CN109361548A - A kind of IMS network behavior diagnosis method for early warning and device based on active safety - Google Patents

A kind of IMS network behavior diagnosis method for early warning and device based on active safety Download PDF

Info

Publication number
CN109361548A
CN109361548A CN201811380034.2A CN201811380034A CN109361548A CN 109361548 A CN109361548 A CN 109361548A CN 201811380034 A CN201811380034 A CN 201811380034A CN 109361548 A CN109361548 A CN 109361548A
Authority
CN
China
Prior art keywords
ims
network equipment
access network
equipment
information
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201811380034.2A
Other languages
Chinese (zh)
Other versions
CN109361548B (en
Inventor
孙丽丽
翟洪婷
刘小芸
赵连增
李亮
朱春莹
王敏
曹新智
张化代
李小川
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
State Grid Corp of China SGCC
Information and Telecommunication Branch of State Grid Shandong Electric Power Co Ltd
Original Assignee
State Grid Corp of China SGCC
Information and Telecommunication Branch of State Grid Shandong Electric Power Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by State Grid Corp of China SGCC, Information and Telecommunication Branch of State Grid Shandong Electric Power Co Ltd filed Critical State Grid Corp of China SGCC
Priority to CN201811380034.2A priority Critical patent/CN109361548B/en
Publication of CN109361548A publication Critical patent/CN109361548A/en
Application granted granted Critical
Publication of CN109361548B publication Critical patent/CN109361548B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/06Management of faults, events, alarms or notifications
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/08Configuration management of networks or network elements
    • H04L41/0803Configuration setting
    • H04L41/0813Configuration setting characterised by the conditions triggering a change of settings
    • H04L41/082Configuration setting characterised by the conditions triggering a change of settings the condition being updates or upgrades of network functionality
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L43/00Arrangements for monitoring or testing data switching networks
    • H04L43/08Monitoring or testing based on specific metrics, e.g. QoS, energy consumption or environmental parameters
    • H04L43/0805Monitoring or testing based on specific metrics, e.g. QoS, energy consumption or environmental parameters by checking availability
    • H04L43/0811Monitoring or testing based on specific metrics, e.g. QoS, energy consumption or environmental parameters by checking availability by checking connectivity
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • H04L63/0227Filtering policies
    • H04L63/0254Stateful filtering
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0815Network architectures or network communication protocols for network security for authentication of entities providing single-sign-on or federations
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • H04L63/1425Traffic logging, e.g. anomaly detection
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/20Network architectures or network communication protocols for network security for managing network security; network security policies in general
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L65/00Network arrangements, protocols or services for supporting real-time applications in data packet communication
    • H04L65/10Architectures or entities
    • H04L65/1016IP multimedia subsystem [IMS]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L65/00Network arrangements, protocols or services for supporting real-time applications in data packet communication
    • H04L65/10Architectures or entities
    • H04L65/1045Proxies, e.g. for session initiation protocol [SIP]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L65/00Network arrangements, protocols or services for supporting real-time applications in data packet communication
    • H04L65/1066Session management
    • H04L65/1101Session protocols
    • H04L65/1104Session initiation protocol [SIP]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/133Protocols for remote procedure calls [RPC]

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • Multimedia (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • General Business, Economics & Management (AREA)
  • Business, Economics & Management (AREA)
  • Environmental & Geological Engineering (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)
  • Telephonic Communication Services (AREA)

Abstract

The IMS network behavior diagnosis method for early warning and device that the invention discloses a kind of based on active safety, realize IMS access network equipment remote supervisory, and advanced awareness apparatus is online, registration and authentication status, to IMS access network equipment abnormality automatic early-warning;Comprehensive sensing IMS network equipment security postures, real-time diagnosis network equipment health status, visualization show network topology data and running log;Active safety policy mechanism is provided, network flow is managed, abnormal flow is filtered in advance.

Description

A kind of IMS network behavior diagnosis method for early warning and device based on active safety
Technical field
The disclosure belongs to the technical field of communications network security, is related to a kind of IMS network behavior based on active safety and examines Disconnected method for early warning and device.
Background technique
Only there is provided background technical informations relevant to the disclosure for the statement of this part, it is not necessary to so constitute first skill Art.
State Grid Corporation of China's existing telephone switching network is gradually from programme-controlled exchange to IMS technical system evolution, IMS (IP Multimedia Subsystem, IP multimedia subsystem) administration telephone switching network (hereinafter referred to as " IMS network ") is carried on number According to communication network, support IP phone, AG (Access Gateway, access gateway)/IAD (Integrated Access Device, Integrated access equipment) the multiple terminals access such as equipment, SIP (the Session Initiation that terminal user sends Protocol, session initiation protocol) message by wide area, local area data communication net carries out transmitting interaction.However, due to IMS net The expansibility of the flexible complexity of network framework, Session Initiation Protocol, IMS network architecture still remain disadvantage, one side IP phone, AG/ The IMS access network equipment such as IAD substantial amounts, dispersion deployment, lack effective regulatory measure;Another aspect IMS core CE The network equipments abnormalities such as (Customer Edge, customer network edge) equipment, access net CE equipment can not capture in time. Ensure IMS access network equipment security control, realize the timely capture of IMS network unit exception state, guarantees that sip message is transmitting Integrality, confidentiality in the process becomes the main problem that IMS administration telephone switching network faces.
There are the problem of concrete analysis it is as follows:
First is that IMS access network equipment novel maintenance is difficult.By taking the company of the Shandong Guo Wang as an example, the access such as SIP phone, AG/IAD 100,000 line of net equipment is deployed in provincial company our department, 17 companies of city, 98 companies of county, subordinate units etc., geographical location point respectively It dissipates, since the shortage automation means such as IMS access network equipment Remote configuration updates, on-line monitoring lead to not advanced awareness apparatus Operating status.Device configuration file time-consuming consumption is updated by manual patrol inspection means circumvention device operation risk, manually at present Power.
Second is that IMS network unit exception state capture is difficult.By taking the company of the Shandong Guo Wang as an example, IMS network CE interchanger 3000 Remaining platform lacks network equipment health operating status efficient diagnosis mechanism, can not capture in advance, timely locating network device exception shape State.
Third is that network flow control difficulty is big.Company's IMS network is carried on data communication network, each provincial company IMS core CE Equipment not only receives the flow information of this province access side device, and also unconditional receive saves S-CSCF from other nets (Serving-Call Session Control Function, service-call session control function) network element, ENS (DNS/ Enum Server) network element, I-CSCF (Interrogating-Call Session Control Function, inquiry-calling Conversation control function) network element signaling and media information, lack effective net flow assorted, flow restriction and hand of telling truth from falsehood Section.
Summary of the invention
For the deficiencies in the prior art, one or more other embodiments of the present disclosure provide a kind of based on actively peace Full IMS network behavior diagnosis method for early warning and device, realize IMS access network equipment remote supervisory, advanced awareness apparatus is online, Registration and authentication status, to IMS access network equipment abnormality automatic early-warning;Comprehensive sensing IMS network equipment security postures, Real-time diagnosis network equipment health status, visualization show network topology data and running log;Active safety strategy machine is provided System, manages network flow, filters in advance to abnormal flow.
According to the one aspect of one or more other embodiments of the present disclosure, a kind of IMS network based on active safety is provided Behavior diagnoses method for early warning.
A kind of IMS network behavior diagnosis method for early warning based on active safety, this method comprises:
The basic parameter information and data configuration information template of predefined IMS access network equipment;
IMS access network equipment control task is established, the control task includes appointing to the batch upgrade of IMS access network equipment Business, Remote configuration automatically update task and status monitoring task;
Start batch upgrade task, batch of IMS access network equipment is carried out according to the basic parameter information of IMS access network equipment Amount upgrading;Starting Remote configuration automatically updates task, according to the basic parameter information and data configuration information of IMS access network equipment The Remote configuration for carrying out IMS access network equipment automatically updates;
Batch upgrade task is monitored respectively and Remote configuration automatically updates the execution state of task, is opened after the completion of task execution Dynamic status monitoring task, monitors IMS access network equipment presence in real time;
When monitoring IMS access network equipment is in non-presence, safe condition exception reporting and automatic early-warning are generated.
Further, in the method, the basic parameter information of the IMS access network equipment include equipment board, model, SN mark, IP address, geographical location;
The data configuration information of the IMS access network equipment include IMPI account, password, sip proxy server domain name, Dns server domain name, number figure.
Further, in the method, described that IMS access net is carried out according to the basic parameter information of IMS access network equipment The specific steps of the batch upgrade of equipment include:
When carrying out firmware version batch upgrade to IMS access network equipment, believed by the basic parameter of IMS access network equipment Breath determines the IMS access network equipment to batch upgrade;
IMS access network equipment to batch upgrade is imported into equipment latest firmware version, starting device firmware version batch The automatic upgrading of equipment firmware version is completed in upgrade service;
After the completion of configuration, judge whether the equipment operation version of IMS access network equipment is latest edition, when equipment runs version When this is latest edition, starting state monitors task, otherwise continues the batch upgrade of IMS access network equipment.
Further, in the method, the specific steps of the equipment firmware updating versions in batch service include:
IMS access network equipment is restarted according to the basic parameter information of IMS access network equipment;
IMS access network equipment sends Inform request, request downloading firmware version by the distinctive RPC method of TR069 agreement Sheet or patch;
IMS access network equipment gets firmware version by the Inform method that service provides, and realizes equipment firmware version Remote automatic upgrading.
Further, in the method, the basic parameter information and data configuration information according to IMS access network equipment The specific steps that automatically update of Remote configuration for carrying out IMS access network equipment include:
When automatically updating to IMS access network equipment progress Remote configuration, the basic parameter for passing through IMS access network equipment is believed Breath determines the IMS access network equipment of configuration to be updated;
By the IMS access network equipment starting device batch remote reboot service of configuration to be updated;Equipment batch remote reboot Service monitoring device configuration updates result;
After the completion of configuration updates, starting state monitors task.
Further, in the method, the equipment batch remote reboot service updates what file was transmitted according to configuration Equipment associated data configuration information parameter automatically updates terminal device by TR069 agreement and corresponds to parameter;
The configuration updates the device data configuration information that file includes IMS access network equipment;
IMS access network equipment gets data configuration parameter information by TR069 agreement, using IMPI account to SIP generation It manages server and sends Register message, and then be registered to IMS network.
Further, in the method, the status monitoring execution status of task monitoring service;The status monitoring services IMS access network equipment presence is monitored in real time using ICMP agreement;
Further, this method further includes that the status monitoring services application mirror image technology real time monitoring IMS access net is set Standby registration and authentication status, specific steps include:
By the reservation traffic of IMS access network equipment and authentication traffic mirroring in IMS core CE switch configuration Observe Observation port captures IMS access network equipment abnormality;
Abnormal results are confirmed by testing engine when monitoring abnormality, and different to IMS access network equipment in time Normal state is audited, and safe condition exception reporting and automatic early-warning are generated.
Further, this method further includes, and operation maintenance personnel is according to the IMS access network equipment IP address of abnormal state, remotely It logs in IMS access network equipment Web page and carries out human configuration detection, eliminate abnormality in time.
According to the other side of one or more other embodiments of the present disclosure, a kind of computer-readable storage medium is also provided Matter.
A kind of computer readable storage medium, wherein being stored with a plurality of instruction, described instruction is suitable for by terminal device Reason device loads and executes a kind of IMS network behavior diagnosis method for early warning based on active safety.
According to the other side of one or more other embodiments of the present disclosure, a kind of terminal device is also provided.
A kind of terminal device, using internet terminal equipment, including processor and computer readable storage medium, processor For realizing each instruction;Computer readable storage medium is suitable for by processor load simultaneously for storing a plurality of instruction, described instruction It executes a kind of IMS network behavior based on active safety and diagnoses method for early warning.
According to the one aspect of one or more other embodiments of the present disclosure, a kind of IMS net based on active safety is also provided Network behavior diagnoses method for early warning.
A kind of IMS network behavior diagnosis method for early warning based on active safety, this method comprises:
The basic parameter information model of predefined IMS network equipment;
IMS network apparatus management/control task is established, the control task is to acquire the data configuration information of IMS network equipment;
The time interval of control mission bit stream acquisition is set, IMS network apparatus management/control task is started;
The data configuration information of collected IMS network equipment is retrieved and filtered, is closed by machine learning algorithm The acquisition information of the connection analysis different IMS network equipment, the information being obtained by filtration is classified according to the classification of regulation, is divided Class data;
Classification data is matched with the early-warning conditions that matching stencil is pre-stored;
When successful match, benefit information is opened up what IMS network equipment management interface visualization showed IMS network equipment, it will IMS network unit exception state generates safe condition exception reporting, and automatic early-warning.
Further, in the method, the basic parameter information of the IMS network equipment includes equipment board, model, SN Mark, IP address, geographical location;
According to basic parameter information locking device object, control task is established, starts the service of secure data automatic collection, it is right The data configuration information of IMS network equipment is acquired.
Further, in the method, the secure data automatic collection service uses the Syslog function passes of standard The data configuration information of IMS network equipment reads and writes data configuration information using Syslog APIs interface, by modifying syslog The conf file of function is the classification of the data configuration information of the specified acquisition of IMS network equipment.
Further, in the method, the defined classification includes flow information, log information, security strategy and sets Standby configuration information;
The data configuration information content field of IMS network equipment is extracted using regular expression matching;The regular expressions It include information category field in formula.
Further, in the method, when information category is flow information, disappearing for reservation traffic and session traffic is monitored Breath records, the SrcIP field in association analysis Message Record, judges whether the equipment of same source IP address continues to IMS network Initiate the route results of registration or session, association analysis Route field judgement registration or session, and the number of statistical message record Mesh is matched with flow information early-warning conditions.
Further, in the method, it when information category is log information, is excavated by machine learning algorithm from Duo Tai Existing association between the log information of IMS network equipment acquisition,
The machine learning algorithm, which passes through, extracts IP address and the identical Message Record of MAC in log information, according to The sequencing of Datatime sorts, and the identical content in Error is excavated, by support to the Error in log information Classify, the result of support is divided into system mistake, interface fault, unlicensed user's logon attempt, unknown IP address user Access, flow is out-of-limit, six classifications of unknown flow rate, and the Behavior item of log information record is written;
Log information classification results are matched with pre-stored early-warning conditions, are matched as system mistake, interface fault, For urgent early warning;Matching is that unlicensed user trial logs in, unknown IP user accesses, and is important early warning;Matching be flow it is out-of-limit, Unknown flow rate, to prompt early warning;
By automatic synchronization IMS network CE equipment Telnet or SSH or the IP address of access to IMS net in flow is out-of-limit Network flow is classified, and is configured to flow bandwidth.
Further, in the method, when information category is security strategy and device configuration information, using D3JS technology The network that visualization shows IMS network CE equipment opens up benefit information, when network opens up benefit variation, by IMS network unit exception state Generate safe condition exception reporting, and automatic early-warning.
According to the other side of one or more other embodiments of the present disclosure, a kind of computer-readable storage medium is also provided Matter.
A kind of computer readable storage medium, wherein being stored with a plurality of instruction, described instruction is suitable for by terminal device Reason device loads and executes a kind of IMS network behavior diagnosis method for early warning based on active safety.
According to the other side of one or more other embodiments of the present disclosure, a kind of terminal device is also provided.
A kind of terminal device, using internet terminal equipment, including processor and computer readable storage medium, processor For realizing each instruction;Computer readable storage medium is suitable for by processor load simultaneously for storing a plurality of instruction, described instruction It executes a kind of IMS network behavior based on active safety and diagnoses method for early warning.
The disclosure the utility model has the advantages that
1, a kind of IMS network behavior diagnosis method for early warning and device based on active safety described in the disclosure, meets IMS Log equipment carries out abnormal behaviour diagnosis early warning, and the firmware version batch upgrade for realizing magnanimity access network equipment, Remote configuration are certainly Dynamic update and status real time monitor, are not necessarily to manual intervention, realize the automatic operation management of IMS access network equipment, noninductive in user Capture terminal device abnormality at the first time when knowing perceives terminal device in advance and goes offline the abnormal conditions of trustship, realizes quilt Dynamic support changes to taking the initiative in offering a hand.
2, a kind of IMS network behavior diagnosis method for early warning and device based on active safety described in the disclosure, to IMS net Network equipment carries out abnormal behaviour and diagnoses early warning, and the significant data information of CE equipment in timing acquiring IMS network realizes that network C E is set Standby distributed management simplifies Apriori algorithm association analysis CE equipment flow information, log letter to centralization supervision transformation Breath, to continue to register to IMS network expend Internet resources and network C E device systems mistake, interface fault, unlicensed user taste It tries the exception informations such as login, unknown IP address user access, the out-of-limit, unknown flow rate of flow and distinguishes early warning, realize to Network Abnormal The capture in advance of state, in time positioning.
3, a kind of IMS network behavior diagnosis method for early warning and device based on active safety described in the disclosure, by certainly Dynamic synchronous IMS network CE equipment Telnet or SSH or the IP address of access classify to IMS network flow, to flow bandwidth It is configured, once flow is out-of-limit, just automatic early-warning.
4, a kind of IMS network behavior diagnosis method for early warning and device based on active safety described in the disclosure, using mark Quasi- D3JS technology to drawing IMS network CE equipment opens up benefit information, realizes that network is opened up the intuitive visualization of benefit and showed.
Detailed description of the invention
The accompanying drawings constituting a part of this application is used to provide further understanding of the present application, and the application's shows Meaning property embodiment and its explanation are not constituted an undue limitation on the present application for explaining the application.
Fig. 1 is to diagnose method for early warning according to a kind of IMS network behavior based on active safety of one or more embodiments Flow chart;
Fig. 2 is to update Service Diagnostic method for early warning according to the IMS access network equipment Remote configuration of one or more embodiments Flow chart;
Fig. 3 is to diagnose the pre- police according to another IMS network behavior based on active safety of one or more embodiments Method flow chart;
Fig. 4 is to diagnose method for early warning flow chart according to the IMS network CE unit exception behavior of one or more embodiments.
Specific embodiment:
Below in conjunction with the attached drawing in one or more other embodiments of the present disclosure, to one or more other embodiments of the present disclosure In technical solution be clearly and completely described, it is clear that described embodiments are only a part of the embodiments of the present invention, Instead of all the embodiments.Based on one or more other embodiments of the present disclosure, those of ordinary skill in the art are not being made Every other embodiment obtained, shall fall within the protection scope of the present invention under the premise of creative work.
It is noted that following detailed description is all illustrative, it is intended to provide further instruction to the application.Unless another It indicates, all technical and scientific terms that the present embodiment uses have and the application person of an ordinary skill in the technical field Normally understood identical meanings.
It should be noted that term used herein above is merely to describe specific embodiment, and be not intended to restricted root According to the illustrative embodiments of the application.As used herein, unless the context clearly indicates otherwise, otherwise singular Also it is intended to include plural form, additionally, it should be understood that, when in the present specification using term "comprising" and/or " packet Include " when, indicate existing characteristics, step, operation, device, component and/or their combination.
It should be noted that flowcharts and block diagrams in the drawings show according to various embodiments of the present disclosure method and The architecture, function and operation in the cards of system.It should be noted that each box in flowchart or block diagram can represent A part of one module, program segment or code, a part of the module, program segment or code may include one or more A executable instruction for realizing the logic function of defined in each embodiment.It should also be noted that some alternately Realization in, function marked in the box can also occur according to the sequence that is marked in attached drawing is different from.For example, two connect The box even indicated can actually be basically executed in parallel or they can also be executed in a reverse order sometimes, This depends on related function.It should also be noted that each box and flow chart in flowchart and or block diagram And/or the combination of the box in block diagram, the dedicated hardware based system that functions or operations as defined in executing can be used are come It realizes, or the combination of specialized hardware and computer instruction can be used to realize.
In the absence of conflict, the feature in the embodiment and embodiment in the disclosure can be combined with each other, and tie below It closes attached drawing and embodiment is described further the disclosure.
Fig. 1 is a kind of IMS network behavior diagnosis method for early warning flow chart based on active safety suitable for the present embodiment, As shown in Figure 1,
A kind of IMS network behavior diagnosis method for early warning based on active safety, this method comprises:
Step (1): the basic parameter information and data configuration information template of predefined IMS access network equipment;
In the method, the basic parameter information of the IMS access network equipment includes equipment board, model, SN
Mark, IP address, geographical location;
The data configuration information of the IMS access network equipment include IMPI account, password, sip proxy server domain name, Dns server domain name, number figure.
Step (2): according to practical application, IMS access network equipment control task is established, the control task includes to IMS Batch upgrade task, the Remote configuration of access network equipment automatically update task and status monitoring task;
Step (3): starting batch upgrade task carries out IMS according to the basic parameter information of IMS access network equipment and accesses net The batch upgrade of equipment;Starting Remote configuration automatically updates task, according to the basic parameter information and data of IMS access network equipment The Remote configuration that configuration information carries out IMS access network equipment automatically updates;
Step (4): monitoring batch upgrade task respectively and Remote configuration automatically updates the execution state of task, task execution Starting state monitors task after the completion, monitors IMS access network equipment presence in real time;
It in IMS access network equipment administration interface, is rendered as " green ", is detached from the online IMS access network equipment of controlled area The not online IMS access network equipment of supervision is rendered as " red ", and the IMS access network equipment of registration or authentication exception is rendered as " orange Color " monitors that terminal device is shown as " red " or " orange " state, thens follow the steps (5);
Step (5): when monitoring IMS access network equipment is in non-presence, safe condition exception reporting is generated simultaneously certainly Dynamic early warning.
Further, described to be carried out according to the basic parameter information of IMS access network equipment this method the step of in (3) The specific steps of the batch upgrade of IMS access network equipment include:
Step (3a-1): when carrying out firmware version batch upgrade to IMS access network equipment, pass through IMS access network equipment Basic parameter information determine IMS access network equipment to batch upgrade;
When carrying out firmware version batch upgrade to IMS access network equipment, pass through equipment brand, model, SN mark, IP The basic parameters information such as location determines the IMS access network equipments such as the IP phone to batch upgrade, AG/IAD
Step (3a-2): the IMS access network equipment to batch upgrade is imported into equipment latest firmware version, starting device is solid The automatic upgrading of equipment firmware version is completed in part updating versions in batch service;
Step (3a-3): after the completion of configuration, judging whether the equipment operation version of IMS access network equipment is latest edition, When equipment operation version is latest edition, starting state monitors task, otherwise continues the batch liter of IMS access network equipment Grade.
When equipment operation version is latest edition, whether status monitoring services test the SOT state of termination normal, and return to state Monitoring result;If results abnormity, safe condition exception reporting, and automatic report and alarm are generated.
Further, this method the step of in (3a-2), the specific step of the equipment firmware updating versions in batch service Suddenly include:
Step (3a-2-1): IMS access network equipment is restarted according to the basic parameter information of IMS access network equipment;
IP phone, AG/IAD terminal device are restarted according to the basic parameter information of IMS access network equipment;
Step (3a-2-2): IMS access network equipment (IP phone, AG/IAD terminal device) is distinctive by TR069 agreement RPC method sends Inform request, request downloading firmware version or patch;
Step (3a-2-3): IMS access network equipment gets firmware version by the Inform method that service provides, and realizes Equipment firmware version remote automatic upgrading.
Further, this method the step of in (3), the basic parameter information sum number according to IMS access network equipment Include: according to the specific steps that the Remote configuration that configuration information carries out IMS access network equipment automatically updates
Step (3b-1): when automatically updating to IMS access network equipment progress Remote configuration, pass through IMS access network equipment Basic parameter information determine the IMS access network equipments such as the IP phone of configuration to be updated, AG/IAD;
Step (3b-2): by the IMS access network equipment starting device batch remote reboot service of configuration to be updated;It configures Cheng Hou, equipment batch remote reboot service monitoring device configuration update result;
Step (3b-3): after the completion of configuration updates, starting state monitors task.
After the completion of configuration updates, whether status monitoring services test the SOT state of termination normal, and return to status monitoring result;Such as Fruit results abnormity generates safe condition exception reporting, and automatic report and alarm.
Further, this method the step of in (3b-2), the equipment batch remote reboot service is updated according to configuration The equipment associated data configuration information parameter that file is transmitted automatically updates terminal device by TR069 agreement and corresponds to parameter;
It includes IMS access network equipment IMPI account, password, sip proxy server domain name, DNS that the configuration, which updates file, The data configurations parameter information such as server domain name, IMS access network equipment get data configuration parameter information by TR069 agreement Afterwards, Register message is sent to sip proxy server using IMPI account, and then is registered to IMS network.
Further, in the method, the status monitoring execution status of task monitoring service;The status monitoring services IMS access network equipment presence is monitored in real time using ICMP agreement;The automatic alarm if IMS access network equipment goes offline.
Further, this method further includes that the status monitoring services application mirror image technology real time monitoring IMS access net is set Standby registration and authentication status, specific steps include:
In IMS core CE switch configuration Observe observation port,
By the reservation traffic of IMS access network equipment and authentication traffic mirroring in IMS core CE switch configuration Observe Observation port, the abnormalities such as capture unregistered, failed authentication of IMS access network equipment terminal device;
Abnormal results are confirmed by testing engine when monitoring abnormality, and different to IMS access network equipment in time Normal state is audited, and safe condition exception reporting and automatic early-warning are generated.
The status monitoring services by real time monitoring online to IMS access network equipment, registration and authentication status, with Capture terminal device abnormality at the first time when the unaware of family perceives terminal device in advance and goes offline the abnormal conditions of trustship, It realizes and passively supports to transformation of taking the initiative in offering a hand.Advanced perception: it means that user may not discover also, or not yet finds oneself to make IP phone etc. is out of order, and operation maintenance personnel has just been captured by the early warning system in advance, and handles in time.
Further, this method further includes step (6): operation maintenance personnel is according to the terminal device IP address of abnormal state, far Journey registration terminal equipment Web page carries out human configuration detection, eliminates abnormality in time.
It is as shown in Figure 2 that the IMS access network equipment Remote configuration of this method updates Service Diagnostic method for early warning flow chart.
According to the other side of one or more other embodiments of the present disclosure, a kind of computer-readable storage medium is also provided Matter.
A kind of computer readable storage medium, wherein being stored with a plurality of instruction, described instruction is suitable for by terminal device Reason device loads and executes a kind of IMS network behavior diagnosis method for early warning based on active safety.
According to the other side of one or more other embodiments of the present disclosure, a kind of terminal device is also provided.
A kind of terminal device, using internet terminal equipment, including processor and computer readable storage medium, processor For realizing each instruction;Computer readable storage medium is suitable for by processor load simultaneously for storing a plurality of instruction, described instruction It executes a kind of IMS network behavior based on active safety and diagnoses method for early warning.
According to the one aspect of one or more other embodiments of the present disclosure, a kind of IMS net based on active safety is also provided Network behavior diagnoses method for early warning.
As shown in figure 3, a kind of IMS network behavior based on active safety diagnoses method for early warning, to IMS network CE equipment into Row abnormal behaviour diagnoses early warning, this method comprises:
Step (1): the basic parameter information model of predefined IMS network CE equipment;
Further, in the method, the basic parameter information of the IMS network equipment includes equipment board, model, SN Mark, IP address, geographical location;
Step (2): establishing IMS network CE apparatus management/control task, and the control task is the stream for acquiring IMS network CE equipment Measure the data configurations information such as information, log information, security strategy, device configuration information;
When carrying out early warning to IMS network CE equipment, joined substantially according to equipment brand, model, IP address, geographical location etc. Number information locking device object, establishes control task, starts the service of secure data automatic collection, to the number of IMS network CE equipment It is acquired according to configuration information.
Step (3): the time interval of setting control mission bit stream acquisition starts IMS network apparatus management/control task;
For acquisition tasks, the time interval of setting information acquisition is supported to carry out 1 at interval of 24 hours, 1 hour, 5 minutes Secondary information collection, time interval are shorter higher to system processing speed and performance requirement.
Step (4): the flow information of collected IMS network equipment, log information, device configuration information, software are leaked The data configurations information such as hole information is retrieved and is filtered, and the machine learning algorithm association analysis different IMS network equipment is passed through Information is acquired, the information being obtained by filtration is classified according to the classification of regulation, obtains classification data;
Step (5): classification data is matched with the early-warning conditions that matching stencil is pre-stored;Successful match illustrates to use There are harmfulness for the calling behavior of family in the ims network, execute step (6);
Step (6): when successful match, benefit is opened up what IMS network equipment management interface visualization showed IMS network equipment IMS network unit exception state is generated safe condition exception reporting, and automatic early-warning by information.
Kind IMS network CE unit exception behavior diagnosis method for early warning flow chart is as shown in Figure 4.
Further, in this method hair step (2), the secure data automatic collection service uses the Syslog of standard The data configuration information of function passes IMS network CE equipment is read and write data configuration information using Syslog APIs interface, is passed through The conf file for modifying syslog function is the classification of the specified data configuration information acquired of IMS network CE equipment.
Further, in the method, the defined classification includes flow information, log information, security strategy and sets Standby configuration information;
Collected flow information, log information, security strategy, device configuration information etc. are retrieved and filtered, benefit With the data configuration information content field for the IMS network CE equipment that regular expression matching extracts, Message Record insertion is generated Database.
Contain Classification (information category) field in the regular expression, if it is flow information then message Record is indicated using seven tuples (Message, SrcIP, DesIP, From, RequestURI, Route, DateTime), wherein often A field respectively refers to flow main body, source IP, destination IP, calling subscriber identification, CSI called subscriber identification, routing, time, Message It can be taken as Register (registration) flow, Session (session) flow;If it is log information, then Message Record uses five-tuple (IP, MAC, Error, Behavior, DataTime) is indicated, respectively refers to IP address, MAC Address, the mistake of IMS network CE equipment Prompt, user behavior, logging time;The basic of IMS network CE equipment is then matched if it is security strategy and device configuration information Parameter information directly stores respectively with " IP address@Security Policy " and " IP address@Current Config " name The information of acquisition.
Further, when Classification is flow information, Register (registration) flow and Session are monitored The Message Record of two class flow of (session) flow, the SrcIP field in association analysis Message Record, judges same source IP address Whether equipment continues the routing knot that registration or session, association analysis Route field judgement registration or session are initiated to IMS network Fruit, and the number of statistical message record, are matched with flow information early-warning conditions.
The equipment that the flow information early-warning conditions are provided with same IP address in 5 minutes initiates registration or to another IP The number that address initiates a session request, because IMS network received the Register of same IP device every 5 minutes under normal scene Registration message, so the interval time of the Register message of flow information early-warning conditions setting is 5 minutes, if in 5 minutes There are 1000 Register message, then it is assumed that frequently initiate registration to network there are same IP address equipment or frequently make a phone call The phenomenon that consuming IMS network resource, production safety abnormal state is reported immediately at IMS network CE equipment management interface, and label is abnormal SrcIP, DesIP, From, RequestURI field of flow, and automatic early-warning.
Further, it when Classification is log information, is excavated by machine learning algorithm from more IMS networks Existing association between the log information that CE equipment acquires, and lookup, discovery, analysis abnormal network behavior in association, for certainly Dynamic early warning provides sufficient clue.
The machine learning algorithm is according to actual needs to the innovatory algorithm of standard Apriori algorithm, without traversing number According to whole log informations in library, by extracting IP address and the identical Message Record of MAC in log information, according to Datatime Sequencing sequence, excavate Error in identical content, classified by support to the Error in log information.
The support is different from the definition in standard Apriori algorithm, the shadow for avoiding irrelevant information from classifying information It rings, is defined as support (Error1, Error2)=identical (Error1, Error2), i.e., in different messages record The identical content of Error field, according to the log analysis of IMS network CE equipment, the result of support is divided into system mistake, interface Failure, unlicensed user's logon attempt, unknown IP address user accesses, flow is out-of-limit, six classifications of unknown flow rate, and day is written The Behavior item of will Message Record.
Further, log information classification results are compared and analyzed with the log information early-warning conditions stored, one Denier matching is system mistake, interface fault then urgent early warning;Once matching is that unlicensed user trial logs in, unknown IP user visits It asks, reports important early warning automatically;Prompt early warning is reported automatically if out-of-limit, unknown flow rate once matching for flow.
The log information early-warning conditions are in IMS network CE equipment management interface manual configuration, by system mistake, interface event Barrier be configured to urgent early warning, by unlicensed user attempt log in, unknown IP user access be configured to important early warning, flow is got over Limit, unknown flow rate are configured to prompt early warning.Wherein every IMS network CE equipment allows the IP address of Telnet or SSH or access The mode for taking automatic synchronization to configure;Flow bandwidth according to basic parameters information such as the brand and models of every IMS network CE equipment, It is configured with reference to the interface bandwidth of CE equipment, generally 100M, 1000M;Unknown flow rate be except Register flow and Flow information other than Session flow.
Further, when Classification is security strategy and device configuration information, " the IP address@of storage is analyzed Security Policy " and " IP address@Current Config " the file information show IMS net using the visualization of D3JS technology The network of network CE equipment opens up benefit information, can be automatic when network opens up benefit variation
The network of the IMS network CE equipment opens up benefit information and is presented on IMS network CE equipment management interface, " urgent " early warning Equipment be rendered as red, the equipment of " important " early warning is rendered as orange, and the equipment of " prompt " early warning is rendered as yellow, normal shape The equipment of state is rendered as green.
According to the other side of one or more other embodiments of the present disclosure, a kind of computer-readable storage medium is also provided Matter.
A kind of computer readable storage medium, wherein being stored with a plurality of instruction, described instruction is suitable for by terminal device Reason device loads and executes a kind of IMS network behavior diagnosis method for early warning based on active safety.
According to the other side of one or more other embodiments of the present disclosure, a kind of terminal device is also provided.
A kind of terminal device, using internet terminal equipment, including processor and computer readable storage medium, processor For realizing each instruction;Computer readable storage medium is suitable for by processor load simultaneously for storing a plurality of instruction, described instruction It executes a kind of IMS network behavior based on active safety and diagnoses method for early warning.
These computer executable instructions execute the equipment according to each reality in the disclosure Apply method or process described in example.
In the present embodiment, computer program product may include computer readable storage medium, containing for holding The computer-readable program instructions of row various aspects of the disclosure.Computer readable storage medium, which can be, can keep and store By the tangible device for the instruction that instruction execution equipment uses.Computer readable storage medium for example can be-- but it is unlimited In-- storage device electric, magnetic storage apparatus, light storage device, electric magnetic storage apparatus, semiconductor memory apparatus or above-mentioned Any appropriate combination.The more specific example (non exhaustive list) of computer readable storage medium includes: portable computing Machine disk, hard disk, random access memory (RAM), read-only memory (ROM), erasable programmable read only memory (EPROM or Flash memory), static random access memory (SRAM), Portable compressed disk read-only memory (CD-ROM), digital versatile disc (DVD), memory stick, floppy disk, mechanical coding equipment, the punch card for being for example stored thereon with instruction or groove internal projection structure, with And above-mentioned any appropriate combination.Computer readable storage medium used herein above is not interpreted instantaneous signal itself, The electromagnetic wave of such as radio wave or other Free propagations, the electromagnetic wave propagated by waveguide or other transmission mediums (for example, Pass through the light pulse of fiber optic cables) or pass through electric wire transmit electric signal.
Computer-readable program instructions described herein can be downloaded to from computer readable storage medium it is each calculate/ Processing equipment, or outer computer or outer is downloaded to by network, such as internet, local area network, wide area network and/or wireless network Portion stores equipment.Network may include copper transmission cable, optical fiber transmission, wireless transmission, router, firewall, interchanger, gateway Computer and/or Edge Server.Adapter or network interface in each calculating/processing equipment are received from network to be counted Calculation machine readable program instructions, and the computer-readable program instructions are forwarded, for the meter being stored in each calculating/processing equipment In calculation machine readable storage medium storing program for executing.
Computer program instructions for executing present disclosure operation can be assembly instruction, instruction set architecture (ISA) Instruction, machine instruction, machine-dependent instructions, microcode, firmware instructions, condition setup data or with one or more programmings The source code or object code that any combination of language is write, the programming language include the programming language-of object-oriented such as C++ etc., and conventional procedural programming languages-such as " C " language or similar programming language.Computer-readable program refers to Order can be executed fully on the user computer, partly be executed on the user computer, as an independent software package Execute, part on the user computer part on the remote computer execute or completely on a remote computer or server It executes.In situations involving remote computers, remote computer can include local area network by the network-of any kind (LAN) or wide area network (WAN)-is connected to subscriber computer, or, it may be connected to outer computer (such as utilize internet Service provider is connected by internet).In some embodiments, by being believed using the state of computer-readable program instructions Breath comes personalized customization electronic circuit, such as programmable logic circuit, field programmable gate array (FPGA) or programmable logic Array (PLA), the electronic circuit can execute computer-readable program instructions, to realize the various aspects of present disclosure.
The disclosure the utility model has the advantages that
1, a kind of IMS network behavior diagnosis method for early warning and device based on active safety described in the disclosure, meets IMS Log equipment carries out abnormal behaviour diagnosis early warning, and the firmware version batch upgrade for realizing magnanimity access network equipment, Remote configuration are certainly Dynamic update and status real time monitor, are not necessarily to manual intervention, realize the automatic operation management of IMS access network equipment, noninductive in user Capture terminal device abnormality at the first time when knowing perceives terminal device in advance and goes offline the abnormal conditions of trustship, realizes quilt Dynamic support changes to taking the initiative in offering a hand.
2, a kind of IMS network behavior diagnosis method for early warning and device based on active safety described in the disclosure, to IMS net Network equipment carries out abnormal behaviour and diagnoses early warning, and the significant data information of CE equipment in timing acquiring IMS network realizes that network C E is set Standby distributed management simplifies Apriori algorithm association analysis CE equipment flow information, log letter to centralization supervision transformation Breath, to continue to register to IMS network expend Internet resources and network C E device systems mistake, interface fault, unlicensed user taste It tries the exception informations such as login, unknown IP address user access, the out-of-limit, unknown flow rate of flow and distinguishes early warning, realize to Network Abnormal The capture in advance of state, in time positioning.
3, a kind of IMS network behavior diagnosis method for early warning and device based on active safety described in the disclosure, by certainly Dynamic synchronous IMS network CE equipment Telnet or SSH or the IP address of access classify to IMS network flow, to flow bandwidth It is configured, once flow is out-of-limit, just automatic early-warning.
4, a kind of IMS network behavior diagnosis method for early warning and device based on active safety described in the disclosure, using mark Quasi- D3JS technology to drawing IMS network CE equipment opens up benefit information, realizes that network is opened up the intuitive visualization of benefit and showed.
The foregoing is merely preferred embodiment of the present application, are not intended to limit this application, for the skill of this field For art personnel, various changes and changes are possible in this application.Within the spirit and principles of this application, made any to repair Change, equivalent replacement, improvement etc., should be included within the scope of protection of this application.Therefore, the present invention is not intended to be limited to this These embodiments shown in text, and it is to fit to the widest scope consistent with the principles and novel features disclosed herein.

Claims (10)

1. a kind of IMS network behavior based on active safety diagnoses method for early warning, which is characterized in that this method comprises:
The basic parameter information and data configuration information template of predefined IMS access network equipment;
Establish IMS access network equipment control task, the control task include to the batch upgrade task of IMS access network equipment, Remote configuration automatically updates task and status monitoring task;
Start batch upgrade task, the batch liter of IMS access network equipment is carried out according to the basic parameter information of IMS access network equipment Grade;Starting Remote configuration automatically updates task, is carried out according to the basic parameter information of IMS access network equipment and data configuration information The Remote configuration of IMS access network equipment automatically updates;
Batch upgrade task is monitored respectively and Remote configuration automatically updates the execution state of task, starts shape after the completion of task execution State monitors task, monitors IMS access network equipment presence in real time;
When monitoring IMS access network equipment is in non-presence, safe condition exception reporting and automatic early-warning are generated.
2. a kind of IMS network behavior based on active safety as described in claim 1 diagnoses method for early warning, which is characterized in that In the method, the basic parameter information of the IMS access network equipment include equipment board, model, SN mark, IP address, Manage position;
The data configuration information of the IMS access network equipment includes IMPI account, password, sip proxy server domain name, DNS clothes Business device domain name, number figure.
3. a kind of IMS network behavior based on active safety as described in claim 1 diagnoses method for early warning, which is characterized in that In the method, the tool of the batch upgrade that IMS access network equipment is carried out according to the basic parameter information of IMS access network equipment Body step includes:
It is true by the basic parameter information of IMS access network equipment when carrying out firmware version batch upgrade to IMS access network equipment The fixed IMS access network equipment to batch upgrade;
IMS access network equipment to batch upgrade is imported into equipment latest firmware version, starting device firmware version batch upgrade The automatic upgrading of equipment firmware version is completed in service;
After the completion of configuration, judge whether the equipment operation version of IMS access network equipment is latest edition, when equipment operation version is When latest edition, starting state monitors task, otherwise continues the batch upgrade of IMS access network equipment.
Further, in the method, the specific steps of the equipment firmware updating versions in batch service include:
IMS access network equipment is restarted according to the basic parameter information of IMS access network equipment;
IMS access network equipment sends Inform request by the distinctive RPC method of TR069 agreement, request downloading firmware version or Patch;
IMS access network equipment gets firmware version by the Inform method that service provides, and realizes that equipment firmware version is long-range Automatic upgrading.
Further, in the method, described to be carried out according to the basic parameter information and data configuration information of IMS access network equipment The specific steps that the Remote configuration of IMS access network equipment automatically updates include:
It is true by the basic parameter information of IMS access network equipment when being automatically updated to IMS access network equipment progress Remote configuration The IMS access network equipment of fixed configuration to be updated;
By the IMS access network equipment starting device batch remote reboot service of configuration to be updated;Equipment batch remote reboot service Monitoring device configuration updates result;
After the completion of configuration updates, starting state monitors task.
Further, in the method, the equipment batch remote reboot service updates the equipment that file is transmitted according to configuration Associated data configuration information parameter automatically updates terminal device by TR069 agreement and corresponds to parameter;
The configuration updates the device data configuration information that file includes IMS access network equipment;
IMS access network equipment gets data configuration parameter information by TR069 agreement, is taken using IMPI account to sip agent Business device sends Register message, and then is registered to IMS network.
Further, in the method, the status monitoring execution status of task monitoring service;The status monitoring services application ICMP agreement monitors IMS access network equipment presence in real time;
Further, this method further includes that the status monitoring services application mirror image technology monitors IMS access network equipment in real time Registration and authentication status, specific steps include:
The reservation traffic of IMS access network equipment and authentication traffic mirroring are observed in IMS core CE switch configuration Observe Port captures IMS access network equipment abnormality;
Abnormal results are confirmed by testing engine when monitoring abnormality, and in time to IMS access network equipment exception shape State is audited, and safe condition exception reporting and automatic early-warning are generated.
Further, this method further includes IMS access network equipment IP address of the operation maintenance personnel according to abnormal state, Telnet IMS access network equipment Web page carries out human configuration detection, eliminates abnormality in time.
4. a kind of computer readable storage medium, wherein being stored with a plurality of instruction, which is characterized in that described instruction is suitable for by terminal The processor of equipment loads and executes a kind of IMS network behavior based on active safety as described in any one of claims 1-3 Diagnose method for early warning.
5. a kind of terminal device, using internet terminal equipment, including processor and computer readable storage medium, processor is used In each instruction of realization;Computer readable storage medium is for storing a plurality of instruction, which is characterized in that described instruction is suitable for by handling Device, which loads and executes a kind of IMS network behavior based on active safety as described in any one of claims 1-3, diagnoses the pre- police Method.
6. a kind of IMS network behavior based on active safety diagnoses method for early warning, which is characterized in that this method comprises:
The basic parameter information model of predefined IMS network equipment;
IMS network apparatus management/control task is established, the control task is to acquire the data configuration information of IMS network equipment;
The time interval of control mission bit stream acquisition is set, IMS network apparatus management/control task is started;
The data configuration information of collected IMS network equipment is retrieved and filtered, machine learning algorithm association point is passed through The acquisition information for analysing the different IMS network equipment, the information being obtained by filtration is classified according to the classification of regulation, obtains classification number According to;
Classification data is matched with the early-warning conditions that matching stencil is pre-stored;
When successful match, benefit information is opened up what IMS network equipment management interface visualization showed IMS network equipment, by IMS net Network unit exception state generates safe condition exception reporting, and automatic early-warning.
7. a kind of IMS network behavior based on active safety as claimed in claim 6 diagnoses method for early warning, which is characterized in that In the method, the basic parameter information of the IMS network equipment includes equipment board, model, SN mark, IP address, geography Position;
According to basic parameter information locking device object, control task is established, starts the service of secure data automatic collection, to IMS The data configuration information of the network equipment is acquired.
Further, in the method, the secure data automatic collection service uses the Syslog function passes IMS net of standard The data configuration information of network equipment reads and writes data configuration information using Syslog APIs interface, passes through modification syslog function Conf file is the classification of the data configuration information of the specified acquisition of IMS network equipment.
Further, in the method, the defined classification includes that flow information, log information, security strategy and equipment are matched Confidence breath;
The data configuration information content field of IMS network equipment is extracted using regular expression matching;In the regular expression Include information category field.
8. a kind of IMS network behavior based on active safety as described in claim 1 diagnoses method for early warning, which is characterized in that In the method, when information category is flow information, the Message Record of reservation traffic and session traffic is monitored, association analysis disappears SrcIP field in breath record, judges whether the equipment of same source IP address continues to initiate registration or session to IMS network, closes The route results of connection analysis Route field judgement registration or session, and the number of statistical message record, with flow information early warning item Part is matched.
Further, in the method, it when information category is log information, is excavated by machine learning algorithm from more IMS Existing association between the log information of network equipment acquisition,
The machine learning algorithm is by extracting IP address and the identical Message Record of MAC in log information, according to Datatime Sequencing sequence, excavate Error in identical content, classified by support to the Error in log information, The result of support is divided into system mistake, interface fault, unlicensed user's logon attempt, unknown IP address user access, flow Out-of-limit, six classifications of unknown flow rate, and the Behavior item of log information record is written;
Log information classification results are matched with pre-stored early-warning conditions, matches as system mistake, interface fault, is tight Anxious early warning;Matching is that unlicensed user trial logs in, unknown IP user accesses, and is important early warning;Once matching be flow it is out-of-limit, Unknown flow rate, to prompt early warning.
Further, in the method, visual using D3JS technology when information category is security strategy and device configuration information The network that change shows IMS network CE equipment opens up benefit information, and when network opens up benefit variation, IMS network unit exception state is generated Safe condition exception reporting, and automatic early-warning.
9. a kind of computer readable storage medium, wherein being stored with a plurality of instruction, which is characterized in that described instruction is suitable for by terminal The processor of equipment is loaded and is executed such as a kind of described in any item IMS network behaviors based on active safety of claim 6-8 Diagnose method for early warning.
10. a kind of terminal device, using internet terminal equipment, including processor and computer readable storage medium, processor For realizing each instruction;Computer readable storage medium is for storing a plurality of instruction, which is characterized in that described instruction be suitable for by Reason device is loaded and is executed such as a kind of described in any item IMS network behavior diagnosis early warning based on active safety of claim 6-8 Method.
CN201811380034.2A 2018-11-20 2018-11-20 IMS network behavior diagnosis early warning method and device based on active security Active CN109361548B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201811380034.2A CN109361548B (en) 2018-11-20 2018-11-20 IMS network behavior diagnosis early warning method and device based on active security

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201811380034.2A CN109361548B (en) 2018-11-20 2018-11-20 IMS network behavior diagnosis early warning method and device based on active security

Publications (2)

Publication Number Publication Date
CN109361548A true CN109361548A (en) 2019-02-19
CN109361548B CN109361548B (en) 2021-09-07

Family

ID=65332344

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201811380034.2A Active CN109361548B (en) 2018-11-20 2018-11-20 IMS network behavior diagnosis early warning method and device based on active security

Country Status (1)

Country Link
CN (1) CN109361548B (en)

Cited By (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109951344A (en) * 2019-04-02 2019-06-28 国网内蒙古东部电力有限公司信息通信分公司 IMS support O&M warning system and method based on big data analysis
CN110430100A (en) * 2019-08-27 2019-11-08 中国工商银行股份有限公司 Network connectivty detection method and device
CN111597084A (en) * 2019-02-20 2020-08-28 长鑫存储技术有限公司 Safety early warning method and device, electronic equipment and storage medium
CN112333202A (en) * 2020-11-25 2021-02-05 国网山东省电力公司信息通信公司 TR069 protocol-based IMS access network equipment remote centralized monitoring method and system
CN112714104A (en) * 2020-12-09 2021-04-27 国网山东省电力公司信息通信公司 Multi-protocol adaptive IMS access network equipment remote management system and method
CN113037573A (en) * 2021-05-25 2021-06-25 深圳市亿联无限科技有限公司 Network management system and method
CN113949822A (en) * 2021-09-30 2022-01-18 中央广播电视总台 Method and device for monitoring studio system, computer equipment and readable storage medium
CN114338103A (en) * 2021-12-15 2022-04-12 中电信数智科技有限公司 Abnormal flow processing method and system based on TR069 protocol and log analysis
CN115118487A (en) * 2022-06-24 2022-09-27 山东旗帜信息有限公司 SSH data acquisition method and system

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104394132A (en) * 2014-11-14 2015-03-04 苏州方位通讯科技有限公司 Method for actively finding and managing VOIP (Voice Over Internet Protocol) terminal device through automatic deployment system
CN105763389A (en) * 2016-05-24 2016-07-13 重庆邮电大学 Electrical power monitoring and fault information management system based on Android platform
CN107480855A (en) * 2017-07-06 2017-12-15 嘉兴市恒光电力建设有限责任公司华创分公司 Managing and control system is rushed to repair in distribution

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104394132A (en) * 2014-11-14 2015-03-04 苏州方位通讯科技有限公司 Method for actively finding and managing VOIP (Voice Over Internet Protocol) terminal device through automatic deployment system
CN105763389A (en) * 2016-05-24 2016-07-13 重庆邮电大学 Electrical power monitoring and fault information management system based on Android platform
CN107480855A (en) * 2017-07-06 2017-12-15 嘉兴市恒光电力建设有限责任公司华创分公司 Managing and control system is rushed to repair in distribution

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
孙黎丽 等: "基于EPON+EoC技术的有线电视宽带接入网综合网络管理系统研究", 《广播与电视》 *

Cited By (15)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111597084A (en) * 2019-02-20 2020-08-28 长鑫存储技术有限公司 Safety early warning method and device, electronic equipment and storage medium
CN109951344B (en) * 2019-04-02 2021-10-22 国网内蒙古东部电力有限公司信息通信分公司 IMS supporting operation and maintenance alarm system and method based on big data analysis
CN109951344A (en) * 2019-04-02 2019-06-28 国网内蒙古东部电力有限公司信息通信分公司 IMS support O&M warning system and method based on big data analysis
CN110430100A (en) * 2019-08-27 2019-11-08 中国工商银行股份有限公司 Network connectivty detection method and device
CN112333202A (en) * 2020-11-25 2021-02-05 国网山东省电力公司信息通信公司 TR069 protocol-based IMS access network equipment remote centralized monitoring method and system
CN112333202B (en) * 2020-11-25 2021-10-26 国网山东省电力公司信息通信公司 TR069 protocol-based IMS access network equipment remote centralized monitoring method and system
CN112714104A (en) * 2020-12-09 2021-04-27 国网山东省电力公司信息通信公司 Multi-protocol adaptive IMS access network equipment remote management system and method
CN113037573B (en) * 2021-05-25 2021-07-30 深圳市亿联无限科技有限公司 Network management system and method
CN113037573A (en) * 2021-05-25 2021-06-25 深圳市亿联无限科技有限公司 Network management system and method
CN113949822A (en) * 2021-09-30 2022-01-18 中央广播电视总台 Method and device for monitoring studio system, computer equipment and readable storage medium
CN113949822B (en) * 2021-09-30 2023-12-19 中央广播电视总台 Method and device for monitoring performance system, computer equipment and readable storage medium
CN114338103A (en) * 2021-12-15 2022-04-12 中电信数智科技有限公司 Abnormal flow processing method and system based on TR069 protocol and log analysis
CN114338103B (en) * 2021-12-15 2024-01-19 中电信数智科技有限公司 Abnormal flow position method and system based on TR069 protocol combined log analysis
CN115118487A (en) * 2022-06-24 2022-09-27 山东旗帜信息有限公司 SSH data acquisition method and system
CN115118487B (en) * 2022-06-24 2023-08-25 山东旗帜信息有限公司 SSH data acquisition method and system

Also Published As

Publication number Publication date
CN109361548B (en) 2021-09-07

Similar Documents

Publication Publication Date Title
CN109361548A (en) A kind of IMS network behavior diagnosis method for early warning and device based on active safety
EP1461927B1 (en) A method and system for modelling, analysis, and display of network security events
CN102820984B (en) Automatic network topology detection and modeling
CN102158360B (en) Network fault self-diagnosis method based on causal relationship positioning of time factors
EP1450511A1 (en) Device and method for simulating network traffic treatments of a network using policy rules
CN110535710A (en) Remote diagnosis method and system, the network equipment and Cloud Server of the network equipment
CN106789177A (en) A kind of system of dealing with network breakdown
AU2002348415A1 (en) A method and system for modeling, analysis and display of network security events
US7286965B2 (en) Modular evolving knowledge-based diagnostic device for use in communication networks
CN111431747A (en) Automatic monitoring method for plant area network
CN112291075A (en) Network fault positioning method and device, computer equipment and storage medium
CN103597466B (en) Real time data based on data-pushing is monitored
CN201813382U (en) Network monitoring system for carrier rocket test and launch controll
CN107819596B (en) SDN network fault diagnosis method, device and system
CN105306303B (en) The real-time monitoring system of failure and terminal network appliance based on terminal network appliance
CN107426014A (en) A kind of management system of EOC equipment
US7395186B2 (en) Diagnostic device using adaptive diagnostic models, for use in a communication network
CN108512699B (en) Block chain service server data anomaly detection method and equipment and block chain system
CN101197714A (en) Method for centrally capturing mobile data service condition
CN101431435B (en) Connection-oriented service configuration and management method
CN107302529A (en) Database security auditing system and method based on scene perception
Varga et al. Integration of service-level monitoring with fault management for end-to-end multi-provider ethernet services
CN109144802A (en) Internet of Things module health control diagnostic method
Han et al. Computer network failure and solution
Alcock et al. Improving intent correctness with automated testing

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant