CN113242159B - Application access relation determining method and device - Google Patents
Application access relation determining method and device Download PDFInfo
- Publication number
- CN113242159B CN113242159B CN202110564360.4A CN202110564360A CN113242159B CN 113242159 B CN113242159 B CN 113242159B CN 202110564360 A CN202110564360 A CN 202110564360A CN 113242159 B CN113242159 B CN 113242159B
- Authority
- CN
- China
- Prior art keywords
- information
- access
- application
- access relation
- relation
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L43/00—Arrangements for monitoring or testing data switching networks
- H04L43/08—Monitoring or testing based on specific metrics, e.g. QoS, energy consumption or environmental parameters
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L43/00—Arrangements for monitoring or testing data switching networks
- H04L43/04—Processing captured monitoring data, e.g. for logfile generation
- H04L43/045—Processing captured monitoring data, e.g. for logfile generation for graphical visualisation of monitoring data
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L43/00—Arrangements for monitoring or testing data switching networks
- H04L43/08—Monitoring or testing based on specific metrics, e.g. QoS, energy consumption or environmental parameters
- H04L43/0823—Errors, e.g. transmission errors
Abstract
The invention provides a method and a device for determining an application access relation, which can be used in the financial field or other fields. The method comprises the following steps: acquiring network traffic data, and extracting the network traffic data to obtain application access relationship information; comparing the application access relationship information by utilizing a plurality of preset time slices to obtain effective access relationship information; and obtaining access relation statistical information according to the effective access relation information and the obtained external system information, and updating the access relation statistical information by using the obtained historical access information. The invention obtains the application access relation by utilizing the network flow data, ensures the authenticity, the accuracy and the comprehensiveness of the application access relation, provides support for realizing the automatic establishment and the visual operation and maintenance of the application asset library, improves the deployment efficiency of an IT system, reduces the repetitive labor workload of IT personnel of a data center, reduces the network operation and maintenance pressure and improves the operation and maintenance efficiency.
Description
Technical Field
The present invention relates to the field of computer network technologies, and in particular, to a method and an apparatus for determining an application access relationship.
Background
At present, the large-scale financial industry has various kinds of business, and hundreds of application systems are deployed to meet various business requirements. Complex access relationships exist between different nodes of the same application and between different applications. Because the deployment of each application system spans long history period and complex demand background, and the situation of explosive growth exists in a certain period, the access relation is increasingly complex, and hidden troubles are brought to the establishment of application system assets and the stable operation and maintenance of the system.
In the current common practice of the industry, the combing confirmation of the application access relationship is generally manually maintained by an IT (information technology) personnel, and great risks are brought to the efficient, stable and safe operation of the whole IT system.
Disclosure of Invention
Aiming at the problems in the prior art, embodiments of the present invention mainly aim to provide a method and an apparatus for determining an application access relationship, so as to implement automatic combing of an application access relationship and provide a real-time and visual support for operation and maintenance of an application system.
In order to achieve the above object, an embodiment of the present invention provides an application access relationship determining method, where the method includes:
acquiring network traffic data, and extracting the network traffic data to obtain application access relationship information;
comparing the application access relationship information by utilizing a plurality of preset time slices to obtain effective access relationship information;
and obtaining access relation statistical information according to the effective access relation information and the obtained external system information, and updating the access relation statistical information by using the obtained historical access information.
Optionally, in an embodiment of the present invention, the method further includes: cleaning the network flow data; wherein the cleaning treatment comprises de-duplication treatment, combination treatment and optimization treatment.
Optionally, in an embodiment of the present invention, the comparing the application access relationship information by using a plurality of preset time slices to obtain the effective access relationship information includes:
extracting access relation information corresponding to the time slices from the application access relation information by utilizing a plurality of preset time slices;
and comparing the access relation information corresponding to each time slice, and eliminating abnormal access relation information to obtain effective access relation information.
Optionally, in an embodiment of the present invention, the method further includes: acquiring external system information and historical access information; the external system information comprises computer configuration management information, equipment resource management information and application deployment record information.
Optionally, in an embodiment of the present invention, the valid access information includes a transport layer protocol name and type, a source IP address, a destination port number, an access time, a source port, and an access time.
Optionally, in an embodiment of the present invention, the obtaining access relationship statistical information according to the effective access relationship information and the obtained external system information includes:
establishing an application asset ledger according to the effective access relationship information and the acquired external system information;
and associating the transport layer protocol name, the source IP address, the target port number and the access times with the application asset ledger to obtain access relation statistical information.
Optionally, in an embodiment of the present invention, the method further includes: and visually displaying the access relation statistical information.
An embodiment of the present invention further provides an apparatus for determining an application access relationship, where the apparatus includes:
the access relation module is used for acquiring network traffic data and extracting the network traffic data to obtain application access relation information;
the effective information module is used for comparing the application access relationship information by utilizing a plurality of preset time slices to obtain effective access relationship information;
and the statistical information module is used for obtaining the access relation statistical information according to the effective access relation information and the obtained external system information, and updating the access relation statistical information by using the obtained historical access information.
The invention also provides an electronic device comprising a memory, a processor and a computer program stored on the memory and executable on the processor, wherein the processor implements the method when executing the program.
The present invention also provides a computer-readable storage medium storing a computer program for executing the above method.
The invention obtains the application access relation by using the network flow data, ensures the authenticity, the accuracy and the comprehensiveness of the application access relation, provides support for realizing the automatic establishment and the visual operation and maintenance of the application asset library, improves the deployment efficiency of an IT system, improves the accuracy and the efficiency of data flow analysis and fault diagnosis, reduces the repetitive labor workload of IT personnel of a data center, reduces the network operation and maintenance pressure and improves the operation and maintenance efficiency.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the description of the embodiments will be briefly introduced below, and it is obvious that the drawings in the description below are only some embodiments of the present invention, and it is obvious for those skilled in the art that other drawings can be obtained based on these drawings without creative efforts.
Fig. 1 is a flowchart of an application access relationship determining method according to an embodiment of the present invention;
FIG. 2 is a flow chart of obtaining valid access relationship information in an embodiment of the present invention;
FIG. 3 is a flowchart of obtaining access relationship statistics in an embodiment of the present invention;
fig. 4 is a schematic structural diagram of a system to which an application access relationship determination method is applied in an embodiment of the present invention;
fig. 5 is a schematic structural diagram of a network traffic collection module according to an embodiment of the present invention;
fig. 6 is a schematic structural diagram of a network traffic analysis module according to an embodiment of the present invention;
FIG. 7 is a block diagram of an access relationship management module according to an embodiment of the present invention;
FIG. 8 is a flowchart illustrating a system operation in which a method for determining an application access relationship is applied according to an embodiment of the present invention;
fig. 9 is a schematic structural diagram of an application access relationship determining apparatus according to an embodiment of the present invention;
fig. 10 is a schematic structural diagram of an electronic device according to an embodiment of the present invention.
Detailed Description
The embodiment of the invention provides a method and a device for determining an application access relationship, which can be used in the financial field or other fields.
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be obtained by a person skilled in the art without inventive step based on the embodiments of the present invention, are within the scope of protection of the present invention.
Fig. 1 is a flowchart illustrating an application access relationship determining method according to an embodiment of the present invention, where an execution subject of the application access relationship determining method according to the embodiment of the present invention includes, but is not limited to, a computer. The method shown in the figure comprises the following steps:
step S1, network flow data are obtained and extracted, and application access relation information is obtained.
The method comprises the steps of acquiring full network traffic data through network traffic acquisition tools deployed in various areas of a data center local area network, and integrating and packaging the acquired network traffic data into a formatted traffic file.
Further, the formatted flow file enters a network flow cleaning process, wherein the network flow cleaning process comprises the steps of carrying out duplication removal, combination and optimization on the network flow, and entering a network flow analysis process after the network flow cleaning is finished. The network flow analysis process specifically comprises the following steps: and extracting the traffic information, acquiring application access relation information including accessed source/destination IP addresses and ports, protocol types, access times and the like, summarizing the information and storing the result.
And S2, comparing the application access relation information by utilizing a plurality of preset time slices to obtain effective access relation information.
The preset time slices can be T + N, T +2N and T + mN, wherein T represents the current day of transaction, and N and m are positive integers. The application access relation information corresponding to a plurality of time slices of T + N, T +2N and T + mN is subjected to superposition comparison, and temporary and transient abnormal access information is removed, so that real and effective application access relation information, namely effective access relation information is obtained.
And S3, obtaining access relation statistical information according to the effective access relation information and the obtained external system information, and updating the access relation statistical information by using the obtained historical access information.
The external system information and the historical access information are obtained, and specifically, the external system information includes computer configuration management information, IT equipment resource management information, IT application deployment record information and the like. Furthermore, the historical access information is the saved historical application access relationship information.
Further, an application asset ledger is established by utilizing the effective access relation information and the external system information, and the transport layer protocol name, the source IP address, the target port number and the access times in the application access relation information are associated with the application ledger information to obtain access relation statistical information. Specifically, for example, the effective access relationship information is application access relationship information of the internet bank, which includes a relationship of mutual access and an access port of a web server, a database server, and the like in the application of the internet bank, and also includes an access relationship between applications of the internet bank, such as the internet bank meeting accessing a comprehensive quotation system or accessing a customer scoring system, and the e-party meeting accessing the internet bank. Thus, an information ledger of the application of the internet bank can be formed, and the information ledger comprises contents such as access relations, involved server addresses, resources and the like. The concept of assets includes accessing the physical resources of the relationship itself, which may also include hosted servers, etc. In many financial institution applications, there is a separate white paper that will contain the content. The white paper combination of a plurality of applications is an application asset library. And moreover, the obtained access relation statistical information is collected into a database for storage.
Further, according to the obtained historical access information, the effective access relation information is automatically compared with the historical access information to determine whether changes exist. And if the access relation statistic information changes, updating the access relation statistic information.
As an embodiment of the invention, the method further comprises: cleaning the network flow data; wherein the cleaning treatment comprises de-duplication treatment, combination treatment and optimization treatment.
The method comprises the steps of obtaining a formatted flow file by utilizing network flow data, entering a network flow cleaning process for the formatted flow file, wherein the network flow cleaning process comprises the steps of carrying out duplication removal, merging and optimization on network flow, and entering a network flow analysis process after the network flow cleaning is completed.
In an actual environment, temporary accesses generated due to operation and maintenance, testing, problem troubleshooting and the like exist, the content of the temporary accesses is not part of the access relation of normal application, and in order to avoid introducing the junk data, a mode of overlapping and comparing a plurality of time slice results is adopted to remove the dirty data. The specific operation can be selecting a plurality of time points in a period of time, extracting the access relations, then comparing, and removing accidental access or non-application normal access flow which is judged to be obvious, thereby improving the effectiveness of the access relations.
As an embodiment of the present invention, as shown in fig. 2, comparing the application access relationship information by using a plurality of preset time slices to obtain valid access relationship information includes:
step S21, extracting access relation information corresponding to a plurality of time slices from the application access relation information by utilizing the preset time slices;
and S22, comparing the access relation information corresponding to each time slice, and eliminating abnormal access relation information to obtain effective access relation information.
The preset time slices can be T + N, T +2N and T + mN, wherein T represents the current day, and N and m are positive integers. The application access relation information corresponding to a plurality of time slices of T + N, T +2N and T + mN is subjected to superposition comparison, and temporary and transient abnormal access information is removed, so that real and effective application access relation information, namely effective access relation information is obtained.
As an embodiment of the invention, the method further comprises: acquiring external system information and historical access information; the external system information comprises computer configuration management information, equipment resource management information and application deployment record information.
The method includes the steps of obtaining external system information and historical access information, wherein the external system information specifically comprises computer configuration management information, IT equipment resource management information, IT application deployment record information and the like. Furthermore, the historical access information is the saved historical application access relationship information.
As an embodiment of the present invention, the valid access information includes a transport layer protocol name and type, a source IP address, a destination port number, an access time, a source port, and an access time.
The method comprises the steps of extracting flow information by utilizing a network flow analysis process, obtaining effective application access relation information, namely effective access relation information, comprising accessed source/destination IP addresses and ports, protocol types, access times and the like, summarizing the information and storing results.
In this embodiment, as shown in fig. 3, obtaining the access relationship statistical information according to the effective access relationship information and the obtained external system information includes:
step S31, establishing an application asset ledger according to the effective access relation information and the acquired external system information;
and step S32, associating the transport layer protocol name, the source IP address, the target port number and the access times with the application asset ledger to obtain access relationship statistical information.
The method comprises the steps of establishing an application asset ledger by utilizing effective access relation information and external system information, and associating a transport layer protocol name, a source IP address, a target port number and access times in the application access relation information with the application ledger information to obtain access relation statistical information.
Specifically, for example, the effective access relationship information is application access relationship information of the internet bank, which includes a relationship of mutual access and an access port of a web server, a database server, and the like in the application of the internet bank, and also includes an access relationship between applications of the internet bank, such as the internet bank meeting accessing a comprehensive quotation system or accessing a customer scoring system, and the e-party meeting accessing the internet bank. Therefore, an information ledger of the internet bank application can be formed, and contents such as access relations, related server addresses, resources and the like are included in the information ledger. The concept of assets includes accessing the relationship itself, physical resources such as hosted servers, etc. In many financial institution applications, there is a separate white paper that will contain the content. The white paper combination of a plurality of applications is an application asset library. And moreover, the obtained access relation statistical information is collected into a database for storage.
Further, associating the transport layer protocol name, the source IP address, the destination port number, the access times, and the application ledger information in the application access relationship information specifically includes: the IP address of the internet bank server is recorded in the configuration management, if the obtained access relation appears, the relation can be resolved into an access relation of the internet bank, for example, the source address is 1.1.1.1, the destination address is 2.2.2, the TCP protocol 1521, the port is accessed for 5 times, and the web server resolved into the internet bank can access the 1521 port of the node server by contrasting the configuration management system.
As an embodiment of the invention, the method further comprises: and visually displaying the access relation statistical information.
The access relation statistical information obtained through analysis is logically displayed, an access relation view based on dimensionalities of application, business and the like is formed, and a visual platform is provided for operation and maintenance of an application system.
In an embodiment of the present invention, as shown in fig. 4, a schematic structural diagram of a system to which an application access relationship determining method is applied in an embodiment of the present invention is shown. In order to realize the automatic establishment of an asset library of an application system in the financial industry and improve the operation and maintenance efficiency of the application system, the system is divided into six functional modules, namely a network flow acquisition module 101, a network flow analysis module 102, an access relation management module 104, an external data module 103, an application asset library management module 105 and an application access relation display module 106, by acquiring the full-scale network flow information in a local area network and performing automatic analysis iteration as shown in a system structure diagram of fig. 4. The working principle of each module of the system is as follows:
the schematic structural diagram of the network traffic collection module 101 is shown in fig. 5, the traffic collection unit collects the whole network traffic through network traffic collection tools deployed in each area of the data center local area network, the traffic formatting processing unit integrates and packages the collected information into formatted files to provide input information for the network traffic analysis module 102, and the formatted traffic storage unit is used for storing the formatted traffic files.
The network traffic analysis module 102 introduces a distributed cluster processing mode to establish a big data analysis platform for network traffic. The schematic structural diagram of the network traffic analysis module 102 is shown in fig. 6, and the module receives the traffic file formatted by the network traffic acquisition module through the log receiving interface, and enters the traffic cleaning unit to perform the network traffic cleaning process, and the network traffic cleaning process performs deduplication, merging and optimization on the network traffic, and enters the traffic analysis unit. The flow analysis unit analyzes the network flow, firstly extracts the flow information and obtains the application access relation information including the accessed source/destination IP address and port, protocol type, access times and the like. And finally, the first result storage unit summarizes the information and stores the result. The network flow analysis module deploys server equipment in the network management network, constructs a network flow analysis distributed server cluster, and can subsequently consider server capacity expansion according to actual load conditions.
The schematic structural diagram of the access relationship management module 104 is shown in fig. 7, the access relationship receiving interface receives real-time application access relationship information obtained by the network traffic analysis module, the access relationship comparison unit performs superposition comparison on access relationships of multiple time slices T + N, T +2N, and T + mN to remove temporary and transient abnormal access information, and the access relationship analysis unit analyzes to obtain real and effective application access relationship information, that is, effective access relationship information. The second result storage unit is used for storing effective access relation information.
The external data module 103 introduces system information such as computer configuration management, IT device resource management, IT application deployment record and the like through a data interface and a data import mode, and automatically translates the analysis result of the network layer obtained by the access relation management module into an item which can be identified by application maintenance personnel and an application system and contains application data information.
The application asset management module 105 forms an application asset ledger by using the real and effective access relationship information obtained by the access relationship management module, obtains the access relationship statistical information of the application, establishes a real-time and automatically updated application asset management system, and provides effective basic data for the operation and maintenance of the application. For example, the effective access relationship information is application access relationship information of the internet bank, including the relationship of mutual access and access ports of a web server, a database server and the like in the application of the internet bank, and also including the access relationship between applications of the internet bank for accessing a comprehensive quotation system or a customer score system, and accessing the internet bank by an e-bank conference. Thus, an information ledger of the application of the internet bank can be formed, and the information ledger comprises contents such as access relations, involved server addresses, resources and the like. The concept of assets includes accessing the relationship itself, physical resources such as hosted servers, etc. In many financial institution applications, there is a separate white paper that will contain the content. The white paper combination of a plurality of applications is an application asset library. And moreover, the obtained access relation statistical information is brought into a database to be stored in a centralized way.
The application access relationship display module 106 constructs an information display platform with a B/S architecture by introducing a database analysis function, and can collectively display the application access relationship information and provide a query function.
In this embodiment, a work flow chart of the system is shown in fig. 8, and the steps in the flow chart are specifically explained as follows:
(1) And deploying a network traffic acquisition tool in each area of the local area network of the data center, collecting the whole network traffic in real time, and summarizing the traffic.
(2) And integrating and packaging the whole network flow to form a formatted file.
(3) And cleaning the imported formatted traffic, removing invalid repeated information and optimizing.
(4) And extracting key information of the cleaned network flow to obtain application access relation information, wherein the application access relation information comprises key information such as a source IP address, a destination IP address, a source port, a destination port, a transport layer protocol type, access times, access time and the like, and a single standardized access relation is formed.
(5) And (3) performing superposition comparison on access relations of a plurality of time slices of T + N, T +2N and T + mN, and eliminating temporary and transient abnormal access information to analyze to obtain real and effective application access relation information, namely effective access relation information.
In the actual environment, temporary accesses generated due to operation and maintenance, testing, problem troubleshooting and the like exist, the content of the temporary accesses is not part of the access relation of normal application, and in order to avoid introducing the junk data, a mode of overlapping and comparing a plurality of time slice results is adopted to remove the dirty data. The specific operation can be selecting a plurality of time points in a period of time, extracting the access relations, then comparing, and removing accidental access or abnormal access flow which is judged to be obvious, thereby improving the effectiveness of the access relations.
(6) And analyzing the obtained effective access relation by taking the application node as a unit by combining system information such as computer configuration management, IT equipment resource management, IT application deployment records and the like provided by an external data module, and automatically identifying an application access control quintuple comprising a transport layer protocol name, a source IP address, a target port number and access times. Wherein, the relevant and effective application access relation information is extracted in (4), and the quintuple is contained in the information. And associating the quintuple information with the application standing book information to obtain access relation statistical information, and bringing the effective access information and the access relation statistical information into a database system for centralized storage.
(7) And logically displaying the access relation obtained by analysis, forming an access relation view based on the dimensionality of application, service and the like, and providing a visual platform for the operation and maintenance of the application system.
(8) Automatically comparing the formed application access relation with historical information to determine whether changes exist;
(9) And updating the application access key information generating the change to the application asset library.
The beneficial effects of this system include: the access relation between the application system and the application system in the financial industry is updated from pure manual record maintenance to automatic acquisition maintenance based on real flow, the authenticity, the accuracy and the comprehensiveness of the application access relation are qualitatively improved, and the automatic establishment of an application asset library is realized; a reliable foundation is provided for the visual operation and maintenance of a business and application system, the deployment efficiency of an IT system is improved, and the accuracy and efficiency of data flow analysis and fault diagnosis are improved; the repetitive labor workload of IT personnel of the data center is reduced, the network operation and maintenance pressure is reduced, and the operation and maintenance efficiency is improved.
The invention solves the problems of complex access relation and difficult accurate combing between the application system and the application system in the financial industry, realizes the automatic combing and displaying of the application access relation by collecting the full amount of network flow information in the local area network and performing automatic analysis iteration, provides an automatic means for the establishment of an application system asset library, and provides real-time and visual support for the operation and maintenance of the application system. The invention ensures the authenticity, accuracy and comprehensiveness of the application access relation, improves the deployment efficiency of the IT system, improves the accuracy and efficiency of data flow analysis and fault diagnosis, reduces the repetitive labor workload of IT personnel of a data center, reduces the network operation and maintenance pressure and improves the operation and maintenance efficiency.
Fig. 9 is a schematic structural diagram of an application access relationship determining apparatus according to an embodiment of the present invention, where the apparatus includes:
and the access relation module 10 is configured to acquire network traffic data and extract the network traffic data to obtain application access relation information.
The method comprises the steps of acquiring full network traffic data through network traffic acquisition tools deployed in various areas of a data center local area network, and integrating and packaging the acquired network traffic data into a formatted traffic file.
Further, the formatted flow file enters a network flow cleaning process, wherein the network flow cleaning process comprises the steps of carrying out duplication removal, combination and optimization on the network flow, and entering a network flow analysis process after the network flow cleaning is finished. The network flow analysis process specifically comprises the following steps: and extracting the flow information, acquiring application access relation information including accessed source/destination IP addresses and ports, protocol types, access times and the like, summarizing the information and storing results.
And the effective information module 20 is configured to compare the application access relationship information with a plurality of preset time slices to obtain effective access relationship information.
The preset time slices can be T + N, T +2N and T + mN, wherein T represents the current day, and N and m are positive integers. The application access relation information corresponding to a plurality of time slices of T + N, T +2N and T + mN is subjected to superposition comparison, and temporary and transient abnormal access information is removed, so that real and effective application access relation information, namely effective access relation information is obtained.
And the statistical information module 30 is configured to obtain access relationship statistical information according to the effective access relationship information and the obtained external system information, and update the access relationship statistical information by using the obtained historical access information.
The external system information and the historical access information are obtained, and specifically, the external system information includes computer configuration management information, IT equipment resource management information, IT application deployment record information and the like. Furthermore, the historical access information is the saved historical application access relationship information.
Further, an application asset ledger is established by utilizing the effective access relation information and the external system information, and the transport layer protocol name, the source IP address, the target port number and the access times in the application access relation information are associated with the application ledger information to obtain access relation statistical information. Specifically, for example, the effective access relationship information is application access relationship information of the online bank, which includes a relationship of mutual access and an access port of a web server, a database server, and the like in the application of the online bank, and also includes an access relationship between applications such as the online bank accessing a comprehensive quotation system or a customer scoring system, and the online bank accessing by a converged-e conference. Thus, an information ledger of the application of the internet bank can be formed, and the information ledger comprises contents such as access relations, involved server addresses, resources and the like. The concept of assets includes accessing the physical resources of the relationship itself, which may also include hosted servers, etc. In many financial institution applications, there is a separate white paper that will contain the content. The white paper combination of a plurality of applications is an application asset library. And moreover, the obtained access relation statistical information is brought into a database to be stored in a centralized way.
Further, according to the obtained historical access information, the effective access relation information is automatically compared with the historical access information to determine whether changes exist. And if the access relation statistical information is changed, updating the access relation statistical information.
Based on the same application concept as the application access relationship determining method, the invention also provides an application access relationship determining device. Because the principle of solving the problem of the application access relationship determining device is similar to that of the application access relationship determining method, the implementation of the application access relationship determining device can refer to the implementation of the application access relationship determining method, and repeated details are not repeated.
The invention obtains the application access relation by using the network flow data, ensures the authenticity, the accuracy and the comprehensiveness of the application access relation, provides support for realizing the automatic establishment and the visual operation and maintenance of the application asset library, improves the deployment efficiency of an IT system, improves the accuracy and the efficiency of data flow analysis and fault diagnosis, reduces the repetitive labor workload of IT personnel of a data center, reduces the network operation and maintenance pressure and improves the operation and maintenance efficiency.
The invention also provides an electronic device comprising a memory, a processor and a computer program stored on the memory and executable on the processor, wherein the processor implements the method when executing the program.
The present invention also provides a computer-readable storage medium storing a computer program for executing the above method.
As shown in fig. 10, the electronic device 600 may further include: communication module 110, input unit 120, audio processing unit 130, display 160, power supply 170. It is noted that the electronic device 600 does not necessarily include all of the components shown in FIG. 10; furthermore, the electronic device 600 may also comprise components not shown in fig. 10, which may be referred to in the prior art.
As shown in fig. 10, the central processor 100, sometimes referred to as a controller or operation control, may include a microprocessor or other processor device and/or logic device, the central processor 100 receiving input and controlling the operation of the various components of the electronic device 600.
The memory 140 may be, for example, one or more of a buffer, a flash memory, a hard drive, a removable media, a volatile memory, a non-volatile memory, or other suitable device. The information relating to the failure may be stored, and a program for executing the information may be stored. And the cpu 100 may execute the program stored in the memory 140 to realize information storage or processing, etc.
The input unit 120 provides input to the cpu 100. The input unit 120 is, for example, a key or a touch input device. The power supply 170 is used to provide power to the electronic device 600. The display 160 is used for displaying display objects such as images and characters. The display may be, for example, an LCD display, but is not limited thereto.
The memory 140 may be a solid state memory such as Read Only Memory (ROM), random Access Memory (RAM), a SIM card, or the like. There may also be a memory that holds information even when power is off, can be selectively erased, and is provided with more data, an example of which is sometimes called an EPROM or the like. The memory 140 may also be some other type of device. Memory 140 includes buffer memory 141 (sometimes referred to as a buffer). The memory 140 may include an application/function storage section 142, and the application/function storage section 142 is used to store application programs and function programs or a flow for executing the operation of the electronic device 600 by the central processing unit 100.
The memory 140 may also include a data store 143, the data store 143 for storing data, such as contacts, digital data, pictures, sounds, and/or any other data used by the electronic device. The driver storage portion 144 of the memory 140 may include various drivers of the electronic device for communication functions and/or for performing other functions of the electronic device (e.g., messaging application, address book application, etc.).
The communication module 110 is a transmitter/receiver 110 that transmits and receives signals via an antenna 111. The communication module (transmitter/receiver) 110 is coupled to the central processor 100 to provide an input signal and receive an output signal, which may be the same as in the case of a conventional mobile communication terminal.
Based on different communication technologies, a plurality of communication modules 110, such as a cellular network module, a bluetooth module, and/or a wireless local area network module, may be provided in the same electronic device. The communication module (transmitter/receiver) 110 is also coupled to a speaker 131 and a microphone 132 via an audio processor 130 to provide audio output via the speaker 131 and to receive audio input from the microphone 132 to implement general telecommunication functions. Audio processor 130 may include any suitable buffers, decoders, amplifiers and so forth. In addition, an audio processor 130 is also coupled to the central processor 100, so that recording on the local can be enabled through a microphone 132, and so that sound stored on the local can be played through a speaker 131.
As will be appreciated by one skilled in the art, embodiments of the present invention may be provided as a method, system, or computer program product. Accordingly, the present invention may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, the present invention may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein.
The present invention is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems), and computer program products according to embodiments of the invention. It will be understood that each flow and/or block of the flow diagrams and/or block diagrams, and combinations of flows and/or blocks in the flow diagrams and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
The principle and the implementation mode of the invention are explained by applying specific embodiments in the invention, and the description of the embodiments is only used for helping to understand the method and the core idea of the invention; meanwhile, for a person skilled in the art, according to the idea of the present invention, there may be variations in the specific embodiments and the application scope, and in summary, the content of the present specification should not be construed as a limitation to the present invention.
Claims (7)
1. An application access relationship determination method, the method comprising:
acquiring network traffic data, and extracting the network traffic data to obtain application access relationship information;
comparing the application access relationship information by utilizing a plurality of preset time slices to obtain effective access relationship information; the effective access relation information comprises a transport layer protocol name and type, a source IP address, a target port number, access times, a source port and access time;
obtaining access relation statistical information according to the effective access relation information and the obtained external system information, and updating the access relation statistical information by using the obtained historical access information;
wherein, obtaining access relation statistical information according to the effective access relation information and the obtained external system information comprises:
establishing an application asset ledger according to the effective access relationship information and the acquired external system information;
associating the transport layer protocol name, the source IP address, the target port number and the access times with the application asset ledger to obtain access relation statistical information;
wherein the comparing the application access relationship information by using a plurality of preset time slices to obtain effective access relationship information comprises:
extracting access relation information corresponding to the time slices from the application access relation information by utilizing a plurality of preset time slices;
and comparing the access relation information corresponding to each time slice, and eliminating abnormal access relation information to obtain effective access relation information.
2. The method of claim 1, further comprising: cleaning the network flow data; wherein the cleaning treatment comprises de-duplication treatment, combination treatment and optimization treatment.
3. The method of claim 1, further comprising: acquiring external system information and historical access information; the external system information comprises computer configuration management information, equipment resource management information and application deployment record information.
4. The method of claim 1, further comprising: and visually displaying the access relation statistical information.
5. An application access relationship determination apparatus, the apparatus comprising:
the access relation module is used for acquiring network traffic data and extracting the network traffic data to obtain application access relation information;
the effective information module is used for comparing the application access relationship information by utilizing a plurality of preset time slices to obtain effective access relationship information; the effective access relation information comprises a transport layer protocol name and type, a source IP address, a target port number, access times, a source port and access time;
the statistical information module is used for obtaining access relation statistical information according to the effective access relation information and the obtained external system information, and updating the access relation statistical information by using the obtained historical access information;
the statistical information module is also used for establishing an application asset ledger according to the effective access relation information and the acquired external system information; associating the transport layer protocol name, the source IP address, the target port number and the access times with the application asset ledger to obtain access relation statistical information;
the effective information module is further used for extracting access relation information corresponding to the time slices from the application access relation information by utilizing a plurality of preset time slices; and comparing the access relation information corresponding to each time slice, and eliminating abnormal access relation information to obtain effective access relation information.
6. An electronic device comprising a memory, a processor and a computer program stored on the memory and executable on the processor, wherein the processor implements the method of any one of claims 1 to 4 when executing the computer program.
7. A computer-readable storage medium, characterized in that the computer-readable storage medium stores a computer program for executing the method of any one of claims 1 to 4.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110564360.4A CN113242159B (en) | 2021-05-24 | 2021-05-24 | Application access relation determining method and device |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110564360.4A CN113242159B (en) | 2021-05-24 | 2021-05-24 | Application access relation determining method and device |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN113242159A CN113242159A (en) | 2021-08-10 |
| CN113242159B true CN113242159B (en) | 2022-12-09 |
Family
ID=77138397
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202110564360.4A Active CN113242159B (en) | 2021-05-24 | 2021-05-24 | Application access relation determining method and device |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN113242159B (en) |
Families Citing this family (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113703915B (en) * | 2021-08-17 | 2023-07-14 | 深信服科技股份有限公司 | Access relation visualization method, device, electronic equipment and storage medium |
| CN114025000B (en) * | 2021-10-29 | 2023-05-30 | 建信金融科技有限责任公司 | Method, device, equipment and storage medium for establishing network access relationship |
| CN114428822B (en) * | 2022-01-27 | 2022-07-29 | 云启智慧科技有限公司 | Data processing method and device, electronic equipment and storage medium |
| CN114745280A (en) * | 2022-04-11 | 2022-07-12 | 北京华顺信安科技有限公司 | Asset information management method, device, equipment and readable storage medium |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN108632100A (en) * | 2015-08-24 | 2018-10-09 | 上海天旦网络科技发展有限公司 | It was found that the method and system with presentation network application access information |
| CN110247933A (en) * | 2019-07-08 | 2019-09-17 | 中国工商银行股份有限公司 | The method and apparatus for realizing firewall policy |
| WO2020135233A1 (en) * | 2018-12-26 | 2020-07-02 | 中兴通讯股份有限公司 | Botnet detection method and system, and storage medium |
| CN112291370A (en) * | 2020-12-28 | 2021-01-29 | 金锐同创(北京)科技股份有限公司 | Method for processing service access relation and related equipment |
| CN112632446A (en) * | 2020-12-30 | 2021-04-09 | 江苏苏宁云计算有限公司 | Page access path construction method and system |
Family Cites Families (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US9722987B2 (en) * | 2015-03-13 | 2017-08-01 | Ssh Communications Security Oyj | Access relationships in a computer system |
-
2021
- 2021-05-24 CN CN202110564360.4A patent/CN113242159B/en active Active
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN108632100A (en) * | 2015-08-24 | 2018-10-09 | 上海天旦网络科技发展有限公司 | It was found that the method and system with presentation network application access information |
| WO2020135233A1 (en) * | 2018-12-26 | 2020-07-02 | 中兴通讯股份有限公司 | Botnet detection method and system, and storage medium |
| CN110247933A (en) * | 2019-07-08 | 2019-09-17 | 中国工商银行股份有限公司 | The method and apparatus for realizing firewall policy |
| CN112291370A (en) * | 2020-12-28 | 2021-01-29 | 金锐同创(北京)科技股份有限公司 | Method for processing service access relation and related equipment |
| CN112632446A (en) * | 2020-12-30 | 2021-04-09 | 江苏苏宁云计算有限公司 | Page access path construction method and system |
Also Published As
| Publication number | Publication date |
|---|---|
| CN113242159A (en) | 2021-08-10 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN113242159B (en) | Application access relation determining method and device | |
| CN112612675B (en) | Distributed big data log link tracking method and system under micro-service architecture | |
| CN111177222A (en) | Model testing method and device, computing equipment and storage medium | |
| CN1859505B (en) | Bill checking system and method | |
| CN102073579B (en) | Method for merging and optimizing audit events of Linux file system | |
| CN104346574A (en) | Automatic host computer security configuration vulnerability restoration method and system based on configuration specification | |
| CN109828886B (en) | CI/CD monitoring method and system under container cloud environment | |
| US11336663B2 (en) | Recording medium on which evaluating program is recorded, evaluating method, and information processing apparatus | |
| CN113505048A (en) | Unified monitoring platform based on application system portrait and implementation method | |
| CN110941632A (en) | Database auditing method, device and equipment | |
| CN105207831B (en) | The detection method and device of Action Events | |
| CN111324480B (en) | Large-scale host transaction fault positioning system and method | |
| CN113344708A (en) | Large-scale system production and exercise application evaluation method and system | |
| CN112860527A (en) | Fault monitoring method and device of application server | |
| CN114092246A (en) | Problem positioning method and device for financial transaction link | |
| CN113128986A (en) | Error reporting processing method and device for long-link transaction | |
| CN112685376A (en) | Massive log data analysis method and system | |
| CN112910708A (en) | Distributed service calling method and device | |
| CN112866044B (en) | Network equipment state information acquisition method and device | |
| CN115348185B (en) | Control method and control device of distributed query engine | |
| CN114970479B (en) | Chart generation method and device | |
| CN113032281B (en) | Method and device for acquiring code coverage rate in real time | |
| CN117349384B (en) | Database synchronization method, system and equipment | |
| CN112862598A (en) | Channel information management method and device, electronic equipment and medium | |
| CN115795098A (en) | Method and device for processing platform data |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |