CN109257297A - A kind of monitoring method of data-directed stream amount - Google Patents
A kind of monitoring method of data-directed stream amount Download PDFInfo
- Publication number
- CN109257297A CN109257297A CN201811377464.9A CN201811377464A CN109257297A CN 109257297 A CN109257297 A CN 109257297A CN 201811377464 A CN201811377464 A CN 201811377464A CN 109257297 A CN109257297 A CN 109257297A
- Authority
- CN
- China
- Prior art keywords
- specific user
- specific
- public security
- data
- address
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L61/00—Network arrangements, protocols or services for addressing or naming
- H04L61/50—Address allocation
- H04L61/5007—Internet protocol [IP] addresses
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L47/00—Traffic control in data switching networks
- H04L47/10—Flow control; Congestion control
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L47/00—Traffic control in data switching networks
- H04L47/10—Flow control; Congestion control
- H04L47/20—Traffic policing
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L61/00—Network arrangements, protocols or services for addressing or naming
- H04L61/50—Address allocation
- H04L61/5007—Internet protocol [IP] addresses
- H04L61/5014—Internet protocol [IP] addresses using dynamic host configuration protocol [DHCP] or bootstrap protocol [BOOTP]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L61/00—Network arrangements, protocols or services for addressing or naming
- H04L61/50—Address allocation
- H04L61/5053—Lease time; Renewal aspects
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The present invention provides a kind of data-directed stream amount monitoring methods, by the way that the BOSS system of broadcasting and TV bandwidth operator will be docked with public security net supervision system, specific user's set meal is arranged in BOSS system in specific user's list that BOSS system is supervised according to public security net, again by DHCP system to the specific users allocation particular ip address in specific user's list, and the stream compression of these particular ip address is dealt by public security net supervision system by the policybased routing in broadband exit, to realize the real time monitoring to specific user's network data, so that public security net supervision system can greatly reduce the investment of traffic monitoring equipment, the network data that public security net supervision system only extracts specific user is monitored, it is intelligent for realizing the extraction of data, the data traffic of monitoring is greatly reduced, while guaranteeing monitoring effect, significantly improve Monitoring efficiency, can also can be greatly reduced equipment cost investment.
Description
Technical field
The method for being identified the present invention relates to the sender of a kind of pair of network data and monitoring the flow.
Background technique
As shown in Figure 1, in the prior art, broadcasting and TV bandwidth operator is by will be whole in the light splitting of egress router physical layer
Flow is forwarded to public security system net prison center, and without any screening.But as the explosion type of internet information in recent years increases
Long, Wide Flow is also in the growth of geometric progression, from so huge data traffic monitoring, analyzes and extracts single or part and use
The flow at family is substantially impossible, to realize that the manpower and material resources cost paid is also very big.
In addition, so huge data traffic is due to being manually to extract now, when public security needs the data of some user,
Comparable IP address, surf time, access station address are sent to broadcasting and TV bandwidth operator, broadcasting and TV bandwidth operator is artificial again
It is verified to related system, is then then forwarded to public security, it is not prompt enough to the analysis of suspicious data to will lead to public security system in this way.
Summary of the invention
The object of the present invention is to provide a kind of automatically suspicious data can sort out and be uniformly transmitted to public security net
The data quantitative flux monitoring method of prison system.
A kind of monitoring method of data-directed stream amount, comprising the following steps:
Public security net supervision system establishes specific user's list, and public security net supervision system is connect with BOSS system, and by specific user's list
It is sent to BOSS system;
BOSS system establishes specific set meal to the user in specific user's list, and the user information of the specific set meal is sent
To DHCP system;
DHCP system creates a client-class after the user-specific information for receiving specific set meal, for the specific user
(CLIENTCLASS), one section of particular ip address section is distributed to the client-class;After the terminal of specific user is restarted, energy
The IP address in particular ip address section is redistributed to the specific user, replaces original IP address;
Provisioning Policy router distinguishes the data flow for the specific user that source IP address belongs in the particular ip address section,
And the stream compression is dealt into public security net supervision system.
The data-directed stream amount monitoring method, by that will be by the BOSS system of broadcasting and TV bandwidth operator and public security net prison
System docking, specific user's set meal is arranged in BOSS system in specific user's list that BOSS system is supervised according to public security net, then passes through
DHCP system passes through the policybased routing in broadband exit to the specific users allocation particular ip address in specific user's list
The stream compression of these particular ip address is dealt into public security net supervision system, operator now only needs transmission orientation flow, data
Treating capacity drops to tens original a ten thousandths, so that the real time monitoring to specific user's network data is realized, so that public security
Net supervision system can greatly reduce the investment of traffic monitoring equipment, and equipment and cost are also greatly reduced, and public security net supervision system is only extracted
The network data of specific user is monitored, and the extraction for realizing data is intelligence, and the data traffic of monitoring is greatly reduced,
While guaranteeing monitoring effect, equipment cost investment can be also can be greatly reduced in the monitoring efficiency significantly improved.
Detailed description of the invention
Fig. 1 is the schematic diagram of former data-directed stream amount monitoring method.
Fig. 2 is the schematic diagram of data-directed stream amount monitoring method of the invention.
Specific embodiment
As shown in Fig. 2, the orientation flux monitoring method is realized by orientation flux monitoring system, including public security net prison system
Hfc plant is accessed in system, the BOSS system being connected with public security net supervision system, policy router one end, and other end leads to broadband
Outlet, public security net supervision system and policy router pass through three layers of interconnection, DHCP system access hfc plant.
Public security net supervision system by network browse sensitive content IP address and persistently browse sensitive content when
Between section be monitored record, establish specific user's list.
Public security net supervision system is docked with BOSS system, i.e., BOSS system is authorized through public security Wang Jian group, uses optical fiber
The network equipment of three layers of direct-connected public security net supervision system, and specific usernames single-shot is sent to BOSS system;BOSS system is to specific
The IP address of specific time period in user list establishes certain set to search corresponding client in BOSS system for the client
Meal, set meal refers to the set of the service and product that show that the user orders in our company in BOSS system, to distinguish different use
The user identifier of service and product that family is ordered, is sent to DHCP system for the user information of the client as user-specific information
System;DHCP system creates a client-class after receiving user-specific information, for the specific user
(CLIENTCLASS), one section of particular ip address section is distributed to the client-class;After the terminal of specific user is restarted, energy
The IP address in particular ip address section is redistributed to the specific user, replaces original IP address;Provisioning Policy router pair
The number that the data flow for the specific user that source IP address belongs in the particular ip address section distinguishes, and will belong to specific user
Public security net supervision system is dealt into according to circulation.
The data-directed stream amount monitoring method, by that will be by the BOSS system of broadcasting and TV bandwidth operator and public security net prison
System docking, specific user's set meal is arranged in BOSS system in specific user's list that BOSS system is supervised according to public security net, then passes through
DHCP system passes through the policybased routing in broadband exit to the specific users allocation particular ip address in specific user's list
The stream compression of these particular ip address is dealt into public security net supervision system, to realize the real-time prison to specific user's network data
Control, so that public security net supervision system can greatly reduce the investment of traffic monitoring equipment, public security net supervision system only extracts specific user's
Network data is monitored, and the extraction for realizing data is intelligence, and the data traffic of monitoring is greatly reduced, and is guaranteeing monitoring effect
While fruit, equipment cost investment can be also can be greatly reduced in the monitoring efficiency significantly improved.
Claims (3)
1. a kind of monitoring method of data-directed stream amount, comprising the following steps:
Public security net supervision system establishes specific user's list, and public security net supervision system is connect with BOSS system, and by specific user's list
It is sent to BOSS system;
BOSS system establishes specific set meal to the user in specific user's list, and the user information of the specific set meal is sent
To DHCP system;
DHCP system creates a client class after the user-specific information for receiving specific set meal, for the specific user
Not, one section of particular ip address section is distributed to the client-class;After the terminal of specific user is restarted, it can redistribute specific
IP address in IP address section gives the specific user, replaces original IP address;
Provisioning Policy router distinguishes the data flow for the specific user that source IP address belongs in the particular ip address section,
And the stream compression is dealt into public security net supervision system.
2. the monitoring method of data-directed stream amount according to claim 1, it is characterised in that: specific user's list is
The IP address of specific time period browsing sensitive content.
3. the monitoring method of data-directed stream amount according to claim 2, it is characterised in that: the BOSS system is being established
Specific set meal includes for specific user's setting especially mark in specific user's list.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201811377464.9A CN109257297B (en) | 2018-11-19 | 2018-11-19 | Method for monitoring data directional flow |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201811377464.9A CN109257297B (en) | 2018-11-19 | 2018-11-19 | Method for monitoring data directional flow |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN109257297A true CN109257297A (en) | 2019-01-22 |
| CN109257297B CN109257297B (en) | 2021-11-05 |
Family
ID=65043343
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201811377464.9A Active CN109257297B (en) | 2018-11-19 | 2018-11-19 | Method for monitoring data directional flow |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN109257297B (en) |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107180400A (en) * | 2017-04-26 | 2017-09-19 | 江苏新和网络科技发展有限公司 | A kind of intelligent control system applied to public security bureau |
| CN107426046A (en) * | 2016-05-24 | 2017-12-01 | 深圳市信锐网科技术有限公司 | User's Internet data capturing analysis method and system |
| CN108156043A (en) * | 2018-02-24 | 2018-06-12 | 浙江远望通信技术有限公司 | A kind of video monitoring safety cut-in method based on white list and constraint set flow control |
| CN108632221A (en) * | 2017-03-22 | 2018-10-09 | 华为技术有限公司 | Position method, equipment and the system of the compromised slave in Intranet |
-
2018
- 2018-11-19 CN CN201811377464.9A patent/CN109257297B/en active Active
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107426046A (en) * | 2016-05-24 | 2017-12-01 | 深圳市信锐网科技术有限公司 | User's Internet data capturing analysis method and system |
| CN108632221A (en) * | 2017-03-22 | 2018-10-09 | 华为技术有限公司 | Position method, equipment and the system of the compromised slave in Intranet |
| CN107180400A (en) * | 2017-04-26 | 2017-09-19 | 江苏新和网络科技发展有限公司 | A kind of intelligent control system applied to public security bureau |
| CN108156043A (en) * | 2018-02-24 | 2018-06-12 | 浙江远望通信技术有限公司 | A kind of video monitoring safety cut-in method based on white list and constraint set flow control |
Non-Patent Citations (1)
| Title |
|---|
| 李栋科: "一种面向海量网络审计日志的敏感用户挖掘分析架构", 《网络空间安全》 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN109257297B (en) | 2021-11-05 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US11178594B2 (en) | Systems and methods for routing data | |
| CN108920937A (en) | It throws screen system, throw screen method and apparatus | |
| Li et al. | Deep content: Unveiling video streaming content from encrypted wifi traffic | |
| CN109151880B (en) | Mobile application flow identification method based on multilayer classifier | |
| CN103036810B (en) | The extranet access control method exported based on many outer nets and access device | |
| CN110213212A (en) | A kind of classification method and device of equipment | |
| CN110417729A (en) | A kind of service and application class method and system encrypting flow | |
| CN105827629B (en) | Software definition safe flow guide device and its implementation under cloud computing environment | |
| CN102739457A (en) | Network flow recognition system and method based on DPI (Deep Packet Inspection) and SVM (Support Vector Machine) technology | |
| CN205263812U (en) | Distributing type face identification orbit searching system | |
| CN112949739A (en) | Information transmission scheduling method and system based on intelligent traffic classification | |
| CN109302642A (en) | Collecting method and device | |
| CN111026795A (en) | Multi-platform data fusion system based on big data | |
| CN106375295A (en) | Data storage monitoring method | |
| CN106921658A (en) | A kind of router device safety protecting method and system | |
| Lyu et al. | Effective media traffic classification using deep learning | |
| CN110266767B (en) | Enterprise cloud method and device | |
| CN106372171B (en) | Monitor supervision platform real-time data processing method | |
| CN107294954A (en) | Cloud pipe platform, the network log-in management system and method based on cloud pipe platform | |
| US20200014716A1 (en) | Using data science to aid in detection of unauthorized distribution | |
| CN109257297A (en) | A kind of monitoring method of data-directed stream amount | |
| CN108667804B (en) | DDoS attack detection and protection method and system based on SDN architecture | |
| CN110674436B (en) | Data processing method and device based on browser | |
| CN110311838A (en) | A kind of method and device of security service traffic statistics | |
| CN101420336A (en) | Method for recognizing network telephone flow quantity in network and system thereof |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |