CN114900439A - Visualization technology of inter-domain access relation - Google Patents
Visualization technology of inter-domain access relation Download PDFInfo
- Publication number
- CN114900439A CN114900439A CN202210497138.1A CN202210497138A CN114900439A CN 114900439 A CN114900439 A CN 114900439A CN 202210497138 A CN202210497138 A CN 202210497138A CN 114900439 A CN114900439 A CN 114900439A
- Authority
- CN
- China
- Prior art keywords
- domain
- access
- inter
- visualization
- configuration
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000005516 engineering process Methods 0.000 title claims abstract description 23
- 238000012800 visualization Methods 0.000 title claims abstract description 23
- 230000007123 defense Effects 0.000 claims abstract description 16
- 238000011161 development Methods 0.000 claims abstract description 10
- 230000000694 effects Effects 0.000 claims abstract description 8
- 238000004364 calculation method Methods 0.000 claims abstract description 7
- 238000001514 detection method Methods 0.000 claims abstract description 7
- 230000003993 interaction Effects 0.000 claims abstract description 4
- 238000004590 computer program Methods 0.000 claims description 17
- 238000002955 isolation Methods 0.000 claims description 12
- 238000012544 monitoring process Methods 0.000 claims description 10
- 238000010586 diagram Methods 0.000 claims description 9
- 230000000007 visual effect Effects 0.000 claims description 7
- 238000013461 design Methods 0.000 claims description 6
- 238000013507 mapping Methods 0.000 claims description 4
- 238000000034 method Methods 0.000 claims description 4
- 230000002159 abnormal effect Effects 0.000 claims description 3
- 239000011159 matrix material Substances 0.000 claims description 3
- 238000007794 visualization technique Methods 0.000 claims description 3
- 230000006978 adaptation Effects 0.000 abstract description 3
- 230000010485 coping Effects 0.000 abstract description 3
- 238000009877 rendering Methods 0.000 abstract description 3
- 238000004904 shortening Methods 0.000 abstract description 2
- 230000006872 improvement Effects 0.000 description 5
- 238000013500 data storage Methods 0.000 description 2
- 230000006870 function Effects 0.000 description 2
- 238000004458 analytical method Methods 0.000 description 1
- 230000009286 beneficial effect Effects 0.000 description 1
- 238000012423 maintenance Methods 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 230000008569 process Effects 0.000 description 1
- 238000012545 processing Methods 0.000 description 1
- 239000007787 solid Substances 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
- H04L41/14—Network analysis or design
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
- H04L41/06—Management of faults, events, alarms or notifications
- H04L41/0631—Management of faults, events, alarms or notifications using root cause analysis; using analysis of correlation between notifications, alarms or events based on decision criteria, e.g. hierarchy, tree or time analysis
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
- H04L41/22—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks comprising specially adapted graphical user interfaces [GUI]
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Human Computer Interaction (AREA)
- Storage Device Security (AREA)
Abstract
The invention discloses a visualization technology of inter-domain access relation, which comprises a security defense deployment architecture and a rule visualization configuration, wherein the security defense deployment architecture is divided into a three-layer architecture of a view layer, a control layer and an engine layer; the view layer is used for drawing, displaying and interacting primitive data to provide a scene; the control layer is used for carrying out position calculation according to a grid system and a collision detection technology; the net/domain/asset etc. is drawn from the sprite system and animations and related interactions are added. The invention can rapidly and efficiently draw the domain relation under the condition of coping with different domain relations, can highly customize linkage effect according to different display requirements, simultaneously provides two drawing modes, and uses a high-performance rendering engine, thereby greatly shortening the development and adaptation period aiming at the domain relation and better reflecting the inter-domain access relation.
Description
Technical Field
The invention relates to the technical field of internet, in particular to a visualization technology of inter-domain access relation.
Background
With the rapid development of internet technology, the security problem of increasingly increasing assets and data access inside enterprises becomes more and more concerned, and how to perform real-time monitoring and maintenance becomes a troublesome problem. Therefore, an inter-domain access relationship visualization solution is generated.
Through surveying and mapping data of the assets and the network domain architecture, network domain architecture information is displayed on a graph, and then analysis and display are performed according to network flow, so that the purpose of helping related technicians to perform real-time monitoring on flow safety, asset safety and access safety is achieved.
The network domain architecture topology needs to be developed according to the positioning information, and when the network domain changes, the network domain which is not changed also needs to be redesigned and adjusted in position, but in the prior art, only the flowing relation of the access flow among the network domains is shown, and accurate control and monitoring of access among the network domains cannot be achieved.
Disclosure of Invention
The invention provides a visualization technology of inter-domain access relation, which aims to solve the problems in the background technology.
In order to achieve the purpose, the invention adopts the following technical scheme:
the visualization technology of the inter-domain access relationship comprises a security defense deployment architecture and a rule visualization configuration, wherein the security defense deployment architecture is divided into a three-layer architecture of a view layer, a control layer and an engine layer;
the view layer is used for drawing, displaying and interacting primitive data to provide a scene;
the control layer is used for carrying out position calculation according to a grid system and a collision detection technology; drawing a network/domain/asset and the like according to a sprite system, and adding animation and related interaction;
the engine layer is used for providing a development interface based on 2D drawing technologies such as Canvas and SVG;
the rule visualization configuration is mainly a network domain two-bit control matrix and is used for performing transverse and longitudinal access control rule configuration.
As a further improvement scheme of the technical scheme: the operation flow of the safety defense deployment architecture is as follows:
s1, combing and abstracting the domain topological relation, and outputting a domain relation design drawing;
s2, drawing a domain relation diagram through the design diagram, outputting a domain relation visualization scene, drawing the domain relation by adopting a safety defense configuration form, and setting different monitoring effects aiming at different domain rules;
s3, carrying out visual configuration of network domain relationship, carrying out five rule configurations of reachable, forbidden, on-demand, forward isolation and reverse isolation between different network domains, if the access which is not carried out according to the configuration rule is generated between the network domains, generating alarm information, and marking the flow information accessed at this time, wherein the rule configuration details are as follows:
can reach the following steps: the two-way access is reachable;
according to the requirements: access among part of domains is reachable;
and (3) forbidding: forbidding two-way access;
forward isolation: access is not reachable from a starting point to an end point of the configuration;
reverse isolation: the configuration is reachable from the starting point to the end point;
and S4, displaying in the visual scene obtained in S2 according to the access and warning information obtained in S3.
As a further improvement scheme of the technical scheme: in S2, when different monitoring effects are set for different network domain rules, including rule setting prohibition, an alarm is given if access occurs.
As a further improvement scheme of the technical scheme: in S3, outputting the normal access information and the abnormal alarm signal requires recording.
As a further improvement scheme of the technical scheme: in S4, when the display is performed in the visual scene, the sound and light control may be performed according to different access states.
As a further improvement scheme of the technical scheme: the control layer comprises automatic position calculation, sprite animation, a data interface, relationship mapping, collision detection, event binding, a notification interface and extended development
The embodiment of the present invention further provides a terminal device, which includes a processor, a memory, and a computer program stored in the memory and configured to be executed by the processor, where the processor implements the visualization technology of the inter-domain access relationship described in any one of the above when executing the computer program.
The embodiment of the present invention further provides a computer-readable storage medium, where the computer-readable storage medium includes a stored computer program, and when the computer program runs, the device where the computer-readable storage medium is located is controlled to execute any one of the above visualization technologies for inter-domain access relationships.
Compared with the prior art, the invention has the beneficial effects that:
the invention can rapidly and efficiently draw the network domain relation under the condition of coping with different network domain relations, can highly customize linkage effect according to different display requirements, simultaneously provides two drawing modes, uses a high-performance rendering engine, greatly shortens development and adaptation period aiming at the network domain relation, better reflects inter-domain access relation, and realizes the access relation configuration and real-time monitoring and alarming of multiple rules for the network domain under the condition of complex network domain structure.
The foregoing description is only an overview of the technical solutions of the present invention, and in order to make the technical solutions of the present invention more clearly understood and to implement them in accordance with the contents of the description, the following detailed description is given with reference to the preferred embodiments of the present invention and the accompanying drawings. The detailed description of the present invention is given in detail by the following examples and the accompanying drawings.
Drawings
The accompanying drawings, which are included to provide a further understanding of the invention and are incorporated in and constitute a part of this application, illustrate embodiment(s) of the invention and together with the description serve to explain the invention without limiting the invention. In the drawings:
FIG. 1 is a schematic structural diagram of a security defense architecture according to the present invention;
FIG. 2 is a flow chart of the security defense operation of the present invention;
fig. 3 is a schematic structural diagram of a preferred embodiment of a terminal device provided by the present invention;
fig. 4 is an overall arrangement architecture diagram of the present invention.
Detailed Description
The principles and features of this invention are described below in conjunction with the following drawings, which are set forth by way of illustration only and are not intended to limit the scope of the invention. The invention is described in more detail in the following paragraphs by way of example with reference to the accompanying drawings. Advantages and features of the present invention will become apparent from the following description and from the claims. It is to be noted that the drawings are in a very simplified form and are not to precise scale, which is merely for the purpose of facilitating and distinctly claiming the embodiments of the present invention.
It will be understood that when an element is referred to as being "secured to" another element, it can be directly on the other element or intervening elements may also be present. When a component is referred to as being "connected" to another component, it can be directly connected to the other component or intervening components may also be present. When a component is referred to as being "disposed on" another component, it can be directly on the other component or intervening components may also be present. The terms "vertical," "horizontal," "left," "right," and the like as used herein are for illustrative purposes only.
Unless defined otherwise, all technical and scientific terms used herein have the same meaning as commonly understood by one of ordinary skill in the art to which this invention belongs. The terminology used in the description of the invention herein is for the purpose of describing particular embodiments only and is not intended to be limiting of the invention. As used herein, the term "and/or" includes any and all combinations of one or more of the associated listed items.
Referring to fig. 1 to 3, in the embodiment of the present invention, a visualization technique for inter-domain access relationship includes a security defense framework and a rule visualization configuration, where the security defense framework is divided into a three-layer framework of a view layer, a control layer, and an engine layer;
the view layer is used for drawing, displaying and interacting primitive data to provide a scene;
the control layer is used for carrying out position calculation according to the grid system and the collision detection technology; drawing a network/domain/asset and the like according to a sprite system, adding animations and related interaction, wherein a control layer comprises automatic position calculation, sprite animations, data interfaces, relationship mapping, collision detection, event binding, notification interfaces and extension development;
the engine layer is used for providing a development interface based on 2D drawing technologies such as Canvas and SVG;
the rule visualization configuration is mainly a network domain two-bit control matrix and is used for performing transverse and longitudinal access control rule configuration.
Specifically, the operation flow of the security defense deployment architecture is as follows:
s1, combing and abstracting the domain topological relation, outputting a domain relation design drawing:
s2, drawing a domain relation graph through the acquired design drawing, and outputting domain relation visualization; a scene, which is a security defense configuration form, is used for drawing a network domain relation, and different monitoring effects are set aiming at different network domain rules, for example, when the rule setting is forbidden, an alarm is given if access occurs;
s3, carrying out visual configuration of network domain relationship, carrying out five rule configurations of reachable, forbidden, on-demand, forward isolation and reverse isolation between different network domains, if the access which is not carried out according to the configuration rule is generated between the network domains, generating alarm information, marking the accessed flow information, and outputting normal access information and abnormal alarm signals to be recorded, wherein the rule configuration details are as follows:
can reach the following steps: the two-way access is reachable;
according to the requirements: access among part of domains is reachable;
and (3) forbidding: forbidding two-way access;
forward isolation: access is not reachable from a starting point to an end point of the configuration;
reverse isolation: the configuration is reachable from the starting point to the end point;
and S4, displaying in the visual scene obtained in S2 according to the access and warning information obtained in S3, and performing sound and light control according to different access states.
Referring to fig. 3, fig. 3 is a schematic structural diagram of a terminal device according to a preferred embodiment of the present invention. The terminal device includes a processor, a memory, and a computer program stored in the memory and configured to be executed by the processor, and the processor implements the technique for visualizing the inter-domain access relationship according to any of the above embodiments when executing the computer program.
Preferably, the computer program may be divided into one or more modules/units (e.g., computer program 1, computer program 2, … …) that are stored in the memory and executed by the processor to implement the invention. The one or more modules/units may be a series of computer program instruction segments capable of performing specific functions, which are used for describing the execution process of the computer program in the terminal device.
The Processor may be a Central Processing Unit (CPU), other general purpose Processor, a Digital Signal Processor (DSP), an Application Specific Integrated Circuit (ASIC), a Field Programmable Gate Array (FPGA) or other Programmable logic device, a discrete Gate or transistor logic device, a discrete hardware component, etc., the general purpose Processor may be a microprocessor, or the Processor may be any conventional Processor, the Processor is a control center of the terminal device, and various interfaces and lines are used to connect various parts of the terminal device.
The memory mainly includes a program storage area and a data storage area, wherein the program storage area may store an operating system, an application program required for at least one function, and the like, and the data storage area may store related data and the like. In addition, the memory may be a high speed random access memory, may also be a non-volatile memory, such as a plug-in hard disk, a Smart Media Card (SMC), a Secure Digital (SD) Card, a Flash Card (Flash Card), and the like, or may also be other volatile solid state memory devices.
It should be noted that the terminal device may include, but is not limited to, a processor and a memory, and those skilled in the art will understand that the structural diagram of fig. 3 is only an example of the terminal device and does not constitute a limitation of the terminal device, and may include more or less components than those shown, or combine some components, or different components.
An embodiment of the present invention further provides a computer-readable storage medium, where the computer-readable storage medium includes a stored computer program, and when the computer program runs, a device where the computer-readable storage medium is located is controlled to execute the visualization technology for the inter-domain access relationship according to any of the above embodiments.
The working principle of the invention is as follows:
the invention can rapidly and efficiently draw the domain relation under the condition of coping with different domain relations, can highly customize linkage effect according to different display requirements, simultaneously provides two drawing modes, and uses a high-performance rendering engine, thereby greatly shortening the development and adaptation period aiming at the domain relation and better reflecting the inter-domain access relation.
Five kinds of inter-domain access relation control items are provided, and real-time monitoring of configuration rules and checking of related alarm state information can be realized by configuring the access control relation among the domains
The foregoing is illustrative of the preferred embodiments of the present invention, and is not to be construed as limiting the invention in any way; the present invention may be readily implemented by those of ordinary skill in the art as illustrated in the accompanying drawings and described above; however, those skilled in the art should appreciate that they can readily use the disclosed conception and specific embodiments as a basis for designing or modifying other structures for carrying out the same purposes of the present invention without departing from the scope of the invention as defined by the appended claims; meanwhile, any changes, modifications, and evolutions of the equivalent changes of the above embodiments according to the actual techniques of the present invention are still within the protection scope of the technical solution of the present invention.
Claims (8)
1. The visualization technology of the inter-domain access relationship is characterized by comprising a security defense framework and a rule visualization configuration, wherein the security defense framework is divided into a three-layer framework of a view layer, a control layer and an engine layer;
the view layer is used for drawing, displaying and interacting primitive data to provide a scene;
the control layer is used for carrying out position calculation according to a grid system and a collision detection technology; drawing a network/domain/asset and the like according to a sprite system, and adding animation and related interaction;
the engine layer is used for providing a development interface based on 2D drawing technologies such as Canvas and SVG;
the rule visualization configuration is mainly a network domain two-bit control matrix and is used for performing transverse and longitudinal access control rule configuration.
2. The visualization technology of the inter-domain access relationship according to claim 1, wherein the operation flow of the security defense architecture is as follows:
s1, combing and abstracting the domain topological relation, and outputting a domain relation design drawing;
s2, drawing a domain relation diagram through the design diagram, outputting a domain relation visualization scene, drawing the domain relation by adopting a safety defense configuration form, and setting different monitoring effects aiming at different domain rules;
s3, carrying out visual configuration of network domain relationship, carrying out five rule configurations of reachable, forbidden, on-demand, forward isolation and reverse isolation between different network domains, if the access which is not carried out according to the configuration rule is generated between the network domains, generating alarm information, and marking the flow information accessed at this time, wherein the rule configuration details are as follows:
can reach the following steps: the two-way access is reachable;
according to the requirements: access among part of domains is reachable;
and (3) forbidding: forbidding two-way access;
forward isolation: access is not reachable from a starting point to an end point of the configuration;
reverse isolation: the configuration is reachable from the starting point to the end point;
and S4, displaying in the visual scene obtained in S2 according to the access and warning information obtained in S3.
3. The technology for visualizing inter-domain access relationships according to claim 2, wherein in S2, the setting of different monitoring effects for different domain rules includes alarming when access occurs when rule setting is prohibited.
4. The technology for visualizing inter-domain access relationships according to claim 2, wherein in said S3, outputting normal access information and abnormal alarm signals requires recording.
5. The visualization technique for inter-domain access relationships according to claim 2, wherein in S4, when the visualization scene is displayed, the sound and light control can be performed according to different access states.
6. The technology for visualizing inter-domain access relationships according to claim 1, wherein the control layer comprises automatic position calculation, sprite animation, data interface, relational mapping, collision detection, event binding, notification interface, and extension development.
7. A terminal device comprising a processor, a memory, and a computer program stored in the memory and configured to be executed by the processor, the processor implementing the technique for visualizing inter-domain access relationships according to any one of claims 1-6 when executing the computer program.
8. A computer-readable storage medium, comprising a stored computer program, wherein the computer program, when executed, controls a device on which the computer-readable storage medium is located to perform the visualization technique for inter-domain access relationships according to any one of claims 1 to 6.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210497138.1A CN114900439A (en) | 2022-05-06 | 2022-05-06 | Visualization technology of inter-domain access relation |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210497138.1A CN114900439A (en) | 2022-05-06 | 2022-05-06 | Visualization technology of inter-domain access relation |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN114900439A true CN114900439A (en) | 2022-08-12 |
Family
ID=82721980
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202210497138.1A Pending CN114900439A (en) | 2022-05-06 | 2022-05-06 | Visualization technology of inter-domain access relation |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN114900439A (en) |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105631934A (en) * | 2014-11-06 | 2016-06-01 | 镇江华扬信息科技有限公司 | Three-dimensional visualization information system under network environment |
| CN110190998A (en) * | 2019-06-03 | 2019-08-30 | 武汉思普崚技术有限公司 | A kind of Network Situation visualization method and system |
| WO2021115449A1 (en) * | 2019-12-13 | 2021-06-17 | 中兴通讯股份有限公司 | Cross-domain access system, method and device, storage medium, and electronic device |
| CN113963093A (en) * | 2021-10-27 | 2022-01-21 | 北京中睿天下信息技术有限公司 | Domain relation drawing system and method |
| CN114422542A (en) * | 2021-12-11 | 2022-04-29 | 麒麟软件有限公司 | Terminal domain management system |
-
2022
- 2022-05-06 CN CN202210497138.1A patent/CN114900439A/en active Pending
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105631934A (en) * | 2014-11-06 | 2016-06-01 | 镇江华扬信息科技有限公司 | Three-dimensional visualization information system under network environment |
| CN110190998A (en) * | 2019-06-03 | 2019-08-30 | 武汉思普崚技术有限公司 | A kind of Network Situation visualization method and system |
| WO2021115449A1 (en) * | 2019-12-13 | 2021-06-17 | 中兴通讯股份有限公司 | Cross-domain access system, method and device, storage medium, and electronic device |
| CN113963093A (en) * | 2021-10-27 | 2022-01-21 | 北京中睿天下信息技术有限公司 | Domain relation drawing system and method |
| CN114422542A (en) * | 2021-12-11 | 2022-04-29 | 麒麟软件有限公司 | Terminal domain management system |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US11551326B2 (en) | Tile-based graphics | |
| McMillan et al. | Formal verification of the gigamax cache consistency protocol | |
| US11972116B2 (en) | Process monitoring method and apparatus | |
| CN109347787A (en) | A kind of recognition methods of identity information and device | |
| KR20050084639A (en) | A method for configurable address mapping | |
| CN108205502A (en) | Light weight Trustworthy task | |
| Glavic et al. | Efficient stream provenance via operator instrumentation | |
| KR101551206B1 (en) | A vehicle data control system and a control method | |
| CN110502881A (en) | Dynamic modifies method, system and the storage medium of Android system read only attribute | |
| US20230126531A1 (en) | Graphics processing | |
| CN114900439A (en) | Visualization technology of inter-domain access relation | |
| CN102736957B (en) | Resetting method and device | |
| CN100568252C (en) | IP core of system on chip capable of realizing data self-protection | |
| EP3759606A1 (en) | An apparatus and method for accessing metadata when debugging a device | |
| Choudhury et al. | Interactive visualization for memory reference traces | |
| US20130342535A1 (en) | Hierarchical Tree Traversal in Graphics Pipeline Stages | |
| Jaber et al. | Kripke Open Bisimulation: A Marriage of Game Semantics and Operational Techniques | |
| CN105138929B (en) | A kind of register guard method and device with anti-error write operation | |
| Stannett | Computation and spacetime structure | |
| Huang et al. | BadTrack: a poison-only backdoor attack on visual object tracking | |
| KR102658588B1 (en) | How to access metadata when debugging a program to run on a processing circuit | |
| CN111310824A (en) | Multi-angle dense target detection inhibition optimization method and equipment | |
| Xia et al. | Algorithms for signal and message asynchronous communication mechanisms and their analysis | |
| CN106326138B (en) | The access control method of flash memory and flash memory internal data | |
| Carrasco | Two methods for computing bounds for the distribution of cumulative reward for large Markov models |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20220812 |