CN111935331A - Network space mapping method, visualization method and system - Google Patents
Network space mapping method, visualization method and system Download PDFInfo
- Publication number
- CN111935331A CN111935331A CN202010747532.7A CN202010747532A CN111935331A CN 111935331 A CN111935331 A CN 111935331A CN 202010747532 A CN202010747532 A CN 202010747532A CN 111935331 A CN111935331 A CN 111935331A
- Authority
- CN
- China
- Prior art keywords
- network
- map
- network space
- information
- objects
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 39
- 238000013507 mapping Methods 0.000 title claims abstract description 24
- 238000007794 visualization technique Methods 0.000 title claims abstract description 7
- 238000004891 communication Methods 0.000 claims description 55
- 230000000007 visual effect Effects 0.000 claims description 16
- 238000012800 visualization Methods 0.000 claims description 14
- 238000010586 diagram Methods 0.000 claims description 11
- 230000010365 information processing Effects 0.000 claims description 9
- 230000008859 change Effects 0.000 claims description 7
- 238000012545 processing Methods 0.000 claims description 6
- 230000003321 amplification Effects 0.000 claims description 5
- 238000003199 nucleic acid amplification method Methods 0.000 claims description 5
- 230000002776 aggregation Effects 0.000 claims description 4
- 238000004220 aggregation Methods 0.000 claims description 4
- 239000000284 extract Substances 0.000 claims description 4
- 238000000638 solvent extraction Methods 0.000 claims description 3
- 238000009432 framing Methods 0.000 claims 2
- 238000005516 engineering process Methods 0.000 abstract description 2
- 230000011218 segmentation Effects 0.000 description 5
- 230000004931 aggregating effect Effects 0.000 description 3
- 238000004364 calculation method Methods 0.000 description 2
- 238000012544 monitoring process Methods 0.000 description 2
- 230000008569 process Effects 0.000 description 2
- 230000009467 reduction Effects 0.000 description 2
- 230000008521 reorganization Effects 0.000 description 2
- 230000004083 survival effect Effects 0.000 description 2
- 235000008694 Humulus lupulus Nutrition 0.000 description 1
- 238000013459 approach Methods 0.000 description 1
- 230000006399 behavior Effects 0.000 description 1
- 230000000903 blocking effect Effects 0.000 description 1
- 239000003086 colorant Substances 0.000 description 1
- 230000007547 defect Effects 0.000 description 1
- 238000013461 design Methods 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 230000018109 developmental process Effects 0.000 description 1
- 230000000694 effects Effects 0.000 description 1
- 238000000605 extraction Methods 0.000 description 1
- 230000010354 integration Effects 0.000 description 1
- 230000002452 interceptive effect Effects 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 238000005192 partition Methods 0.000 description 1
- 238000006116 polymerization reaction Methods 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L61/00—Network arrangements, protocols or services for addressing or naming
- H04L61/09—Mapping addresses
- H04L61/10—Mapping addresses of different types
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/90—Details of database functions independent of the retrieved data types
- G06F16/95—Retrieval from the web
- G06F16/953—Querying, e.g. by the use of web search engines
- G06F16/9537—Spatial or temporal dependent retrieval, e.g. spatiotemporal queries
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/90—Details of database functions independent of the retrieved data types
- G06F16/95—Retrieval from the web
- G06F16/957—Browsing optimisation, e.g. caching or content distillation
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/50—Network services
- H04L67/52—Network services specially adapted for the location of the user terminal
Abstract
The invention discloses a network space mapping method, a visualization method and a system, and relates to a network space resource mapping technology. According to the mode of network space mapping, a network space map is constructed, the network space map is partitioned according to different orders of magnitude according to corresponding network assets of an object in a network space, the network space map is amplified/reduced by different orders of magnitude, network asset information of the object is mapped into the network space map, an IP address and a port number used by the object in the network space at a certain moment are mapped in a basic coordinate system, the IP address and the port number used by the object at the moment are used as nodes, the nodes are mapped to the network space map according to the information of an autonomous system where the object is located, different autonomous systems are distributed in different layers, and people or objects using the network in the network space are visualized. Network asset location is achieved by using IP and port numbers in the network space to determine the location of the network space asset in the space.
Description
Technical Field
The invention relates to the technical field of network space resource management control, in particular to a network space asset mapping visualization method and network space resource mapping.
Background
With the popularization and development of network technologies, the internet becomes closely related to the life of people. Various network devices undertake the work of network interconnection, and the number of the network devices is large, and the connection is complex. If the cyber space resources can be mapped in the diagram in an effective way, the management and control of the cyber space resources and the distribution understanding of the cyber space resources are greatly facilitated. The current main methods are as follows: the first approach is to make the collected web application information into a web service to be provided to a third party for querying, which is typically zoomeeye of the inventor. The zoomeeye mainly collects and displays information for web applications, and extracts attributes such as characteristics and service types of a target web framework. The method only realizes the integration of data and does not consider the visualization of the extracted features and attributes. The second method displays the detected network application information on a traditional map, and defines the position of the network application on the display map through the longitude and latitude of the position where the network service exists. The method has the advantages that the traditional map modeling thought is converted into the network space, so that the method is easy to understand, but the characteristics of the geographic position information and the characteristics of the network space information have considerable differences, and the assets in the network space cannot show some implicit characteristics by using the traditional map modeling thought to describe the assets.
Disclosure of Invention
Aiming at the defects in the prior art, the invention provides a network space mapping method, a visualization method and a system. The technical scheme for solving the technical problems is that the autonomous systems are classified by supporting the self-defined information characteristics, the height of the autonomous systems in a network map is obtained through the relation between the autonomous systems, and the communication condition between the node autonomous systems can be observed visually.
The invention provides a network space mapping method based on an object IP address and a port number, which comprises the following steps: determining a network space mapping mode; storing data by adopting tile segmentation, and dividing data display according to different segmentation levels; are designated as objects in the cyberspace and are exposed. The method specifically comprises the following steps: determining a person or an object using a network in the network space as an object in the network space; mapping IP addresses and port numbers used by objects in a network space at a certain moment on a plane; constructing a network space map by taking the IP address of the object as an abscissa, the port number of the object as an ordinate and the information of the autonomous system where the object is located as a third dimension; the IP address and the port number used by an object at a certain moment are used AS nodes, the information of an Autonomous System (AS) where the object is located is used AS the basis of layering of a network space map, different autonomous systems are distributed in different layers, and the nodes are mapped on the network space map. Determining an IP address and a port number used by the object in a network space, and real information or network information corresponding to the IP address and the port number of the object as a network asset of the object; according to the corresponding network assets of the object in the network space, the network space map is partitioned according to different orders of magnitude, the network space map is amplified/reduced by different orders of magnitude, and the network asset information of the object is mapped to the corresponding network space map. Different layers can be set according to the information of the autonomous system, and the nodes in the network space are displayed in a three-dimensional mode. Displaying all network assets of the object on a network space map according to the IP address or the port number of the object; according to the network assets of the objects, the points of all the objects which are identical to a certain network asset can be displayed on the network space map. According to the information of the Autonomous System (AS) where the object is located, the position of the corresponding layer and the relation between the corresponding layer and other Autonomous Systems (AS) can be displayed on the network map.
Blocking the cyber-spatial map by different orders of magnitude further comprises: the method comprises the steps of adopting a tile segmentation method to segment a network asset map into small blocks with n x n pixels according to corresponding network assets of an object in a network space, enabling the small blocks to become map blocks, using the side length of each small block as a standard length unit of an x axis and a y axis of a coordinate system, marking different types of services as different types of points, enabling each point to exist in each small block, aggregating IP addresses, and using the minimum number of aggregated IPs as IP resolution R. The method comprises the steps of analyzing address data in a data packet sent or received by an object, obtaining IP addresses and port numbers used by the same object at different times, storing the obtained IP addresses and port number data of the same object at different times into a database, obtaining data by a webpage end, drawing corresponding points on a network space map, connecting the points on the network space map into lines according to the used time, and constructing a network change trajectory diagram of the object on the network space map. Acquiring communication condition data of the object and other objects at a certain time point by analyzing source address and target address information in a data packet, storing the data in a database, acquiring the data by a webpage end, connecting points of the object at the certain time point on a network space map into a line, and constructing a network communication path diagram of the object at the certain time point; and constructing a network communication path graph of the object changing along with time according to the communication condition of the object between different time points and other objects. And calculating the changed track path of the same object network and the distance of the communication path of different objects according to the physical link or the geographic information among the objects. For a physical link, a network routing path is used for representing the track of the physical link, and the routing forwarding hop number in communication is used for representing the communication path distance; for the geographic information, a display geographic position field can be obtained from the network asset information, and then the real geographic distance can be obtained according to the real distance.
Setting the IP address and the port number as the abscissa (x axis) and the ordinate (y axis) of the display system to establish a coordinate system of the network asset map, displaying the surviving objects in the network asset map according to the IP address and the port number of the surviving objects in a network space, dividing the network asset map into n x n pixel small blocks by adopting a tile division method, and taking the side length of each small block as the standard length unit of the x axis and the y axis of the coordinate system, wherein the small blocks become map blocks. Different types of services are marked as different types of points, and each point is stored in each small block, so that the function of displaying data according to different levels is realized. Because the number of the IP addresses is too large, if the IP addresses are not aggregated, the good visual effect cannot be achieved by adopting the IP-by-IP division unit, and therefore, the invention aggregates the IP addresses. Specifically, the number of IP addresses included in the minimum IP classification level is used as the IP resolution, that is, the minimum number of aggregated IPs is used as the IP resolution R. The tiles are classified according to the characteristics and the attributes of the network space map tiles and can be divided into point of interest (POI) tiles and non-POI tiles, reorganization and clustering are carried out according to the access heat of the tiles, and hot spot areas, secondary hot spot areas and non-hot spot areas can be divided.
The hierarchical display is to enlarge or reduce a certain part of the divided map, and specifically includes, according to the number of addresses and magnification (multiple) included in each level (level), calling a formula: num total/(2)(level-1)*multiple) Calculating the number of IP (num) contained in each level according to a formula: j _ num total/(R2)(level-1)*multiple) The precision (j _ num) of this level is calculated. Where total is the number of all IPs in the system, j _ num (precision) represents the number of tiles containing the smallest, level represents the degree of amplification, resolution is the number of IPs contained in the smallest partition unit, and the user can also specify IP segments and port segments to display the distribution of network asset information within the specified range.
The invention also provides a visualization method of network space mapping, which takes the IP address of an object in the network space as an abscissa axis and the port number as an ordinate axis to construct a basic coordinate system; acquiring asset information of a network space object including an IP address and a port number, and loading the asset information to a Web server; the IP address and the port number of the object in the network space at a certain moment are orthogonal and mapped onto a two-dimensional plane, and a basic coordinate system is constructed to be used as a two-dimensional network space map; the symbol of the network space object is matched with the hierarchy of the network space map layer, and the POI (point of interest) of the network space object is matched with the hierarchy of the network space map layer; and carrying out aggregation and depolymerization on the objects in the network space map according to the initial pixel distance and different scales, and quantitatively displaying the objects in the visual range. The method specifically comprises the following steps: and when the network space map uses a large scale, the visualization expression is carried out through visualized symbols.
Furthermore, the symbol of the network space object is matched with the layer level of the network space map, when the map adopts a small scale, the geometric figure visually expresses the entity resource, and when the map adopts a large scale, the visualized symbol visually expresses. The method for the visualization of the network space object comprises the steps of matching the POI of the network space object with the hierarchy of the map layer of the network space map, and further comprises the steps of dividing the tiles of the network space map into POI tiles and non-POI tiles according to the attention information of a user, dividing the tiles of the network space map into the POI tiles and the non-POI tiles according to the POI of the network space, and reorganizing and clustering the POI tiles into a hotspot area, a secondary hotspot area and a non-hotspot area according to the access heat of.
Furthermore, the autonomous system of the network space object is used as a vertical axis, a network space map is constructed by being orthogonal to the basic coordinate axis, and the objects of the same autonomous system can be observed on the same plane.
The invention also provides a visualization system of network space mapping, which comprises a server side and a client side, wherein the server side matches the POI with the hierarchy of the map layer of the network space map according to the request of the client side, and the server side comprises an information processing module, a map processing module and a data layer. The information processing module comprises information acquisition and information processing, asset information and communication conditions of the network space object are acquired, related data are inquired through a data layer according to a request initiated by a client, and expired content is written into a file. The map processing module is used for constructing a basic coordinate system and a three-dimensional coordinate system, reflecting the information of the information processing module on the coordinate system to construct a network space map, and aggregating and disaggregating the objects to quantitatively display. The data layer comprises an object information database, a communication information database and a file system. The object information database stores the current asset information of the network space object, and the communication information database stores the communication condition and the login condition of the recent object; the file system is used for storing relevant symbol identifications and expired object communication conditions and login conditions.
Further, the visualization system comprises a click and box unit of the visual area object. The click unit controls and displays the network space asset information of the object; the box unit controls the list to display all objects within this range. The visualization system also comprises a module for dynamically showing the communication condition of the objects in the visual area, when a certain object is selected to be shown, the symbols of the object are emphasized in color, and the communication condition of the object and other objects in a certain time period is observed by dragging the time axis. The visualization system also includes a module for dynamically presenting the login to the objects in the viewable area. The logging situations of a same object in different IP ports and autonomous systems are recorded, and the logging situations of the object in a certain time period can be observed by dragging a time axis.
The method comprises the steps of acquiring asset information of a network space object, loading the acquired asset information of the network space object to a server, then carrying out quantitative display according to aggregation and disaggregation principles, matching symbols of the network space object with layer levels of a network space map, and carrying out visual display on the asset information of the object by matching POI (point of interest) with the layer levels of the network space map; then, the communication condition of the network space object is acquired periodically, and the communication condition of the network space object is loaded to the server. The invention constructs a virtual network space map, can visually display the information and communication conditions of the network space objects, clearly expresses the logical relationship between the network space objects, and can provide help for dynamically monitoring the behaviors of the network space objects.
Drawings
FIG. 1 is a flow diagram of a cyber-spatial mapping implementation;
fig. 2 is a functional block diagram of a network space mapping system.
Detailed Description
The following detailed description of the embodiments of the present invention will be provided to further explain the embodiments of the present invention by referring to the figures, so as to enable those skilled in the art to better practice the invention.
Fig. 1 is a flow chart of the embodiment of the present invention, which mainly includes: s10 defines a cyber-space map; s20 storing data using tile partitioning; s30 visually exposes the cyberspace object. The invention adopts various symbols to mark different types of objects, wherein the objects refer to people or objects using network services in a network space. The visualization system of the cyberspace mapping provides the following operations for the object according to the collected information: the network position where the object frequently exists can be tracked, namely the IP address and the port number frequently used by the object, and the movement track of the object in the network space can be described according to the time lapse, namely the connection line of the object at different positions in the network space at different times; the system can also monitor the communication state of a certain object and other objects at any time, different line segment symbols are distinguished according to the communication flow, and the communication attribute between the two objects is displayed according to the collected data, such as the type of a communication protocol, whether encryption is adopted, an encryption algorithm is adopted, and the like; further showing virtual links between objects, which refer to the relation of hops up and down in the routing table or connections in the autonomous system, physical links, which refer to actual physical line connections of two objects, and corresponding geographical information, etc.
The invention obtains the whole network asset data through network scanning and processes the network asset data. And loading the data required to be displayed from the database according to the IP range (such as 192.168.1.0/24 of all the IP contained in the part) and the port range (such as ports with the number of 1-10000), and sequentially displaying the data according to the map block unit. Collecting information of the network assets through tools such as Nmap and web crawler, wherein the information of the network assets comprises user IP addresses, open port numbers, names of using services, DNS information, fingerprint information of web frameworks and the like, storing the information acquired in real time in a database for further extraction and use, and integrating the collected information. And (3) displaying the information in blocks, for example, the resolution of an IP axis is 32 IP addresses, the magnification of each level is 8, and acquiring detailed information for the POI or the self-made system of each object.
The cyberspace object is visualized. And mapping the network space based on the IP address and the port number of the object, storing the data by adopting tile segmentation, dividing the data display according to different segmentation levels, determining the data display as the object in the network space, and displaying the data display.
Fig. 2 is a functional block diagram of a network space mapping system. The method comprises the steps of obtaining IP addresses, port numbers, services and other network information frequently used by an object, monitoring the communication condition of the object and other objects at a certain time point, wherein the communication condition comprises virtual links, physical links or geographic information of the object, determining network assets of the object, storing data by adopting tile division, displaying the object and the data at different levels, visualizing the object in a network space, and using the IP addresses and the port numbers of the same object at different times.
Specifically, a network asset map coordinate system is established by setting an IP address and a port number as an abscissa (x axis) and an ordinate (y axis) of the display, the survival object is displayed in the network asset map coordinate system according to the IP address and the port number of the survival object in a network space, the network asset map is divided into n × n pixel small blocks (where n is a pixel unit, for example, 256 × 256 pixels of small blocks can be selected as a basic unit block) by a tile division method, the side length of each small block is used as a standard length unit of the x axis and the y axis of the coordinate system, and the small blocks become map tiles. Different types of services are marked as different types of points, and each point is stored in each small block, so that the function of displaying data according to different levels is realized. Because the number of the IP addresses is too large, if the aggregation is not carried out, the good visual effect can not be achieved by adopting the IP-by-IP division units, and the IP addresses are aggregated to a certain extent. Specifically, the number of IP addresses included in the minimum level is taken as the IP resolution. I.e. the minimum number of aggregated IPs as IP resolution R.
For the classification of the network characteristics, the tiles are classified according to the characteristics and attributes of the network space map tiles, and the classification can be divided into point of interest (POI) tiles and non-POI tiles, for example, a hot network resource 0.1% of the network traffic can be regarded as a network POI, and the rest are non-network POI, if a network POI exists in the tile, the tile is a POI tile, otherwise, the tile is a non-POI tile. Reorganization and clustering can be carried out according to the tile access heat, and hot spot regions, secondary hot spot regions and non-hot spot regions can be divided.
Ranking all current display areas according to the tile visit amount for the heat classification, and if the current tile visit amount is ranked at the top 1%, determining that the current tile visit amount is a hot spot area; if the current tile visit volume is ranked before the top 1% -10%, the current tile visit volume is a secondary hot spot area; if the current tile visit amount is ranked after 10%, the current tile visit amount is a non-hotspot area and can be set according to needs.
The main content concerned by the user is concentrated on the POI resources in the network, classified storage is carried out aiming at different types of POI tiles, different types of POI resources and different information concerned by the user can be classified and displayed according to the characteristics of the POI resources, and the storage efficiency is improved. Therefore, the POI tiles and the non-POI tiles can be stored respectively, and more information can be displayed for the POI tiles as much as possible for the user to obtain; and the display of tile information can be reduced as much as possible for the non-POI tiles, the size of the tile file is reduced, and the loading efficiency is improved. Different types of POI tiles can be classified and stored, different types of POI resources are different, and information concerned by a user is different, so that classified display can be performed according to the characteristics of the POI resources, and the storage efficiency is improved.
For the classification of network heat, since network access satisfies the two eight principle, that is, 20% of hot spot resources carry 80% of access amount. Tiles are collected again according to tile access heat, sorting is carried out according to tile heat, display information of tiles in high hot spot areas is detailed and complete, integrity of display and stored data can be reduced by tiles in low hot spot areas, different updating strategies can be adopted for tiles with different heat, updating speed of tiles in hot spot areas is the fastest, updating speed of tiles in secondary hot spot areas is the next lowest, and updating speed of tiles in non-hot spot areas is the slowest. The updating speeds of the hot spot area, the secondary hot spot area and the non-hot spot area have a fixed proportion and a relation of 20:5: 1. The non-hot spot area is updated 1 time, the secondary hot spot area is updated 5 times, and the hot spot area is updated 20 times. Adding the method takes the data change in the hot spot area exceeding the threshold value of 20% as a change threshold value, once the data change exceeds 50%, the hot spot area is updated once, and then the secondary hot spot area and the non-hot spot area are correspondingly changed according to the change rate proportion, so that the loading efficiency and the system performance of the whole tile can be effectively improved. The hierarchical display is to enlarge or reduce a certain part of the divided map, and the hierarchical display part extracts the number of addresses and magnification (multiple) included in each level according to the formula: num total/(2)(level-1)*multiple) Calculating the number of IPs (num) contained by the level, according to the formula: j _ num total/(R2)(level-1)*multiple) Calculation accuracy (j _ num)Where total is the number of IPs in the divided map, level (level) is the degree of enlargement, precision (j _ num) is the number of minimum unit blocks included in the divided map, resolution is the number of IP addresses included in the minimum unit blocks (for example, a resolution of 256 means that 256 IP addresses are included in the minimum division unit), and R is the number of IPs included in the minimum level. An IP segment and a port segment may also be designated to display the distribution of network asset information within a specified range. The number and accuracy of the IP calculations are mainly used to illustrate the effect of the zoom-in and zoom-out functions, the zoom-in of a particular display area will contain less IP and port information, and the zoom-out will contain more IP and port information. For example, IPv4 and IPv6 illustrate that the IPv4 interface may display 32 × 32 small tiles, where the first 1% of the ranked small tiles are considered hot-spot regions, the first 1% -10% of the ranked tiles are secondary hot-spot regions, and the remaining tiles are non-hot-spot regions. If there is a POI in a tile, then the tile is an interest tile. And clustering according to an IPv4 hierarchical display table in the zooming-in and zooming-out processes. The levels of the current tiles are classified according to the subnet masks of the tiles, the specific classification is referred to according to table 1, and the precision and the resolution are also the same. In the IPV4, 3 is used as an amplification factor, the minimum resolution is 32, each 1 IP level is recorded as a level, the IP number and the accuracy number corresponding to each IP classification level are calculated according to the above formula, the IP number included in the IP classification of each level is one-to-one, and the accuracy and the corresponding IP mask are all in table 1. The IP level is adjusted to achieve the enlargement and reduction, and for example, may be set to level 1 as a minimum IP number level and level 10 as a maximum IP number level.
The corresponding sorting operation is carried out according to the IPv6 hierarchical display table, the magnification is 5 in the IPV6, the minimum resolution is 256, and the detailed result can be seen in Table 2.
Table 1 IPV4IP hierarchical display table
Table 2IPV6 IP hierarchical display table
The visualization system acquires network space objects, including network asset information including IP addresses and port numbers; and then loading the acquired asset information of the network space object to a Web server, matching the symbol of the network space object with a network space map layer, matching the interest Point (POI) of the network space object with the hierarchy of the network space map layer, aggregating and disaggregating the objects in the network space map according to the initial pixel distance and different scales, and quantitatively displaying the objects in a visual range.
Asset information of the cyberspace object is obtained. The network space objects comprise personal computers, mobile phones, smart homes and the like, the asset information of the objects comprises IP addresses, opened or used port numbers and services, types and operating systems of equipment, used software and versions, geographical positions, autonomous systems, attribution units and the like, and the protection conditions of the equipment such as firewall information and the like. And constructing a basic coordinate system of the network space map by taking the IP address of the object in the network space as an abscissa axis and the port number as an ordinate axis. And loading the acquired asset information of the network space object to a Web server for visual display.
The second method is to manage the displayed content and loading form of the network space map respectively according to the main concerned area of the user and in a tiling mode. In order to more clearly display the information of the network space object and improve the visual effect of the network space map, the invention matches the symbol of the network space object with the layer of the network space map, and aggregates and depolymerizes the objects in the network space map according to the initial pixel distance and different scales.
The symbol of the cyberspace object is matched with the cyberspace map layer. When the network space map adopts a small scale, the entity resources are visually expressed through the geometric figures, and different network space objects are distinguished by using different colors; when the network space map adopts a large scale, the visualized expression is carried out through the visualized symbols, and the symbols of the network space objects can be further refined.
The polymerization and depolymerization are performed on different scales according to the initial pixel distance. In order to be more convenient for users to use, the invention can divide the network space map into different tile areas according to the information concerned by the users.
In order to show the communication conditions of the objects in the autonomous systems and among the autonomous systems more clearly, the invention can show the objects in the same autonomous system on the same plane by adding a third coordinate axis in a basic coordinate system. The method comprises the steps of obtaining a user event, sending a request to a server, constructing a vertical axis on a basic coordinate system, calling object information in the autonomous system requested by a user from a database, and displaying an object in the autonomous system at the height of the vertical axis set by the same user. In order to more reasonably display the network space asset information, the invention also comprises the steps of clicking and selecting the objects in the visual area. And after the webpage end receives the click request, the server calls the asset information related to the object from the database. Similarly, when the box selection is carried out, the object list of the selected area in the mouse event is counted, the selected objects in the area and relevant statistical information are listed, and when an asset information request about one listed object is received, relevant data is called from the database.
In order to dynamically observe the communication condition of the objects in the network space and know the communication tracks of the objects, the system also comprises a module for dynamically displaying communication and a module for dynamically displaying login for the objects in the visual area. The method comprises the steps of firstly setting time, regularly obtaining the communication condition of an object, storing the communication condition in a database, sending login information and communication information to a client, and updating a network space map by the client.
The visualization system uses a B/S design mode and comprises a server and a webpage end. The server side comprises a map processing module, an information processing module and a related data layer. The information processing module is used for acquiring asset information and communication conditions of the network space object; the map processing module is used for constructing a basic coordinate system and a three-dimensional coordinate system, reflecting the information of the information processing module on the coordinate system to generate a network space map, matching the symbol of the network space object with the layer level of the network space map, and matching the POI with the layer level of the network space map. The data layer comprises an object information database, a communication information database and a file system. The object information database stores the current asset information of the network space object, including an IP address, an opened or used port number and service, the type and operating system of the equipment, the used software and version, the geographic position, the autonomous system, the attribution unit and the like, and also includes the protection conditions of the equipment, such as firewall information and the like; the communication information database stores the communication condition and the login condition of the recent object; the file system is used for storing relevant symbol identifications and expired object communication conditions and login conditions. The webpage end realizes user interactive operations such as amplification and reduction of the network space map and communication condition display of the network space object.
The above-described embodiments are intended to be illustrative only and not to represent limitations upon the present invention, as modifications and variations thereof may occur to those of skill in the art, within the scope of the present invention.
Claims (14)
1. A network space mapping method is characterized in that the IP address of an object in a network space is taken as an abscissa, the port number of the object is used as a vertical coordinate to construct a basic coordinate system, the autonomous system information of the object is used as a third dimension on the basis of the basic coordinate system to construct a network space map, and according to the corresponding network assets of the object in the network space, partitioning the network space map according to different orders of magnitude, magnifying/reducing the network space map by different orders of magnitude, mapping the network asset information of the object into the network space map, mapping the IP address and the port number used by the object in the network space at a certain moment in a basic coordinate system, taking the IP address and the port number used by the object at the moment as a node, and mapping the nodes to a network space map according to the information of the autonomous system where the object is located, and distributing different autonomous systems in different layers.
2. The method of claim 1, wherein the partitioning the cyberspace map by different orders of magnitude further comprises: dividing a network asset map into n x n pixel small blocks according to the corresponding network assets of an object in a network space, wherein the small blocks become map blocks, the side length of each small block is used as a standard length unit of an x axis and a y axis of a basic coordinate system, different types of services are marked as different types of points, each point is stored in each small block, an IP address is aggregated, and the minimum aggregated IP number is used as an IP resolution R.
3. The method of claim 1, wherein the IP address and port number used by an object at different times are obtained, the position point of the network space asset in the space is determined, the position point is connected into a line according to the time of use, and a network change trajectory diagram of the object is constructed on the network space map; the method comprises the steps of obtaining the communication condition between an object and other objects at a certain moment, connecting position points of the object on a network space map at the current moment into a line, constructing a network communication path diagram of the object at the current moment, and constructing a network communication path diagram of the object changing along with time according to the communication condition of the object between different time points and other objects.
4. The method of claim 1, wherein the tiles are classified into point-of-interest (POI) tiles and non-POI tiles according to characteristics and attributes of the tiles, wherein the hotspot network resources are POIs, the POI tiles contain common network information of objects, and the POIs are reorganized and clustered according to tile access heat to divide hotspot areas, secondary hotspot areas and non-hotspot areas; and dividing the virtual communities on the network space map according to the POI tiles.
5. The method as claimed in claim 2, wherein the divided map is enlarged or reduced according to a level and a precision j _ num, and the hierarchical display part extracts each of the divided map and the hierarchical display partThe number of addresses and magnification multiplex contained in each level, according to the formula: num total/(2)(level-1)*multiple) Calculating the number num of IP contained in the level according to the formula: j _ num total/(R2)(level-1)*multiple) And calculating the precision j _ num, wherein total is the number of IPs in the divided map, level is the amplification degree, j _ num is the number of the minimum unit blocks contained in the divided map, R is the number of IPs contained in the minimum level, and the IP section and the port section are specified to display the distribution of the network asset information in the specified range.
6. The method of claim 3, wherein the track path of the same object and the distance between the communication paths of different objects are calculated according to the physical link or the geographic information between the objects, for the physical link, the track is represented by using a network routing path, for the communication path distance is represented by using a routing forwarding hop number in communication, for the geographic information, a geographic position field is obtained from the network asset information, and the real geographic distance is known.
7. A visualization method of network space mapping is characterized in that asset information of a network space object including an IP address and a port number is obtained and loaded to a Web server; the IP address and the port number of the object in the network space at a certain moment are orthogonal and mapped onto a two-dimensional plane, and a basic coordinate system is constructed to be used as a two-dimensional network space map; the symbol of the network space object is matched with the hierarchy of the network space map layer, and the POI (point of interest) of the network space object is matched with the hierarchy of the network space map layer; and carrying out aggregation and depolymerization on the objects in the network space map according to the initial pixel distance and different scales, and quantitatively displaying the objects in the visual range.
8. The method of claim 7, wherein the symbols of the cyberspace object are hierarchically matched with the cyberspace map layers, and the geometric figure visually represents the entity resource when the map has a small scale, and visually represents the entity resource by the visualized symbols when the map has a large scale.
9. The method of claim 7, wherein the hierarchical matching of the POIs of the cyberspace object with the cyberspace map layers comprises dividing the cyberspace map tiles into POI tiles and non-POI tiles according to the POIs of the cyberspace, and reorganizing and clustering into hot spot regions, sub-hot spot regions and non-hot spot regions according to the tile access heat.
10. The method of claim 7, wherein the cyber asset map is divided into n x n blocks of pixels according to the cyber assets corresponding to the cyber space objects, the blocks become map tiles, the side length of each block is used as a standard length unit of x-axis and y-axis of the basic coordinate system, different types of services are marked as different types of points, each point exists in each block, the IP addresses are aggregated, and the minimum number of the aggregated IP is used as the IP resolution R.
11. The method of claim 7, wherein the IP addresses and port numbers used by an object at different times are obtained, the position points of the network space assets in the space are determined, the position points are connected into a line according to the use time, and a network change trajectory graph of the object is constructed on the network space map; the method comprises the steps of obtaining the communication condition between an object and other objects at a certain moment, connecting position points of the object on a network space map at the current moment into a line, constructing a network communication path diagram of the object at the current moment, and constructing a network communication path diagram of the object changing along with time according to the communication condition of the object between different time points and other objects.
12. The method as claimed in claim 7, wherein the divided map is enlarged or reduced according to the level and the precision j _ num, the hierarchical display section extracts the number of addresses and magnification multiple included in each level according to the formula: num total/(2)(level-1)*multiple) Calculating the number num of IP contained in the level according to the formula: j _ num total/(R2)(level-1)*multiple) And calculating the precision j _ num, wherein total is the number of IPs in the divided map, level is the amplification degree, j _ num is the number of the minimum unit blocks contained in the divided map, R is the number of IPs contained in the minimum level, and the IP section and the port section are specified to display the distribution of the network asset information in the specified range.
13. A visualization system for network space mapping is characterized by comprising a server and a client, wherein the server matches a POI (point of interest) of a network space object with a network space map layer hierarchy according to a request of the client, the server comprises an information processing module, a map processing module and a data layer, the information processing module acquires asset information and communication conditions of the network space object, related data is inquired through the data layer according to the request initiated by the client, the map processing module takes an IP (Internet protocol) address of the object in the network space as a horizontal coordinate, a port number of the object as a vertical coordinate to construct a basic coordinate system, autonomous system information of the object is taken as a third dimension on the basis of the basic coordinate system to construct a network space map, and the object is aggregated and disaggregated for quantitative display; the data layer comprises an object information database, a communication information database and a file system, wherein the object information database stores the current asset information of the network space object, the communication information database stores the communication condition and the login condition of the current object, and the file system stores the display symbol identifier and the communication condition and the login condition of the overdue object.
14. The system of claim 13, wherein the visualization system further comprises a pointing and framing unit for objects in the visual area, the pointing unit controls the display of the cyberspace asset information of the objects, and the framing unit controls the display of any rectangular area in the visual area, and the list displays all the objects in the area; preferably, the visualization system further comprises a module for dynamically showing the communication condition of the object in the visual area, controlling the color of the symbol of the object to be emphasized when the object is selected to be displayed, and controlling the time axis to be dragged to display the communication condition of the object and other objects in a certain time period; further preferably, the visualization system further includes a module for dynamically displaying the login situation of the object in the visual area, and the module records the login situation of the same object in different IP ports and the autonomous system, and controls to drag a time axis to observe the login situation of the object in a certain time period.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202010747532.7A CN111935331A (en) | 2020-07-30 | 2020-07-30 | Network space mapping method, visualization method and system |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202010747532.7A CN111935331A (en) | 2020-07-30 | 2020-07-30 | Network space mapping method, visualization method and system |
Publications (1)
Publication Number | Publication Date |
---|---|
CN111935331A true CN111935331A (en) | 2020-11-13 |
Family
ID=73315325
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN202010747532.7A Pending CN111935331A (en) | 2020-07-30 | 2020-07-30 | Network space mapping method, visualization method and system |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN111935331A (en) |
Cited By (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN112532448A (en) * | 2020-11-27 | 2021-03-19 | 北京知道创宇信息技术股份有限公司 | Network topology processing method and device and electronic equipment |
CN112887141A (en) * | 2021-01-25 | 2021-06-01 | 北京华顺信安信息技术有限公司 | Topological graph generated based on network space mapping and path display method thereof |
CN112910718A (en) * | 2021-03-17 | 2021-06-04 | 中国电子信息产业集团有限公司第六研究所 | Network space mapping method based on DNS system |
CN113836247A (en) * | 2021-08-10 | 2021-12-24 | 北京永信至诚科技股份有限公司 | Wall map battle method and system for network security management |
CN114553526A (en) * | 2022-02-22 | 2022-05-27 | 国网河北省电力有限公司电力科学研究院 | Network security vulnerability position detection method and system |
Citations (14)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20020023000A1 (en) * | 2000-08-16 | 2002-02-21 | Bollay Denison W. | Displaying as a map and graphs on a web page the geographical distribution of visitors that click on banner ads in cyberspace |
CN101944132A (en) * | 2010-09-30 | 2011-01-12 | 武汉大学 | Tile map data organization method |
CN103699439A (en) * | 2013-12-30 | 2014-04-02 | 北京奇虎科技有限公司 | Device and method for calculating tiles in electronic map visual area |
CN103984513A (en) * | 2014-05-27 | 2014-08-13 | 广东粤铁瀚阳科技有限公司 | Massive geographic information system (GIS) information ultrahigh resolution displaying method |
CN105022731A (en) * | 2014-04-16 | 2015-11-04 | 北京极海纵横信息技术有限公司 | Map vector tile buffering method |
CN106021436A (en) * | 2016-05-16 | 2016-10-12 | 武汉大学 | Vector tile map making method |
CN106919592A (en) * | 2015-12-24 | 2017-07-04 | 北京计算机技术及应用研究所 | The method for setting up Multi-stage electronic map |
CN107016924A (en) * | 2016-12-20 | 2017-08-04 | 阿里巴巴集团控股有限公司 | Tile map generation method, update method and device in virtual map |
CN107085600A (en) * | 2017-03-31 | 2017-08-22 | 百度在线网络技术(北京)有限公司 | POI recommends method, device, equipment and computer-readable recording medium |
CN108023771A (en) * | 2017-12-06 | 2018-05-11 | 清华大学 | The creation method and device of cyberspace coordinate-system framework based on IP address and logic port |
CN108881346A (en) * | 2017-05-12 | 2018-11-23 | 中国人民解放军信息工程大学 | The cyberspace actual resource method for visualizing and system of facing position service |
CN109728934A (en) * | 2018-12-03 | 2019-05-07 | 清华大学 | Cyberspace cartographic model creation method and device |
CN109981346A (en) * | 2019-02-21 | 2019-07-05 | 清华大学 | Cyberspace coordinate system creation method and device based on autonomous system |
CN111026823A (en) * | 2019-11-27 | 2020-04-17 | 北京大学 | Resource utilization associated network model planning method based on geographic position data |
-
2020
- 2020-07-30 CN CN202010747532.7A patent/CN111935331A/en active Pending
Patent Citations (14)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20020023000A1 (en) * | 2000-08-16 | 2002-02-21 | Bollay Denison W. | Displaying as a map and graphs on a web page the geographical distribution of visitors that click on banner ads in cyberspace |
CN101944132A (en) * | 2010-09-30 | 2011-01-12 | 武汉大学 | Tile map data organization method |
CN103699439A (en) * | 2013-12-30 | 2014-04-02 | 北京奇虎科技有限公司 | Device and method for calculating tiles in electronic map visual area |
CN105022731A (en) * | 2014-04-16 | 2015-11-04 | 北京极海纵横信息技术有限公司 | Map vector tile buffering method |
CN103984513A (en) * | 2014-05-27 | 2014-08-13 | 广东粤铁瀚阳科技有限公司 | Massive geographic information system (GIS) information ultrahigh resolution displaying method |
CN106919592A (en) * | 2015-12-24 | 2017-07-04 | 北京计算机技术及应用研究所 | The method for setting up Multi-stage electronic map |
CN106021436A (en) * | 2016-05-16 | 2016-10-12 | 武汉大学 | Vector tile map making method |
CN107016924A (en) * | 2016-12-20 | 2017-08-04 | 阿里巴巴集团控股有限公司 | Tile map generation method, update method and device in virtual map |
CN107085600A (en) * | 2017-03-31 | 2017-08-22 | 百度在线网络技术(北京)有限公司 | POI recommends method, device, equipment and computer-readable recording medium |
CN108881346A (en) * | 2017-05-12 | 2018-11-23 | 中国人民解放军信息工程大学 | The cyberspace actual resource method for visualizing and system of facing position service |
CN108023771A (en) * | 2017-12-06 | 2018-05-11 | 清华大学 | The creation method and device of cyberspace coordinate-system framework based on IP address and logic port |
CN109728934A (en) * | 2018-12-03 | 2019-05-07 | 清华大学 | Cyberspace cartographic model creation method and device |
CN109981346A (en) * | 2019-02-21 | 2019-07-05 | 清华大学 | Cyberspace coordinate system creation method and device based on autonomous system |
CN111026823A (en) * | 2019-11-27 | 2020-04-17 | 北京大学 | Resource utilization associated network model planning method based on geographic position data |
Non-Patent Citations (1)
Title |
---|
祝振凱: ""网络地图层次化表示方式"", 《中国优秀硕士论文全文数据库》, 15 June 2020 (2020-06-15), pages 008 - 169 * |
Cited By (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN112532448A (en) * | 2020-11-27 | 2021-03-19 | 北京知道创宇信息技术股份有限公司 | Network topology processing method and device and electronic equipment |
CN112532448B (en) * | 2020-11-27 | 2023-11-28 | 北京知道创宇信息技术股份有限公司 | Network topology processing method and device and electronic equipment |
CN112887141A (en) * | 2021-01-25 | 2021-06-01 | 北京华顺信安信息技术有限公司 | Topological graph generated based on network space mapping and path display method thereof |
CN112910718A (en) * | 2021-03-17 | 2021-06-04 | 中国电子信息产业集团有限公司第六研究所 | Network space mapping method based on DNS system |
CN112910718B (en) * | 2021-03-17 | 2022-10-11 | 中国电子信息产业集团有限公司第六研究所 | Network space mapping method based on DNS system |
CN113836247A (en) * | 2021-08-10 | 2021-12-24 | 北京永信至诚科技股份有限公司 | Wall map battle method and system for network security management |
CN114553526A (en) * | 2022-02-22 | 2022-05-27 | 国网河北省电力有限公司电力科学研究院 | Network security vulnerability position detection method and system |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN111935331A (en) | Network space mapping method, visualization method and system | |
CN109728934B (en) | Network space map model creation method and device | |
CN109981346B (en) | Network space coordinate system creating method and device based on autonomous system | |
CN1756188B (en) | Large-scale network topology graphics display method | |
CN108881346B (en) | Network space entity resource visualization method and system for location-oriented service | |
CN107193918B (en) | Distributed GIS state monitoring system based on open source map | |
CN104063466A (en) | Virtuality-reality integrated three-dimensional display method and virtuality-reality integrated three-dimensional display system | |
KR100979200B1 (en) | GIS based network information monitoring system | |
US10644964B2 (en) | Method and system for discovering and presenting access information of network applications | |
CN109376761A (en) | The method for digging and device of a kind of address mark and its longitude and latitude | |
KR101721114B1 (en) | Method for Determining the Size of Grid for Clustering on Multi-Scale Web Map Services using Location-Based Point Data | |
US20080281869A1 (en) | Apparatus and Method Of Map Engine Clustering Automation | |
CN1964270A (en) | A GIS-based network equipment management system and method for organization and positioning | |
Kolomeec et al. | Methodological Primitives for Phased Construction of Data Visualization Models. | |
US10756992B2 (en) | Display of network activity data | |
US20110122132A1 (en) | Apparatus and method of managing objects and events with vector-based geographic information system | |
US20050204290A1 (en) | System and method for generating distributed application and distributed system topologies with management information in a networked environment | |
WO2023108832A1 (en) | Network space map generation method and apparatus, and device and storage medium | |
CN112838956B (en) | User-oriented network space resource analysis method and equipment | |
CN108536767A (en) | A kind of longitude and latitude coordinate switchs to the method for plane coordinates | |
CN103476000A (en) | Method and system for showing telecom operation channels based on Google map | |
Chen et al. | Design of interactive visualizations for next-generation ultra-large communication networks | |
CN114124719B (en) | Network space situation perception method and device | |
CN116800618B (en) | Network IP portrait construction method, system, medium and equipment | |
CN115460095B (en) | Network space link mapping method, system, storage medium and equipment |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
RJ01 | Rejection of invention patent application after publication | ||
RJ01 | Rejection of invention patent application after publication |
Application publication date: 20201113 |