CN108923954A - A kind of network data visual analyzing and display systems - Google Patents
A kind of network data visual analyzing and display systems Download PDFInfo
- Publication number
- CN108923954A CN108923954A CN201810578658.9A CN201810578658A CN108923954A CN 108923954 A CN108923954 A CN 108923954A CN 201810578658 A CN201810578658 A CN 201810578658A CN 108923954 A CN108923954 A CN 108923954A
- Authority
- CN
- China
- Prior art keywords
- data
- address
- communication
- packet
- network
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
- H04L41/22—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks comprising specially adapted graphical user interfaces [GUI]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L43/00—Arrangements for monitoring or testing data switching networks
- H04L43/04—Processing captured monitoring data, e.g. for logfile generation
- H04L43/045—Processing captured monitoring data, e.g. for logfile generation for graphical visualisation of monitoring data
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1425—Traffic logging, e.g. anomaly detection
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
- H04L63/145—Countermeasures against malicious traffic the attack involving the propagation of malware through the network, e.g. viruses, trojans or worms
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
- H04L63/1458—Denial of Service
Abstract
A kind of network data visual analyzing and display systems, including data packet import modul, data statistics module, data list display interface module, data tree display interface module, datagram display interface module.Using the present invention, user can intuitively and clearly watch the communication relations and communication traffic between each IP address point of network, and can be by mouse to the right and left key and suspension procedure of each graphic element in this figure, and association shows corresponding data detail.User is set to combine experience, it is deeper to excavate hiding cyberrelationship and exception.
Description
Technical field
The present invention relates to Internet technical field more particularly to a kind of network data visual analyzings and display systems.
Background technique
Current more and more companies and government come into effect with no paper information system management, the dependence of company and government more
Internet, a large amount of critical data create the increasingly huge and complicated of internet communication data in transmission over networks.It is only logical
It crosses and rationally efficiently each network traffic data is monitored and is analyzed, the normal operation of company and government and personal could be made
Interests arrive best guarantee.For the demand of this business, many companies are also to having gone out targetedly monitoring software.But for industry
Communication data amount of being engaged in is huge, for the big companies and government department of communication relations complex, to clearing for efficient quick
Network communication relationship and Network Abnormal is found, it is still difficult to realize using existing software systems, and be easy to omit and error.
Because existing software is all tabular form for the displaying of data, it is difficult intuitively to embody the access of whole network flow
Relationship, difficulty of checking and find the problem.
In order to overcome existing system can not clearing for efficient quick network communication relationship and find network DDOS attack, worm
Attack, Trojan characteristics, heartbeat is abnormal, connects exception, abnormal behavior, Traffic Anomaly, multiplexed port, active external connection, hidden tunnel
Deficiency, the present invention provides a kind of network data visual analyzings and methods of exhibiting and system.Network data visualization point
Method and system are analysed, the managing detailed catalogue of data can not only be intuitively effectively shown by the condition of user setting, moreover it is possible to pass through
The diagrammatic representation of exclusive design goes out the communication relations of network and there is abnormal point.And offer chart and detail list that energy is advanced
Mouse or so key operation be associated with look facility, allow user is deeper to excavate hiding cyberrelationship and exception.
Summary of the invention
To solve the above problems, the present invention provides a kind of network data visual analyzing and display systems, including data
Packet import modul, data statistics module, data list display interface module, data tree display interface module, datagram show boundary
Face mould block.
The data packet import modul is for importing data traffic packet.
The data statistics module by the data of acquisition for being counted, being classified.
The data list display interface module in the way of list at interface for opening up the information of data packet
Show.
Sorted data for being shown in the way of figure at interface by the data graphical interfaces module.
The IP address communication shows that interface module is used for the correspondence between the selected each IP address of user
It is shown at interface.In interface, every two has connecting line between having the IP address of correspondence.
Further, the data graphical interfaces module shows sorted data with pie chart, each region of pie chart
It can be selected, classification representated by selected region can be carried out as a kind of data of filter condition to data traffic packet
Filter, will be shown by filtered data using data list display interface module.
Further, in the interface that the IP address communication displaying interface module is shown, each IP address is correspondingly arranged
One figure, feature size are directly proportional to the message volume of the IP address.
Further, IP address communication shows in the shown interface of interface module, each IP address surround one it is ellipse
Circle.
Further, the IP address communication is shown in the shown interface of interface module, when mouse moves into one
When on IP address point, the address points and associated connecting line have other IP address points of communication relations highlighted with the address points,
And show the communication statistical data of the address points.
Further, the IP address communication is shown in the shown interface of interface module, when mouse is moved on connecting line,
The figure of the IP address at the connecting line and connecting line both ends is highlighted, and shows that the communication between the connecting line both ends IP address counts
Data.
Further, the data list display interface can be ranked up for single-row or composite column, for single-row or
The condition of composite column is filtered.
Further, the data statistics module can according to IP communicate to, the attributive character of data packet, single ip address
As class condition.
Further, when the data statistics module communicates IP to as class condition, each IP communication can be counted
Pair network packet, the transmission packet number therein of adding up receives packet number, transmitted traffic, receives flow.
Further, the data statistics module is using the attributive character of data packet as when class condition, by network data
The DDOS attack that is marked in packet and/or, worm attack and/or, Trojan characteristics and/or, heartbeat it is abnormal and/or, connection it is abnormal and/
Or, abnormal behavior and/or, Traffic Anomaly and/or, multiplexed port and/or, active external connection and/or, hidden tunnel and/or, network
In communication packet geographical location described in IP and/or, agreement used in network communication packet counts net as class condition respectively
The quantity of network communication packet.
Beneficial effects of the present invention are:
After the present invention can be such that a large amount of network communication data filter using conditional filtering set by user, by specifically for net
Network relationship and DDOS attack, worm attack, Trojan characteristics, heartbeat be abnormal, connection exception, abnormal behavior, Traffic Anomaly, port are multiple
It is shown with the chart of, active external connection, hidden Tunnel Design is simple and clear.User can intuitively and clearly watch net
Communication relations and communication traffic between each IP address point of network, and can be by mouse to a left side for each graphic element in this figure
Right button and suspension procedure, association show corresponding data detail.User is set to combine experience, deeper excavation
Hiding cyberrelationship and exception out.
Detailed description of the invention
Fig. 1 shows interface schematic diagram by data list display interface module.
Fig. 2 shows interface schematic diagram by data graphical interfaces module.
Fig. 3 is communicated by IP address shows that interface module shows interface schematic diagram.
Specific embodiment
Network data visual analyzing and display systems of the present invention include data packet import modul, data statistics mould
Block, data list display interface module, data tree display interface module, datagram display interface module.Below to various pieces
It is introduced.
The data packet import modul is for importing network raw data flow packet;By the hardware for being mounted on top gateway
Communication packet acquisition equipment, acquires the network packet of full-mesh network.
The data statistics module by the data of acquisition for being counted, being classified.The data statistics module is for making
With the mode of classification polymerization, by the data filtering of acquisition and come out.Three classes classification method is present embodiments provided, is introduced such as
Under:
Classification method one:By IP communication to the network packet for as class condition, counting each IP communication pair respectively, add up
Transmission packet number therein receives packet number, transmitted traffic, receives flow.
Classification method two:Using the attributive character of data packet as class condition:It will mark in network packet respectively
DDOS attack and/or, worm attack and/or, Trojan characteristics and/or, heartbeat it is abnormal and/or, connection it is abnormal and/or, behavior is different
Often and/or, Traffic Anomaly and/or, multiplexed port and/or, active external connection and/or, hidden tunnel and/or, in network communication packet
Geographical location described in IP and/or, agreement used in network communication packet counts network communication packet as class condition respectively
Quantity.
Classification method three:Using single ip address as class condition, the quantity of network communication packet is counted respectively, sends stream
Amount receives flow.
The data list display interface module in the way of list at interface for opening up the information of data packet
Show.It preferably, also include for single-row with the ranking function of composite column, for the single-row filtering function with the condition of composite column
Energy.As shown in Figure 1, have several columns, respectively serial number, the source IP of IP communication pair, destination IP, the transmission packet between two IP
Number receives packet number, transmitted traffic, receives flow.
Sorted data for being shown in the way of figure at interface by the data graphical interfaces module.This
In embodiment, the data graphical interfaces module shows sorted data with pie chart, and each region of pie chart can be chosen
In, classification representated by selected region can be filtered as a kind of data of filter condition to data traffic packet, be filtered
Data afterwards will be shown using data list display interface module.As shown in Fig. 2, being from left to right respectively protocol classification cake
Figure, geographical location pie chart, abnormal attribute pie chart.Any region in pie chart is chosen, the related content that just will do it the part is shown.
The IP address communication shows that interface module is used for the correspondence between the selected each IP address of user
It is shown at interface;In interface, every two has connecting line between having the IP address of correspondence.As shown in figure 3, each company
The IP address at line both ends has communication service.Preferably, each IP address can graphically, feature size and the IP address
Message volume it is how much directly proportional.And the message volume of the IP address is bigger, then the figure is bigger.The communication of the IP address
Portfolio is smaller, then the figure is smaller.As used ellipse representation IP address in Fig. 3, message volume is then oval big greatly.Preferably,
In order to adapt to the display characteristic of widescreen computer, each IP address surrounds an ellipse, long axis along interface left and right directions.It is each
It if there is mutual data communication between IP point, is just connected with camber line, the top of camber line is always towards the center of ellipse.
Further, when mouse is moved on some IP address point, the point and associated connecting line have communication to close with the point
Other IP address points of system are highlighted, and show the communication statistical data of the point.
Further, when mouse is moved on connecting line, the figure of the IP address point at the connecting line and connecting line both ends is highlighted
Shape, and show the communication statistical data between the connecting line both ends IP address.Double click IP point or connecting line can automatically generate
Filter condition is inquired into the whole network data of crawl and is shown corresponding detail in a manner of list.
Claims (10)
1. a kind of network data visual analyzing and display systems, which is characterized in that including data packet import modul, data statistics
Module, data list display interface module, data tree display interface module, datagram display interface module;
The data packet import modul is for importing data traffic packet;
The data statistics module by the data of acquisition for being counted, being classified;
The data list display interface module is for the information of data packet to be shown in the way of list at interface;
Sorted data for being shown in the way of figure at interface by the data graphical interfaces module;
The IP address communication shows that interface module is used for the correspondence between the selected each IP address of user on boundary
Face is shown;In interface, every two has connecting line between having the IP address of correspondence.
2. network data visual analyzing as described in claim 1 and display systems, which is characterized in that datagraphic circle
Sorted data are shown that each region of pie chart can be selected by face mould block with pie chart, are selected class representated by region
It can not be filtered as a kind of data of filter condition to data traffic packet, will be shown using data list by filtered data
Show that interface module is shown.
3. network data visual analyzing as described in claim 1 and display systems, which is characterized in that the IP address communication
In the interface that displaying interface module is shown, each IP address is correspondingly arranged a figure, and feature size is logical with the IP address
Communication service amount is directly proportional.
4. network data visual analyzing as described in claim 1 and display systems, which is characterized in that the IP address communication
It shows in the shown interface of interface module, each IP address surrounds an ellipse.
5. network data visual analyzing as described in claim 1 and display systems, which is characterized in that the IP address communication
It shows in the shown interface of interface module, when mouse moves on an IP address point, the address points and associated company
Wiring has other IP address points of communication relations highlighted with the address points, and shows the communication statistical data of the address points.
6. network data visual analyzing as described in claim 1 and display systems, which is characterized in that the IP address communication
It shows in the shown interface of interface module, when mouse is moved on connecting line, the IP address at the connecting line and connecting line both ends
Figure is highlighted, and shows the communication statistical data between the connecting line both ends IP address.It, should when mouse is moved to above IP point
Point, all connecting lines of the point, the point of connecting line other end are all highlighted, and show the communication statistical data of the point.
7. network data visual analyzing as described in claim 1 and display systems, which is characterized in that the data list is aobvious
Show that interface can be ranked up, be filtered for single-row or composite column condition for single-row or composite column.
8. network data visual analyzing as claimed in claim 7 and display systems, which is characterized in that the data statistics mould
Block can be communicated according to IP to, the attributive character of data packet, single ip address be as class condition.
9. network data visual analyzing as claimed in claim 7 and display systems, which is characterized in that the data statistics mould
When block communicates IP to as class condition, the network packet of each IP communication pair can be counted, add up transmission packet therein
Number receives packet number, transmitted traffic, receives flow.
10. network data visual analyzing as claimed in claim 7 and display systems, which is characterized in that the data statistics
Module is using the attributive character of data packet as when class condition, and/or, worm is attacked by the DDOS attack marked in network packet
Hit and/or, Trojan characteristics and/or, heartbeat it is abnormal and/or, connection it is abnormal and/or, abnormal behavior and/or, Traffic Anomaly and/
Or, multiplexed port and/or, active external connection and/or, hidden tunnel and/or, in network communication packet geographical location described in IP and/
Or, agreement used in network communication packet as class condition, counts the quantity of network communication packet respectively.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201810578658.9A CN108923954A (en) | 2018-06-07 | 2018-06-07 | A kind of network data visual analyzing and display systems |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201810578658.9A CN108923954A (en) | 2018-06-07 | 2018-06-07 | A kind of network data visual analyzing and display systems |
Publications (1)
Publication Number | Publication Date |
---|---|
CN108923954A true CN108923954A (en) | 2018-11-30 |
Family
ID=64411003
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201810578658.9A Pending CN108923954A (en) | 2018-06-07 | 2018-06-07 | A kind of network data visual analyzing and display systems |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN108923954A (en) |
Cited By (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN110098951A (en) * | 2019-03-04 | 2019-08-06 | 西安电子科技大学 | A kind of network-combination yarn virtual emulation based on virtualization technology and safety evaluation method and system |
CN110569360A (en) * | 2019-09-06 | 2019-12-13 | 成都深思科技有限公司 | Method for labeling and automatically associating network session data |
CN112231390A (en) * | 2020-10-21 | 2021-01-15 | 成都深思科技有限公司 | Matrix display method of network session associated data |
Citations (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102013678A (en) * | 2010-11-22 | 2011-04-13 | 西北电网有限公司 | Method for displaying full view of wind power information on dispatching automation system |
US8766993B1 (en) * | 2005-04-06 | 2014-07-01 | Teradici Corporation | Methods and apparatus for enabling multiple remote displays |
CN104090769A (en) * | 2014-07-18 | 2014-10-08 | 北京锐安科技有限公司 | Graphic displaying method and device for service data |
CN105162627A (en) * | 2015-08-24 | 2015-12-16 | 上海天旦网络科技发展有限公司 | Method and system for discovering and presenting network application access information |
CN105843803A (en) * | 2015-01-12 | 2016-08-10 | 上海悦程信息技术有限公司 | Big data security visualization interaction analysis system and method |
CN106921631A (en) * | 2015-12-25 | 2017-07-04 | 北京奇虎科技有限公司 | Method for exhibiting data and device |
CN108076053A (en) * | 2017-11-24 | 2018-05-25 | 国网天津市电力公司电力科学研究院 | A kind of real-time traffic towards wireless internet of things is intercepted and abnormity early warning system and method |
-
2018
- 2018-06-07 CN CN201810578658.9A patent/CN108923954A/en active Pending
Patent Citations (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US8766993B1 (en) * | 2005-04-06 | 2014-07-01 | Teradici Corporation | Methods and apparatus for enabling multiple remote displays |
CN102013678A (en) * | 2010-11-22 | 2011-04-13 | 西北电网有限公司 | Method for displaying full view of wind power information on dispatching automation system |
CN104090769A (en) * | 2014-07-18 | 2014-10-08 | 北京锐安科技有限公司 | Graphic displaying method and device for service data |
CN105843803A (en) * | 2015-01-12 | 2016-08-10 | 上海悦程信息技术有限公司 | Big data security visualization interaction analysis system and method |
CN105162627A (en) * | 2015-08-24 | 2015-12-16 | 上海天旦网络科技发展有限公司 | Method and system for discovering and presenting network application access information |
CN106921631A (en) * | 2015-12-25 | 2017-07-04 | 北京奇虎科技有限公司 | Method for exhibiting data and device |
CN108076053A (en) * | 2017-11-24 | 2018-05-25 | 国网天津市电力公司电力科学研究院 | A kind of real-time traffic towards wireless internet of things is intercepted and abnormity early warning system and method |
Cited By (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN110098951A (en) * | 2019-03-04 | 2019-08-06 | 西安电子科技大学 | A kind of network-combination yarn virtual emulation based on virtualization technology and safety evaluation method and system |
CN110569360A (en) * | 2019-09-06 | 2019-12-13 | 成都深思科技有限公司 | Method for labeling and automatically associating network session data |
CN112231390A (en) * | 2020-10-21 | 2021-01-15 | 成都深思科技有限公司 | Matrix display method of network session associated data |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
Abdullah et al. | IDS RainStorm: Visualizing IDS Alarms. | |
US20180077119A1 (en) | Visualization of traffic flowing through a host | |
KR100885293B1 (en) | Method and Apparatus for visualizing network security state | |
Kintzel et al. | Monitoring large ip spaces with clockview | |
KR100949803B1 (en) | Apparatus and Method for divided visualizing IP address | |
Goodall et al. | Preserving the big picture: Visual network traffic analysis with tnv | |
Zhao et al. | IDSRadar: a real-time visualization framework for IDS alerts | |
Chi et al. | Cyclops: the AS-level connectivity observatory | |
CN106034056A (en) | Service safety analysis method and system thereof | |
CN107579855B (en) | Layered multi-domain visual safe operation and maintenance method based on graph database | |
CN108923954A (en) | A kind of network data visual analyzing and display systems | |
CN109766695A (en) | A kind of network security situational awareness method and system based on fusion decision | |
Mansmann et al. | Visual support for analyzing network traffic and intrusion detection events using TreeMap and graph representations | |
US8589536B2 (en) | Network monitoring system | |
Shi et al. | Scalable network traffic visualization using compressed graphs | |
Biersack et al. | Visual analytics for BGP monitoring and prefix hijacking identification | |
CN104935570A (en) | Network flow connection behavior characteristic analysis method based on network flow connection graph | |
Liao et al. | Visual analysis of large-scale network anomalies | |
CN113938401A (en) | Naval vessel network security visualization system | |
Zhang et al. | Density approach: a new model for BigData analysis and visualization | |
US20120030572A1 (en) | Network visualization system | |
CN114531273A (en) | Method for defending distributed denial of service attack of industrial network system | |
CN106330616A (en) | Method of realizing railway data business classification monitoring | |
Mansmann et al. | Interactive exploration of data traffic with hierarchical network maps | |
CN116049254A (en) | Data asset statistics method based on database |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
RJ01 | Rejection of invention patent application after publication | ||
RJ01 | Rejection of invention patent application after publication |
Application publication date: 20181130 |