and 50.
The above experimental results show that, for EIGRP routing fault sample data, the embodiment of the EIGRP routing fault identification method based on the FDDT model and the FDRF model can train a suitable learning model based on a data set, and accurately classify the test samples, and the classification accuracy exceeds and reaches more than 90%, which indicates that it is a preferable implementation way to select the two methods for fault analysis.
Therefore, the EIGRP routing fault identification method embodiment of the invention incorporates the monitoring node into the monitored routing system through the hub, captures the EIGRP data message passing in and out of the core router in the monitored routing system through the packet capturing program, extracts useful fields from the captured EIGRP data message as data sample characteristics and determines specific sample characteristic values, establishes a training sample set, establishes a fault type identification model by using the training sample set, mainly comprises an FDDT model and an FDRF model, and identifies unknown EIGRP routing fault samples by using the fault type identification models. The method has self-learning capability, and is high in EIGRP routing fault identification and classification accuracy and strong in robustness.
The above description is only an embodiment of the present invention, and not intended to limit the scope of the present invention, and all equivalent structural changes made by using the contents of the present specification and the drawings, or applied directly or indirectly to other related technical fields, are included in the scope of the present invention.

Claims (2)

1. An EIGRP route fault identification method is characterized in that,
the monitoring node is merged into the monitored routing system through a hub, the hub is interconnected with a core router and is also interconnected with the monitoring node, the monitoring node is accessed into a computer network through the hub, and the monitoring node captures EIGRP data messages which enter and exit the core router in the monitored routing system through a packet capturing program;
extracting useful fields from the captured EIGRP data message to serve as data sample characteristics, determining specific sample characteristic values, and establishing a training sample set T;
establishing a fault type identification model by using the training sample set T, and identifying unknown EIGRP routing fault samples by using the fault type identification model;
the data sample characteristics comprise data message length, data packet type, unicast identification, additional route identification, restart identification, router number, AS number, bandwidth, load, time delay, reliability, packet loss rate, extended attribute, internal route number, subnet mask bit number, external route number, sample type, route entry of IP address and/or IP address continuity of router port;
when the fault category identification model established by the training sample set T is a decision tree-based fault identification FDDT model, the establishing process comprises the following steps:
inputting a sample set (T, A), wherein A is a characteristic value set, and if the fault types in the training sample set T are the same type of fault F, generating F type leaf nodes corresponding to the fault F;
if the feature value set A is not an empty set or the feature values of the samples in the training sample set T in the feature value set A are the same, generating M types of leaf nodes corresponding to the class with the largest number of samples in the training sample set T;
if the characteristic values of the samples in the training sample set T in the characteristic value set A are different, calculating information gains of different attributes in the characteristic value set A to obtain a sample subset Ta with optimal attributes, if Ta is an empty set, generating Y-type leaf nodes, otherwise, if Ta is not an empty set, circularly and recursively inputting a sample set (Ta, A);
the information gain calculation method comprises the following steps:
Figure FDA0002704754470000021
wherein the characteristic value a has V selectable values { a1,a2,…,aVDividing the training set D by using the eigenvalue a to generate V branch nodes, wherein the V-th branch node contains all values a of the eigenvalue a in the training set DvSample of (2), denoted as DvEnt (D) represents the entropy of the information, and the formula is:
Figure FDA0002704754470000022
pkis the proportion of the kth sample in the training set D, and y represents the number of sample types;
constructing a simulation experiment to analyze the EIGRP route fault identification method based on the FDDT model, which comprises the following steps: firstly, an experimental platform is built by using GNS3 network simulation software to complete the initialization configuration of each router in the EIGRP routing system; then, various parameters in the router are set manually, faults and abnormity in the EIGRP routing system are reproduced, and when the faults occur, real-time routing data messages of the core router are collected by using Wireshark; after relevant data of EIGRP faults are collected, formatting processing is carried out on the data, corresponding sample characteristics are extracted from the routing data messages according to fault types, specific sample characteristic values are determined, the samples have eight types including normal types and fault types, the fault types include subnet mask mismatching, K value mismatching, AS number mismatching, distribution list configuration errors, excessive summary in a discontinuous network, ROUTER-ID conflicts and manual summary errors; carrying out FDDT classification experiments by adopting different random seed values, wherein the seed values are respectively 1, 2 and 3 … 10; verifying the robustness of the EIGRP routing fault identification method based on the FDDT model by changing the pre-selected characteristic number M of the tree nodes, wherein when the value of M is less than 10, the classification precision of the routing fault identification method based on the FDDT model is reduced greatly; when the value of M is between 10 and 26, the accuracy remains substantially unchanged.
2. The EIGRP routing fault identification method of claim 1, wherein when the fault category identification model established using the training sample set T is a fault identification FDRF model based on random forest, the establishing process comprises:
inputting a sample set (T, A), wherein A is a characteristic value set, n training sets are obtained through a Bagging method, n base decision tree models corresponding to the n training sets are established, and each training set is all training data of each base decision tree model;
at each node of each base decision tree model, randomly selecting a subset containing m characteristic values from the characteristic value set A of the node, and then selecting an optimal characteristic value division from the m characteristic values.
CN201710844637.2A 2017-09-19 2017-09-19 EIGRP route fault identification method Active CN107483267B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201710844637.2A CN107483267B (en) 2017-09-19 2017-09-19 EIGRP route fault identification method

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201710844637.2A CN107483267B (en) 2017-09-19 2017-09-19 EIGRP route fault identification method

Publications (2)

Publication Number Publication Date
CN107483267A CN107483267A (en) 2017-12-15
CN107483267B true CN107483267B (en) 2021-01-15

Family

ID=60584070

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201710844637.2A Active CN107483267B (en) 2017-09-19 2017-09-19 EIGRP route fault identification method

Country Status (1)

Country Link
CN (1) CN107483267B (en)

Families Citing this family (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108152059B (en) * 2017-12-20 2021-03-16 西南交通大学 High-speed train bogie fault detection method based on multi-sensor data fusion
CN108494594A (en) * 2018-03-21 2018-09-04 中国人民解放军陆军炮兵防空兵学院郑州校区 A kind of analysis method and system of EIGRP route networks failure
CN108449210B (en) * 2018-03-21 2021-06-08 中国人民解放军陆军炮兵防空兵学院郑州校区 Network routing fault monitoring system
CN109067781B (en) * 2018-09-18 2021-04-16 重庆金美通信有限责任公司 Method for improving EIGRP protocol message information capacity

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102571492A (en) * 2012-01-06 2012-07-11 华为技术有限公司 Method and device for detecting failure of routing equipment
CN104506338A (en) * 2014-11-21 2015-04-08 河南中烟工业有限责任公司 Fault diagnosis expert system based on decision tree for industrial Ethernet network
CN104506340A (en) * 2014-11-21 2015-04-08 河南中烟工业有限责任公司 Creation method of decision tree in industrial Ethernet fault diagnosis method

Family Cites Families (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
AU2016203497B2 (en) * 2015-06-22 2017-05-11 Accenture Global Services Limited Wi-fi access point performance management
CN106657141A (en) * 2017-01-19 2017-05-10 西安电子科技大学 Android malware real-time detection method based on network flow analysis

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102571492A (en) * 2012-01-06 2012-07-11 华为技术有限公司 Method and device for detecting failure of routing equipment
CN104506338A (en) * 2014-11-21 2015-04-08 河南中烟工业有限责任公司 Fault diagnosis expert system based on decision tree for industrial Ethernet network
CN104506340A (en) * 2014-11-21 2015-04-08 河南中烟工业有限责任公司 Creation method of decision tree in industrial Ethernet fault diagnosis method

Also Published As

Publication number Publication date
CN107483267A (en) 2017-12-15

Similar Documents

Publication Publication Date Title
CN107483267B (en) EIGRP route fault identification method
CN103152229B (en) Monitor control index item Dynamic Configuration
US9426284B2 (en) Methods, systems, and computer readable media for call flow analysis using comparison level indicators
US20030151619A1 (en) System for analyzing network load and other characteristics of an executable application
WO2011130957A1 (en) Method and apparatus for online distinguishing transmission control protocol traffic by using data flow head characteristics
CN104915238B (en) A kind of configuration parameter association determination method of Web applications
CN108092854A (en) The test method and device of train grade ethernet device based on IEC61375 agreements
CN110324327B (en) User and server IP address calibration device and method based on specific enterprise domain name data
CN108683564B (en) Network simulation system reliability evaluation method based on multidimensional decision attributes
CN107113191A (en) Inline data bag in data center's structural network is followed the trail of
CN111865627B (en) Transmission networking evaluation method, device, computing equipment and computer storage medium
CN107423217B (en) Black box fuzzy test method and system based on variation tree
CN108494594A (en) A kind of analysis method and system of EIGRP route networks failure
CN110430224A (en) A kind of communication network anomaly detection method based on random block models
CN111711545A (en) Intelligent encrypted flow identification method based on deep packet inspection technology in software defined network
CN104427547A (en) Business and network association test method, device and system
CN111294342A (en) Method and system for detecting DDos attack in software defined network
CN114374626B (en) Router performance detection method under 5G network condition
CN111478921A (en) Method, device and equipment for detecting communication of hidden channel
CN116938683B (en) Network path analysis system and method based on network security anomaly detection
CN114401516A (en) 5G slice network anomaly detection method based on virtual network traffic analysis
CN112235254A (en) Rapid identification method for Tor network bridge in high-speed backbone network
CN111310796A (en) Web user click identification method facing encrypted network flow
CN116599743A (en) 4A abnormal detour detection method and device, electronic equipment and storage medium
CN104253712B (en) A kind of method that P2P Network Recognitions are carried out using deep packet inspection technical

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant