CN115426201A - Data acquisition method and system for network target range - Google Patents
Data acquisition method and system for network target range Download PDFInfo
- Publication number
- CN115426201A CN115426201A CN202211365152.2A CN202211365152A CN115426201A CN 115426201 A CN115426201 A CN 115426201A CN 202211365152 A CN202211365152 A CN 202211365152A CN 115426201 A CN115426201 A CN 115426201A
- Authority
- CN
- China
- Prior art keywords
- data
- data acquisition
- time period
- network
- acquired
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
- H04L41/16—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks using machine learning or artificial intelligence
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/20—Network architectures or network communication protocols for network security for managing network security; network security policies in general
Abstract
The invention discloses a data acquisition method and a system facing a network target range, which comprises the steps of formulating data acquisition parameters, data acquisition strategies and data analysis strategies, acquiring data from corresponding network target range computing nodes through a data acquisition module according to the data acquisition parameters and the data acquisition strategies, predicting the size of data to be acquired by the data acquisition module in the next time period according to a data flow prediction algorithm and data acquisition parameters of data acquired in the current time period, calculating the flow variance of a data packet in the next time period according to the predicted data size in the next time period, judging whether to adopt an equal time period data acquisition strategy or a variable time period data acquisition strategy, reducing transmission consumption, realizing diversified sampling strategies and centralized sampling data analysis, and realizing data acquisition support of various network target range drilling scenes.
Description
Technical Field
The invention relates to the technical field related to network security, in particular to a data acquisition method and system for a network target range.
Background
The network target range is used as a professional network space actual combat training platform for training network security talents, the actual condition of the current network space can be simulated, and the security problem can be reproduced in the virtual environment. Meanwhile, the method has the capability of scene updating iteration according to the emerging security loophole. The flow monitoring of the network shooting range becomes an indispensable part of the infrastructure of the network shooting range center, and the network shooting range flow acquisition and analysis is the most effective means for obtaining the user behavior indexes and parameters of the first-hand network shooting range.
At present, the flow monitoring of the network target range mainly aims at the network data between the physical equipment and the physical equipment of the network target range and between the physical equipment and the virtual equipment, the data of each equipment port is collected in a manual configuration mode, the problems of poor flexibility and low real-time performance exist, the automatic data collection and analysis of the differentiated operation scene of the network target range are difficult to realize, the number of general nodes of the network target range is large, the data volume is large, and the existing real-time sampling method easily causes the transitional consumption of software and hardware resources of the collected equipment and data network transmission resources.
Disclosure of Invention
The present invention is directed to at least solving the problems of the prior art. Therefore, the invention provides a data acquisition system and a data acquisition method facing to a network shooting range, which can realize real-time flow sampling of distributed computing nodes of the network shooting range, and simultaneously support diversified sampling strategies and centralized sampling data analysis, thereby reducing transmission consumption and realizing data acquisition support of various network shooting range drilling scenes.
The invention provides a data acquisition method facing to a network shooting range, which comprises the following steps:
formulating data acquisition parameters, data acquisition strategies and data analysis strategies;
acquiring data from corresponding network target range computing nodes through a data acquisition module according to the data acquisition parameters and the data acquisition strategies, wherein the data acquisition module is remotely deployed on the corresponding network target range computing nodes, and acquiring data from the corresponding network target range computing nodes through the data acquisition module according to the data acquisition parameters and the data acquisition strategies specifically comprises the following steps:
acquiring data of a network target range computing node corresponding to the data acquisition module in a current time period through the data acquisition module, and acquiring data acquisition parameters of the data acquired in the current time period, wherein the time period is a preset value;
predicting the size of data to be acquired by the data acquisition module in the next time period according to a data flow prediction algorithm and data acquisition parameters of the data acquired in the current time period to obtain the predicted data size of the next time period;
calculating the flow variance of the data packet in the next time period according to the predicted data size in the next time period;
judging whether the flow variance of the data packet in the next time period is smaller than a preset threshold value, if so, adopting an equal time period data acquisition strategy, and if not, adopting a variable time period data acquisition strategy;
and carrying out data analysis on the acquired data according to the data analysis strategy to obtain a data analysis result.
According to the embodiment of the invention, at least the following technical effects are achieved:
the method comprises the following steps of formulating data acquisition parameters, data acquisition strategies and data analysis strategies, acquiring data from corresponding network target range computing nodes through a data acquisition module according to the data acquisition parameters and the data acquisition strategies, wherein the data acquisition module is remotely deployed on the corresponding network target range computing nodes, and acquiring data from the corresponding network target range computing nodes through the data acquisition module according to the data acquisition parameters and the data acquisition strategies specifically comprises the following steps: acquiring data of a network target range computing node corresponding to a data acquisition module in a current time period through the data acquisition module, and acquiring data acquisition parameters of the data acquired in the current time period, wherein the time period is a preset value, predicting the size of data to be acquired by the data acquisition module in the next time period according to a data flow prediction algorithm and the data acquisition parameters of the data acquired in the current time period to obtain the predicted data size of the next time period, calculating the flow variance of a data packet in the next time period according to the predicted data size of the next time period, judging whether the flow variance of the data packet in the next time period is smaller than a preset threshold value, if the flow variance of the data packet in the next time period is smaller than the preset threshold value, adopting an equal time period data acquisition strategy, and if the flow variance of the data packet in the next time period is equal to or larger than the preset threshold value, adopting a variable time period data acquisition strategy; the invention reduces transmission consumption by combining the equal-time period data acquisition strategy and the variable-time period data acquisition strategy, performs data analysis on the acquired data according to the data analysis strategy to obtain a data analysis result, and realizes diversified sampling strategies and centralized sampling data analysis, thereby realizing data acquisition support for various network shooting range drilling scenes.
According to some embodiments of the present invention, the variable time period data acquisition strategy is to identify a plurality of sub-time periods within the time period, so that traffic variance of data packets within each identified sub-time period is smaller than the preset threshold, and to adopt a corresponding equal time period data acquisition strategy according to each identified sub-time period, where each sub-time period is different.
According to some embodiments of the invention, the data collection parameters include an IP address, a port number, a time period, a virtual machine ID number and an IP address of a data packet to be collected, a location ID of collected data, and a scope task category.
According to some embodiments of the present invention, the data analysis strategy includes performing traffic analysis of certain kinds of data packets, type analysis of attack means, number analysis of illegally acquired data packets, and transmission delay analysis of data packets on the collected data.
According to some embodiments of the invention, the data traffic prediction algorithm comprises a long-short-time memory network algorithm and a convolutional neural network algorithm.
In a second aspect of the present invention, there is provided a network range-oriented data acquisition system, comprising:
the acquisition task management module is used for formulating data acquisition parameters, data acquisition strategies and data analysis strategies;
the data acquisition module is in communication connection with the acquisition task management module and is used for acquiring data from the corresponding network target range computing node according to the data acquisition parameters and the data acquisition strategies, wherein the data acquisition module is remotely deployed on the corresponding network target range computing node, and the data acquisition from the corresponding network target range computing node according to the data acquisition parameters and the data acquisition strategies specifically comprises the following steps:
acquiring data of a network target range computing node corresponding to the data acquisition module in a current time period through the data acquisition module, and acquiring data acquisition parameters of the data acquired in the current time period, wherein the time period is a preset value;
predicting the size of data to be acquired by the data acquisition module in the next time period according to a data flow prediction algorithm and data acquisition parameters of the data acquired in the current time period to obtain the predicted data size of the next time period;
calculating the flow variance of the data packet in the next time period according to the predicted data size in the next time period;
judging whether the flow variance of the data packet in the next time period is smaller than a preset threshold value, if so, adopting an equal time period data acquisition strategy, and if not, adopting a variable time period data acquisition strategy;
and the data analysis module is in communication connection with the acquisition task management module and the data acquisition module and is used for carrying out data analysis on the acquired data according to the data analysis strategy to obtain a data analysis result.
The system carries out data acquisition from corresponding network target range computing nodes through formulating data acquisition parameters, data acquisition strategies and data analysis strategies and according to the data acquisition parameters and the data acquisition strategies through a data acquisition module, wherein the data acquisition module is remotely deployed on the corresponding network target range computing nodes, and the data acquisition from the corresponding network target range computing nodes through the data acquisition module and according to the data acquisition parameters and the data acquisition strategies specifically comprises the following steps: acquiring data of a network target range computing node corresponding to a data acquisition module in a current time period through the data acquisition module, and acquiring data acquisition parameters of the data acquired in the current time period, wherein the time period is a preset value, predicting the size of data to be acquired by the data acquisition module in the next time period according to a data flow prediction algorithm and the data acquisition parameters of the data acquired in the current time period to obtain the predicted data size of the next time period, calculating the flow variance of a data packet in the next time period according to the predicted data size of the next time period, judging whether the flow variance of the data packet in the next time period is smaller than a preset threshold value, if the flow variance of the data packet in the next time period is smaller than the preset threshold value, adopting an equal time period data acquisition strategy, and if the flow variance of the data packet in the next time period is equal to or larger than the preset threshold value, adopting a variable time period data acquisition strategy; the invention reduces transmission consumption by combining the equal time period data acquisition strategy and the variable time period data acquisition strategy, performs data analysis on the acquired data according to the data analysis strategy to obtain a data analysis result, and realizes diversified sampling strategies and centralized sampling data analysis, thereby realizing data acquisition support for various network shooting range drilling scenes.
According to some embodiments of the invention, the data collection parameters include an IP address, a port number, a time period, a virtual machine ID number and an IP address of a data packet to be collected, a location ID of collected data, and a scope task category.
According to some embodiments of the invention, the data traffic prediction algorithm comprises a long-term memory network algorithm and a convolutional neural network algorithm.
In a third aspect of the invention, a network range-oriented data acquisition electronic device is provided, comprising at least one control processor and a memory for communicative connection with the at least one control processor; the memory stores instructions executable by the at least one control processor to enable the at least one control processor to perform the network range-oriented data collection method described above.
In a fourth aspect of the present invention, a computer-readable storage medium is provided, which stores computer-executable instructions for causing a computer to perform the above-mentioned network range-oriented data acquisition method.
It should be noted that the advantageous effects between the second to fourth aspects of the present invention and the prior art are the same as the advantageous effects between the above-mentioned network range-oriented data acquisition system and the prior art, and will not be described in detail herein.
Additional aspects and advantages of the invention will be set forth in part in the description which follows and, in part, will be obvious from the description, or may be learned by practice of the invention.
Drawings
The above and/or additional aspects and advantages of the present invention will become apparent and readily appreciated from the following description of the embodiments, taken in conjunction with the accompanying drawings of which:
FIG. 1 is a flow chart of a network range-oriented data collection method according to an embodiment of the present invention;
fig. 2 is a schematic diagram of a variable-time-period data acquisition strategy of a network range-oriented data acquisition method according to an embodiment of the present invention;
fig. 3 is a flow chart of a network range-oriented data acquisition system in accordance with an embodiment of the present invention.
Detailed Description
Reference will now be made in detail to embodiments of the present invention, examples of which are illustrated in the accompanying drawings, wherein like reference numerals refer to the same or similar elements or elements having the same or similar functions throughout. The embodiments described below with reference to the accompanying drawings are illustrative only for the purpose of explaining the present invention, and are not to be construed as limiting the present invention.
In the description of the present invention, if there are first, second, etc. described, it is only for the purpose of distinguishing technical features, and it is not understood that relative importance is indicated or implied or that the number of indicated technical features is implicitly indicated or that the precedence of the indicated technical features is implicitly indicated.
In the description of the present invention, it should be understood that the orientation descriptions, such as the orientation or positional relationship indicated by upper, lower, etc., are based on the orientation or positional relationship shown in the drawings, and are only for convenience of description and simplification of the description, but do not indicate or imply that the device or element referred to must have a particular orientation, be constructed in a particular orientation, and be operated, and thus should not be construed as limiting the present invention.
In the description of the present invention, it should be noted that unless otherwise explicitly defined, terms such as arrangement, installation, connection and the like should be broadly understood, and those skilled in the art can reasonably determine the specific meanings of the above terms in the present invention in combination with the specific contents of the technical solutions.
Before the embodiment of the invention is introduced, a brief description is given to a long-time memory network and a convolutional neural network:
a typical data traffic prediction algorithm uses current and past observed traffic characteristics to predict future traffic distributions. There are more sophisticated data traffic prediction algorithms, such as: long Short-Term Memory Network (LSTM) and Convolutional Neural Network (CNN). Take the LSTM algorithm as an example:
the LSTM algorithm is a modified recurrent neural network and can solve the problem that the RNN cannot handle long-distance dependence. All Recurrent Neural Networks (RNNs) have a chain form of repeating neural network modules. In the standard RNN, this duplicated structure module has only a very simple structure, e.g. a tanh layer, as is the LSTM, but the duplicated module has a different structure. Unlike a single neural network layer, there are four LSTMs, which then interact in a special way.
At present, the flow monitoring of the network target range mainly aims at the network data between the physical equipment and the physical equipment of the network target range and between the physical equipment and the virtual equipment, the data of each equipment port is collected in a manual configuration mode, the problems of poor flexibility and low real-time performance exist, the automatic data collection and analysis of the differentiated operation scene of the network target range are difficult to realize, the number of general nodes of the network target range is large, the data volume is large, and the existing real-time sampling method easily causes the transitional consumption of software and hardware resources of the collected equipment and data network transmission resources.
In order to solve the technical defects, referring to fig. 1, the invention further provides a data acquisition method facing to a network target range, which comprises the following steps:
s101, making data acquisition parameters, data acquisition strategies and data analysis strategies;
step S102, data acquisition is carried out from the corresponding network target range computing node through the data acquisition module according to the data acquisition parameters and the data acquisition strategy, wherein the data acquisition module is remotely deployed on the corresponding network target range computing node, and the data acquisition from the corresponding network target range computing node through the data acquisition module according to the data acquisition parameters and the data acquisition strategy specifically comprises the following steps:
acquiring data of a network target range computing node corresponding to the data acquisition module in the current time period through the data acquisition module, and acquiring data acquisition parameters of the data acquired in the current time period, wherein the time period is a preset value;
predicting the size of data to be acquired by a data acquisition module in the next time period according to a data flow prediction algorithm and data acquisition parameters of data acquired in the current time period to obtain the predicted data size of the next time period;
calculating the flow variance of the data packet in the next time period according to the predicted data size in the next time period;
judging whether the flow variance of the data packet in the next time period is smaller than a preset threshold value, if so, adopting an equal time period data acquisition strategy, and if the flow variance of the data packet in the next time period is equal to or larger than the preset threshold value, adopting a variable time period data acquisition strategy;
and S103, carrying out data analysis on the acquired data according to the data analysis strategy to obtain a data analysis result.
The method comprises the following steps of formulating data acquisition parameters, data acquisition strategies and data analysis strategies, acquiring data from corresponding network target range computing nodes through a data acquisition module according to the data acquisition parameters and the data acquisition strategies, wherein the data acquisition module is remotely deployed on the corresponding network target range computing nodes, and acquiring data from the corresponding network target range computing nodes through the data acquisition module according to the data acquisition parameters and the data acquisition strategies specifically comprises the following steps: acquiring data of a network target range computing node corresponding to a data acquisition module in a current time period through the data acquisition module, and acquiring data acquisition parameters of the data acquired in the current time period, wherein the time period is a preset value, predicting the size of data to be acquired by the data acquisition module in the next time period according to a data flow prediction algorithm and the data acquisition parameters of the data acquired in the current time period to obtain the predicted data size of the next time period, calculating the flow variance of a data packet in the next time period according to the predicted data size of the next time period, judging whether the flow variance of the data packet in the next time period is smaller than a preset threshold value, if the flow variance of the data packet in the next time period is smaller than the preset threshold value, adopting an equal time period data acquisition strategy, and if the flow variance of the data packet in the next time period is equal to or larger than the preset threshold value, adopting a variable time period data acquisition strategy; the invention reduces transmission consumption by combining the equal time period data acquisition strategy and the variable time period data acquisition strategy, performs data analysis on the acquired data according to the data analysis strategy to obtain a data analysis result, and realizes diversified sampling strategies and centralized sampling data analysis, thereby realizing data acquisition support for various network shooting range drilling scenes.
In some embodiments, the variable time period data acquisition strategy is to identify a plurality of sub-time periods within a time period, so that the traffic variance of the data packets within each identified sub-time period is smaller than a preset threshold, and to adopt a corresponding equal time period data acquisition strategy according to each identified sub-time period, where each sub-time period is different.
Specifically, in a time period, if the traffic variance of the data packet is smaller than a specific threshold, it is determined that the traffic in the time period is uniformly distributed. Referring to fig. 2, according to the actual traffic behavior statistics, the traffic is uniformly distributed in segments, and if equal-interval sampling is adopted, the collected device software and hardware resources and data network transmission resources are excessively consumed. As fig. 2 shows traffic flow distribution in T1, T2, and T3 time periods, it can be found that T (T = T1+ T2+ T3) traffic is non-uniform in the total time period, and the core idea of adopting an equally spaced unreasonable and variable time period sampling strategy is as follows: in the T time period, a plurality of uniformly distributed time periods (T1, T2 and T3) are identified, reasonable sampling intervals are determined in each sub-uniformly distributed time period, respective equal-time-period sampling is realized, but the sampling intervals of each time period (for example, T1 and T2) are different.
In some embodiments, the data collection parameters include an IP address, a port number, a time period, a virtual machine ID number and an IP address of the data packet to be collected, a location ID of the collected data, and a range task category.
In some embodiments, the data analysis strategy includes performing traffic analysis of certain types of data packets, type analysis of attack means, number analysis of illegally acquired data packets, and transmission delay analysis of data packets on the collected data.
Specifically, for example, the stability index is evaluated by counting the data packets of each data acquisition module, and sorting the data packets according to the destination addresses of the data packets and the numbers of the data packets, so as to obtain the transmission delay conditions of the data packets of the same type with the same destination addresses, and by analyzing the variance of the delays of the data packets, if the variance is smaller than a predetermined threshold value, it is indicated that the flow rate of the data packets is uniform, and it is also indicated that the system is stable; the evaluation of the Trojan horse index is to analyze the destination addresses of the data packets by counting the data packets of each data acquisition module, see whether the destination addresses are illegal or not, if the destination addresses are illegal, indicate that the system is infected by the Trojan horse, and send the stolen data packets outwards.
In some embodiments, the data acquisition module is further configured to store the data acquired by the data acquisition module in a sorted manner.
In some embodiments, the data traffic prediction algorithm includes a long-term memory network algorithm and a convolutional neural network algorithm.
In addition, referring to fig. 3, an embodiment of the present invention provides a data acquisition system for a network target range, including an acquisition task management module 1100, a data acquisition module 1200, and a data analysis module 1300, where:
the collection task management module 1100 is used for making data collection parameters, data collection strategies and data analysis strategies;
the data acquisition module 1200 is configured to perform data acquisition from the corresponding network range computing node according to the data acquisition parameters and the data acquisition policy, where the data acquisition module is remotely deployed on the corresponding network range computing node, and the data acquisition from the corresponding network range computing node according to the data acquisition parameters and the data acquisition policy specifically includes:
acquiring data of a network target range computing node corresponding to the data acquisition module in the current time period through the data acquisition module, and acquiring data acquisition parameters of the data acquired in the current time period, wherein the time period is a preset value;
predicting the size of data to be acquired by a data acquisition module in the next time period according to a data flow prediction algorithm and data acquisition parameters of data acquired in the current time period to obtain the predicted data size of the next time period;
calculating the flow variance of the data packet in the next time period according to the predicted data size in the next time period;
judging whether the flow variance of the data packet in the next time period is smaller than a preset threshold value, if so, adopting an equal time period data acquisition strategy, and if the flow variance of the data packet in the next time period is equal to or larger than the preset threshold value, adopting a variable time period data acquisition strategy;
the data analysis module 1300 is configured to perform data analysis on the acquired data according to a data analysis policy to obtain a data analysis result.
The system is characterized in that data acquisition parameters, data acquisition strategies and data analysis strategies are formulated, data acquisition is carried out from corresponding network target range computing nodes through a data acquisition module according to the data acquisition parameters and the data acquisition strategies, wherein the data acquisition module is remotely deployed on the corresponding network target range computing nodes, and the data acquisition from the corresponding network target range computing nodes is carried out through the data acquisition module according to the data acquisition parameters and the data acquisition strategies, wherein the data acquisition is specifically as follows: acquiring data of a network target range computing node corresponding to a data acquisition module in a current time period through the data acquisition module, and acquiring data acquisition parameters of the data acquired in the current time period, wherein the time period is a preset value, predicting the size of data to be acquired by the data acquisition module in the next time period according to a data flow prediction algorithm and the data acquisition parameters of the data acquired in the current time period to obtain the predicted data size of the next time period, calculating the flow variance of a data packet in the next time period according to the predicted data size of the next time period, judging whether the flow variance of the data packet in the next time period is smaller than a preset threshold value, if the flow variance of the data packet in the next time period is smaller than the preset threshold value, adopting an equal time period data acquisition strategy, and if the flow variance of the data packet in the next time period is equal to or larger than the preset threshold value, adopting a variable time period data acquisition strategy; the invention reduces transmission consumption by combining the equal time period data acquisition strategy and the variable time period data acquisition strategy, performs data analysis on the acquired data according to the data analysis strategy to obtain a data analysis result, and realizes diversified sampling strategies and centralized sampling data analysis, thereby realizing data acquisition support for various network shooting range drilling scenes.
In some embodiments, the system further comprises a data storage module for storing the data collected by the data collection module in a classified manner.
In some embodiments, the data collection parameters include an IP address, a port number, a time period, a virtual machine ID number and an IP address of the data packet to be collected, a location ID of the collected data, and a range task category.
In some embodiments, the data traffic prediction algorithm includes a long-term memory network algorithm and a convolutional neural network algorithm.
It should be noted that the embodiment of the present system and the embodiment of the system described above are based on the same inventive concept, and therefore, the related contents of the embodiment of the method described above are also applicable to the embodiment of the present system, and are not described herein again.
The application also provides a data acquisition electronic device towards network shooting range, includes: a memory, a processor, and a computer program stored on the memory and executable on the processor, the processor when executing the computer program implementing: the data acquisition method facing the network shooting range is as described above.
The processor and memory may be connected by a bus or other means.
The memory, as a non-transitory computer-readable storage medium, may be used to store non-transitory software programs as well as non-transitory computer-executable programs. Further, the memory may include high speed random access memory, and may also include non-transitory memory, such as at least one disk storage device, flash memory device, or other non-transitory solid state storage device. In some embodiments, the memory optionally includes memory located remotely from the processor, and these remote memories may be connected to the processor through a network. Examples of such networks include, but are not limited to, the internet, intranets, local area networks, mobile communication networks, and combinations thereof.
The non-transitory software programs and instructions required to implement the network range-oriented data acquisition method of the above-described embodiment are stored in the memory, and when executed by the processor, perform the network range-oriented data acquisition method of the above-described embodiment, for example, perform the above-described method steps S101 to S103 in fig. 1.
The present application further provides a computer-readable storage medium having stored thereon computer-executable instructions for performing: the data acquisition method facing the network range is described above.
The computer-readable storage medium stores computer-executable instructions, which are executed by a processor or controller, for example, by a processor in the above-mentioned electronic device embodiment, and can make the above-mentioned processor execute the data acquisition method facing network range in the above-mentioned embodiment, for example, execute the above-mentioned method steps S101 to S103 in fig. 1.
One of ordinary skill in the art will appreciate that all or some of the steps, systems, and methods disclosed above may be implemented as software, firmware, hardware, and suitable combinations thereof. Some or all of the physical components may be implemented as software executed by a processor, such as a central processing unit, digital signal processor, or microprocessor, or as hardware, or as an integrated circuit, such as an application specific integrated circuit. Such software may be distributed on computer readable media, which may include computer storage media (or non-transitory media) and communication media (or transitory media). The term computer storage media includes volatile and nonvolatile, removable and non-removable media implemented in any method or technology for storage of information such as computer readable instructions, data structures, program elements or other data, as is well known to those of ordinary skill in the art. Computer storage media includes, but is not limited to, RAM, ROM, EEPROM, flash memory or other memory technology, CD-ROM, digital Versatile Disks (DVD) or other optical disk storage, magnetic cassettes, magnetic tape, magnetic disk storage or other magnetic storage devices, or any other medium which can be used to store the desired information and which can accessed by a computer. In addition, communication media typically embodies computer readable instructions, data structures, program elements, or other data in a modulated data signal such as a carrier wave or other transport mechanism and includes any information delivery media as is well known to those of ordinary skill in the art.
The embodiments of the present invention have been described in detail with reference to the drawings, but the present invention is not limited to the embodiments, and various changes can be made within the knowledge of those skilled in the art without departing from the gist of the present invention.
Claims (10)
1. A data acquisition method facing a network target range is characterized in that the data acquisition method facing the network target range comprises the following steps:
formulating data acquisition parameters, data acquisition strategies and data analysis strategies;
acquiring data from corresponding network target range computing nodes through a data acquisition module according to the data acquisition parameters and the data acquisition strategies, wherein the data acquisition module is remotely deployed on the corresponding network target range computing nodes, and acquiring data from the corresponding network target range computing nodes through the data acquisition module according to the data acquisition parameters and the data acquisition strategies specifically comprises the following steps:
acquiring data of a network target range computing node corresponding to the data acquisition module in a current time period through the data acquisition module, and acquiring data acquisition parameters of the data acquired in the current time period, wherein the time period is a preset value;
predicting the size of data to be acquired by the data acquisition module in the next time period according to a data flow prediction algorithm and data acquisition parameters of the data acquired in the current time period to obtain the predicted data size of the next time period;
calculating the flow variance of the data packet in the next time period according to the predicted data size in the next time period;
judging whether the flow variance of the data packet in the next time period is smaller than a preset threshold value, if so, adopting an equal time period data acquisition strategy, and if not, adopting a variable time period data acquisition strategy;
and carrying out data analysis on the acquired data according to the data analysis strategy to obtain a data analysis result.
2. The method as claimed in claim 1, wherein the variable time period data collection strategy is to identify a plurality of sub-time periods within the time period, so that the flow variance of the data packets within each identified sub-time period is smaller than the preset threshold, and to adopt a corresponding equal time period data collection strategy according to each identified sub-time period, wherein each sub-time period is different.
3. The network shooting range-oriented data acquisition method according to claim 2, wherein the data acquisition parameters comprise an IP address, a port number, a time period, a virtual machine ID number and an IP address of a data packet to be acquired, a position ID of acquired data and a shooting range task category.
4. The method for data collection facing network shooting range according to claim 3, wherein the data analysis strategy comprises performing traffic analysis of specific kinds of data packets, type analysis of attack means, number analysis of illegally obtained data packets and transmission delay analysis of data packets on the collected data.
5. The network range-oriented data collection method of claim 4, wherein the data traffic prediction algorithm comprises a long-short time memory network algorithm and a convolutional neural network algorithm.
6. A network range-oriented data acquisition system, the network range-oriented data acquisition system comprising:
the acquisition task management module is used for formulating data acquisition parameters, data acquisition strategies and data analysis strategies;
the data acquisition module is in communication connection with the acquisition task management module and is used for acquiring data from the corresponding network target range computing node according to the data acquisition parameters and the data acquisition strategies, wherein the data acquisition module is remotely deployed on the corresponding network target range computing node, and the data acquisition from the corresponding network target range computing node through the data acquisition module according to the data acquisition parameters and the data acquisition strategies specifically comprises the following steps:
acquiring data of a network target range computing node corresponding to the data acquisition module in a current time period through the data acquisition module, and acquiring data acquisition parameters of the data acquired in the current time period, wherein the time period is a preset value;
predicting the size of data to be acquired by the data acquisition module in the next time period according to a data flow prediction algorithm and data acquisition parameters of the data acquired in the current time period to obtain the predicted data size of the next time period;
calculating the flow variance of the data packet in the next time period according to the predicted data size in the next time period;
judging whether the flow variance of the data packet in the next time period is smaller than a preset threshold value, if so, adopting an equal time period data acquisition strategy, and if not, adopting a variable time period data acquisition strategy;
and the data analysis module is in communication connection with the acquisition task management module and the data acquisition module and is used for carrying out data analysis on the acquired data according to the data analysis strategy to obtain a data analysis result.
7. The network shooting range-oriented data acquisition system of claim 6, wherein the data acquisition parameters comprise an IP address, a port number, a time period, a virtual machine ID number and an IP address of a data packet to be acquired, a position ID of acquired data and a shooting range task category.
8. The network range-oriented data acquisition system of claim 7, wherein the data traffic prediction algorithm comprises a long-time memory network algorithm and a convolutional neural network algorithm.
9. A network range oriented data acquisition device comprising at least one control processor and a memory for communicative connection with the at least one control processor; the memory stores instructions executable by the at least one control processor to enable the at least one control processor to perform the network range oriented data acquisition method of any one of claims 1 to 5.
10. A computer-readable storage medium characterized by: the computer-readable storage medium stores computer-executable instructions for causing a computer to perform the network range-oriented data acquisition method of any one of claims 1 to 5.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202211365152.2A CN115426201B (en) | 2022-11-03 | 2022-11-03 | Data acquisition method and system for network shooting range |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202211365152.2A CN115426201B (en) | 2022-11-03 | 2022-11-03 | Data acquisition method and system for network shooting range |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN115426201A true CN115426201A (en) | 2022-12-02 |
| CN115426201B CN115426201B (en) | 2023-01-17 |
Family
ID=84207170
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202211365152.2A Active CN115426201B (en) | 2022-11-03 | 2022-11-03 | Data acquisition method and system for network shooting range |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN115426201B (en) |
Citations (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103546335A (en) * | 2013-09-16 | 2014-01-29 | 紫光股份有限公司 | Method and device for predicting network traffic |
| CN112202736A (en) * | 2020-09-15 | 2021-01-08 | 浙江大学 | Industrial control system communication network abnormity classification method based on statistical learning and deep learning |
| CN113037531A (en) * | 2019-12-25 | 2021-06-25 | 中兴通讯股份有限公司 | Flow prediction method, device and storage medium |
| CN113556372A (en) * | 2020-04-26 | 2021-10-26 | 浙江宇视科技有限公司 | Data transmission method, device, equipment and storage medium |
| WO2021254354A1 (en) * | 2020-06-18 | 2021-12-23 | 中兴通讯股份有限公司 | Capacity control method, network management device, management and orchestration device, system and medium |
| CN113886010A (en) * | 2021-09-27 | 2022-01-04 | 阿里巴巴(中国)有限公司 | Control method and device for container resources and computer storage medium |
| CN114283590A (en) * | 2021-09-02 | 2022-04-05 | 青岛海信网络科技股份有限公司 | Traffic flow peak prediction method and device and electronic equipment |
| CN115022193A (en) * | 2022-05-23 | 2022-09-06 | 电子科技大学 | Local area network flow prediction method based on improved ConvLSTM deep learning model |
-
2022
- 2022-11-03 CN CN202211365152.2A patent/CN115426201B/en active Active
Patent Citations (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103546335A (en) * | 2013-09-16 | 2014-01-29 | 紫光股份有限公司 | Method and device for predicting network traffic |
| CN113037531A (en) * | 2019-12-25 | 2021-06-25 | 中兴通讯股份有限公司 | Flow prediction method, device and storage medium |
| CN113556372A (en) * | 2020-04-26 | 2021-10-26 | 浙江宇视科技有限公司 | Data transmission method, device, equipment and storage medium |
| WO2021254354A1 (en) * | 2020-06-18 | 2021-12-23 | 中兴通讯股份有限公司 | Capacity control method, network management device, management and orchestration device, system and medium |
| CN112202736A (en) * | 2020-09-15 | 2021-01-08 | 浙江大学 | Industrial control system communication network abnormity classification method based on statistical learning and deep learning |
| CN114283590A (en) * | 2021-09-02 | 2022-04-05 | 青岛海信网络科技股份有限公司 | Traffic flow peak prediction method and device and electronic equipment |
| CN113886010A (en) * | 2021-09-27 | 2022-01-04 | 阿里巴巴(中国)有限公司 | Control method and device for container resources and computer storage medium |
| CN115022193A (en) * | 2022-05-23 | 2022-09-06 | 电子科技大学 | Local area network flow prediction method based on improved ConvLSTM deep learning model |
Also Published As
| Publication number | Publication date |
|---|---|
| CN115426201B (en) | 2023-01-17 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| KR101952985B1 (en) | Network-wide flow monitoring in split architecture networks | |
| Zhou et al. | Exploiting the vulnerability of flow table overflow in software-defined network: Attack model, evaluation, and defense | |
| CN109165136A (en) | Monitoring method, terminal device and the medium of terminal operating data | |
| CN108768942B (en) | DDoS attack detection method and detection device based on self-adaptive threshold | |
| CN103647670A (en) | Sketch based data center network flow analysis method | |
| CN109981805A (en) | A kind of method and device of domain name mapping | |
| CN111324886A (en) | Service request processing method and device and server | |
| CN111641585A (en) | DDoS attack detection method and device | |
| KR101409758B1 (en) | Apparatus and method of detecting denial of service in content centric network | |
| CN112073376A (en) | Attack detection method and device based on data plane | |
| CN100493001C (en) | Automatic clustering method for multi-particle size network under G bit flow rate | |
| CN108712365B (en) | DDoS attack event detection method and system based on flow log | |
| CN115426201B (en) | Data acquisition method and system for network shooting range | |
| CN116760649B (en) | Data security protection and early warning method based on big data | |
| CN108965318A (en) | Detect the method and device of unauthorized access device IP in industrial control network | |
| Abbasi et al. | An intelligent method for reducing the overhead of analysing big data flows in Openflow switch | |
| Ahani et al. | On optimal proactive and retention-aware caching with user mobility | |
| CN106254375B (en) | A kind of recognition methods of hotspot equipment and device | |
| US20140136647A1 (en) | Router and operating method thereof | |
| Tang et al. | FTODefender: An efficient flow table overflow attacks defending system in SDN | |
| CN109361658A (en) | Abnormal flow information storage means, device and electronic equipment based on industry control industry | |
| CN111935781B (en) | Control method, network system and related device of data sharing network | |
| CN115333917A (en) | CDN anomaly detection method and device | |
| CN114266288A (en) | Network element detection method and related device | |
| Xie et al. | Research on table overflow ldos attack detection and defense method in software defined networks |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |