CN115855000A - Network space mapping expression method based on graph theory-space-time object - Google Patents

Network space mapping expression method based on graph theory-space-time object Download PDF

Info

Publication number
CN115855000A
CN115855000A CN202210615171.XA CN202210615171A CN115855000A CN 115855000 A CN115855000 A CN 115855000A CN 202210615171 A CN202210615171 A CN 202210615171A CN 115855000 A CN115855000 A CN 115855000A
Authority
CN
China
Prior art keywords
network space
space
expression
network
mapping
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202210615171.XA
Other languages
Chinese (zh)
Inventor
施群山
周杨
梁静
蓝朝桢
徐青
胡校飞
吕亮
张衡
邢帅
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Information Engineering University of PLA Strategic Support Force
Original Assignee
Information Engineering University of PLA Strategic Support Force
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Information Engineering University of PLA Strategic Support Force filed Critical Information Engineering University of PLA Strategic Support Force
Priority to CN202210615171.XA priority Critical patent/CN115855000A/en
Publication of CN115855000A publication Critical patent/CN115855000A/en
Pending legal-status Critical Current

Links

Images

Landscapes

  • Information Retrieval, Db Structures And Fs Structures Therefor (AREA)

Abstract

The invention belongs to the technical field of network space mapping, and particularly relates to a network space mapping expression method based on graph theory-space-time objects, which comprises the following steps: acquiring network space mapping data; organizing the cyberspace mapping data using a cyberspace mapping expression model to form data for expression; performing visual expression on the organized network space mapping data in the selected network space hierarchy; the network space mapping expression model uses a node set to represent network space resources, and an edge set represents a network space relation; the edges represent the network space relationship between two corresponding nodes; the network space resource and the network space relation are strongly correlated with time, and the corresponding objects are multi-granularity space-time objects; therefore, the problems that in the prior art, different network space mapping data are not uniformly organized, the network space mapping data of each hierarchy of a network are not universal when being organized, visual expression of each hierarchy of the network space cannot be rapidly realized, and the expression effect is poor are solved.

Description

Network space mapping expression method based on graph theory-space-time object
Technical Field
The invention belongs to the technical field of network space mapping, and particularly relates to a network space mapping expression method based on graph theory-space-time objects.
Background
With the rapid development of technologies such as the internet, the internet of things and the like, the network is fully integrated into human life, and the network space becomes the fifth strategic space parallel to the land, sea, air and sky. Compared with the physical space of land, sea, air and space, the network space has the following characteristics: firstly, the system is complex, the network space is large in quantity and scale, the technical structure is complex, network attack events are frequent, and accurate mapping perception and intuitive interpretation and understanding are difficult; secondly, the network space is widely penetrated, and the network space is penetrated into each field of politics, economy, military, culture and society all the time and globally, and supports and influences the function stability and the operation order of each field; and thirdly, real-time dynamic, the topological structure, the communication path and the running state of the network space can be adjusted and shaped as required by technical means, and the adjustment changes of network addresses, ports, routes, host identities, communication protocols, instruction sets and the like can directly influence the whole state of the network space. The comprehensive exploration of the network space characteristics and the resource distribution thereof has great significance for promoting national economy and guaranteeing national security, so that the network space mapping technology is a brand new application of mapping science and technology in the new field of network space, and is a natural extension of geographic space mapping.
The network space mapping is to use the network space as an object, use computer science, network science, mapping science and information science as a basis, use network detection, network analysis, entity positioning, geographical mapping and a geographical information system as main technologies, obtain the position, the attribute and the topological structure of the network space entity resources and the virtual resources in the network space through means of detection, collection, processing, analysis, display and the like, map the network space entity resources and the virtual resources to the geographical space, draw information such as coordinates, topology, surrounding environment and the like in a map form or other visual forms, display relevant situations, and perform theory and technology of spatial analysis and application according to the information.
The network space is an abnormally complex space, various network space resources are distributed in the network space, the network space resources are mutually associated through a communication network, and various network events such as network attacks, virus lassos, network protections and the like occur at every moment. Compared with the geospatial object, the cyberspace expression object has the following characteristics, and important consideration is needed in designing the expression model. And (1) resource cross-layer. The network space may be divided into a physical layer, a logical layer, and a cognitive layer. Different cyber-space hierarchies contain different resources in the cyber-space and different attributes of the resources, and the same type of resource may span different cyber-space hierarchies. For example, a hardware device contains both location attributes (physical layer) and logical topological relationships between devices (logical layer); network users include both location attributes (physical layer), user operations (logical layer), and awareness modalities (cognitive layer). The network space situation expression needs to take this feature into full account. And (2) element association. The incidence relation of the network space is the key content that the network space needs to be expressed, and the incidence relation of the network space is the relation related to a plurality of entity targets and needs to be highlighted, and obviously, the incidence relation of the network space is not obvious in the characteristic that all things in the network space are interconnected in the multi-granularity space-time object model provided by the existing literature. And (3) multiple events. The network space events change instantly, and not only the geographic position changes along with the change of time, such as the running state of equipment, the change of flow and the like all change in real time, so that various elements in the expression object attributes are all functions of time and all change along with the change of time. And (4) carrying out scale change. When the network space mapping result is expressed, due to different user roles, task requirements and the like, the position of a viewpoint of an observer in a scale of a network space map or a visualization engine changes, and in order to clearly present the expression elements of the network space, automatic comprehensive operations such as addition and deletion, shape transformation and the like of the expression elements need to be carried out according to conditions such as the scale or the viewpoint position, so as to realize multi-scale expression of the network space.
In a word, the objects to be expressed in the network space and the characteristics thereof are complex, the spatial relationship spans multiple network levels, various network space mapping data organizations in the prior art are not uniform and are not universal among different network levels, so that multiple data organization forms are used when the network space mapping data of each level of the network are organized, the implementation is complicated, the visual expression of each level of the network space cannot be rapidly realized, and the expression effect is poor.
Disclosure of Invention
The invention aims to provide a network space mapping expression method based on graph theory-space-time objects, which is used for solving the problems that the organization of mapping data of different network spaces is not uniform, the network space mapping data of each layer of a network is not universal when being organized, the operation is complicated, the visual expression of each layer of the network space cannot be rapidly realized, and the expression effect is poor in the prior art.
In order to solve the technical problems, the technical scheme provided by the invention and the corresponding beneficial effects of the technical scheme are as follows:
the invention discloses a network space mapping expression method based on graph theory-space-time objects, which comprises the following steps:
1) Acquiring network space mapping data;
2) Organizing the cyberspace mapping data using a cyberspace mapping representation model to form data for representation; the network space mapping expression model is formally described as follows:
M=<O(t),E(t)>
wherein M is the network space mapping expression model, O (t) is a node set representing network space resources in the network space mapping expression model, t represents time, and E (t) is an edge set representing network space relations in the network space mapping expression model;
the formalized description of the node set O (t) is as follows:
O(t)={o 1 (t),o 2 (t),…,o n (t)}
wherein t represents time, o i (t) is the ith node in O (t), O i (t) represents a cyberspace resource object, a cyberspace resource object o i (t) includes attribute features p (t), spatio-temporal features sp (t, s, l) and behavior features a (t), o i (t) formally described as:
o i (t)=[p(t),sp(t,s,l),a(t),…],t∈[t b ,t e ],i=1,2,…,n
wherein, [ t ] b ,t e ]Representing a cyberspace resource object o i (t) life cycle, l represents network space hierarchy, s represents view point distance in scale or visualization engine, attribute feature p (t) represents attribute information of network space resource object, spatio-temporal feature sp (t, s, l) represents spatial information of network space resource object, behavior feature a (t) represents behavior of network space resource object;
the formalized description of the edge set E (t) is:
E(t)={e 1 (t),e 2 (t),…,e n (t)}
wherein e is i (t) is the ith side in E (t), E i (t) represents a cyberspace relationship between a pair of nodes comprised of two nodes, comprising: node pair<o u (t),o v (t)>Spatio-temporal features sp '(t, s, l), attribute features p' (t) and state features s (t), e i (t) formally described as:
e i (t)=[<o u (t),o v (t)>,sp′(t,s,l),p′(t),s(t),…],t∈[t′ b ,t′ e ],i=1,2,…,n
wherein o is u (t),o v (t) represents the edge e i (t) two nodes corresponding to each other, space-time feature sp '(t, s, l) represents a position when an edge is drawn and expressed, l is a network space hierarchy, [ t' b ,t′ e ]Represents an edge e i (t), the state feature s (t) represents the state information corresponding to the edge, and p' (t) represents the attribute information associated with the edge;
3) And performing visual expression on the organized network space mapping data in the selected network space hierarchy to obtain a network space map.
The beneficial effects of the above technical scheme are: on the basis of analyzing three major network space expression objects of network space resources, relations and events, characteristics of time, space and behavior needing attention of network space expression are combined, a network space mapping expression model based on a graph theory and a multi-granularity time-space object and reinforced time attribute principle is designed, data organization forms of all network levels of the network space mapping expression model are unified, the network space mapping expression model is suitable for all network levels, network space mapping data can be conveniently organized, visual expression of all network levels is simply and rapidly achieved, all network level data are complete, and the network space mapping expression model is clear in logic of data organization and good in expression effect.
The network space mapping expression model can effectively cover network space expression objects such as network space resources, relations and events, comprehensively reflects the characteristics of network space resource cross-layer, element association, multiple events, variable scales and the like, and realizes effective organization and expression of complex network space information. In addition, the network space surveying and mapping expression model is designed on the basis of graph theory, and theoretical results related to the graph theory can be further applied to the model so as to support the related analysis application of the network space.
Further, in order to further enrich the elements associated with cyberspace resources and cyberspace relationships, the node o, which makes the expressed information content richer i Also included in (t) are geometric features g (t, s, l), including o after the geometric features g (t, s, l) i (t) formally described as:
o i (t)=[p(t),sp(t,s,l),g(t,s,l),a(t),…]
wherein the geometric feature g (t, s, l) represents a network space map symbol used in expression;
edge e i (t) also includes a geometric feature g (t, s, l) including an edge e following the geometric feature g' (t, s, l) i (t) formalized as:
e i (t)=[<o u (t),o v (t)>,sp′(t,s,l),g′(t,s,l),p′(t),s(t),…]
where the geometric feature g' (t, s, l) represents the shape that the edge takes when expressed.
Further, in order to enable the network space mapping expression model to be applied to different layers, the network space mapping expression model is displayed in different layers according to requirements, and the network space hierarchy comprises a physical hierarchy layer, a logic layer and a cognitive layer.
Further, when the cyberspace resource object is a server; the attribute characteristics of the server comprise the type, the capacity and the bandwidth of the server; the spatiotemporal characteristics of the server comprise the geographic location of deployment of the cyberspace resource object; the behavior characteristics of the server include specific services and protection behaviors provided by the cyberspace resource object.
Further, in order to improve the reliability of the data, before organizing the cyber-space mapping data in step 2), data cleaning is performed on the cyber-space mapping data to obtain reliable cyber-space mapping data.
Further, in order to ensure the consistency of the expression result, step 3) needs to perform space-time reference assimilation on the organized network space mapping data before the selected network space hierarchy is visually expressed, so as to perform space-time transformation on various network space mapping data including network space resources, network space relationships and network space events, so as to transform the network space mapping data into a unified time and space reference.
Further, in order to provide a good display effect, in step 3), when performing visual expression on the organized network space mapping data, a virtual observer object is provided, and the virtual observer object is used for dynamically managing contents displayed during visual expression.
Further, in order to dynamically manage the displayed content during the expression so as to provide a good display effect, the displayed content and the display form are selected according to the requirement in the plurality of expressed contents, and the form of the virtual observer object is described as follows:
S″(t)=[p″(t),sp″(t),g″(t,s,l)…]
wherein S "(t) is a virtual observer object, p" (t) refers to an expression parameter required to be set when the network space is expressed, sp "(t) refers to a space-time position of the virtual observer which determines a network space expression result, g" (t, S, l) refers to a display view port and a posture of the virtual observer, l refers to a network space hierarchy to which the expression belongs, and S represents a scale or a viewpoint distance in a visualization engine.
Drawings
FIG. 1 is a schematic diagram of the classification of cyberspace resources employed by the present invention;
FIG. 2 is a schematic diagram of the spatial relationship of the network at different levels of the present invention;
FIG. 3 is a schematic diagram of the network space mapping expression model of the present invention;
FIG. 4 is a schematic diagram of the structure of a network space mapping expression model based on graph theory-spatio-temporal objects according to the present invention;
FIG. 5 is a schematic diagram of the structure of the proposed multi-granular spatiotemporal object model of the present invention;
FIG. 6 is a representation of a spatial mapping of the network embodying the present invention;
FIG. 7 is a flowchart of the processing steps of the invention for the spatial mapping representation data of the network;
FIG. 8 is a schematic representation of a cyberspace mapping expression model of the present invention involving a virtual observer;
FIG. 9 is a flow diagram of virtual observer instruction execution of the present invention;
FIG. 10 is a diagram of a network space visualization scene organization file XML structure of the present invention;
FIG. 11-1 is a schematic XML view of a network space visualization scene organization file of the present invention;
FIG. 11-2 is another network space visualization scene organization file XML schema of the present invention;
FIG. 12 is a diagram of an example representation of a cyberspace resource 38008 of the present invention;
FIG. 13 is a diagram of an example of a cyberspace logical relationship representation of the present invention;
FIG. 14 is a diagram illustrating the result of the invention on a multiscale network space for viewpoint 1;
fig. 15 is a diagram illustrating the result of the invention on a multiscale network space for viewpoint 2.
Detailed Description
The network space mapping can comprehensively find out the network space characteristics and the resource distribution thereof, and the invention mainly focuses on the problem of the network space mapping expression model in the 'how to draw' network space mapping. The invention summarizes network space expression objects into three categories of network space resources, relations and events, combines the characteristics of network space resource cross-layer, element association, multiple events and variable scale on the basis of analyzing the characteristics of the three categories of expression objects, designs a network space surveying and mapping expression model based on a graph theory-space object by following the three principles of taking the graph theory as the basis, combining a multi-granularity space-time object model and strengthening time attributes, and provides formal description and a specific implementation method. Network space mapping expression experiments show that: the model can effectively cover various network space expression objects, reflect the characteristics of network space and realize the effective organization and expression of complex network space information.
In order to make the objects, technical solutions and advantages of the present invention more apparent, the present invention is further described in detail below with reference to the accompanying drawings and embodiments.
The method comprises the following steps:
1. the network space expresses the object analysis.
The network space is an abnormally complex space, various network space resources are distributed in the network space, the network space resources are mutually associated through a communication network, and various network events such as network attacks, virus lassos, network protections and the like occur at every moment, so that the network space expression objects mainly comprise three categories of network space resources, network space relations and network space events in a comprehensive manner.
2. The web space represents the object.
(1) A cyberspace resource.
The network space resources are main objects of network space expression, which form a support foundation of the network space, the classification standards of the network space resources are various, and different scholars propose different classification methods from different angles. Some scholars divide the cyberspace resources into carrier, information, body and action 4 types of elements. Some scholars construct a network space element classification system under the guidance of a 'human-ground-network' tie relationship theory. Some scholars divide network space resources into terminal devices, switching devices, transmission media, virtual themes, information data and the like. Some students start from the material form and social form, and the network space resources are entity resources and virtual resources, and the classification method is accepted by many students in the industry, the invention also adopts the network space resource classification method, as shown in fig. 1, the network space entity resources mainly comprise exchange equipment and access equipment, the exchange equipment mainly is node equipment for information exchange, such as an exchanger, a router, wiFi equipment, a communication base station and the like, the access equipment is terminal equipment for accessing the network, such as a PC, a server, a mobile phone, a notebook computer, a camera and the like, and the network space entity resources can be divided into fixed network access equipment, mobile network access equipment and internet of things/industrial control network access equipment according to the access mode; the network space virtual resources are information contents, virtual persons and virtual services in the network space, wherein the information contents comprise chatting and communication information, texts and video documents; the virtual man refers to accounts such as WeChat, microblog and QQ; the virtual services include services such AS DNS, websites, and mails, and network systems, organizations, etc. providing network services such AS Autonomous Systems (AS) can also be categorized into virtual service classes.
(2) Network spatial relationships.
The network space relationship refers to the connection relationship of various network space resources in the network space, the network space resources in the network space are not independent, and the various resources need to be connected together through information communication facilities such as the internet, a mobile communication network, the internet of things and the like to jointly form the network space, so the network space relationship is another important object which needs to be expressed, and the network space relationship influences the grasp of the communication situation of the whole network space. At present, the network spatial relationship is mainly described by adopting a network topology, but the description mode mainly describes the logical communication relationship between network nodes, and is not applicable to scenes strongly related to the geographic space. For the network spatial relationship, the network spatial relationship may be classified into different types of network spatial relationships according to different hierarchies, taking the internet AS an example, the network spatial relationship may be classified into different hierarchies such AS an AS relationship, a PoP (Points of Presence) relationship, a routing relationship, and an IP node relationship, where the AS relationship represents a communication relationship between different network autonomous domains, each AS includes multiple pops, each PoP is formed by connecting multiple routes, and an IP node is the most basic node, AS shown in fig. 2.
Besides, similar network hierarchical relationships exist for other types of networks, the cyber-space expression also needs to embody the relationships between people and ground and among the cyber-space and the geographic space and the social space.
(3) A cyberspace event.
Various events such as network attacks, information damage, virus lassos, equipment faults and the like occur in a network space at every moment, dynamic presentation of the events is also an important content of network space expression, the expression of the network space events is mainly to reflect the dynamics of the network space events, each event has a life cycle, has a starting moment and an ending moment and has a developing milestone node, and therefore the development evolution process of the whole event and the possible future development trend need to be displayed in the whole life cycle during expression.
3. And analyzing the characteristics of the expression object.
Compared with the object of the geographic space, the network space expression object has the following characteristics, and important consideration is needed in designing the expression model. (1) resource cross-layer; (2) element association; (3) multiple events; and (4) carrying out scale change.
4. And (5) designing a network space mapping expression model.
The objects and the characteristics thereof to be expressed in the network space are analyzed, the objects are complex and complex, and a computer is required to draw the complex objects, so that an expression model is needed to implement the regular description of the objects, so as to uniformly organize the data and manage the scene when the computer performs the visual expression, as shown in fig. 3.
4.1, designing a network space mapping expression model.
In order to comprehensively cover three major types of expression objects of network space resources, relationships and events and highlight the characteristics of cross-layer network space resources, element association, multiple events and variable scale, the invention designs a network space mapping expression model based on a graph theory-space-time object, as shown in FIG. 4, the model follows the three principles of taking the graph theory as a basis, combining a multi-granularity space-time object model and strengthening time attributes.
(1) Based on the graph theory. The expression model of the present various network space logical relations is mainly established by depending on a graph theory, which can effectively express various network space relations, and the network space relations are the key points of network space expression. Can be prepared from G =<V,E>Wherein V = { V = 1 ,v 2 ,…,v n A finite, non-empty set, called a set of nodes, whose elements are called nodes. E = { E = { E) 1 ,e 2 ,…,e n A finite set, called an edge set, has a node pair in V for each element in E, called an edge. The edge e may be directional or non-directional. Pairs of directed edge and ordered nodes<u,v>Accordingly, in this case, u is called the start point of e, and v is the end point of e. Undirected edge and unordered node pair<u,v>Correspondingly, u, v are referred to as the two endpoints of e. Graph theory can be used to analyze connections between things, and can be universally used to model systems involving interconnections, such as communication networks, social networks, traffic networks, business networks, and the like.
In the traditional network space model, various terminals are abstracted into nodes without size in graph theory, and communication lines among various terminals are abstracted into edges without width. In the model designed by the invention, each node is not a simple point without size, but a space-time object model, which can express various network space resources; the edges connecting the nodes are not lines having no width, but lines that can reflect attributes such as physical distance, traffic size, and the like. The model designed based on the graph theory can respectively represent the physical communication relation of a physical layer, the logical topological relation of a logical layer, the social relation of a cognitive layer and the like. In addition, on the basis of graph theory, a foundation is laid for the model to use the latest artificial intelligence methods such as graph neural network and the like to carry out network space situation analysis.
(2) And combining a multi-granularity space-time object model. In the model designed by the invention, the nodes in the graph are multi-granularity space-time object models, the space-time object models in some documents only comprise 3 contents of attributes, space-time and geometric characteristics, and are simpler, and the multi-granularity space-time object models in some documents comprise 8 contents of space-time reference, space position, space form, composition structure, incidence relation, cognitive ability, behavioral ability and attribute characteristics, as shown in the following figure 5.
The multi-granularity space-time object model adopted by the invention combines the characteristics of network space mapping expression, focuses on the characteristics of attributes, space-time, geometry, behaviors and the like, and respectively corresponds to the contents of the attribute characteristics, space position, space form, behavior capability and the like of the multi-granularity space-time object model, when the specific visual expression is carried out, the attributes can be specified, such as the expression of a server, the attribute characteristics comprise the type, capacity, bandwidth and the like of the server, the space-time characteristics mainly refer to the deployed geographic position, the geometric shape expression can be represented by a normalized network space map symbol, and the behavior characteristics can provide specific services or protection behaviors and the like. In order to better perform network space multi-scale expression, the spatio-temporal characteristics and geometric characteristics in the model also need to be related to the observation viewpoint distance in a network space map scale or a visualization engine, the geometric expression modes of spatio-temporal objects are different according to a certain drawing comprehensive rule, the positions of the objects in corresponding expression also need to be adjusted appropriately so as to achieve the best expression effect, and meanwhile, the geometric shapes also need to be changed correspondingly according to expressed hierarchies, for example, when the network space relationship of a physical layer is expressed, the geometric shapes of each node are entity symbols with sizes, but when the network space relationship of a logic layer is expressed, each node can be expressed by using a simple point.
(3) The temporal property is enforced. In order to better express the events of the network space and reflect the characteristic of multiple events, the expression mode designed by the invention is a model with strong time correlation, nodes, edges and space-time object models in the model are all variable with time and change along with the change of time, and even if the model is a characteristic which does not change along with time, the model is also designed as a function of time, and the function is a constant. Meanwhile, all objects have specific life cycles, and occurrence, evolution and extinction of all events are managed and expressed by taking time as a main line, and the events are reflected as a series of behaviors changing along with time on a model.
4.2, description of the network space mapping expression model.
The network space mapping expression Model is actually a Graph theory-Spatio-temporal Object-based network space mapping visualization expression Model (G-STO Model).
Following the above design principle, the following formal descriptions of the network space mapping expression model are given, as shown in equations (1) to (5).
M=<O(t),E(t)> (1)
Wherein:
O(t)={o 1 (t),o 2 (t),…,o n (t)} (2)
wherein:
o i (t)=[p(t),sp(t,s,l),g(t,s,l),a(t),…],t∈[t b ,t e ],i=1,2,…,n (3)
in equation (1):
E(t)={e 1 (t),e 2 (t),…,e n (t)} (4)
wherein:
e i (t)=[ <o u (t),o v (t)>,sp′(t,s,l),g′(t,s,l),p′(t),s(t),…],t∈[t′ b ,t′ e ],i=1,2,…,n (5)
in the above formula, M in formula (1) represents a network space mapping expression model, O (t) represents a multi-granularity space-time object set (network space resource set) representing nodes in the model, t represents time, and the ith node O i (t) is a multi-granularity spatio-temporal object (a cyberspace resource object), the ith cyberspace resource object o i (t) is composed of a plurality of time-related features such as p (t) attribute feature, sp (t, s, l) space-time feature, g (t, s, l) geometric feature and a (t) behavior feature, and the ith network space resource object o i (t) the life cycle is [ t b ,t e ]S of the sp (t, s, l) space-time characteristic and the g (t, s, l) geometric characteristic represents a viewpoint distance in a scale or a visualization engine, l represents which layer of a physical layer, a logic layer and a cognitive layer belongs to when the expression is carried out, and a series of behaviors generated by the change of the behavior characteristic a (t) along with time form an event; e (t) represents the set of edges representing the spatial relationship of the network in the model, o in equation (5) u (t),o v (t) denotes an edge e i (t) two corresponding nodes, sp ' (t, s, l) representing the position of the edge when rendering the representation, which is also related to time t, viewpoint distance s in a scale or a visualization engine, and the level l of the representation, g ' (t, s, l) being the shape of the edge when rendering, such as line width, line color, etc., p ' (t) representing the attribute information associated with the edge, s (t) representing the status information corresponding to the edge, such as the communication case, etc., the ith edge e i (t) likewise has a Life cycle [ t' b ,t′ e ]. As can be seen from the formal description of the model, O (t) in the model corresponds to the network space resource to be expressed, E (t) represents the network space relationship, a (t) represents the network space event, all elements are variables of time t, the high dynamic characteristics of the multiple network space events are reflected, and the model can be said to well cover the objects and bodies of the network space key listThe characteristics of the network space are presented.
And 4.3, realizing a network space mapping expression model.
Class organization: based on the designed network space mapping expression model, the computer implementation is performed by adopting the idea of object-oriented, specifically, the whole network space is abstracted into two major base classes, namely an object base class (ObjectBaseClass) and a relation base class (EdgeBaseClass), which respectively correspond to O (t) and E (t) in the model, as shown in fig. 6.
The object base class (ObjectBaseClass) is composed of elements such as attribute information (Property), space-time (SpaceTime), geometric shape (Geometry), behavior (Action) and the like, and respectively corresponds to p (t) attribute characteristics, sp (t, s, l) space-time characteristics, g (t, s, l) geometric characteristics, a (t) behavior characteristics and the like in the model, the base class elements are base classes abstracted by corresponding characteristics of network space expression elements, such as the geometric shape base class (Geometry), based on the geometric base class, geometric shape types such as a server, a router, a computer terminal and the like can be further derived, and the inheritance and derivation can be selected according to actual conditions during actual expression; the relation base class (EdgeBaseclass) is composed of elements such as end points (EndPoints), space-time (SpaceTime), geometric shapes (Geometry), property information (Property), state information (State) and the like, wherein the end points (EndPoints) record two end points corresponding to edges, the space-time (SpaceTime) manages the position of drawing the edges, the geometric shapes (Geometry) mainly refer to specific expression patterns of the edges during expression, the physical layer, the logic layer and the cognitive layer can have different expression patterns, and the edges can be expressed by straight lines or curves as required. The objects to be expressed in the network space can inherit the two base classes, when the actual computer expression is carried out, the visual expression engine only needs to maintain an object drawing List List < ObjectBaseClass > and a relation drawing List List < EdgeBaseClass >, each expression element can further refine the internal structure according to the characteristics of the expression element, each expression element is inherited and instantiated from the base classes and is drawn by adopting a computer graphics method, the related events are based on time variables and are composed of a series of behaviors occurring according to time, and finally, a network space map covering network space resources, relations and events with cross-layer, association and high dynamics is constructed.
Because the network space mapping data has various sources and a complex structure, standardization processing is also needed, as shown in fig. 7, so as to be used for network space rendering expression, and the following describes the specific data processing in combination with the steps of the present invention:
the first step is as follows: and acquiring network space mapping data.
(1) And (6) data acquisition. The step is a source of data processing, data acquisition can be acquired in real time in a network detection mode, extraction can be performed from an existing database as required, and meanwhile, various modes such as reading and interactive input of text invention data are supported.
(2) And (6) data cleaning. Because the data source is indefinite, the data quality is generally difficult to guarantee, and therefore, the network space mapping data needs to be correspondingly cleaned, the false and true memory is removed, the coarse and fine memory is removed, and credible data is provided for network space mapping expression.
(3) The spatio-temporal reference is assimilated. In order to ensure the consistency of the expression result, the space-time conversion of various data is required to be converted into a uniform time and space reference. The means adopted in step (2) and step (3) are all the prior art, and are not described herein.
The second step is that: the cyberspace mapping data is organized using the cyberspace mapping expression model introduced in section 4.2 to form data for expression.
The step is that the network space mapping expression model designed according to the invention reorganizes the network space mapping data from the aspects of logic and data organization management to form the data for expression.
The third step: and performing visual expression on the organized cyberspace mapping data at the selected cyberspace level.
And finally, expressing various network space objects by adopting a corresponding graphical display mode and based on a network space mapping expression engine under the management of the virtual observer object to form a dynamic network space map.
The following describes the virtual observer object:
for the expression of space events in the network, besides that various expression objects designed in the model need to be strongly related to time, when in actual expression, in order to show the whole appearance of the network space events in the whole process, a script driving technology needs to be used, the script driving technology is a technology commonly used in various game engines, game roles can run according to the rules and can also complete the automatic switching of scenes, and the like, the script management idea is introduced into the network space mapping expression model based on graph theory-space-time object designed by the invention, the script management function is virtualized into a virtual observer object, the object is a multi-granularity space-time object model, the difference is that the object is not an expression object but influences the final drawing result of the expression object, and the description model of the virtual observer object is shown in a formula (6).
S″(t)=[p″(t),sp″(t),g″(t,s,l)…] (6)
In formula (6), S "(t) is a virtual observer object, and p" (t) mainly refers to various expression parameters to be set during network space expression, such as explicit and implicit settings of a certain type of parameter elements, start and end time of an expression scene, and the like; sp "(t) is also a spatio-temporal feature, but the spatio-temporal position of a virtual observer which determines the expression result of the network space determines the range of the finally presented network space map, and the spatio-temporal position can carry out accompanying, flying around and the like of an observation target according to corresponding instructions; g "(t, s, l) is a geometric feature, here the content of the virtual viewer's display viewport, pose, etc. The network space mapping expression model with the virtual observer added becomes the structure shown in fig. 8.
In particular, the virtual observer manages the script by means of a series of instructions, which are mainly classified into an expression parameter setting command class, a space-time control command class and a geometric characteristic command class, corresponding to three basic elements of p "(t), sp" (t), g "(t, s, l). An expression parameter setting command class such as S _ Property _ Set (setting scene parameters), S _ Property _ BeginTime (setting start time of whole scene expression), S _ Property _ EndTime (setting end time of whole scene expression), S _ Property _ SetTime (setting simulation time), S _ Property _ SetTimeRate (setting simulation step size), and the like; a spatiotemporal control command class such as S _ SpaceTime _ Follow (set viewpoint follows a certain object), S _ SpaceTime _ Center (set viewpoint follows a certain object at the Center of the screen), S _ SpaceTime _ Goto (viewpoint arrives at the object followed), S _ SpaceTime _ SetPosition (set viewpoint position), and the like; geometric characteristic command classes such as S _ Geometry _ ViewPort (setting an expression window parameter), S _ Geometry _ Fov (setting an expression field angle), S _ Geometry _ attribute (setting a virtual observer observation Attitude angle), and the like.
A series of instructions for the virtual observer are given in the form of script inventories, the format of the virtual observer script commands being: command name { [ parameter name parameter ] [ parameter name ] … }.
The command name is a keyword corresponding to each script command class, the parenthesis is a parameter list, the number is determined according to the specific command, and the parameter name indicates the parameter class, for example, S _ SpaceTime _ Goto { object "25.20.234.9" time 5} indicates that the observation viewpoint of the virtual observer is switched to the target "25.20.234.9" in 5 seconds. The specific execution process of the virtual observer instruction script is shown in fig. 9. Within the left dashed box is the work to be done by the virtual observer.
In order to verify the effectiveness of the expression model of the invention, the following expression model of network space mapping of the invention is expressed by taking AS AS an example:
in the embodiment, the global AS is taken AS an object for visual expression, and the AS condition is an important index reflecting the construction perfection degree of network infrastructure of each country in the network space. The AS information can well represent elements to be expressed in a network space, each AS can be attributed to virtual resources in the network space resources, the association relationship among the global ASs is a typical network space relationship, and a network attack event is represented AS an attack initiated from a certain terminal in one AS to one or more terminals in another AS at an AS layer. Meanwhile, the AS has the typical characteristics of a network space with cross-layer resources, element association and multiple events. Data adopted by The experiment is Data provided by a CAIDA (The Cooperative Association for Internet Data Analysis) website, the Data comprises detailed information of AS objects and AS topological relation Data, and specific Data information is shown in The following table.
TABLE 1AS data
Figure SMS_1
(1) Model-based data organization.
The data of the CAIDA website stores related information in a plurality of scattered files, and in order to express the global AS condition, the scattered data needs to be reorganized according to a designed expression model to form a regular description. According to the model designed by the invention, when the AS expresses, the ASObject and ASEdge two AS expression classes can be obtained by inheriting an object base class (ObjectBaseClass) and a relation base class (EdgeBaseClass), core elements contained in the ASObject and the ASEdge two AS expression classes are shown in the following tables 2 and 3, and other elements can be flexibly added according to a specific application scene.
TABLE 2ASObject class core elements
Figure SMS_2
TABLE 3 ASedge class core elements
Name of element Containing content
End point element Two AS names corresponding to the edges
Space-time elements The position of AS edge is mainly the position of key point when it is not straight
Geometric form factor Type, width, colour, etc. of edges, including geometric shapes of different scales, levels
Attribute element Numbering of edges
Status element Communication relation, whether any network event occurs on the edge
Each AS and the corresponding AS edge can be obtained by instantiating the two classes, data in the classes are extracted from corresponding data files or databases, and meanwhile, in order to further strengthen the management of the data, a targeted database can be designed to store and manage the data according to the expression model designed by the invention. After data extraction, the data are organized in a network space visualization expression system by using an XML-based method, fig. 10 shows a corresponding XML structure frame diagram, and fig. 11-1 and 11-2 show corresponding XML file instance screenshots. When the visualization expression is carried out, XML data can be directly assigned to ASObjects and ASEdge instantiated objects, and then the objects related to the AS are sequentially expressed in a visualization engine by combining a computer graphics method, so that the expression of the AS condition can be completed.
(2) Example of model-based expression.
According to the designed expression model and the scene data organization method, the network space mapping expression example is completed based on the Cesium open source geographic information platform. The expression example of the invention realizes the effective expression of network space resources, relationships and events, and reflects the characteristics of network space resource cross-layer, element association, multiple events and variable scale. The AS data with longitude and latitude coordinates can be all displayed on a two-three-dimensional digital earth provided by Cesium, the total number of the AS points is 60012, and the image data adopts data of a map (MapWorld). Each point represents an AS object, the connection relation among the ASs is complex, if all the connection relations are displayed at the same time, the whole map is very disordered, only all the AS objects can be displayed, and the respective connection relations are not displayed.
(1) The network space resource represents an instance.
In fig. 12, the AS expression effect of the partial view is shown, in the expression result, the most intuitive difference is that the used expression symbols are different for different cyberspace resource object expressions, and for cyberspace expression, the expressed symbols are a basis, and the cyberspace map can become a universal language only if the cyberspace expression has a uniform symbol system, but the part is not the content to be researched by the present invention, so the present invention adopts simple letter symbols to express.
(2) The cyberspace relationship expresses instances.
The invention completes the visual expression of the network space AS relation, AS shown in FIG. 13, the AS directly related to the AS 1126 is shown in the figure, the total number is 57, the AS connection relation graph can be divided into a physical layer and geography related AS connection relation graph and a logic layer AS connection relation graph; the AS connection relation diagram of the logic layer is shown in FIG. 13; the two different views adopt a set of data and unified expression model, and the difference is that when drawing expression is carried out, edges and nodes in the model present different geometric shapes according to the variable of a network space expression layer (physical or logic layer).
(3) A network space event expresses an instance.
The invention can simulate the expression of the network attack event, for example, the simulated attack event is from AS 37680 to AS 37054, for the expression of the event, it is actually the T1 moment AS 37680 which has an attack behavior, the expression of the attack behavior can be started in the way marked by an arrow, then along the side ASEdge37680_37054, the T2 moment to AS 37054, the corresponding expression model records the AS 37680 object scene file, the attack behavior occurs at the T1 moment, the AS 37054 object scene file, the attacked behavior occurs at the T2 moment, and the attack behavior passes through the edge from the T1 moment to the T2 moment in the scene file of the side ASEdge37680_ 37054. Therefore, the consistency of the whole scene file is ensured, even if the real-time situation is displayed, when an attack behavior occurs, the corresponding attack or attacked behavior can be associated to the corresponding object in real time, and if only the attack behavior can be sensed but the source cannot be traced, only the attacked AS can be associated. In addition, the whole attack process can be dynamically displayed, and backtracking and deduction of the whole process can be realized based on the edited script by combining the virtual observer object.
(4) Examples of network space multi-scale representations.
Fig. 14 and 15 show the result of multi-scale expression of AS in the network space at different viewpoint distances. The core of the multi-scale expression is automatic synthesis of expression elements, the essence of the automatic synthesis is that the expression elements are subjected to accepting or rejecting and change of geometric shapes through different synthesis operators, for the expression model designed by the invention, the geometric shapes in the model change along with the change of viewpoint distance, when different elements are displayed, the difference is that the rules of the automatic synthesis are different, and the expression model does not need to change, so that the multi-scale expression can be performed by using different synthesis operators aiming at different network space resource expression elements, and the expression models can be compatible without any change. In fig. 13, when viewpoint 1 is closer, it is necessary to completely display symbols corresponding to ASs, here AS 38008, and when viewpoint 2 is farther, the geometric shapes of these ASs become a simple point, and in the corresponding expression model file, only the variation rule of symbol display, that is, what symbols are displayed when the viewpoint is in what range, is recorded.
For other data, such as IP and its topological relation, routing, and the relation between different types of IP objects, the same method can be referred to, except that when the expression is performed, the corresponding expression symbols, multi-scale expression rules, attribute information, etc. change, but the expression model itself does not need to change.
(3) And (4) experimental analysis.
As can be seen from the AS expression example, when the expression model designed by the invention is adopted to carry out network space mapping visual expression, the differences of network space data types from different sources, database storage formats and the like can be effectively shielded. When the network space is mapped and expressed, the data can be extracted from each data file or database and reorganized according to the expression model of the invention, and the XML file is used as a carrier to generate integrated scene data and perform visual expression. The model can effectively express network space resources, relationships and events, can realize cross-layer expression by using a set of data and an expression model, and can effectively meet the expression requirements of multiple network space events and multiple scales.
The invention is mainly used for mapping network space' what is measured? How to measure? How is it drawn? How to use? The research on how to draw in the four problems is carried out, and the network space mapping expression model problem is mainly focused. On the basis of analyzing three major expression objects of network space resources, relationships and events, the network space expression method combines the characteristics of network space expression needing attention, follows the three principles of taking a graph theory as a basis, combining a multi-granularity space-time object model and strengthening time attributes, designs a network space mapping expression model based on the graph theory-space-time object, provides a uniform data organization form, and can conveniently and quickly express network space mapping data. And finally, taking the global AS condition AS an example, carrying out a network space situation expression experiment. Experimental results show that the model can effectively cover expression objects such as network space resources, relations and events, comprehensively reflects the characteristics of network space resource cross-layer, element association, multiple events, variable scales and the like, and realizes effective organization and expression of complex network space information. In addition, the model is designed on the basis of graph theory, and theoretical results related to the graph theory can be further applied to the model so as to support the application of correlation analysis on network space.

Claims (8)

1. A network space mapping expression method based on graph theory-space-time object is characterized in that: the method comprises the following steps:
1) Acquiring network space mapping data;
2) Organizing the cyberspace mapping data using a cyberspace mapping representation model to form data for representation;
the network space mapping expression model is formally described as follows:
M=<O(t),E(t)>
wherein M is the network space mapping expression model, O (t) is a node set representing network space resources in the network space mapping expression model, t represents time, and E (t) is an edge set representing network space relations in the network space mapping expression model;
the formalized description of the node set O (t) is as follows:
O(t)={o 1 (t),o 2 (t),...,o n (t)}
wherein t represents time, o i (t) is the ith node in O (t), O i (t) represents a cyberspace resource object, a cyberspace resource object o i (t) includes attribute features p (t), spatio-temporal features sp (t, s, l) and behavior features a (t), o i (t) formalized as:
o i (t)=[p(t),sp(t,s,l),a(t),…],t∈[t b ,t e ],i=1,2,…,n
wherein, [ t ] b ,t e ]Representing a cyberspace resource object o i (t) life cycle, l represents network space hierarchy, s represents view point distance in scale or visualization engine, attribute feature p (t) represents attribute information of network space resource object, spatio-temporal feature sp (t, s, l) represents spatial information of network space resource object, behavior feature a (t) represents behavior of network space resource object;
the formalized description of the edge set E (t) is:
E(t)={e 1 (t),e 2 (t),...,e n (t)}
wherein e is i (t) is the ith side in E (t), E i (t) represents a cyberspace relationship between a pair of nodes formed by two nodes, comprising: node pair < o u (t),o v (t) >, spatio-temporal features sp '(t, s, l), attribute features p' (t), and state features s (t), e i (t) formally described as:
e i (t)=[<o u (t),o v (t)>,sp′(t,s,l),p′(t),s(t),…],t∈[t′ b ,t′ e ],i=1,2,…,n
wherein o is u (t),o v (t) represents an edge e i (t) two nodes corresponding to each other, space-time feature sp '(t, s, l) represents a position when an edge is drawn and expressed, l represents a network space hierarchy level, [ t' b ,t′ e ]Represents an edge e i (t) a life cycle, the state feature s (t) representing state information corresponding to the edge, and p' (t) representing attribute information associated with the edge;
3) And performing visual expression on the organized network space mapping data in the selected network space hierarchy to obtain a network space map.
2. The method of claim 1, wherein the method comprises: node o i Also included in (t) are geometric features g (t, s, l), including o after the geometric features g (t, s, l) i (t) formally described as:
o i (t)=[p(t),sp(t,s,l),g(t,s,l),a(t),…]
wherein the geometric feature g (t, s, l) represents a network space map symbol used in expression;
edge e i (t) also includes a geometric feature g (t, s, l) including an edge e following the geometric feature g' (t, s, l) i (t) formalized as:
e i (t)=[<o u (t),o v (t)>,sp′(t,s,l),g′(t,s,l),p′(t),s(t),…]
where the geometric feature g' (t, s, l) represents the shape that the edge takes when expressed.
3. The method for network space mapping expression based on graph theory-spatiotemporal objects according to claim 1 or 2, characterized in that: the cyber space hierarchy includes a physical hierarchy, a logical hierarchy, and a cognitive hierarchy.
4. The method for network space mapping expression based on graph theory-spatio-temporal object according to claim 1 or 2, characterized in that: when the network space resource object is a server; the attribute characteristics of the server comprise the type, the capacity and the bandwidth of the server; the spatiotemporal characteristics of the server comprise the geographic location of deployment of the cyberspace resource object; the behavior characteristics of the server include specific services and protection behaviors provided by the cyberspace resource object.
5. The method of claim 1, wherein the method comprises: before organizing the cyber-space mapping data in the step 2), data cleaning is carried out on the cyber-space mapping data to obtain credible cyber-space mapping data.
6. The method for network space mapping expression based on graph theory-spatio-temporal object according to claim 1 or 5, characterized in that: and 3) before the organized network space mapping data is visually expressed in the selected network space hierarchy, the time-space reference is assimilated to perform time-space conversion on various network space mapping data including network space resources, network space relations and network space events so as to transform the network space mapping data into a unified time and space reference.
7. The method of claim 2, wherein the method comprises: and 3) when the organized network space mapping data is visually expressed, setting a virtual observer object, wherein the virtual observer object is used for dynamically managing the content displayed during visual expression.
8. The method of claim 7, wherein the method comprises: the form of the virtual observer object is described as:
S″(t)=[p″(t),sp″(t),g″(t,s,l)…]
wherein, S "(t) is a virtual observer object, p" (t) refers to an expression parameter that needs to be set when the network space is expressed, sp "(t) refers to a space-time position of the virtual observer that determines a network space expression result, g" (t, S, l) refers to a display view port and a posture of the virtual observer, l is a network space hierarchy to which the expression belongs, and S represents a view point distance in a scale or a visualization engine.
CN202210615171.XA 2022-05-31 2022-05-31 Network space mapping expression method based on graph theory-space-time object Pending CN115855000A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202210615171.XA CN115855000A (en) 2022-05-31 2022-05-31 Network space mapping expression method based on graph theory-space-time object

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202210615171.XA CN115855000A (en) 2022-05-31 2022-05-31 Network space mapping expression method based on graph theory-space-time object

Publications (1)

Publication Number Publication Date
CN115855000A true CN115855000A (en) 2023-03-28

Family

ID=85660112

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202210615171.XA Pending CN115855000A (en) 2022-05-31 2022-05-31 Network space mapping expression method based on graph theory-space-time object

Country Status (1)

Country Link
CN (1) CN115855000A (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN117041070A (en) * 2023-10-09 2023-11-10 中国人民解放军国防科技大学 Network space mapping node discovery and attribution judging method and device

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN117041070A (en) * 2023-10-09 2023-11-10 中国人民解放军国防科技大学 Network space mapping node discovery and attribution judging method and device
CN117041070B (en) * 2023-10-09 2023-12-08 中国人民解放军国防科技大学 Network space mapping node discovery and attribution judging method and device

Similar Documents

Publication Publication Date Title
US20210312709A1 (en) Cyberspace map model creation method and device
Billen et al. 3D City Models and urban information: Current issues and perspectives: European COST Action TU0801
Fairbairn et al. Representation and its relationship with cartographic visualization
Pereira et al. A platform for integrating heterogeneous data and developing smart city applications
CN109947998A (en) The calculating data lineage of network across heterogeneous system
US20070064005A1 (en) Collaborative environments in a graphical information system
Reese Theories of journalism
Antoniou User generated spatial content: an analysis of the phenomenon and its challenges for mapping agencies
Fang et al. Modeling and key technologies of a data-driven smart city system
CN109977291A (en) Search method, device, equipment and storage medium based on physical knowledge map
KR101665861B1 (en) System and method for processing data in environment of internet of things
Bai et al. Contextual adaptive knowledge visualization environments
Anderson et al. Incorporating context and location into social media analysis: A scalable, cloud-based approach for more powerful data science
Buchel et al. Geospatial analysis
Kolomeec et al. Methodological Primitives for Phased Construction of Data Visualization Models.
CN115855000A (en) Network space mapping expression method based on graph theory-space-time object
Jin et al. Association rules redundancy processing algorithm based on hypergraph in data mining
Cheng Modeling and querying fuzzy spatiotemporal objects
Bovkir et al. Big urban data visualization approaches within the smart city: Gis-based open-source dashboard example
Ajayakumar et al. I am at home: spatial privacy concerns with social media check-ins
Allen et al. Exploring the notion of spatial lenses
Gu et al. Some comments on big data and data science
de Almeida et al. A graph-based algorithm to define urban topology from unstructured geospatial data
Lanter Techniques and method of spatial database lineage tracing
Ferreira et al. Ontology-based data integration for the Internet of Things in a scientific software ecosystem

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination