CN115277477B - Flow detection method and device based on simple object access protocol - Google Patents
Flow detection method and device based on simple object access protocol Download PDFInfo
- Publication number
- CN115277477B CN115277477B CN202210873618.3A CN202210873618A CN115277477B CN 115277477 B CN115277477 B CN 115277477B CN 202210873618 A CN202210873618 A CN 202210873618A CN 115277477 B CN115277477 B CN 115277477B
- Authority
- CN
- China
- Prior art keywords
- flow
- detection
- request
- flow detection
- traffic
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000001514 detection method Methods 0.000 title claims abstract description 212
- 238000000034 method Methods 0.000 claims abstract description 58
- 230000008569 process Effects 0.000 claims description 28
- 238000004458 analytical method Methods 0.000 claims description 15
- 238000011161 development Methods 0.000 claims description 7
- 238000012544 monitoring process Methods 0.000 claims description 7
- 230000002776 aggregation Effects 0.000 claims description 4
- 238000004220 aggregation Methods 0.000 claims description 4
- 238000012163 sequencing technique Methods 0.000 claims description 2
- 238000012423 maintenance Methods 0.000 abstract description 7
- 238000012545 processing Methods 0.000 description 14
- 239000000344 soap Substances 0.000 description 13
- 238000005206 flow analysis Methods 0.000 description 10
- 230000003993 interaction Effects 0.000 description 10
- 238000010586 diagram Methods 0.000 description 9
- 230000006870 function Effects 0.000 description 8
- 238000004891 communication Methods 0.000 description 4
- 230000003287 optical effect Effects 0.000 description 4
- 230000002265 prevention Effects 0.000 description 3
- 230000004044 response Effects 0.000 description 3
- 230000002159 abnormal effect Effects 0.000 description 2
- 230000002155 anti-virotic effect Effects 0.000 description 2
- 230000006399 behavior Effects 0.000 description 2
- 230000005540 biological transmission Effects 0.000 description 2
- 238000004590 computer program Methods 0.000 description 2
- 238000007726 management method Methods 0.000 description 2
- 239000013307 optical fiber Substances 0.000 description 2
- 230000000644 propagated effect Effects 0.000 description 2
- 238000011897 real-time detection Methods 0.000 description 2
- 238000003491 array Methods 0.000 description 1
- 230000000903 blocking effect Effects 0.000 description 1
- 238000004364 calculation method Methods 0.000 description 1
- 230000000739 chaotic effect Effects 0.000 description 1
- 230000000295 complement effect Effects 0.000 description 1
- 238000010276 construction Methods 0.000 description 1
- 238000003745 diagnosis Methods 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- 239000000835 fiber Substances 0.000 description 1
- 230000010365 information processing Effects 0.000 description 1
- 230000007246 mechanism Effects 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 230000002093 peripheral effect Effects 0.000 description 1
- 230000003252 repetitive effect Effects 0.000 description 1
- 239000004065 semiconductor Substances 0.000 description 1
- 230000002123 temporal effect Effects 0.000 description 1
- 238000011144 upstream manufacturing Methods 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L43/00—Arrangements for monitoring or testing data switching networks
- H04L43/08—Monitoring or testing based on specific metrics, e.g. QoS, energy consumption or environmental parameters
- H04L43/0876—Network utilisation, e.g. volume of load or congestion level
- H04L43/0888—Throughput
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L43/00—Arrangements for monitoring or testing data switching networks
- H04L43/08—Monitoring or testing based on specific metrics, e.g. QoS, energy consumption or environmental parameters
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L43/00—Arrangements for monitoring or testing data switching networks
- H04L43/14—Arrangements for monitoring or testing data switching networks using software, i.e. software packages
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/02—Protocols based on web technology, e.g. hypertext transfer protocol [HTTP]
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Environmental & Geological Engineering (AREA)
- Computer Security & Cryptography (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The present disclosure relates to a simple object access protocol based traffic detection method, apparatus, electronic device, and computer readable medium. The method comprises the following steps: obtaining a flow detection request by a webservice interface; analyzing the flow detection request to extract flow parameters; generating a detection result set according to the flow parameters and the local flow data; and sending the detection result set to a request end through a webservice interface. The flow detection method, the flow detection device, the electronic equipment and the computer readable medium can modularize the flow detection based on the simple object access protocol, reduce maintenance cost and system overhead and improve the utilization rate of system resources.
Description
Technical Field
The present disclosure relates to the field of computer information processing, and in particular, to a flow detection method, a flow detection device, an electronic device, and a computer readable medium.
Background
With technological advancement and high-speed development of network information technology, the information industry and application thereof have been greatly developed, and the network environment is more and more complex and chaotic. Therefore, it is important to maintain a fast and stable network access speed, and traffic detection plays an indispensable role in network stability. Many functions based on flow detection have been developed, for example, flow analysis can help a network administrator to master the flow and bandwidth usage situation, discover network bottlenecks in time, and provide basis for network planning, fault diagnosis and the like.
The existing flow detection is relatively open, and is visualized for different functional modules, and many functional modules based on the flow detection are added with own functions in the flow detection flow. Many functional modules based on flow detection are embedded in the flow detection flow. Such as flow analysis and flow threshold alarms, and output parameters of the two are similar. The flow analysis is displayed on a page, and flow history data is required to be obtained through a website service (webservice) function; the flow threshold value is used for detecting and calculating flow data in real time through a background process, and is mainly realized through C language. The flow analysis and the flow threshold alarming are similar in flow and are realized independently, so that a large amount of system resources are occupied, and the maintenance cost and the system overhead are greatly increased.
Accordingly, there is a need for a new flow detection method, apparatus, electronic device, and computer readable medium.
The above information disclosed in the background section is only for enhancement of understanding of the background of the application and therefore it may contain information that does not form the prior art that is already known to a person of ordinary skill in the art.
Disclosure of Invention
In view of this, the present application provides a flow detection method, apparatus, electronic device, and computer readable medium, which can modularize flow detection based on a simple object access protocol, reduce maintenance cost and overhead, and improve utilization of system resources.
Other features and advantages of the present application will be apparent from the following detailed description, or may be learned in part by the practice of the application.
According to an aspect of the present application, a method for detecting traffic based on a simple object access protocol is provided, the method comprising: acquiring a flow detection request by a website service (webservice) interface; analyzing the flow detection request to extract flow parameters; generating a detection result set according to the flow parameters and the local flow data; and sending the detection result set to a request end through a webservice interface.
In an exemplary embodiment of the present application, when the request end is an external device, the method further includes: the external device generates an HTTP detection request through a simple object access protocol.
In an exemplary embodiment of the present application, when the request end is a local process, the method further includes: the local process generates a simulated HTTP detection request via a simple object access protocol.
In one exemplary embodiment of the present application, the local process generates an emulated HTTP detect request via a simple object access protocol, comprising: the local process determines the flow parameters to be detected; and assembling the flow parameter set through a simple object access protocol to generate a simulated HTTP detection request.
In an exemplary embodiment of the present application, parsing the flow detection request to extract flow parameters includes: and analyzing and extracting the starting time and the ending time of the flow to be detected, a flow inlet interface, an ip address segment and a protocol type of the flow detection request.
In an exemplary embodiment of the present application, generating a detection result set according to the traffic parameter and the local traffic data includes: inquiring a file of statistics of the local flow data according to the flow parameters; generating a plurality of flow detection results according to the statistic file; and generating the detection result set through the flow detection results.
In one exemplary embodiment of the present application, generating a plurality of traffic detection results from a statistics file includes: and generating a protocol name, a total flow, an uplink flow, a downlink flow and an average flow according to the statistic file.
In an exemplary embodiment of the present application, generating the detection result set from the plurality of flow detection results further includes: sequencing the plurality of flow detection results; and generating the detection result set through the sequenced multiple flow detection results.
In an exemplary embodiment of the present application, further comprising: the local process obtains the detection result set; analyzing the monitoring result set; and carrying out secondary development of flow detection according to the analysis result.
According to an aspect of the present application, there is provided a flow detection device based on a simple object access protocol, the device comprising: the request module is used for acquiring a flow detection request through the webservice interface; the parameter module is used for analyzing the flow detection request to extract flow parameters; the aggregation module is used for generating a detection result set according to the flow parameters and the local flow data; and the sending module is used for sending the detection result set to the request end through a webservice interface.
According to an aspect of the present application, there is provided an electronic device including: one or more processors; a storage means for storing one or more programs; when the one or more programs are executed by the one or more processors, the one or more processors are caused to implement the methods as described above.
According to an aspect of the present application, a computer-readable medium is presented, on which a computer program is stored, which program, when being executed by a processor, implements a method as described above.
According to the flow detection method, the flow detection device, the electronic equipment and the computer readable medium, a flow detection request is obtained through a webservice interface; analyzing the flow detection request to extract flow parameters; generating a detection result set according to the flow parameters and the local flow data; the detection result set is sent to the request end through the webservice interface, so that the flow detection can be modularized based on a simple object access protocol, the maintenance cost and the system overhead are reduced, and the utilization rate of system resources is improved.
It is to be understood that both the foregoing general description and the following detailed description are exemplary and explanatory only and are not restrictive of the application.
Drawings
The above and other objects, features and advantages of the present application will become more apparent by describing in detail exemplary embodiments thereof with reference to the attached drawings. The drawings described below are only some embodiments of the present application and other drawings may be obtained from these drawings without inventive effort for a person of ordinary skill in the art.
Fig. 1 is a system block diagram illustrating a flow detection method and apparatus according to an exemplary embodiment.
Fig. 2 is a flow chart illustrating a flow detection method according to an exemplary embodiment.
Fig. 3 is a flow chart illustrating a flow detection method according to another exemplary embodiment.
Fig. 4 is a flow chart illustrating a flow detection method according to another exemplary embodiment.
Fig. 5 is a block diagram illustrating a flow detection device according to an exemplary embodiment.
Fig. 6 is a block diagram of an electronic device, according to an example embodiment.
Fig. 7 is a block diagram of a computer-readable medium shown according to an example embodiment.
Detailed Description
Example embodiments will now be described more fully with reference to the accompanying drawings. However, the exemplary embodiments can be embodied in many forms and should not be construed as limited to the embodiments set forth herein; rather, these embodiments are provided so that this disclosure will be thorough and complete, and will fully convey the concept of the example embodiments to those skilled in the art. The same reference numerals in the drawings denote the same or similar parts, and thus a repetitive description thereof will be omitted.
Furthermore, the described features, structures, or characteristics may be combined in any suitable manner in one or more embodiments. In the following description, numerous specific details are provided to give a thorough understanding of embodiments of the present application. One skilled in the relevant art will recognize, however, that the aspects of the application can be practiced without one or more of the specific details, or with other methods, components, devices, steps, etc. In other instances, well-known methods, devices, implementations, or operations are not shown or described in detail to avoid obscuring aspects of the application.
The block diagrams depicted in the figures are merely functional entities and do not necessarily correspond to physically separate entities. That is, the functional entities may be implemented in software, or in one or more hardware modules or integrated circuits, or in different networks and/or processor devices and/or microcontroller devices.
The flow diagrams depicted in the figures are exemplary only, and do not necessarily include all of the elements and operations/steps, nor must they be performed in the order described. For example, some operations/steps may be decomposed, and some operations/steps may be combined or partially combined, so that the order of actual execution may be changed according to actual situations.
It will be understood that, although the terms first, second, third, etc. may be used herein to describe various components, these components should not be limited by these terms. These terms are used to distinguish one element from another element. Thus, a first component discussed below could be termed a second component without departing from the teachings of the present application concept. As used herein, the term "and/or" includes any one of the associated listed items and all combinations of one or more.
Those skilled in the art will appreciate that the drawings are schematic representations of example embodiments, and that the modules or flows in the drawings are not necessarily required to practice the present application, and therefore, should not be taken to limit the scope of the present application.
The technical abbreviations involved in this application are explained as follows:
webservice interface: the webservice interface is a functional interface. The common interface can only be called locally, and the webservice interface can be called remotely, so that the webservice interface is an external interface of the system. The principle is that the service name and the request parameter which are required to be accessed are transmitted to the server through the http request, the server carries out corresponding processing according to the service name and the request parameter which are requested by the client, and the processed result is returned to the client, so that the purpose of data sharing is achieved.
SOAP, simple object access protocol, a protocol specification for exchanging data, is a simple, lightweight, XML-based protocol designed to exchange structured and consolidated information over the WEB.
IPS: the intrusion prevention system (Intrusion Prevention System) is a computer network security facility, which is complementary to anti-virus software (Antivirus Programs) and firewalls (Application Gateway). An Intrusion prevention system (Intrusion-prevention system) is a computer network security device capable of monitoring network or network device network data transmission behavior, and timely interrupting, adjusting or isolating abnormal or damaging network data transmission behavior.
The inventor of the present application analyzes the flow detection application in the prior art, and proposes the flow detection method and the flow detection device in the present application as a solution in the prior art. In the application, the characteristics of the functional modules based on flow detection are analyzed, the demand points of the functional modules are abstracted, the method is realized by using a least system resource and an independent module, a unified flow detection module is constructed, the flow detection module in the application is invisible to the outside, and only an interface is provided. All functional modules based on flow detection are subjected to information interaction with the flow detection module generated according to the method of the application in a SOAP mode, and input and output information of a webservice interface is unified, so that the flow information requirements of most modules can be met in the mode.
The method in the present application is described below with the aid of specific examples.
Fig. 1 is a system block diagram of a flow detection method, apparatus, according to an example embodiment.
As shown in fig. 1, the system architecture 10 may include terminal devices 101, 102, 103, a network 104, and a traffic analysis platform 105. The network 104 is the medium used to provide the communication links between the terminal devices 101, 102, 103 and the traffic analysis platform 105. The network 104 may include various connection types, such as wired, wireless communication links, or fiber optic cables, among others.
The user may interact with the traffic analysis platform 105 via the network 104 using the terminal devices 101, 102, 103 to receive or send messages or the like. Various communication client applications, such as shopping class applications, web browser applications, search class applications, instant messaging tools, mailbox clients, social platform software, etc., may be installed on the terminal devices 101, 102, 103.
The terminal devices 101, 102, 103 may be a variety of electronic devices having a display screen and supporting web browsing, including but not limited to smartphones, tablets, laptop and desktop computers, and the like.
The traffic analysis platform 105 may be a server providing various traffic detection services, such as a background management server providing traffic detection to a platform browsed by a user using the terminal devices 101, 102, 103. The background management server may perform processing such as analysis on data such as a flow detection request, and feed back a processing result (e.g., a flow detection result) to the terminal devices 101, 102, 103 or other local application programs.
The traffic analysis platform 105 may obtain the traffic detection request, for example, by a webservice interface; the flow analysis platform 105 may, for example, parse the flow detection request to extract flow parameters; the flow analysis platform 105 may, for example, generate a set of detection results from the flow parameters and local flow data; the traffic analysis platform 105 may, for example, send the detection result set to the requesting end through a webservice interface.
In one embodiment, further comprising: the terminal devices 101, 102, 103 generate HTTP detection requests by means of a simple object access protocol.
In one embodiment, further comprising: the local process in the traffic analysis platform 105 generates a simulated HTTP detection request via a simple object access protocol.
The flow analysis platform 105 may be an entity server, or may be a plurality of servers, for example, it should be noted that the flow detection method provided in the embodiments of the present application may be executed by the flow analysis platform 105, and accordingly, the flow detection device may be disposed in the flow analysis platform 105. While the requesting end for the user's request for flow of gas detection is typically located in the terminal device 101, 102, 103.
Fig. 2 is a flow chart illustrating a flow detection method according to an exemplary embodiment. The flow detection method 20 at least includes steps S202 to S208.
As shown in fig. 2, in S202, a traffic detection request is acquired by a webservice interface.
In one embodiment, when the request end is an external device, the request end may be an external request of the system, and further includes: the external device generates an HTTP detection request through a simple object access protocol. The external system request may be, for example, information interaction between the third party platform and the network device about flow monitoring, for example, the third party platform requests the network device for a flow detection result in a certain period of time through an http request, and the flow detection module returns corresponding flow information according to parameters after receiving the request, so as to graphically display the network environment.
In one embodiment, when the request end is a local process, the request end may be a system internal request, and further includes: the local process generates a simulated HTTP detection request via a simple object access protocol. Further, the local process determines a flow parameter to be detected; and assembling the flow parameter set through a simple object access protocol to generate a simulated HTTP detection request.
The internal request of the system can be, for example, information interaction with the flow detection module in the network equipment system, for example, the flow threshold alarming function module requests flow information of an application to the flow detection module in real time, and once the application flow is greater than a threshold, the application can be alarmed or blocked according to a set strategy, so that a network manager can conveniently debug the network environment.
In S204, the flow rate detection request is parsed to extract a flow rate parameter. The flow detection request can be analyzed to extract the start time and the end time of the flow to be detected, the flow inlet interface, the ip address segment and the protocol type.
The flow detection module can be arranged, the data acquisition and analysis are carried out on the network data packet flowing through the flow detection module, various statistics of the network flow are counted according to a certain time granularity, and the statistics result is stored in the file. The flow detection module only provides one webservice interface for the external request of the system; and providing an interface simulating the http request for the internal request of the system, and indirectly interacting with the webservice interface through the interface.
In S206, a set of detection results is generated from the traffic parameters and the local traffic data. A file of statistics of local traffic data may be queried, for example, according to the traffic parameters; generating a plurality of flow detection results according to the statistic file; and generating the detection result set through the flow detection results.
More specifically, the protocol name, total traffic, upstream traffic, downstream traffic, and average traffic may be generated from the statistics file.
More specifically, the plurality of flow detection results are ranked; and generating the detection result set through the sequenced multiple flow detection results.
After the flow detection is realized based on SOAP, input and output are directly or indirectly provided to the outside through a webservice interface. The inputs to the webservice interface include start time, end time, traffic ingress interface, ip address field (address object), protocol type. The output is a set of flow objects, the files for recording the flow statistics in the corresponding time period are queried according to the input parameters, the variables are calculated and stored in the flow objects, one flow object comprises the protocol name, the total flow, the uplink flow, the downlink flow, the average flow and the like of the flow, and each flow object can be output according to the size ranking of a certain variable.
In S208, the detection result set is sent to the request end through the webservice interface.
In one embodiment, the local process obtains the set of detection results; analyzing the monitoring result set; and carrying out secondary development of flow detection according to the analysis result.
According to the flow detection method, a flow detection request is obtained through a webservice interface; analyzing the flow detection request to extract flow parameters; generating a detection result set according to the flow parameters and the local flow data; the detection result set is sent to the request end through the webservice interface, so that the flow detection can be modularized based on a simple object access protocol, the maintenance cost and the system overhead are reduced, and the utilization rate of system resources is improved.
It should be clearly understood that this application describes how to make and use particular examples, but the principles of this application are not limited to any details of these examples. Rather, these principles can be applied to many other embodiments based on the teachings of the present disclosure.
Fig. 3 is a flow chart illustrating a flow detection method according to another exemplary embodiment. The flow 30 shown in fig. 3 is a detailed description of the flow of the external device in the flow shown in fig. 2.
As shown in fig. 3, in S302, the external device generates an HTTP detection request through a simple object access protocol.
In S304, the local device obtains a traffic detection request from the webservice interface.
In S306, the flow rate detection request is parsed to extract a flow rate parameter.
In S308, a set of detection results is generated according to the traffic parameter and the local traffic data.
In S310, the external device acquires a detection result set by the webservice interface.
The external request of the system mainly refers to inquiry and display of the traffic situation, the third party platform can exchange information with the network equipment through an http request, the network equipment analyzes the SOAP message after receiving the request, and the analysis result is transmitted to the webservice interface of the traffic detection module for processing, so that the traffic information of the equipment in a certain time period is obtained.
Fig. 4 is a flow chart illustrating a flow detection method according to another exemplary embodiment. The process 40 shown in fig. 4 is a detailed description of the flow of the native application in the process shown in fig. 2.
As shown in fig. 4, in S402, the local process generates a simulated HTTP detection request through a simple object access protocol.
In S404, the local device obtains a traffic detection request from the webservice interface.
In S406, the flow rate detection request is parsed to extract a flow rate parameter.
In S408, a set of detection results is generated from the traffic parameters and the local traffic data.
In S410, the external device acquires a detection result set by the webservice interface.
In S412, the monitoring result set is parsed for secondary development.
The system internal request mainly refers to obtaining a real-time detection result of the flow, and the flow detection module provides an interface for simulating the http request. The interface mainly comprises the following working procedures: and assembling the request parameters into a SOAP request message according to the required data, then simulating the interaction between the http request and the network equipment, analyzing the xml file after receiving the SOAP response message returned by the webservice interface, and analyzing the xml file into the required flow parameters or performing secondary development according to the requirements. The method is essentially to simulate an http request to interact information with a webservice interface of a flow detection module, and the interaction flow after the request is sent is consistent with the processing flow of the external request of the system.
According to the flow detection method, flow detection can be based on an information interaction mechanism of SOAP, and a standardized webservice public interface is formed for the outside.
In a specific application scenario, a flow detection module built in the system periodically collects network data packets flowing through the system, so as to perform statistics, for example, protocol name, total flow, uplink flow, downlink flow, and average flow, and then stores the statistics result in a predetermined position.
After an external or internal flow detection request is acquired at a certain moment, the flow detection module built in the system does not need to call other flows or data in the system, but directly calls stored statistical information, and then responds to the external or internal flow detection request through the statistical information. In the method, the flow detection process built in the system is not required to be called for multiple times, multiple times and multiple detection requests can be responded only by one call, the response time of the system is greatly saved, and the calculation pressure of the system is reduced.
Those skilled in the art will appreciate that all or part of the steps implementing the above described embodiments are implemented as a computer program executed by a CPU. When executed by a CPU, performs the functions defined by the above methods provided herein. The program may be stored in a computer readable storage medium, which may be a read-only memory, a magnetic disk or an optical disk, etc.
Furthermore, it should be noted that the above-described figures are merely illustrative of the processes involved in the method according to the exemplary embodiments of the present application, and are not intended to be limiting. It will be readily appreciated that the processes shown in the above figures do not indicate or limit the temporal order of these processes. In addition, it is also readily understood that these processes may be performed synchronously or asynchronously, for example, among a plurality of modules.
The following are device embodiments of the present application, which may be used to perform method embodiments of the present application. For details not disclosed in the device embodiments of the present application, please refer to the method embodiments of the present application.
Fig. 5 is a block diagram illustrating a flow detection device according to an exemplary embodiment. As shown in fig. 5, the flow rate detection device 50 includes: a request module 502, a parameter module 504, a collection module 506, and a sending module 508. The flow detection device 50 may further include: a generation module 510.
The request module 502 is configured to obtain a flow detection request through a webservice interface;
the parameter module 504 is configured to parse the flow detection request to extract a flow parameter; the parameter module 504 is further configured to parse the flow detection request to extract a start time, an end time, a flow entry interface, an ip address field, and a protocol type of the flow to be detected.
The aggregation module 506 is configured to generate a detection result set according to the flow parameter and the local flow data; the aggregation module 506 is further configured to query a file of statistics of the local traffic data according to the traffic parameter; generating a plurality of flow detection results according to the statistic file; and generating the detection result set through the flow detection results.
The sending module 508 is configured to send the detection result set to a request end through a webservice interface.
The generating module 510 is configured to generate, by using the simple object access protocol, a simulated HTTP detection request by the local process.
According to the flow detection device, a flow detection request is obtained through a webservice interface; analyzing the flow detection request to extract flow parameters; generating a detection result set according to the flow parameters and the local flow data; the detection result set is sent to the request end through the webservice interface, so that the flow detection can be modularized based on a simple object access protocol, the maintenance cost and the system overhead are reduced, and the utilization rate of system resources is improved.
Fig. 6 is a block diagram of an electronic device, according to an example embodiment.
An electronic device 600 according to this embodiment of the present application is described below with reference to fig. 6. The electronic device 600 shown in fig. 6 is merely an example, and should not be construed as limiting the functionality and scope of use of embodiments of the present application.
As shown in fig. 6, the electronic device 600 is in the form of a general purpose computing device. Components of electronic device 600 may include, but are not limited to: at least one processing unit 610, at least one memory unit 620, a bus 630 connecting the different system components (including the memory unit 620 and the processing unit 610), a display unit 640, etc.
Wherein the storage unit stores program code that is executable by the processing unit 610 such that the processing unit 610 performs steps described in the present specification according to various exemplary embodiments of the present application. For example, the processing unit 610 may perform the steps as shown in fig. 2, 3, and 4.
The memory unit 620 may include readable media in the form of volatile memory units, such as Random Access Memory (RAM) 6201 and/or cache memory unit 6202, and may further include Read Only Memory (ROM) 6203.
The storage unit 620 may also include a program/utility 6204 having a set (at least one) of program modules 6205, such program modules 6205 including, but not limited to: an operating system, one or more application programs, other program modules, and program data, each or some combination of which may include an implementation of a network environment.
Bus 630 may be a local bus representing one or more of several types of bus structures including a memory unit bus or memory unit controller, a peripheral bus, an accelerated graphics port, a processing unit, or using any of a variety of bus architectures.
The electronic device 600 may also communicate with one or more external devices 600' (e.g., keyboard, pointing device, bluetooth device, etc.), devices that enable a user to interact with the electronic device 600, and/or any devices (e.g., routers, modems, etc.) that the electronic device 600 can communicate with one or more other computing devices. Such communication may occur through an input/output (I/O) interface 650. Also, electronic device 600 may communicate with one or more networks such as a Local Area Network (LAN), a Wide Area Network (WAN), and/or a public network, such as the Internet, through network adapter 660. The network adapter 660 may communicate with other modules of the electronic device 600 over the bus 630. It should be appreciated that although not shown, other hardware and/or software modules may be used in connection with electronic device 600, including, but not limited to: microcode, device drivers, redundant processing units, external disk drive arrays, RAID systems, tape drives, data backup storage systems, and the like.
From the above description of embodiments, those skilled in the art will readily appreciate that the example embodiments described herein may be implemented in software, or may be implemented in software in combination with the necessary hardware. Thus, as shown in fig. 7, the technical solution according to the embodiments of the present application may be embodied in the form of a software product, which may be stored in a non-volatile storage medium (may be a CD-ROM, a U-disk, a mobile hard disk, etc.) or on a network, and includes several instructions to cause a computing device (may be a personal computer, a server, or a network device, etc.) to perform the above-described method according to the embodiments of the present application.
In general, the flow detection method and apparatus of the present disclosure abstracts the demand points of functional modules based on flow detection by analyzing the characteristics of these functional modules, and implements them as a single module (flow detection module) with minimal system resources, invisible to the outside, and provides only an interface. And all functional modules based on flow detection interact with the flow detection module in a soap mode, unify input and output information of the webservice interface, and meet the flow information requirements of most modules. The flow detection-based functional module comprises a flow analysis functional module, an abnormal flow detection functional module, a flow threshold alarm functional module and the like, and is mainly divided into a system internal request and a system external request for the flow detection module. The external request of the system is information interaction of the third party platform and the network equipment about flow monitoring, for example, the third party platform requests the network equipment for a flow detection result in a certain time period through an http request, and the flow detection module returns corresponding flow information according to parameters after receiving the request, so that the network environment is displayed in a graphical mode. The internal request of the system is information interaction with the flow detection module in the network equipment system, for example, the flow threshold alarming function module requests flow information of an application to the flow detection module in real time, and once the application flow is greater than a threshold, alarming or blocking can be carried out according to a set strategy, so that a network manager can conveniently debug the network environment. In the flow detection module, the device performs data acquisition and analysis on the network data packet flowing through, counts various statistics of the network flow according to a certain time granularity, and stores the statistics result in a file. The flow detection module only provides one webservice interface for the external request of the system; and providing an interface simulating the http request for the internal request of the system, and indirectly interacting with the webservice interface through the interface. After the flow detection is realized based on the soap, input and output are directly or indirectly provided to the outside through a webservice interface. The inputs to the webservice interface include start time, end time, traffic ingress interface, ip address field (address object), protocol type. The output is a set of flow objects, the files for recording the flow statistics in the corresponding time period are queried according to the input parameters, the variables are calculated and stored in the flow objects, one flow object comprises the protocol name, the total flow, the uplink flow, the downlink flow, the average flow and the like of the flow, and each flow object can be output according to the size ranking of a certain variable. The external request of the system mainly refers to inquiry and display of the flow condition, the third party platform exchanges information with the network equipment through an http request, the network equipment analyzes the soap message after receiving the request, and the analysis result is transmitted to a webservice interface of the flow detection module for processing, so that the flow information of the equipment in a certain time period is obtained. The system internal request mainly refers to obtaining a real-time detection result of the flow, and the flow detection module provides an interface for simulating the http request. The interface mainly comprises the following working procedures: and assembling the request parameters into a soap request message according to the required data, then simulating the interaction between the http request and the network equipment, analyzing the xml file after receiving a soap response message returned by the webservice interface, and analyzing the xml file into the required flow parameters or performing secondary development according to the requirements. The method is essentially to simulate an http request to interact information with a webservice interface of a flow detection module, and the interaction flow after the request is sent is consistent with the processing flow of the external request of the system. The flow detection method and the system are based on soap modularization, so that maintenance cost and system overhead are reduced, and the utilization rate of system resources is improved.
The software product may employ any combination of one or more readable media. The readable medium may be a readable signal medium or a readable storage medium. The readable storage medium can be, for example, but is not limited to, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device, or a combination of any of the foregoing. More specific examples (a non-exhaustive list) of the readable storage medium would include the following: an electrical connection having one or more wires, a portable disk, a hard disk, random Access Memory (RAM), read-only memory (ROM), erasable programmable read-only memory (EPROM or flash memory), optical fiber, portable compact disk read-only memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing.
The computer readable storage medium may include a data signal propagated in baseband or as part of a carrier wave, with readable program code embodied therein. Such a propagated data signal may take any of a variety of forms, including, but not limited to, electro-magnetic, optical, or any suitable combination of the foregoing. A readable storage medium may also be any readable medium that can communicate, propagate, or transport a program for use by or in connection with an instruction execution system, apparatus, or device. Program code embodied on a readable storage medium may be transmitted using any appropriate medium, including but not limited to wireless, wireline, optical fiber cable, RF, etc., or any suitable combination of the foregoing.
Program code for carrying out operations of the present application may be written in any combination of one or more programming languages, including an object oriented programming language such as Java, C++ or the like and conventional procedural programming languages, such as the "C" programming language or similar programming languages. The program code may execute entirely on the user's computing device, partly on the user's device, as a stand-alone software package, partly on the user's computing device, partly on a remote computing device, or entirely on the remote computing device or server. In the case of remote computing devices, the remote computing device may be connected to the user computing device through any kind of network, including a Local Area Network (LAN) or a Wide Area Network (WAN), or may be connected to an external computing device (e.g., connected via the Internet using an Internet service provider).
The computer-readable medium carries one or more programs, which when executed by one of the devices, cause the computer-readable medium to perform the functions of: obtaining a flow detection request by a webservice interface; analyzing the flow detection request to extract flow parameters; generating a detection result set according to the flow parameters and the local flow data; and sending the detection result set to a request end through a webservice interface.
The computer readable medium may also implement the following functions: the local process generates a simulated HTTP detection request via a simple object access protocol.
Those skilled in the art will appreciate that the modules may be distributed throughout several devices as described in the embodiments, and that corresponding variations may be implemented in one or more devices that are unique to the embodiments. The modules of the above embodiments may be combined into one module, or may be further split into a plurality of sub-modules.
From the above description of embodiments, those skilled in the art will readily appreciate that the example embodiments described herein may be implemented in software, or in combination with the necessary hardware. Thus, the technical solutions according to the embodiments of the present application may be embodied in the form of a software product, which may be stored in a non-volatile storage medium (may be a CD-ROM, a U-disk, a mobile hard disk, etc.) or on a network, and include several instructions to cause a computing device (may be a personal computer, a server, a mobile terminal, or a network device, etc.) to perform the methods according to the embodiments of the present application.
Exemplary embodiments of the present application are specifically illustrated and described above. It is to be understood that this application is not limited to the details of construction, arrangement or method of implementation described herein; on the contrary, the application is intended to cover various modifications and equivalent arrangements included within the spirit and scope of the appended claims.
Claims (7)
1. A method for detecting traffic based on a simple object access protocol, comprising:
acquiring a flow detection request by a website service interface;
analyzing and extracting flow parameters from the HTTP detection request or the flow detection request contained in the simulated HTTP detection request, wherein the flow detection request is derived from external equipment or a local process, when the request end is the external equipment, the external equipment generates the HTTP detection request through a simple object access protocol, when the request end is the local process, the local process determines the flow parameters to be detected, and assembles the flow parameter set through the simple object access protocol to generate the simulated HTTP detection request;
generating a detection result set according to the flow parameters and the local flow data;
and sending the detection result set to a request end through a website service interface.
2. The method of claim 1, wherein parsing the traffic detection request to extract traffic parameters comprises:
and analyzing and extracting the starting time and the ending time of the flow to be detected, a flow inlet interface, an ip address segment and a protocol type of the flow detection request.
3. The method of claim 1, wherein generating a set of detection results from the traffic parameters and local traffic data comprises:
inquiring a file of statistics of the local flow data according to the flow parameters;
generating a plurality of flow detection results according to the statistic file;
and generating the detection result set through the flow detection results.
4. The method of claim 3, wherein generating a plurality of traffic detection results from the statistics file comprises:
and generating a protocol name, a total flow, an uplink flow, a downlink flow and an average flow according to the statistic file.
5. The method of claim 3, wherein generating the set of detection results from the plurality of traffic detection results further comprises:
sequencing the plurality of flow detection results;
and generating the detection result set through the sequenced multiple flow detection results.
6. The method as recited in claim 1, further comprising:
the local process obtains the detection result set;
analyzing the monitoring result set;
and carrying out secondary development of flow detection according to the analysis result.
7. A simple object access protocol based traffic detection device, comprising:
the request module is used for acquiring a flow detection request through the website service interface;
the parameter module is used for analyzing the flow detection request contained in the HTTP detection request or the simulated HTTP detection request to extract flow parameters, wherein the flow detection request is derived from external equipment or a local process, when the request end is the external equipment, the external equipment generates the HTTP detection request through a simple object access protocol, when the request end is the local process, the local process determines the flow parameters to be detected, and the flow parameter set is assembled through the simple object access protocol to generate the simulated HTTP detection request;
the aggregation module is used for generating a detection result set according to the flow parameters and the local flow data;
and the sending module is used for sending the detection result set to a request end through a website service interface.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210873618.3A CN115277477B (en) | 2022-07-24 | 2022-07-24 | Flow detection method and device based on simple object access protocol |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210873618.3A CN115277477B (en) | 2022-07-24 | 2022-07-24 | Flow detection method and device based on simple object access protocol |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN115277477A CN115277477A (en) | 2022-11-01 |
| CN115277477B true CN115277477B (en) | 2024-03-01 |
Family
ID=83770623
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202210873618.3A Active CN115277477B (en) | 2022-07-24 | 2022-07-24 | Flow detection method and device based on simple object access protocol |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN115277477B (en) |
Citations (10)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2007006611A1 (en) * | 2005-07-13 | 2007-01-18 | Thomson Licensing | Method for detection of the activity of a device in a network of distributed stations, as well as a network station for carrying out the method |
| CN102694733A (en) * | 2012-06-06 | 2012-09-26 | 济南大学 | Method for acquiring network flow data set with accurate application type identification |
| CN103546343A (en) * | 2013-10-18 | 2014-01-29 | 中国南方电网有限责任公司 | Network flow display method and system for network flow analyzing systems |
| CN104869026A (en) * | 2014-02-24 | 2015-08-26 | 大唐软件技术股份有限公司 | Method, access equipment and gateway equipment for LAN (Local Area Network) background flow detection |
| CN105204922A (en) * | 2014-06-30 | 2015-12-30 | 金电联行(北京)信息技术有限公司 | Collecting method of client terminal of data collecting platform |
| US10833992B1 (en) * | 2018-12-14 | 2020-11-10 | Amazon Technologies, Inc. | Associating route tables with ingress traffic to logically isolated networks |
| CN112671768A (en) * | 2020-12-24 | 2021-04-16 | 四川虹微技术有限公司 | Abnormal flow detection method and device, electronic equipment and storage medium |
| CN113746781A (en) * | 2020-05-28 | 2021-12-03 | 深信服科技股份有限公司 | Network security detection method, device, equipment and readable storage medium |
| CN114301694A (en) * | 2021-12-29 | 2022-04-08 | 赛尔网络有限公司 | Network abnormal flow analysis method, device, equipment and medium |
| CN114546743A (en) * | 2022-02-24 | 2022-05-27 | 杭州迪普科技股份有限公司 | Method and device for testing performance of equipment interface |
-
2022
- 2022-07-24 CN CN202210873618.3A patent/CN115277477B/en active Active
Patent Citations (10)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2007006611A1 (en) * | 2005-07-13 | 2007-01-18 | Thomson Licensing | Method for detection of the activity of a device in a network of distributed stations, as well as a network station for carrying out the method |
| CN102694733A (en) * | 2012-06-06 | 2012-09-26 | 济南大学 | Method for acquiring network flow data set with accurate application type identification |
| CN103546343A (en) * | 2013-10-18 | 2014-01-29 | 中国南方电网有限责任公司 | Network flow display method and system for network flow analyzing systems |
| CN104869026A (en) * | 2014-02-24 | 2015-08-26 | 大唐软件技术股份有限公司 | Method, access equipment and gateway equipment for LAN (Local Area Network) background flow detection |
| CN105204922A (en) * | 2014-06-30 | 2015-12-30 | 金电联行(北京)信息技术有限公司 | Collecting method of client terminal of data collecting platform |
| US10833992B1 (en) * | 2018-12-14 | 2020-11-10 | Amazon Technologies, Inc. | Associating route tables with ingress traffic to logically isolated networks |
| CN113746781A (en) * | 2020-05-28 | 2021-12-03 | 深信服科技股份有限公司 | Network security detection method, device, equipment and readable storage medium |
| CN112671768A (en) * | 2020-12-24 | 2021-04-16 | 四川虹微技术有限公司 | Abnormal flow detection method and device, electronic equipment and storage medium |
| CN114301694A (en) * | 2021-12-29 | 2022-04-08 | 赛尔网络有限公司 | Network abnormal flow analysis method, device, equipment and medium |
| CN114546743A (en) * | 2022-02-24 | 2022-05-27 | 杭州迪普科技股份有限公司 | Method and device for testing performance of equipment interface |
Also Published As
| Publication number | Publication date |
|---|---|
| CN115277477A (en) | 2022-11-01 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| Lin et al. | Adapting bro into scada: building a specification-based intrusion detection system for the dnp3 protocol | |
| US12061703B2 (en) | OpenTelemetry security extensions | |
| US11546380B2 (en) | System and method for creation and implementation of data processing workflows using a distributed computational graph | |
| US20210385251A1 (en) | System and methods for integrating datasets and automating transformation workflows using a distributed computational graph | |
| US8661456B2 (en) | Extendable event processing through services | |
| CN110704771B (en) | Page abnormality monitoring method, system, device, electronic equipment and readable medium | |
| EP3494506A1 (en) | Detection mitigation and remediation of cyberattacks employing an advanced cyber-decision platform | |
| CN112463422A (en) | Internet of things fault operation and maintenance method and device, computer equipment and storage medium | |
| CN116166505B (en) | Monitoring platform, method, storage medium and equipment for dual-state IT architecture in financial industry | |
| CN111954240A (en) | Network fault processing method and device and electronic equipment | |
| CN113794719B (en) | Network abnormal traffic analysis method and device based on elastic search technology and electronic equipment | |
| Solmaz et al. | ALACA: A platform for dynamic alarm collection and alert notification in network management systems | |
| CN111488257A (en) | Cloud service link tracking monitoring method, device, equipment and storage medium | |
| CN115001989A (en) | Equipment early warning method, device, equipment and readable storage medium | |
| CN112994934B (en) | Data interaction method, device and system | |
| US11985144B2 (en) | Browser extension for cybersecurity threat intelligence and response | |
| CN111240847A (en) | Data processing method, device, medium and computing equipment | |
| Zhang et al. | Software defined security architecture with deep learning-based network anomaly detection module | |
| CN115277477B (en) | Flow detection method and device based on simple object access protocol | |
| US20080162687A1 (en) | Data acquisition system and method | |
| CN104219219A (en) | Method, server and system for handling data | |
| CN112260903B (en) | Link monitoring method and device | |
| CN115412326A (en) | Abnormal flow detection method and device, electronic equipment and storage medium | |
| Gao et al. | Study on data acquisition solution of network security monitoring system | |
| WO2021055964A1 (en) | System and method for crowd-sourced refinement of natural phenomenon for risk management and contract validation |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |