CN111935331A - Network space mapping method, visualization method and system - Google Patents

Network space mapping method, visualization method and system Download PDF

Info

Publication number
CN111935331A
CN111935331A CN202010747532.7A CN202010747532A CN111935331A CN 111935331 A CN111935331 A CN 111935331A CN 202010747532 A CN202010747532 A CN 202010747532A CN 111935331 A CN111935331 A CN 111935331A
Authority
CN
China
Prior art keywords
network
map
network space
information
objects
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202010747532.7A
Other languages
Chinese (zh)
Inventor
李琳
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Chongqing Zhizai Technology Co ltd
Original Assignee
Chongqing Zhizai Technology Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Chongqing Zhizai Technology Co ltd filed Critical Chongqing Zhizai Technology Co ltd
Priority to CN202010747532.7A priority Critical patent/CN111935331A/en
Publication of CN111935331A publication Critical patent/CN111935331A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L61/00Network arrangements, protocols or services for addressing or naming
    • H04L61/09Mapping addresses
    • H04L61/10Mapping addresses of different types
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/90Details of database functions independent of the retrieved data types
    • G06F16/95Retrieval from the web
    • G06F16/953Querying, e.g. by the use of web search engines
    • G06F16/9537Spatial or temporal dependent retrieval, e.g. spatiotemporal queries
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/90Details of database functions independent of the retrieved data types
    • G06F16/95Retrieval from the web
    • G06F16/957Browsing optimisation, e.g. caching or content distillation
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/50Network services
    • H04L67/52Network services specially adapted for the location of the user terminal

Abstract

The invention discloses a network space mapping method, a visualization method and a system, and relates to a network space resource mapping technology. According to the mode of network space mapping, a network space map is constructed, the network space map is partitioned according to different orders of magnitude according to corresponding network assets of an object in a network space, the network space map is amplified/reduced by different orders of magnitude, network asset information of the object is mapped into the network space map, an IP address and a port number used by the object in the network space at a certain moment are mapped in a basic coordinate system, the IP address and the port number used by the object at the moment are used as nodes, the nodes are mapped to the network space map according to the information of an autonomous system where the object is located, different autonomous systems are distributed in different layers, and people or objects using the network in the network space are visualized. Network asset location is achieved by using IP and port numbers in the network space to determine the location of the network space asset in the space.

Description

Network space mapping method, visualization method and system
Technical Field
The invention relates to the technical field of network space resource management control, in particular to a network space asset mapping visualization method and network space resource mapping.
Background
With the popularization and development of network technologies, the internet becomes closely related to the life of people. Various network devices undertake the work of network interconnection, and the number of the network devices is large, and the connection is complex. If the cyber space resources can be mapped in the diagram in an effective way, the management and control of the cyber space resources and the distribution understanding of the cyber space resources are greatly facilitated. The current main methods are as follows: the first approach is to make the collected web application information into a web service to be provided to a third party for querying, which is typically zoomeeye of the inventor. The zoomeeye mainly collects and displays information for web applications, and extracts attributes such as characteristics and service types of a target web framework. The method only realizes the integration of data and does not consider the visualization of the extracted features and attributes. The second method displays the detected network application information on a traditional map, and defines the position of the network application on the display map through the longitude and latitude of the position where the network service exists. The method has the advantages that the traditional map modeling thought is converted into the network space, so that the method is easy to understand, but the characteristics of the geographic position information and the characteristics of the network space information have considerable differences, and the assets in the network space cannot show some implicit characteristics by using the traditional map modeling thought to describe the assets.
Disclosure of Invention
Aiming at the defects in the prior art, the invention provides a network space mapping method, a visualization method and a system. The technical scheme for solving the technical problems is that the autonomous systems are classified by supporting the self-defined information characteristics, the height of the autonomous systems in a network map is obtained through the relation between the autonomous systems, and the communication condition between the node autonomous systems can be observed visually.
The invention provides a network space mapping method based on an object IP address and a port number, which comprises the following steps: determining a network space mapping mode; storing data by adopting tile segmentation, and dividing data display according to different segmentation levels; are designated as objects in the cyberspace and are exposed. The method specifically comprises the following steps: determining a person or an object using a network in the network space as an object in the network space; mapping IP addresses and port numbers used by objects in a network space at a certain moment on a plane; constructing a network space map by taking the IP address of the object as an abscissa, the port number of the object as an ordinate and the information of the autonomous system where the object is located as a third dimension; the IP address and the port number used by an object at a certain moment are used AS nodes, the information of an Autonomous System (AS) where the object is located is used AS the basis of layering of a network space map, different autonomous systems are distributed in different layers, and the nodes are mapped on the network space map. Determining an IP address and a port number used by the object in a network space, and real information or network information corresponding to the IP address and the port number of the object as a network asset of the object; according to the corresponding network assets of the object in the network space, the network space map is partitioned according to different orders of magnitude, the network space map is amplified/reduced by different orders of magnitude, and the network asset information of the object is mapped to the corresponding network space map. Different layers can be set according to the information of the autonomous system, and the nodes in the network space are displayed in a three-dimensional mode. Displaying all network assets of the object on a network space map according to the IP address or the port number of the object; according to the network assets of the objects, the points of all the objects which are identical to a certain network asset can be displayed on the network space map. According to the information of the Autonomous System (AS) where the object is located, the position of the corresponding layer and the relation between the corresponding layer and other Autonomous Systems (AS) can be displayed on the network map.
Blocking the cyber-spatial map by different orders of magnitude further comprises: the method comprises the steps of adopting a tile segmentation method to segment a network asset map into small blocks with n x n pixels according to corresponding network assets of an object in a network space, enabling the small blocks to become map blocks, using the side length of each small block as a standard length unit of an x axis and a y axis of a coordinate system, marking different types of services as different types of points, enabling each point to exist in each small block, aggregating IP addresses, and using the minimum number of aggregated IPs as IP resolution R. The method comprises the steps of analyzing address data in a data packet sent or received by an object, obtaining IP addresses and port numbers used by the same object at different times, storing the obtained IP addresses and port number data of the same object at different times into a database, obtaining data by a webpage end, drawing corresponding points on a network space map, connecting the points on the network space map into lines according to the used time, and constructing a network change trajectory diagram of the object on the network space map. Acquiring communication condition data of the object and other objects at a certain time point by analyzing source address and target address information in a data packet, storing the data in a database, acquiring the data by a webpage end, connecting points of the object at the certain time point on a network space map into a line, and constructing a network communication path diagram of the object at the certain time point; and constructing a network communication path graph of the object changing along with time according to the communication condition of the object between different time points and other objects. And calculating the changed track path of the same object network and the distance of the communication path of different objects according to the physical link or the geographic information among the objects. For a physical link, a network routing path is used for representing the track of the physical link, and the routing forwarding hop number in communication is used for representing the communication path distance; for the geographic information, a display geographic position field can be obtained from the network asset information, and then the real geographic distance can be obtained according to the real distance.
Setting the IP address and the port number as the abscissa (x axis) and the ordinate (y axis) of the display system to establish a coordinate system of the network asset map, displaying the surviving objects in the network asset map according to the IP address and the port number of the surviving objects in a network space, dividing the network asset map into n x n pixel small blocks by adopting a tile division method, and taking the side length of each small block as the standard length unit of the x axis and the y axis of the coordinate system, wherein the small blocks become map blocks. Different types of services are marked as different types of points, and each point is stored in each small block, so that the function of displaying data according to different levels is realized. Because the number of the IP addresses is too large, if the IP addresses are not aggregated, the good visual effect cannot be achieved by adopting the IP-by-IP division unit, and therefore, the invention aggregates the IP addresses. Specifically, the number of IP addresses included in the minimum IP classification level is used as the IP resolution, that is, the minimum number of aggregated IPs is used as the IP resolution R. The tiles are classified according to the characteristics and the attributes of the network space map tiles and can be divided into point of interest (POI) tiles and non-POI tiles, reorganization and clustering are carried out according to the access heat of the tiles, and hot spot areas, secondary hot spot areas and non-hot spot areas can be divided.
The hierarchical display is to enlarge or reduce a certain part of the divided map, and specifically includes, according to the number of addresses and magnification (multiple) included in each level (level), calling a formula: num total/(2)(level-1)*multiple) Calculating the number of IP (num) contained in each level according to a formula: j _ num total/(R2)(level-1)*multiple) The precision (j _ num) of this level is calculated. Where total is the number of all IPs in the system, j _ num (precision) represents the number of tiles containing the smallest, level represents the degree of amplification, resolution is the number of IPs contained in the smallest partition unit, and the user can also specify IP segments and port segments to display the distribution of network asset information within the specified range.
The invention also provides a visualization method of network space mapping, which takes the IP address of an object in the network space as an abscissa axis and the port number as an ordinate axis to construct a basic coordinate system; acquiring asset information of a network space object including an IP address and a port number, and loading the asset information to a Web server; the IP address and the port number of the object in the network space at a certain moment are orthogonal and mapped onto a two-dimensional plane, and a basic coordinate system is constructed to be used as a two-dimensional network space map; the symbol of the network space object is matched with the hierarchy of the network space map layer, and the POI (point of interest) of the network space object is matched with the hierarchy of the network space map layer; and carrying out aggregation and depolymerization on the objects in the network space map according to the initial pixel distance and different scales, and quantitatively displaying the objects in the visual range. The method specifically comprises the following steps: and when the network space map uses a large scale, the visualization expression is carried out through visualized symbols.
Furthermore, the symbol of the network space object is matched with the layer level of the network space map, when the map adopts a small scale, the geometric figure visually expresses the entity resource, and when the map adopts a large scale, the visualized symbol visually expresses. The method for the visualization of the network space object comprises the steps of matching the POI of the network space object with the hierarchy of the map layer of the network space map, and further comprises the steps of dividing the tiles of the network space map into POI tiles and non-POI tiles according to the attention information of a user, dividing the tiles of the network space map into the POI tiles and the non-POI tiles according to the POI of the network space, and reorganizing and clustering the POI tiles into a hotspot area, a secondary hotspot area and a non-hotspot area according to the access heat of.
Furthermore, the autonomous system of the network space object is used as a vertical axis, a network space map is constructed by being orthogonal to the basic coordinate axis, and the objects of the same autonomous system can be observed on the same plane.
The invention also provides a visualization system of network space mapping, which comprises a server side and a client side, wherein the server side matches the POI with the hierarchy of the map layer of the network space map according to the request of the client side, and the server side comprises an information processing module, a map processing module and a data layer. The information processing module comprises information acquisition and information processing, asset information and communication conditions of the network space object are acquired, related data are inquired through a data layer according to a request initiated by a client, and expired content is written into a file. The map processing module is used for constructing a basic coordinate system and a three-dimensional coordinate system, reflecting the information of the information processing module on the coordinate system to construct a network space map, and aggregating and disaggregating the objects to quantitatively display. The data layer comprises an object information database, a communication information database and a file system. The object information database stores the current asset information of the network space object, and the communication information database stores the communication condition and the login condition of the recent object; the file system is used for storing relevant symbol identifications and expired object communication conditions and login conditions.
Further, the visualization system comprises a click and box unit of the visual area object. The click unit controls and displays the network space asset information of the object; the box unit controls the list to display all objects within this range. The visualization system also comprises a module for dynamically showing the communication condition of the objects in the visual area, when a certain object is selected to be shown, the symbols of the object are emphasized in color, and the communication condition of the object and other objects in a certain time period is observed by dragging the time axis. The visualization system also includes a module for dynamically presenting the login to the objects in the viewable area. The logging situations of a same object in different IP ports and autonomous systems are recorded, and the logging situations of the object in a certain time period can be observed by dragging a time axis.
The method comprises the steps of acquiring asset information of a network space object, loading the acquired asset information of the network space object to a server, then carrying out quantitative display according to aggregation and disaggregation principles, matching symbols of the network space object with layer levels of a network space map, and carrying out visual display on the asset information of the object by matching POI (point of interest) with the layer levels of the network space map; then, the communication condition of the network space object is acquired periodically, and the communication condition of the network space object is loaded to the server. The invention constructs a virtual network space map, can visually display the information and communication conditions of the network space objects, clearly expresses the logical relationship between the network space objects, and can provide help for dynamically monitoring the behaviors of the network space objects.
Drawings
FIG. 1 is a flow diagram of a cyber-spatial mapping implementation;
fig. 2 is a functional block diagram of a network space mapping system.
Detailed Description
The following detailed description of the embodiments of the present invention will be provided to further explain the embodiments of the present invention by referring to the figures, so as to enable those skilled in the art to better practice the invention.
Fig. 1 is a flow chart of the embodiment of the present invention, which mainly includes: s10 defines a cyber-space map; s20 storing data using tile partitioning; s30 visually exposes the cyberspace object. The invention adopts various symbols to mark different types of objects, wherein the objects refer to people or objects using network services in a network space. The visualization system of the cyberspace mapping provides the following operations for the object according to the collected information: the network position where the object frequently exists can be tracked, namely the IP address and the port number frequently used by the object, and the movement track of the object in the network space can be described according to the time lapse, namely the connection line of the object at different positions in the network space at different times; the system can also monitor the communication state of a certain object and other objects at any time, different line segment symbols are distinguished according to the communication flow, and the communication attribute between the two objects is displayed according to the collected data, such as the type of a communication protocol, whether encryption is adopted, an encryption algorithm is adopted, and the like; further showing virtual links between objects, which refer to the relation of hops up and down in the routing table or connections in the autonomous system, physical links, which refer to actual physical line connections of two objects, and corresponding geographical information, etc.
The invention obtains the whole network asset data through network scanning and processes the network asset data. And loading the data required to be displayed from the database according to the IP range (such as 192.168.1.0/24 of all the IP contained in the part) and the port range (such as ports with the number of 1-10000), and sequentially displaying the data according to the map block unit. Collecting information of the network assets through tools such as Nmap and web crawler, wherein the information of the network assets comprises user IP addresses, open port numbers, names of using services, DNS information, fingerprint information of web frameworks and the like, storing the information acquired in real time in a database for further extraction and use, and integrating the collected information. And (3) displaying the information in blocks, for example, the resolution of an IP axis is 32 IP addresses, the magnification of each level is 8, and acquiring detailed information for the POI or the self-made system of each object.
The cyberspace object is visualized. And mapping the network space based on the IP address and the port number of the object, storing the data by adopting tile segmentation, dividing the data display according to different segmentation levels, determining the data display as the object in the network space, and displaying the data display.
Fig. 2 is a functional block diagram of a network space mapping system. The method comprises the steps of obtaining IP addresses, port numbers, services and other network information frequently used by an object, monitoring the communication condition of the object and other objects at a certain time point, wherein the communication condition comprises virtual links, physical links or geographic information of the object, determining network assets of the object, storing data by adopting tile division, displaying the object and the data at different levels, visualizing the object in a network space, and using the IP addresses and the port numbers of the same object at different times.
Specifically, a network asset map coordinate system is established by setting an IP address and a port number as an abscissa (x axis) and an ordinate (y axis) of the display, the survival object is displayed in the network asset map coordinate system according to the IP address and the port number of the survival object in a network space, the network asset map is divided into n × n pixel small blocks (where n is a pixel unit, for example, 256 × 256 pixels of small blocks can be selected as a basic unit block) by a tile division method, the side length of each small block is used as a standard length unit of the x axis and the y axis of the coordinate system, and the small blocks become map tiles. Different types of services are marked as different types of points, and each point is stored in each small block, so that the function of displaying data according to different levels is realized. Because the number of the IP addresses is too large, if the aggregation is not carried out, the good visual effect can not be achieved by adopting the IP-by-IP division units, and the IP addresses are aggregated to a certain extent. Specifically, the number of IP addresses included in the minimum level is taken as the IP resolution. I.e. the minimum number of aggregated IPs as IP resolution R.
For the classification of the network characteristics, the tiles are classified according to the characteristics and attributes of the network space map tiles, and the classification can be divided into point of interest (POI) tiles and non-POI tiles, for example, a hot network resource 0.1% of the network traffic can be regarded as a network POI, and the rest are non-network POI, if a network POI exists in the tile, the tile is a POI tile, otherwise, the tile is a non-POI tile. Reorganization and clustering can be carried out according to the tile access heat, and hot spot regions, secondary hot spot regions and non-hot spot regions can be divided.
Ranking all current display areas according to the tile visit amount for the heat classification, and if the current tile visit amount is ranked at the top 1%, determining that the current tile visit amount is a hot spot area; if the current tile visit volume is ranked before the top 1% -10%, the current tile visit volume is a secondary hot spot area; if the current tile visit amount is ranked after 10%, the current tile visit amount is a non-hotspot area and can be set according to needs.
The main content concerned by the user is concentrated on the POI resources in the network, classified storage is carried out aiming at different types of POI tiles, different types of POI resources and different information concerned by the user can be classified and displayed according to the characteristics of the POI resources, and the storage efficiency is improved. Therefore, the POI tiles and the non-POI tiles can be stored respectively, and more information can be displayed for the POI tiles as much as possible for the user to obtain; and the display of tile information can be reduced as much as possible for the non-POI tiles, the size of the tile file is reduced, and the loading efficiency is improved. Different types of POI tiles can be classified and stored, different types of POI resources are different, and information concerned by a user is different, so that classified display can be performed according to the characteristics of the POI resources, and the storage efficiency is improved.
For the classification of network heat, since network access satisfies the two eight principle, that is, 20% of hot spot resources carry 80% of access amount. Tiles are collected again according to tile access heat, sorting is carried out according to tile heat, display information of tiles in high hot spot areas is detailed and complete, integrity of display and stored data can be reduced by tiles in low hot spot areas, different updating strategies can be adopted for tiles with different heat, updating speed of tiles in hot spot areas is the fastest, updating speed of tiles in secondary hot spot areas is the next lowest, and updating speed of tiles in non-hot spot areas is the slowest. The updating speeds of the hot spot area, the secondary hot spot area and the non-hot spot area have a fixed proportion and a relation of 20:5: 1. The non-hot spot area is updated 1 time, the secondary hot spot area is updated 5 times, and the hot spot area is updated 20 times. Adding the method takes the data change in the hot spot area exceeding the threshold value of 20% as a change threshold value, once the data change exceeds 50%, the hot spot area is updated once, and then the secondary hot spot area and the non-hot spot area are correspondingly changed according to the change rate proportion, so that the loading efficiency and the system performance of the whole tile can be effectively improved. The hierarchical display is to enlarge or reduce a certain part of the divided map, and the hierarchical display part extracts the number of addresses and magnification (multiple) included in each level according to the formula: num total/(2)(level-1)*multiple) Calculating the number of IPs (num) contained by the level, according to the formula: j _ num total/(R2)(level-1)*multiple) Calculation accuracy (j _ num)Where total is the number of IPs in the divided map, level (level) is the degree of enlargement, precision (j _ num) is the number of minimum unit blocks included in the divided map, resolution is the number of IP addresses included in the minimum unit blocks (for example, a resolution of 256 means that 256 IP addresses are included in the minimum division unit), and R is the number of IPs included in the minimum level. An IP segment and a port segment may also be designated to display the distribution of network asset information within a specified range. The number and accuracy of the IP calculations are mainly used to illustrate the effect of the zoom-in and zoom-out functions, the zoom-in of a particular display area will contain less IP and port information, and the zoom-out will contain more IP and port information. For example, IPv4 and IPv6 illustrate that the IPv4 interface may display 32 × 32 small tiles, where the first 1% of the ranked small tiles are considered hot-spot regions, the first 1% -10% of the ranked tiles are secondary hot-spot regions, and the remaining tiles are non-hot-spot regions. If there is a POI in a tile, then the tile is an interest tile. And clustering according to an IPv4 hierarchical display table in the zooming-in and zooming-out processes. The levels of the current tiles are classified according to the subnet masks of the tiles, the specific classification is referred to according to table 1, and the precision and the resolution are also the same. In the IPV4, 3 is used as an amplification factor, the minimum resolution is 32, each 1 IP level is recorded as a level, the IP number and the accuracy number corresponding to each IP classification level are calculated according to the above formula, the IP number included in the IP classification of each level is one-to-one, and the accuracy and the corresponding IP mask are all in table 1. The IP level is adjusted to achieve the enlargement and reduction, and for example, may be set to level 1 as a minimum IP number level and level 10 as a maximum IP number level.
The corresponding sorting operation is carried out according to the IPv6 hierarchical display table, the magnification is 5 in the IPV6, the minimum resolution is 256, and the detailed result can be seen in Table 2.
Table 1 IPV4IP hierarchical display table
Figure BDA0002608875400000071
Table 2IPV6 IP hierarchical display table
Figure BDA0002608875400000081
The visualization system acquires network space objects, including network asset information including IP addresses and port numbers; and then loading the acquired asset information of the network space object to a Web server, matching the symbol of the network space object with a network space map layer, matching the interest Point (POI) of the network space object with the hierarchy of the network space map layer, aggregating and disaggregating the objects in the network space map according to the initial pixel distance and different scales, and quantitatively displaying the objects in a visual range.
Asset information of the cyberspace object is obtained. The network space objects comprise personal computers, mobile phones, smart homes and the like, the asset information of the objects comprises IP addresses, opened or used port numbers and services, types and operating systems of equipment, used software and versions, geographical positions, autonomous systems, attribution units and the like, and the protection conditions of the equipment such as firewall information and the like. And constructing a basic coordinate system of the network space map by taking the IP address of the object in the network space as an abscissa axis and the port number as an ordinate axis. And loading the acquired asset information of the network space object to a Web server for visual display.
The second method is to manage the displayed content and loading form of the network space map respectively according to the main concerned area of the user and in a tiling mode. In order to more clearly display the information of the network space object and improve the visual effect of the network space map, the invention matches the symbol of the network space object with the layer of the network space map, and aggregates and depolymerizes the objects in the network space map according to the initial pixel distance and different scales.
The symbol of the cyberspace object is matched with the cyberspace map layer. When the network space map adopts a small scale, the entity resources are visually expressed through the geometric figures, and different network space objects are distinguished by using different colors; when the network space map adopts a large scale, the visualized expression is carried out through the visualized symbols, and the symbols of the network space objects can be further refined.
The polymerization and depolymerization are performed on different scales according to the initial pixel distance. In order to be more convenient for users to use, the invention can divide the network space map into different tile areas according to the information concerned by the users.
In order to show the communication conditions of the objects in the autonomous systems and among the autonomous systems more clearly, the invention can show the objects in the same autonomous system on the same plane by adding a third coordinate axis in a basic coordinate system. The method comprises the steps of obtaining a user event, sending a request to a server, constructing a vertical axis on a basic coordinate system, calling object information in the autonomous system requested by a user from a database, and displaying an object in the autonomous system at the height of the vertical axis set by the same user. In order to more reasonably display the network space asset information, the invention also comprises the steps of clicking and selecting the objects in the visual area. And after the webpage end receives the click request, the server calls the asset information related to the object from the database. Similarly, when the box selection is carried out, the object list of the selected area in the mouse event is counted, the selected objects in the area and relevant statistical information are listed, and when an asset information request about one listed object is received, relevant data is called from the database.
In order to dynamically observe the communication condition of the objects in the network space and know the communication tracks of the objects, the system also comprises a module for dynamically displaying communication and a module for dynamically displaying login for the objects in the visual area. The method comprises the steps of firstly setting time, regularly obtaining the communication condition of an object, storing the communication condition in a database, sending login information and communication information to a client, and updating a network space map by the client.
The visualization system uses a B/S design mode and comprises a server and a webpage end. The server side comprises a map processing module, an information processing module and a related data layer. The information processing module is used for acquiring asset information and communication conditions of the network space object; the map processing module is used for constructing a basic coordinate system and a three-dimensional coordinate system, reflecting the information of the information processing module on the coordinate system to generate a network space map, matching the symbol of the network space object with the layer level of the network space map, and matching the POI with the layer level of the network space map. The data layer comprises an object information database, a communication information database and a file system. The object information database stores the current asset information of the network space object, including an IP address, an opened or used port number and service, the type and operating system of the equipment, the used software and version, the geographic position, the autonomous system, the attribution unit and the like, and also includes the protection conditions of the equipment, such as firewall information and the like; the communication information database stores the communication condition and the login condition of the recent object; the file system is used for storing relevant symbol identifications and expired object communication conditions and login conditions. The webpage end realizes user interactive operations such as amplification and reduction of the network space map and communication condition display of the network space object.
The above-described embodiments are intended to be illustrative only and not to represent limitations upon the present invention, as modifications and variations thereof may occur to those of skill in the art, within the scope of the present invention.

Claims (14)

1. A network space mapping method is characterized in that the IP address of an object in a network space is taken as an abscissa, the port number of the object is used as a vertical coordinate to construct a basic coordinate system, the autonomous system information of the object is used as a third dimension on the basis of the basic coordinate system to construct a network space map, and according to the corresponding network assets of the object in the network space, partitioning the network space map according to different orders of magnitude, magnifying/reducing the network space map by different orders of magnitude, mapping the network asset information of the object into the network space map, mapping the IP address and the port number used by the object in the network space at a certain moment in a basic coordinate system, taking the IP address and the port number used by the object at the moment as a node, and mapping the nodes to a network space map according to the information of the autonomous system where the object is located, and distributing different autonomous systems in different layers.
2. The method of claim 1, wherein the partitioning the cyberspace map by different orders of magnitude further comprises: dividing a network asset map into n x n pixel small blocks according to the corresponding network assets of an object in a network space, wherein the small blocks become map blocks, the side length of each small block is used as a standard length unit of an x axis and a y axis of a basic coordinate system, different types of services are marked as different types of points, each point is stored in each small block, an IP address is aggregated, and the minimum aggregated IP number is used as an IP resolution R.
3. The method of claim 1, wherein the IP address and port number used by an object at different times are obtained, the position point of the network space asset in the space is determined, the position point is connected into a line according to the time of use, and a network change trajectory diagram of the object is constructed on the network space map; the method comprises the steps of obtaining the communication condition between an object and other objects at a certain moment, connecting position points of the object on a network space map at the current moment into a line, constructing a network communication path diagram of the object at the current moment, and constructing a network communication path diagram of the object changing along with time according to the communication condition of the object between different time points and other objects.
4. The method of claim 1, wherein the tiles are classified into point-of-interest (POI) tiles and non-POI tiles according to characteristics and attributes of the tiles, wherein the hotspot network resources are POIs, the POI tiles contain common network information of objects, and the POIs are reorganized and clustered according to tile access heat to divide hotspot areas, secondary hotspot areas and non-hotspot areas; and dividing the virtual communities on the network space map according to the POI tiles.
5. The method as claimed in claim 2, wherein the divided map is enlarged or reduced according to a level and a precision j _ num, and the hierarchical display part extracts each of the divided map and the hierarchical display partThe number of addresses and magnification multiplex contained in each level, according to the formula: num total/(2)(level-1)*multiple) Calculating the number num of IP contained in the level according to the formula: j _ num total/(R2)(level-1)*multiple) And calculating the precision j _ num, wherein total is the number of IPs in the divided map, level is the amplification degree, j _ num is the number of the minimum unit blocks contained in the divided map, R is the number of IPs contained in the minimum level, and the IP section and the port section are specified to display the distribution of the network asset information in the specified range.
6. The method of claim 3, wherein the track path of the same object and the distance between the communication paths of different objects are calculated according to the physical link or the geographic information between the objects, for the physical link, the track is represented by using a network routing path, for the communication path distance is represented by using a routing forwarding hop number in communication, for the geographic information, a geographic position field is obtained from the network asset information, and the real geographic distance is known.
7. A visualization method of network space mapping is characterized in that asset information of a network space object including an IP address and a port number is obtained and loaded to a Web server; the IP address and the port number of the object in the network space at a certain moment are orthogonal and mapped onto a two-dimensional plane, and a basic coordinate system is constructed to be used as a two-dimensional network space map; the symbol of the network space object is matched with the hierarchy of the network space map layer, and the POI (point of interest) of the network space object is matched with the hierarchy of the network space map layer; and carrying out aggregation and depolymerization on the objects in the network space map according to the initial pixel distance and different scales, and quantitatively displaying the objects in the visual range.
8. The method of claim 7, wherein the symbols of the cyberspace object are hierarchically matched with the cyberspace map layers, and the geometric figure visually represents the entity resource when the map has a small scale, and visually represents the entity resource by the visualized symbols when the map has a large scale.
9. The method of claim 7, wherein the hierarchical matching of the POIs of the cyberspace object with the cyberspace map layers comprises dividing the cyberspace map tiles into POI tiles and non-POI tiles according to the POIs of the cyberspace, and reorganizing and clustering into hot spot regions, sub-hot spot regions and non-hot spot regions according to the tile access heat.
10. The method of claim 7, wherein the cyber asset map is divided into n x n blocks of pixels according to the cyber assets corresponding to the cyber space objects, the blocks become map tiles, the side length of each block is used as a standard length unit of x-axis and y-axis of the basic coordinate system, different types of services are marked as different types of points, each point exists in each block, the IP addresses are aggregated, and the minimum number of the aggregated IP is used as the IP resolution R.
11. The method of claim 7, wherein the IP addresses and port numbers used by an object at different times are obtained, the position points of the network space assets in the space are determined, the position points are connected into a line according to the use time, and a network change trajectory graph of the object is constructed on the network space map; the method comprises the steps of obtaining the communication condition between an object and other objects at a certain moment, connecting position points of the object on a network space map at the current moment into a line, constructing a network communication path diagram of the object at the current moment, and constructing a network communication path diagram of the object changing along with time according to the communication condition of the object between different time points and other objects.
12. The method as claimed in claim 7, wherein the divided map is enlarged or reduced according to the level and the precision j _ num, the hierarchical display section extracts the number of addresses and magnification multiple included in each level according to the formula: num total/(2)(level-1)*multiple) Calculating the number num of IP contained in the level according to the formula: j _ num total/(R2)(level-1)*multiple) And calculating the precision j _ num, wherein total is the number of IPs in the divided map, level is the amplification degree, j _ num is the number of the minimum unit blocks contained in the divided map, R is the number of IPs contained in the minimum level, and the IP section and the port section are specified to display the distribution of the network asset information in the specified range.
13. A visualization system for network space mapping is characterized by comprising a server and a client, wherein the server matches a POI (point of interest) of a network space object with a network space map layer hierarchy according to a request of the client, the server comprises an information processing module, a map processing module and a data layer, the information processing module acquires asset information and communication conditions of the network space object, related data is inquired through the data layer according to the request initiated by the client, the map processing module takes an IP (Internet protocol) address of the object in the network space as a horizontal coordinate, a port number of the object as a vertical coordinate to construct a basic coordinate system, autonomous system information of the object is taken as a third dimension on the basis of the basic coordinate system to construct a network space map, and the object is aggregated and disaggregated for quantitative display; the data layer comprises an object information database, a communication information database and a file system, wherein the object information database stores the current asset information of the network space object, the communication information database stores the communication condition and the login condition of the current object, and the file system stores the display symbol identifier and the communication condition and the login condition of the overdue object.
14. The system of claim 13, wherein the visualization system further comprises a pointing and framing unit for objects in the visual area, the pointing unit controls the display of the cyberspace asset information of the objects, and the framing unit controls the display of any rectangular area in the visual area, and the list displays all the objects in the area; preferably, the visualization system further comprises a module for dynamically showing the communication condition of the object in the visual area, controlling the color of the symbol of the object to be emphasized when the object is selected to be displayed, and controlling the time axis to be dragged to display the communication condition of the object and other objects in a certain time period; further preferably, the visualization system further includes a module for dynamically displaying the login situation of the object in the visual area, and the module records the login situation of the same object in different IP ports and the autonomous system, and controls to drag a time axis to observe the login situation of the object in a certain time period.
CN202010747532.7A 2020-07-30 2020-07-30 Network space mapping method, visualization method and system Pending CN111935331A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202010747532.7A CN111935331A (en) 2020-07-30 2020-07-30 Network space mapping method, visualization method and system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202010747532.7A CN111935331A (en) 2020-07-30 2020-07-30 Network space mapping method, visualization method and system

Publications (1)

Publication Number Publication Date
CN111935331A true CN111935331A (en) 2020-11-13

Family

ID=73315325

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202010747532.7A Pending CN111935331A (en) 2020-07-30 2020-07-30 Network space mapping method, visualization method and system

Country Status (1)

Country Link
CN (1) CN111935331A (en)

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112532448A (en) * 2020-11-27 2021-03-19 北京知道创宇信息技术股份有限公司 Network topology processing method and device and electronic equipment
CN112887141A (en) * 2021-01-25 2021-06-01 北京华顺信安信息技术有限公司 Topological graph generated based on network space mapping and path display method thereof
CN112910718A (en) * 2021-03-17 2021-06-04 中国电子信息产业集团有限公司第六研究所 Network space mapping method based on DNS system
CN113836247A (en) * 2021-08-10 2021-12-24 北京永信至诚科技股份有限公司 Wall map battle method and system for network security management
CN114553526A (en) * 2022-02-22 2022-05-27 国网河北省电力有限公司电力科学研究院 Network security vulnerability position detection method and system

Citations (14)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20020023000A1 (en) * 2000-08-16 2002-02-21 Bollay Denison W. Displaying as a map and graphs on a web page the geographical distribution of visitors that click on banner ads in cyberspace
CN101944132A (en) * 2010-09-30 2011-01-12 武汉大学 Tile map data organization method
CN103699439A (en) * 2013-12-30 2014-04-02 北京奇虎科技有限公司 Device and method for calculating tiles in electronic map visual area
CN103984513A (en) * 2014-05-27 2014-08-13 广东粤铁瀚阳科技有限公司 Massive geographic information system (GIS) information ultrahigh resolution displaying method
CN105022731A (en) * 2014-04-16 2015-11-04 北京极海纵横信息技术有限公司 Map vector tile buffering method
CN106021436A (en) * 2016-05-16 2016-10-12 武汉大学 Vector tile map making method
CN106919592A (en) * 2015-12-24 2017-07-04 北京计算机技术及应用研究所 The method for setting up Multi-stage electronic map
CN107016924A (en) * 2016-12-20 2017-08-04 阿里巴巴集团控股有限公司 Tile map generation method, update method and device in virtual map
CN107085600A (en) * 2017-03-31 2017-08-22 百度在线网络技术(北京)有限公司 POI recommends method, device, equipment and computer-readable recording medium
CN108023771A (en) * 2017-12-06 2018-05-11 清华大学 The creation method and device of cyberspace coordinate-system framework based on IP address and logic port
CN108881346A (en) * 2017-05-12 2018-11-23 中国人民解放军信息工程大学 The cyberspace actual resource method for visualizing and system of facing position service
CN109728934A (en) * 2018-12-03 2019-05-07 清华大学 Cyberspace cartographic model creation method and device
CN109981346A (en) * 2019-02-21 2019-07-05 清华大学 Cyberspace coordinate system creation method and device based on autonomous system
CN111026823A (en) * 2019-11-27 2020-04-17 北京大学 Resource utilization associated network model planning method based on geographic position data

Patent Citations (14)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20020023000A1 (en) * 2000-08-16 2002-02-21 Bollay Denison W. Displaying as a map and graphs on a web page the geographical distribution of visitors that click on banner ads in cyberspace
CN101944132A (en) * 2010-09-30 2011-01-12 武汉大学 Tile map data organization method
CN103699439A (en) * 2013-12-30 2014-04-02 北京奇虎科技有限公司 Device and method for calculating tiles in electronic map visual area
CN105022731A (en) * 2014-04-16 2015-11-04 北京极海纵横信息技术有限公司 Map vector tile buffering method
CN103984513A (en) * 2014-05-27 2014-08-13 广东粤铁瀚阳科技有限公司 Massive geographic information system (GIS) information ultrahigh resolution displaying method
CN106919592A (en) * 2015-12-24 2017-07-04 北京计算机技术及应用研究所 The method for setting up Multi-stage electronic map
CN106021436A (en) * 2016-05-16 2016-10-12 武汉大学 Vector tile map making method
CN107016924A (en) * 2016-12-20 2017-08-04 阿里巴巴集团控股有限公司 Tile map generation method, update method and device in virtual map
CN107085600A (en) * 2017-03-31 2017-08-22 百度在线网络技术(北京)有限公司 POI recommends method, device, equipment and computer-readable recording medium
CN108881346A (en) * 2017-05-12 2018-11-23 中国人民解放军信息工程大学 The cyberspace actual resource method for visualizing and system of facing position service
CN108023771A (en) * 2017-12-06 2018-05-11 清华大学 The creation method and device of cyberspace coordinate-system framework based on IP address and logic port
CN109728934A (en) * 2018-12-03 2019-05-07 清华大学 Cyberspace cartographic model creation method and device
CN109981346A (en) * 2019-02-21 2019-07-05 清华大学 Cyberspace coordinate system creation method and device based on autonomous system
CN111026823A (en) * 2019-11-27 2020-04-17 北京大学 Resource utilization associated network model planning method based on geographic position data

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
祝振凱: ""网络地图层次化表示方式"", 《中国优秀硕士论文全文数据库》, 15 June 2020 (2020-06-15), pages 008 - 169 *

Cited By (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112532448A (en) * 2020-11-27 2021-03-19 北京知道创宇信息技术股份有限公司 Network topology processing method and device and electronic equipment
CN112532448B (en) * 2020-11-27 2023-11-28 北京知道创宇信息技术股份有限公司 Network topology processing method and device and electronic equipment
CN112887141A (en) * 2021-01-25 2021-06-01 北京华顺信安信息技术有限公司 Topological graph generated based on network space mapping and path display method thereof
CN112910718A (en) * 2021-03-17 2021-06-04 中国电子信息产业集团有限公司第六研究所 Network space mapping method based on DNS system
CN112910718B (en) * 2021-03-17 2022-10-11 中国电子信息产业集团有限公司第六研究所 Network space mapping method based on DNS system
CN113836247A (en) * 2021-08-10 2021-12-24 北京永信至诚科技股份有限公司 Wall map battle method and system for network security management
CN114553526A (en) * 2022-02-22 2022-05-27 国网河北省电力有限公司电力科学研究院 Network security vulnerability position detection method and system

Similar Documents

Publication Publication Date Title
CN111935331A (en) Network space mapping method, visualization method and system
CN109728934B (en) Network space map model creation method and device
CN109981346B (en) Network space coordinate system creating method and device based on autonomous system
CN1756188B (en) Large-scale network topology graphics display method
CN108881346B (en) Network space entity resource visualization method and system for location-oriented service
CN107193918B (en) Distributed GIS state monitoring system based on open source map
CN104063466A (en) Virtuality-reality integrated three-dimensional display method and virtuality-reality integrated three-dimensional display system
KR100979200B1 (en) GIS based network information monitoring system
US10644964B2 (en) Method and system for discovering and presenting access information of network applications
CN109376761A (en) The method for digging and device of a kind of address mark and its longitude and latitude
KR101721114B1 (en) Method for Determining the Size of Grid for Clustering on Multi-Scale Web Map Services using Location-Based Point Data
US20080281869A1 (en) Apparatus and Method Of Map Engine Clustering Automation
CN1964270A (en) A GIS-based network equipment management system and method for organization and positioning
Kolomeec et al. Methodological Primitives for Phased Construction of Data Visualization Models.
US10756992B2 (en) Display of network activity data
US20110122132A1 (en) Apparatus and method of managing objects and events with vector-based geographic information system
US20050204290A1 (en) System and method for generating distributed application and distributed system topologies with management information in a networked environment
WO2023108832A1 (en) Network space map generation method and apparatus, and device and storage medium
CN112838956B (en) User-oriented network space resource analysis method and equipment
CN108536767A (en) A kind of longitude and latitude coordinate switchs to the method for plane coordinates
CN103476000A (en) Method and system for showing telecom operation channels based on Google map
Chen et al. Design of interactive visualizations for next-generation ultra-large communication networks
CN114124719B (en) Network space situation perception method and device
CN116800618B (en) Network IP portrait construction method, system, medium and equipment
CN115460095B (en) Network space link mapping method, system, storage medium and equipment

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication
RJ01 Rejection of invention patent application after publication

Application publication date: 20201113