CN114006840A - Circuit flow abnormity identification method - Google Patents
Circuit flow abnormity identification method Download PDFInfo
- Publication number
- CN114006840A CN114006840A CN202111181169.8A CN202111181169A CN114006840A CN 114006840 A CN114006840 A CN 114006840A CN 202111181169 A CN202111181169 A CN 202111181169A CN 114006840 A CN114006840 A CN 114006840A
- Authority
- CN
- China
- Prior art keywords
- flow
- circuit
- abnormal
- circuit flow
- state
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L43/00—Arrangements for monitoring or testing data switching networks
- H04L43/08—Monitoring or testing based on specific metrics, e.g. QoS, energy consumption or environmental parameters
- H04L43/0876—Network utilisation, e.g. volume of load or congestion level
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/90—Details of database functions independent of the retrieved data types
- G06F16/903—Querying
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
- H04L41/02—Standardisation; Integration
- H04L41/0213—Standardised network management protocols, e.g. simple network management protocol [SNMP]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L43/00—Arrangements for monitoring or testing data switching networks
- H04L43/16—Threshold monitoring
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Databases & Information Systems (AREA)
- Theoretical Computer Science (AREA)
- Environmental & Geological Engineering (AREA)
- Computational Linguistics (AREA)
- Data Mining & Analysis (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention discloses a circuit flow abnormity identification method, which comprises the following steps: counting circuit flow, outputting circuit flow data through an SNMP protocol, collecting the circuit flow twice at fixed time intervals and storing in a warehouse; inquiring circuit flow in the same direction of the corresponding node in the library, and comparing a flow interruption threshold value to determine the state of the circuit flow; comparing the inquired circuit flow with a given baseline range to determine the circuit flow state; and analyzing abnormal flow of the circuit with abnormal flow, updating corresponding abnormal reasons and descriptions, and recording corresponding abnormal flow states into a database. The invention can monitor the abnormal circuit flow in real time, inquire the current abnormal circuit flow according to the circuit ID and the direction, and visually judge whether the specific circuit is abnormal without manual inspection by taking the circuit ID and the direction as screening elements.
Description
Technical Field
The invention relates to the field of communication, in particular to a circuit flow abnormity identification method.
Background
The current circuit abnormal flow needs manual calculation when checking and analyzing, the consumed manpower condition is serious, the circuit abnormal flow condition is more difficult to clearly process when the abnormal flow condition is frequently generated, and the abnormal condition frequent environment cannot be met. The circuit flow abnormity identification device is used for collecting, processing results can be displayed in real time, and problems can be better processed in an environment with more circuit flow abnormity.
Disclosure of Invention
The defects that manual calculation is needed when the abnormal circuit flow is checked and analyzed at present, the manpower consumption situation is serious, the circuit flow abnormal situation is more difficult to clearly process when the abnormal circuit flow situation is more frequent, the abnormal situation is more frequent and the like cannot be met are overcome.
In order to achieve the purpose, the invention adopts the following technical scheme:
in an embodiment of the present invention, a method for identifying circuit traffic anomalies is provided, where the method includes:
s01, counting circuit flow, outputting circuit flow data through an SNMP protocol, collecting the circuit flow twice at fixed time intervals and storing in a warehouse;
s02, inquiring circuit flow of the corresponding node in the same direction in the library, and comparing the threshold value of flow interruption to determine the state of the circuit flow;
s03, comparing the inquired circuit flow with a given baseline range, and determining the circuit flow state;
and S04, performing abnormal flow analysis on the circuit with abnormal flow, updating the corresponding abnormal reason and description, and recording the corresponding abnormal flow state into a database.
Further, in S02: the circuit flow of the corresponding node in the same direction is smaller than the threshold value of flow interruption, and the state of the circuit flow is abnormal; the circuit flow of the corresponding node in the same direction is not less than the threshold value of flow interruption, and the state of the circuit flow is normal.
Further, the state of the circuit flow being abnormal includes: and the flow of the link between the same equipment is interrupted, and the flow of the link between the same nodes is interrupted.
Further, the baseline range in S03 is the baseline flow rate x (1 ± baseline ratio).
Further, the circuit flow queried at S03 is in the baseline range, the state of the circuit flow is an end abnormal state, and the end time is updated; and inquiring the abnormal flow of the circuit when the inquired circuit flow is out of the baseline range and the state of the circuit flow is abnormal.
Further, the abnormal traffic state in S04 includes: updated, newly added, or unknown.
Further, the update includes the traffic size, whether to resolve.
Further, the circuit with normal flow of the S02 and S03 enters the abnormal ending state, and the ending time is updated.
In an embodiment of the present invention, a computer device is further provided, which includes a memory, a processor, and a computer program stored on the memory and executable on the processor, and when the processor executes the computer program, the foregoing circuit flow anomaly identification method is implemented.
In an embodiment of the present invention, a computer-readable storage medium is further provided, where a computer program for executing the circuit flow anomaly identification method is stored in the computer-readable storage medium.
Has the advantages that:
the invention can monitor the abnormal circuit flow in real time, inquire the current abnormal circuit flow according to the circuit ID and the direction, and visually judge whether the specific circuit is abnormal without manual inspection by taking the circuit ID and the direction as screening elements.
Drawings
FIG. 1 is a flow chart of a circuit flow anomaly identification method according to an embodiment of the present invention;
fig. 2 is a schematic structural diagram of a computer device according to an embodiment of the present invention.
Detailed Description
The principles and spirit of the present invention will be described below with reference to several exemplary embodiments, which should be understood to be presented only to enable those skilled in the art to better understand and implement the present invention, and not to limit the scope of the present invention in any way. Rather, these embodiments are provided so that this disclosure will be thorough and complete, and will fully convey the scope of the disclosure to those skilled in the art.
As will be appreciated by one skilled in the art, embodiments of the present invention may be embodied as a system, apparatus, device, method, or computer program product. Accordingly, the present disclosure may be embodied in the form of: entirely hardware, entirely software (including firmware, resident software, micro-code, etc.), or a combination of hardware and software.
According to the embodiment of the invention, the circuit flow abnormity identification method is provided, and the defects that manual calculation is needed during circuit abnormal flow checking and analyzing at present, the condition of consuming manpower is serious, the circuit flow abnormity condition is more difficult to clearly process when the circuit flow abnormity condition is more frequent, the abnormal condition is more frequent and the like can not be met are overcome.
The principles and spirit of the present invention are explained in detail below with reference to several representative embodiments of the invention.
As shown in fig. 1:
and circuit flow, counting the circuit flow based on the equipment, and outputting circuit flow data by the equipment through an SNMP protocol. And collecting twice at fixed time intervals, calculating the circuit flow and storing in a warehouse.
And if the flow rate of the circuit is different, inquiring the flow rate of the circuit in the same direction of the corresponding node in the library, if the flow rate is smaller than a flow rate interruption threshold value (bit/s), judging the circuit to be abnormal, and otherwise, asynchronously acquiring the corresponding port state.
For example, if the first acquisition result is a, the acquisition result is b after a fixed time, the difference is (a-b), and if the threshold for specifying the flow interruption is 1000000 bits/s, (a-b)/10s ═ K, (where 10s is the same as the interval at the time of acquisition), K is compared with 1000000 bits, and if K is greater than the threshold, the flow rate is abnormal at this time, otherwise, the flow rate is normal.
If the link between the same equipment is interrupted, the abnormal reason is increased, namely the flow of the link between the same equipment is interrupted.
If the link between the same equipment is not interrupted, but the link of a certain equipment of the same node is completely interrupted, the abnormal reason is increased: and the link flow between the same nodes is interrupted.
In comparison to a given baseline, a circuit without a baseline ignores the check and is considered normal. Check whether the baseline ratio is exceeded, if so, consider the circuit as abnormal, and need to make abnormal flow inquiry to the circuit. The circuit without abnormal information sets the bar as the end abnormal state and updates the end time.
For example, if the baseline flow rate is 20Mbps, the baseline ratio is 10%, and 20 × 10% is 2Mbps, and if a certain circuit flow rate is not in the range of 20 ± 2Mbps, the flow rate at this time is an abnormal flow rate.
And for a specified circuit, when new abnormal flow analysis is carried out, if changes occur, the corresponding abnormal reason and description need to be updated in time.
And recording the corresponding abnormal flow into the database. If so, updating; and if the current time does not exist, adding the new time. If the exception type does not belong to the above, the type is unknown.
The update message only updates the traffic size and whether to resolve.
For a clearer explanation of the above method for recognizing circuit flow anomaly, a specific embodiment is described below, however, it should be noted that the embodiment is only for better explaining the present invention and is not to be construed as an undue limitation to the present invention.
The first embodiment is as follows:
the first acquisition results were as follows:
-bash4$ snmpwalk-v2c-c' Hncmnet! 12'211.142.208.12'1.3.6.1.2.1.31.1.1.1.10.158' (Collection Command)
IF-MIB IF HCOutoctets.158 Counter64:101665415533437 (results)
After 10s (since the rate is calculated, a time reference is set, which can be freely set, this time 10s is selected), the second acquisition results are as follows:
-bash4$ snmpwalk-v2c-c' Hncmnet! 12'211.142.208.12'1.3.6.1.2.1.31.1.1.1.10.158' (Collection Command as above)
IF-MIB IF HCOutoctets.158 Counter64:101665461032288 (results)
And if the difference value of the two query results is 45498851 bits, 45498851 bits/10 s is 4549885 bits/s, and if the difference value is smaller than the threshold value, the next step is carried out, and if the difference value is larger than the threshold value, the abnormal condition is directly judged.
The difference value is 101665415533437 and 101665415533437 is 45,498,851Bit, i.e. 45M, i.e. flow rate 45MB 8Bit/10s is 36 Mbps.
If the base line flow rate is set to 20Mbps, the base line ratio is 10%, and 20 × 10% ═ 2Mbps, the flow rate at this time is not in the range of 20 ± 2, and the flow rate at this time is an abnormal flow rate.
And recording the corresponding abnormal flow into the database.
Based on the aforementioned inventive concept, as shown in fig. 2, the present invention further provides a computer apparatus 100, which includes a memory 110, a processor 120, and a computer program 130 stored on the memory 110 and operable on the processor 120, wherein the processor 120 implements the aforementioned circuit flow anomaly identification method when executing the computer program 130.
Based on the above inventive concept, the present invention further provides a computer readable storage medium storing a computer program for executing the above circuit flow anomaly identification method.
The circuit flow abnormity identification method provided by the invention can monitor abnormal circuit flow in real time, inquire the current abnormal circuit flow according to the circuit ID and the direction, and visually judge whether a specific circuit is abnormal without manual inspection by taking the circuit ID and the direction as screening elements.
While the spirit and principles of the invention have been described with reference to several particular embodiments, it is to be understood that the invention is not limited to the disclosed embodiments, nor is the division of aspects, which is for convenience only as the features in such aspects may not be combined to benefit. The invention is intended to cover various modifications and equivalent arrangements included within the spirit and scope of the appended claims.
The limitation of the protection scope of the present invention is understood by those skilled in the art, and various modifications or changes which can be made by those skilled in the art without inventive efforts based on the technical solution of the present invention are still within the protection scope of the present invention.
Claims (10)
1. A circuit flow abnormity identification method is characterized by comprising the following steps:
s01, counting circuit flow, outputting circuit flow data through an SNMP protocol, collecting the circuit flow twice at fixed time intervals and storing in a warehouse;
s02, inquiring circuit flow of the corresponding node in the same direction in the library, and comparing the threshold value of flow interruption to determine the state of the circuit flow;
s03, comparing the inquired circuit flow with a given baseline range, and determining the circuit flow state;
and S04, performing abnormal flow analysis on the circuit with abnormal flow, updating the corresponding abnormal reason and description, and recording the corresponding abnormal flow state into a database.
2. The method for identifying circuit flow abnormality according to claim 1, characterized in that in said S02: the circuit flow of the corresponding node in the same direction is smaller than the threshold value of flow interruption, and the state of the circuit flow is abnormal; the circuit flow of the corresponding node in the same direction is not less than the threshold value of flow interruption, and the state of the circuit flow is normal.
3. The method for identifying circuit flow abnormality according to claim 2, wherein the state of the circuit flow being abnormal includes: and the flow of the link between the same equipment is interrupted, and the flow of the link between the same nodes is interrupted.
4. The method according to claim 1, wherein the baseline range in S03 is baseline flow x (1 ± baseline ratio).
5. The method for identifying circuit flow abnormality according to claim 1, wherein the circuit flow queried at S03 is within a baseline range, the state of the circuit flow is an end abnormality state, and the end time is updated; and inquiring the abnormal flow of the circuit when the inquired circuit flow is out of the baseline range and the state of the circuit flow is abnormal.
6. The method for identifying circuit flow abnormality according to claim 1, wherein the abnormal flow state in S04 includes: updated, newly added, or unknown.
7. The method of claim 6, wherein the updates include traffic volume, resolution, and the like.
8. The method according to claim 1, wherein the step S02, S03 indicates that the circuit with normal flow rate is in a shutdown abnormal state, and the shutdown time is updated.
9. A computer device comprising a memory, a processor and a computer program stored on the memory and executable on the processor, characterized in that the processor implements the method of any of claims 1-4 when executing the computer program.
10. A computer-readable storage medium, characterized in that the computer-readable storage medium stores a computer program for executing the method of any one of claims 1-4.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111181169.8A CN114006840B (en) | 2021-10-11 | 2021-10-11 | Circuit flow abnormality identification method |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111181169.8A CN114006840B (en) | 2021-10-11 | 2021-10-11 | Circuit flow abnormality identification method |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN114006840A true CN114006840A (en) | 2022-02-01 |
| CN114006840B CN114006840B (en) | 2023-08-08 |
Family
ID=79922584
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202111181169.8A Active CN114006840B (en) | 2021-10-11 | 2021-10-11 | Circuit flow abnormality identification method |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN114006840B (en) |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US8825845B1 (en) * | 2010-11-10 | 2014-09-02 | Open Invention Network, Llc | Managing a network element operating on a network |
| CN107888441A (en) * | 2016-09-30 | 2018-04-06 | 全球能源互联网研究院 | A kind of network traffics baseline self study adaptive approach |
| CN110839045A (en) * | 2019-11-28 | 2020-02-25 | 云南电网有限责任公司电力科学研究院 | Abnormal flow detection method for power monitoring system |
| CN112953971A (en) * | 2021-04-01 | 2021-06-11 | 长扬科技(北京)有限公司 | Network security traffic intrusion detection method and system |
-
2021
- 2021-10-11 CN CN202111181169.8A patent/CN114006840B/en active Active
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US8825845B1 (en) * | 2010-11-10 | 2014-09-02 | Open Invention Network, Llc | Managing a network element operating on a network |
| CN107888441A (en) * | 2016-09-30 | 2018-04-06 | 全球能源互联网研究院 | A kind of network traffics baseline self study adaptive approach |
| CN110839045A (en) * | 2019-11-28 | 2020-02-25 | 云南电网有限责任公司电力科学研究院 | Abnormal flow detection method for power monitoring system |
| CN112953971A (en) * | 2021-04-01 | 2021-06-11 | 长扬科技(北京)有限公司 | Network security traffic intrusion detection method and system |
Also Published As
| Publication number | Publication date |
|---|---|
| CN114006840B (en) | 2023-08-08 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN111126824B (en) | Multi-index correlation model training method and multi-index anomaly analysis method | |
| CN112436968B (en) | Network traffic monitoring method, device, equipment and storage medium | |
| US10373065B2 (en) | Generating database cluster health alerts using machine learning | |
| US9524223B2 (en) | Performance metrics of a computer system | |
| CA2931624A1 (en) | Systems and methods for event detection and diagnosis | |
| CN114124655B (en) | Network monitoring method, system, device, computer equipment and storage medium | |
| CN113282461A (en) | Alarm identification method and device for transmission network | |
| CN113297042B (en) | Method, device and equipment for processing alarm message | |
| JP2009217382A (en) | Failure analysis system, failure analysis method, failure analysis server, and failure analysis program | |
| CN108809734A (en) | Network alarm root-cause analysis method, system, storage medium and computer equipment | |
| CN113572656A (en) | Method and device for flexibly combining inspection items of network equipment | |
| CN108180935B (en) | Fault detection method and device of sensor | |
| CN106652393B (en) | False alarm determination method and device | |
| CN111400114A (en) | Deep recursion network-based big data computer system fault detection method and system | |
| CN114006840A (en) | Circuit flow abnormity identification method | |
| JPH09205429A (en) | Network fault diagnostic device, fault prediction device, and its diagnostic and prediction method | |
| US20200372009A1 (en) | Anomaly location identification device, anomaly location identification method, and program | |
| CN111159051A (en) | Deadlock detection method and device, electronic equipment and readable storage medium | |
| CN112583825B (en) | Method and device for detecting abnormality of industrial system | |
| JP5935890B2 (en) | Fault detection device, fault detection program, and fault detection method | |
| CN113961547A (en) | Method and system for analyzing quality of operator configuration data | |
| CN111163361B (en) | Service fault positioning method, device and system, network equipment and storage medium | |
| CN112416896A (en) | Data abnormity warning method and device, storage medium and electronic device | |
| CN112988506B (en) | Big data server node performance monitoring method and system | |
| CN116381419B (en) | Transmission line fault processing method, device, computer equipment and storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |