CN109361548A - A kind of IMS network behavior diagnosis method for early warning and device based on active safety - Google Patents
A kind of IMS network behavior diagnosis method for early warning and device based on active safety Download PDFInfo
- Publication number
- CN109361548A CN109361548A CN201811380034.2A CN201811380034A CN109361548A CN 109361548 A CN109361548 A CN 109361548A CN 201811380034 A CN201811380034 A CN 201811380034A CN 109361548 A CN109361548 A CN 109361548A
- Authority
- CN
- China
- Prior art keywords
- ims
- network equipment
- access network
- equipment
- information
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
- H04L41/06—Management of faults, events, alarms or notifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
- H04L41/08—Configuration management of networks or network elements
- H04L41/0803—Configuration setting
- H04L41/0813—Configuration setting characterised by the conditions triggering a change of settings
- H04L41/082—Configuration setting characterised by the conditions triggering a change of settings the condition being updates or upgrades of network functionality
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L43/00—Arrangements for monitoring or testing data switching networks
- H04L43/08—Monitoring or testing based on specific metrics, e.g. QoS, energy consumption or environmental parameters
- H04L43/0805—Monitoring or testing based on specific metrics, e.g. QoS, energy consumption or environmental parameters by checking availability
- H04L43/0811—Monitoring or testing based on specific metrics, e.g. QoS, energy consumption or environmental parameters by checking availability by checking connectivity
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
- H04L63/0227—Filtering policies
- H04L63/0254—Stateful filtering
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0815—Network architectures or network communication protocols for network security for authentication of entities providing single-sign-on or federations
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1425—Traffic logging, e.g. anomaly detection
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/20—Network architectures or network communication protocols for network security for managing network security; network security policies in general
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L65/00—Network arrangements, protocols or services for supporting real-time applications in data packet communication
- H04L65/10—Architectures or entities
- H04L65/1016—IP multimedia subsystem [IMS]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L65/00—Network arrangements, protocols or services for supporting real-time applications in data packet communication
- H04L65/10—Architectures or entities
- H04L65/1045—Proxies, e.g. for session initiation protocol [SIP]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L65/00—Network arrangements, protocols or services for supporting real-time applications in data packet communication
- H04L65/1066—Session management
- H04L65/1101—Session protocols
- H04L65/1104—Session initiation protocol [SIP]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/133—Protocols for remote procedure calls [RPC]
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Security & Cryptography (AREA)
- Multimedia (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- General Business, Economics & Management (AREA)
- Business, Economics & Management (AREA)
- Environmental & Geological Engineering (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
- Telephonic Communication Services (AREA)
Abstract
The IMS network behavior diagnosis method for early warning and device that the invention discloses a kind of based on active safety, realize IMS access network equipment remote supervisory, and advanced awareness apparatus is online, registration and authentication status, to IMS access network equipment abnormality automatic early-warning;Comprehensive sensing IMS network equipment security postures, real-time diagnosis network equipment health status, visualization show network topology data and running log;Active safety policy mechanism is provided, network flow is managed, abnormal flow is filtered in advance.
Description
Technical field
The disclosure belongs to the technical field of communications network security, is related to a kind of IMS network behavior based on active safety and examines
Disconnected method for early warning and device.
Background technique
Only there is provided background technical informations relevant to the disclosure for the statement of this part, it is not necessary to so constitute first skill
Art.
State Grid Corporation of China's existing telephone switching network is gradually from programme-controlled exchange to IMS technical system evolution, IMS (IP
Multimedia Subsystem, IP multimedia subsystem) administration telephone switching network (hereinafter referred to as " IMS network ") is carried on number
According to communication network, support IP phone, AG (Access Gateway, access gateway)/IAD (Integrated Access Device,
Integrated access equipment) the multiple terminals access such as equipment, SIP (the Session Initiation that terminal user sends
Protocol, session initiation protocol) message by wide area, local area data communication net carries out transmitting interaction.However, due to IMS net
The expansibility of the flexible complexity of network framework, Session Initiation Protocol, IMS network architecture still remain disadvantage, one side IP phone, AG/
The IMS access network equipment such as IAD substantial amounts, dispersion deployment, lack effective regulatory measure;Another aspect IMS core CE
The network equipments abnormalities such as (Customer Edge, customer network edge) equipment, access net CE equipment can not capture in time.
Ensure IMS access network equipment security control, realize the timely capture of IMS network unit exception state, guarantees that sip message is transmitting
Integrality, confidentiality in the process becomes the main problem that IMS administration telephone switching network faces.
There are the problem of concrete analysis it is as follows:
First is that IMS access network equipment novel maintenance is difficult.By taking the company of the Shandong Guo Wang as an example, the access such as SIP phone, AG/IAD
100,000 line of net equipment is deployed in provincial company our department, 17 companies of city, 98 companies of county, subordinate units etc., geographical location point respectively
It dissipates, since the shortage automation means such as IMS access network equipment Remote configuration updates, on-line monitoring lead to not advanced awareness apparatus
Operating status.Device configuration file time-consuming consumption is updated by manual patrol inspection means circumvention device operation risk, manually at present
Power.
Second is that IMS network unit exception state capture is difficult.By taking the company of the Shandong Guo Wang as an example, IMS network CE interchanger 3000
Remaining platform lacks network equipment health operating status efficient diagnosis mechanism, can not capture in advance, timely locating network device exception shape
State.
Third is that network flow control difficulty is big.Company's IMS network is carried on data communication network, each provincial company IMS core CE
Equipment not only receives the flow information of this province access side device, and also unconditional receive saves S-CSCF from other nets
(Serving-Call Session Control Function, service-call session control function) network element, ENS (DNS/
Enum Server) network element, I-CSCF (Interrogating-Call Session Control Function, inquiry-calling
Conversation control function) network element signaling and media information, lack effective net flow assorted, flow restriction and hand of telling truth from falsehood
Section.
Summary of the invention
For the deficiencies in the prior art, one or more other embodiments of the present disclosure provide a kind of based on actively peace
Full IMS network behavior diagnosis method for early warning and device, realize IMS access network equipment remote supervisory, advanced awareness apparatus is online,
Registration and authentication status, to IMS access network equipment abnormality automatic early-warning;Comprehensive sensing IMS network equipment security postures,
Real-time diagnosis network equipment health status, visualization show network topology data and running log;Active safety strategy machine is provided
System, manages network flow, filters in advance to abnormal flow.
According to the one aspect of one or more other embodiments of the present disclosure, a kind of IMS network based on active safety is provided
Behavior diagnoses method for early warning.
A kind of IMS network behavior diagnosis method for early warning based on active safety, this method comprises:
The basic parameter information and data configuration information template of predefined IMS access network equipment;
IMS access network equipment control task is established, the control task includes appointing to the batch upgrade of IMS access network equipment
Business, Remote configuration automatically update task and status monitoring task;
Start batch upgrade task, batch of IMS access network equipment is carried out according to the basic parameter information of IMS access network equipment
Amount upgrading;Starting Remote configuration automatically updates task, according to the basic parameter information and data configuration information of IMS access network equipment
The Remote configuration for carrying out IMS access network equipment automatically updates;
Batch upgrade task is monitored respectively and Remote configuration automatically updates the execution state of task, is opened after the completion of task execution
Dynamic status monitoring task, monitors IMS access network equipment presence in real time;
When monitoring IMS access network equipment is in non-presence, safe condition exception reporting and automatic early-warning are generated.
Further, in the method, the basic parameter information of the IMS access network equipment include equipment board, model,
SN mark, IP address, geographical location;
The data configuration information of the IMS access network equipment include IMPI account, password, sip proxy server domain name,
Dns server domain name, number figure.
Further, in the method, described that IMS access net is carried out according to the basic parameter information of IMS access network equipment
The specific steps of the batch upgrade of equipment include:
When carrying out firmware version batch upgrade to IMS access network equipment, believed by the basic parameter of IMS access network equipment
Breath determines the IMS access network equipment to batch upgrade;
IMS access network equipment to batch upgrade is imported into equipment latest firmware version, starting device firmware version batch
The automatic upgrading of equipment firmware version is completed in upgrade service;
After the completion of configuration, judge whether the equipment operation version of IMS access network equipment is latest edition, when equipment runs version
When this is latest edition, starting state monitors task, otherwise continues the batch upgrade of IMS access network equipment.
Further, in the method, the specific steps of the equipment firmware updating versions in batch service include:
IMS access network equipment is restarted according to the basic parameter information of IMS access network equipment;
IMS access network equipment sends Inform request, request downloading firmware version by the distinctive RPC method of TR069 agreement
Sheet or patch;
IMS access network equipment gets firmware version by the Inform method that service provides, and realizes equipment firmware version
Remote automatic upgrading.
Further, in the method, the basic parameter information and data configuration information according to IMS access network equipment
The specific steps that automatically update of Remote configuration for carrying out IMS access network equipment include:
When automatically updating to IMS access network equipment progress Remote configuration, the basic parameter for passing through IMS access network equipment is believed
Breath determines the IMS access network equipment of configuration to be updated;
By the IMS access network equipment starting device batch remote reboot service of configuration to be updated;Equipment batch remote reboot
Service monitoring device configuration updates result;
After the completion of configuration updates, starting state monitors task.
Further, in the method, the equipment batch remote reboot service updates what file was transmitted according to configuration
Equipment associated data configuration information parameter automatically updates terminal device by TR069 agreement and corresponds to parameter;
The configuration updates the device data configuration information that file includes IMS access network equipment;
IMS access network equipment gets data configuration parameter information by TR069 agreement, using IMPI account to SIP generation
It manages server and sends Register message, and then be registered to IMS network.
Further, in the method, the status monitoring execution status of task monitoring service;The status monitoring services
IMS access network equipment presence is monitored in real time using ICMP agreement;
Further, this method further includes that the status monitoring services application mirror image technology real time monitoring IMS access net is set
Standby registration and authentication status, specific steps include:
By the reservation traffic of IMS access network equipment and authentication traffic mirroring in IMS core CE switch configuration Observe
Observation port captures IMS access network equipment abnormality;
Abnormal results are confirmed by testing engine when monitoring abnormality, and different to IMS access network equipment in time
Normal state is audited, and safe condition exception reporting and automatic early-warning are generated.
Further, this method further includes, and operation maintenance personnel is according to the IMS access network equipment IP address of abnormal state, remotely
It logs in IMS access network equipment Web page and carries out human configuration detection, eliminate abnormality in time.
According to the other side of one or more other embodiments of the present disclosure, a kind of computer-readable storage medium is also provided
Matter.
A kind of computer readable storage medium, wherein being stored with a plurality of instruction, described instruction is suitable for by terminal device
Reason device loads and executes a kind of IMS network behavior diagnosis method for early warning based on active safety.
According to the other side of one or more other embodiments of the present disclosure, a kind of terminal device is also provided.
A kind of terminal device, using internet terminal equipment, including processor and computer readable storage medium, processor
For realizing each instruction;Computer readable storage medium is suitable for by processor load simultaneously for storing a plurality of instruction, described instruction
It executes a kind of IMS network behavior based on active safety and diagnoses method for early warning.
According to the one aspect of one or more other embodiments of the present disclosure, a kind of IMS net based on active safety is also provided
Network behavior diagnoses method for early warning.
A kind of IMS network behavior diagnosis method for early warning based on active safety, this method comprises:
The basic parameter information model of predefined IMS network equipment;
IMS network apparatus management/control task is established, the control task is to acquire the data configuration information of IMS network equipment;
The time interval of control mission bit stream acquisition is set, IMS network apparatus management/control task is started;
The data configuration information of collected IMS network equipment is retrieved and filtered, is closed by machine learning algorithm
The acquisition information of the connection analysis different IMS network equipment, the information being obtained by filtration is classified according to the classification of regulation, is divided
Class data;
Classification data is matched with the early-warning conditions that matching stencil is pre-stored;
When successful match, benefit information is opened up what IMS network equipment management interface visualization showed IMS network equipment, it will
IMS network unit exception state generates safe condition exception reporting, and automatic early-warning.
Further, in the method, the basic parameter information of the IMS network equipment includes equipment board, model, SN
Mark, IP address, geographical location;
According to basic parameter information locking device object, control task is established, starts the service of secure data automatic collection, it is right
The data configuration information of IMS network equipment is acquired.
Further, in the method, the secure data automatic collection service uses the Syslog function passes of standard
The data configuration information of IMS network equipment reads and writes data configuration information using Syslog APIs interface, by modifying syslog
The conf file of function is the classification of the data configuration information of the specified acquisition of IMS network equipment.
Further, in the method, the defined classification includes flow information, log information, security strategy and sets
Standby configuration information;
The data configuration information content field of IMS network equipment is extracted using regular expression matching;The regular expressions
It include information category field in formula.
Further, in the method, when information category is flow information, disappearing for reservation traffic and session traffic is monitored
Breath records, the SrcIP field in association analysis Message Record, judges whether the equipment of same source IP address continues to IMS network
Initiate the route results of registration or session, association analysis Route field judgement registration or session, and the number of statistical message record
Mesh is matched with flow information early-warning conditions.
Further, in the method, it when information category is log information, is excavated by machine learning algorithm from Duo Tai
Existing association between the log information of IMS network equipment acquisition,
The machine learning algorithm, which passes through, extracts IP address and the identical Message Record of MAC in log information, according to
The sequencing of Datatime sorts, and the identical content in Error is excavated, by support to the Error in log information
Classify, the result of support is divided into system mistake, interface fault, unlicensed user's logon attempt, unknown IP address user
Access, flow is out-of-limit, six classifications of unknown flow rate, and the Behavior item of log information record is written;
Log information classification results are matched with pre-stored early-warning conditions, are matched as system mistake, interface fault,
For urgent early warning;Matching is that unlicensed user trial logs in, unknown IP user accesses, and is important early warning;Matching be flow it is out-of-limit,
Unknown flow rate, to prompt early warning;
By automatic synchronization IMS network CE equipment Telnet or SSH or the IP address of access to IMS net in flow is out-of-limit
Network flow is classified, and is configured to flow bandwidth.
Further, in the method, when information category is security strategy and device configuration information, using D3JS technology
The network that visualization shows IMS network CE equipment opens up benefit information, when network opens up benefit variation, by IMS network unit exception state
Generate safe condition exception reporting, and automatic early-warning.
According to the other side of one or more other embodiments of the present disclosure, a kind of computer-readable storage medium is also provided
Matter.
A kind of computer readable storage medium, wherein being stored with a plurality of instruction, described instruction is suitable for by terminal device
Reason device loads and executes a kind of IMS network behavior diagnosis method for early warning based on active safety.
According to the other side of one or more other embodiments of the present disclosure, a kind of terminal device is also provided.
A kind of terminal device, using internet terminal equipment, including processor and computer readable storage medium, processor
For realizing each instruction;Computer readable storage medium is suitable for by processor load simultaneously for storing a plurality of instruction, described instruction
It executes a kind of IMS network behavior based on active safety and diagnoses method for early warning.
The disclosure the utility model has the advantages that
1, a kind of IMS network behavior diagnosis method for early warning and device based on active safety described in the disclosure, meets IMS
Log equipment carries out abnormal behaviour diagnosis early warning, and the firmware version batch upgrade for realizing magnanimity access network equipment, Remote configuration are certainly
Dynamic update and status real time monitor, are not necessarily to manual intervention, realize the automatic operation management of IMS access network equipment, noninductive in user
Capture terminal device abnormality at the first time when knowing perceives terminal device in advance and goes offline the abnormal conditions of trustship, realizes quilt
Dynamic support changes to taking the initiative in offering a hand.
2, a kind of IMS network behavior diagnosis method for early warning and device based on active safety described in the disclosure, to IMS net
Network equipment carries out abnormal behaviour and diagnoses early warning, and the significant data information of CE equipment in timing acquiring IMS network realizes that network C E is set
Standby distributed management simplifies Apriori algorithm association analysis CE equipment flow information, log letter to centralization supervision transformation
Breath, to continue to register to IMS network expend Internet resources and network C E device systems mistake, interface fault, unlicensed user taste
It tries the exception informations such as login, unknown IP address user access, the out-of-limit, unknown flow rate of flow and distinguishes early warning, realize to Network Abnormal
The capture in advance of state, in time positioning.
3, a kind of IMS network behavior diagnosis method for early warning and device based on active safety described in the disclosure, by certainly
Dynamic synchronous IMS network CE equipment Telnet or SSH or the IP address of access classify to IMS network flow, to flow bandwidth
It is configured, once flow is out-of-limit, just automatic early-warning.
4, a kind of IMS network behavior diagnosis method for early warning and device based on active safety described in the disclosure, using mark
Quasi- D3JS technology to drawing IMS network CE equipment opens up benefit information, realizes that network is opened up the intuitive visualization of benefit and showed.
Detailed description of the invention
The accompanying drawings constituting a part of this application is used to provide further understanding of the present application, and the application's shows
Meaning property embodiment and its explanation are not constituted an undue limitation on the present application for explaining the application.
Fig. 1 is to diagnose method for early warning according to a kind of IMS network behavior based on active safety of one or more embodiments
Flow chart;
Fig. 2 is to update Service Diagnostic method for early warning according to the IMS access network equipment Remote configuration of one or more embodiments
Flow chart;
Fig. 3 is to diagnose the pre- police according to another IMS network behavior based on active safety of one or more embodiments
Method flow chart;
Fig. 4 is to diagnose method for early warning flow chart according to the IMS network CE unit exception behavior of one or more embodiments.
Specific embodiment:
Below in conjunction with the attached drawing in one or more other embodiments of the present disclosure, to one or more other embodiments of the present disclosure
In technical solution be clearly and completely described, it is clear that described embodiments are only a part of the embodiments of the present invention,
Instead of all the embodiments.Based on one or more other embodiments of the present disclosure, those of ordinary skill in the art are not being made
Every other embodiment obtained, shall fall within the protection scope of the present invention under the premise of creative work.
It is noted that following detailed description is all illustrative, it is intended to provide further instruction to the application.Unless another
It indicates, all technical and scientific terms that the present embodiment uses have and the application person of an ordinary skill in the technical field
Normally understood identical meanings.
It should be noted that term used herein above is merely to describe specific embodiment, and be not intended to restricted root
According to the illustrative embodiments of the application.As used herein, unless the context clearly indicates otherwise, otherwise singular
Also it is intended to include plural form, additionally, it should be understood that, when in the present specification using term "comprising" and/or " packet
Include " when, indicate existing characteristics, step, operation, device, component and/or their combination.
It should be noted that flowcharts and block diagrams in the drawings show according to various embodiments of the present disclosure method and
The architecture, function and operation in the cards of system.It should be noted that each box in flowchart or block diagram can represent
A part of one module, program segment or code, a part of the module, program segment or code may include one or more
A executable instruction for realizing the logic function of defined in each embodiment.It should also be noted that some alternately
Realization in, function marked in the box can also occur according to the sequence that is marked in attached drawing is different from.For example, two connect
The box even indicated can actually be basically executed in parallel or they can also be executed in a reverse order sometimes,
This depends on related function.It should also be noted that each box and flow chart in flowchart and or block diagram
And/or the combination of the box in block diagram, the dedicated hardware based system that functions or operations as defined in executing can be used are come
It realizes, or the combination of specialized hardware and computer instruction can be used to realize.
In the absence of conflict, the feature in the embodiment and embodiment in the disclosure can be combined with each other, and tie below
It closes attached drawing and embodiment is described further the disclosure.
Fig. 1 is a kind of IMS network behavior diagnosis method for early warning flow chart based on active safety suitable for the present embodiment,
As shown in Figure 1,
A kind of IMS network behavior diagnosis method for early warning based on active safety, this method comprises:
Step (1): the basic parameter information and data configuration information template of predefined IMS access network equipment;
In the method, the basic parameter information of the IMS access network equipment includes equipment board, model, SN
Mark, IP address, geographical location;
The data configuration information of the IMS access network equipment include IMPI account, password, sip proxy server domain name,
Dns server domain name, number figure.
Step (2): according to practical application, IMS access network equipment control task is established, the control task includes to IMS
Batch upgrade task, the Remote configuration of access network equipment automatically update task and status monitoring task;
Step (3): starting batch upgrade task carries out IMS according to the basic parameter information of IMS access network equipment and accesses net
The batch upgrade of equipment;Starting Remote configuration automatically updates task, according to the basic parameter information and data of IMS access network equipment
The Remote configuration that configuration information carries out IMS access network equipment automatically updates;
Step (4): monitoring batch upgrade task respectively and Remote configuration automatically updates the execution state of task, task execution
Starting state monitors task after the completion, monitors IMS access network equipment presence in real time;
It in IMS access network equipment administration interface, is rendered as " green ", is detached from the online IMS access network equipment of controlled area
The not online IMS access network equipment of supervision is rendered as " red ", and the IMS access network equipment of registration or authentication exception is rendered as " orange
Color " monitors that terminal device is shown as " red " or " orange " state, thens follow the steps (5);
Step (5): when monitoring IMS access network equipment is in non-presence, safe condition exception reporting is generated simultaneously certainly
Dynamic early warning.
Further, described to be carried out according to the basic parameter information of IMS access network equipment this method the step of in (3)
The specific steps of the batch upgrade of IMS access network equipment include:
Step (3a-1): when carrying out firmware version batch upgrade to IMS access network equipment, pass through IMS access network equipment
Basic parameter information determine IMS access network equipment to batch upgrade;
When carrying out firmware version batch upgrade to IMS access network equipment, pass through equipment brand, model, SN mark, IP
The basic parameters information such as location determines the IMS access network equipments such as the IP phone to batch upgrade, AG/IAD
Step (3a-2): the IMS access network equipment to batch upgrade is imported into equipment latest firmware version, starting device is solid
The automatic upgrading of equipment firmware version is completed in part updating versions in batch service;
Step (3a-3): after the completion of configuration, judging whether the equipment operation version of IMS access network equipment is latest edition,
When equipment operation version is latest edition, starting state monitors task, otherwise continues the batch liter of IMS access network equipment
Grade.
When equipment operation version is latest edition, whether status monitoring services test the SOT state of termination normal, and return to state
Monitoring result;If results abnormity, safe condition exception reporting, and automatic report and alarm are generated.
Further, this method the step of in (3a-2), the specific step of the equipment firmware updating versions in batch service
Suddenly include:
Step (3a-2-1): IMS access network equipment is restarted according to the basic parameter information of IMS access network equipment;
IP phone, AG/IAD terminal device are restarted according to the basic parameter information of IMS access network equipment;
Step (3a-2-2): IMS access network equipment (IP phone, AG/IAD terminal device) is distinctive by TR069 agreement
RPC method sends Inform request, request downloading firmware version or patch;
Step (3a-2-3): IMS access network equipment gets firmware version by the Inform method that service provides, and realizes
Equipment firmware version remote automatic upgrading.
Further, this method the step of in (3), the basic parameter information sum number according to IMS access network equipment
Include: according to the specific steps that the Remote configuration that configuration information carries out IMS access network equipment automatically updates
Step (3b-1): when automatically updating to IMS access network equipment progress Remote configuration, pass through IMS access network equipment
Basic parameter information determine the IMS access network equipments such as the IP phone of configuration to be updated, AG/IAD;
Step (3b-2): by the IMS access network equipment starting device batch remote reboot service of configuration to be updated;It configures
Cheng Hou, equipment batch remote reboot service monitoring device configuration update result;
Step (3b-3): after the completion of configuration updates, starting state monitors task.
After the completion of configuration updates, whether status monitoring services test the SOT state of termination normal, and return to status monitoring result;Such as
Fruit results abnormity generates safe condition exception reporting, and automatic report and alarm.
Further, this method the step of in (3b-2), the equipment batch remote reboot service is updated according to configuration
The equipment associated data configuration information parameter that file is transmitted automatically updates terminal device by TR069 agreement and corresponds to parameter;
It includes IMS access network equipment IMPI account, password, sip proxy server domain name, DNS that the configuration, which updates file,
The data configurations parameter information such as server domain name, IMS access network equipment get data configuration parameter information by TR069 agreement
Afterwards, Register message is sent to sip proxy server using IMPI account, and then is registered to IMS network.
Further, in the method, the status monitoring execution status of task monitoring service;The status monitoring services
IMS access network equipment presence is monitored in real time using ICMP agreement;The automatic alarm if IMS access network equipment goes offline.
Further, this method further includes that the status monitoring services application mirror image technology real time monitoring IMS access net is set
Standby registration and authentication status, specific steps include:
In IMS core CE switch configuration Observe observation port,
By the reservation traffic of IMS access network equipment and authentication traffic mirroring in IMS core CE switch configuration Observe
Observation port, the abnormalities such as capture unregistered, failed authentication of IMS access network equipment terminal device;
Abnormal results are confirmed by testing engine when monitoring abnormality, and different to IMS access network equipment in time
Normal state is audited, and safe condition exception reporting and automatic early-warning are generated.
The status monitoring services by real time monitoring online to IMS access network equipment, registration and authentication status, with
Capture terminal device abnormality at the first time when the unaware of family perceives terminal device in advance and goes offline the abnormal conditions of trustship,
It realizes and passively supports to transformation of taking the initiative in offering a hand.Advanced perception: it means that user may not discover also, or not yet finds oneself to make
IP phone etc. is out of order, and operation maintenance personnel has just been captured by the early warning system in advance, and handles in time.
Further, this method further includes step (6): operation maintenance personnel is according to the terminal device IP address of abnormal state, far
Journey registration terminal equipment Web page carries out human configuration detection, eliminates abnormality in time.
It is as shown in Figure 2 that the IMS access network equipment Remote configuration of this method updates Service Diagnostic method for early warning flow chart.
According to the other side of one or more other embodiments of the present disclosure, a kind of computer-readable storage medium is also provided
Matter.
A kind of computer readable storage medium, wherein being stored with a plurality of instruction, described instruction is suitable for by terminal device
Reason device loads and executes a kind of IMS network behavior diagnosis method for early warning based on active safety.
According to the other side of one or more other embodiments of the present disclosure, a kind of terminal device is also provided.
A kind of terminal device, using internet terminal equipment, including processor and computer readable storage medium, processor
For realizing each instruction;Computer readable storage medium is suitable for by processor load simultaneously for storing a plurality of instruction, described instruction
It executes a kind of IMS network behavior based on active safety and diagnoses method for early warning.
According to the one aspect of one or more other embodiments of the present disclosure, a kind of IMS net based on active safety is also provided
Network behavior diagnoses method for early warning.
As shown in figure 3, a kind of IMS network behavior based on active safety diagnoses method for early warning, to IMS network CE equipment into
Row abnormal behaviour diagnoses early warning, this method comprises:
Step (1): the basic parameter information model of predefined IMS network CE equipment;
Further, in the method, the basic parameter information of the IMS network equipment includes equipment board, model, SN
Mark, IP address, geographical location;
Step (2): establishing IMS network CE apparatus management/control task, and the control task is the stream for acquiring IMS network CE equipment
Measure the data configurations information such as information, log information, security strategy, device configuration information;
When carrying out early warning to IMS network CE equipment, joined substantially according to equipment brand, model, IP address, geographical location etc.
Number information locking device object, establishes control task, starts the service of secure data automatic collection, to the number of IMS network CE equipment
It is acquired according to configuration information.
Step (3): the time interval of setting control mission bit stream acquisition starts IMS network apparatus management/control task;
For acquisition tasks, the time interval of setting information acquisition is supported to carry out 1 at interval of 24 hours, 1 hour, 5 minutes
Secondary information collection, time interval are shorter higher to system processing speed and performance requirement.
Step (4): the flow information of collected IMS network equipment, log information, device configuration information, software are leaked
The data configurations information such as hole information is retrieved and is filtered, and the machine learning algorithm association analysis different IMS network equipment is passed through
Information is acquired, the information being obtained by filtration is classified according to the classification of regulation, obtains classification data;
Step (5): classification data is matched with the early-warning conditions that matching stencil is pre-stored;Successful match illustrates to use
There are harmfulness for the calling behavior of family in the ims network, execute step (6);
Step (6): when successful match, benefit is opened up what IMS network equipment management interface visualization showed IMS network equipment
IMS network unit exception state is generated safe condition exception reporting, and automatic early-warning by information.
Kind IMS network CE unit exception behavior diagnosis method for early warning flow chart is as shown in Figure 4.
Further, in this method hair step (2), the secure data automatic collection service uses the Syslog of standard
The data configuration information of function passes IMS network CE equipment is read and write data configuration information using Syslog APIs interface, is passed through
The conf file for modifying syslog function is the classification of the specified data configuration information acquired of IMS network CE equipment.
Further, in the method, the defined classification includes flow information, log information, security strategy and sets
Standby configuration information;
Collected flow information, log information, security strategy, device configuration information etc. are retrieved and filtered, benefit
With the data configuration information content field for the IMS network CE equipment that regular expression matching extracts, Message Record insertion is generated
Database.
Contain Classification (information category) field in the regular expression, if it is flow information then message
Record is indicated using seven tuples (Message, SrcIP, DesIP, From, RequestURI, Route, DateTime), wherein often
A field respectively refers to flow main body, source IP, destination IP, calling subscriber identification, CSI called subscriber identification, routing, time, Message
It can be taken as Register (registration) flow, Session (session) flow;If it is log information, then Message Record uses five-tuple
(IP, MAC, Error, Behavior, DataTime) is indicated, respectively refers to IP address, MAC Address, the mistake of IMS network CE equipment
Prompt, user behavior, logging time;The basic of IMS network CE equipment is then matched if it is security strategy and device configuration information
Parameter information directly stores respectively with " IP address@Security Policy " and " IP address@Current Config " name
The information of acquisition.
Further, when Classification is flow information, Register (registration) flow and Session are monitored
The Message Record of two class flow of (session) flow, the SrcIP field in association analysis Message Record, judges same source IP address
Whether equipment continues the routing knot that registration or session, association analysis Route field judgement registration or session are initiated to IMS network
Fruit, and the number of statistical message record, are matched with flow information early-warning conditions.
The equipment that the flow information early-warning conditions are provided with same IP address in 5 minutes initiates registration or to another IP
The number that address initiates a session request, because IMS network received the Register of same IP device every 5 minutes under normal scene
Registration message, so the interval time of the Register message of flow information early-warning conditions setting is 5 minutes, if in 5 minutes
There are 1000 Register message, then it is assumed that frequently initiate registration to network there are same IP address equipment or frequently make a phone call
The phenomenon that consuming IMS network resource, production safety abnormal state is reported immediately at IMS network CE equipment management interface, and label is abnormal
SrcIP, DesIP, From, RequestURI field of flow, and automatic early-warning.
Further, it when Classification is log information, is excavated by machine learning algorithm from more IMS networks
Existing association between the log information that CE equipment acquires, and lookup, discovery, analysis abnormal network behavior in association, for certainly
Dynamic early warning provides sufficient clue.
The machine learning algorithm is according to actual needs to the innovatory algorithm of standard Apriori algorithm, without traversing number
According to whole log informations in library, by extracting IP address and the identical Message Record of MAC in log information, according to Datatime
Sequencing sequence, excavate Error in identical content, classified by support to the Error in log information.
The support is different from the definition in standard Apriori algorithm, the shadow for avoiding irrelevant information from classifying information
It rings, is defined as support (Error1, Error2)=identical (Error1, Error2), i.e., in different messages record
The identical content of Error field, according to the log analysis of IMS network CE equipment, the result of support is divided into system mistake, interface
Failure, unlicensed user's logon attempt, unknown IP address user accesses, flow is out-of-limit, six classifications of unknown flow rate, and day is written
The Behavior item of will Message Record.
Further, log information classification results are compared and analyzed with the log information early-warning conditions stored, one
Denier matching is system mistake, interface fault then urgent early warning;Once matching is that unlicensed user trial logs in, unknown IP user visits
It asks, reports important early warning automatically;Prompt early warning is reported automatically if out-of-limit, unknown flow rate once matching for flow.
The log information early-warning conditions are in IMS network CE equipment management interface manual configuration, by system mistake, interface event
Barrier be configured to urgent early warning, by unlicensed user attempt log in, unknown IP user access be configured to important early warning, flow is got over
Limit, unknown flow rate are configured to prompt early warning.Wherein every IMS network CE equipment allows the IP address of Telnet or SSH or access
The mode for taking automatic synchronization to configure;Flow bandwidth according to basic parameters information such as the brand and models of every IMS network CE equipment,
It is configured with reference to the interface bandwidth of CE equipment, generally 100M, 1000M;Unknown flow rate be except Register flow and
Flow information other than Session flow.
Further, when Classification is security strategy and device configuration information, " the IP address@of storage is analyzed
Security Policy " and " IP address@Current Config " the file information show IMS net using the visualization of D3JS technology
The network of network CE equipment opens up benefit information, can be automatic when network opens up benefit variation
The network of the IMS network CE equipment opens up benefit information and is presented on IMS network CE equipment management interface, " urgent " early warning
Equipment be rendered as red, the equipment of " important " early warning is rendered as orange, and the equipment of " prompt " early warning is rendered as yellow, normal shape
The equipment of state is rendered as green.
According to the other side of one or more other embodiments of the present disclosure, a kind of computer-readable storage medium is also provided
Matter.
A kind of computer readable storage medium, wherein being stored with a plurality of instruction, described instruction is suitable for by terminal device
Reason device loads and executes a kind of IMS network behavior diagnosis method for early warning based on active safety.
According to the other side of one or more other embodiments of the present disclosure, a kind of terminal device is also provided.
A kind of terminal device, using internet terminal equipment, including processor and computer readable storage medium, processor
For realizing each instruction;Computer readable storage medium is suitable for by processor load simultaneously for storing a plurality of instruction, described instruction
It executes a kind of IMS network behavior based on active safety and diagnoses method for early warning.
These computer executable instructions execute the equipment according to each reality in the disclosure
Apply method or process described in example.
In the present embodiment, computer program product may include computer readable storage medium, containing for holding
The computer-readable program instructions of row various aspects of the disclosure.Computer readable storage medium, which can be, can keep and store
By the tangible device for the instruction that instruction execution equipment uses.Computer readable storage medium for example can be-- but it is unlimited
In-- storage device electric, magnetic storage apparatus, light storage device, electric magnetic storage apparatus, semiconductor memory apparatus or above-mentioned
Any appropriate combination.The more specific example (non exhaustive list) of computer readable storage medium includes: portable computing
Machine disk, hard disk, random access memory (RAM), read-only memory (ROM), erasable programmable read only memory (EPROM or
Flash memory), static random access memory (SRAM), Portable compressed disk read-only memory (CD-ROM), digital versatile disc
(DVD), memory stick, floppy disk, mechanical coding equipment, the punch card for being for example stored thereon with instruction or groove internal projection structure, with
And above-mentioned any appropriate combination.Computer readable storage medium used herein above is not interpreted instantaneous signal itself,
The electromagnetic wave of such as radio wave or other Free propagations, the electromagnetic wave propagated by waveguide or other transmission mediums (for example,
Pass through the light pulse of fiber optic cables) or pass through electric wire transmit electric signal.
Computer-readable program instructions described herein can be downloaded to from computer readable storage medium it is each calculate/
Processing equipment, or outer computer or outer is downloaded to by network, such as internet, local area network, wide area network and/or wireless network
Portion stores equipment.Network may include copper transmission cable, optical fiber transmission, wireless transmission, router, firewall, interchanger, gateway
Computer and/or Edge Server.Adapter or network interface in each calculating/processing equipment are received from network to be counted
Calculation machine readable program instructions, and the computer-readable program instructions are forwarded, for the meter being stored in each calculating/processing equipment
In calculation machine readable storage medium storing program for executing.
Computer program instructions for executing present disclosure operation can be assembly instruction, instruction set architecture (ISA)
Instruction, machine instruction, machine-dependent instructions, microcode, firmware instructions, condition setup data or with one or more programmings
The source code or object code that any combination of language is write, the programming language include the programming language-of object-oriented such as
C++ etc., and conventional procedural programming languages-such as " C " language or similar programming language.Computer-readable program refers to
Order can be executed fully on the user computer, partly be executed on the user computer, as an independent software package
Execute, part on the user computer part on the remote computer execute or completely on a remote computer or server
It executes.In situations involving remote computers, remote computer can include local area network by the network-of any kind
(LAN) or wide area network (WAN)-is connected to subscriber computer, or, it may be connected to outer computer (such as utilize internet
Service provider is connected by internet).In some embodiments, by being believed using the state of computer-readable program instructions
Breath comes personalized customization electronic circuit, such as programmable logic circuit, field programmable gate array (FPGA) or programmable logic
Array (PLA), the electronic circuit can execute computer-readable program instructions, to realize the various aspects of present disclosure.
The disclosure the utility model has the advantages that
1, a kind of IMS network behavior diagnosis method for early warning and device based on active safety described in the disclosure, meets IMS
Log equipment carries out abnormal behaviour diagnosis early warning, and the firmware version batch upgrade for realizing magnanimity access network equipment, Remote configuration are certainly
Dynamic update and status real time monitor, are not necessarily to manual intervention, realize the automatic operation management of IMS access network equipment, noninductive in user
Capture terminal device abnormality at the first time when knowing perceives terminal device in advance and goes offline the abnormal conditions of trustship, realizes quilt
Dynamic support changes to taking the initiative in offering a hand.
2, a kind of IMS network behavior diagnosis method for early warning and device based on active safety described in the disclosure, to IMS net
Network equipment carries out abnormal behaviour and diagnoses early warning, and the significant data information of CE equipment in timing acquiring IMS network realizes that network C E is set
Standby distributed management simplifies Apriori algorithm association analysis CE equipment flow information, log letter to centralization supervision transformation
Breath, to continue to register to IMS network expend Internet resources and network C E device systems mistake, interface fault, unlicensed user taste
It tries the exception informations such as login, unknown IP address user access, the out-of-limit, unknown flow rate of flow and distinguishes early warning, realize to Network Abnormal
The capture in advance of state, in time positioning.
3, a kind of IMS network behavior diagnosis method for early warning and device based on active safety described in the disclosure, by certainly
Dynamic synchronous IMS network CE equipment Telnet or SSH or the IP address of access classify to IMS network flow, to flow bandwidth
It is configured, once flow is out-of-limit, just automatic early-warning.
4, a kind of IMS network behavior diagnosis method for early warning and device based on active safety described in the disclosure, using mark
Quasi- D3JS technology to drawing IMS network CE equipment opens up benefit information, realizes that network is opened up the intuitive visualization of benefit and showed.
The foregoing is merely preferred embodiment of the present application, are not intended to limit this application, for the skill of this field
For art personnel, various changes and changes are possible in this application.Within the spirit and principles of this application, made any to repair
Change, equivalent replacement, improvement etc., should be included within the scope of protection of this application.Therefore, the present invention is not intended to be limited to this
These embodiments shown in text, and it is to fit to the widest scope consistent with the principles and novel features disclosed herein.
Claims (10)
1. a kind of IMS network behavior based on active safety diagnoses method for early warning, which is characterized in that this method comprises:
The basic parameter information and data configuration information template of predefined IMS access network equipment;
Establish IMS access network equipment control task, the control task include to the batch upgrade task of IMS access network equipment,
Remote configuration automatically updates task and status monitoring task;
Start batch upgrade task, the batch liter of IMS access network equipment is carried out according to the basic parameter information of IMS access network equipment
Grade;Starting Remote configuration automatically updates task, is carried out according to the basic parameter information of IMS access network equipment and data configuration information
The Remote configuration of IMS access network equipment automatically updates;
Batch upgrade task is monitored respectively and Remote configuration automatically updates the execution state of task, starts shape after the completion of task execution
State monitors task, monitors IMS access network equipment presence in real time;
When monitoring IMS access network equipment is in non-presence, safe condition exception reporting and automatic early-warning are generated.
2. a kind of IMS network behavior based on active safety as described in claim 1 diagnoses method for early warning, which is characterized in that
In the method, the basic parameter information of the IMS access network equipment include equipment board, model, SN mark, IP address,
Manage position;
The data configuration information of the IMS access network equipment includes IMPI account, password, sip proxy server domain name, DNS clothes
Business device domain name, number figure.
3. a kind of IMS network behavior based on active safety as described in claim 1 diagnoses method for early warning, which is characterized in that
In the method, the tool of the batch upgrade that IMS access network equipment is carried out according to the basic parameter information of IMS access network equipment
Body step includes:
It is true by the basic parameter information of IMS access network equipment when carrying out firmware version batch upgrade to IMS access network equipment
The fixed IMS access network equipment to batch upgrade;
IMS access network equipment to batch upgrade is imported into equipment latest firmware version, starting device firmware version batch upgrade
The automatic upgrading of equipment firmware version is completed in service;
After the completion of configuration, judge whether the equipment operation version of IMS access network equipment is latest edition, when equipment operation version is
When latest edition, starting state monitors task, otherwise continues the batch upgrade of IMS access network equipment.
Further, in the method, the specific steps of the equipment firmware updating versions in batch service include:
IMS access network equipment is restarted according to the basic parameter information of IMS access network equipment;
IMS access network equipment sends Inform request by the distinctive RPC method of TR069 agreement, request downloading firmware version or
Patch;
IMS access network equipment gets firmware version by the Inform method that service provides, and realizes that equipment firmware version is long-range
Automatic upgrading.
Further, in the method, described to be carried out according to the basic parameter information and data configuration information of IMS access network equipment
The specific steps that the Remote configuration of IMS access network equipment automatically updates include:
It is true by the basic parameter information of IMS access network equipment when being automatically updated to IMS access network equipment progress Remote configuration
The IMS access network equipment of fixed configuration to be updated;
By the IMS access network equipment starting device batch remote reboot service of configuration to be updated;Equipment batch remote reboot service
Monitoring device configuration updates result;
After the completion of configuration updates, starting state monitors task.
Further, in the method, the equipment batch remote reboot service updates the equipment that file is transmitted according to configuration
Associated data configuration information parameter automatically updates terminal device by TR069 agreement and corresponds to parameter;
The configuration updates the device data configuration information that file includes IMS access network equipment;
IMS access network equipment gets data configuration parameter information by TR069 agreement, is taken using IMPI account to sip agent
Business device sends Register message, and then is registered to IMS network.
Further, in the method, the status monitoring execution status of task monitoring service;The status monitoring services application
ICMP agreement monitors IMS access network equipment presence in real time;
Further, this method further includes that the status monitoring services application mirror image technology monitors IMS access network equipment in real time
Registration and authentication status, specific steps include:
The reservation traffic of IMS access network equipment and authentication traffic mirroring are observed in IMS core CE switch configuration Observe
Port captures IMS access network equipment abnormality;
Abnormal results are confirmed by testing engine when monitoring abnormality, and in time to IMS access network equipment exception shape
State is audited, and safe condition exception reporting and automatic early-warning are generated.
Further, this method further includes IMS access network equipment IP address of the operation maintenance personnel according to abnormal state, Telnet
IMS access network equipment Web page carries out human configuration detection, eliminates abnormality in time.
4. a kind of computer readable storage medium, wherein being stored with a plurality of instruction, which is characterized in that described instruction is suitable for by terminal
The processor of equipment loads and executes a kind of IMS network behavior based on active safety as described in any one of claims 1-3
Diagnose method for early warning.
5. a kind of terminal device, using internet terminal equipment, including processor and computer readable storage medium, processor is used
In each instruction of realization;Computer readable storage medium is for storing a plurality of instruction, which is characterized in that described instruction is suitable for by handling
Device, which loads and executes a kind of IMS network behavior based on active safety as described in any one of claims 1-3, diagnoses the pre- police
Method.
6. a kind of IMS network behavior based on active safety diagnoses method for early warning, which is characterized in that this method comprises:
The basic parameter information model of predefined IMS network equipment;
IMS network apparatus management/control task is established, the control task is to acquire the data configuration information of IMS network equipment;
The time interval of control mission bit stream acquisition is set, IMS network apparatus management/control task is started;
The data configuration information of collected IMS network equipment is retrieved and filtered, machine learning algorithm association point is passed through
The acquisition information for analysing the different IMS network equipment, the information being obtained by filtration is classified according to the classification of regulation, obtains classification number
According to;
Classification data is matched with the early-warning conditions that matching stencil is pre-stored;
When successful match, benefit information is opened up what IMS network equipment management interface visualization showed IMS network equipment, by IMS net
Network unit exception state generates safe condition exception reporting, and automatic early-warning.
7. a kind of IMS network behavior based on active safety as claimed in claim 6 diagnoses method for early warning, which is characterized in that
In the method, the basic parameter information of the IMS network equipment includes equipment board, model, SN mark, IP address, geography
Position;
According to basic parameter information locking device object, control task is established, starts the service of secure data automatic collection, to IMS
The data configuration information of the network equipment is acquired.
Further, in the method, the secure data automatic collection service uses the Syslog function passes IMS net of standard
The data configuration information of network equipment reads and writes data configuration information using Syslog APIs interface, passes through modification syslog function
Conf file is the classification of the data configuration information of the specified acquisition of IMS network equipment.
Further, in the method, the defined classification includes that flow information, log information, security strategy and equipment are matched
Confidence breath;
The data configuration information content field of IMS network equipment is extracted using regular expression matching;In the regular expression
Include information category field.
8. a kind of IMS network behavior based on active safety as described in claim 1 diagnoses method for early warning, which is characterized in that
In the method, when information category is flow information, the Message Record of reservation traffic and session traffic is monitored, association analysis disappears
SrcIP field in breath record, judges whether the equipment of same source IP address continues to initiate registration or session to IMS network, closes
The route results of connection analysis Route field judgement registration or session, and the number of statistical message record, with flow information early warning item
Part is matched.
Further, in the method, it when information category is log information, is excavated by machine learning algorithm from more IMS
Existing association between the log information of network equipment acquisition,
The machine learning algorithm is by extracting IP address and the identical Message Record of MAC in log information, according to Datatime
Sequencing sequence, excavate Error in identical content, classified by support to the Error in log information,
The result of support is divided into system mistake, interface fault, unlicensed user's logon attempt, unknown IP address user access, flow
Out-of-limit, six classifications of unknown flow rate, and the Behavior item of log information record is written;
Log information classification results are matched with pre-stored early-warning conditions, matches as system mistake, interface fault, is tight
Anxious early warning;Matching is that unlicensed user trial logs in, unknown IP user accesses, and is important early warning;Once matching be flow it is out-of-limit,
Unknown flow rate, to prompt early warning.
Further, in the method, visual using D3JS technology when information category is security strategy and device configuration information
The network that change shows IMS network CE equipment opens up benefit information, and when network opens up benefit variation, IMS network unit exception state is generated
Safe condition exception reporting, and automatic early-warning.
9. a kind of computer readable storage medium, wherein being stored with a plurality of instruction, which is characterized in that described instruction is suitable for by terminal
The processor of equipment is loaded and is executed such as a kind of described in any item IMS network behaviors based on active safety of claim 6-8
Diagnose method for early warning.
10. a kind of terminal device, using internet terminal equipment, including processor and computer readable storage medium, processor
For realizing each instruction;Computer readable storage medium is for storing a plurality of instruction, which is characterized in that described instruction be suitable for by
Reason device is loaded and is executed such as a kind of described in any item IMS network behavior diagnosis early warning based on active safety of claim 6-8
Method.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201811380034.2A CN109361548B (en) | 2018-11-20 | 2018-11-20 | IMS network behavior diagnosis early warning method and device based on active security |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201811380034.2A CN109361548B (en) | 2018-11-20 | 2018-11-20 | IMS network behavior diagnosis early warning method and device based on active security |
Publications (2)
Publication Number | Publication Date |
---|---|
CN109361548A true CN109361548A (en) | 2019-02-19 |
CN109361548B CN109361548B (en) | 2021-09-07 |
Family
ID=65332344
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201811380034.2A Active CN109361548B (en) | 2018-11-20 | 2018-11-20 | IMS network behavior diagnosis early warning method and device based on active security |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN109361548B (en) |
Cited By (9)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN109951344A (en) * | 2019-04-02 | 2019-06-28 | 国网内蒙古东部电力有限公司信息通信分公司 | IMS support O&M warning system and method based on big data analysis |
CN110430100A (en) * | 2019-08-27 | 2019-11-08 | 中国工商银行股份有限公司 | Network connectivty detection method and device |
CN111597084A (en) * | 2019-02-20 | 2020-08-28 | 长鑫存储技术有限公司 | Safety early warning method and device, electronic equipment and storage medium |
CN112333202A (en) * | 2020-11-25 | 2021-02-05 | 国网山东省电力公司信息通信公司 | TR069 protocol-based IMS access network equipment remote centralized monitoring method and system |
CN112714104A (en) * | 2020-12-09 | 2021-04-27 | 国网山东省电力公司信息通信公司 | Multi-protocol adaptive IMS access network equipment remote management system and method |
CN113037573A (en) * | 2021-05-25 | 2021-06-25 | 深圳市亿联无限科技有限公司 | Network management system and method |
CN113949822A (en) * | 2021-09-30 | 2022-01-18 | 中央广播电视总台 | Method and device for monitoring studio system, computer equipment and readable storage medium |
CN114338103A (en) * | 2021-12-15 | 2022-04-12 | 中电信数智科技有限公司 | Abnormal flow processing method and system based on TR069 protocol and log analysis |
CN115118487A (en) * | 2022-06-24 | 2022-09-27 | 山东旗帜信息有限公司 | SSH data acquisition method and system |
Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN104394132A (en) * | 2014-11-14 | 2015-03-04 | 苏州方位通讯科技有限公司 | Method for actively finding and managing VOIP (Voice Over Internet Protocol) terminal device through automatic deployment system |
CN105763389A (en) * | 2016-05-24 | 2016-07-13 | 重庆邮电大学 | Electrical power monitoring and fault information management system based on Android platform |
CN107480855A (en) * | 2017-07-06 | 2017-12-15 | 嘉兴市恒光电力建设有限责任公司华创分公司 | Managing and control system is rushed to repair in distribution |
-
2018
- 2018-11-20 CN CN201811380034.2A patent/CN109361548B/en active Active
Patent Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN104394132A (en) * | 2014-11-14 | 2015-03-04 | 苏州方位通讯科技有限公司 | Method for actively finding and managing VOIP (Voice Over Internet Protocol) terminal device through automatic deployment system |
CN105763389A (en) * | 2016-05-24 | 2016-07-13 | 重庆邮电大学 | Electrical power monitoring and fault information management system based on Android platform |
CN107480855A (en) * | 2017-07-06 | 2017-12-15 | 嘉兴市恒光电力建设有限责任公司华创分公司 | Managing and control system is rushed to repair in distribution |
Non-Patent Citations (1)
Title |
---|
孙黎丽 等: "基于EPON+EoC技术的有线电视宽带接入网综合网络管理系统研究", 《广播与电视》 * |
Cited By (15)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN111597084A (en) * | 2019-02-20 | 2020-08-28 | 长鑫存储技术有限公司 | Safety early warning method and device, electronic equipment and storage medium |
CN109951344B (en) * | 2019-04-02 | 2021-10-22 | 国网内蒙古东部电力有限公司信息通信分公司 | IMS supporting operation and maintenance alarm system and method based on big data analysis |
CN109951344A (en) * | 2019-04-02 | 2019-06-28 | 国网内蒙古东部电力有限公司信息通信分公司 | IMS support O&M warning system and method based on big data analysis |
CN110430100A (en) * | 2019-08-27 | 2019-11-08 | 中国工商银行股份有限公司 | Network connectivty detection method and device |
CN112333202A (en) * | 2020-11-25 | 2021-02-05 | 国网山东省电力公司信息通信公司 | TR069 protocol-based IMS access network equipment remote centralized monitoring method and system |
CN112333202B (en) * | 2020-11-25 | 2021-10-26 | 国网山东省电力公司信息通信公司 | TR069 protocol-based IMS access network equipment remote centralized monitoring method and system |
CN112714104A (en) * | 2020-12-09 | 2021-04-27 | 国网山东省电力公司信息通信公司 | Multi-protocol adaptive IMS access network equipment remote management system and method |
CN113037573B (en) * | 2021-05-25 | 2021-07-30 | 深圳市亿联无限科技有限公司 | Network management system and method |
CN113037573A (en) * | 2021-05-25 | 2021-06-25 | 深圳市亿联无限科技有限公司 | Network management system and method |
CN113949822A (en) * | 2021-09-30 | 2022-01-18 | 中央广播电视总台 | Method and device for monitoring studio system, computer equipment and readable storage medium |
CN113949822B (en) * | 2021-09-30 | 2023-12-19 | 中央广播电视总台 | Method and device for monitoring performance system, computer equipment and readable storage medium |
CN114338103A (en) * | 2021-12-15 | 2022-04-12 | 中电信数智科技有限公司 | Abnormal flow processing method and system based on TR069 protocol and log analysis |
CN114338103B (en) * | 2021-12-15 | 2024-01-19 | 中电信数智科技有限公司 | Abnormal flow position method and system based on TR069 protocol combined log analysis |
CN115118487A (en) * | 2022-06-24 | 2022-09-27 | 山东旗帜信息有限公司 | SSH data acquisition method and system |
CN115118487B (en) * | 2022-06-24 | 2023-08-25 | 山东旗帜信息有限公司 | SSH data acquisition method and system |
Also Published As
Publication number | Publication date |
---|---|
CN109361548B (en) | 2021-09-07 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN109361548A (en) | A kind of IMS network behavior diagnosis method for early warning and device based on active safety | |
EP1461927B1 (en) | A method and system for modelling, analysis, and display of network security events | |
CN102820984B (en) | Automatic network topology detection and modeling | |
CN102158360B (en) | Network fault self-diagnosis method based on causal relationship positioning of time factors | |
EP1450511A1 (en) | Device and method for simulating network traffic treatments of a network using policy rules | |
CN110535710A (en) | Remote diagnosis method and system, the network equipment and Cloud Server of the network equipment | |
CN106789177A (en) | A kind of system of dealing with network breakdown | |
AU2002348415A1 (en) | A method and system for modeling, analysis and display of network security events | |
US7286965B2 (en) | Modular evolving knowledge-based diagnostic device for use in communication networks | |
CN111431747A (en) | Automatic monitoring method for plant area network | |
CN112291075A (en) | Network fault positioning method and device, computer equipment and storage medium | |
CN103597466B (en) | Real time data based on data-pushing is monitored | |
CN201813382U (en) | Network monitoring system for carrier rocket test and launch controll | |
CN107819596B (en) | SDN network fault diagnosis method, device and system | |
CN105306303B (en) | The real-time monitoring system of failure and terminal network appliance based on terminal network appliance | |
CN107426014A (en) | A kind of management system of EOC equipment | |
US7395186B2 (en) | Diagnostic device using adaptive diagnostic models, for use in a communication network | |
CN108512699B (en) | Block chain service server data anomaly detection method and equipment and block chain system | |
CN101197714A (en) | Method for centrally capturing mobile data service condition | |
CN101431435B (en) | Connection-oriented service configuration and management method | |
CN107302529A (en) | Database security auditing system and method based on scene perception | |
Varga et al. | Integration of service-level monitoring with fault management for end-to-end multi-provider ethernet services | |
CN109144802A (en) | Internet of Things module health control diagnostic method | |
Han et al. | Computer network failure and solution | |
Alcock et al. | Improving intent correctness with automated testing |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |