CN113824733B - Computer network management system - Google Patents
Computer network management system Download PDFInfo
- Publication number
- CN113824733B CN113824733B CN202111206045.0A CN202111206045A CN113824733B CN 113824733 B CN113824733 B CN 113824733B CN 202111206045 A CN202111206045 A CN 202111206045A CN 113824733 B CN113824733 B CN 113824733B
- Authority
- CN
- China
- Prior art keywords
- flow
- computer
- module
- abnormal
- network
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1425—Traffic logging, e.g. anomaly detection
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06N—COMPUTING ARRANGEMENTS BASED ON SPECIFIC COMPUTATIONAL MODELS
- G06N3/00—Computing arrangements based on biological models
- G06N3/02—Neural networks
- G06N3/04—Architecture, e.g. interconnection topology
- G06N3/044—Recurrent networks, e.g. Hopfield networks
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06N—COMPUTING ARRANGEMENTS BASED ON SPECIFIC COMPUTATIONAL MODELS
- G06N3/00—Computing arrangements based on biological models
- G06N3/02—Neural networks
- G06N3/04—Architecture, e.g. interconnection topology
- G06N3/045—Combinations of networks
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
- H04L41/14—Network analysis or design
- H04L41/142—Network analysis or design using statistical or mathematical methods
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/20—Network architectures or network communication protocols for network security for managing network security; network security policies in general
-
- Y—GENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y02—TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
- Y02D—CLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
- Y02D30/00—Reducing energy consumption in communication networks
- Y02D30/50—Reducing energy consumption in communication networks in wire-line communication networks, e.g. low power modes or reduced link rate
Abstract
The invention discloses a computer network management system, comprising: the flow distribution module is used for realizing distribution of network flow based on the accessed working attribute of the computer; the network traffic redistribution module is also used for realizing network traffic redistribution based on the non-abnormal traffic request; the network anomaly identification module is used for monitoring the total flow and the real-time flow of each computer terminal, and judging the current network anomaly when the total flow and/or the real-time flow of each computer terminal are/is lower than a preset threshold value; the abnormal flow request identification module is used for identifying that each computer terminal is higher than the historical flow request; and the abnormal behavior evaluation module is started when the abnormal flow request is identified, and the recording of the current operation behavior is realized in a script recording mode. The invention can discover various network anomalies and operation behavior anomalies in time, thereby greatly ensuring the safety of data and the stability of network operation, and simultaneously realizing the reasonable distribution of the computer flow as much as possible.
Description
Technical Field
The present invention relates to the field of network management, and in particular, to a computer network management system.
Background
The computer network system is a system for realizing resource sharing and information transmission in a network by using network software with perfect functions by interconnecting a plurality of computer systems with different geographic positions and independent functions by using communication equipment and lines. With rapid development of computer technology and the Internet, and frequent occurrence of network information security events in recent years, network information security problems gradually penetrate into various industries, and become a focus of attention.
At present, the existing computer network management system generally only can identify and intercept specific or continuous intrusion behaviors, the monitoring range is limited, and the completeness of data has a great hidden trouble; meanwhile, the distribution of network traffic is completely dependent on the traffic request initiated by the accessed computer equipment, and the distribution of the network traffic is unreasonable, so that the experience of the user is greatly influenced.
Disclosure of Invention
In order to solve the technical problems, the invention provides a computer network management system which can discover various network anomalies and operation behavior anomalies in time, thereby greatly ensuring the safety of data and the stability of network operation and realizing reasonable distribution of computer flow as far as possible.
To solve the above technical problem, an embodiment of the present invention provides a computer network management system, including:
the flow distribution module is used for realizing distribution of network flow based on the accessed working attribute of the computer; the network traffic redistribution module is also used for realizing network traffic redistribution based on the non-abnormal traffic request;
the network anomaly identification module is used for monitoring the total flow and the real-time flow of each computer terminal, and judging the current network anomaly when the total flow and/or the real-time flow of each computer terminal is lower than a preset threshold value;
the abnormal flow request identification module is used for identifying that each computer terminal is higher than the historical flow request;
the abnormal behavior evaluation module is started when the abnormal flow request is identified, the recording of the current operation behavior is realized in a script recording mode, and the judgment of whether the abnormal behavior exists in the current computer is realized through the evaluation of the current operation script;
the abnormal behavior interception module is started when the abnormal behavior evaluation module identifies the abnormal behavior of the computer, so that the interception of the abnormal behavior is realized.
Further, based on the historical operation habit data of each computer terminal, matching the corresponding computer working attribute for each computer terminal, wherein each computer working attribute is configured with a normal working lowest flow threshold.
Further, when no allocation priority exists, the flow allocation module allocates the flow which can ensure the normal operation of each computer terminal, and then equally distributes the residual flow to the computer terminals; when the allocation priority exists, the flow allocation module firstly allocates the flow which can ensure the normal operation of each computer terminal, and then preferentially allocates the rest flow to the computer terminal marked with the priority.
Further, when the flow distribution module receives the non-abnormal flow requests initiated by the computer terminals, the flow distribution module satisfies the non-abnormal flow requests of the corresponding computers as much as possible through the allocation of the residual distributable flow on the premise of ensuring that other computer terminals can work normally.
Furthermore, the abnormal flow request identification module realizes the identification that each computer terminal is higher than the historical flow request based on the Bi-LSTM+attribute model.
Further, the abnormal behavior evaluation module is used for evaluating the current operation script based on the infinite depth neural network model and judging whether the abnormal behavior exists in the current computer.
Further, the method further comprises the following steps:
and the device access module is used for realizing the timing audit of the identity data of the access device, and when the access device in the non-authority is found, the early warning module is started, and the access of the access device in the non-authority is disconnected, and the ID of the access device is stored in the device blacklist.
The invention has the following beneficial effects:
various network anomalies and operation behavior anomalies can be found in time, so that the safety of data and the stability of network operation are greatly ensured, and reasonable distribution of computer flow can be realized as much as possible.
Drawings
FIG. 1 is a system block diagram of a computer network management system according to an embodiment of the present invention.
Detailed Description
In order to make the technical problems, technical solutions and advantages to be solved more apparent, the following detailed description will be given with reference to the accompanying drawings and specific embodiments.
As shown in fig. 1, an embodiment of the present invention provides a computer network management system, including:
the device access module is used for realizing the timing audit of the identity data of the access device, and when the access device in the non-authority is found, the early warning module is started, and the access of the access device in the non-authority is disconnected, and the ID of the access device is stored in the device blacklist; in this embodiment, the auditing of the device identity data is implemented by adopting a mode of configuring different identity verification passwords by different device IDs, and when the access device IDs and the identity verification passwords are both correct and matched, the access operation of the device can be implemented;
the flow distribution module is used for realizing distribution of network flow based on the accessed working attribute of the computer; the network traffic redistribution module is also used for realizing network traffic redistribution based on the non-abnormal traffic request; matching corresponding computer working attributes for each computer terminal based on historical operation habit data of each computer terminal, wherein each computer working attribute is configured with a normal working lowest flow threshold;
the network anomaly identification module is used for monitoring the total flow and the real-time flow of each computer terminal, and judging the current network anomaly when the total flow and/or the real-time flow of each computer terminal is lower than a preset threshold value;
the abnormal flow request identification module is used for identifying that each computer terminal is higher than the historical flow request;
the abnormal behavior evaluation module is started when the abnormal flow request is identified, the recording of the current operation behavior is realized in a script recording mode, and the judgment of whether the abnormal behavior exists in the current computer is realized through the evaluation of the current operation script;
the abnormal behavior interception module is started when the abnormal behavior evaluation module identifies the abnormal behavior of the computer, so that the interception of the abnormal behavior is realized.
In this embodiment, when there is no allocation priority, the flow allocation module allocates a flow capable of ensuring normal operation to each computer terminal, and then equally distributes the remaining flows to the computer terminals; when the allocation priority exists, the flow allocation module firstly allocates the flow which can ensure the normal operation of each computer terminal, and then preferentially allocates the rest flow to the computer terminal marked with the priority.
In this embodiment, when the flow distribution module receives the non-abnormal flow request initiated by each computer terminal, the flow distribution module satisfies the non-abnormal flow request of the corresponding computer as much as possible by allocating the remaining distributable flows on the premise of ensuring that other computer terminals can work normally.
In this embodiment, the abnormal traffic request identification module realizes the identification that each computer terminal is higher than the historical traffic request based on the Bi-lstm+attribute model.
In this embodiment, the abnormal behavior evaluation module realizes evaluation of the current operation script based on the infinite depth neural network model, and realizes determination of whether the current computer has abnormal behavior; the infinite depth neural network model is trained based on historical dangerous operation scripts and abnormal operation behavior scripts configured by each computer device.
While the foregoing is directed to the preferred embodiments of the present invention, it will be appreciated by those skilled in the art that various modifications and adaptations can be made without departing from the principles of the present invention, and such modifications and adaptations are intended to be comprehended within the scope of the present invention.
Claims (4)
1. A computer network management system, comprising:
the flow distribution module is used for realizing distribution of network flow based on the accessed working attribute of the computer; the network traffic redistribution module is also used for realizing network traffic redistribution based on the non-abnormal traffic request;
the network anomaly identification module is used for monitoring the total flow and the real-time flow of each computer terminal, and judging the current network anomaly when the total flow and/or the real-time flow of each computer terminal is lower than a preset threshold value;
the abnormal flow request identification module is used for identifying that each computer terminal is higher than the historical flow request;
the abnormal behavior evaluation module is started when the abnormal flow request is identified, the recording of the current operation behavior is realized in a script recording mode, and the judgment of whether the abnormal behavior exists in the current computer is realized through the evaluation of the current operation script;
the abnormal behavior interception module is started when the abnormal behavior evaluation module identifies the abnormal behavior of the computer, so that the interception of the abnormal behavior is realized;
matching corresponding computer working attributes for each computer terminal based on historical operation habit data of each computer terminal, wherein each computer working attribute is configured with a normal working lowest flow threshold;
when no allocation priority exists, the flow allocation module allocates the flow which can ensure the normal operation of each computer terminal, and then equally distributes the residual flow to the computer terminals; when the allocation priority exists, the flow allocation module allocates the flow which can ensure the normal operation of each computer terminal, and then preferentially allocates the rest flow to the computer terminal marked with the priority;
when the flow distribution module receives the non-abnormal flow requests initiated by the computer terminals, the flow distribution module can meet the non-abnormal flow requests of the corresponding computers as much as possible through the allocation of the residual distributable flow on the premise of ensuring that other computer terminals can work normally.
2. The computer network management system of claim 1, wherein the abnormal traffic request identification module is configured to identify that each computer terminal is higher than the historical traffic request based on Bi-lstm+attention model.
3. The computer network management system of claim 1, wherein the abnormal behavior evaluation module is configured to evaluate a current operation script based on an infinite depth neural network model, and to determine whether the abnormal behavior exists in the current computer.
4. A computer network management system according to claim 1, further comprising:
and the device access module is used for realizing the timing audit of the identity data of the access device, and when the access device in the non-authority is found, the early warning module is started, and the access of the access device in the non-authority is disconnected, and the ID of the access device is stored in the device blacklist.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202111206045.0A CN113824733B (en) | 2021-10-16 | 2021-10-16 | Computer network management system |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202111206045.0A CN113824733B (en) | 2021-10-16 | 2021-10-16 | Computer network management system |
Publications (2)
Publication Number | Publication Date |
---|---|
CN113824733A CN113824733A (en) | 2021-12-21 |
CN113824733B true CN113824733B (en) | 2023-08-18 |
Family
ID=78920331
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN202111206045.0A Active CN113824733B (en) | 2021-10-16 | 2021-10-16 | Computer network management system |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN113824733B (en) |
Citations (13)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2009062018A2 (en) * | 2007-11-08 | 2009-05-14 | Secure Computing Corporation | Prioritizing network traffic |
CN103441905A (en) * | 2013-09-22 | 2013-12-11 | 天津金栅科技有限公司 | Network traffic monitoring system |
CN103685072A (en) * | 2013-11-27 | 2014-03-26 | 中国电子科技集团公司第三十研究所 | Method for quickly distributing network flow |
CN106506391A (en) * | 2016-10-28 | 2017-03-15 | 上海斐讯数据通信技术有限公司 | A kind of distribution method of network traffics and router |
CN106817313A (en) * | 2015-12-01 | 2017-06-09 | 北京慧点科技有限公司 | A kind of method that network traffics are quickly distributed |
CN108601048A (en) * | 2018-04-17 | 2018-09-28 | 维沃移动通信有限公司 | A kind of flow control methods and mobile terminal |
CN108990110A (en) * | 2018-07-26 | 2018-12-11 | Oppo广东移动通信有限公司 | Network flux management method, device, storage medium and terminal |
CN109756403A (en) * | 2017-11-06 | 2019-05-14 | 中国电信股份有限公司 | Access verification method, device, system and computer readable storage medium |
CN110290071A (en) * | 2019-07-24 | 2019-09-27 | 中国联合网络通信集团有限公司 | Method and system, cloud server and the monitoring device of network flow equilibrium adjustment |
CN112003790A (en) * | 2020-08-26 | 2020-11-27 | 上海松鼠课堂人工智能科技有限公司 | Distribution method of network traffic used by intelligent school |
CN112600805A (en) * | 2020-12-03 | 2021-04-02 | 国家计算机网络与信息安全管理中心 | Network security supervision platform |
CN112953966A (en) * | 2021-03-20 | 2021-06-11 | 中原工学院 | Computer network safety intrusion detection system |
CN112950249A (en) * | 2019-12-16 | 2021-06-11 | 旺脉信息科技(上海)有限公司 | Method and system for processing advertisement flow data, electronic equipment and storage medium |
Family Cites Families (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US9843488B2 (en) * | 2011-11-07 | 2017-12-12 | Netflow Logic Corporation | Method and system for confident anomaly detection in computer network traffic |
-
2021
- 2021-10-16 CN CN202111206045.0A patent/CN113824733B/en active Active
Patent Citations (13)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2009062018A2 (en) * | 2007-11-08 | 2009-05-14 | Secure Computing Corporation | Prioritizing network traffic |
CN103441905A (en) * | 2013-09-22 | 2013-12-11 | 天津金栅科技有限公司 | Network traffic monitoring system |
CN103685072A (en) * | 2013-11-27 | 2014-03-26 | 中国电子科技集团公司第三十研究所 | Method for quickly distributing network flow |
CN106817313A (en) * | 2015-12-01 | 2017-06-09 | 北京慧点科技有限公司 | A kind of method that network traffics are quickly distributed |
CN106506391A (en) * | 2016-10-28 | 2017-03-15 | 上海斐讯数据通信技术有限公司 | A kind of distribution method of network traffics and router |
CN109756403A (en) * | 2017-11-06 | 2019-05-14 | 中国电信股份有限公司 | Access verification method, device, system and computer readable storage medium |
CN108601048A (en) * | 2018-04-17 | 2018-09-28 | 维沃移动通信有限公司 | A kind of flow control methods and mobile terminal |
CN108990110A (en) * | 2018-07-26 | 2018-12-11 | Oppo广东移动通信有限公司 | Network flux management method, device, storage medium and terminal |
CN110290071A (en) * | 2019-07-24 | 2019-09-27 | 中国联合网络通信集团有限公司 | Method and system, cloud server and the monitoring device of network flow equilibrium adjustment |
CN112950249A (en) * | 2019-12-16 | 2021-06-11 | 旺脉信息科技(上海)有限公司 | Method and system for processing advertisement flow data, electronic equipment and storage medium |
CN112003790A (en) * | 2020-08-26 | 2020-11-27 | 上海松鼠课堂人工智能科技有限公司 | Distribution method of network traffic used by intelligent school |
CN112600805A (en) * | 2020-12-03 | 2021-04-02 | 国家计算机网络与信息安全管理中心 | Network security supervision platform |
CN112953966A (en) * | 2021-03-20 | 2021-06-11 | 中原工学院 | Computer network safety intrusion detection system |
Also Published As
Publication number | Publication date |
---|---|
CN113824733A (en) | 2021-12-21 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US11157629B2 (en) | Identity risk and cyber access risk engine | |
CN108683604B (en) | Concurrent access control method, terminal device, and medium | |
CN111274583A (en) | Big data computer network safety protection device and control method thereof | |
JP2022512192A (en) | Systems and methods for behavioral threat detection | |
CN110213199B (en) | Method, device and system for monitoring database collision attack and computer storage medium | |
US20100306374A1 (en) | Centralized network control | |
CN112380569A (en) | Data analysis method based on block chain and edge computing server | |
CN106548342B (en) | Trusted device determining method and device | |
KR102160950B1 (en) | Data Distribution System and Its Method for Security Vulnerability Inspection | |
CN110049028A (en) | Monitor method, apparatus, computer equipment and the storage medium of domain control administrator | |
CN116305155A (en) | Program safety detection protection method, device, medium and electronic equipment | |
CN114244568B (en) | Security access control method, device and equipment based on terminal access behavior | |
CN111400720A (en) | Terminal information processing method, system and device and readable storage medium | |
CN110719286A (en) | Network optimization scheme sharing system and method based on big data | |
CN110191097A (en) | Detection method, system, equipment and the storage medium of login page safety | |
CN113824733B (en) | Computer network management system | |
CN111212077B (en) | Host access system and method | |
CN117061257A (en) | Network security assessment system | |
CN110378120A (en) | Application programming interfaces attack detection method, device and readable storage medium storing program for executing | |
CN114070641B (en) | Network intrusion detection method, device, equipment and storage medium | |
CN116827976A (en) | Terminal equipment interaction management method and system based on Internet of things | |
CN114416507A (en) | Communication behavior monitoring method and device, computer equipment and storage medium | |
CN113949578B (en) | Automatic detection method and device for unauthorized loopholes based on flow and computer equipment | |
CN114553563B (en) | Verification method and device without back display loopholes, electronic equipment and readable storage medium | |
CN113168468B (en) | System and method for behavioral threat detection |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |