CN114006840B - Circuit flow abnormality identification method - Google Patents
Circuit flow abnormality identification method Download PDFInfo
- Publication number
- CN114006840B CN114006840B CN202111181169.8A CN202111181169A CN114006840B CN 114006840 B CN114006840 B CN 114006840B CN 202111181169 A CN202111181169 A CN 202111181169A CN 114006840 B CN114006840 B CN 114006840B
- Authority
- CN
- China
- Prior art keywords
- circuit
- flow
- abnormal
- circuit flow
- state
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L43/00—Arrangements for monitoring or testing data switching networks
- H04L43/08—Monitoring or testing based on specific metrics, e.g. QoS, energy consumption or environmental parameters
- H04L43/0876—Network utilisation, e.g. volume of load or congestion level
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/90—Details of database functions independent of the retrieved data types
- G06F16/903—Querying
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
- H04L41/02—Standardisation; Integration
- H04L41/0213—Standardised network management protocols, e.g. simple network management protocol [SNMP]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L43/00—Arrangements for monitoring or testing data switching networks
- H04L43/16—Threshold monitoring
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Databases & Information Systems (AREA)
- Theoretical Computer Science (AREA)
- Environmental & Geological Engineering (AREA)
- Computational Linguistics (AREA)
- Data Mining & Analysis (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention discloses a circuit flow abnormality identification method, which comprises the following steps: counting circuit flow, outputting circuit flow data through an SNMP protocol, acquiring the circuit flow twice at fixed intervals, and warehousing; inquiring circuit flow in the same direction of a corresponding node in the library, and comparing the flow interruption threshold value to determine the state of the circuit flow; comparing the queried circuit flow with a given baseline range, and determining a circuit flow state; and (3) carrying out abnormal flow analysis on the circuit with abnormal circuit flow, updating the corresponding abnormal reasons and descriptions, and recording the corresponding abnormal flow state into a database. The invention can monitor the abnormal circuit flow in real time, inquire the current abnormal circuit flow according to the circuit ID and direction, and visually judge whether the specific circuit is abnormal or not without manual inspection by taking the circuit ID and direction as screening elements.
Description
Technical Field
The invention relates to the field of communication, in particular to a circuit flow abnormality identification method.
Background
The current circuit abnormal flow checking and analyzing needs to be manually calculated, the labor consumption condition is serious, when the circuit abnormal flow is more frequent, the abnormal flow is more difficult to clearly process, and the abnormal condition multi-frequency environment cannot be met. The circuit flow abnormality identification device is used for collecting, so that a processing result can be displayed in real time, and the problem can be well processed in an environment with a large number of circuit flow abnormalities.
Disclosure of Invention
In order to overcome the defects that manual calculation is needed when the current circuit abnormal flow is checked and analyzed, the labor consumption is serious, the circuit abnormal flow is difficult to clearly process when the circuit abnormal flow is more frequent, the abnormal condition is not satisfied, and the like.
In order to achieve the above purpose, the present invention adopts the following technical scheme:
in an embodiment of the present invention, a method for identifying circuit traffic anomalies is provided, including:
s01, counting circuit flow, outputting circuit flow data through an SNMP protocol, acquiring the circuit flow twice at fixed intervals, and warehousing;
s02, inquiring circuit flow in the same direction of the corresponding node in the library, and comparing the flow interruption threshold value to determine the state of the circuit flow;
s03, comparing the queried circuit flow with a given baseline range, and determining a circuit flow state;
s04, carrying out abnormal flow analysis on the circuit with abnormal circuit flow, updating the corresponding abnormal reasons and descriptions, and recording the corresponding abnormal flow state into a database.
Further, in S02: the circuit flow in the same direction of the corresponding node is smaller than the flow interruption threshold value, and the state of the circuit flow is abnormal; the circuit flow in the same direction of the corresponding node is not smaller than the threshold value of flow interruption, and the state of the circuit flow is normal.
Further, the state of the circuit flow being abnormal includes: inter-device link traffic disruption and inter-node link traffic disruption.
Further, the baseline range in S03=baseline flow× (1±baseline ratio).
Further, the circuit flow inquired in the step S03 is in a baseline range, the state of the circuit flow is an ending abnormal state, and the ending time is updated; and the inquired circuit flow is out of the baseline range, the state of the circuit flow is abnormal, and the abnormal flow inquiry is carried out on the circuit.
Further, the abnormal traffic state in S04 includes: update, add, or not.
Further, the update includes traffic size, whether to resolve.
Further, the circuits with normal flow rates of the S02 and S03 circuits are in a storage state which is an abnormal ending state, and the ending time is updated.
In an embodiment of the present invention, a computer device is further provided, including a memory, a processor, and a computer program stored in the memory and capable of running on the processor, where the processor implements the foregoing method for identifying a circuit traffic abnormality when executing the computer program.
In an embodiment of the present invention, a computer-readable storage medium is also presented, in which a computer program for executing the circuit traffic abnormality recognition method is stored.
The beneficial effects are that:
the invention can monitor the abnormal circuit flow in real time, inquire the current abnormal circuit flow according to the circuit ID and direction, and visually judge whether the specific circuit is abnormal or not without manual inspection by taking the circuit ID and direction as screening elements.
Drawings
FIG. 1 is a schematic flow chart of a circuit flow anomaly identification method according to an embodiment of the invention;
FIG. 2 is a schematic diagram of a computer device according to an embodiment of the present invention.
Detailed Description
The principles and spirit of the present invention will be described below with reference to several exemplary embodiments, with the understanding that these embodiments are merely provided to enable those skilled in the art to better understand and practice the invention and are not intended to limit the scope of the invention in any way. Rather, these embodiments are provided so that this disclosure will be thorough and complete, and will fully convey the scope of the disclosure to those skilled in the art.
Those skilled in the art will appreciate that embodiments of the invention may be implemented as a system, apparatus, device, method, or computer program product. Accordingly, the present disclosure may be embodied in the following forms, namely: complete hardware, complete software (including firmware, resident software, micro-code, etc.), or a combination of hardware and software.
According to the embodiment of the invention, the circuit flow abnormality identification method is provided, and the defects that manual calculation is needed when the current circuit abnormal flow is checked and analyzed, the labor consumption is serious, clear processing is difficult when the circuit flow abnormality is more frequent, the abnormality is not satisfied, and the like are overcome.
The principles and spirit of the present invention are explained in detail below with reference to several representative embodiments thereof.
As shown in fig. 1:
circuit flow, based on the device statistics circuit flow, the device outputs circuit flow data through SNMP protocol. Collecting twice at fixed time intervals, calculating the circuit flow and warehousing.
And judging whether the circuit flows are different, inquiring the flows of the circuits in the same direction of the corresponding nodes in the library, if the flows are smaller than the flow interruption threshold (bit/s), judging that the flows are abnormal, otherwise, asynchronously acquiring the corresponding port states.
For example, the first acquisition result is a, the acquisition result after a fixed time is b, the difference is (a-b), if the threshold value of the specified flow interruption is 1000000 bits/s, (a-b)/10s=k, (where 10s is the same as the interval of the acquisition time), K is compared with 1000000 bits, if K is larger than the threshold value, the abnormal flow is generated at this time, otherwise, the abnormal flow is normal.
If there is an inter-device link outage, the anomaly cause increases, i.e., inter-device link traffic outage.
If there is no inter-device link outage, but the links of a device with the same node are all outage, the anomaly cause increases: link traffic is interrupted between the same nodes.
Circuits without baselines ignore checks, as compared to a given baseline, and are considered normal. See if the baseline ratio is exceeded, and if so, consider an abnormal circuit for which an abnormal flow query is required. And setting the strip as an ending abnormal state by the circuit without abnormal information, and updating the ending time.
For example, the baseline flow is 20Mbps, the baseline ratio is 10%,20×10% =2mbps, and if a certain circuit flow is not within 20±2Mbps at this time, the flow is abnormal at this time.
And for a specified circuit, as new abnormal flow analysis, if the change exists, the corresponding abnormal reason and description need to be updated in time.
And recording the corresponding abnormal traffic into a database. If so, updating; if not, then add. If the exception type does not belong to the above, the type is unknown.
The update message only updates the traffic size and whether it is resolved.
In order to more clearly explain the above-mentioned circuit flow anomaly identification method, a specific embodiment is described below, however, it should be noted that this embodiment is only for better explaining the present invention and is not meant to limit the present invention unduly.
Embodiment one:
the first acquisition results were as follows:
bash4$ snmpwalk-v2c-c' Hncmcnet-! 12'211.142.208.12' 1.3.6.1.2.1.31.1.1.10.158 ' (acquisition order)
IF-MIB: ifhcoutactets.158=counter 64:101665415533437 (result)
After 10s (since the rate is to be calculated, a time reference is set, which can be freely set, this time 10s is chosen), the second acquisition results are as follows:
bash4$ snmpwalk-v2c-c' Hncmcnet-! 12'211.142.208.12' 1.3.6.1.2.1.31.1.1.10.158 ' (acquisition order as above)
IF-MIB: ifhcoutactets.158=counter 64:101665461032288 (result)
At this time, the difference between the two query results is 454988851 Bit, 454988851 Bit/10s= 4549885Bit/s, and if the difference is smaller than the threshold value, the next step is performed, and if the difference is larger than the threshold value, the result is directly judged to be abnormal.
The difference was 101665415533437-101665415533437 =45,498,851bit, i.e. 45M, i.e. flow 45mb x 8bit/10 s=36 Mbps.
If the baseline flow rate is 20Mbps and the baseline ratio is 10%,20×10% =2mbps, the flow rate at this time is not within 20±2, and the flow rate at this time is an abnormal flow rate.
And recording the corresponding abnormal traffic into a database.
Based on the foregoing inventive concept, as shown in fig. 2, the present invention further proposes a computer device 100, including a memory 110, a processor 120, and a computer program 130 stored in the memory 110 and capable of running on the processor 120, where the processor 120 implements the foregoing circuit traffic anomaly identification method when executing the computer program 130.
Based on the foregoing inventive concept, the present invention also proposes a computer-readable storage medium storing a computer program for executing the foregoing circuit traffic abnormality recognition method.
The circuit flow abnormality identification method provided by the invention can monitor abnormal circuit flow in real time, inquire current abnormal circuit flow according to the circuit ID and direction, and intuitively judge whether a specific circuit is abnormal or not without manual inspection by taking the circuit ID and the direction as screening elements.
While the spirit and principles of the present invention have been described with reference to several particular embodiments, it is to be understood that the invention is not limited to the disclosed embodiments nor does it imply that features of the various aspects are not useful in combination, nor are they useful in any combination, such as for convenience of description. The invention is intended to cover various modifications and equivalent arrangements included within the spirit and scope of the appended claims.
It should be apparent to those skilled in the art that various modifications or variations can be made in the present invention without requiring any inventive effort by those skilled in the art based on the technical solutions of the present invention.
Claims (9)
1. A method for identifying circuit flow anomalies, the method comprising:
s01, counting circuit flow, outputting circuit flow data through an SNMP protocol, acquiring the circuit flow twice at fixed intervals, and warehousing;
s02, inquiring circuit flow in the same direction of the corresponding node in the library, and comparing the flow interruption threshold value to determine the state of the circuit flow;
s03, comparing the queried circuit flow with a given baseline range, and determining a circuit flow state; the inquired circuit flow is in the baseline range, the state of the circuit flow is an ending abnormal state, and the ending time is updated; the inquired circuit flow is out of the baseline range, the state of the circuit flow is abnormal, and abnormal flow inquiry is carried out on the circuit;
s04, carrying out abnormal flow analysis on the circuit with abnormal circuit flow, updating the corresponding abnormal reasons and descriptions, and recording the corresponding abnormal flow state into a database.
2. The circuit traffic anomaly identification method according to claim 1, wherein in S02: the circuit flow in the same direction of the corresponding node is smaller than the flow interruption threshold value, and the state of the circuit flow is abnormal; the circuit flow in the same direction of the corresponding node is not smaller than the threshold value of flow interruption, and the state of the circuit flow is normal.
3. The circuit traffic anomaly identification method of claim 2, wherein the state of the circuit traffic being anomaly comprises: inter-device link traffic disruption and inter-node link traffic disruption.
4. The circuit flow anomaly identification method according to claim 1, wherein the baseline range in S03=baseline flow× (1±baseline ratio).
5. The circuit traffic anomaly identification method according to claim 1, wherein the anomaly traffic state in S04 includes: update, add, or not.
6. The method of claim 5, wherein the update includes a traffic size, whether to resolve.
7. The method for identifying abnormal circuit flow according to claim 1, wherein the S02 and S03 circuits with normal circuit flow are put in a state of ending abnormal state, and the ending time is updated.
8. A computer device comprising a memory, a processor and a computer program stored on the memory and executable on the processor, characterized in that the processor implements the method of any of claims 1-7 when executing the computer program.
9. A computer readable storage medium, characterized in that the computer readable storage medium stores a computer program for executing the method of any one of claims 1-7.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111181169.8A CN114006840B (en) | 2021-10-11 | 2021-10-11 | Circuit flow abnormality identification method |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111181169.8A CN114006840B (en) | 2021-10-11 | 2021-10-11 | Circuit flow abnormality identification method |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN114006840A CN114006840A (en) | 2022-02-01 |
| CN114006840B true CN114006840B (en) | 2023-08-08 |
Family
ID=79922584
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202111181169.8A Active CN114006840B (en) | 2021-10-11 | 2021-10-11 | Circuit flow abnormality identification method |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN114006840B (en) |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US8825845B1 (en) * | 2010-11-10 | 2014-09-02 | Open Invention Network, Llc | Managing a network element operating on a network |
| CN107888441A (en) * | 2016-09-30 | 2018-04-06 | 全球能源互联网研究院 | A kind of network traffics baseline self study adaptive approach |
| CN110839045A (en) * | 2019-11-28 | 2020-02-25 | 云南电网有限责任公司电力科学研究院 | Abnormal flow detection method for power monitoring system |
| CN112953971A (en) * | 2021-04-01 | 2021-06-11 | 长扬科技(北京)有限公司 | Network security traffic intrusion detection method and system |
-
2021
- 2021-10-11 CN CN202111181169.8A patent/CN114006840B/en active Active
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US8825845B1 (en) * | 2010-11-10 | 2014-09-02 | Open Invention Network, Llc | Managing a network element operating on a network |
| CN107888441A (en) * | 2016-09-30 | 2018-04-06 | 全球能源互联网研究院 | A kind of network traffics baseline self study adaptive approach |
| CN110839045A (en) * | 2019-11-28 | 2020-02-25 | 云南电网有限责任公司电力科学研究院 | Abnormal flow detection method for power monitoring system |
| CN112953971A (en) * | 2021-04-01 | 2021-06-11 | 长扬科技(北京)有限公司 | Network security traffic intrusion detection method and system |
Also Published As
| Publication number | Publication date |
|---|---|
| CN114006840A (en) | 2022-02-01 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN111126824B (en) | Multi-index correlation model training method and multi-index anomaly analysis method | |
| US10585774B2 (en) | Detection of misbehaving components for large scale distributed systems | |
| CN112148733B (en) | Method, apparatus, electronic device and computer readable medium for determining fault type | |
| JP5277667B2 (en) | Failure analysis system, failure analysis method, failure analysis server, and failure analysis program | |
| CN105677572B (en) | Based on self organizing maps model cloud software performance exception error diagnostic method and system | |
| CN108664603B (en) | Method and device for repairing abnormal aggregation value of time sequence data | |
| CN113282461A (en) | Alarm identification method and device for transmission network | |
| WO2023273224A1 (en) | Index anomaly data tracing method and apparatus, device, and storage medium | |
| CN113542017A (en) | Network fault positioning method based on network topology and multiple indexes | |
| GB2517147A (en) | Performance metrics of a computer system | |
| CN112346393A (en) | Intelligent operation and maintenance based data full link abnormity monitoring and processing method and system | |
| CN113297042B (en) | Method, device and equipment for processing alarm message | |
| CN115392812B (en) | Abnormal root cause positioning method, device, equipment and medium | |
| CN112800061A (en) | Data storage method, device, server and storage medium | |
| CN106652393B (en) | False alarm determination method and device | |
| WO2022037536A1 (en) | Fault processing method and apparatus, network device and storage medium | |
| CN114006840B (en) | Circuit flow abnormality identification method | |
| CN113746862A (en) | Abnormal flow detection method, device and equipment based on machine learning | |
| CN112416896A (en) | Data abnormity warning method and device, storage medium and electronic device | |
| CN111176950A (en) | Method and equipment for monitoring network card of server cluster | |
| CN114221858B (en) | SDN network fault positioning method, device, equipment and readable storage medium | |
| CN116192612A (en) | System fault monitoring and early warning system and method based on log analysis | |
| CN114297034B (en) | Cloud platform monitoring method and cloud platform | |
| CN112583825B (en) | Method and device for detecting abnormality of industrial system | |
| CN112363893B (en) | Method, equipment and device for detecting time sequence index abnormity |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |