CN110569282A - Data processing method, data processing device, computing equipment and computer readable storage medium - Google Patents
Data processing method, data processing device, computing equipment and computer readable storage medium Download PDFInfo
- Publication number
- CN110569282A CN110569282A CN201910835643.0A CN201910835643A CN110569282A CN 110569282 A CN110569282 A CN 110569282A CN 201910835643 A CN201910835643 A CN 201910835643A CN 110569282 A CN110569282 A CN 110569282A
- Authority
- CN
- China
- Prior art keywords
- protocol type
- historical data
- target
- determining
- data packets
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/20—Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
- G06F16/24—Querying
- G06F16/245—Query processing
- G06F16/2458—Special types of queries, e.g. statistical queries, fuzzy queries or distributed queries
- G06F16/2462—Approximate or statistical queries
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
- H04L41/06—Management of faults, events, alarms or notifications
- H04L41/0631—Management of faults, events, alarms or notifications using root cause analysis; using analysis of correlation between notifications, alarms or events based on decision criteria, e.g. hierarchy, tree or time analysis
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L69/00—Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
- H04L69/18—Multiprotocol handlers, e.g. single devices capable of handling multiple protocols
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L69/00—Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
- H04L69/22—Parsing or analysis of headers
Abstract
the present disclosure provides a data processing method, including: acquiring flow data, wherein the flow data comprises a plurality of historical data packets; processing the flow data to obtain at least one protocol type of a plurality of historical data packets, wherein each historical data packet in the plurality of historical data packets belongs to one protocol type in the at least one protocol type; determining a number of historical data packets corresponding to each of the at least one protocol type; and showing at least one protocol type and the number of historical data packets corresponding to each protocol type so as to determine the abnormal condition of the flow data. The present disclosure also provides a data processing apparatus, a computing device, and a computer-readable storage medium.
Description
Technical Field
the present disclosure relates to the field of computer technologies, and in particular, to a data processing method, a data processing apparatus, a computing device, and a computer readable medium.
Background
With the development of internet technology, networks have become global infrastructure, and the open network architecture thereof brings great influence to enterprises. With the increase of internal architecture of enterprises and the update iteration of network schemes, the complexity of network infrastructure and the heterogeneity of upper-level applications are continuously enhanced. Thus, monitoring, measuring and maintaining the network environment will become more and more complex. Monitoring and locating abnormal traffic data in a network has long been an important means for operation and maintenance personnel to find and solve problems. Through analyzing and arranging the flow data, abnormal flow data can be found and quickly positioned, and the problems encountered in actual production can be quickly solved. In the related art, the abnormal traffic data is usually found by capturing the traffic data and performing independent judgment on each data packet in the traffic data.
In implementing the disclosed concept, the inventors found that there are at least the following problems in the related art: the related art cannot show the overall situation of the flow data, and operation and maintenance personnel need to independently judge each data packet in the flow data one by one, record data packets which may be abnormal one by one, and then further analyze and judge whether the recorded data packets which may be abnormal are abnormal. Therefore, the related art cannot find the abnormal problem in the flow data in the whole view, resulting in low efficiency and low accuracy of the abnormal detection.
Disclosure of Invention
One aspect of the present disclosure provides a data processing method, including: the method comprises the steps of obtaining flow data, wherein the flow data comprise a plurality of historical data packets, processing the flow data to obtain at least one protocol type of the plurality of historical data packets, wherein each historical data packet in the plurality of historical data packets belongs to one protocol type in the at least one protocol type, determining the number of the historical data packets corresponding to each protocol type in the at least one protocol type, and displaying the at least one protocol type and the number of the historical data packets corresponding to each protocol type so as to determine the abnormal condition of the flow data.
Optionally, the method further includes: at least one target historical data packet is determined from the plurality of historical data packets.
optionally, the determining at least one target historical data packet from the plurality of historical data packets comprises: determining a target protocol type in the at least one protocol type, and determining a historical data packet belonging to the target protocol type from the plurality of historical data packets as the at least one target historical data packet.
Optionally, the determining a target protocol type of the at least one protocol type includes: the method comprises the steps of obtaining input operation of a user, determining a target port based on the input operation, and determining the target protocol type based on the target port, wherein the target port is used for transmitting a historical data packet belonging to the target protocol type.
Optionally, the determining the target protocol type based on the target port includes: obtaining a custom rule, wherein the custom rule comprises the at least one protocol type and port information associated with the at least one protocol type, and determining the target protocol type corresponding to the target port based on the custom rule.
Optionally, the determining at least one target historical data packet from the plurality of historical data packets comprises: acquiring a reference data packet, determining the similarity between the reference data packet and each historical data packet in the plurality of historical data packets, and determining the historical data packet with the similarity meeting a preset condition as the at least one target historical data packet.
Optionally, the method further includes: and determining whether the number of the historical data packets corresponding to each protocol type is a preset number, and generating alarm information in response to determining that the number of the historical data packets is not equal to the preset number.
Another aspect of the present disclosure provides a data processing apparatus including: the device comprises an acquisition module, a processing module, a first determination module and a display module. The acquisition module acquires flow data, wherein the flow data comprises a plurality of historical data packets. And the processing module is used for processing the flow data to obtain at least one protocol type of the plurality of historical data packets, wherein each historical data packet in the plurality of historical data packets belongs to one protocol type in the at least one protocol type. A first determining module that determines a number of historical data packets corresponding to each of the at least one protocol type. And the display module displays the at least one protocol type and the number of the historical data packets corresponding to each protocol type so as to determine the abnormal condition of the traffic data.
Optionally, the apparatus further comprises: a second determination module that determines at least one target historical data packet from the plurality of historical data packets.
Optionally, the second determining module includes: a first determination submodule and a second determination submodule. The first determining submodule determines a target protocol type in the at least one protocol type, and the second determining submodule determines a historical data packet belonging to the target protocol type from the plurality of historical data packets as the at least one target historical data packet.
Optionally, the determining a target protocol type of the at least one protocol type includes: the method comprises the steps of obtaining input operation of a user, determining a target port based on the input operation, and determining the target protocol type based on the target port, wherein the target port is used for transmitting a historical data packet belonging to the target protocol type.
Optionally, the determining the target protocol type based on the target port includes: obtaining a custom rule, wherein the custom rule comprises the at least one protocol type and port information associated with the at least one protocol type, and determining the target protocol type corresponding to the target port based on the custom rule.
Optionally, the second determining module further includes: the device comprises an acquisition submodule, a third determination submodule and a fourth determination submodule. The obtaining submodule obtains the reference data packet. A third determining sub-module that determines a similarity between the reference data packet and each of the plurality of historical data packets. And the fourth determining submodule determines the historical data packet with the similarity meeting the preset condition as the at least one target historical data packet.
Optionally, the apparatus further comprises: a third determining module and a generating module. The third determining module determines whether the number of the historical data packets corresponding to each protocol type is a preset number. And the generating module generates alarm information in response to the fact that the number of the historical data packets is not equal to the preset number.
Another aspect of the present disclosure provides a computing device comprising: one or more processors; memory for storing one or more programs, wherein the one or more programs, when executed by the one or more processors, cause the one or more processors to implement the method as described above.
Another aspect of the disclosure provides a non-transitory readable storage medium storing computer-executable instructions for implementing the method as described above when executed.
Another aspect of the disclosure provides a computer program comprising computer executable instructions for implementing the method as described above when executed.
Drawings
For a more complete understanding of the present disclosure and the advantages thereof, reference is now made to the following descriptions taken in conjunction with the accompanying drawings, in which:
Fig. 1 schematically shows a system architecture of a data processing method and a data processing apparatus according to an embodiment of the present disclosure;
FIG. 2 schematically shows a flow chart of a data processing method according to an embodiment of the present disclosure;
FIG. 3 schematically shows a schematic diagram of data presentation according to an embodiment of the present disclosure;
FIG. 4 schematically shows a flow chart of a data processing method according to another embodiment of the present disclosure;
FIG. 5 schematically illustrates a flowchart of an example method S410A of determining a target historical data packet, according to an embodiment of the disclosure;
FIG. 6 schematically illustrates a flow chart of another example method S410B of determining a target historical data packet in accordance with an embodiment of the present disclosure;
FIG. 7 schematically shows a block diagram of a data processing apparatus according to an embodiment of the present disclosure;
FIG. 8 schematically shows a block diagram of a data processing apparatus according to another embodiment of the present disclosure;
FIG. 9 schematically illustrates a block diagram of an example module 810A of a second determination module, in accordance with an embodiment of the present disclosure;
FIG. 10 schematically illustrates a block diagram of another example module 810B of the second determination module, in accordance with an embodiment of the present disclosure; and
FIG. 11 schematically shows a block diagram of a computer system for implementing data processing according to an embodiment of the present disclosure.
Detailed Description
Hereinafter, embodiments of the present disclosure will be described with reference to the accompanying drawings. It should be understood that the description is illustrative only and is not intended to limit the scope of the present disclosure. In the following detailed description, for purposes of explanation, numerous specific details are set forth in order to provide a thorough understanding of the embodiments of the disclosure. It may be evident, however, that one or more embodiments may be practiced without these specific details. Moreover, in the following description, descriptions of well-known structures and techniques are omitted so as to not unnecessarily obscure the concepts of the present disclosure.
The terminology used herein is for the purpose of describing particular embodiments only and is not intended to be limiting of the disclosure. The terms "comprises," "comprising," and the like, as used herein, specify the presence of stated features, steps, operations, and/or components, but do not preclude the presence or addition of one or more other features, steps, operations, or components.
All terms (including technical and scientific terms) used herein have the same meaning as commonly understood by one of ordinary skill in the art unless otherwise defined. It is noted that the terms used herein should be interpreted as having a meaning that is consistent with the context of this specification and should not be interpreted in an idealized or overly formal sense.
where a convention analogous to "at least one of A, B and C, etc." is used, in general such a construction is intended in the sense one having skill in the art would understand the convention (e.g., "a system having at least one of A, B and C" would include but not be limited to systems that have a alone, B alone, C alone, a and B together, a and C together, B and C together, and/or A, B, C together, etc.). Where a convention analogous to "A, B or at least one of C, etc." is used, in general such a construction is intended in the sense one having skill in the art would understand the convention (e.g., "a system having at least one of A, B or C" would include but not be limited to systems that have a alone, B alone, C alone, a and B together, a and C together, B and C together, and/or A, B, C together, etc.).
some block diagrams and/or flow diagrams are shown in the figures. It will be understood that some blocks of the block diagrams and/or flowchart illustrations, or combinations thereof, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, or other programmable control apparatus to produce a machine, such that the instructions, which execute via the processor, create means for implementing the functions/acts specified in the block diagrams and/or flowchart block or blocks.
Accordingly, the techniques of this disclosure may be implemented in hardware and/or software (including firmware, microcode, etc.). In addition, the techniques of this disclosure may take the form of a computer program product on a computer-readable medium having instructions stored thereon for use by or in connection with an instruction execution system. In the context of this disclosure, a computer-readable medium may be any medium that can contain, store, communicate, propagate, or transport the instructions. For example, the computer readable medium can include, but is not limited to, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, device, or propagation medium. Specific examples of the computer readable medium include: magnetic storage devices, such as magnetic tape or Hard Disk Drives (HDDs); optical storage devices, such as compact disks (CD-ROMs); a memory, such as a Random Access Memory (RAM) or a flash memory; and/or wired/wireless communication links.
An embodiment of the present disclosure provides a data processing method, including: the method comprises the steps of obtaining flow data, wherein the flow data comprise a plurality of historical data packets, processing the flow data to obtain at least one protocol type of the historical data packets, and each historical data packet in the historical data packets belongs to one protocol type in the at least one protocol type. Then, a number of historical packets corresponding to each of the at least one protocol type is determined. And finally, displaying at least one protocol type and the number of historical data packets corresponding to each protocol type so as to determine the abnormal condition of the flow data.
Fig. 1 schematically shows a system architecture of a data processing method and a data processing apparatus according to an embodiment of the present disclosure. It should be noted that fig. 1 is only an example of a system architecture to which the embodiments of the present disclosure may be applied to help those skilled in the art understand the technical content of the present disclosure, and does not mean that the embodiments of the present disclosure may not be applied to other devices, systems, environments or scenarios.
As shown in fig. 1, the system architecture 100 according to this embodiment may include terminal devices 101, 102, 103, a network 104 and a server 105. The network 104 serves as a medium for providing communication links between the terminal devices 101, 102, 103 and the server 105. Network 104 may include various connection types, such as wired, wireless communication links, or fiber optic cables, to name a few.
The user may use the terminal devices 101, 102, 103 to interact with the server 105 via the network 104 to receive or send messages or the like. The terminal devices 101, 102, 103 may have installed thereon various communication client applications, such as shopping-like applications, web browser applications, search-like applications, instant messaging tools, mailbox clients, social platform software, etc. (by way of example only).
The terminal devices 101, 102, 103 may be various electronic devices having a display screen and supporting web browsing, including but not limited to smart phones, tablet computers, laptop portable computers, desktop computers, and the like.
The server 105 may be a server providing various services, such as a background management server (for example only) providing support for websites browsed by users using the terminal devices 101, 102, 103. The background management server may analyze and perform other processing on the received data such as the user request, and feed back a processing result (e.g., a webpage, information, or data obtained or generated according to the user request) to the terminal device.
It should be noted that the data processing method provided by the embodiment of the present disclosure may be generally executed by the server 105. Accordingly, the data processing apparatus provided by the embodiments of the present disclosure may be generally disposed in the server 105. The data processing method provided by the embodiment of the present disclosure may also be executed by a server or a server cluster different from the server 105 and capable of communicating with the terminal devices 101, 102, 103 and/or the server 105. Accordingly, the data processing apparatus provided by the embodiment of the present disclosure may also be disposed in a server or a server cluster different from the server 105 and capable of communicating with the terminal devices 101, 102, 103 and/or the server 105.
for example, traffic data of the embodiment of the present disclosure may be stored in the terminal devices 101, 102, and 103, and the traffic data is transmitted to the server 105 through the terminal devices 101, 102, and 103, and the server 105 may process the number of history packets corresponding to each protocol type of the traffic data and display the number of history packets corresponding to each protocol type. In addition, the traffic data may also be received by the server 105 and stored directly in the server 105, the number of history packets corresponding to each protocol type of the traffic data is directly processed by the server 105, and the number of history packets corresponding to each protocol type is shown.
It should be understood that the number of terminal devices, networks, and servers in fig. 1 is merely illustrative. There may be any number of terminal devices, networks, and servers, as desired for implementation.
A data processing method according to an exemplary embodiment of the present disclosure is described below with reference to fig. 2 to 6 in conjunction with the system architecture of fig. 1. It should be noted that the above-described system architecture is shown merely for the purpose of facilitating understanding of the spirit and principles of the present disclosure, and embodiments of the present disclosure are not limited in any way in this respect. Rather, embodiments of the present disclosure may be applied to any scenario where applicable.
Fig. 2 schematically shows a flow chart of a data processing method according to an embodiment of the present disclosure.
As shown in fig. 2, the method may include operations S210 to S240.
in operation S210, traffic data is acquired, the traffic data including a plurality of history data packets.
According to an embodiment of the present disclosure, the traffic data may be, for example, data transmitted in a network link. For example, traffic data transmitted in a network link over a period of time may be obtained, the traffic data including, for example, a plurality of historical data packets.
in operation S220, the traffic data is processed to obtain at least one protocol type of a plurality of historical data packets, wherein each historical data packet of the plurality of historical data packets belongs to one protocol type of the at least one protocol type.
in the embodiment of the present disclosure, when the history data packet is transmitted in the network link, the history data packet needs to be transmitted based on the transmission protocol. The Transfer Protocol includes, for example, a DNS (Domain Name System) Protocol, an HTTP (Hyper text Transfer Protocol) Protocol, an FTP (File Transfer Protocol) Protocol, and the like.
after the traffic data is obtained, analyzing each historical data packet in the traffic data to obtain the protocol type of each historical data packet.
For example, traffic data in a network link in the past hour is obtained, the traffic data includes, for example, 1000 history data packets, and a protocol type to which each of the 1000 history data packets belongs is determined.
In operation S230, a number of history packets corresponding to each of the at least one protocol type is determined.
For example, in 1000 history packets, there are 600 packets with the protocol type of DNS protocol, 200 packets with the protocol type of HTTP protocol, and 200 packets with the protocol type of FTP protocol. Therefore, the number of history packets corresponding to the DNS protocol, the HTTP protocol, and the FTP protocol is 600, 200, and 200, respectively.
In operation S240, at least one protocol type and the number of history packets corresponding to each protocol type are presented in order to determine an abnormal situation of the streaming data.
According to the embodiment of the disclosure, the number of the historical data packets of different protocol types in the traffic data is counted, and the counting result is displayed, so that the abnormal condition of the traffic data can be conveniently and intuitively found on the whole. The statistical result can be displayed in a visual mode, for example, the statistical result can be displayed in a graph, a chart and the like, so that operation and maintenance personnel can find abnormal data from the overall perspective.
For example, fig. 3 shows one way to present the statistical results in a visual way. Those skilled in the art will appreciate that the visualization shown in fig. 3 is merely an example, and the disclosed embodiments are not limited thereto.
Fig. 3 schematically shows a schematic diagram of data presentation according to an embodiment of the present disclosure.
as shown in fig. 3, the statistical results may be presented, for example, in a pie chart. For example, the number of history packets belonging to the DNS protocol is 600, the number of history packets belonging to the HTTP protocol is 200, and the number of history packets belonging to the FTP protocol is 200 among the plurality of history packets. In other words, the history packet belonging to the DNS protocol accounts for 60%, the history packet belonging to the HTTP protocol accounts for 20%, and the history packet belonging to the FTP protocol accounts for 20%.
The statistical result about the protocol type is displayed in a visual mode, and the abnormal condition of the flow data can be found intuitively. If the flow data is abnormal, an alarm can be given, so that operation and maintenance personnel can check the abnormality in time.
Specifically, for example, it may be first determined whether the number of history data packets corresponding to each protocol type is a preset number, and if the number of history data packets is not equal to the preset number, the alarm information may be generated.
According to the embodiment of the disclosure, for example, the traffic data generally has approximately equal number of historical data packets belonging to each protocol type under normal conditions. Therefore, in the case where the flow data is normal, for example, the number of history packets belonging to each protocol type is the preset number 200. However, as shown in fig. 3, it can be known from the statistical result that the number of the historical packets belonging to the DNS protocol is 600, which is far beyond the preset number of 200, and therefore, the traffic data anomaly can be preliminarily known from the visualized statistical result.
Or, under normal conditions, the protocol types of the historical data packets only include the DNS protocol, the HTTP protocol, and the FTP protocol, for example, if the historical data packets belonging to other protocol types appear in the traffic data, it may indicate that the traffic data is abnormal.
Fig. 4 schematically shows a flow chart of a data processing method according to another embodiment of the present disclosure.
As shown in fig. 4, the method may include operations S210 to S240 and operation S410. Operations S210 to S240 are the same as or similar to the operations described above with reference to fig. 2, and are not described again here.
in operation S410, at least one target history packet is determined from a plurality of history packets.
according to the embodiment of the disclosure, a user can screen the target historical data packet from the plurality of historical data packets, so that the abnormal condition of the target historical data packet can be conveniently analyzed. For example, when it is known from the statistical result that the number of history packets belonging to the DNS protocol is 600, which is far beyond the preset number of 200, 600 history packets belonging to the DNS protocol may be selected from 1000 history packets as the target history packets.
Specifically, operation S410 may refer to the following description of fig. 5 and 6, for example.
FIG. 5 schematically illustrates a flowchart of an example method S410A of determining a target historical data packet, according to an embodiment of the disclosure.
as shown in FIG. 5, operation S410A includes operations S411 a-S412 a.
in operation S411a, a target protocol type among the at least one protocol type is determined.
According to the embodiment of the disclosure, the target protocol type can be determined from a plurality of protocol types. For example, when it is known from the statistical result that an abnormality occurs in a history packet belonging to the DNS protocol, it can be determined that the DNS protocol is the target protocol type.
In operation S412a, a history packet belonging to the target protocol type is determined as at least one target history packet from among the plurality of history packets.
For example, when the DNS protocol is determined to be the target protocol type, 600 history packets belonging to the DNS protocol out of 1000 history packets may be used as the target history packet.
Specifically, the above-described operation S411a may include, for example, the following steps (1) to (3).
(1) The input operation of the user is acquired.
In the disclosed embodiment, different protocols may correspond to different ports, for example. For example, a port a may be used to transmit history packets belonging to the DNS protocol, a port B may be used to transmit history packets belonging to the HTTP protocol, and a port C may be used to transmit history packets belonging to the FTP protocol. The input operation of the user may be, for example, to select a corresponding port, and the input operation of the user may be, for example, "a port".
(2) A target port is determined based on the input operation. For example, the target port is determined to be "a port" according to the input operation, for example.
(3) And determining a target protocol type based on the target port, wherein the target port is used for transmitting the historical data packet belonging to the target protocol type.
according to the embodiment of the disclosure, since different protocols correspond to different ports, after the target port is determined, the corresponding target protocol type can be determined based on the target port. For example, if the target port is an a port, the DNS protocol type corresponding to the a port is taken as the target protocol type.
According to the embodiment of the present disclosure, the exemplary rules that the a port, the B port, and the C port respectively correspond to the DNS protocol, the HTTP protocol, and the FTP protocol may be standard rules, for example. However, different enterprises can customize different rules according to their own needs. For example, for an enterprise or a larger enterprise with more autonomously developed applications, it is difficult to comply with standard rules due to its own requirements, and especially for security purposes, a set of rules is customized to process data inside the enterprise.
For example, an enterprise may customize a D port to correspond to the DNS protocol, an E port to correspond to the HTTP protocol, and so on. When different rules are customized, the step (3) includes the following substeps 1) to 2), for example.
1) Obtaining a custom rule, wherein the custom rule comprises at least one protocol type and port information associated with the at least one protocol type.
The custom rule includes, for example, a DNS protocol corresponding to a D port, an HTTP protocol corresponding to an E port, and the like.
2) and determining a target protocol type corresponding to the target port based on the self-defined rule. For example, if the destination port is a D port, after determining the destination port, the DNS protocol type corresponding to the D port may be determined as the destination protocol type based on the custom rule.
According to the embodiment of the disclosure, through the corresponding relation between the protocol and the port, the required historical data packet meeting the relevant protocol type can be determined based on the port, and the function of positioning abnormal data is realized. In addition, different enterprises can customize corresponding rules according to self requirements, so that the required data packets can be screened according to the customized rules used by the enterprises, and abnormal data can be effectively positioned.
according to the embodiment of the present disclosure, in addition to the manner of determining the target history data packet according to the protocol type as described in fig. 5, the embodiment of the present disclosure may also determine the target history data packet according to the manner as shown in fig. 6 as follows.
FIG. 6 schematically illustrates a flowchart of another example method S410B of determining a target historical data packet, in accordance with an embodiment of the present disclosure.
As shown in fig. 6, operation S410B includes operations S411b to S413 b.
in operation S411b, a reference packet is acquired.
according to the embodiment of the present disclosure, for example, after it is known from the statistical result that 600 history data packets belonging to the DNS protocol with abnormality exist in 1000 history data packets, one history data packet belonging to the DNS protocol may be selected as a reference data packet first, and it can be understood that the reference data packet may be one of the 1000 history data packets, or may not belong to the 1000 history data packets.
In operation S412b, a similarity between the reference packet and each of the plurality of history packets is determined.
in the embodiment of the present disclosure, the reference data packet may be compared with each of the 1000 historical data packets to obtain a comparison result, where the comparison result includes similarities between the reference data packet and the other historical data packets.
in operation S413b, a history packet having a similarity satisfying a preset condition is determined as at least one target history packet. The preset condition may include, for example, that the similarity is greater than 80%. For example, if the similarity between 600 historical data packets and the reference data packet in 1000 historical data packets is greater than 80%, 600 historical data packets may be determined as target historical data packets, and the probability that the protocol type of the target historical data packet is the same as the protocol type of the reference data packet is higher.
According to the technical scheme of the embodiment of the disclosure, the protocol type of the historical data packet which is possibly abnormal can be determined, the data packet which meets the protocol type is used as a reference data packet, and then the historical data packet which is similar to the reference data packet is obtained based on the reference data packet, so that the abnormal data can be effectively positioned.
Fig. 7 schematically shows a block diagram of a data processing apparatus according to an embodiment of the present disclosure.
As shown in fig. 7, the data processing apparatus 700 may include an acquisition module 710, a processing module 720, a first determination module 730, and a presentation module 740.
The obtaining module 710 may be configured to obtain traffic data, where the traffic data includes a plurality of historical data packets. According to the embodiment of the present disclosure, the obtaining module 710 may, for example, perform the operation S210 described above with reference to fig. 2, which is not described herein again.
The processing module 720 may be configured to process the traffic data to obtain at least one protocol type of a plurality of historical data packets, where each historical data packet of the plurality of historical data packets belongs to one protocol type of the at least one protocol type. According to the embodiment of the present disclosure, the processing module 720 may, for example, perform operation S220 described above with reference to fig. 2, which is not described herein again.
The first determining module 730 may be configured to determine a number of historical data packets corresponding to each of the at least one protocol type. According to an embodiment of the present disclosure, the first determining module 730 may perform, for example, the operation S230 described above with reference to fig. 2, which is not described herein again.
The presentation module 740 may be configured to present at least one protocol type and the number of historical packets corresponding to each protocol type in order to determine an abnormal situation of the streaming data. According to the embodiment of the present disclosure, the display module 740 may, for example, perform the operation S240 described above with reference to fig. 2, which is not described herein again.
Fig. 8 schematically shows a block diagram of a data processing device according to another embodiment of the present disclosure.
As shown in fig. 8, the data processing apparatus 800 may include an acquisition module 710, a processing module 720, a first determination module 730, a presentation module 740, and a second determination module 810. The obtaining module 710, the processing module 720, the first determining module 730, and the displaying module 740 are the same as or similar to the modules described above with reference to fig. 7, and are not repeated herein. The second determining module 810 includes, for example, a module 810A and a module 810B.
The second determination module 810 may be configured to determine at least one target historical data packet from a plurality of historical data packets. According to an embodiment of the present disclosure, the second determining module 810 may perform, for example, the operation S410 described above with reference to fig. 4, which is not described herein again.
According to an embodiment of the present disclosure, the apparatus 800 may further include: a third determining module and a generating module. The third determining module determines whether the number of the historical data packets corresponding to each protocol type is a preset number. And the generating module generates alarm information in response to the fact that the number of the historical data packets is not equal to the preset number.
Fig. 9 schematically illustrates a block diagram of an example module 810A of the second determination module, in accordance with an embodiment of the disclosure.
As shown in fig. 9, the second determination module 810A may include a first determination submodule 811a and a second determination submodule 812 a.
the first determining submodule 811a may be configured to determine a target protocol type of the at least one protocol type. According to the embodiment of the present disclosure, the first determining submodule 811a may perform, for example, operation S411a described above with reference to fig. 5, which is not described herein again.
The second determining sub-module 812a may be configured to determine a history data packet belonging to the target protocol type from the plurality of history data packets as at least one target history data packet. According to the embodiment of the present disclosure, the second determining submodule 812a may perform, for example, the operation S412a described above with reference to fig. 5, which is not described herein again.
According to an embodiment of the present disclosure, determining a target protocol type of the at least one protocol type includes: the method comprises the steps of obtaining input operation of a user, determining a target port based on the input operation, and determining a target protocol type based on the target port, wherein the target port is used for transmitting a historical data packet belonging to the target protocol type.
According to an embodiment of the present disclosure, determining a target protocol type based on a target port includes: the method comprises the steps of obtaining a custom rule, wherein the custom rule comprises at least one protocol type and port information associated with the at least one protocol type, and determining a target protocol type corresponding to a target port based on the custom rule.
Fig. 10 schematically illustrates a block diagram of another example module 810B of the second determination module, in accordance with an embodiment of the disclosure.
As shown in fig. 10, the second determination module 810B may include an acquisition sub-module 811B, a third determination sub-module 812B, and a fourth determination sub-module 813B.
The retrieving submodule 811b may be configured to retrieve the reference data packet. According to the embodiment of the present disclosure, the obtaining submodule 811b may perform the operation S411b described above with reference to fig. 6, for example, and is not described herein again.
The third determining sub-module 812b may be configured to determine a similarity between the reference data packet and each of the plurality of historical data packets. According to the embodiment of the present disclosure, the third determining submodule 812b may perform, for example, the operation S412b described above with reference to fig. 6, which is not described herein again.
The fourth determination sub-module 813b may be configured to determine the history data packet with the similarity satisfying the preset condition as the at least one target history data packet. According to the embodiment of the present disclosure, the fourth determination submodule 813b may perform, for example, operation S413b described above with reference to fig. 6, which is not described herein again.
Any number of modules, sub-modules, units, sub-units, or at least part of the functionality of any number thereof according to embodiments of the present disclosure may be implemented in one module. Any one or more of the modules, sub-modules, units, and sub-units according to the embodiments of the present disclosure may be implemented by being split into a plurality of modules. Any one or more of the modules, sub-modules, units, sub-units according to embodiments of the present disclosure may be implemented at least in part as a hardware circuit, such as a Field Programmable Gate Array (FPGA), a Programmable Logic Array (PLA), a system on a chip, a system on a substrate, a system on a package, an Application Specific Integrated Circuit (ASIC), or may be implemented in any other reasonable manner of hardware or firmware by integrating or packaging a circuit, or in any one of or a suitable combination of software, hardware, and firmware implementations. Alternatively, one or more of the modules, sub-modules, units, sub-units according to embodiments of the disclosure may be at least partially implemented as a computer program module, which when executed may perform the corresponding functions.
For example, any number of the obtaining module 710, the processing module 720, the first determining module 730, the presenting module 740, and the second determining module 810, the first determining submodule 811a, the second determining submodule 812a, the obtaining submodule 811b, the third determining submodule 812b, and the fourth determining submodule 813b may be combined and implemented in one module, or any one of them may be split into a plurality of modules. Alternatively, at least part of the functionality of one or more of these modules may be combined with at least part of the functionality of the other modules and implemented in one module. According to an embodiment of the present disclosure, at least one of the obtaining module 710, the processing module 720, the first determining module 730, the exhibiting module 740, the second determining module 810, the first determining submodule 811a, the second determining submodule 812a, the obtaining submodule 811b, the third determining submodule 812b, and the fourth determining submodule 813b may be at least partially implemented as a hardware circuit, such as a Field Programmable Gate Array (FPGA), a Programmable Logic Array (PLA), a system on a chip, a system on a substrate, a system on a package, an Application Specific Integrated Circuit (ASIC), or may be implemented by hardware or firmware in any other reasonable manner of integrating or packaging a circuit, or implemented by any one of three implementations of software, hardware, and firmware, or by a suitable combination of any of them. Alternatively, at least one of the obtaining module 710, the processing module 720, the first determining module 730, the presenting module 740 and the second determining module 810, the first determining submodule 811a, the second determining submodule 812a, the obtaining submodule 811b, the third determining submodule 812b and the fourth determining submodule 813b may be at least partially implemented as a computer program module which, when executed, may perform a corresponding function.
FIG. 11 schematically shows a block diagram of a computer system for implementing data processing according to an embodiment of the present disclosure. The computer system illustrated in FIG. 11 is only one example and should not impose any limitations on the scope of use or functionality of embodiments of the disclosure.
As shown in fig. 11, computer system 1100 includes a processor 1101, a computer-readable storage medium 1102. The system 1100 may perform a method according to an embodiment of the disclosure.
In particular, processor 1101 may comprise, for example, a general purpose microprocessor, an instruction set processor and/or related chip set and/or a special purpose microprocessor (e.g., an Application Specific Integrated Circuit (ASIC)), or the like. The processor 1101 may also include on-board memory for caching purposes. The processor 1101 may be a single processing unit or a plurality of processing units for performing the different actions of the method flows according to the embodiments of the present disclosure.
Computer-readable storage medium 1102 may be, for example, any medium that can contain, store, communicate, propagate, or transport the instructions. For example, a readable storage medium may include, but is not limited to, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, device, or propagation medium. Specific examples of the readable storage medium include: magnetic storage devices, such as magnetic tape or Hard Disk Drives (HDDs); optical storage devices, such as compact disks (CD-ROMs); a memory, such as a Random Access Memory (RAM) or a flash memory; and/or wired/wireless communication links.
The computer-readable storage medium 1102 may comprise a computer program 1103, which computer program 1103 may comprise code/computer-executable instructions that, when executed by the processor 1101, cause the processor 1101 to perform a method according to an embodiment of the present disclosure, or any variant thereof.
The computer program 1103 may be configured with computer program code, for example comprising computer program modules. For example, in an example embodiment, code in the computer program 1103 may include one or more program modules, including, for example, 1103A, modules 1103B, … …. It should be noted that the division and number of modules are not fixed, and those skilled in the art may use suitable program modules or program module combinations according to actual situations, so that the processor 1101 may execute the method according to the embodiment of the present disclosure or any variation thereof when the program modules are executed by the processor 1101.
According to an embodiment of the present disclosure, at least one of the obtaining module 710, the processing module 720, the first determining module 730, the presenting module 740, the second determining module 810, the first determining submodule 811a, the second determining submodule 812a, the obtaining submodule 811b, the third determining submodule 812b, and the fourth determining submodule 813b may be implemented as a computer program module described with reference to fig. 11, which, when executed by the processor 1101, may implement the respective operations described above.
The present disclosure also provides a computer-readable medium, which may be embodied in the apparatus/device/system described in the above embodiments; or may exist separately and not be assembled into the device/apparatus/system. The computer readable medium carries one or more programs which, when executed, implement the method.
According to embodiments of the present disclosure, a computer readable medium may be a computer readable signal medium or a computer readable storage medium or any combination of the two. A computer readable storage medium may be, for example, but not limited to, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device, or any combination of the foregoing. More specific examples of the computer readable storage medium may include, but are not limited to: an electrical connection having one or more wires, a portable computer diskette, a hard disk, a Random Access Memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or flash memory), an optical fiber, a portable compact disc read-only memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing. In the present disclosure, a computer readable storage medium may be any tangible medium that can contain, or store a program for use by or in connection with an instruction execution system, apparatus, or device. In contrast, in the present disclosure, a computer-readable signal medium may include a propagated data signal with computer-readable program code embodied therein, for example, in baseband or as part of a carrier wave. Such a propagated data signal may take many forms, including, but not limited to, electro-magnetic, optical, or any suitable combination thereof. A computer readable signal medium may also be any computer readable medium that is not a computer readable storage medium and that can communicate, propagate, or transport a program for use by or in connection with an instruction execution system, apparatus, or device. Program code embodied on a computer readable medium may be transmitted using any appropriate medium, including but not limited to: wireless, wired, optical fiber cable, radio frequency signals, etc., or any suitable combination of the foregoing.
The flowchart and block diagrams in the figures illustrate the architecture, functionality, and operation of possible implementations of systems, methods and computer program products according to various embodiments of the present disclosure. In this regard, each block in the flowchart or block diagrams may represent a module, segment, or portion of code, which comprises one or more executable instructions for implementing the specified logical function(s). It should also be noted that, in some alternative implementations, the functions noted in the block may occur out of the order noted in the figures. For example, two blocks shown in succession may, in fact, be executed substantially concurrently, or the blocks may sometimes be executed in the reverse order, depending upon the functionality involved. It will also be noted that each block of the block diagrams or flowchart illustration, and combinations of blocks in the block diagrams or flowchart illustration, can be implemented by special purpose hardware-based systems which perform the specified functions or acts, or combinations of special purpose hardware and computer instructions.
Those skilled in the art will appreciate that various combinations and/or combinations of features recited in the various embodiments and/or claims of the present disclosure can be made, even if such combinations or combinations are not expressly recited in the present disclosure. In particular, various combinations and/or combinations of the features recited in the various embodiments and/or claims of the present disclosure may be made without departing from the spirit or teaching of the present disclosure. All such combinations and/or associations are within the scope of the present disclosure.
While the disclosure has been shown and described with reference to certain exemplary embodiments thereof, it will be understood by those skilled in the art that various changes in form and details may be made therein without departing from the spirit and scope of the disclosure as defined by the appended claims and their equivalents. Accordingly, the scope of the present disclosure should not be limited to the above-described embodiments, but should be defined not only by the appended claims, but also by equivalents thereof.
Claims (10)
1. A method of data processing, comprising:
Acquiring flow data, wherein the flow data comprises a plurality of historical data packets;
Processing the flow data to obtain at least one protocol type of the plurality of historical data packets, wherein each historical data packet in the plurality of historical data packets belongs to one protocol type in the at least one protocol type;
Determining a number of historical data packets corresponding to each of the at least one protocol type; and
And displaying the at least one protocol type and the number of historical data packets corresponding to each protocol type so as to determine the abnormal condition of the traffic data.
2. The method of claim 1, further comprising:
at least one target historical data packet is determined from the plurality of historical data packets.
3. The method of claim 2, wherein said determining at least one target historical data packet from said plurality of historical data packets comprises:
Determining a target protocol type of the at least one protocol type; and
Determining a historical data packet belonging to the target protocol type from the plurality of historical data packets as the at least one target historical data packet.
4. The method of claim 3, wherein the determining a target protocol type of the at least one protocol type comprises:
Acquiring input operation of a user;
Determining a target port based on the input operation; and
determining the target protocol type based on the target port, wherein the target port is used for transmitting the historical data packet belonging to the target protocol type.
5. The method of claim 4, wherein the determining the target protocol type based on the target port comprises:
obtaining a custom rule, wherein the custom rule comprises the at least one protocol type and port information associated with the at least one protocol type; and
and determining the target protocol type corresponding to the target port based on the self-defined rule.
6. The method of any of claims 2-5, wherein the determining at least one target historical data packet from the plurality of historical data packets comprises:
Acquiring a reference data packet;
Determining a similarity between the reference data packet and each of the plurality of historical data packets; and
And determining the historical data packet with the similarity meeting the preset condition as the at least one target historical data packet.
7. the method of claim 1, further comprising:
Determining whether the number of the historical data packets corresponding to each protocol type is a preset number; and
Generating alarm information in response to determining that the number of historical data packets is not equal to the preset number.
8. A data processing apparatus comprising:
The system comprises an acquisition module, a processing module and a processing module, wherein the acquisition module is used for acquiring flow data which comprises a plurality of historical data packets;
the processing module is used for processing the flow data to obtain at least one protocol type of the plurality of historical data packets, wherein each historical data packet in the plurality of historical data packets belongs to one protocol type in the at least one protocol type;
A first determining module, configured to determine a number of historical data packets corresponding to each protocol type of the at least one protocol type; and
And the display module displays the at least one protocol type and the number of the historical data packets corresponding to each protocol type so as to determine the abnormal condition of the traffic data.
9. A computing device, comprising:
One or more processors;
a memory for storing one or more programs,
Wherein the one or more programs, when executed by the one or more processors, cause the one or more processors to implement the method of any of claims 1-7.
10. A computer-readable storage medium storing computer-executable instructions for implementing the method of any one of claims 1 to 7 when executed.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910835643.0A CN110569282A (en) | 2019-09-04 | 2019-09-04 | Data processing method, data processing device, computing equipment and computer readable storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910835643.0A CN110569282A (en) | 2019-09-04 | 2019-09-04 | Data processing method, data processing device, computing equipment and computer readable storage medium |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN110569282A true CN110569282A (en) | 2019-12-13 |
Family
ID=68777852
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201910835643.0A Pending CN110569282A (en) | 2019-09-04 | 2019-09-04 | Data processing method, data processing device, computing equipment and computer readable storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN110569282A (en) |
Cited By (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN111562909A (en) * | 2020-05-06 | 2020-08-21 | 北京金堤科技有限公司 | Class-based application implementation method and device, electronic equipment and storage medium |
| CN112597368A (en) * | 2020-12-18 | 2021-04-02 | 深圳集智数字科技有限公司 | Data processing method and related device |
| CN113904811A (en) * | 2021-09-16 | 2022-01-07 | 深圳供电局有限公司 | Anomaly detection method and device, computer equipment and storage medium |
| CN114374745A (en) * | 2021-12-30 | 2022-04-19 | 北京网太科技发展有限公司 | Protocol format processing method and system |
| CN115426265A (en) * | 2022-11-02 | 2022-12-02 | 之江实验室 | Exchange resource allocation optimization method, device and medium in multi-mode network |
Citations (10)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US6173333B1 (en) * | 1997-07-18 | 2001-01-09 | Interprophet Corporation | TCP/IP network accelerator system and method which identifies classes of packet traffic for predictable protocols |
| CN102130800A (en) * | 2011-04-01 | 2011-07-20 | 苏州赛特斯网络科技有限公司 | Device and method for detecting network access abnormality based on data stream behavior analysis |
| CN102821002A (en) * | 2011-06-09 | 2012-12-12 | 中国移动通信集团河南有限公司信阳分公司 | Method and system for network flow anomaly detection |
| CN104469901A (en) * | 2013-09-17 | 2015-03-25 | 华为终端有限公司 | Method and device for data processing |
| CN105656848A (en) * | 2014-11-13 | 2016-06-08 | 腾讯数码(深圳)有限公司 | Method and related device for detecting quick attack of application layer |
| CN105847283A (en) * | 2016-05-13 | 2016-08-10 | 深圳市傲天科技股份有限公司 | Information entropy variance analysis-based abnormal traffic detection method |
| US20160285912A1 (en) * | 2015-03-23 | 2016-09-29 | Sonicwall, Inc. | Non rfc-compliant protocol classification based on real use |
| CN107800674A (en) * | 2016-09-07 | 2018-03-13 | 百度在线网络技术(北京)有限公司 | A kind of method and apparatus for being used to detect the attack traffic of distributed denial of service |
| CN108008806A (en) * | 2017-11-23 | 2018-05-08 | 努比亚技术有限公司 | A kind of data processing method, terminal and computer-readable recording medium |
| CN108322433A (en) * | 2017-12-18 | 2018-07-24 | 中国软件与技术服务股份有限公司 | A kind of network security detection method based on stream detection |
-
2019
- 2019-09-04 CN CN201910835643.0A patent/CN110569282A/en active Pending
Patent Citations (10)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US6173333B1 (en) * | 1997-07-18 | 2001-01-09 | Interprophet Corporation | TCP/IP network accelerator system and method which identifies classes of packet traffic for predictable protocols |
| CN102130800A (en) * | 2011-04-01 | 2011-07-20 | 苏州赛特斯网络科技有限公司 | Device and method for detecting network access abnormality based on data stream behavior analysis |
| CN102821002A (en) * | 2011-06-09 | 2012-12-12 | 中国移动通信集团河南有限公司信阳分公司 | Method and system for network flow anomaly detection |
| CN104469901A (en) * | 2013-09-17 | 2015-03-25 | 华为终端有限公司 | Method and device for data processing |
| CN105656848A (en) * | 2014-11-13 | 2016-06-08 | 腾讯数码(深圳)有限公司 | Method and related device for detecting quick attack of application layer |
| US20160285912A1 (en) * | 2015-03-23 | 2016-09-29 | Sonicwall, Inc. | Non rfc-compliant protocol classification based on real use |
| CN105847283A (en) * | 2016-05-13 | 2016-08-10 | 深圳市傲天科技股份有限公司 | Information entropy variance analysis-based abnormal traffic detection method |
| CN107800674A (en) * | 2016-09-07 | 2018-03-13 | 百度在线网络技术(北京)有限公司 | A kind of method and apparatus for being used to detect the attack traffic of distributed denial of service |
| CN108008806A (en) * | 2017-11-23 | 2018-05-08 | 努比亚技术有限公司 | A kind of data processing method, terminal and computer-readable recording medium |
| CN108322433A (en) * | 2017-12-18 | 2018-07-24 | 中国软件与技术服务股份有限公司 | A kind of network security detection method based on stream detection |
Cited By (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN111562909A (en) * | 2020-05-06 | 2020-08-21 | 北京金堤科技有限公司 | Class-based application implementation method and device, electronic equipment and storage medium |
| CN111562909B (en) * | 2020-05-06 | 2024-04-02 | 北京金堤科技有限公司 | Class-based application implementation method and device, electronic equipment and storage medium |
| CN112597368A (en) * | 2020-12-18 | 2021-04-02 | 深圳集智数字科技有限公司 | Data processing method and related device |
| CN113904811A (en) * | 2021-09-16 | 2022-01-07 | 深圳供电局有限公司 | Anomaly detection method and device, computer equipment and storage medium |
| CN113904811B (en) * | 2021-09-16 | 2023-11-24 | 深圳供电局有限公司 | Abnormality detection method, abnormality detection device, computer device, and storage medium |
| CN114374745A (en) * | 2021-12-30 | 2022-04-19 | 北京网太科技发展有限公司 | Protocol format processing method and system |
| CN115426265A (en) * | 2022-11-02 | 2022-12-02 | 之江实验室 | Exchange resource allocation optimization method, device and medium in multi-mode network |
| CN115426265B (en) * | 2022-11-02 | 2023-04-18 | 之江实验室 | Exchange resource allocation optimization method, device and medium in multi-mode network |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US11539578B2 (en) | Generating actionable alert messages for resolving incidents in an information technology environment | |
| US11934417B2 (en) | Dynamically monitoring an information technology networked entity | |
| US11736378B1 (en) | Collaborative incident management for networked computing systems | |
| US10567320B2 (en) | Messaging balancing and control on blockchain | |
| CN110569282A (en) | Data processing method, data processing device, computing equipment and computer readable storage medium | |
| US11283596B2 (en) | API request and response balancing and control on blockchain | |
| US11882099B1 (en) | Trusted tunnel bridge | |
| US11924021B1 (en) | Actionable event responder architecture | |
| US11023511B1 (en) | Mobile device composite interface for dual-sourced incident management and monitoring system | |
| US10866849B2 (en) | System and method for automated computer system diagnosis and repair | |
| US10599668B2 (en) | Adaptive parsing and normalizing of logs at MSSP | |
| US11601324B1 (en) | Composite display of multi-sourced IT incident related information | |
| US20190095478A1 (en) | Information technology networked entity monitoring with automatic reliability scoring | |
| US20190057379A1 (en) | Systems and methods for data file transfer balancing and control on blockchain | |
| CN110851342A (en) | Fault prediction method, device, computing equipment and computer readable storage medium | |
| US20210027458A1 (en) | Geofence-based object identification in an extended reality environment | |
| US11307949B2 (en) | Decreasing downtime of computer systems using predictive detection | |
| KR20230070067A (en) | System and method for displaying multiple applications | |
| US9929930B2 (en) | Reducing an amount of captured network traffic data to analyze | |
| US11145123B1 (en) | Generating extended reality overlays in an industrial environment | |
| US11762442B1 (en) | Real-time machine learning at an edge of a distributed network | |
| US11108835B2 (en) | Anomaly detection for streaming data | |
| US20230244812A1 (en) | Identifying Sensitive Data Risks in Cloud-Based Enterprise Deployments Based on Graph Analytics | |
| US11895237B1 (en) | Scaled authentication of endpoint devices | |
| CN109784049B (en) | Method, apparatus, system, and medium for threat data processing |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20191213 |