CN114598511A - Real-time monitoring system for network-related network - Google Patents
Real-time monitoring system for network-related network Download PDFInfo
- Publication number
- CN114598511A CN114598511A CN202210173840.2A CN202210173840A CN114598511A CN 114598511 A CN114598511 A CN 114598511A CN 202210173840 A CN202210173840 A CN 202210173840A CN 114598511 A CN114598511 A CN 114598511A
- Authority
- CN
- China
- Prior art keywords
- switch
- network
- analysis result
- control
- management
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000012544 monitoring process Methods 0.000 title claims abstract description 55
- 238000004458 analytical method Methods 0.000 claims abstract description 50
- 238000001514 detection method Methods 0.000 claims abstract description 34
- 238000012545 processing Methods 0.000 claims abstract description 14
- 238000002955 isolation Methods 0.000 claims abstract description 11
- 238000007726 management method Methods 0.000 claims description 42
- 239000000523 sample Substances 0.000 claims description 23
- 238000012550 audit Methods 0.000 claims description 7
- 238000000034 method Methods 0.000 abstract description 8
- 230000006399 behavior Effects 0.000 abstract description 3
- 238000004891 communication Methods 0.000 description 7
- 238000003860 storage Methods 0.000 description 7
- 230000002093 peripheral effect Effects 0.000 description 6
- 238000004590 computer program Methods 0.000 description 5
- 238000010586 diagram Methods 0.000 description 5
- 230000008569 process Effects 0.000 description 4
- 238000005516 engineering process Methods 0.000 description 3
- XEEYBQQBJWHFJM-UHFFFAOYSA-N Iron Chemical compound [Fe] XEEYBQQBJWHFJM-UHFFFAOYSA-N 0.000 description 2
- 238000013500 data storage Methods 0.000 description 2
- 230000003287 optical effect Effects 0.000 description 2
- 238000005476 soldering Methods 0.000 description 2
- OKTJSMMVPCPJKN-UHFFFAOYSA-N Carbon Chemical compound [C] OKTJSMMVPCPJKN-UHFFFAOYSA-N 0.000 description 1
- 238000013473 artificial intelligence Methods 0.000 description 1
- 230000005540 biological transmission Effects 0.000 description 1
- 230000001413 cellular effect Effects 0.000 description 1
- 230000008859 change Effects 0.000 description 1
- 238000010276 construction Methods 0.000 description 1
- 230000006870 function Effects 0.000 description 1
- 229910021389 graphene Inorganic materials 0.000 description 1
- 235000000396 iron Nutrition 0.000 description 1
- 229910052742 iron Inorganic materials 0.000 description 1
- 239000004973 liquid crystal related substance Substances 0.000 description 1
- 238000004519 manufacturing process Methods 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 238000005192 partition Methods 0.000 description 1
- 238000013439 planning Methods 0.000 description 1
- 238000003825 pressing Methods 0.000 description 1
- 230000003068 static effect Effects 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
- H04L63/0227—Filtering policies
- H04L63/0236—Filtering by address, protocol, port number or service, e.g. IP-address or URL
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
- H04L41/06—Management of faults, events, alarms or notifications
- H04L41/0631—Management of faults, events, alarms or notifications using root cause analysis; using analysis of correlation between notifications, alarms or events based on decision criteria, e.g. hierarchy, tree or time analysis
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
-
- Y—GENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y04—INFORMATION OR COMMUNICATION TECHNOLOGIES HAVING AN IMPACT ON OTHER TECHNOLOGY AREAS
- Y04S—SYSTEMS INTEGRATING TECHNOLOGIES RELATED TO POWER NETWORK OPERATION, COMMUNICATION OR INFORMATION TECHNOLOGIES FOR IMPROVING THE ELECTRICAL POWER GENERATION, TRANSMISSION, DISTRIBUTION, MANAGEMENT OR USAGE, i.e. SMART GRIDS
- Y04S40/00—Systems for electrical power generation, transmission, distribution or end-user application management characterised by the use of communication or information technologies, or communication or information technology specific aspects supporting them
- Y04S40/12—Systems for electrical power generation, transmission, distribution or end-user application management characterised by the use of communication or information technologies, or communication or information technology specific aspects supporting them characterised by data transport means between the monitoring, controlling or managing units and monitored, controlled or operated electrical equipment
- Y04S40/128—Systems for electrical power generation, transmission, distribution or end-user application management characterised by the use of communication or information technologies, or communication or information technology specific aspects supporting them characterised by data transport means between the monitoring, controlling or managing units and monitored, controlled or operated electrical equipment involving the use of Internet protocol
Abstract
The application relates to a real-time monitoring system for a network-related network. The method and the device can detect illegal external connection behaviors such as 'flying line' or private network card connection in the smart grid in real time, and provide real-time guarantee for safe and reliable operation of the smart grid. The system comprises a control server, a switch, a detection analyzer and a control terminal; the switch is respectively connected with the control server, the detection analyzer and the control terminal; the control terminal is used for monitoring each port connected with the control terminal in real time through a preset monitoring control model, acquiring a port monitoring signal and transmitting the port monitoring signal to the switch; the detection analyzer is used for acquiring a port monitoring signal from the switch, analyzing the port monitoring signal to obtain an analysis result and returning the analysis result to the switch; the management and control server is used for obtaining the analysis result from the switch and carrying out isolation processing on the ports which do not meet the requirements according to the analysis result.
Description
Technical Field
The application relates to the technical field of intelligent power grids, in particular to a grid-related network real-time monitoring system.
Background
The digital power grid is characterized in that a traditional power grid is digitally transformed by applying new-generation digital technologies such as cloud computing, big data, Internet of things, mobile internet, artificial intelligence and block chains, the production element function of the data is exerted, energy flow and service flow are led and optimized by data flow, flexibility, openness, interactivity, economy, shareability and the like are enhanced, and the power grid is more intelligent, safe, reliable, green and efficient.
In the process of construction and operation of a digital power grid, new equipment and new systems are frequently and continuously added, and since some new equipment and new systems are not added according to a plan, external interference is introduced to the power grid, so that certain safety threats are brought to the reliable operation of the power grid, for example, external connection behaviors such as 'flying wires' and private network cards are frequently generated in the current power grid, the 'flying wires' refer to poor contact caused by breakage of a folding part due to frequent pressing of flat cables, thin enameled wires are welded at two broken ends by using a soldering iron, and interference is introduced to the power grid by wires or other equipment used by the 'flying wires'; for example, a private network card also causes a certain potential safety hazard to the power grid.
However, the existing power grid network security technology cannot realize real-time monitoring and protection on the behavior of the added peripheral, and leaves a security hole for the secure operation of the power grid.
Disclosure of Invention
Therefore, it is necessary to provide a real-time monitoring system for a network-related network to solve the above technical problems.
The application provides a real-time monitoring system for a network-related network. The system comprises:
the system comprises a control server, a switch, a detection analyzer and a control terminal; the switch is respectively connected with the control server, the detection analyzer and the control terminal;
the management and control terminal is used for monitoring each port connected with the management and control terminal in real time through a preset monitoring and control model, acquiring a port monitoring signal and transmitting the port monitoring signal to the switch;
the detection analyzer is used for acquiring the port monitoring signal from the switch, analyzing the port monitoring signal to obtain an analysis result and returning the analysis result to the switch;
and the management and control server is used for acquiring the analysis result from the switch and carrying out isolation processing on the ports which do not meet the requirements according to the analysis result.
In one embodiment, the system further includes admission control equipment, and the admission control equipment is connected with the switch and used for performing security admission control on the dummy terminal.
In one embodiment, the admission control device is configured to perform secure admission control for the dummy terminal according to a preset admission rule.
In one embodiment, the preset admission rules include VLAN admission rules and MAC/IP admission rules.
In one embodiment, the management and control server is further configured to issue the preset admission rule to the admission control device through the switch.
In one embodiment, the probe analyzer comprises a factory floor probe analyzer; and the plant area detection analyzer is used for acquiring and analyzing network traffic to obtain a traffic analysis result and feeding back the traffic analysis result to the management and control server.
In one embodiment, the probe analyzer further includes an external network probe analyzer, and the external network probe analyzer is configured to acquire and analyze network traffic to obtain audit alarm information of the external device, and feed back the audit alarm information of the external device to the management and control server.
In one embodiment, the switches include an interconnect switch and a site switch.
In one embodiment, the probe analyzer is further configured to capture a network data packet at preset intervals, perform detection analysis on a source address and a destination address of the network data packet to obtain a data packet address analysis result, and feed back the data packet address analysis result to the management and control server.
In one embodiment, the system further comprises an intelligent gateway; the intelligent gateway is connected with the switch and used for collecting the equipment information of each network equipment in the current network and transmitting the equipment information to the scheduling information platform.
The network-related network real-time monitoring system comprises a control server, a switch, a detection analyzer and a control terminal; the switch is respectively connected with the control server, the detection analyzer and the control terminal; the control terminal is used for monitoring each port connected with the control terminal in real time through a preset monitoring control model, acquiring a port monitoring signal and transmitting the port monitoring signal to the switch; the detection analyzer is used for acquiring a port monitoring signal from the switch, analyzing the port monitoring signal to obtain an analysis result and returning the analysis result to the switch; the management and control server is used for obtaining the analysis result from the switch and carrying out isolation processing on the ports which do not meet the requirements according to the analysis result. The method and the system have the advantages that the network flow in the current network is detected through the detection analyzer, the network data packet is analyzed, the analysis result is uploaded to the management and control server, the management and control server judges whether the external connection equipment is connected or the dumb terminal is connected, and corresponding isolation or alarm processing is carried out according to the analysis result.
Drawings
FIG. 1 is a system configuration diagram of a real-time monitoring system of a grid-related network in one embodiment;
FIG. 2 is a system configuration diagram of a real-time monitoring system of a networked network according to another embodiment;
FIG. 3 is a diagram of the internal structure of a computer device in one embodiment;
fig. 4 is an internal structural view of a computer device in another embodiment.
Detailed Description
In order to make the objects, technical solutions and advantages of the present application more clearly understood, the present application is further described in detail below with reference to the accompanying drawings and embodiments. It should be understood that the specific embodiments described herein are merely illustrative of the present application and are not intended to limit the present application.
The network-related network real-time monitoring system provided by the embodiment of the application can be used for building a smart power grid, wherein the management and control terminal is connected with the management and control server through the switch. The data storage system may store data that the server needs to process. The data storage system can be integrated on a server, and can also be placed on a cloud or other network server. The management and control terminal can be but not limited to various personal computers, notebook computers, smart phones, tablet computers, internet of things equipment and portable wearable equipment, and the internet of things equipment can be intelligent sound boxes, intelligent televisions, intelligent air conditioners, intelligent vehicle-mounted equipment and the like. The portable wearable device can be a smart watch, a smart bracelet, a head-mounted device, and the like. The management server can be implemented by an independent server or a server cluster composed of a plurality of servers.
In one embodiment, as shown in fig. 1, there is provided a real-time monitoring system for a network, the system including:
a management and control server 101, a switch 102, a probe analyzer 103, and a management and control terminal 104; the switch is respectively connected with the control server, the detection analyzer and the control terminal;
the control terminal 104 is configured to monitor, in real time, each port connected to the control terminal through a preset monitoring control model, acquire a port monitoring signal, and transmit the port monitoring signal to the switch;
the control terminal refers to various terminal devices operated in a power grid, such as various electric meters; these end devices each include a communication port for transmitting data, each port having a unique port number. The control terminal is pre-provided with a preset monitoring control model, and data packets related to each port can be automatically acquired through the model, and corresponding information, such as IP addresses, is extracted from the data packets.
Specifically, the control terminal may be replaced or repaired during use, and may be connected to other external connection devices, such as private electric meters of some users, for example, "flying leads," which means that the flat cable is frequently pressed to cause breakage of a folded portion and poor contact, and thin enameled wires are welded at two ends of the breakage by soldering irons, and the wires or other devices used by the "flying leads" introduce interference to the power grid; for example, a private network card also causes a certain potential safety hazard to the power grid. Therefore, the management and control terminal includes the various peripherals (including the flying leads), and transmits the port monitoring signals of the ports to the switch 102 through a preset software model. A Switch (Switch) is a network communication device used for electrical (optical) signal forwarding. It may provide an exclusive electrical signal path for any two network nodes accessing the switch.
The detection analyzer 103 is configured to obtain a port monitoring signal from the switch, analyze the port monitoring signal to obtain an analysis result, and return the analysis result to the switch;
the probe analyzer is mainly used for analyzing network traffic, and may be a server or a terminal.
Specifically, the probe analyzer 103 obtains the port monitoring signals by obtaining a data packet on the switch, compares each port monitoring signal with a preset port number to obtain a newly added peripheral port number as an analysis result, and feeds back the analysis result to the management and control server 101 through the switch.
The management and control server 101 is configured to obtain an analysis result from the switch, and perform isolation processing on the ports that do not meet the requirement according to the analysis result.
Specifically, the management and control server 101 is configured to obtain an analysis result from the switch 102, and perform isolation processing on a port that does not meet a requirement according to the analysis result, for example, upload the port number of the peripheral that does not meet the requirement to a situation awareness master station, or perform isolation processing on the port that does not meet the requirement, and prohibit the peripheral from performing data transmission.
The embodiment provides a network-related network real-time monitoring system, which comprises a control server, a switch, a detection analyzer and a control terminal; the switch is respectively connected with the control server, the detection analyzer and the control terminal; the control terminal is used for monitoring each port connected with the control terminal in real time through a preset monitoring control model, acquiring a port monitoring signal and transmitting the port monitoring signal to the switch; the detection analyzer is used for acquiring a port monitoring signal from the switch, analyzing the port monitoring signal to obtain an analysis result, and returning the analysis result to the switch; the management and control server is used for obtaining the analysis result from the switch and carrying out isolation processing on the ports which do not meet the requirements according to the analysis result. In the embodiment, the network flow in the current network is detected through the detection analyzer, the network data packet is analyzed, the analysis result is uploaded to the control server, the control server judges whether an external connection device is accessed or a dumb terminal is accessed, and corresponding isolation or alarm processing is performed according to the analysis result.
In one embodiment, as shown in fig. 2, fig. 2 shows a real-time monitoring system for a network-related network in another embodiment, where the system further includes an admission control device, and the admission control device is connected to the switch and is configured to perform secure admission control on a dummy terminal.
The dumb terminal refers to equipment without a sensor or for collecting and metering.
Specifically, the access control equipment is mainly used for managing and controlling the dumb terminal, is connected with the management and control server and the dumb terminal through the switch, and is used for carrying out safe access control on the dumb terminal.
According to the embodiment, the access control equipment is used in the system, the access of the dummy terminal can be monitored in real time, the unexpected dummy terminal is prevented from being accessed into the current power grid, and potential safety hazards are brought to the operation of the power grid.
In one embodiment, the admission control device is configured to perform security admission control on the dummy terminal according to a preset admission rule, where the preset admission rule includes a Virtual Local Area Network (VLAN) admission rule and a MAC/IP admission rule.
The MAC refers to a physical Address, i.e., a Media Access Control Address, and is a globally unique identification number of the device.
Specifically, the admission control device is connected with the control server and the dummy terminal through the switch to perform safe admission control on the dummy terminal, and the admission control device can identify and control the dummy terminal through a Virtual Local Area Network (VLAN) admission rule and a media access control (MAC/IP) admission rule, for example, a physical address list of the dummy terminal to enter the power grid system is entered in advance, when a new dummy terminal MAC is detected to be accessed into the power grid, the MAC is compared with the previously entered physical address list to judge whether the MAC is in the list, if not, the new MAC is indicated to be an unqualified dummy terminal, and an alarm signal can be generated and uploaded to the control server.
According to the embodiment, the admission control equipment manages and controls the dummy terminal according to the preset admission control rule, so that the illegally-invaded dummy terminal can be identified, and the alarm signal is generated in time so as to be convenient for the next processing.
In one embodiment, the management and control server is further configured to issue the preset admission rule to the admission control device through the switch.
Specifically, the preset admission rules, such as VLAN (Virtual Local Area Network) admission rules and MAC/IP admission rules, are issued by the management and control server to each admission control device.
According to the embodiment, the control server issues the access control rules to the access control devices, so that unified management of the access control devices in the power grid system can be realized, and conflicts or chaos caused by simultaneous management of different personnel can be avoided.
In one embodiment, the instrumentation analyzer comprises a factory floor instrumentation analyzer; and the plant area detection analyzer is used for acquiring and analyzing network traffic to obtain a traffic analysis result and feeding back the traffic analysis result to the management and control server.
The plant area detection analyzer is a detection analyzer aiming at the current plant area, and each grid is called a plant area as the power grid is composed of different grids.
Specifically, the plant area detection analyzer captures the active detection data packet and feeds the active detection data packet back to the management and control server in real time by acquiring and analyzing network traffic.
According to the embodiment, the factory management and control server is arranged in each factory, so that each grid can be managed, and more detailed management is realized.
In one embodiment, the probe analyzer further includes an extranet probe analyzer, and the extranet probe analyzer is configured to obtain and analyze network traffic, obtain audit alarm information of the extranet device, and feed the audit alarm information of the extranet device back to the management and control server.
Specifically, the extranet probe analyzer is a probe analyzer of other sub-grids, which is collectively referred to as an extranet probe analyzer, with respect to the sub-grid where the current sub-grid is located. Since the sub-grids are not completely isolated but connected with each other, it is necessary to obtain the analysis result of the extranet probe analyzer in order to avoid the influence of the extranet device on the current sub-grid.
According to the embodiment, the factory management and control server is connected with the extranet detection analyzer, the analysis result of the extranet detection analyzer is obtained, and the influence of the extranet on the current grid can be detected conveniently.
Further, in the embodiment, the system is deployed in a new energy power plant, terminal devices and peripheral devices in each region are managed in a partition deployment and comprehensive monitoring mode, network access control and safety baseline compliance detection are performed on the terminals, illegal cross-region interconnection and external connection are actively detected, and transverse isolation required by safety planning can be achieved.
In one embodiment, the switches include an interconnect switch and a site switch.
Specifically, the interconnection switch is connected with the station control switch, the interconnection switch is used for connecting the management and control server and the plant area detection analyzer, and the station control switch is used for connecting the access control device, the management and control terminal and the dumb terminal.
According to the embodiment, the interconnection switch and the station control switch are arranged, so that different switch ports can be analyzed subsequently.
In one embodiment, the probe analyzer is further configured to capture a network data packet at preset intervals, perform detection analysis on a source address and a destination address of the network data packet to obtain a data packet address analysis result, and feed back the data packet address analysis result to the management and control server.
In one embodiment, the system further comprises an intelligent gateway or an acquisition device; the intelligent gateway is connected with the switch and used for collecting the equipment information of each network equipment in the current network and transmitting the equipment information to the scheduling information platform.
According to the embodiment, the devices in the controllable areas of the multiple service ends are deployed, and illegal cross-area interconnection and illegal external connection are monitored. And reporting the alarm information and the basic operation information to a scheduling network through an acquisition device, and returning violation audit information to a factory service side for violation processing.
It should be understood that, although the steps in the flowcharts related to the embodiments as described above are sequentially displayed as indicated by arrows, the steps are not necessarily performed sequentially as indicated by the arrows. The steps are not performed in the exact order shown and described, and may be performed in other orders, unless explicitly stated otherwise. Moreover, at least a part of the steps in the flowcharts related to the embodiments described above may include multiple steps or multiple stages, which are not necessarily performed at the same time, but may be performed at different times, and the execution order of the steps or stages is not necessarily sequential, but may be rotated or alternated with other steps or at least a part of the steps or stages in other steps.
In one embodiment, a computer device is provided, which may be a server, the internal structure of which may be as shown in fig. 3. The computer device includes a processor, a memory, and a network interface connected by a system bus. Wherein the processor of the computer device is configured to provide computing and control capabilities. The memory of the computer device includes a non-volatile storage medium and an internal memory. The non-volatile storage medium stores an operating system, a computer program, and a database. The internal memory provides an environment for the operation of an operating system and computer programs in the non-volatile storage medium. The database of the computer device is used for storing the power grid data. The network interface of the computer device is used for communicating with an external terminal through a network connection.
In one embodiment, a computer device is provided, which may be a terminal, and its internal structure diagram may be as shown in fig. 4. The computer device comprises a processor, a memory, a communication interface, a display screen and an input device which are connected through a system bus. Wherein the processor of the computer device is configured to provide computing and control capabilities. The memory of the computer device comprises a nonvolatile storage medium and an internal memory. The non-volatile storage medium stores an operating system and a computer program. The internal memory provides an environment for the operation of an operating system and computer programs in the non-volatile storage medium. The communication interface of the computer device is used for carrying out wired or wireless communication with an external terminal, and the wireless communication can be realized through WIFI, a mobile cellular network, NFC (near field communication) or other technologies. The display screen of the computer equipment can be a liquid crystal display screen or an electronic ink display screen, and the input device of the computer equipment can be a touch layer covered on the display screen, a key, a track ball or a touch pad arranged on the shell of the computer equipment, an external keyboard, a touch pad or a mouse and the like.
Those skilled in the art will appreciate that the configurations shown in fig. 3-4 are merely block diagrams of some configurations relevant to the present disclosure, and do not constitute a limitation on the computing devices to which the present disclosure may be applied, and that a particular computing device may include more or less components than those shown, or combine certain components, or have a different arrangement of components.
It should be noted that, the user information (including but not limited to user device information, user personal information, etc.) and data (including but not limited to data for analysis, stored data, presented data, etc.) referred to in the present application are information and data authorized by the user or sufficiently authorized by each party.
It will be understood by those skilled in the art that all or part of the processes of the methods of the embodiments described above can be implemented by hardware instructions of a computer program, which can be stored in a non-volatile computer-readable storage medium, and when executed, can include the processes of the embodiments of the methods described above. Any reference to memory, database, or other medium used in the embodiments provided herein may include at least one of non-volatile and volatile memory. The nonvolatile Memory may include Read-Only Memory (ROM), magnetic tape, floppy disk, flash Memory, optical Memory, high-density embedded nonvolatile Memory, resistive Random Access Memory (ReRAM), Magnetic Random Access Memory (MRAM), Ferroelectric Random Access Memory (FRAM), Phase Change Memory (PCM), graphene Memory, and the like. Volatile Memory can include Random Access Memory (RAM), external cache Memory, and the like. By way of illustration and not limitation, RAM can take many forms, such as Static Random Access Memory (SRAM) or Dynamic Random Access Memory (DRAM), for example. The databases referred to in various embodiments provided herein may include at least one of relational and non-relational databases. The non-relational database may include, but is not limited to, a block chain based distributed database, and the like. The processors referred to in the embodiments provided herein may be general purpose processors, central processing units, graphics processors, digital signal processors, programmable logic devices, quantum computing based data processing logic devices, etc., without limitation.
The technical features of the above embodiments can be arbitrarily combined, and for the sake of brevity, all possible combinations of the technical features in the above embodiments are not described, but should be considered as the scope of the present specification as long as there is no contradiction between the combinations of the technical features.
The above-mentioned embodiments only express several embodiments of the present application, and the description thereof is more specific and detailed, but not construed as limiting the scope of the present application. It should be noted that, for a person skilled in the art, several variations and modifications can be made without departing from the concept of the present application, which falls within the scope of protection of the present application. Therefore, the protection scope of the present application shall be subject to the appended claims.
Claims (10)
1. A real-time monitoring system of a network-related network is characterized by comprising a control server, a switch, a detection analyzer and a control terminal; the switch is respectively connected with the control server, the detection analyzer and the control terminal;
the management and control terminal is used for monitoring each port connected with the management and control terminal in real time through a preset monitoring and control model, acquiring a port monitoring signal and transmitting the port monitoring signal to the switch;
the detection analyzer is used for acquiring the port monitoring signal from the switch, analyzing the port monitoring signal to obtain an analysis result and returning the analysis result to the switch;
and the management and control server is used for acquiring the analysis result from the switch and carrying out isolation processing on the ports which do not meet the requirements according to the analysis result.
2. The system according to claim 1, further comprising an admission control device connected to the switch for performing secure admission control for a dummy terminal.
3. The system according to claim 2, wherein said admission control device is configured to perform secure admission control for said dummy terminals according to preset admission rules.
4. The system of claim 3, wherein the preset admission rules comprise VLAN admission rules and MAC/IP admission rules.
5. The system according to claim 4, wherein the management and control server is further configured to issue the preset admission rule to the admission control device through the switch.
6. The system of claim 1, wherein the probe analyzer comprises a factory floor probe analyzer; and the plant area detection analyzer is used for acquiring and analyzing network traffic to obtain a traffic analysis result and feeding back the traffic analysis result to the management and control server.
7. The system according to claim 1, wherein the probe analyzer further includes an extranet probe analyzer, and the extranet probe analyzer is configured to acquire and analyze network traffic, obtain extranet equipment audit alarm information, and feed the extranet equipment audit alarm information back to the management and control server.
8. The system of claim 1, wherein the switches comprise interconnect switches and station controlled switches.
9. The system according to claim 1, wherein the probe analyzer is further configured to capture a network data packet at preset intervals, perform detection analysis on a source address and a destination address of the network data packet to obtain a data packet address analysis result, and feed back the data packet address analysis result to the management and control server.
10. The system according to any one of claims 1 to 9, wherein the system further comprises an intelligent gateway; the intelligent gateway is connected with the switch and used for collecting the equipment information of each network equipment in the current network and transmitting the equipment information to the scheduling information platform.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210173840.2A CN114598511B (en) | 2022-02-24 | 2022-02-24 | Real-time monitoring system of network involved |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210173840.2A CN114598511B (en) | 2022-02-24 | 2022-02-24 | Real-time monitoring system of network involved |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN114598511A true CN114598511A (en) | 2022-06-07 |
| CN114598511B CN114598511B (en) | 2024-01-19 |
Family
ID=81806824
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202210173840.2A Active CN114598511B (en) | 2022-02-24 | 2022-02-24 | Real-time monitoring system of network involved |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN114598511B (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN116915503A (en) * | 2023-09-08 | 2023-10-20 | 成都卓拙科技有限公司 | Illegal external connection detection method and device, storage medium and electronic equipment |
Citations (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102006267A (en) * | 2009-09-03 | 2011-04-06 | 中兴通讯股份有限公司 | Access authentication method and device based on simple network protocol |
| CN103929376A (en) * | 2014-04-30 | 2014-07-16 | 尹志超 | Terminal admission control method based on switch port management |
| US20140250254A1 (en) * | 2013-03-04 | 2014-09-04 | Samsung Electronics Co., Ltd. | Apparatus and method for connecting mobile terminal to external device |
| CN110008713A (en) * | 2019-05-06 | 2019-07-12 | 杭州齐安科技有限公司 | A kind of novel industry control system vulnerability detection method and system |
| CN110351398A (en) * | 2019-06-21 | 2019-10-18 | 武汉微创光电股份有限公司 | A kind of external equipment identification monitoring method and system |
| CN110535238A (en) * | 2019-08-23 | 2019-12-03 | 国网山东省电力公司泗水县供电公司 | A kind of transformer equipment intelligent monitor system and method |
| CN111163115A (en) * | 2020-04-03 | 2020-05-15 | 深圳市云盾科技有限公司 | Internet of things safety monitoring method and system based on double engines |
| CN112532614A (en) * | 2020-11-25 | 2021-03-19 | 国网辽宁省电力有限公司信息通信分公司 | Safety monitoring method and system for power grid terminal |
| CN113676490A (en) * | 2021-09-14 | 2021-11-19 | 深信服科技股份有限公司 | Mute terminal safety detection method, device, equipment and readable storage medium |
-
2022
- 2022-02-24 CN CN202210173840.2A patent/CN114598511B/en active Active
Patent Citations (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102006267A (en) * | 2009-09-03 | 2011-04-06 | 中兴通讯股份有限公司 | Access authentication method and device based on simple network protocol |
| US20140250254A1 (en) * | 2013-03-04 | 2014-09-04 | Samsung Electronics Co., Ltd. | Apparatus and method for connecting mobile terminal to external device |
| CN103929376A (en) * | 2014-04-30 | 2014-07-16 | 尹志超 | Terminal admission control method based on switch port management |
| CN110008713A (en) * | 2019-05-06 | 2019-07-12 | 杭州齐安科技有限公司 | A kind of novel industry control system vulnerability detection method and system |
| CN110351398A (en) * | 2019-06-21 | 2019-10-18 | 武汉微创光电股份有限公司 | A kind of external equipment identification monitoring method and system |
| CN110535238A (en) * | 2019-08-23 | 2019-12-03 | 国网山东省电力公司泗水县供电公司 | A kind of transformer equipment intelligent monitor system and method |
| CN111163115A (en) * | 2020-04-03 | 2020-05-15 | 深圳市云盾科技有限公司 | Internet of things safety monitoring method and system based on double engines |
| CN112532614A (en) * | 2020-11-25 | 2021-03-19 | 国网辽宁省电力有限公司信息通信分公司 | Safety monitoring method and system for power grid terminal |
| CN113676490A (en) * | 2021-09-14 | 2021-11-19 | 深信服科技股份有限公司 | Mute terminal safety detection method, device, equipment and readable storage medium |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN116915503A (en) * | 2023-09-08 | 2023-10-20 | 成都卓拙科技有限公司 | Illegal external connection detection method and device, storage medium and electronic equipment |
| CN116915503B (en) * | 2023-09-08 | 2023-11-14 | 成都卓拙科技有限公司 | Illegal external connection detection method and device, storage medium and electronic equipment |
Also Published As
| Publication number | Publication date |
|---|---|
| CN114598511B (en) | 2024-01-19 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN103827899B (en) | Data center resource is distributed | |
| CN104007714B (en) | The online centralized monitoring system in Distributed power room | |
| CN108896868A (en) | One kind is monitored on-line with formula and realizes system and method | |
| CN113580986B (en) | Monitoring method and device for charging pile equipment | |
| CN109314694A (en) | Group management in reconfigurable Machine To Machine system | |
| CN109446830A (en) | Data center environment information processing method and device based on block chain | |
| CN106815667A (en) | Large-scale scientific research apparatus monitor in real time based on wireless Internet and use management system | |
| CN107835107A (en) | A kind of metering display systems based on power network metering topological sum WebGis | |
| CN207398929U (en) | Power transmission and transforming equipment safe early warning decision-making platform based on electric power big data analysis | |
| CN106646110A (en) | Low-voltage distribution network fault positioning system based on GIS and Petri technologies | |
| CN114598511A (en) | Real-time monitoring system for network-related network | |
| CN108123961A (en) | Information processing method, apparatus and system | |
| CN114254055A (en) | Fault analysis method and device for computer room equipment, computer equipment and storage medium | |
| CN109581126A (en) | A kind of electric power electrification detection system and method | |
| Ramphela et al. | Internet of things (iot) integrated data center infrastructure monitoring system | |
| CN109639804A (en) | Monitoring method, system and the production equipment of production system, terminal, server | |
| Lu et al. | Research on environmental monitoring and control technology based on intelligent Internet of Things perception | |
| CN109918388A (en) | A kind of detection device management system and management method | |
| Zhang et al. | An intelligent power distribution service architecture using cloud computing and deep learning techniques | |
| CN114257438B (en) | Electric power monitoring system management method and device based on honeypot and computer equipment | |
| CN114243914B (en) | Power monitoring system | |
| Dai et al. | Electrical fire monitoring IoT framework for ancient architectural complex leveraging edge computing | |
| CN216437219U (en) | Data acquisition device for smart city and electronic equipment | |
| CN108491312A (en) | A kind of medical device data display device and system | |
| CN104122849A (en) | Computer room wireless monitoring method and system, handheld device and computer room device |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |