CN115203874A - Network space simulation construction and analysis display method - Google Patents
Network space simulation construction and analysis display method Download PDFInfo
- Publication number
- CN115203874A CN115203874A CN202210896733.2A CN202210896733A CN115203874A CN 115203874 A CN115203874 A CN 115203874A CN 202210896733 A CN202210896733 A CN 202210896733A CN 115203874 A CN115203874 A CN 115203874A
- Authority
- CN
- China
- Prior art keywords
- network
- simulation
- entity
- model
- cyberspace
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F30/00—Computer-aided design [CAD]
- G06F30/10—Geometric CAD
- G06F30/18—Network design, e.g. design based on topological or interconnect aspects of utility systems, piping, heating ventilation air conditioning [HVAC] or cabling
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F30/00—Computer-aided design [CAD]
- G06F30/20—Design optimisation, verification or simulation
Abstract
The invention discloses a network space simulation construction and analysis display method, which comprises the steps of editing and setting various types of network entity models and network relation models, and storing the network entity models and the network relation models into a database; outputting a network entity model and a network relation model from a database, and constructing a corresponding network simulation entity and a simulation target network; and hierarchically displaying the simulation target network and the network simulation entity. The method can effectively realize the simulation construction of the network space, can display the whole network architecture and the network composition details, and is favorable for visually analyzing the network and presenting the characteristics.
Description
Technical Field
The invention relates to the technical field of computer simulation, in particular to a network space simulation construction and analysis display method.
Background
In the prior art, the requirements for modeling simulation analysis of a network space are more and more, but because a simulation target network is generally complex in composition and comprises various types of network simulation entities, when the network simulation entities need to be analyzed, a contradiction in display occurs, namely, the macroscopic architectural relationship display of the network and the microscopic characteristic display of the network simulation entities cannot be considered at the same time.
Disclosure of Invention
The invention mainly solves the technical problem of providing a network space simulation construction and analysis display method, and solves the problem that the analysis display of a network architecture and the detail display of network composition cannot be well taken into account when a simulation target network is analyzed and presented in the prior art.
In order to solve the above technical problems, one technical solution adopted by the present invention is to provide a network space simulation construction and analysis display method, including the steps of:
constructing a network entity model, editing and setting various network entity models and network relation models, and storing the network entity models and the network relation models into a database;
constructing a network simulation entity, outputting the network entity model and the network relation model from the database, and constructing a corresponding network simulation entity and a simulation target network;
and displaying the network simulation entity, and displaying the simulation target network and the network simulation entity in a layered manner.
Preferably, the network entity model is represented as
Wherein
An identification of the network entity model is represented,
then represents the network entity model
Configuration item in (1), L 1 Then represents the network entity model
The number of configuration items in (1);
the network entity model
Yet further groups of configuration items of different categories may be included, namely:
wherein a first configuration item group is included
The number of configuration items in the first configuration item group is L 11 L is 11 ≥1;
Representing a second set of configuration items, where the number of configuration items is L 12 A, L 12 ≥1;
Represents the Mth configuration item group, M ≧ 1, where the number of configuration items is L 1M L is 1M ≥1。
Preferably, the first configuration item group
Configuring a group for the physical characteristics, wherein the corresponding configuration items comprise geographic position parameters, communication type parameters and calculation performance parameter data storage parameters of the network entity model;
the second configuration item group
Configuring the logic characteristic set with corresponding configuration items including computer software system parameters, database management system, industrial software system parameters and embedded software of network entity modelSystem parameters, mobile terminal software system parameters and communication protocol parameters;
third set of configuration items
And configuring a group for the user characteristics, wherein the corresponding configuration items comprise a user grade, a user account and a user password.
Preferably, the network relation model is expressed as
Wherein
An identification of the network relationship model is represented,
then represents the network relationship model
Configuration item in (1), L 2 Then represents the network relationship model
The number of configuration items in (1); through the network relation model
For a network entity model
And constructing network relation connection between corresponding network simulation entities.
Preferably, the network simulation entity
Correspondence is a network entity model
A simulation entity in which x is a table after the configuration items are assignedThe identification number of the network simulation entity,
an identification of the network entity model is represented,
then represents the network entity model
Configuration item in (1), L 1 Then represents the network entity model
The number of configuration items in (1);
network relationship entity
Correspondence is a network relationship model
Wherein y represents the identification number of the network relation entity,
an identification of the network relationship model is represented,
then represents the network relationship model
Configuration item in (1), L 2 Then represents the network relationship model
The number of configuration items in (1); determining the network relationship between the network simulation entities through the network relationship entity;
the configuration item
The simulation system comprises a static configuration item and/or a dynamic configuration item, and the dynamic configuration item receives the simulation parameters to perform dynamic regulation and control.
Preferably, the positions of the network simulation entities are displayed in the three-dimensional GIS map according to the geographic position parameters of the network simulation entities, and the network interconnection relationship among the network simulation entities is displayed according to the communication type parameters of the network simulation entities.
Preferably, the simulation target network is displayed in a physical layer, and a plurality of simulation target networks including network simulation entities and network interconnection lines therebetween are simultaneously displayed in the physical layer.
Preferably, in the physical layer display of the simulation target network, the method further comprises selecting a network simulation entity and a network interconnection line in the simulation target network, further presenting network characteristic information and network management information contained in the network simulation entity and the network interconnection line, and performing network architecture analysis.
Preferably, the simulation target network is displayed in a logic layer, and the network simulation entity in the physical layer is correspondingly displayed with a corresponding logic object on the logic layer, which includes an operating system, a database or a communication interconnection protocol.
Preferably, the simulation target network is displayed in an application layer, and the logic objects displayed in the logic layer are correspondingly displayed in the application layer, wherein the application objects comprise user accounts, user passwords or user permissions.
The invention has the beneficial effects that: the invention discloses a network space simulation construction and analysis display method, which comprises the steps of editing and setting various types of network entity models and network relation models, and storing the network entity models and the network relation models into a database; outputting a network entity model and a network relation model from a database, and constructing a corresponding network simulation entity and a simulation target network; and hierarchically displaying the simulation target network and the network simulation entity. The method can effectively realize the simulation construction of the network space, can display the whole network architecture and the network composition details, and is favorable for visually analyzing the network and presenting the characteristics.
Drawings
FIG. 1 is a flow diagram of one embodiment of a method for modeling simulation analysis based on a cyber space;
FIG. 2 is a schematic diagram of an embodiment of a modeling and simulation system according to a cyber-space;
FIG. 3 is a flow diagram according to one embodiment of a translation method for a multi-type simulated target network;
FIG. 4 is a schematic diagram showing a network simulation entity displayed in a three-dimensional GIS map according to an embodiment of the cyber space simulation constructing and analyzing method of the present invention;
FIG. 5 is a flow chart of one embodiment of a cyberspace simulation build and analysis display method according to the present invention;
FIG. 6 is a schematic diagram of a simulation target network displayed in three layers in another embodiment of the cyberspace simulation construction and analysis display method according to the present invention;
FIG. 7 is a schematic diagram of a logic layer presenting maintenance characteristics of a logic object in another embodiment of a cyber-space simulation building and analyzing display method according to the present invention.
Detailed Description
In order to facilitate an understanding of the invention, the invention is described in more detail below with reference to the accompanying drawings and specific examples. Preferred embodiments of the present invention are shown in the drawings. This invention may, however, be embodied in many different forms and should not be construed as limited to the embodiments set forth herein. Rather, these embodiments are provided so that this disclosure will be thorough and complete.
It is to be noted that, unless defined otherwise, all technical and scientific terms used herein have the same meaning as commonly understood by one of ordinary skill in the art to which this invention belongs. The terminology used in the description of the invention herein is for the purpose of describing particular embodiments only and is not intended to be limiting of the invention. As used herein, the term "and/or" includes any and all combinations of one or more of the associated listed items.
FIG. 1 shows a flow diagram of an embodiment of a method for modeling simulation analysis of a cyber-space. In fig. 1, a modeling method embodiment including a cyberspace:
step S11: establishing a simulation model, setting a network space model establishing platform, editing and setting various types of network entity models on the network space model establishing platform, and storing the network entity models into a database;
step S12: the simulation model output, the network space model construction platform receives the requirement information of the network entity model from the network simulation application system, outputs the network entity model from the database and sends the network entity model to the network simulation application system, and the network simulation application system is used for constructing the corresponding network simulation entity and the simulation target network;
step S13: and the network space model building platform also outputs simulation parameters to the network simulation application system for simulation analysis and simulation deduction of the network simulation application system.
Preferably, fig. 1 further includes an embodiment of a simulation method of a cyberspace:
step S21: generating a simulation demand, and sending demand information of a network entity model to a network space model construction platform by a network simulation application system;
step S22: planning a simulation target network, wherein a network simulation application system receives a network entity model from the network space model building platform, assigns values to configuration items of the network entity model to obtain a network simulation entity, and then performs network connection on the network simulation entity to build one or more simulation target networks;
step S23: and network analysis simulation, wherein the characteristics of the simulation target network are visually analyzed and presented, the simulation parameters from a network space model construction platform are received, and the simulation target network is utilized to carry out network simulation deduction.
It can be seen that the above steps respectively describe the respective method steps from the perspective of the cyber-space model building platform and the cyber simulation application system. With reference to fig. 2, based on the same concept, the invention also provides a modeling and simulation system of a network space, which includes a network space model construction platform 1 and a network simulation application system 2, which are interconnected through a network, and the same network space model construction platform 1 can provide network model services for a plurality of network simulation application systems 2. Preferably, the cyberspace model building platform 1 generally has a high computer operation performance and a large data storage space, and is interconnected with the plurality of simulation application systems 2 through the network 3, and the cyberspace model building platform 1 can be accessed on the simulation application systems 2 to select a required network entity model and/or network relationship model, and then a simulation target network corresponding to the step S22 is planned on the simulation application systems 2.
In practical applications, the cyberspace model building platform 1 may be a data computing service platform built by a special data computing service provider, which provides simulation modeling services according to user requirements and provides simulation data support for simulation operations of users. The simulation application system 2 is mainly a demand object for various data applications with simulation application demands, such as teaching in colleges and universities, network security monitoring, various enterprises and public institutions, and the like.
The invention separates modeling and simulation, which is beneficial for the modeling service provider to focus service content on model construction, while various users mainly have specific requirements on the application level, and focus on application problems, thereby simplifying the modeling cost of users, meanwhile, the modeling service provider can establish uniform technical standard, which is beneficial for realizing compatibility among different users, and is beneficial for forming wider simulation application among users.
The above steps in fig. 1, and the cyber space model building platform and the cyber simulation application system in fig. 2 are further described below.
In step S11, firstly, a network entity model is constructed, preferably, the network entity model is classified, and different classes of network entity models have corresponding configuration items.
Preferably, the network entity model may be a model defined for a plurality of entities, including entity models of specific network devices, such as device models of switches, routers, servers, and the like; a network entity, such as a local area network, further comprising a plurality of network devices; distributed private cloud entities are also included; or an integrated entity containing a plurality of network devices, which may represent a communication hub, a computing center, a storage center, a network switching center, or an entity working unit, such as a school, a hospital, a factory, an oil depot, etc.
Preferably, the network entity model is represented as
Wherein
An identification of a network entity model is represented,
then represents the network entity model
Configuration item in (1), L 1 Then represents the network entity model
The number of configuration items in (1).
Preferably, the network entity model
Middle configuration item
The configuration items can be static configuration items, that is, the configuration values corresponding to the configuration items are not changed along with the time, or dynamic configuration items, that is, the configuration values corresponding to the configuration items can be dynamically regulated and controlled along with the time. The dynamic configuration items can be regulated, controlled and changed through simulation parameters, so that the realization of the method is realizedThe simulation is derived automatically.
Preferably, for the network entity model
Yet further groups of configuration items of different categories may be included, namely:
wherein, a first configuration item group is included
The number of configuration items in the first configuration item group is L 11 A, L 11 ≥1,
Representing a second set of configuration items, where the number of configuration items is L 12 A, L 12 ≥1,
Represents the Mth configuration item group, M ≧ 1, where the number of configuration items is L 1M A, L 1M ≥1。
Preferably, the first configuration item group
The physical characteristic configuration group is configured, and the corresponding configuration items comprise geographic position parameters (such as longitude and latitude, street number, building and floor number and the like) of a network entity model, communication type parameters (such as a communication mode which can comprise a local area network cable, an optical fiber communication line, mobile data communication, satellite data communication and the like, communication information rate, communication bandwidth, anti-interference characteristics and the like, a communication object, and a simulation entity needing communication interconnection, determined accordingly), calculation performance parameters (such as memory size, CPU processing speed, CPU number and cloud calculation type), data storage parameters (such as storage space size, storage access mode and speed and database type).
Preferably, the second configuration item group
The corresponding configuration items comprise computer software system parameters (such as Windows system and version, LINUX system and version, UNIX system and version, and MACOS system and version) of a network entity model, a database management system (such as ORACLE database and version, SQL database and version, and SERVER database and version), industrial software system parameters, embedded software system parameters (such as ARM system and 51 single-chip microcomputer system), mobile terminal software system parameters (such as android system and ios system), and communication protocol parameters (such as IP protocol and UDP protocol).
Preferably, a third configuration item group is further included
And configuring a group for the user characteristics, wherein the corresponding configuration items comprise a user grade, a user account, a user password and the like.
Preferably, in the step S11 of building a simulation model, a network relationship model is further established
Wherein
An identification of the network relationship model is represented,
then represents the network relationship model
Configuration item in (1), L 2 Then represents the network relationship model
The number of configuration items in (1). By means of a network relationship model
Can be a network entity model
Network relationship connection is constructed between corresponding network simulation entities, so that a network relationship model is constructed
The corresponding configuration items comprise network entity objects, communication directions between the network entity objects, communication channels, communication bandwidths and other configuration items.
Preferably, the network relationship model
In configuring an item
The configuration items may be static configuration items, that is, the configuration values corresponding to the configuration items are not changed over time, or may be dynamic configuration items, that is, the configuration values corresponding to the configuration items may be dynamically regulated and controlled over time.
Preferably, for planning the simulation target network in step S22, the network simulation entities in the network system are constructed according to the composition of the network system to be simulated based on the network entity model and the network relationship model, and the network connection relationship between the network simulation entities is determined.
Preferably, the network simulation entity
Correspondence is a network entity model
The configuration item in (2) is assigned to a simulation entity, wherein x represents the identification number of the network simulation entity.
Preferably, the entity is simulated for any network
The communication type parameters are utilized to determine the communication interconnection relation with other network simulation entities, so that the communication interconnection relation can be determinedAnd carrying out simulation network interconnection on a plurality of different network simulation entities.
Preferably, the entity is simulated for any one network
The configuration items may have a vacancy, and the assigned value of the vacancy configuration items is 0 or a specific code value, such as a network simulation entity
Second configuration item a 1 2 The code is a null code, and is represented by a specific code value such as a 0-value or binary all "1" code, a "1010 …" interval code, or the like.
Preferably, for the network entity model
Number of configuration items L in 1 Can be considered as the maximum value, and in practical application, the number of configuration items in the model can be further defined to have a lower limit value L 1min Then, in practical application, the entity is simulated for a network
The range of the corresponding configuration items is between the minimum configuration combination
And maximum configuration combination
Preferably, therefore, we will model the network entity
The configuration items that must be provided in (1) are defined to be within the parameter range corresponding to the lower limit value of 1min, i.e. the configuration items
1min of the middle and frontPlacement is a configuration item that must be used, i.e.
Front of (1)
The configuration item is the configuration item that has to be used, but for
Middle rear face
The configuration items are optional configuration items and are not necessary configuration items.
Similarly, for the network relationship model
Number of configuration items L in 2 Can be considered as the maximum value, and in practical application, the number of configuration items in the model can be further defined to have a lower limit value L 2min Then, in practical application, for a network relationship entity is
The range of the corresponding configuration items is between the minimum configuration combination
And maximum configuration combination
In between, and therefore preferably we will model the network relationships
The configuration items that must be provided in (2) are defined to be within the parameter range corresponding to the lower limit value of 2min, that is
The preceding 2min configuration items are the configuration items that have to be used, i.e.
Front of (1)
The configuration item is the configuration item that has to be used, but for
Middle rear face
The configuration items are optional configuration items and are not necessary configuration items.
The number of the configuration items is set to be the maximum value, the parameter types which can be accommodated at most are determined, meanwhile, the minimum value is set, the minimum indispensable parameter types are determined, the parameter types are rigid constraints, certain elastic settings are correspondingly reserved for the number of the configuration items between the configuration items and the minimum value, and the flexibility of the definition and use of the network entity model and the network relation model is enhanced, so that the network entity model and the network relation model have better compatibility, and the network entity model and the network relation model can adapt to matching conversion among different types of simulation models.
Preferably, for the network entity model
Each configuration item in (2) determines the meaning and the corresponding data type of the configuration item by combining the serial number of the configuration item, so that the meaning and the data type of the corresponding configuration item can be known by querying the serial number of the configuration item.
Preferably, for a network entity model comprising a plurality of classes of configuration item sets
Wherein, there is a lower limit value respectively corresponding to the configuration items in each configuration item group, namely:
wherein
Representing a first set of configuration items
Corresponding minimum configuration item set, the minimum number being L 11min L is 11min ≤L 11 ;
Representing a second set of configuration items
Corresponding minimum configuration item set, the minimum number being L 12min A, L 12min ≤L 12 ;
Representing a second set of configuration items
Corresponding minimum configuration item set, the minimum number being L 1Mmin A, L 1Mmin ≤L 1M 。
Preferably, the configuration items of the network entity model are assigned to obtain a network simulation entity
The method of (1) can be used for randomly generating assignment through a computer or manually editing the network entity model
The configuration items in the method (2) are obtained by manual assignment, and can also be generated by automatically importing the parameter item data text table through a computer.
Based on the same concept, there is also provided a conversion method for a multi-type simulation target network, as shown in fig. 3, comprising the steps of:
s31, constructing a network simulation model, editing and setting various types of network entity models, and storing the network entity models into a database;
and S32, isomer conversion, namely receiving different types of simulation target networks, comparing the network simulation isomers in the simulation target networks with the configuration items of the network entity model, re-compiling the parameter items of the simulation isomers, and converting to generate the network simulation entity corresponding to the network entity model.
Preferably, the network-mimetic isomer is represented by
Wherein
Indicates the identity of the network-emulating isomer,
then represents a network simulation isomer
Parameter item of (1), L 3 Then represents a network-simulated isomer
The number of parameter items in (1);
in step S32, the method for comparing the network simulation isomers with the configuration items of the network entity model and re-compiling the parameter items of the simulation isomers includes: network simulation isomer
Extracting and identifying each parameter item in the network entity model, and determining the network entity model
Parameter items with the same configuration items contained in the data; then selecting network simulation isomer
The same parameter items as the configuration items according to the network entity model
The sequence of the corresponding configuration items in the network entity model is rearranged and combined, and a network simulation entity corresponding to the network entity model is generated through conversion.
Preferably, the network simulation entity generated by the network simulation isomer transformation has a configuration item range between the minimum configuration combination
And maximum configuration combination
L of 1min A lower limit value representing the number of configuration items.
Preferably, the isomers are simulated in the network
Emulating an entity to a network
When converting, it needs to meet the requirement that after conversion, the range of the corresponding parameter item is at least the minimum configuration combination
When the converted configuration item is smaller than
Then the network-simulated isomer
Cannot be converted for simulation use.
Preferably, in the step S31 of building a network simulation model, a network relationship model is further established
Wherein
An identification of the network relationship model is represented,
then represents the network relationship model
Configuration item of (1), L 2 Then represents the network relationship model
The number of configuration items in (1); and the network relation model
The corresponding network relationship entity is
Is a network relationship model
The configuration item in (2) is assigned to a relationship entity, wherein y represents the identification number of the network relationship entity. The network relationship model
For the network entity model
Corresponding network simulation entity
Establishing network relation connection between the two devices;
preferably, after the network simulation entities are provided, according to the network connection relationship between the network simulation entities,the network relationships between these network simulation entities may be determined by network relationship entities. For example, a network relationship entity
Wherein the parameter item b 1 1 Corresponding network simulation entity
Parameter item b 1 2 Corresponding network simulation entity
Parameter item b 1 3 Corresponding network simulation entity
And
the communication parameter item between the two network simulation entities comprises whether the communication direction between the two network simulation entities is one-way communication or two-way communication, and if the communication direction is the one-way communication, the communication direction is indicated to be the communication direction of the network simulation entity
To
Or by a network simulation entity
To
If the communication is bidirectional, the configuration item b can be further added 1 4 Limiting the simulation of an entity by a network
To
Communication bandwidth or communication rate of direction, and simulation entity by network
To
Communication bandwidth or communication rate of a direction.
Thus, by using network relational entities
Then, the network simulation entity can be better
Service, thus emulating an entity in a network
The parameter items of the network simulation entity do not need to define the network communication interconnection relation with other network simulation entities, but pass through the network relation entity
To separately represent the network connection relationships between these network simulation entities.
Preferably, in the isomer converting step, the method further includes converting the network relationship isomers in the simulation target network into corresponding network relationship entities; the network relation isomer is represented as
Wherein
Indicates the identification of the network relationship isomer,
then represents a network relation isomer
Parameter item of (1), L 4 Then represents a network relation isomer
Number of parameter items in (1).
Preferably, the method for converting the network relationship isomers into the corresponding network relationship entities comprises: relating the network to isomers
Extracting and identifying each parameter item in the network to obtain a network relation model
The parameter items with the same configuration items in the table; then selecting network relation isomer
The same parameter items as the configuration items according to the network relation model
The sequence of the corresponding configuration items in the network relationship model is rearranged and combined, and the network relationship entity corresponding to the network relationship model is generated through conversion.
Preferably, the isomers are in a network relationship
To network relationship entities
When the network relation entity is converted, the range of the corresponding parameter item is at least the minimum configuration combination network relation entity after the conversion is required to be satisfied
When the converted configuration item is smaller than
Then the network relation isomer
Cannot be converted for simulation use.
Preferably, different types of simulation target networks are received in batch, the simulation target networks comprise network simulation isomers and/or network relation isomers, and the network simulation isomers and/or network relation isomers are converted in batch into corresponding network simulation entities and/or network relation entities; and combining the network simulation entities and/or the network relation entities after batch conversion into a converted simulation target network to realize the integral batch conversion of different types of simulation target networks. The conversion process here is carried out as described above, but in batch mode.
Preferably, the characteristics of the converted simulation target network are visually analyzed and presented, including being hierarchically displayed according to configuration items of the network simulation entities and/or the network relationship entities in the simulation target network. Reference may be further made to the analysis display embodiments of fig. 4-6.
Further, based on the simulation system shown in fig. 2, preferably, a network simulation entity is constructed on the network simulation application system 2, a required network entity model is selected from the network space model construction platform, then the network entity model is assigned to obtain the required network simulation entity, and the network simulation entity is locally packaged and stored on the network simulation application system 2, so that hardware storage resources of the network simulation application system can be saved, and the simulation system architecture enables the network space model construction platform to be shared by a plurality of network simulation application systems for distributed use under network conditions.
Preferably, after the network simulation application system builds the simulation target network, each network simulation entity and/or network relationship entity included in the simulation target network can be returned to the network space model building platform in a form data manner, after the network space model building platform obtains the form data, the simulation target network can be restored and reproduced on the server, so that the simulation target network can also be assigned and shared to the second network simulation application system, the second network simulation application system can analyze and evaluate the performance of the simulation target network and further can perform simulation attack on the simulation target network, the data of the simulation attack can be reversely sent to the network simulation application system which builds the simulation target network through the network space model building platform, so that network attack and defense simulation exercises are performed on the two network simulation application systems, and the network space model building platform evaluates and performs copy analysis on attack and defense of the two parties by monitoring data streams of the two parties.
Preferably, different types of simulation target networks can be imported in batches through the network simulation application system, the different types of simulation target networks are usually composed of network simulation isomers and/or network relation isomers, that is, the network simulation application system defines that the used network simulation entities and network relation entities are not completely the same, in this case, the network simulation application system integrally transmits data of the different types of simulation target networks to the network space model construction platform, the network space model construction platform converts the network simulation isomers and/or network relation isomers, including the extraction identification parameters, rearrangement combination and minimum configuration item quantity requirements, the data are converted into corresponding network simulation entities and/or network relation entities, the converted network simulation entities and/or network relation entities are combined into the simulation target network and transmitted back to the network simulation application system, so that the overall batch conversion of the different types of simulation target networks is realized, and the application of the different types of simulation target networks on the simulation system is greatly enhanced.
Preferably, in step S23, performing visual analysis and presentation on the characteristics of the simulation target network includes performing hierarchical display according to the parameter type of the network simulation entity in the simulation target network, and specifically includes physical layer visual display, logical layer visual display, and application layer visual display in conjunction with fig. 5.
Preferably, in fig. 4, the positions of the network simulation entities and the network interconnection relationship between the network simulation entities are displayed in the three-dimensional GIS map according to the geographic position parameters of the network simulation entities. Fig. 4 shows a situation in which a plurality of network simulation entities P11 are located at different geographical locations, which reflects the spatial distribution of the network simulation entities, and further visually presents the network interconnection relationship among the network simulation entities P11 through the network interconnection line R11. The network interconnection relations are set through the communication type parameters of the network simulation entities, or network interconnection lines can be constructed among different network simulation entities through the network relation entities.
Fig. 4 reflects the spatial distribution characteristics of the simulation target network, but this display cannot completely present the logical architecture of the simulation target network, that is, when the map scale display is large, the overall view of each network simulation entity cannot be displayed, and when the map scale display is small, the spatial distribution details and the network topology of each network simulation entity cannot be seen. Therefore, it is desirable to further display the network connection relationship of the analysis simulation target network, and also display the network connection relationship of a plurality of simulation target networks, and further display the configuration of the logic layer and the application layer in the network simulation entity in the simulation target network.
Based on the same concept, on the basis of the above, a network space simulation construction and analysis display method is also provided, as shown in fig. 5, including the steps of:
s101, constructing a network entity model, editing and setting various network entity models and network relation models, and storing the network entity models and the network relation models into a database;
s102, constructing a network simulation entity, outputting the network entity model and the network relation model from the database, and constructing a corresponding network simulation entity and a simulation target network;
and S103, presenting a network simulation entity, and displaying the simulation target network and the network simulation entity in a layered manner.
For the embodiment shown in fig. 5, the building of the network entity model and the building of the network simulation entity are not limited to be implemented by the network space model-based building platform and the network simulation application system, but can be implemented in the same development environment as a model building and simulation application system, and is suitable for an application scenario with integration of modeling and application. The method for constructing the concrete model and the method for constructing the simulation can be realized by combining the foregoing contents.
Preferably, as shown in fig. 6, the simulation target network is displayed in three layers, namely, a physical layer, a logical layer and an application layer. In the physical layer, a plurality of simulation target networks may be simultaneously displayed on the layer, for example, three simulation target networks M1, M2, and M3 in fig. 6 are included, and then the three simulation target networks are composed of network simulation entities and network interconnection relationships among the network simulation entities, for example, the M3 simulation target network includes a network simulation entity P11 and a network interconnection line R11, which are consistent with the corresponding network simulation entity P11 and network interconnection line R11 in fig. 4.
Furthermore, the network simulation entity P11 and the network interconnection line R11 in the simulation target network can be visually selected through screen display on the physical layer, and detailed network characteristic information contained in the network simulation entity P11 and the network interconnection line R11 can be further seen, so that the network architecture composition relation and the detailed network characteristic information of a plurality of simulation target networks can be visually inquired through the physical layer, macroscopic network management information is obtained, and network architecture analysis is carried out.
Further, according to the foregoing description, the network simulation entity is not limited to a specific network device, and may also be a local area network, a communication hub, a computing center, a storage center, a network switching center, or an entity work unit, such as a school, a hospital, a factory, an oil depot, and the like. Therefore, the network simulation entity has multi-type and multi-level distinction. For example, a network simulation entity is only a network router, which is mainly attributed to the characteristics of the physical layer, and when a network simulation entity corresponds to a server, the network simulation entity not only has the network characteristics of the physical layer, but also has the logical layer corresponding to the operating system and the application layer corresponding to the user, so that the network simulation entity can be further displayed and analyzed through the logical layer and the application layer. Similarly, when a cyber simulation entity corresponds to a unit, such as a plant, the cyber simulation entity may correspond to an intranet of the plant, and thus there are multiple operating systems corresponding to the computers and multiple users distributed on different computer systems.
Preferably, fig. 6 shows a physical layer and the three-dimensional geospatial display of fig. 4, the former way of displaying has the advantages of being able to visually present the macro-architectural representation of the network and being able to present multiple simulation target networks simultaneously on the same physical layer. The former display mode has the advantages that the spatial distribution of the simulation entity in the physical layer can be directly related to the geographical position, the actual spatial distribution characteristics can be more truly known, and the spatial connection characteristics of the line can be more closely felt, for example, when the two positions cross a river, the communication link is usually wireless transmission rather than wire transmission, which cannot be intuitively seen in fig. 6. The wireless transmission and the wired transmission are different in mode, and for both parties of the attack and defense countermeasure in the network space, the attack and defense means adopted by both parties are also adapted to the difference of the communication transmission modes.
With reference to fig. 6, it can be seen that a network simulation entity MP11 in the simulation target network M1 has two logical objects L1 and L2 corresponding to the logical layer, the network simulation entity MP11 and the logical layer have two logical objects L1 and L2 that are connected by a connection line for mapping, when the network simulation entity MP11 is selected, the connection line for mapping is highlighted, which indicates that the network simulation entity MP11 and the logical layer have a direct mapping relationship between the two logical objects L1 and L2.
Therefore, the network characteristics of the network simulation entity of the physical layer on the logical layer can be clearly displayed through the corresponding relationship between the physical layer and the logical layer, for example, the network simulation entity MP11 is a network facility of a plant, which indicates that two logical layer objects exist in the network facility of the plant, such as two independent industrial operating systems, or a database, a communication interconnection protocol, and the like.
Similarly, fig. 6 also shows that a network simulation entity in the simulation target network M2 corresponds to a logical object L3 of the logical layer, and the logical object L3 corresponds to an application object J1 of the application layer, for example, the network simulation entity is a switch, the switch has a windows-based computer operating system, corresponds to the logical object L3, and the computer operating system has a registered management user, which corresponds to the application object J1, and the user has a user account, a user password, and a user right, etc. set by the user.
Similarly, the logical object L3 of the logical layer and the application object J1 of the application layer are also connected in a mapping manner by a connecting line, and when the logical object L3 is selected, the connecting line of the mapping connection is highlighted, which indicates the direct mapping relationship between the logical object L3 and the application object J1 of the application layer.
In fig. 6, it is further shown that one network simulation entity in the simulation target network M3 corresponds to one logic object L4 of the logic layer, another network simulation entity corresponds to one logic object L5 of the logic layer, and the logic object L5 corresponds to two application objects J2 and J3 of the application layer.
Further, for the logic layer, each logic object may further analyze maintenance features presenting the logic object, including patch features, upgrade features, extension features, and the like of the logic object. For example, the patch programs, the upgrade programs, the extension programs, and the like that a certain software operating system experiences sequentially since release. As shown in fig. 7, the maintenance features L101 of the logical object L1 are visually presented in the form of a star map, wherein each maintenance feature is presented in a different way by a corresponding code number. Similarly, for the application layer, each application object may further present security features of the application object, including password length, password composition, password number, and the like. Through the visual presentation, targeted vulnerability discovery is facilitated, and a targeted network attack scheme is formulated.
Through the layered display of fig. 6 and fig. 7, not only can the composition architecture of each simulation target network be clearly presented, but also the network technical characteristics of the simulation entity in the network at the logic layer and the application layer can be further displayed, which is beneficial to further performing characteristic analysis and network operation simulation on the logic layer and the application layer. Therefore, by the display method, the architecture of the simulation target network can be visually transversely presented and analyzed on the physical layer, and the composition characteristics of the simulation entity can be longitudinally presented and analyzed on the logic layer and the application layer. And the logic layer and the application layer can be further subjected to extended presentation at the layer. Therefore, the presentation analysis method forms a three-dimensional display framework, can realize seamless combination of macroscopic display and microscopic display based on the same display interface, and has strong intuitiveness.
For the network analysis and simulation in step S3 in fig. 1, after the technical features of the physical layer, the logic layer and the application layer are visually presented according to the above, a network attack scheme for the simulation target network may be planned, including specific objects which attack these three layers respectively, such as which communication link, which operating system vulnerability, which user, etc., and strategy arrangement and attack opportunity of the attack.
Further, the network simulation deduction by using the simulation target network comprises: target network operation, target network attack and target network protection.
The target network operation comprises: and (3) carrying out simulation such as network information transmission, information system operation, user login and use and the like among the network simulation entities over time.
The target network attack comprises: and (3) simulating physical disconnection, virus intrusion, user account intrusion and the like on a physical layer, a logic layer and an application layer of the network simulation entity as time goes on.
The target network protection comprises the following steps: and (3) performing simulation such as firewall blocking, virus checking and killing, user account number change setting and the like on a physical layer, a logic layer and an application layer of the network simulation entity as time goes on.
Therefore, the invention discloses a network space simulation construction and analysis display method. The method comprises the steps of editing and setting various types of network entity models on a network space model building platform, wherein the network space model building platform is in network interconnection with a network simulation application system, receiving demand information of the network entity models from the network simulation application system, building corresponding network simulation entities and simulation target networks on the network simulation application system, and performing simulation analysis and simulation deduction. The method separates model construction of the network space from simulation application, and is closely combined, thereby being beneficial to realizing data service and application in a new business mode, reducing the construction difficulty of a user simulation application system and improving the application efficiency.
The above description is only an embodiment of the present invention, and not intended to limit the scope of the present invention, and all equivalent structural changes made by using the contents of the present specification and the drawings, or applied directly or indirectly to other related technical fields, are included in the scope of the present invention.
Claims (10)
1. A network space simulation construction and analysis display method is characterized by comprising the following steps:
constructing a network entity model, editing and setting various network entity models and network relation models, and storing the network entity models and the network relation models into a database;
constructing a network simulation entity, outputting the network entity model and the network relation model from the database, and constructing a corresponding network simulation entity and a simulation target network;
and displaying the network simulation entity, and displaying the simulation target network and the network simulation entity in a layered manner.
2. The cyberspace simulation modeling and analysis display method according to claim 1, wherein the cyberspace model is expressed as
Wherein
An identification of the network entity model is represented,
then represents the network entity model
Configuration item in (1), L 1 Then represents the network entity model
Number of configuration items in (b);
the network entity model
Yet further groups of configuration items of different categories may be included, namely:
wherein, a first configuration item group is included
The number of configuration items in the first configuration item group is L 11 A, L 11 ≥1;
Representing a second set of configuration items, where the number of configuration items is L 12 A, L 12 ≥1;
Represents the Mth configuration item group, M ≧ 1, where the number of configuration items is L 1M A, L 1M ≥1。
3. The cyberspace replica of claim 2The true construction and analysis display method is characterized in that the first configuration item group
Configuring a group for the physical characteristics, wherein the corresponding configuration items comprise geographic position parameters, communication type parameters and calculation performance parameter data storage parameters of the network entity model;
the second configuration item group
Configuring a group for the logic characteristics, wherein the corresponding configuration items comprise computer software system parameters, database management systems, industrial software system parameters, embedded software system parameters, mobile terminal software system parameters and communication protocol parameters of the network entity model;
third set of configuration items
And configuring a group for the user characteristics, wherein the corresponding configuration items comprise a user grade, a user account and a user password.
4. The cyberspace simulation construction and analysis display method according to claim 3, wherein the cyberspace model is expressed as
Wherein
An identification of the network relationship model is represented,
then represents the network relationship model
Configuration item in (1), L 2 Then represents the network relationship model
The number of configuration items in (1); through the network relation model
For a network entity model
And constructing network relation connection between corresponding network simulation entities.
5. The cyberspace simulation constructing and analyzing displaying method according to claim 4, wherein the cyberspace simulation entity
Correspondence is a network entity model
Wherein x represents the identification number of the network simulation entity,
an identification of the network entity model is represented,
then represents the network entity model
Configuration item in (1), L 1 Then represents the network entity model
The number of configuration items in (1);
network relationship entity
Correspondence is a network relationship model
Wherein y represents the identification number of the network relation entity,
an identification of the network relationship model is represented,
then represents the network relationship model
Configuration item of (1), L 2 Then represents the network relationship model
The number of configuration items in (1); determining the network relationship between the network simulation entities through the network relationship entities;
the configuration item
The simulation system comprises a static configuration item and/or a dynamic configuration item, and the dynamic configuration item receives the simulation parameters to perform dynamic regulation and control.
6. The cyberspace simulation building and analyzing display method according to claim 5, wherein the location of each cyberspace simulation entity is displayed in a three-dimensional GIS map according to the geographic location parameter of the cyberspace simulation entity, and the cyberspace relationship between the cyberspace simulation entities is displayed according to the communication type parameter of the cyberspace simulation entity.
7. The cyberspace simulation constructing and analyzing display method according to claim 5, wherein the simulation target networks are displayed in a physical layer, and a plurality of simulation target networks including cyberspace simulation entities and internetworking circuits therebetween are simultaneously displayed in the physical layer.
8. The method according to claim 7, wherein in displaying the physical layer of the simulation target network, the method further comprises selecting the network simulation entity and the network interconnection line in the simulation target network, further presenting the network characteristic information and the network management information contained therein, and performing network architecture analysis.
9. The method for constructing, analyzing and displaying network space simulation of claim 8, wherein the simulation target network is displayed in a logical layer, and the network simulation entity in the physical layer is correspondingly displayed with a corresponding logical object on the logical layer, which includes an operating system, a database or a communication interconnection protocol.
10. The method for constructing, analyzing and displaying network space simulation of claim 9, wherein an application layer display is performed on the simulation target network, and corresponding application objects, including user accounts, user passwords or user permissions, are displayed on the application layer corresponding to the logical objects displayed on the logical layer.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210896733.2A CN115203874A (en) | 2022-07-28 | 2022-07-28 | Network space simulation construction and analysis display method |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210896733.2A CN115203874A (en) | 2022-07-28 | 2022-07-28 | Network space simulation construction and analysis display method |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN115203874A true CN115203874A (en) | 2022-10-18 |
Family
ID=83584726
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202210896733.2A Pending CN115203874A (en) | 2022-07-28 | 2022-07-28 | Network space simulation construction and analysis display method |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN115203874A (en) |
-
2022
- 2022-07-28 CN CN202210896733.2A patent/CN115203874A/en active Pending
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN106685977B (en) | A kind of system of account building method based on intelligence community cloud platform | |
| CN110084377A (en) | Method and apparatus for constructing decision tree | |
| CN105405079A (en) | Based-on-GIS-analysis system and method for realizing precise project land exploitation addressing | |
| CN105210327A (en) | Providing devices as a service | |
| WO2010031701A1 (en) | System and method for managing virtual world environments based upon existing physical environments | |
| CN103118053A (en) | Building data security in a networked computing environment | |
| CN103595759B (en) | Desktop presentation method based on high in the clouds | |
| CN113691416A (en) | Distributed layered deployed network target range management platform | |
| CN103377402A (en) | Multi-user analysis system and corresponding apparatus and method | |
| CN106301772A (en) | Cipher set-up method, device and for arranging the device of password | |
| CN102821160A (en) | System and method for multilevel data protection oriented to loose cloud nodes in cloud computing network environment | |
| CN109690491A (en) | Execute remote command | |
| CN113129149A (en) | Transaction risk identification method and device based on block chain and safe multi-party calculation | |
| CN114979074B (en) | Enterprise IPv6 address hierarchical management method, system and storage medium | |
| CN114448726A (en) | Authority management method and device based on multiple identities | |
| CN115065608B (en) | Modeling and simulation method of network space | |
| CN115203874A (en) | Network space simulation construction and analysis display method | |
| CN113946857B (en) | Distributed cross-link scheduling method and device based on data routing | |
| CN115238429A (en) | Modeling and simulation system of network space | |
| CN115203875A (en) | Conversion method for multi-type simulation target network | |
| CN116451279A (en) | Data processing method, device, equipment and readable storage medium | |
| CN114417633B (en) | Network shooting range scene construction method and system based on parallel simulation six-tuple | |
| CN105227781A (en) | A kind of method and system of mobile terminal configuration | |
| CN113449444B (en) | Simulation method, computer device and storage medium for domain engineering | |
| CN115913656A (en) | Bank cross-border data platform, task processing method and deployment method |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |