CN112333163A - Inter-container flow monitoring method and flow monitoring management system - Google Patents
Inter-container flow monitoring method and flow monitoring management system Download PDFInfo
- Publication number
- CN112333163A CN112333163A CN202011149615.2A CN202011149615A CN112333163A CN 112333163 A CN112333163 A CN 112333163A CN 202011149615 A CN202011149615 A CN 202011149615A CN 112333163 A CN112333163 A CN 112333163A
- Authority
- CN
- China
- Prior art keywords
- container
- target container
- flow
- target
- acquisition
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1425—Traffic logging, e.g. anomaly detection
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention discloses a method for monitoring flow among containers and a flow monitoring management system, wherein the method for monitoring the flow among the containers comprises the following steps: acquiring flow data sent by an SDN controller, wherein the flow data comprises flow data between each target container acquired by an SDN switch and a downstream container corresponding to the target container; for each target container, judging whether flow abnormity exists between the target container and a corresponding downstream container according to flow data corresponding to the target container; and temporarily blocking the target container and the corresponding downstream container from subsequent data interaction under the condition that the flow rate between the target container and the corresponding downstream container is abnormal.
Description
Technical Field
The invention relates to the technical field of cloud computing, in particular to a method for monitoring flow among containers and a flow monitoring management system.
Background
In recent years, the container technology is considered as the future development direction of cloud computing, and the security problem is gradually emphasized, but at present, the security problem is considered to be the security detection of the container cluster to the outside, and the security protection between containers is not emphasized enough. Specifically, in the conventional container traffic safety inspection, safety inspection devices are generally disposed at an entrance and an exit of the entire container cluster, and abnormal traffic is periodically identified for the entire traffic.
However, in the conventional detection method, on one hand, the flow between the containers in the container cluster is lack of management, and on the other hand, only the flow of the whole container cluster is detected, so that the instantaneous large flow is easily generated when the detection is performed at the same time, and the safety detection software and the bandwidth are influenced by overload.
Disclosure of Invention
The present invention at least solves one of the technical problems in the prior art, and provides a method for monitoring inter-container traffic and a traffic monitoring management system.
In order to achieve the above object, the present invention provides a method for monitoring inter-container flow, including:
acquiring flow data sent by an SDN controller, wherein the flow data comprises flow data between each target container acquired by an SDN switch and a downstream container corresponding to the target container;
for each target container, judging whether flow abnormity exists between the target container and a corresponding downstream container according to flow data corresponding to the target container;
and temporarily blocking the target container and the corresponding downstream container from subsequent data interaction under the condition that the flow rate between the target container and the corresponding downstream container is abnormal.
Optionally, data interaction is performed between the target container and a corresponding downstream container through the SDN switch;
the step of temporarily blocking the target container and the corresponding downstream container from subsequent interactive operation includes:
and issuing flow table information to the corresponding SDN switch through the SDN controller so that the SDN switch temporarily blocks the target container and the corresponding downstream container from subsequent data interaction according to the flow table information.
Optionally, the traffic data includes a source IP address, a destination IP address, a source port number, a destination port number, a protocol number;
the step of judging whether the flow rate between the target container and the corresponding downstream container is abnormal or not according to the flow rate data corresponding to the target container comprises the following steps:
comparing each item of information in the flow data between the target container and the corresponding downstream container with each item of information in the corresponding historical flow data;
and if the comparison result of at least one item of information is inconsistent, judging that the flow rate between the target container and the corresponding downstream container is abnormal.
Optionally, before the step of acquiring the traffic data sent by the SDN controller, the method further includes:
for each target container, counting the flow between the target container and the corresponding downstream container within a preset initial acquisition time period;
generating a current acquisition cycle corresponding to the target container according to the flow in a preset initial acquisition time period corresponding to the target container, the preset acquisition time length of each acquisition and a corresponding random number;
and sending the current acquisition cycle corresponding to each target container to the SDN switch, so that the SDN switch can respectively acquire the traffic data of each target container according to the current acquisition cycle corresponding to each target container.
Optionally, the step of generating a current acquisition cycle corresponding to the target container according to the flow size in the preset initial acquisition time period corresponding to the target container, the preset acquisition duration of each acquisition, and the corresponding random number includes:
generating a current acquisition cycle corresponding to the target container by using a preset algorithm according to the flow in a preset initial acquisition time period corresponding to the target container, the preset acquisition time for each acquisition and a corresponding random number;
the preset algorithm comprises the formula: di=(Bi/Ti) S + R; wherein D isiRepresents the current acquisition period, T, corresponding to the ith target containeriRepresents a preset initial acquisition time period corresponding to the ith target container, BiThe flow rate of the ith target container in the preset initial acquisition time period is represented, S represents the preset acquisition time length of each acquisition, R represents a random number, R is 1, 2, 3, … … and S, and the random numbers corresponding to different target containers are different.
In order to achieve the above object, the present invention further provides a traffic monitoring and management system, including:
the flow data acquisition module is used for acquiring flow data sent by an SDN controller, wherein the flow data comprises flow data between each target container acquired by an SDN switch and a downstream container corresponding to the target container;
the judging module is used for judging whether flow abnormity exists between each target container and the corresponding downstream container or not according to the flow data corresponding to the target container;
and the control module is used for temporarily blocking the target container and the corresponding downstream container from carrying out subsequent data interaction under the condition that the judging module judges that the flow rate between the target container and the corresponding downstream container is abnormal.
Optionally, the control module is specifically configured to issue, by the SDN controller, flow table information to the corresponding SDN switch, so that the SDN switch temporarily blocks the target container and the corresponding downstream container from subsequent data interaction according to the flow table information.
Optionally, the traffic data includes a source IP address, a destination IP address, a source port number, a destination port number, a protocol number;
the judgment module is specifically configured to: comparing each item of information in the flow data between the target container and the corresponding downstream container with each item of information in the corresponding historical flow data; and if the comparison result of at least one item of information is inconsistent, judging that the flow rate between the target container and the corresponding downstream container is abnormal.
Optionally, the system further comprises: the device comprises a counting module, a calculating module and a sending module;
the statistical module is used for counting the flow between each target container and the corresponding downstream container within a preset initial acquisition time period;
the calculation module is used for generating a current acquisition cycle corresponding to the target container according to the flow in a preset initial acquisition time period corresponding to the target container, the preset acquisition time length of each acquisition and the corresponding random number;
the sending module is configured to send the current acquisition period corresponding to each target container to the SDN switch, so that the SDN switch collects the traffic data for each target container according to the current acquisition period corresponding to each target container.
Optionally, the calculation module is specifically configured to generate a current acquisition cycle corresponding to the target container by using a preset algorithm according to a flow size in a preset initial acquisition time period corresponding to the target container, a preset acquisition duration of each acquisition, and a corresponding random number;
the preset algorithm comprises the formula: di=(Bi/Ti) S + R; wherein D isiRepresents the current acquisition period, T, corresponding to the ith target containeriRepresents a preset initial acquisition time period corresponding to the ith target container, BiThe flow rate of the ith target container in the preset initial acquisition time period is represented, S represents the preset acquisition time length of each acquisition, R represents a random number, R is 1, 2, 3, … … and S, and the random numbers corresponding to different target containers are different.
The invention has at least the following beneficial effects:
according to the inter-container traffic monitoring method and the traffic monitoring management system, the SDN switch is used for collecting inter-container traffic data and monitoring the inter-container traffic data collected by the SDN switch, and under the condition that traffic abnormality occurs between containers is monitored based on the traffic data, the target container and the corresponding downstream container are temporarily blocked from performing subsequent data interaction, so that the safety monitoring of the traffic between the containers is realized.
Drawings
Fig. 1 is a flowchart of a method for monitoring inter-container traffic according to an embodiment of the present invention;
fig. 2 is a flowchart of a method for monitoring inter-container traffic according to a second embodiment of the present invention;
fig. 3 is a schematic structural diagram of a traffic monitoring and management system according to a third embodiment of the present invention.
Detailed Description
In order to make those skilled in the art better understand the technical solution of the present invention, the following describes in detail the inter-container flow monitoring method and the flow monitoring management system provided by the present invention with reference to the accompanying drawings.
Example one
Fig. 1 is a flowchart of a method for monitoring inter-container traffic according to an embodiment of the present invention, and as shown in fig. 1, the method for monitoring inter-container traffic includes:
And 12, judging whether the flow between the target container and the corresponding downstream container is abnormal or not according to the flow data corresponding to the target container for each target container, if so, executing the step 13, and otherwise, not performing further processing.
And step 13, temporarily blocking the target container and the corresponding downstream container from subsequent interactive operation under the condition that the flow rate between the target container and the corresponding downstream container is abnormal.
In the inter-container traffic monitoring method provided by this embodiment, traffic data between containers is collected by the SDN switch, and the traffic data between containers collected by the SDN switch is monitored, and when traffic abnormality occurs between containers based on traffic data monitoring, subsequent data interaction between the target container and a corresponding downstream container is temporarily blocked, so that security monitoring of traffic between containers is achieved.
Example two
Fig. 2 is a flowchart of a method for monitoring inter-container traffic according to a second embodiment of the present invention, which is implemented based on a traffic monitoring management system as shown in fig. 2, and includes:
and 21, counting the flow between each target container and the corresponding downstream container within a preset initial acquisition time period.
In this embodiment, before the method for monitoring traffic between containers is implemented, target containers with external interaction are screened out first, so as to determine each target container and a corresponding downstream container, and then a communication mechanism between the target container and the corresponding downstream container is adjusted, so that the target container and the corresponding downstream container are not transferred in a direct transfer manner, but are transferred through an SDN (Software Defined Network) switch.
After the communication mechanism between the containers is modified and the containers are stably operated for a certain time, in step S21, for each target container, the preset initial collection time period T between the target container and the corresponding downstream container is countediInner flow size Bi。
Specifically, in the operation process of the containers according to the modified communication mechanism, the SDN switch sets the initial acquisition time period T according to the preset initial acquisition time period T corresponding to the target containeriCarrying out flow acquisition on a target container to acquire a preset initial acquisition time period T between the target container and a corresponding downstream containeriTraffic data in. Before step 21, obtaining flow data reported by the SDN switch through the SDN controller, and in step 21, counting, for each target container, a preset initial acquisition time period T between the target container and a corresponding downstream container according to the flow data reported by the SDN switchiInner flow size Bi。
And step 22, generating a current acquisition cycle corresponding to the target container according to the flow in the preset initial acquisition time period corresponding to the target container, the preset acquisition time length of each acquisition and the corresponding random number.
The collection period refers to a time interval between two adjacent collection time points, for example, 1 hour, 2 hours, 5 hours, and 1 day.
Specifically, according to the corresponding preset initial acquisition time period T of the target containeriInner flow size BiGenerating a current acquisition period D corresponding to the target container by utilizing a preset algorithm according to a preset acquisition time length S acquired each time and a corresponding random number Ri。
Wherein, the preset algorithm comprises the formula: di=(Bi/Ti) S + R; wherein D isiRepresents the current acquisition period, T, corresponding to the ith target containeriRepresents a preset initial acquisition period corresponding to the ith target container, BiRepresents the flow size in the preset initial acquisition time period corresponding to the ith target container, Bi/TiIs represented by BiAnd TiS represents a preset acquisition time per acquisition, (B)i/Ti) S represents Bi/TiAnd the product of the value and the value of the adjustment factor is R, wherein R is 1, 2, 3, … …, and S is a random value, namely R takes a random value in a preset value range (1, 2, 3, … …, S), and the adjustment factors corresponding to different target containers are different.
In this embodiment, the initial acquisition time period T is not preset because the R corresponding to different target containers is differentiInner flow size BiThe same target containers are all collected in the same collection period.
In this embodiment, the initial acquisition time period T is presetiA preset initial acquisition time period T corresponding to each target container is an initial default acquisition time periodiMay be the same.
In this embodiment, the preset acquisition duration S for each acquisition may be configured according to actual needs. For example, if the flow rate data is acquired 1 time every 1 hour and only the past 5 minutes are acquired each time, the acquisition period D is 1 hour and the acquisition time S for each acquisition is 5 minutes.
And step 23, sending the current acquisition period corresponding to each target container to the SDN switch, so that the SDN switch can respectively acquire the traffic data of each target container according to the current acquisition period corresponding to each target container.
Specifically, in the above steps 21 and 22, the current acquisition cycle corresponding to each target container is obtained, and the current acquisition cycle list D ═ D is obtained from the current acquisition cycle corresponding to each target container1,D2,……,DiIn which D isiRepresenting the current acquisition period corresponding to the ith target container; and configuring the SDN switch acquisition parameters corresponding to each target container according to the current acquisition period list, where the SDN switch acquisition parameters include a current acquisition period, and in step 23, sending the SDN switch acquisition parameters corresponding to each target container to the SDN switch, so that the SDN switch acquires traffic data for each target container according to the current acquisition period corresponding to each target container.
And for each target container, the SDN switch acquires the flow between the target container and a corresponding downstream container according to the current acquisition period corresponding to the target container. Taking the current acquisition period D corresponding to the target container as 1 hour, and the acquisition time S for each acquisition as 5 minutes as an example, assuming that the flow of the target container is acquired for the first time at time point 08:00, the flow data corresponding to the target container in the time period of 07: 55-08: 00 is acquired, the time point of the next acquisition is 09:00, and when the time point of the next acquisition 09:00 comes, the flow data corresponding to the target container in the time period of 08: 55-09: 00 is acquired, and so on.
After the SDN switch acquires the flow data corresponding to the target container according to the current acquisition cycle, the SDN switch packages the flow data and sends the flow data to the SDN controller, then the SDN controller analyzes the flow data reported by the SDN switch to obtain information such as a source IP address, a destination IP address, a source port number, a destination port number, a protocol number and the like in each flow data, and the SDN controller sends the analyzed flow data to a flow monitoring management system together with the container number of the corresponding target container and the container number of a downstream container.
And 24, acquiring traffic data sent by the SDN controller, where the traffic data includes traffic data between each target container acquired by the SDN switch and a downstream container corresponding to the target container.
Wherein the traffic data includes but is not limited to: source IP address, destination IP address, source port number, destination port number, protocol number, container number of the destination container, and container number of the corresponding downstream container.
It is understood that, in the traffic data, the source IP address and the source port number refer to the IP address and the port number of the target container, and the destination IP address and the destination port number refer to the IP address and the port number of the corresponding downstream container.
And 25, judging whether the flow between the target container and the corresponding downstream container is abnormal or not according to the flow data corresponding to the target container for each target container, if so, executing the step 26, and otherwise, not performing further processing.
Specifically, comparing each item of information in the traffic data between the target container and the corresponding downstream container with each item of information in the corresponding historical traffic data, for example, determining whether source IP addresses of the target container and the corresponding downstream container are consistent, whether destination IP addresses of the target container and the corresponding downstream container are consistent, whether source port numbers of the target container and the corresponding downstream container are consistent, whether destination port numbers of the target container and the corresponding downstream container are consistent, and whether protocol numbers of the target container and the corresponding downstream container are consistent.
If the comparison result of the one-to-one correspondence comparison between each item of information in the flow data and each item of information in the historical flow data is consistent, the flow data is indicated to be normal flow data, that is, it is determined that no flow abnormality exists between the target container and the corresponding downstream container, and therefore no further processing is performed.
If the comparison result of at least one item of information is inconsistent, the flow data is abnormal flow data, that is, the flow abnormality between the target container and the corresponding downstream container is determined, so that further processing is required.
And 26, temporarily blocking the target container and the corresponding downstream container from subsequent data interaction under the condition that the flow rate between the target container and the corresponding downstream container is abnormal.
Specifically, the flow table information is issued to the corresponding SDN switch through the SDN controller, so that the SDN switch temporarily blocks the target container and the corresponding downstream container from subsequent data interaction according to the flow table information. Specifically, the SDN switch modifies a timeout parameter (hard _ timeout) of a link from the target container to the corresponding downstream container according to the flow table information to temporarily block interaction between the target container and the corresponding downstream container, that is, temporarily block subsequent data transfer between the target container and the corresponding downstream container. Wherein, the time length of the blocking can be preset time length.
In this embodiment, after determining that there is a flow anomaly between the target container and the corresponding downstream container, the flow monitoring and management system further imports the anomalous flow data into a preset anomalous flow detection safety system for detailed detection, so as to further analyze the anomalous flow data. And after the abnormity is analyzed and repaired, opening a communication channel of the link from the target container to the corresponding downstream container.
In this embodiment, the traffic monitoring management system may periodically update and adjust a current acquisition cycle of each target container according to an actual traffic condition of each target container (that is, a traffic size within a preset initial acquisition time period), and correspondingly update and adjust an SDN switch acquisition parameter corresponding to each target container, and acquisition cycles corresponding to different target containers are different, thereby implementing dynamic acquisition of traffic of the target container.
EXAMPLE III
Fig. 3 is a schematic structural diagram of a traffic monitoring and managing system according to a third embodiment of the present invention, and as shown in fig. 3, in this embodiment, a traffic monitoring and managing system 300 includes: an acquisition module 301, a judgment module 302 and a control module 303.
The obtaining module 301 is configured to obtain traffic data sent by the SDN controller, where the traffic data includes traffic data between each target container acquired by the SDN switch and a downstream container corresponding to the target container; the judging module 302 is configured to, for each target container, judge whether a flow anomaly exists between the target container and a corresponding downstream container according to flow data corresponding to the target container; the control module 303 is configured to temporarily block the target container and the corresponding downstream container from subsequent data interaction when the determining module 302 determines that there is a traffic anomaly between the target container and the corresponding downstream container.
Optionally, the control module 303 is specifically configured to issue, by using the SDN controller, flow table information to a corresponding SDN switch, so that the SDN switch temporarily blocks the target container and a corresponding downstream container from performing subsequent data interaction according to the flow table information.
Optionally, the traffic data includes a source IP address, a destination IP address, a source port number, a destination port number, a protocol number; the determining module 302 is specifically configured to: comparing various items of information in the flow data between the target container and the corresponding downstream container with various items of information in the corresponding historical flow data; and if the comparison result of at least one item of information is inconsistent, judging that the flow rate between the target container and the corresponding downstream container is abnormal.
Optionally, as shown in fig. 3, the system 300 further includes: a statistics module 304, a calculation module 305 and a sending module 306; the statistical module 304 is configured to, for each target container, perform statistics on a flow rate between the target container and a corresponding downstream container within a preset initial acquisition time period; the calculating module 305 is configured to generate a current acquisition cycle corresponding to the target container according to the flow size in the preset initial acquisition time period corresponding to the target container, the preset acquisition duration of each acquisition, and the corresponding random number; the sending module 306 is configured to send the current acquisition period corresponding to each target container to the SDN switch, so that the SDN switch collects the traffic data for each target container according to the current acquisition period corresponding to each target container.
Optionally, the calculating module 305 is specifically configured to generate a current acquisition cycle corresponding to the target container by using a preset algorithm according to the flow size in the preset initial acquisition time period corresponding to the target container, the preset acquisition duration of each acquisition, and the corresponding random number.
Wherein, the preset algorithm comprises the formula: di=(Bi/Ti) S + R; wherein D isiRepresents the current acquisition period, T, corresponding to the ith target containeriRepresents a preset initial acquisition time period corresponding to the ith target container, BiThe flow rate of the ith target container in the preset initial acquisition time period is represented, S represents the preset acquisition time length of each acquisition, R represents a random number, R is 1, 2, 3, … … and S, and the random numbers corresponding to different target containers are different.
In addition, the traffic monitoring management system 300 provided in this embodiment is used to implement the inter-container traffic monitoring method provided in any of the foregoing embodiments, and specific relevant descriptions may refer to the descriptions in any of the foregoing embodiments, and are not described herein again.
It will be understood that the above embodiments are merely exemplary embodiments taken to illustrate the principles of the present invention, which is not limited thereto. It will be apparent to those skilled in the art that various modifications and improvements can be made without departing from the spirit and substance of the invention, and these modifications and improvements are also considered to be within the scope of the invention.
Claims (10)
1. A method for monitoring flow between containers, comprising:
acquiring flow data sent by an SDN controller, wherein the flow data comprises flow data between each target container acquired by an SDN switch and a downstream container corresponding to the target container;
for each target container, judging whether flow abnormity exists between the target container and a corresponding downstream container according to flow data corresponding to the target container;
and temporarily blocking the target container and the corresponding downstream container from subsequent data interaction under the condition that the flow rate between the target container and the corresponding downstream container is abnormal.
2. The inter-container traffic monitoring method according to claim 1, wherein data interaction between the target container and a corresponding downstream container is performed through the SDN switch;
the step of temporarily blocking the target container and the corresponding downstream container from subsequent interactive operation includes:
and issuing flow table information to the corresponding SDN switch through the SDN controller so that the SDN switch temporarily blocks the target container and the corresponding downstream container from subsequent data interaction according to the flow table information.
3. The inter-container traffic monitoring method according to claim 1, wherein the traffic data includes a source IP address, a destination IP address, a source port number, a destination port number, a protocol number;
the step of judging whether the flow rate between the target container and the corresponding downstream container is abnormal or not according to the flow rate data corresponding to the target container comprises the following steps:
comparing each item of information in the flow data between the target container and the corresponding downstream container with each item of information in the corresponding historical flow data;
and if the comparison result of at least one item of information is inconsistent, judging that the flow rate between the target container and the corresponding downstream container is abnormal.
4. The inter-container traffic monitoring method according to claim 1, wherein the step of obtaining traffic data sent by an SDN controller is preceded by:
for each target container, counting the flow between the target container and the corresponding downstream container within a preset initial acquisition time period;
generating a current acquisition cycle corresponding to the target container according to the flow in a preset initial acquisition time period corresponding to the target container, the preset acquisition time length of each acquisition and a corresponding random number;
and sending the current acquisition cycle corresponding to each target container to the SDN switch, so that the SDN switch can respectively acquire the traffic data of each target container according to the current acquisition cycle corresponding to each target container.
5. The method for monitoring the flow rate between the containers according to claim 4, wherein the step of generating the current collection period corresponding to the target container according to the flow rate in the preset initial collection time period corresponding to the target container, the preset collection time period for each collection and the corresponding random number includes:
generating a current acquisition cycle corresponding to the target container by using a preset algorithm according to the flow in a preset initial acquisition time period corresponding to the target container, the preset acquisition time for each acquisition and a corresponding random number;
the preset algorithm comprises the formula: di=(Bi/Ti) S + R; wherein D isiRepresents the current acquisition period, T, corresponding to the ith target containeriRepresents a preset initial acquisition time period corresponding to the ith target container, BiThe flow rate of the ith target container in the preset initial acquisition time period is represented, S represents the preset acquisition time length of each acquisition, R represents a random number, R is 1, 2, 3, … … and S, and the random numbers corresponding to different target containers are different.
6. A traffic monitoring and management system, comprising:
the flow data acquisition module is used for acquiring flow data sent by an SDN controller, wherein the flow data comprises flow data between each target container acquired by an SDN switch and a downstream container corresponding to the target container;
the judging module is used for judging whether flow abnormity exists between each target container and the corresponding downstream container or not according to the flow data corresponding to the target container;
and the control module is used for temporarily blocking the target container and the corresponding downstream container from carrying out subsequent data interaction under the condition that the judging module judges that the flow rate between the target container and the corresponding downstream container is abnormal.
7. The traffic monitoring and management system according to claim 6, wherein the control module is specifically configured to issue, through the SDN controller, flow table information to the corresponding SDN switch, so that the SDN switch temporarily blocks the target container and the corresponding downstream container from subsequent data interaction according to the flow table information.
8. The traffic monitoring and management system of claim 6, wherein the traffic data includes a source IP address, a destination IP address, a source port number, a destination port number, a protocol number;
the judgment module is specifically configured to: comparing each item of information in the flow data between the target container and the corresponding downstream container with each item of information in the corresponding historical flow data; and if the comparison result of at least one item of information is inconsistent, judging that the flow rate between the target container and the corresponding downstream container is abnormal.
9. The traffic monitoring and management system according to claim 6, further comprising: the device comprises a counting module, a calculating module and a sending module;
the statistical module is used for counting the flow between each target container and the corresponding downstream container within a preset initial acquisition time period;
the calculation module is used for generating a current acquisition cycle corresponding to the target container according to the flow in a preset initial acquisition time period corresponding to the target container, the preset acquisition time length of each acquisition and the corresponding random number;
the sending module is configured to send the current acquisition period corresponding to each target container to the SDN switch, so that the SDN switch collects the traffic data for each target container according to the current acquisition period corresponding to each target container.
10. The flow monitoring and management system according to claim 9, wherein the calculation module is specifically configured to generate, according to a flow size in a preset initial acquisition time period corresponding to the target container, a preset acquisition duration for each acquisition, and a corresponding random number, a current acquisition cycle corresponding to the target container by using a preset algorithm;
the preset algorithm comprises the formula: di=(Bi/Ti) S + R; wherein D isiRepresents the current acquisition period, T, corresponding to the ith target containeriRepresents a preset initial acquisition time period corresponding to the ith target container, BiThe flow rate of the ith target container in the preset initial acquisition time period is represented, S represents the preset acquisition time length of each acquisition, R represents a random number, R is 1, 2, 3, … … and S, and the random numbers corresponding to different target containers are different.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202011149615.2A CN112333163B (en) | 2020-10-23 | 2020-10-23 | Inter-container flow monitoring method and flow monitoring management system |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202011149615.2A CN112333163B (en) | 2020-10-23 | 2020-10-23 | Inter-container flow monitoring method and flow monitoring management system |
Publications (2)
Publication Number | Publication Date |
---|---|
CN112333163A true CN112333163A (en) | 2021-02-05 |
CN112333163B CN112333163B (en) | 2022-08-02 |
Family
ID=74310842
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN202011149615.2A Active CN112333163B (en) | 2020-10-23 | 2020-10-23 | Inter-container flow monitoring method and flow monitoring management system |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN112333163B (en) |
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN113872954A (en) * | 2021-09-23 | 2021-12-31 | 绿盟科技集团股份有限公司 | Data flow detection method |
CN114741377A (en) * | 2022-04-01 | 2022-07-12 | 深圳市爱路恩济能源技术有限公司 | Method and device for identifying and processing natural gas abnormal data |
Citations (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN107196816A (en) * | 2016-03-14 | 2017-09-22 | 中国移动通信集团江西有限公司 | Anomalous traffic detection method, system and Network analyzing equipment |
US20180103061A1 (en) * | 2016-10-10 | 2018-04-12 | The Johns Hopkins University | Apparatus and method for implementing network deception |
CN107947974A (en) * | 2017-11-17 | 2018-04-20 | 国云科技股份有限公司 | A kind of network key chain circuit detecting method of cloud platform business |
CN108881246A (en) * | 2018-06-27 | 2018-11-23 | 中国联合网络通信集团有限公司 | A kind of method and device of vessel safety protection |
CN108989147A (en) * | 2018-07-16 | 2018-12-11 | 西安电子科技大学 | SDN network Flow Measuring System and method based on FPGA |
CN111049747A (en) * | 2019-12-18 | 2020-04-21 | 北京计算机技术及应用研究所 | Intelligent virtual network path planning method for large-scale container cluster |
CN111277609A (en) * | 2020-02-24 | 2020-06-12 | 深圳供电局有限公司 | SDN network monitoring method and system |
-
2020
- 2020-10-23 CN CN202011149615.2A patent/CN112333163B/en active Active
Patent Citations (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN107196816A (en) * | 2016-03-14 | 2017-09-22 | 中国移动通信集团江西有限公司 | Anomalous traffic detection method, system and Network analyzing equipment |
US20180103061A1 (en) * | 2016-10-10 | 2018-04-12 | The Johns Hopkins University | Apparatus and method for implementing network deception |
CN107947974A (en) * | 2017-11-17 | 2018-04-20 | 国云科技股份有限公司 | A kind of network key chain circuit detecting method of cloud platform business |
CN108881246A (en) * | 2018-06-27 | 2018-11-23 | 中国联合网络通信集团有限公司 | A kind of method and device of vessel safety protection |
CN108989147A (en) * | 2018-07-16 | 2018-12-11 | 西安电子科技大学 | SDN network Flow Measuring System and method based on FPGA |
CN111049747A (en) * | 2019-12-18 | 2020-04-21 | 北京计算机技术及应用研究所 | Intelligent virtual network path planning method for large-scale container cluster |
CN111277609A (en) * | 2020-02-24 | 2020-06-12 | 深圳供电局有限公司 | SDN network monitoring method and system |
Non-Patent Citations (2)
Title |
---|
刘智峰等: "层次化跨区域SDN验证示范系统的设计与建设", 《电信科学》 * |
张家兴: "传统网络向SDN网络过渡技术研究", 《CNKI优秀硕士学位论文全文库》 * |
Cited By (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN113872954A (en) * | 2021-09-23 | 2021-12-31 | 绿盟科技集团股份有限公司 | Data flow detection method |
CN113872954B (en) * | 2021-09-23 | 2024-02-20 | 绿盟科技集团股份有限公司 | Method for detecting data flow |
CN114741377A (en) * | 2022-04-01 | 2022-07-12 | 深圳市爱路恩济能源技术有限公司 | Method and device for identifying and processing natural gas abnormal data |
CN114741377B (en) * | 2022-04-01 | 2023-07-21 | 深圳市爱路恩济能源技术有限公司 | Method and device for identifying and processing natural gas abnormal data |
Also Published As
Publication number | Publication date |
---|---|
CN112333163B (en) | 2022-08-02 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN112333163B (en) | Inter-container flow monitoring method and flow monitoring management system | |
US10148540B2 (en) | System and method for anomaly detection in information technology operations | |
TWI495970B (en) | Method and arrangement for detecting in-situ fast transient event | |
CN103081407B (en) | Fail analysis device, trouble analysis system and failure analysis methods | |
KR20180120558A (en) | System and method for predicting communication apparatuses failure based on deep learning | |
CN101091354A (en) | Binary class based analysis and monitoring | |
JP2001057555A (en) | Network fault detection method and device | |
CN101686235A (en) | Device and method for analyzing abnormal network flow | |
CN111181971B (en) | System for automatically detecting industrial network attack | |
CN106130786A (en) | The detection method of a kind of network failure and device | |
CN105763387A (en) | Network traffic monitoring method and device | |
CN111181751B (en) | Stroboscopic alarm dispatch control method and system | |
CN103378981B (en) | The processing method and processing device of oscillating alarm in network management system | |
CN110929896A (en) | Security analysis method and device for system equipment | |
CN106452941A (en) | Network anomaly detection method and device | |
CN113364624A (en) | Mixed cloud flow acquisition method and system based on edge computing | |
US20240056463A1 (en) | Method and system to detect abnormal message transactions on a network | |
WO2019006018A1 (en) | Apparatus and method for establishing baseline network behavior and producing reports therefrom | |
JPH11177549A (en) | Traffic supervisory system and traffic supervisory method | |
CN108353005B (en) | Method and device for monitoring a control system | |
CN102195791A (en) | Alarm analysis method, device and system | |
US8983631B2 (en) | Arrangement for identifying uncontrolled events at the process module level and methods thereof | |
CN107241359A (en) | A kind of software-oriented defines the lightweight network flow abnormal detecting method of network | |
US20150227126A1 (en) | Communication configuration analysis in process control systems | |
CN111614630A (en) | Network security monitoring method and device and cloud WEB application firewall |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |