Summary of the invention
Based on this, it is necessary in view of the above technical problems, provide a kind of network security monitoring device that can be improved efficiency,
Method and system.
To achieve the goals above, on the one hand, the embodiment of the invention provides a kind of network security monitoring device, network peaces
Full monitoring device is respectively deployed in control zone and production management area;Network security monitoring device includes data analysis set-up, is
Managing device of uniting and data acquisition device;Data analysis set-up connects data acquisition device, and system management facility and data acquire
Device connection;
System management facility is acquired to data and is filled based on acquisition configuration signal, the confirmation data acquisition modes received
Set transmission acquisition instructions;Data acquisition modes include active data acquisition and the acquisition of passive data;Data acquisition device is according to adopting
Collection instruction, sets control zone, noncontrolled area and production management area in electric power monitoring system using corresponding data acquisition modes
It is standby to carry out data acquisition, and collected device log data and equipment traffic flow data are transferred to data analysis set-up;
Data analysis set-up is based on device log data and equipment traffic flow data, is analyzed as a result, and to system, main website
System transimiison analysis result.
Device log data and equipment traffic flow data are transferred to master by data analysis set-up in one of the embodiments,
It stands system;
Data analysis set-up includes that outside threat analytical unit, itself vulnerability analysis unit and original document analysis are single
Member;
Outside threat analytical unit, itself vulnerability analysis unit, original document analytical unit connect data acquisition device;
Outside threat analytical unit is for analyzing external access data;
Itself vulnerability analysis unit is used for the data that analytical equipment itself generates;
Original document analytical unit is used for the original file data of analytical equipment.
Outside threat analytical unit is used for analytical equipment network communication data, external equipment in one of the embodiments,
Data and manual operation behavioral data obtain analysis as a result, and to main station system transimiison analysis result.
Itself vulnerability analysis module is for analyzing online IP assets information in one of the embodiments, each equipment it
Between logical topology connection relation information and each equipment operation system information, open port information, operation data, baseline
Data, loophole data obtain analysis as a result, and to main station system transimiison analysis result.
Equipment includes host equipment, the network equipment and safety equipment.
Original document analysis module is set for analyzing host equipment, the network equipment and safety in one of the embodiments,
Standby log information and the original message information for analysing the network equipment obtain analysis as a result, and to main station system transimiison analysis knot
Fruit.
Active data acquisition includes SNMP, ICMP and SSH in one of the embodiments,;Passive data, which acquire, includes
SNMP Trap, Syslog and flow sniff.
It in one of the embodiments, further include the communication device for connecting data analysis set-up;
Data analysis set-up is communicated by communication device to main station system transimiison analysis result, device log data and equipment
Flow data.
On the one hand, the embodiment of the invention also provides a kind of network security monitoring methods, comprising the following steps:
System management facility is acquired to data and is filled based on acquisition configuration signal, the confirmation data acquisition modes received
Set transmission acquisition instructions;Data acquisition modes include active data acquisition and the acquisition of passive data;Data acquisition device is according to adopting
Collection instruction, sets control zone, noncontrolled area and production management area in electric power monitoring system using corresponding data acquisition modes
It is standby to carry out data acquisition, and collected device log data and equipment traffic flow data are transferred to data analysis set-up;
Data analysis set-up is based on device log data and equipment traffic flow data, is analyzed as a result, and to system, main website
System transimiison analysis result.
On the other hand, it the embodiment of the invention also provides a kind of Network Security Monitor System, including main station system, is connected to
First network safety insulating device between control zone and noncontrolled area, be connected between noncontrolled area and production management area
The network security monitoring device of two network safety isolators and at least two such as any one of claim 1 to 7;
First network safety insulating device connects the second network safety isolator by system bus;Each network security prison
Control device is separately connected system bus and main station system.
First network safety insulating device includes that the first positive isolating device and first are reversed in one of the embodiments,
Isolating device;Second network safety isolator includes the second positive isolating device and the second reverse isolation device;
First positive isolating device or the first reverse isolation device pass through the positive isolating device of system bus connection second;
First positive isolating device or the first reverse isolation device pass through system bus the second reverse isolation device of connection.
A technical solution in above-mentioned technical proposal is had the following advantages and beneficial effects:
Network security monitoring device disclosed in the present application is deployed in the control zone and production management area of electric power monitoring system, uses
Network security in monitoring control zone, noncontrolled area and production management area equipment.The application can by system management facility into
Row setting data acquisition modes, effectively acquire information needed data by different data acquisition modes.Data acquisition device
Data acquisition is carried out to the equipment in control zone, noncontrolled area and production management area, obtains device log data and equipment communication
Flow data.Data analysis set-up analyzes obtained data information, obtains data analysis result, and by data analysis result
It is transferred to main station system.Network security monitoring device disclosed in the present application can be effectively solved traditional technology acquisition means not
Foot, verify inefficiency the problem of, network safety situation can be monitored with accurate analysis and early warning, improve to electric power supervise
Control the efficiency of system network safety monitoring.
Specific embodiment
The application in order to facilitate understanding is described more fully the application below with reference to relevant drawings.In attached drawing
Give the preferred embodiment of the application.But the application can realize in many different forms, however it is not limited to this paper institute
The embodiment of description.On the contrary, purpose of providing these embodiments is make it is more thorough and comprehensive to disclosure of this application.
It should be noted that it can be directly to separately when an element is considered as " connection " another element
One element and it is in combination be integrated, or may be simultaneously present centering elements.Term as used herein " being set to ", " portion
It is deployed on " and similar statement is for illustrative purposes only.
Unless otherwise defined, all technical and scientific terms used herein and the technical field for belonging to the application
The normally understood meaning of technical staff is identical.Term used in the description of the present application is intended merely to describe specific reality
Apply the purpose of example, it is not intended that in limitation the application.Term " and or " used herein includes one or more relevant institutes
Any and all combinations of list of items.
In one embodiment, as shown in Figure 1, providing a kind of network security monitoring device, network security monitoring device
It is respectively deployed in control zone and production management area;Network security monitoring device includes data analysis set-up 130, system administration dress
Set 110 and data acquisition device 120;Data analysis set-up 120 connects data acquisition device 120, system management facility 110 and number
It is connected according to acquisition device 120;
System management facility 110 is acquired based on acquisition configuration signal, the confirmation data acquisition modes received to data
Device 120 transmits acquisition instructions;Data acquisition modes include active data acquisition and the acquisition of passive data;Data acquisition device
120 according to acquisition instructions, using corresponding data acquisition modes to the equipment of control zone in electric power monitoring system, noncontrolled area
Equipment and the equipment in production management area carry out data acquisition, and collected device log data and equipment traffic flow data are passed
It is defeated by data analysis set-up 130;
Data analysis set-up 130 is based on device log data and equipment traffic flow data, is analyzed as a result, and to main website
System transimiison analysis result.
Specifically, data acquisition device is set to the control zone and production management area of electric power monitoring system, for monitoring
The network security of noncontrolled area, production management area and control zone equipment, acquisition target are control zone, noncontrolled area and production management
Universal host machine equipment, embedded host equipment in area, the network equipment, safety equipment.It is set by data acquisition device to above-mentioned
Standby to carry out data acquisition, data analysis set-up analyzes collected device log data and equipment traffic flow data, will
Obtained analysis result is transferred to main station system.
In a specific example, universal host machine equipment includes server, the work station using the general-purpose operating system, insertion
Formula host equipment include using non-universal operating system or the embedded equipment without operating system, the network equipment include interchanger,
The network communication equipments such as router.Safety equipment include firewall, longitudinal encryption authentication device, positive isolating device, reversely every
From networks peaces such as device, Situation Awareness acquisition device, intruding detection system (IDS), O&M operation auditing system, Anti-Virus
Full equipment.
Further, acquisition mode is divided into actively acquisition and passive acquisition, and acquisition content includes log information and communication stream
Information.Specifically, the acquisition data of universal host machine equipment should include log information, the acquisition data of embedded host equipment should be wrapped
Log information is included, the acquisition data of the network equipment should include log information, communication stream information, and the acquisition data of safety equipment should wrap
Include log information.
Above-mentioned network security monitoring device can be configured data acquisition modes, different numbers by system management facility
Information needed data can be effectively acquired according to acquisition mode.Data acquisition device is to, control zone, noncontrolled area and production management
Equipment in area carries out data acquisition, obtains device log data and equipment traffic flow data.Data analysis set-up is to obtaining
Data information is analyzed, and obtains data analysis result, and data analysis result is transferred to main station system.Above-mentioned network security
Monitoring device can be effectively solved the problem of insufficient traditional technology acquisition means, verification inefficiency, can be to network security
Situation be monitored with accurate analysis and early warning, improve the efficiency to electric power monitoring system network security monitoring.
In one embodiment, as shown in Fig. 2, providing a kind of network security monitoring device, network security monitoring device
It is respectively deployed in control zone and production management area;Network security monitoring device includes that data analyze 230 devices, system administration dress
Set 210 and data acquisition device 220;Data analysis set-up 230 connects data acquisition device 220, system management facility 210 and number
It is connected according to acquisition device 220;
System management facility 210 is acquired based on acquisition configuration signal, the confirmation data acquisition modes received to data
Device 220 transmits acquisition instructions;Data acquisition modes include active data acquisition and the acquisition of passive data;Data acquisition device
220 manage control zone, noncontrolled area and production in electric power monitoring system according to acquisition instructions, using corresponding data acquisition modes
The equipment for managing area carries out data acquisition, and collected device log data and equipment traffic flow data are transferred to data analysis
Device 230;
Data analysis set-up 230 is based on device log data and equipment traffic flow data, is analyzed as a result, and to main website
System transimiison analysis result.
Wherein, device log data and equipment traffic flow data are transferred to main station system by data analysis set-up 230;
Data analysis set-up 230 includes outside threat analytical unit 2310, itself vulnerability analysis unit 2320 and original
File analyzing unit 2330;
Outside threat analytical unit 2310, itself vulnerability analysis unit 2320, original document analytical unit 2330 are distinguished
Connect data acquisition device 220;
Outside threat analytical unit 2310 is for analyzing external access data;
Itself vulnerability analysis unit 2320 is used for the data that analytical equipment itself generates;
Original document analytical unit 2330 is used for the original file data of analytical equipment.
Further, 2310 analytical equipment network communication data of outside threat analytical unit, external equipment data and artificial
Operation behavior data, and obtain analysis as a result, to main station system transimiison analysis result.
Itself vulnerability analysis module 2320 analyzes online IP assets information, the logical topology connection relationship between each equipment
The operation system information of information and each equipment, open port information, operation data, base-line data, loophole data;And it obtains
Analysis is as a result, to main station system transimiison analysis result.Equipment includes host equipment, the network equipment and safety equipment.
Original document analysis module 2330 analyzes the log information and analysis net of host equipment, the network equipment and safety equipment
The original message information of network equipment, and obtain analysis as a result, to main station system transimiison analysis result.
Active data acquisition includes SNMP, ICMP and SSH;Passive data acquisition includes SNMP Trap, Syslog and flow
Sniff.
Wherein, network security monitoring device further includes the communication device 240 for connecting data analysis set-up;
Data analysis set-up 230 to main station system transimiison analysis result, device log data and is set by communication device 240
Standby traffic flow data.
Specifically, data analysis set-up may include outside threat analytical unit, itself vulnerability analysis unit and original
Beginning file analyzing unit.Wherein outside threat analytical unit analytical equipment network communication data, external equipment data and artificial behaviour
Make behavioral data, program in machine code etc.;The online IP assets information of itself vulnerability analysis module analysis, the logic between each equipment are opened up
Flutter operation system information, open port information, operation data, the base-line data, loophole number of connection relation information and each equipment
According to;Original document analysis module analyzes the log information of host equipment, the network equipment and safety equipment and analyses the network equipment
Original message information.
Actively acquisition includes SNMP (Simple Network Management Protocol), Agent, ICMP
The modes such as (Internet Control Message Protocol), SSH (Secure Shell), network active scan, passively
Acquisition includes the modes such as SNMP Trap, Syslog, flow sniff;Acquisition content includes log information and communicates stream information, wherein
Log information refers to be collected by modes such as SNMP, SNMP Trap, Syslog, Agent, ICMP, SSH, network active scans
Information, communication stream information refer to through the collected information of flow sniff mode.
It further, include: that (1) supports analytical equipment network insertion event, packet to the analysis of device network communication data
Include: network interface insertion, network interface are extracted;(2) communication connection information in analysis network is supported, comprising: communication customer end/communication service
Hold IP, communication customer end/communication service end port, agreement, communication start time, sign off time;(3) it supports to wrap in network
FTP, the identification of http communication protocol characteristic are included, preferably supports in network the communication protocols such as including DNS, POP3, SMTP, IMAP4, TLS
Feature identification;(4) the Content of Communication information of File Transfer Protocol in reduction network, including file type, filename, file size are supported
With file MD5;(5) it supports network insertion event, communication connection information, characteristics of communication protocol information and Content of Communication information is real
When on send main station system.
Include: the peripheral hardware access events that (1) supports identification universal host machine equipment for the analysis of external equipment data, including connects
Enter and extracts;(2) the access peripheral hardware information of analysis universal host machine equipment, including peripheral type (can be sky), peripheral hardware producer are supported
(can be empty) and peripheral hardware sequence number (can be empty);(3) support by peripheral hardware access state and information it is real-time on send main station system.
Manual operation behavioral data is analyzed: (1) supporting identification universal host machine equipment, the network equipment, safety equipment
It steps on and moves back action event, including login successfully, login failure and log off;(2) the identification network equipment, safety equipment is supported to repair
Change configuration action event;(3) support that order acquisition universal host machine equipment is logged in and executed by digital certificate mode (only limits class
Unix operating system) operational order information;(4) it supports register event, modification configuration event and operational order information
On send main station system.
In addition, including: the critical file list that (1) supports reception main website to issue for program in machine code analysis;(2) it supports logical
It crosses digital certificate mode and logs in and execute the critical file letter that order obtains universal host machine equipment (only limiting class Unix operating system)
Breath, including filename, file path and file MD5;(3) support by critical file information it is real-time on send main station system.
It include: that (1) supports network sweep function to the analysis of online IP assets information, based on full protocol stack scanning mode, stream
Amount mirror-image fashion finds the online IP assets of universal host machine equipment, embedded host equipment, the network equipment and safety equipment automatically;
(2) comparison, duplicate removal and the splicing of the online IP assets information of multi-source are supported;(3) it supports to link with Situation Awareness main station system, realize
It is sent in the active of assets, lawful registration and real-time synchronization, realizes that the main station system of Asset Attributes is unified and safeguard.
It include: that (1) is supported to automatically generate universal host machine equipment, embedded for interconnecting topological data analysis between each equipment
The logical topology connection relationship of host equipment, the network equipment, safety equipment, logical topology connection relationship include serial number, safety point
Area, subnetting mark, IP subnet, vlan number (can be empty), device name (can be empty), IP address and equipment globally unique identifier
(GUID);(2) main station system is sent in support logic topological connection relation dynamic.
It include: the scan instruction that (1) support receives and executes that main website issues for the analysis of open port information data;(2)
Support analysis universal host machine equipment, embedded host equipment, the operation system information of the network equipment, safety equipment;(3) it supports to divide
Analyse universal host machine equipment, embedded host equipment, the open port information of the network equipment, safety equipment, including open port, association
Discuss title and service name;(4) support operation system information and open port information it is real-time on send main station system.
It include: that (1) supports analysis universal host machine equipment running status, including presence, CPU for Operational Data Analysis
Utilization rate, memory usage, disk utilization rate and network interface state;(2) analysis of built-in host equipment operating status is supported, including
Presence;(3) analysis network equipment operating status, including presence, cpu busy percentage, memory usage and network interface are supported
State;(4) analysis safety equipment operating status should be supported, respectively include: a) longitudinal encryption authentication device: presence, CPU benefit
Mistake etc. is established with rate, memory usage, standby host heartbeat, tunnel;B) forward and reverse isolating device: presence, cpu busy percentage,
Memory usage;C) hardware firewall equipment: presence, cpu busy percentage, memory usage, network interface state;D) Situation Awareness
Acquisition device: presence, cpu busy percentage, memory usage, network interface state, critical processes state;(5) holding equipment is run
Main station system is sent on state event is real-time.
Analyze base-line data includes: that (1) supports that receiving the baseline that main station system issues verifies script and baseline verification times
Business;(2) digital certificate mode is supported to log in universal host machine equipment and carry out baseline verification;(3) it supports to verify baseline in result to send
Main station system.
It include the vulnerability scanning data for supporting to forward main station system based on service broker's technology to the analysis of loophole data, and to
Monitored equipment initiates long-range vulnerability scanning.
It include: the log normal form rule file that (1) supports matching main station system to issue to original log information analysis, into
The log information extraction of row universal host machine equipment, the network equipment, safety equipment;(2) it supports that the original of normal formization rule will not be matched
Main station system is sent on beginning log is real-time.
It should be noted that network security monitoring device further includes the communication device for connecting data analysis set-up, data point
Analysis apparatus transmits information to main station system by communication device.In a specific example, communication device can be wire communication
Equipment and wireless telecommunications system.
The data analysis set-up of above-mentioned network security monitoring device can be by outside threat analytical unit, itself fragility point
Analyse unit and original document analytical unit composition, outside threat analytical unit analytical equipment network communication data, external equipment number
According to manual operation behavioral data;The online IP assets information of itself vulnerability analysis module analysis, the logic between each equipment are opened up
Flutter operation system information, open port information, operation data, the base-line data, loophole number of connection relation information and each equipment
According to;Original document analysis module analyzes the log information of host equipment, the network equipment and safety equipment and analyses the network equipment
Original message information.By different subdivision modules, the complete perception to disparate networks security risk event is realized, strengthens electric power
It is horizontal to improve electric power monitoring system network safety prevention comprehensively for the control of monitoring system network security closed loop.
In one embodiment, as shown in figure 3, providing a kind of network security monitoring method, comprising the following steps:
Step S310, system management facility is based on acquisition configuration signal, the confirmation data acquisition modes received, and to number
Acquisition instructions are transmitted according to acquisition device;Data acquisition modes include active data acquisition and the acquisition of passive data.
Wherein, manually data acquisition modes are configured, and acquisition configuration signal is issued to system management facility, thus
Determine data acquisition modes.Then, system management facility transmits acquisition instructions to data acquisition device.In a specific example
In, active data acquisition includes SNMP, ICMP and SSH;Passive data acquisition includes SNMP Trap, Syslog and flow sniff.
Step S320, data acquisition device is according to acquisition instructions, using corresponding data acquisition modes to controlling in electric power monitoring system
The equipment in area, noncontrolled area and production management area carries out data acquisition, and collected device log data and equipment are communicated
Stream Data Transmission is to data analysis set-up.
Wherein, data acquisition device receives acquisition instructions, carries out data according to the data acquisition modes of initial setting up and adopts
Collection, acquisition target are universal host machine equipment, embedded host equipment, network in control zone, noncontrolled area and production management area
Equipment, safety equipment, and collected device log data and equipment traffic flow data are transferred to data analysis set-up.
Step S330, data analysis set-up are based on device log data and equipment traffic flow data, are analyzed as a result, simultaneously
To main station system transimiison analysis result.
Specifically, according to data acquisition device transmission come device log data and equipment traffic flow data, data analysis
Device analyzes the data, is analyzed as a result, and analysis result is transferred to main station system.
Above-mentioned network security monitoring method can be effective using the method for active data acquisition and the acquisition of passive data
Required data are collected, meanwhile, the data normalization obtained according to above-mentioned acquisition method is higher, can directly analysis handle.It is logical
It crosses data analysis set-up to handle standby daily record data and equipment traffic flow data, realize to disparate networks security risk thing
It is horizontal to improve electric power monitoring system network safety prevention comprehensively for the overall monitor of part.
In one embodiment, as shown in figure 4, providing a kind of Network Security Monitor System, including main station system 410,
The first network safety insulating device 420 being connected between control zone and noncontrolled area, is connected to noncontrolled area and production management
The network security monitoring of any one of the second network safety isolator 430 and at least two such as claim 1 to 7 between area
Device 440;
First network safety insulating device connects the second network safety isolator by system bus;Each network security prison
Control device is separately connected system bus and main station system.
Wherein, first network safety insulating device includes the first positive isolating device and the first reverse isolation device;
Second network safety isolator includes the second positive isolating device and the second reverse isolation device;
First positive isolating device or the first reverse isolation device pass through the positive isolating device of system bus connection second;
First positive isolating device or the first reverse isolation device pass through system bus the second reverse isolation device of connection.
Specifically, first network safety monitoring device, the second network security monitoring device be deployed in respectively control zone and
In production management area, for being acquired to plant stand electric power monitoring system network security data, being carried out at analysis to security incident
Reason is managed system.Wherein first network safety monitoring device realizes the data to control zone and noncontrolled area equipment
Acquisition, analysis, and obtained data and analysis result are transferred to noncontrolled area, it is transmitted by the network equipment in noncontrolled area
Give higher level's main station system;Second network security monitoring device realizes data sampling and processing and communication to production management area equipment
Function, and obtained data and analysis result are transferred to higher level's main station system.First network safety insulating device is set to control
Between area and noncontrolled area processed, the second network safety isolator is set between noncontrolled area and production management area.First network
Safety insulating device and the second network safety isolator are all connected on the system bus.
In a specific example, as shown in figure 5, first network safety monitoring device is realized to control zone and noncontrolled area
Data acquisition, the analysis of equipment, and obtained data and analysis result are transferred to noncontrolled area, pass through net in noncontrolled area
Network equipment is transferred to higher level's main station system;Communication connection between second network security monitoring device and higher level's main station system is logical
It crosses the network equipment and goes realization, wherein the network equipment includes interchanger, longitudinal encryption authentication device and data network router.
By these equipment, more safely and effectively data information can be transmitted.
In a specific example, network safety isolator may include laterally interconnection firewall, positive isolating device,
One kind of reverse isolation device.
The Network Security Monitor System of the application can guarantee the safety of data transmission by network safety isolator,
The control of electric power monitoring system network security closed loop can be strengthened using network security monitoring device, the application may be implemented to all kinds of
The complete perception of network security risk event improves electric power monitoring system network safety prevention integral level comprehensively.Meanwhile tradition
Technology needs to place a network safety isolator respectively in control zone, noncontrolled area and production management area, and the application is only
It needs to place a network safety isolator in control zone and production management area, cost is greatly saved and improves net
Network security monitoring efficiency.
In one embodiment, a kind of computer equipment is provided, which can be terminal, internal structure
Figure can be as shown in Figure 6.The computer equipment includes processor, the memory, network interface, display connected by system bus
Screen and input unit.Wherein, the processor of the computer equipment is for providing calculating and control ability.The computer equipment is deposited
Reservoir includes non-volatile memory medium, built-in storage.The non-volatile memory medium is stored with operating system and computer journey
Sequence.The built-in storage provides environment for the operation of operating system and computer program in non-volatile memory medium.The calculating
The network interface of machine equipment is used to communicate with external terminal by network connection.When the computer program is executed by processor with
Realize a kind of network security monitoring method.The display screen of the computer equipment can be liquid crystal display or electric ink is shown
Screen, the input unit of the computer equipment can be the touch layer covered on display screen, be also possible on computer equipment shell
Key, trace ball or the Trackpad of setting can also be external keyboard, Trackpad or mouse etc..
It will be understood by those skilled in the art that structure shown in Fig. 6, only part relevant to application scheme is tied
The block diagram of structure does not constitute the restriction for the computer equipment being applied thereon to application scheme, specific computer equipment
It may include perhaps combining certain components or with different component layouts than more or fewer components as shown in the figure.
In one embodiment, a kind of computer equipment, including memory and processor are provided, is stored in memory
Computer program, the processor perform the steps of when executing computer program
System management facility is acquired to data and is filled based on acquisition configuration signal, the confirmation data acquisition modes received
Set transmission acquisition instructions;Data acquisition modes include active data acquisition and the acquisition of passive data.
Data acquisition device is according to acquisition instructions, using corresponding data acquisition modes to control zone in electric power monitoring system
Equipment, the equipment of noncontrolled area and the equipment in production management area carry out data acquisition, and by collected device log data
Data analysis set-up is transferred to equipment traffic flow data.
Data analysis set-up is based on device log data and equipment traffic flow data, is analyzed as a result, and to system, main website
System transimiison analysis result.
In one embodiment, a kind of computer readable storage medium is provided, computer program is stored thereon with, is calculated
Machine program performs the steps of when being executed by processor
System management facility is acquired to data and is filled based on acquisition configuration signal, the confirmation data acquisition modes received
Set transmission acquisition instructions;Data acquisition modes include active data acquisition and the acquisition of passive data.
Data acquisition device is according to acquisition instructions, using corresponding data acquisition modes to control zone in electric power monitoring system
Equipment, the equipment of noncontrolled area and the equipment in production management area carry out data acquisition, and by collected device log data
Data analysis set-up is transferred to equipment traffic flow data.
Data analysis set-up is based on device log data and equipment traffic flow data, is analyzed as a result, and to system, main website
System transimiison analysis result.
Those of ordinary skill in the art will appreciate that realizing all or part of the process in above-described embodiment method, being can be with
Relevant hardware is instructed to complete by computer program, the computer program can be stored in a non-volatile computer
In read/write memory medium, the computer program is when being executed, it may include such as the process of the embodiment of above-mentioned each method.Wherein,
To any reference of memory, storage, database or other media used in each embodiment provided herein,
Including non-volatile and/or volatile memory.Nonvolatile memory may include read-only memory (ROM), programming ROM
(PROM), electrically programmable ROM (EPROM), electrically erasable ROM (EEPROM) or flash memory.Volatile memory may include
Random access memory (RAM) or external cache.By way of illustration and not limitation, RAM is available in many forms,
Such as static state RAM (SRAM), dynamic ram (DRAM), synchronous dram (SDRAM), double data rate sdram (DDRSDRAM), enhancing
Type SDRAM (ESDRAM), synchronization link (Synchlink) DRAM (SLDRAM), memory bus (Rambus) direct RAM
(RDRAM), direct memory bus dynamic ram (DRDRAM) and memory bus dynamic ram (RDRAM) etc..
Each technical characteristic of embodiment described above can be combined arbitrarily, for simplicity of description, not to above-mentioned reality
It applies all possible combination of each technical characteristic in example to be all described, as long as however, the combination of these technical characteristics is not deposited
In contradiction, all should be considered as described in this specification.
The several embodiments of the application above described embodiment only expresses, the description thereof is more specific and detailed, but simultaneously
It cannot therefore be construed as limiting the scope of the patent.It should be pointed out that coming for those of ordinary skill in the art
It says, without departing from the concept of this application, various modifications and improvements can be made, these belong to the protection of the application
Range.Therefore, the scope of protection of the patent of the invention shall be subject to the appended claims.