CN108923954A - A kind of network data visual analyzing and display systems - Google Patents

A kind of network data visual analyzing and display systems Download PDF

Info

Publication number
CN108923954A
CN108923954A CN201810578658.9A CN201810578658A CN108923954A CN 108923954 A CN108923954 A CN 108923954A CN 201810578658 A CN201810578658 A CN 201810578658A CN 108923954 A CN108923954 A CN 108923954A
Authority
CN
China
Prior art keywords
data
address
communication
packet
network
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201810578658.9A
Other languages
Chinese (zh)
Inventor
代先勇
佘朝裕
孔德林
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
CHENGDU PONDER TECHNOLOGY Co Ltd
Original Assignee
CHENGDU PONDER TECHNOLOGY Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by CHENGDU PONDER TECHNOLOGY Co Ltd filed Critical CHENGDU PONDER TECHNOLOGY Co Ltd
Priority to CN201810578658.9A priority Critical patent/CN108923954A/en
Publication of CN108923954A publication Critical patent/CN108923954A/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/22Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks comprising specially adapted graphical user interfaces [GUI]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L43/00Arrangements for monitoring or testing data switching networks
    • H04L43/04Processing captured monitoring data, e.g. for logfile generation
    • H04L43/045Processing captured monitoring data, e.g. for logfile generation for graphical visualisation of monitoring data
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • H04L63/1425Traffic logging, e.g. anomaly detection
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic
    • H04L63/145Countermeasures against malicious traffic the attack involving the propagation of malware through the network, e.g. viruses, trojans or worms
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic
    • H04L63/1458Denial of Service

Abstract

A kind of network data visual analyzing and display systems, including data packet import modul, data statistics module, data list display interface module, data tree display interface module, datagram display interface module.Using the present invention, user can intuitively and clearly watch the communication relations and communication traffic between each IP address point of network, and can be by mouse to the right and left key and suspension procedure of each graphic element in this figure, and association shows corresponding data detail.User is set to combine experience, it is deeper to excavate hiding cyberrelationship and exception.

Description

A kind of network data visual analyzing and display systems
Technical field
The present invention relates to Internet technical field more particularly to a kind of network data visual analyzings and display systems.
Background technique
Current more and more companies and government come into effect with no paper information system management, the dependence of company and government more Internet, a large amount of critical data create the increasingly huge and complicated of internet communication data in transmission over networks.It is only logical It crosses and rationally efficiently each network traffic data is monitored and is analyzed, the normal operation of company and government and personal could be made Interests arrive best guarantee.For the demand of this business, many companies are also to having gone out targetedly monitoring software.But for industry Communication data amount of being engaged in is huge, for the big companies and government department of communication relations complex, to clearing for efficient quick Network communication relationship and Network Abnormal is found, it is still difficult to realize using existing software systems, and be easy to omit and error. Because existing software is all tabular form for the displaying of data, it is difficult intuitively to embody the access of whole network flow Relationship, difficulty of checking and find the problem.
In order to overcome existing system can not clearing for efficient quick network communication relationship and find network DDOS attack, worm Attack, Trojan characteristics, heartbeat is abnormal, connects exception, abnormal behavior, Traffic Anomaly, multiplexed port, active external connection, hidden tunnel Deficiency, the present invention provides a kind of network data visual analyzings and methods of exhibiting and system.Network data visualization point Method and system are analysed, the managing detailed catalogue of data can not only be intuitively effectively shown by the condition of user setting, moreover it is possible to pass through The diagrammatic representation of exclusive design goes out the communication relations of network and there is abnormal point.And offer chart and detail list that energy is advanced Mouse or so key operation be associated with look facility, allow user is deeper to excavate hiding cyberrelationship and exception.
Summary of the invention
To solve the above problems, the present invention provides a kind of network data visual analyzing and display systems, including data Packet import modul, data statistics module, data list display interface module, data tree display interface module, datagram show boundary Face mould block.
The data packet import modul is for importing data traffic packet.
The data statistics module by the data of acquisition for being counted, being classified.
The data list display interface module in the way of list at interface for opening up the information of data packet Show.
Sorted data for being shown in the way of figure at interface by the data graphical interfaces module.
The IP address communication shows that interface module is used for the correspondence between the selected each IP address of user It is shown at interface.In interface, every two has connecting line between having the IP address of correspondence.
Further, the data graphical interfaces module shows sorted data with pie chart, each region of pie chart It can be selected, classification representated by selected region can be carried out as a kind of data of filter condition to data traffic packet Filter, will be shown by filtered data using data list display interface module.
Further, in the interface that the IP address communication displaying interface module is shown, each IP address is correspondingly arranged One figure, feature size are directly proportional to the message volume of the IP address.
Further, IP address communication shows in the shown interface of interface module, each IP address surround one it is ellipse Circle.
Further, the IP address communication is shown in the shown interface of interface module, when mouse moves into one When on IP address point, the address points and associated connecting line have other IP address points of communication relations highlighted with the address points, And show the communication statistical data of the address points.
Further, the IP address communication is shown in the shown interface of interface module, when mouse is moved on connecting line, The figure of the IP address at the connecting line and connecting line both ends is highlighted, and shows that the communication between the connecting line both ends IP address counts Data.
Further, the data list display interface can be ranked up for single-row or composite column, for single-row or The condition of composite column is filtered.
Further, the data statistics module can according to IP communicate to, the attributive character of data packet, single ip address As class condition.
Further, when the data statistics module communicates IP to as class condition, each IP communication can be counted Pair network packet, the transmission packet number therein of adding up receives packet number, transmitted traffic, receives flow.
Further, the data statistics module is using the attributive character of data packet as when class condition, by network data The DDOS attack that is marked in packet and/or, worm attack and/or, Trojan characteristics and/or, heartbeat it is abnormal and/or, connection it is abnormal and/ Or, abnormal behavior and/or, Traffic Anomaly and/or, multiplexed port and/or, active external connection and/or, hidden tunnel and/or, network In communication packet geographical location described in IP and/or, agreement used in network communication packet counts net as class condition respectively The quantity of network communication packet.
Beneficial effects of the present invention are:
After the present invention can be such that a large amount of network communication data filter using conditional filtering set by user, by specifically for net Network relationship and DDOS attack, worm attack, Trojan characteristics, heartbeat be abnormal, connection exception, abnormal behavior, Traffic Anomaly, port are multiple It is shown with the chart of, active external connection, hidden Tunnel Design is simple and clear.User can intuitively and clearly watch net Communication relations and communication traffic between each IP address point of network, and can be by mouse to a left side for each graphic element in this figure Right button and suspension procedure, association show corresponding data detail.User is set to combine experience, deeper excavation Hiding cyberrelationship and exception out.
Detailed description of the invention
Fig. 1 shows interface schematic diagram by data list display interface module.
Fig. 2 shows interface schematic diagram by data graphical interfaces module.
Fig. 3 is communicated by IP address shows that interface module shows interface schematic diagram.
Specific embodiment
Network data visual analyzing and display systems of the present invention include data packet import modul, data statistics mould Block, data list display interface module, data tree display interface module, datagram display interface module.Below to various pieces It is introduced.
The data packet import modul is for importing network raw data flow packet;By the hardware for being mounted on top gateway Communication packet acquisition equipment, acquires the network packet of full-mesh network.
The data statistics module by the data of acquisition for being counted, being classified.The data statistics module is for making With the mode of classification polymerization, by the data filtering of acquisition and come out.Three classes classification method is present embodiments provided, is introduced such as Under:
Classification method one:By IP communication to the network packet for as class condition, counting each IP communication pair respectively, add up Transmission packet number therein receives packet number, transmitted traffic, receives flow.
Classification method two:Using the attributive character of data packet as class condition:It will mark in network packet respectively DDOS attack and/or, worm attack and/or, Trojan characteristics and/or, heartbeat it is abnormal and/or, connection it is abnormal and/or, behavior is different Often and/or, Traffic Anomaly and/or, multiplexed port and/or, active external connection and/or, hidden tunnel and/or, in network communication packet Geographical location described in IP and/or, agreement used in network communication packet counts network communication packet as class condition respectively Quantity.
Classification method three:Using single ip address as class condition, the quantity of network communication packet is counted respectively, sends stream Amount receives flow.
The data list display interface module in the way of list at interface for opening up the information of data packet Show.It preferably, also include for single-row with the ranking function of composite column, for the single-row filtering function with the condition of composite column Energy.As shown in Figure 1, have several columns, respectively serial number, the source IP of IP communication pair, destination IP, the transmission packet between two IP Number receives packet number, transmitted traffic, receives flow.
Sorted data for being shown in the way of figure at interface by the data graphical interfaces module.This In embodiment, the data graphical interfaces module shows sorted data with pie chart, and each region of pie chart can be chosen In, classification representated by selected region can be filtered as a kind of data of filter condition to data traffic packet, be filtered Data afterwards will be shown using data list display interface module.As shown in Fig. 2, being from left to right respectively protocol classification cake Figure, geographical location pie chart, abnormal attribute pie chart.Any region in pie chart is chosen, the related content that just will do it the part is shown.
The IP address communication shows that interface module is used for the correspondence between the selected each IP address of user It is shown at interface;In interface, every two has connecting line between having the IP address of correspondence.As shown in figure 3, each company The IP address at line both ends has communication service.Preferably, each IP address can graphically, feature size and the IP address Message volume it is how much directly proportional.And the message volume of the IP address is bigger, then the figure is bigger.The communication of the IP address Portfolio is smaller, then the figure is smaller.As used ellipse representation IP address in Fig. 3, message volume is then oval big greatly.Preferably, In order to adapt to the display characteristic of widescreen computer, each IP address surrounds an ellipse, long axis along interface left and right directions.It is each It if there is mutual data communication between IP point, is just connected with camber line, the top of camber line is always towards the center of ellipse.
Further, when mouse is moved on some IP address point, the point and associated connecting line have communication to close with the point Other IP address points of system are highlighted, and show the communication statistical data of the point.
Further, when mouse is moved on connecting line, the figure of the IP address point at the connecting line and connecting line both ends is highlighted Shape, and show the communication statistical data between the connecting line both ends IP address.Double click IP point or connecting line can automatically generate Filter condition is inquired into the whole network data of crawl and is shown corresponding detail in a manner of list.

Claims (10)

1. a kind of network data visual analyzing and display systems, which is characterized in that including data packet import modul, data statistics Module, data list display interface module, data tree display interface module, datagram display interface module;
The data packet import modul is for importing data traffic packet;
The data statistics module by the data of acquisition for being counted, being classified;
The data list display interface module is for the information of data packet to be shown in the way of list at interface;
Sorted data for being shown in the way of figure at interface by the data graphical interfaces module;
The IP address communication shows that interface module is used for the correspondence between the selected each IP address of user on boundary Face is shown;In interface, every two has connecting line between having the IP address of correspondence.
2. network data visual analyzing as described in claim 1 and display systems, which is characterized in that datagraphic circle Sorted data are shown that each region of pie chart can be selected by face mould block with pie chart, are selected class representated by region It can not be filtered as a kind of data of filter condition to data traffic packet, will be shown using data list by filtered data Show that interface module is shown.
3. network data visual analyzing as described in claim 1 and display systems, which is characterized in that the IP address communication In the interface that displaying interface module is shown, each IP address is correspondingly arranged a figure, and feature size is logical with the IP address Communication service amount is directly proportional.
4. network data visual analyzing as described in claim 1 and display systems, which is characterized in that the IP address communication It shows in the shown interface of interface module, each IP address surrounds an ellipse.
5. network data visual analyzing as described in claim 1 and display systems, which is characterized in that the IP address communication It shows in the shown interface of interface module, when mouse moves on an IP address point, the address points and associated company Wiring has other IP address points of communication relations highlighted with the address points, and shows the communication statistical data of the address points.
6. network data visual analyzing as described in claim 1 and display systems, which is characterized in that the IP address communication It shows in the shown interface of interface module, when mouse is moved on connecting line, the IP address at the connecting line and connecting line both ends Figure is highlighted, and shows the communication statistical data between the connecting line both ends IP address.It, should when mouse is moved to above IP point Point, all connecting lines of the point, the point of connecting line other end are all highlighted, and show the communication statistical data of the point.
7. network data visual analyzing as described in claim 1 and display systems, which is characterized in that the data list is aobvious Show that interface can be ranked up, be filtered for single-row or composite column condition for single-row or composite column.
8. network data visual analyzing as claimed in claim 7 and display systems, which is characterized in that the data statistics mould Block can be communicated according to IP to, the attributive character of data packet, single ip address be as class condition.
9. network data visual analyzing as claimed in claim 7 and display systems, which is characterized in that the data statistics mould When block communicates IP to as class condition, the network packet of each IP communication pair can be counted, add up transmission packet therein Number receives packet number, transmitted traffic, receives flow.
10. network data visual analyzing as claimed in claim 7 and display systems, which is characterized in that the data statistics Module is using the attributive character of data packet as when class condition, and/or, worm is attacked by the DDOS attack marked in network packet Hit and/or, Trojan characteristics and/or, heartbeat it is abnormal and/or, connection it is abnormal and/or, abnormal behavior and/or, Traffic Anomaly and/ Or, multiplexed port and/or, active external connection and/or, hidden tunnel and/or, in network communication packet geographical location described in IP and/ Or, agreement used in network communication packet as class condition, counts the quantity of network communication packet respectively.
CN201810578658.9A 2018-06-07 2018-06-07 A kind of network data visual analyzing and display systems Pending CN108923954A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201810578658.9A CN108923954A (en) 2018-06-07 2018-06-07 A kind of network data visual analyzing and display systems

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201810578658.9A CN108923954A (en) 2018-06-07 2018-06-07 A kind of network data visual analyzing and display systems

Publications (1)

Publication Number Publication Date
CN108923954A true CN108923954A (en) 2018-11-30

Family

ID=64411003

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201810578658.9A Pending CN108923954A (en) 2018-06-07 2018-06-07 A kind of network data visual analyzing and display systems

Country Status (1)

Country Link
CN (1) CN108923954A (en)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110098951A (en) * 2019-03-04 2019-08-06 西安电子科技大学 A kind of network-combination yarn virtual emulation based on virtualization technology and safety evaluation method and system
CN110569360A (en) * 2019-09-06 2019-12-13 成都深思科技有限公司 Method for labeling and automatically associating network session data
CN112231390A (en) * 2020-10-21 2021-01-15 成都深思科技有限公司 Matrix display method of network session associated data

Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102013678A (en) * 2010-11-22 2011-04-13 西北电网有限公司 Method for displaying full view of wind power information on dispatching automation system
US8766993B1 (en) * 2005-04-06 2014-07-01 Teradici Corporation Methods and apparatus for enabling multiple remote displays
CN104090769A (en) * 2014-07-18 2014-10-08 北京锐安科技有限公司 Graphic displaying method and device for service data
CN105162627A (en) * 2015-08-24 2015-12-16 上海天旦网络科技发展有限公司 Method and system for discovering and presenting network application access information
CN105843803A (en) * 2015-01-12 2016-08-10 上海悦程信息技术有限公司 Big data security visualization interaction analysis system and method
CN106921631A (en) * 2015-12-25 2017-07-04 北京奇虎科技有限公司 Method for exhibiting data and device
CN108076053A (en) * 2017-11-24 2018-05-25 国网天津市电力公司电力科学研究院 A kind of real-time traffic towards wireless internet of things is intercepted and abnormity early warning system and method

Patent Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8766993B1 (en) * 2005-04-06 2014-07-01 Teradici Corporation Methods and apparatus for enabling multiple remote displays
CN102013678A (en) * 2010-11-22 2011-04-13 西北电网有限公司 Method for displaying full view of wind power information on dispatching automation system
CN104090769A (en) * 2014-07-18 2014-10-08 北京锐安科技有限公司 Graphic displaying method and device for service data
CN105843803A (en) * 2015-01-12 2016-08-10 上海悦程信息技术有限公司 Big data security visualization interaction analysis system and method
CN105162627A (en) * 2015-08-24 2015-12-16 上海天旦网络科技发展有限公司 Method and system for discovering and presenting network application access information
CN106921631A (en) * 2015-12-25 2017-07-04 北京奇虎科技有限公司 Method for exhibiting data and device
CN108076053A (en) * 2017-11-24 2018-05-25 国网天津市电力公司电力科学研究院 A kind of real-time traffic towards wireless internet of things is intercepted and abnormity early warning system and method

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110098951A (en) * 2019-03-04 2019-08-06 西安电子科技大学 A kind of network-combination yarn virtual emulation based on virtualization technology and safety evaluation method and system
CN110569360A (en) * 2019-09-06 2019-12-13 成都深思科技有限公司 Method for labeling and automatically associating network session data
CN112231390A (en) * 2020-10-21 2021-01-15 成都深思科技有限公司 Matrix display method of network session associated data

Similar Documents

Publication Publication Date Title
Abdullah et al. IDS RainStorm: Visualizing IDS Alarms.
US20180077119A1 (en) Visualization of traffic flowing through a host
KR100885293B1 (en) Method and Apparatus for visualizing network security state
Kintzel et al. Monitoring large ip spaces with clockview
KR100949803B1 (en) Apparatus and Method for divided visualizing IP address
Goodall et al. Preserving the big picture: Visual network traffic analysis with tnv
Zhao et al. IDSRadar: a real-time visualization framework for IDS alerts
Chi et al. Cyclops: the AS-level connectivity observatory
CN106034056A (en) Service safety analysis method and system thereof
CN107579855B (en) Layered multi-domain visual safe operation and maintenance method based on graph database
CN108923954A (en) A kind of network data visual analyzing and display systems
CN109766695A (en) A kind of network security situational awareness method and system based on fusion decision
Mansmann et al. Visual support for analyzing network traffic and intrusion detection events using TreeMap and graph representations
US8589536B2 (en) Network monitoring system
Shi et al. Scalable network traffic visualization using compressed graphs
Biersack et al. Visual analytics for BGP monitoring and prefix hijacking identification
CN104935570A (en) Network flow connection behavior characteristic analysis method based on network flow connection graph
Liao et al. Visual analysis of large-scale network anomalies
CN113938401A (en) Naval vessel network security visualization system
Zhang et al. Density approach: a new model for BigData analysis and visualization
US20120030572A1 (en) Network visualization system
CN114531273A (en) Method for defending distributed denial of service attack of industrial network system
CN106330616A (en) Method of realizing railway data business classification monitoring
Mansmann et al. Interactive exploration of data traffic with hierarchical network maps
CN116049254A (en) Data asset statistics method based on database

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication
RJ01 Rejection of invention patent application after publication

Application publication date: 20181130