CN116208382A - Method, system, electronic device and medium for network structural security analysis - Google Patents

Abstract

The invention relates to the technical field of network security analysis, and discloses a method, a system, electronic equipment and a medium for network structural security analysis, wherein the method comprises the following steps of S1, converting relational data related to a network structure into network routing information; s2, preprocessing data of a big data platform, constructing a network analysis model based on a network structure according to the network routing information, and training, evaluating, applying and optimizing the analysis model; s3, adopting a decision tree algorithm, and carrying out layer-by-layer stepwise analysis on the network structure by configuring the network analysis model to obtain a network structural security analysis result. The invention realizes intelligent detection analysis and positioning of the potential safety hazards of the network structure so as to solve the problem that the prior art cannot solve the early warning, prediction and potential hazard positioning of the communication complex network.

Description

Method, system, electronic device and medium for network structural security analysis

Technical Field

The invention relates to the technical field of network security analysis, in particular to a method, a system, electronic equipment and a medium for network structural security analysis.

Background

With the continuous development of cloud network services and 5G services, the complexity of the communication network bearing services is gradually improved, the network structure security risk and the fault influence range are also increased, and the robustness and the health of the communication network become important indexes for judging the network security. Two-way routing is a networking way of many important services, and even three-way routing is an important networking structure of some communication core networks at present.

At present, although the network management system can monitor the active network in real time, the early warning, prediction and positioning of the potential safety hazard of the network cannot be realized. And the passive networks such as the optical cable network and the like cannot be effectively monitored by adopting a network management system, and network security can be detected only by a time-consuming and labor-consuming periodic manual inspection mode.

In addition, due to poor standardization of a built network structure caused by objective factors such as geographical environment, construction cost and the like, the detection and positioning of potential safety hazards of the communication network are lack of effective intelligent analysis means, so that the potential safety hazards of the communication network are large, the network failure rate is high, the diagnosis and removal of the potential safety hazards are slow, the customer perception is poor and the like.

The prior art cannot solve the early warning, prediction and positioning of the potential safety hazards of the communication complex network, so how to solve the early warning, prediction and positioning of the potential safety hazards of the communication complex network is a problem to be solved urgently at present.

Disclosure of Invention

The invention provides a method, a system, electronic equipment and a medium for network structural safety analysis, which are used for generating network routes of a communication network, constructing a network safety analysis model, analyzing whether logic routes coincide with each other (namely hidden danger) or not and whether physical routes coincide with each other or not according to the number of the network routes, and realizing intelligent detection analysis and positioning of the network structural safety hidden danger so as to solve the problem that the prior art cannot solve the early warning, prediction and hidden danger positioning of the communication complex network hidden danger.

The invention is realized by the following technical scheme:

a method for network structural security analysis, comprising:

s1, converting relational data related to a network structure into network routing information;

s2, preprocessing data of a big data platform, constructing a network analysis model based on a network structure according to the network routing information, and training, evaluating, applying and optimizing the network analysis model;

s3, adopting a decision tree algorithm, and carrying out layer-by-layer stepwise analysis on the network structure by configuring the network analysis model to obtain a network structural security analysis result.

In S1, network element data is used as a point and relay data is used as a line, a depth search algorithm is adopted to obtain reachable network element information and reachable path information of the network structure, and the reachable path information and the reachable network element information are stored through service logic, so that network routing information is finally generated, and the specific steps are as follows:

S1.1, data extraction is carried out according to network types and network element types to obtain a network element set and a relay data set;

s1.2, setting a path search starting condition and a path search ending condition, and searching all network elements in a network element set based on the path search starting condition and the path search ending condition to obtain reachable network element information of each network element;

s1.3, carrying out recursive query search on the network element according to a depth search algorithm: traversing each reachable network element of the network structure along the depth of the network structure to acquire a reachable path of each network element and form reachable path information;

s1.4, merging all the reachable paths and the reachable network elements through service logic, and storing the reachable network elements corresponding to all the reachable paths as network routing information.

As optimization, the specific steps of S2 are:

s2.1, extracting, cleaning, standardizing, classifying data clusters, selecting variables and converting data of a large data platform;

s2.2, a network element data table, a board card data table, a port data table, a relay and transmission circuit relation table, an optical path and office direction optical fiber relation table, an office direction optical fiber and optical cable fiber core relation table, an optical cable fiber core information table, an optical cable and electric pole relation table, an optical cable and pipeline relation table, a network element and network element data relation table, a network element port and relay relation table, a ring sub-network and network element relation table, a relay and optical path data relation table, a relay and optical cable section data relation table, a relay and electric pole data relation table, a relay and pipeline data relation table and a network potential safety hazard type data table are constructed according to service requirements;

S2.3, constructing a route quantity analysis list table, a double-uplink same-wavelength analysis list table, an uplink and interconnection same-board card analysis list table, a double-uplink same-route analysis list table, an interconnection and uplink same-route analysis list table and a transmission false ring analysis list table according to service requirements;

s2.4, generating a network analysis model for analyzing network security based on a network structure according to the network routing information through an intelligent algorithm;

s2.5, obtaining the network analysis model with universality by selecting, training, evaluating, applying and optimizing the network analysis model.

As an optimization, the network analysis model includes:

the route quantity analysis model is used for acquiring route quantity information from the starting end network element to the stopping end network element;

the dual-uplink same-wavelength-division analysis model is used for analyzing whether transmission circuits and associated transmission topology subnets corresponding to two relays of a certain network element or a pair of network elements which are mutually main and standby and comprise the network element are overlapped or not to the same network element at the opposite end or a pair of network elements which are mutually main and standby at the opposite end so as to acquire the dual-uplink same-wavelength-division information of the transmission circuits corresponding to the two relays;

the uplink and interconnection same-board analysis model is used for analyzing whether ports of an uplink relay and an interconnection relay of a certain same network element belong to the same board or not so as to acquire information of the uplink and interconnection same-board of the network element;

The dual-uplink same-route analysis model is used for analyzing whether light paths, associated optical cables or associated electric poles and pipelines corresponding to two relays of a certain network element or a pair of network elements which are mutually main and standby and comprise the network element are overlapped or not so as to acquire the information of the dual-uplink same-route corresponding to the two relays;

the interconnection and uplink same-route analysis model is used for analyzing whether the optical paths, the associated optical cables or the associated electric poles and the associated pipelines corresponding to the plurality of relays are overlapped or not to obtain conclusion information of the interconnection and uplink same-route;

and the transmission false ring analysis model is used for analyzing whether optical cables associated with optical paths corresponding to a plurality of relays in the same transmission topology subnet are coincident or not so as to acquire information of the transmission false ring.

As optimization, the construction process of the route quantity analysis model is as follows:

matching the network element, the port and the relay of the home/opposite terminal through the network element IP or the network element name, then analyzing the relay quantity between the two network elements step by step, and further obtaining the conclusion information of the route quantity from the originating network element to the terminating network element;

the construction process of the dual-uplink same-wavelength-division analysis model comprises the following steps:

Matching the network element, the port and the relay of the opposite terminal through the network element IP or the network element name, analyzing to obtain two relay numbers of the network element or a pair of the main and standby network elements which are mutually used as the network element and are up to the same network element of the opposite terminal or a pair of the main and standby network elements which are mutually used as the opposite terminal; then inquiring related transmission circuit information through network elements and relay information, then transmitting topology sub-network information through the transmission circuit information, finally analyzing whether the network elements or a pair of transmission circuits corresponding to two relays of the same network element at the opposite end or a pair of network elements at the opposite end, which are mutually main and standby, are overlapped or not, and obtaining conclusion information of double-uplink same-wavelength division;

the construction process of the uplink and interconnection same-board analysis model comprises the following steps:

matching the local/opposite terminal network element, the port and the relay through the network element IP or the network element name, analyzing the relay between a pair of mutually main and standby network elements including the network element, and ascending the network element or the pair of mutually main and standby network elements including the network element to the same network element of the opposite terminal or the relay of the pair of mutually main and standby network elements of the opposite terminal; then, inquiring the information of the network element board card associated with the relay through the network element, the port and the relay information, analyzing whether the ports of the uplink relay and the interconnection relay of the same network element belong to the same board card, and obtaining the conclusion information of the uplink and the interconnection same board card;

The construction process of the dual-uplink same-route analysis model comprises the following steps:

matching the network element, the port and the relay of the opposite terminal through network element IP or network element names, analyzing to obtain that the number of the network element or a pair of the network elements which are main and standby mutually and contain the network element is two, inquiring the optical path information associated with the network element through network element and relay information, associating the optical path information with the local optical fiber through the optical path, associating the optical fiber core through the local optical fiber, associating the optical cable through the optical fiber core, associating the electric pole through the optical cable, obtaining the pipeline associated with the optical cable through the relay and the pipeline data relation table, and finally analyzing whether the optical paths corresponding to the optical paths, the associated optical cables or the associated electric poles and pipelines of the two relays which are main and standby mutually and contain the network element or the pair of the network elements which are main and standby mutually and contain the network element of the opposite terminal are overlapped or not, and obtaining the information of double uplink and same routing;

the construction process of the interconnection and uplink same-route analysis model comprises the following steps:

matching the local/opposite terminal network element, the port and the relay through the network element IP or the network element name, analyzing the relay between a pair of mutually-main and standby network elements including the network element, and the relay between the network element or the pair of mutually-main and standby network elements including the network element to the same network element of the opposite terminal or the pair of mutually-main and standby network elements of the opposite terminal; inquiring the related optical path information through network elements and relay information, then relating the optical path to an office-oriented optical fiber, relating the optical fiber to a fiber core through the office-oriented optical fiber, relating the optical fiber to an optical cable through the fiber core, relating the optical cable to an electric pole through the optical cable, obtaining an optical cable-related pipeline through the relay and pipeline data relation table, and finally analyzing whether the optical paths, the related optical cables or the related electric poles and the pipelines corresponding to the plurality of relays are overlapped or not to obtain conclusion information of interconnection and uplink same routing;

The construction process of the transmission false ring analysis model comprises the following steps:

and matching the topology subnetwork, the network element and the relay by the network element name or the topology subnetwork identifier, analyzing the relay data of the topology subnetwork, inquiring the associated optical path information by the network element and the relay information, associating the office-oriented optical fiber by the optical path, associating the optical fiber core by the office-oriented optical fiber, associating the optical cable by the optical fiber core, and finally analyzing whether optical cables associated with optical paths corresponding to a plurality of relays in the same transmission topology subnetwork are overlapped to obtain conclusion information of the transmission false ring.

As optimization, based on a network potential safety hazard type data table, the influence degree of the network potential hazards on the network safety is defined according to the network potential hazard types, the influence range of the network potential hazards on the network safety is defined according to the service quantity and the service level influenced by the network potential hazards, and the network potential hazard level is constructed by combining the influence degree and the influence range and adopting a matrix method.

As optimization, the specific process of S3 is:

analyzing the network route quantity in the network structure through a route quantity analysis model, wherein the specific process is as follows:

extracting and cleaning network data of the network structure from a big data platform to realize standardization and standardization of the data, configuring network security analysis rules about a route number analysis model based on network security hidden trouble levels, adopting a decision tree algorithm, setting a maximum tree depth level and carrying out recursion analysis on each network element and each branch of the network route by combining a logistic regression method, storing analysis and outputting conclusion information of the network route number;

Analyzing whether the logic route is overlapped or not through the dual-uplink same-wavelength-division analysis model and the uplink and interconnection same-board card analysis model, wherein the specific process comprises the following steps:

the network data of the network structure is extracted and cleaned from a big data platform, the standardization and standardization of the data are realized, network safety analysis rules about the dual-uplink same-wavelength-division analysis model and the uplink and interconnection same-board card analysis model are configured based on network safety hidden trouble levels, a decision tree algorithm is adopted, a maximum tree depth level is set to carry out recursion analysis on each network element and each branch of the network route by combining a logistic regression method, and conclusion information of whether the network has dual-uplink same-wavelength-division and whether the network has uplink and interconnection same-board cards is stored and analyzed and output;

analyzing whether the physical routes are overlapped or not through the dual-uplink same-route analysis model, the interconnection and uplink same-route analysis model and the transmission false ring analysis model, wherein the specific process is as follows:

the network data of the network structure is extracted and cleaned from a big data platform, the standardization and standardization of the data are realized, network safety analysis rules about a double-uplink same-route analysis model, an interconnection and uplink same-route analysis model and a transmission false ring analysis model are configured based on network safety hidden trouble levels, a decision tree algorithm is adopted, a maximum tree depth level is set to carry out recursion each network element and each branch of the network route by combining a logistic regression method, and conclusion information of whether the network is in double-uplink same-route, interconnection and uplink same-route or not and whether a false ring is transmitted or not is stored and analyzed and output.

The invention also discloses a system for network structural security analysis, which implements the method for network structural security analysis, and comprises the following steps:

the conversion module is used for converting the relational data related to the network structure into network routing information;

the model building module is used for preprocessing data of the big data platform, building a network analysis model based on a network structure according to the network routing information, and training, evaluating, applying and optimizing the network analysis model;

and the analysis module is used for adopting a decision tree algorithm, and carrying out layer-by-layer step analysis on the network structure by configuring the network analysis model to obtain a network structural security analysis result.

The invention also discloses an electronic device, which comprises at least one processor and a memory in communication connection with the at least one processor; wherein the memory stores instructions executable by the at least one processor to enable the at least one processor to perform a method for network structural security analysis as described above.

The invention also discloses a storage medium storing a computer program which when executed by a processor implements a method for network structural security analysis as described above.

Compared with the prior art, the invention has the following advantages and beneficial effects:

1. the invention converts the relational data of the big data platform into network route information based on a depth search algorithm, takes network element data as points, takes relay data as lines to acquire reachable network element information and network route information, stores all point-to-point information existing in a path through service logic, and achieves the purpose of generating network route information;

2. based on the big data modeling idea, the invention adopts an intelligent algorithm to construct an analysis model based on a network structure according to network routing information by extracting, cleaning, standardizing, classifying data clusters, selecting variables, converting data and the like on the big data platform data, and trains, evaluates, applies and optimizes the analysis model;

3. the invention is based on a decision tree algorithm, and the network structure is analyzed layer by layer step by step through the configuration analysis model to obtain the network structure safety analysis result, thereby realizing the intelligent detection analysis and positioning of the network structure safety hidden danger and solving the problems that the prior art cannot solve the early warning, prediction and hidden danger positioning of the communication complex network hidden danger.

Drawings

In order to more clearly illustrate the technical solutions of the exemplary embodiments of the present invention, the drawings that are needed in the examples will be briefly described below, it being understood that the following drawings only illustrate some examples of the present invention and therefore should not be considered as limiting the scope, and that other related drawings may be obtained from these drawings without inventive effort for a person skilled in the art. In the drawings:

FIG. 1 is a flow chart of a method for network structural security analysis according to the present invention;

FIG. 2 is a flow chart of a deep search algorithm for generating network routing information;

fig. 3 is a topology diagram of an ip ran network upstream route;

FIG. 4 is a flow chart of constructing an analytical model based on network architecture;

FIG. 5 is a flow chart of a network security analysis process;

FIG. 6 is a transmission circuit routing topology;

fig. 7 is a topology diagram of a transmission subnetwork route.

Detailed Description

For the purpose of making apparent the objects, technical solutions and advantages of the present invention, the present invention will be further described in detail with reference to the following examples and the accompanying drawings, wherein the exemplary embodiments of the present invention and the descriptions thereof are for illustrating the present invention only and are not to be construed as limiting the present invention.

Example 1

As shown in fig. 1, a method for network structural security analysis includes:

s1, converting relational data related to a network structure into network routing information; in this embodiment, as shown in fig. 2, network element data is taken as a point, relay data is taken as a line, a depth search algorithm is adopted to obtain reachable network element information and reachable path information of the network structure, and the reachable path information and the reachable network element information are stored through service logic, so as to finally generate network routing information, which comprises the following specific steps:

S1.1, data extraction is carried out according to network types and network element types to obtain a network element set and a relay data set;

s1.2, setting a path search starting condition and a path search ending condition, and searching all network elements in a network element set based on the path search starting condition and the path search ending condition to obtain reachable network element information of each network element;

specifically, the path search starting condition is that starting from a starting network element, searching a route opposite end network element, then searching a next reachable network element by taking the opposite end network element as a starting point, and repeating S1.2;

the path search termination conditions are: according to the network hierarchy, it is set that the search is terminated when the search network hierarchy reaches three levels. S1.3, carrying out recursive query search on the network element according to a depth search algorithm: traversing each reachable network element of the network structure along the depth of the network structure to acquire a reachable path of each network element and form reachable path information;

for example, a starting node S, namely a starting network element S, is set, a reachable node N is searched, when the edge of the node N is searched or the node does not meet the condition when searching (the condition refers to that the network level of the network element node exceeds three levels, and then the condition is excluded).

S1.4, merging paths and branch search results, merging all reachable paths and reachable network elements through service logic, and storing the reachable network elements corresponding to all the reachable paths as network routing information.

Specifically, in this embodiment, the network structural security of the uplink route of the IPRAN network is analyzed, and the B device of the IPRAN network is used as a demarcation point to analyze the network structural security of the B-DER-MER, where the topology of the uplink route of the IPRAN network is shown in fig. 3.

According to the network type, extracting network element data, board card data, port data and relay data of the IPRAN network from the big data platform, cleaning, processing and standardizing.

And according to the set path searching conditions and the set searching termination conditions, excluding network elements and relays which do not participate in constructing network routes, and searching for reachable paths from the B equipment of the IPRAN network. First searching the path of B-DER, then searching the paths of B-MER, DER-MER and B-B, splicing the Cartesian set path information of B-DER and B-MER, and returning all the route information.

The participation calculation edges are reduced through optimization of IPRAN network elements and relay data, and further the participation edge parameters of deep search are reduced. Combining the path and the branch search result, and storing all the point-to-point information of the path through service logic, thereby storing the uplink route information of the IPRAN network: B-DER-MER.

The data of the ip ran network uplink route are shown in the following table:

/>

s2, preprocessing the data of the big data platform, wherein the data of the big data platform is the relational data in S1. Then constructing a network analysis model based on a network structure according to the network routing information, and training, evaluating, applying and optimizing the network analysis model; as shown in fig. 4, the specific steps of S2 are:

s2.1, extracting, cleaning, standardizing, classifying data clusters, selecting variables and converting data of a large data platform;

s2.2, a network element data table, a board card data table, a port data table, a relay and transmission circuit relation table, an optical path and office direction optical fiber relation table, an office direction optical fiber and optical cable fiber core relation table, an optical cable fiber core information table, an optical cable and electric pole relation table, an optical cable and pipeline relation table, a network element and network element data relation table, a network element port and relay relation table, a ring sub-network and network element relation table, a relay and optical path data relation table, a relay and optical cable section data relation table, a relay and electric pole data relation table, a relay and pipeline data relation table and a network potential safety hazard type data table are constructed according to service requirements;

S2.3, constructing a route quantity analysis list table, a double-uplink same-wavelength analysis list, an uplink and interconnection same-board card analysis list table, a double-uplink same-route analysis list table and an interconnection and uplink same-route analysis list table according to service requirements;

s2.4, generating a network analysis model for analyzing network security based on a network structure according to the network routing information through an intelligent algorithm;

s2.5, obtaining the network analysis model with universality by selecting, training, evaluating, applying and optimizing the network analysis model.

Specifically, as shown in fig. 2, the third step of constructing an analysis list table is to construct an analysis model, according to the data extracted through the big data platform in the first step, based on the network potential safety hazard type data table, define the degree of influence of the network potential hazard on the network safety according to the network potential hazard type, define the range of influence of the network potential hazard on the network safety according to the number of services and the service level influenced by the network potential hazard, and construct the level of the network potential hazard by adopting a matrix method in combination with the degree of influence and the range of influence.

In this embodiment, the network analysis model includes:

the route quantity analysis model is used for acquiring route quantity information from the starting end network element to the stopping end network element;

The dual-uplink same-wavelength-division analysis model is used for analyzing whether transmission circuits and associated transmission topology subnets corresponding to two relays of a certain network element or a pair of network elements which are mutually main and standby and comprise the network element are overlapped or not to the same network element at the opposite end or a pair of network elements which are mutually main and standby at the opposite end so as to acquire the dual-uplink same-wavelength-division information of the transmission circuits corresponding to the two relays;

the uplink and interconnection same-board analysis model is used for analyzing whether ports of an uplink relay and an interconnection relay of a certain same network element belong to the same board or not so as to acquire information of the uplink and interconnection same-board of the network element;

the dual-uplink same-route analysis model is used for analyzing whether light paths, associated optical cables or associated electric poles and pipelines corresponding to two relays of a certain network element or a pair of network elements which are mutually main and standby and comprise the network element are overlapped or not so as to acquire the information of the dual-uplink same-route corresponding to the two relays;

the interconnection and uplink same-route analysis model is used for analyzing whether the optical paths, the associated optical cables or the associated electric poles and the associated pipelines corresponding to the plurality of relays are overlapped or not to obtain conclusion information of the interconnection and uplink same-route;

Next, a description will be given of the construction process of each of the above analysis models.

The construction process of the route quantity analysis model comprises the following steps:

firstly, matching the network element, the port and the relay of the home/opposite terminal through the network element IP or the network element name;

the network element or the port of the relay home terminal or the opposite terminal is respectively inquired through the IP address or the network element name of the network element, and the relay quantity in the network element and the relay quantity between the two network elements are obtained through the network element and the relay relation table.

And secondly, analyzing the relay quantity between the two network elements step by step, and splicing to obtain conclusion information of the route quantity from the start network element to the stop network element.

The routing number analysis list table is shown in the following table:

/>

the construction process of the dual-uplink same-wavelength-division analysis model comprises the following steps:

firstly, matching a home/peer network element, a port and a relay through a network element IP or a network element name, and analyzing that the number of the network element or a pair of the network elements which are mutually primary and standby and are contained in the network element is two when the network element is up to the same network element of the peer or the pair of the network elements which are mutually primary and standby of the peer;

secondly, inquiring related transmission circuit information through network elements and relay information, and transmitting topology subnet information through the related transmission circuit information;

And finally, analyzing whether the transmission circuits corresponding to the two relays are overlapped or not, and obtaining conclusion information of the double uplink same wavelength division.

The relationship between the relay and the transmission circuit is mainly described herein, and can be queried through a relationship table between the relay and the transmission circuit, and the relationship between the network element or the port and the relay can be queried through a relationship table between the port of the network element and the relay.

The list table of the dual uplink co-wavelength analysis is shown in the following table:

/>

the construction process of the uplink and interconnection same-board analysis model comprises the following steps:

firstly, matching the network element, the port and the relay of the home/opposite terminal through the network element IP or the network element name, analyzing the relay between a pair of mutually-main and standby network elements including the network element, and the network element or the pair of mutually-main and standby network elements including the network element ascend to the same network element of the opposite terminal or the relay of the pair of mutually-main and standby network elements of the opposite terminal;

and secondly, analyzing whether ports of the uplink relay and the interconnection relay of the same network element belong to the same board card or not through network element, ports and relay information inquiry relay-related network element board card information, and obtaining conclusion information of the uplink and interconnection same board card.

What is mainly described here is how to query the board card to which the port carrying the relay belongs through the relay. The method involves multi-table inquiry, the entry can be a network element or a port or a relay, and the used data table comprises: the ID in the network element table, the board card table and the port table is helpful for carrying out the association of data and constructing a data model.

The uplink and interconnection same board analysis list table is shown in the following table:

/>

the construction process of the dual-uplink same-route analysis model comprises the following steps:

matching the network element, the port and the relay of the opposite terminal through network element IP or network element names, analyzing to obtain that the number of the network element or a pair of the network elements which are main and standby mutually and contain the network element is two, inquiring the optical path information associated with the network element through network element and relay information, associating the optical path information with the local optical fiber through the optical path, associating the optical fiber core through the local optical fiber, associating the optical cable through the optical fiber core, associating the electric pole through the optical cable, obtaining the pipeline associated with the optical cable through the relay and the pipeline data relation table, and finally analyzing whether the optical paths corresponding to the optical paths, the associated optical cables or the associated electric poles and pipelines of the two relays which are main and standby mutually and contain the network element or the pair of the network elements which are main and standby mutually and contain the network element of the opposite terminal are overlapped or not, and obtaining the information of double uplink and same routing;

firstly, matching a home/peer network element, a port and a relay through a network element IP or a network element name, and analyzing that the number of the network element or a pair of the network elements which are mutually primary and standby and are contained in the network element is two when the network element is up to the same network element of the peer or the pair of the network elements which are mutually primary and standby of the peer;

Secondly, inquiring related optical path information through network elements and relay information, then, relating the optical path to an office-oriented optical fiber, relating the optical fiber to a fiber core through the office-oriented optical fiber, relating the optical cable to the fiber core, relating the optical cable to an electric pole through the optical cable, and relating the optical cable to a pipeline;

the network element and the relay information are used for inquiring the related optical path information, and the network element port is used for inquiring the relay relation table and the relay and optical path data relation table, and certainly, the multi-table inquiry is also involved, the entering parameter can be the network element or the relay, but the optical path information is obtained through the relay and the optical path data relation table, and unique identifiers exist between the relay and the optical path to correlate the two.

And finally, analyzing whether the optical paths, the associated optical cables or the associated electric poles and pipelines corresponding to the two relays are coincident or not to obtain conclusion information of double uplink and same route.

The dual uplink co-route analysis list table is shown in the following table:

/>

the construction process of the interconnection and uplink same-route analysis model comprises the following steps:

firstly, the network element, the port and the relay of the opposite terminal are matched through the network element IP or the network element name, the relay between a pair of mutually-main and standby network elements including the network element is analyzed, and the network element or the pair of mutually-main and standby network elements including the network element are uplifted to the same network element of the opposite terminal or the relay of the pair of mutually-main and standby network elements of the opposite terminal.

Secondly, inquiring the related optical path information through network elements and relay information, then relating the optical path to the local optical fiber, relating the local optical fiber to the fiber core, relating the optical cable through the fiber core to the optical cable, relating the electric pole through the optical cable to the pipeline through the optical cable. Specifically, the relationship table of the optical path and the office direction optical fiber, the relationship table of the office direction optical fiber and the optical cable fiber core, the optical cable fiber core information table, the relationship table of the optical cable and the electric pole, and the relationship table of the optical cable and the pipeline can be associated.

And finally, analyzing whether the optical paths, the associated optical cables or the associated electric poles and pipelines corresponding to the plurality of relays are overlapped or not to obtain conclusion information of interconnection and uplink same-route.

The interconnection and uplink co-route analysis list table is shown in the following table:

/>

s3, adopting a decision tree algorithm, and carrying out layer-by-layer stepwise analysis on the network structure by configuring the network analysis model to obtain a network structural security analysis result.

As shown in fig. 5, the number of network routes in the network structure is analyzed by a route number analysis model, and the specific process is as follows:

step A. Extracting data

The network data is extracted and cleaned from the big data platform, so that the standardization and standardization of the data are realized.

Step B, configuring a network security analysis model

Configuring network security analysis rules based on routing quantity analysis model

Step C, selection algorithm

And adopting a decision tree algorithm, setting a maximum tree depth level, combining with a logistic regression method and the like, carrying out recursion analysis on each node and each branch of the network route, and storing an analysis result.

Conclusion D

And outputting conclusion information of the network routing quantity.

Specifically, the network element with the equipment type B of the IPRAN network is designated as an entry through the system, and uplink route data of the IPRAN network are obtained.

According to the service requirement, a network analysis model for route quantity analysis is configured, and the network analysis model specifically comprises a route quantity analysis model.

Analyzing an IPRAN network route which takes a network element with equipment type B as a starting end and takes a network element with equipment type MER as a stopping end, and analyzing each node and each path of an uplink route B-DER-MER of the IPRAN network step by step and layer by adopting a decision tree algorithm and a logic regression method. Firstly, respectively analyzing the quantity of relays among B-DER, B-MER, DER-MER and B-B network elements, analyzing the quantity of routes among B-DER-MER, and finally obtaining the analysis conclusion of the quantity of relays among network elements of the uplink route B-DER-MER of the IPRAN network and the quantity of routes.

As shown in fig. 5, the logic routing is analyzed whether to be coincident or not by the dual-uplink co-wavelength division analysis model and the uplink and interconnection co-board analysis model, and the specific process is as follows:

Step A. Extracting data

The network data is extracted and cleaned from the big data platform, so that the standardization and standardization of the data are realized.

Step B, configuring a network security analysis model

And configuring network security analysis rules based on the dual-uplink same-wavelength-division analysis model and the uplink and interconnection same-board card analysis model.

Step C, selection algorithm

And adopting a decision tree algorithm, setting a maximum tree depth level, combining with a logistic regression method and the like, carrying out recursion analysis on each node and each branch (path) of the network route, and storing an analysis result.

Conclusion D

And outputting the conclusion information of whether the network has double uplink same wave division and whether the network has uplink and interconnection same board card.

Specifically, network element or relay or circuit with equipment type B of the IPRAN network is designated as an access parameter through the system, and network element port, relay or circuit routing data of the IPRAN network are obtained.

According to the service requirement, a network analysis module based on whether the logic route is coincident is configured, which specifically comprises: and the dual-uplink same-wavelength-division analysis model and the uplink and interconnection same-board-card analysis model.

And for the IPRAN network, analyzing whether the number of relays between the pair B and the pair DER and between the pair DER and the pair MER is two or not by adopting a decision tree algorithm and a logistic regression method and the like through a double-uplink same-wavelength-division analysis model. Analyzing whether two IPRAN network routes with the network element of the equipment type B as a starting end and the network element of the equipment type MER as a stopping end are two.

In the double-uplink same-wavelength-division analysis process, the related optical path information is queried through the IPRAN network element and the IPRAN relay information, the related transmission relay information is queried through the optical path information, and the wavelength-division topology subnet information is transmitted through the transmission relay information in a related manner.

And analyzing whether the two relays between the pair B and the pair DER and the two relays between the pair DER and the pair MER are overlapped or not, and obtaining an analysis conclusion of the double uplink same wavelength division.

And inquiring the related optical path information through the IPRAN circuit and the IPRAN relay information, inquiring the related transmission circuit information through the optical path information, and transmitting the wavelength division topology subnet information through the transmission circuit information.

And analyzing whether the related transmission wavelength division topology sub-networks are overlapped or not by using the network element with the equipment type B as a starting end and the network element with the equipment type MER as a stopping end to obtain an analysis conclusion of the double uplink same wavelength division.

And in the uplink and interconnection same-board card analysis process, a B-DER relay and a B-B relay are analyzed on the IPRAN network by adopting a decision tree algorithm, a logistic regression method and the like through an uplink and interconnection same-board card analysis model.

And analyzing whether the port information of the network element B1 is overlapped in the same board card of the network element B1 or not by inquiring the information of the network element board card related to the relay through the network element, the port and the relay information and analyzing the B1-DER relay and the B1-B2 relay to obtain an analysis conclusion of the uplink and interconnection same board card.

As shown in fig. 5, the physical routes are analyzed whether to be overlapped by the dual-uplink co-route analysis model and the interconnection and uplink co-route analysis model, which specifically comprises the following steps:

step A. Extracting data

The network data is extracted and cleaned from the big data platform, so that the standardization and standardization of the data are realized.

Step B, configuring a network security analysis model

And configuring network security analysis rules based on the dual-uplink same-route analysis model, and interconnecting the network security analysis rules with the dual-uplink same-route analysis model.

Step C, selection algorithm

And adopting a decision tree algorithm, setting a maximum tree depth level, combining with a logistic regression method and the like, carrying out recursion analysis on each node and each branch of the network route, and storing an analysis result.

Conclusion D

And outputting the conclusion information of whether the network has double uplink same routes and whether the network is interconnected with the uplink same routes.

Specifically, network element or relay or circuit with equipment type B of the IPRAN network is designated as an access parameter through the system, and network element port, relay or circuit routing data of the IPRAN network are obtained.

According to the service requirement, configuring a network analysis model based on whether the physical routes are coincident or not, which specifically comprises the following steps: and the dual-uplink same-route analysis model is connected with the uplink same-route analysis model.

And in the double-uplink same-route analysis process, for the IPRAN network, adopting a decision tree algorithm and a logistic regression combination method and the like through a double-uplink same-route analysis model to analyze whether the number of relays between B and DER, between B pair and DER pair and between DER pair and MER pair is two. Analyzing whether two IPRAN network routes with the network element of the equipment type B as a starting end and the network element of the equipment type MER as a stopping end are two.

The related optical path information is queried through the IPRAN network element and the IPRAN relay information, the office-oriented optical fiber is related through the optical path information, the fiber core is related through the office-oriented optical fiber, the optical cable is related through the fiber core, the electric pole is related through the optical cable, and the pipeline is related through the optical cable.

And analyzing whether the routes which the relays pass are overlapped or not, and further analyzing whether the two relays are overlapped or not, so as to obtain an analysis conclusion of the double-uplink same-route.

And analyzing two IPRAN network routes which take a network element with equipment type B as a starting end and a network element with equipment type MER as a stopping end, and further analyzing whether the B-MER routes are overlapped or not to obtain an analysis conclusion of double uplink same routes, wherein the related optical cables are the same cable, the same electric pole and the same pipeline.

And in the interconnection and uplink same-route analysis process, a B-DER relay and a B-B relay are analyzed on the IPRAN network by adopting a decision tree algorithm, a logistic regression combination method and the like through an interconnection and uplink same-route analysis model.

The related optical path information is queried through the IPRAN network element and the IPRAN relay information, the office-oriented optical fiber is related through the optical path information, the fiber core is related through the office-oriented optical fiber, the optical cable is related through the fiber core, the electric pole is related through the optical cable, and the pipeline is related through the optical cable.

And analyzing whether the optical cables associated with the B-DER relay and the B-B relay are co-cabled, co-pole and co-pipeline, and further analyzing whether routes which the relay passes are coincident or not to obtain an analysis conclusion of interconnection and uplink co-route.

Example 2

The present embodiment 2 further describes the present invention based on the network security analysis model of embodiment 1, using transmission circuit routes and transmission subnet routes as analysis objects. The same network security analysis model is used for different networks and different service scenes by adjusting part of modeling parameters, and analysis results are obtained by adopting a decision tree algorithm through a configuration model, so that the universality of the network security analysis model constructed by the invention is proved.

The analysis of embodiment 2 includes generating network routing information, constructing an analysis model based on a network structure, and a network structural security analysis decision tree algorithm, specifically including the following steps:

as shown in fig. 1, generating network routing information includes the steps of:

s1.1, data extraction is carried out according to network types and network element types to obtain a network element set and a relay data set;

s1.2, setting a path search starting condition and a path search ending condition, and searching all network elements in a network element set based on the path search starting condition and the path search ending condition to obtain reachable network element information of each network element;

specifically, the path search starting condition is that starting from a starting network element, searching a route opposite end network element, then searching a next reachable network element by taking the opposite end network element as a starting point, and repeating S1.2;

the path search termination conditions are: according to the network hierarchy, it is set that the search is terminated when the search network hierarchy reaches three levels.

S1.3, carrying out recursive query search on the network element according to a depth search algorithm: traversing each reachable network element of the network structure along the depth of the network structure to acquire a reachable path of each network element and form reachable path information;

For example, a starting node S, namely a starting network element S, is set, a reachable node N is searched, when the edge of the node N is searched or the node does not meet the condition during the search, the search is traced back to the starting node S where the edge of the node N is found, the branch of the network is searched, and the whole searching process is repeatedly performed until all the nodes are accessed by combining the methods of recursion query search, pruning and the like.

S1.4, merging paths and branch search results, merging all reachable paths and reachable network elements through service logic, and storing the reachable network elements corresponding to all the reachable paths as network routing information.

Specifically, according to the network type, the name of a transmission circuit, the data of a transmission network element, the data of a transmission relay and the data of a transmission subnet are extracted from a large data platform, and the data are cleaned, so that the standardization and the standardization of the data are realized.

And the transmission circuit route excludes network elements and relays which do not participate in constructing the network route according to the set path searching conditions and the set searching termination conditions, and searches for an reachable path from a source transmission network element of the transmission circuit.

Firstly searching a path on a transmission branch, searching a path on a transmission ring network, acquiring an opposite end network element, and searching a next reachable transmission network element by taking the opposite end transmission network element as a starting point.

And when the search level is set to be more than three levels, terminating the search. And combining pruning and other methods, reducing the participation edge parameters of the deep search, improving the searching efficiency of the route and reducing the invalid route data volume. And combining the paths and the branch search results, and storing all the point-to-point information of the paths through service logic to store the routing information of the transmission circuit.

And transmitting the sub-network route, and removing network elements and relays which do not participate in constructing the network route according to the set path searching condition and the set searching termination condition.

And searching for an reachable path by taking a transmission network element in the transmission subnet range as a starting point according to the transmission subnet identification. Searching for a transmission route opposite end network element, searching for the next reachable transmission network element by taking the opposite end transmission network element as a starting point, and repeating the steps. And terminating the search when the search level is greater than ten levels or the loop-forming nodes are searched according to the setting.

And combining pruning and other methods, reducing the participation edge parameters of the deep search, improving the searching efficiency of the route and reducing the invalid route data volume. And combining the paths and the branch search results, and storing all the point-to-point information of the paths through service logic to store the transmission sub-network route information.

The data for the transmission circuit route is shown in the following table:

/>

The transmission sub-network routing data is shown in the following table:

the transmission circuit routing topology is shown in fig. 6; the transmission subnetwork routing topology is shown in fig. 7.

S2, preprocessing data of a big data platform, constructing an analysis model based on a network structure according to the network routing information, and training, evaluating, applying and optimizing the analysis model; as shown in fig. 4, the specific steps of S2 are:

s2.1, extracting, cleaning, standardizing, classifying data clusters, selecting variables and converting data of a large data platform;

s2.2, a network element data table, a board card data table, a port data table, a relay and transmission circuit relation table, an optical path and office direction optical fiber relation table, an office direction optical fiber and optical cable fiber core relation table, an optical cable fiber core information table, an optical cable and electric pole relation table, an optical cable and pipeline relation table, a network element and network element data relation table, a network element port and relay relation table, a ring sub-network and network element relation table, a relay and optical path data relation table, a relay and optical cable section data relation table, a relay and electric pole data relation table, a relay and pipeline data relation table and a network potential safety hazard type data table are constructed according to service requirements;

S2.3, constructing a route quantity analysis list table, an uplink and interconnection same-board card analysis list table, a double uplink same-route analysis list table and a transmission false ring analysis list table according to service requirements;

s2.4, generating a network analysis model for analyzing network security based on a network structure according to the network routing information through an intelligent algorithm;

s2.5, obtaining the network analysis model with universality by selecting, training, evaluating, applying and optimizing the network analysis model.

Specifically, as shown in fig. 2, the third step of constructing an analysis list table is to construct an analysis model, according to the data extracted through the big data platform in the first step, based on the network potential safety hazard type data table, define the degree of influence of the network potential hazard on the network safety according to the network potential hazard type, define the range of influence of the network potential hazard on the network safety according to the number of services and the service level influenced by the network potential hazard, and construct the level of the network potential hazard by adopting a matrix method in combination with the degree of influence and the range of influence.

Because the network security analysis model has the characteristic of universality, the analysis result of the service requirement can be obtained by configuring the same network analysis model aiming at different networks and different service scenes. The method comprises the following steps:

In this embodiment, the network analysis model includes:

the route quantity analysis model is used for acquiring route quantity information between the source end network element and the destination end network element of the transmission circuit;

the uplink and interconnection same-board analysis model is used for analyzing whether ports of an uplink relay and an interconnection relay of a certain same network element belong to the same board or not so as to acquire information of the uplink and interconnection same-board of the network element;

the dual-uplink same-route analysis model is used for analyzing whether light paths, associated optical cables or associated electric poles and pipelines corresponding to two relays of a certain network element or a pair of network elements which are mutually main and standby and comprise the network element are overlapped or not so as to acquire the information of the dual-uplink same-route corresponding to the two relays;

and the transmission false ring analysis model is used for analyzing whether optical cables associated with optical paths corresponding to a plurality of relays in the same transmission topology subnet are coincident or not so as to acquire information of the transmission false ring.

Next, a description will be given of the construction process of each of the above analysis models.

The process of constructing the route quantity analysis model is as follows:

firstly, matching a source end or a destination end network element of a circuit route through a circuit name and a network element name;

And secondly, searching the transmission network route taking the source network element as a starting point and the destination network element as an ending point through inquiring by a depth search algorithm and an intelligent algorithm, and analyzing the number of the routes. And distinguishing the working route and the protection route to obtain conclusion information of the number of routes of the transmission circuit from the source end network element to the destination end network element.

The routing number analysis list table is as follows:

a-terminal network element ID
	A-terminal network element name
Type of a-side network element
	Z-terminal network element ID
Z-terminal network element name
	Z-terminal network element type
Relay ID
	Relay name
Relay bandwidth
	Type of hidden trouble
Hidden trouble grade

The process for constructing the uplink and interconnection same-board analysis model is as follows:

firstly, the network element, the port and the relay of the opposite terminal are matched through the network element names, and the relay between a pair of mutually-main and standby network elements including the network element and the relay of the network element or the pair of mutually-main and standby network elements including the network element to the same network element of the opposite terminal or the pair of mutually-main and standby network elements of the opposite terminal are analyzed.

And secondly, analyzing whether ports of the uplink relay and the interconnection relay of the same network element belong to the same board card or not through network element, ports and relay information inquiry relay-related network element board card information, and obtaining conclusion information of the uplink and interconnection same board card.

Uplink and interconnection same board analysis list table

The process for constructing the dual-uplink same-route analysis model comprises the following steps:

firstly, the network element, the port and the relay of the opposite terminal are matched through the network element names, and the number of the network element or a pair of the main and standby network elements which are mutually used as the network element and included in the network element is analyzed to be two when the network element or the pair of the main and standby network elements which are mutually used as the opposite terminal are up to the same network element or the opposite terminal.

Secondly, inquiring the related optical path information through network elements and relay information, then relating the optical path to the local optical fiber, relating the local optical fiber to the fiber core, relating the optical cable through the fiber core to the optical cable, relating the electric pole through the optical cable to the pipeline through the optical cable.

And finally, analyzing whether the optical paths, the associated optical cables or the associated electric poles and pipelines corresponding to the two relays are coincident or not to obtain conclusion information of double uplink and same route.

The list of dual uplink co-route analysis is as follows:

/>

the transmission false loop analysis model process is as follows:

firstly, matching a topology subnet, a network element and a relay through a network element name or a topology subnet identifier, and analyzing relay data of the topology subnet.

And secondly, inquiring the related optical path information through network elements and relay information, then, relating the optical path to the local optical fiber, relating the optical fiber core to the local optical fiber, and relating the optical cable to the optical fiber core.

And finally, analyzing whether optical cables associated with optical paths corresponding to a plurality of relays in the same transmission topology sub-network are overlapped or not to obtain conclusion information of the transmission false ring.

Transmission fake ring analysis list table

/>

As shown in fig. 5, the analysis of the number of network routes includes the steps of:

step A. Extracting data

The network data is extracted and cleaned from the big data platform, so that the standardization and standardization of the data are realized.

Step B, configuring a network security analysis model

Configuring network security analysis rules based on routing quantity analysis model

Step C, selection algorithm

And adopting a decision tree algorithm, setting a maximum tree depth level, combining with a logistic regression method and the like, carrying out recursion analysis on each node and each branch of the network route, and storing an analysis result.

Conclusion D

And outputting conclusion information of the network routing quantity.

Specifically, the transmission circuit name is designated as an entry through the system, and the transmission circuit route data is acquired.

According to the service requirement, a network analysis model for route quantity analysis is configured, and the method specifically comprises the following steps: route number analysis model.

Analyzing a transmission network route which takes a source transmission network element as a starting point and takes a destination transmission network element as an ending point, and analyzing each node and each path of the transmission network route step by step and layer by adopting a decision tree algorithm and a logistic regression method. Firstly, whether a working route exists in a transmission circuit or not is analyzed, and secondly, whether a protection route exists in the transmission circuit or not is analyzed. And finally, obtaining an analysis conclusion of the number of the transmission circuit routes.

As shown in fig. 5, the analysis of whether there is a coincidence of logical routes includes the steps of:

step A. Extracting data

The network data is extracted and cleaned from the big data platform, so that the standardization and standardization of the data are realized.

Step B, configuring a network security analysis model

And configuring network security analysis rules based on the uplink and interconnection same-board card analysis model.

Step C, selection algorithm

And adopting a decision tree algorithm, setting a maximum tree depth level, combining with a logistic regression method and the like, carrying out recursion analysis on each node and each branch of the network route, and storing an analysis result.

Conclusion D

And outputting conclusion information of whether the network is uplink and interconnected with the same board card.

Specifically, the transmission circuit name is taken as an entry, and the working route and the protection route data of the transmission circuit are obtained.

According to the service requirement, configuring a network analysis model based on whether the logic route is coincident or not, which specifically comprises the following steps: and (5) an uplink and interconnection same-board analysis model.

And analyzing the working route and the protection route of the transmission circuit by adopting a decision tree algorithm and a logic regression method and the like through the analysis model of the same board card of the uplink and the interconnection, and analyzing whether the working route and the protection route of the transmission circuit are overlapped in the same board card of the same transmission network element according to the information of the network element board card related to the transmission circuit, the network element, the port and the relay information query relay, so as to obtain an analysis conclusion of the same board card of the uplink and the interconnection.

As shown in fig. 5, the analysis of whether there is a coincidence of physical routes includes the steps of:

step A. Extracting data

The network data is extracted and cleaned from the big data platform, so that the standardization and standardization of the data are realized.

Step B, configuring a network security analysis model

And configuring network security analysis rules based on the dual-uplink same-route analysis model and transmitting the false ring analysis model.

Step C, selection algorithm

And adopting a decision tree algorithm, setting a maximum tree depth level, combining with a logistic regression method and the like, carrying out recursion analysis on each node and each branch of the network route, and storing an analysis result.

Conclusion D

And outputting the conclusion information of whether the network has double uplink same routes or not and whether the network transmits a false ring or not.

Specifically, the transmission circuit name is taken as an entry, and the working route and the protection route data of the transmission circuit are obtained.

According to the service requirement, configuring a network analysis model based on whether the physical routes are coincident or not, which specifically comprises the following steps: and the double-uplink same-route analysis model is used for transmitting the false loop analysis model.

The dual-uplink same-route analysis process is characterized in that relay information respectively related to a working route and a protection route of a transmission circuit is inquired through the transmission circuit, a network element, a port and relay information, then optical path information is related through the relay information, then an office-direction optical fiber is related through the optical path information, a fiber core is related through the office-direction optical fiber, an optical cable is related through the fiber core, an electric pole is related through the optical cable, and a pipeline is related through the optical cable.

And obtaining information of optical cables, electric poles and pipelines associated with the working route of the transmission circuit.

And obtaining the information of the optical cable, the electric pole and the pipeline related to the protection route of the transmission circuit.

And analyzing whether the optical cables related to the working route and the protection route of the transmission circuit are co-cabled, co-pole and co-pipeline, and further analyzing whether the physical routes of the working route and the protection route of the transmission circuit are coincident to obtain an analysis conclusion of the double uplink co-routes.

And in the transmission false loop analysis process, the transmission circuit name is used as a reference, and the working route of the transmission circuit and the transmission subnet information through which the protection route data pass are obtained.

And matching the transmission topology subnetwork, the network element and the relay according to the name of the transmission network element and the identification of the topology subnetwork, and analyzing the relay data of the topology subnetwork.

The related optical path information is inquired through the transmission network element and the transmission relay information, the optical path is related to the local optical fiber, the local optical fiber is related to the fiber core, and the fiber core is related to the optical cable information.

And analyzing whether optical cables associated with optical paths corresponding to a plurality of transmission relays in the same transmission topology sub-network are coincident or not to obtain conclusion information of the transmission false loop.

The coincidence, namely hidden danger, in the invention can not be obvious because the faults in the analysis result are not yet detected, and the intelligent analysis of the detection and the positioning of the hidden danger of the communication network can be realized through the network structural safety analysis method provided by the invention, thereby realizing the early warning, the prediction and the positioning of the hidden danger of the network, wherein the hidden danger positioning is realized in that the system specifically presents hidden danger point information in the safety analysis result in the network route constructed through data. For example, the hidden danger type is the same board card, the analysis result can contain information such as network elements, board cards, ports, relays, hidden danger types, hidden danger points and the like, and the hidden danger information of which relays in the checked network overlap with which board card of which network element can be obtained through the analysis result. If the board fails, the relays and the network elements and services associated with the relays are affected. The system can intuitively present the network element and service range affected by the hidden trouble and the situation that whether the networking structure of the checked network accords with the standard specification and the like by superposing the hidden trouble analysis result in the logic network topological diagram and the physical network topological diagram of the network, thereby providing an effective means for network obstacle removal and network optimization. The hidden danger locating capability is also one of the values of the patent;

The predicted effect is calculated by the analytical model in the following ways: (1) Before network faults occur, hidden trouble points of the checked network are found, and obstacle removal can be guided through analysis results; (2) The equipment information which is easy to cause faults and the nonstandard networking information are obtained through model analysis, so that the network optimization can be guided; (3) And obtaining the fault influence range and the service information in advance through an analysis model. The analysis result provides a data basis for network hidden danger early warning and a data support for locating hidden danger points.

Example 3

The invention also discloses a system for network structural security analysis, which implements the methods of the embodiment 1 and the embodiment 2 and comprises the following steps:

the conversion module is used for converting the relational data related to the network structure into network routing information;

the model building module is used for preprocessing data of the big data platform, building a network analysis model based on a network structure according to the network routing information, and training, evaluating, applying and optimizing the network analysis model;

and the analysis module is used for adopting a decision tree algorithm, and carrying out layer-by-layer step analysis on the network structure by configuring the network analysis model to obtain a network structural security analysis result.

Example 4

The invention also discloses an electronic device, which comprises at least one processor and a memory in communication connection with the at least one processor; wherein the memory stores instructions executable by the at least one processor to enable the at least one processor to perform the methods as in embodiments 1 and 2.

Example 5

The invention also discloses a storage medium storing a computer program which when executed by a processor implements the methods of embodiments 1 and 2.

The foregoing description of the embodiments has been provided for the purpose of illustrating the general principles of the invention, and is not meant to limit the scope of the invention, but to limit the invention to the particular embodiments, and any modifications, equivalents, improvements, etc. that fall within the spirit and principles of the invention are intended to be included within the scope of the invention.

Claims (10)

1. A method for network structural security analysis, comprising:

s1, converting relational data related to a network structure into network routing information;

S2, preprocessing data of a big data platform, constructing a network analysis model based on a network structure according to the network routing information, and training, evaluating, applying and optimizing the network analysis model;

s3, adopting a decision tree algorithm, and carrying out layer-by-layer stepwise analysis on the network structure by configuring the network analysis model to obtain a network structural security analysis result.

2. The method for network structural security analysis according to claim 1, wherein in S1, using network element data as a point and relay data as a line, obtaining reachable network element information and reachable path information of the network structure by adopting a deep search algorithm, storing the reachable path information and the reachable network element information by service logic, and finally generating network routing information, the specific steps are as follows:

s1.1, data extraction is carried out according to network types and network element types to obtain a network element set and a relay data set;

s1.2, setting a path search starting condition and a path search ending condition, and searching all network elements in a network element set based on the path search starting condition and the path search ending condition to obtain reachable network element information of each network element;

S1.3, carrying out recursive query search on the network element according to a depth search algorithm: traversing each reachable network element of the network structure along the depth of the network structure to acquire a reachable path of each network element and form reachable path information;

s1.4, merging all the reachable paths and the reachable network elements through service logic, and storing the reachable network elements corresponding to all the reachable paths as network routing information.

3. A method for network structural security analysis according to claim 1, wherein the specific steps of S2 are:

s2.1, extracting, cleaning, standardizing, classifying data clusters, selecting variables and converting data of a large data platform;

s2.2, a network element data table, a board card data table, a port data table, a relay and transmission circuit relation table, an optical path and office direction optical fiber relation table, an office direction optical fiber and optical cable fiber core relation table, an optical cable fiber core information table, an optical cable and electric pole relation table, an optical cable and pipeline relation table, a network element and network element data relation table, a network element port and relay relation table, a ring sub-network and network element relation table, a relay and optical path data relation table, a relay and optical cable section data relation table, a relay and electric pole data relation table, a relay and pipeline data relation table and a network potential safety hazard type data table are constructed according to service requirements;

S2.3, constructing a route quantity analysis list table, a double-uplink same-wavelength analysis list table, an uplink and interconnection same-board card analysis list table, a double-uplink same-route analysis list table, an interconnection and uplink same-route analysis list table and a transmission false ring analysis list table according to service requirements;

s2.4, generating a network analysis model for analyzing network security based on a network structure according to the network routing information through an intelligent algorithm;

s2.5, obtaining the network analysis model with universality by selecting, training, evaluating, applying and optimizing the network analysis model.

4. A method for network structural security analysis according to claim 3, wherein the network analysis model comprises:

the route quantity analysis model is used for acquiring route quantity information from the starting end network element to the stopping end network element;

the dual-uplink same-wavelength-division analysis model is used for analyzing whether transmission circuits and associated transmission topology subnets corresponding to two relays of a certain network element or a pair of network elements which are mutually main and standby and comprise the network element are overlapped or not to the same network element at the opposite end or a pair of network elements which are mutually main and standby at the opposite end so as to acquire the dual-uplink same-wavelength-division information of the transmission circuits corresponding to the two relays;

The uplink and interconnection same-board analysis model is used for analyzing whether ports of an uplink relay and an interconnection relay of a certain same network element belong to the same board or not so as to acquire information of the uplink and interconnection same-board of the network element;

the dual-uplink same-route analysis model is used for analyzing whether light paths, associated optical cables or associated electric poles and pipelines corresponding to two relays of a certain network element or a pair of network elements which are mutually main and standby and comprise the network element are overlapped or not so as to acquire the information of the dual-uplink same-route corresponding to the two relays;

the interconnection and uplink same-route analysis model is used for analyzing whether the optical paths, the associated optical cables or the associated electric poles and the associated pipelines corresponding to the plurality of relays are overlapped or not to obtain conclusion information of the interconnection and uplink same-route;

and the transmission false ring analysis model is used for analyzing whether optical cables associated with optical paths corresponding to a plurality of relays in the same transmission topology subnet are coincident or not so as to acquire information of the transmission false ring.

5. A method for network structural security analysis according to claim 4, wherein,

the construction process of the route quantity analysis model comprises the following steps:

Matching the network element, the port and the relay of the home/opposite terminal through the network element IP or the network element name, then analyzing the relay quantity between the two network elements step by step, and further obtaining the conclusion information of the route quantity from the originating network element to the terminating network element;

the construction process of the dual-uplink same-wavelength-division analysis model comprises the following steps:

matching the network element, the port and the relay of the opposite terminal through the network element IP or the network element name, analyzing to obtain two relay numbers of the network element or a pair of the main and standby network elements which are mutually used as the network element and are up to the same network element of the opposite terminal or a pair of the main and standby network elements which are mutually used as the opposite terminal; then inquiring related transmission circuit information through network elements and relay information, then transmitting topology sub-network information through the transmission circuit information, finally analyzing whether the network elements or a pair of transmission circuits corresponding to two relays of the same network element at the opposite end or a pair of network elements at the opposite end, which are mutually main and standby, are overlapped or not, and obtaining conclusion information of double-uplink same-wavelength division;

the construction process of the uplink and interconnection same-board analysis model comprises the following steps:

matching the local/opposite terminal network element, the port and the relay through the network element IP or the network element name, analyzing the relay between a pair of mutually main and standby network elements including the network element, and ascending the network element or the pair of mutually main and standby network elements including the network element to the same network element of the opposite terminal or the relay of the pair of mutually main and standby network elements of the opposite terminal; then, inquiring the information of the network element board card associated with the relay through the network element, the port and the relay information, analyzing whether the ports of the uplink relay and the interconnection relay of the same network element belong to the same board card, and obtaining the conclusion information of the uplink and the interconnection same board card;

The construction process of the dual-uplink same-route analysis model comprises the following steps:

matching the network element, the port and the relay of the opposite terminal through network element IP or network element names, analyzing to obtain that the number of the network element or a pair of the network elements which are main and standby mutually and contain the network element is two, inquiring the optical path information associated with the network element through network element and relay information, associating the optical path information with the local optical fiber through the optical path, associating the optical fiber core through the local optical fiber, associating the optical cable through the optical fiber core, associating the electric pole through the optical cable, obtaining the pipeline associated with the optical cable through the relay and the pipeline data relation table, and finally analyzing whether the optical paths corresponding to the optical paths, the associated optical cables or the associated electric poles and pipelines of the two relays which are main and standby mutually and contain the network element or the pair of the network elements which are main and standby mutually and contain the network element of the opposite terminal are overlapped or not, and obtaining the information of double uplink and same routing;

the construction process of the interconnection and uplink same-route analysis model comprises the following steps:

matching the local/opposite terminal network element, the port and the relay through the network element IP or the network element name, analyzing the relay between a pair of mutually-main and standby network elements including the network element, and the relay between the network element or the pair of mutually-main and standby network elements including the network element to the same network element of the opposite terminal or the pair of mutually-main and standby network elements of the opposite terminal; inquiring the related optical path information through network elements and relay information, then relating the optical path to an office-oriented optical fiber, relating the optical fiber to a fiber core through the office-oriented optical fiber, relating the optical fiber to an optical cable through the fiber core, relating the optical cable to an electric pole through the optical cable, obtaining an optical cable-related pipeline through the relay and pipeline data relation table, and finally analyzing whether the optical paths, the related optical cables or the related electric poles and the pipelines corresponding to the plurality of relays are overlapped or not to obtain conclusion information of interconnection and uplink same routing;

The construction process of the transmission false ring analysis model comprises the following steps:

and matching the topology subnetwork, the network element and the relay by the network element name or the topology subnetwork identifier, analyzing the relay data of the topology subnetwork, inquiring the associated optical path information by the network element and the relay information, associating the office-oriented optical fiber by the optical path, associating the optical fiber core by the office-oriented optical fiber, associating the optical cable by the optical fiber core, and finally analyzing whether optical cables associated with optical paths corresponding to a plurality of relays in the same transmission topology subnetwork are overlapped to obtain conclusion information of the transmission false ring.

6. The method for network structural security analysis according to claim 5, wherein the degree of influence of the network hidden danger on the network security is defined according to the type of the network hidden danger based on the network security hidden danger type data table, the range of influence of the network hidden danger on the network security is defined according to the number of services and the service level of the influence of the network hidden danger, and the matrix method is used to construct the level of the network security hidden danger in combination with the degree of influence and the range of influence.

7. The method for network structural security analysis according to claim 6, wherein the specific process of S3 is:

analyzing the network route quantity in the network structure through a route quantity analysis model, wherein the specific process is as follows:

Extracting and cleaning network data of the network structure from a big data platform to realize standardization and standardization of the data, configuring network security analysis rules about a route number analysis model based on network security hidden trouble levels, adopting a decision tree algorithm, setting a maximum tree depth level and carrying out recursion analysis on each network element and each branch of the network route by combining a logistic regression method, storing analysis and outputting conclusion information of the network route number;

analyzing whether the logic route is overlapped or not through the dual-uplink same-wavelength-division analysis model and the uplink and interconnection same-board card analysis model, wherein the specific process comprises the following steps:

the network data of the network structure is extracted and cleaned from a big data platform, the standardization and standardization of the data are realized, network safety analysis rules about the dual-uplink same-wavelength-division analysis model and the uplink and interconnection same-board card analysis model are configured based on network safety hidden trouble levels, a decision tree algorithm is adopted, a maximum tree depth level is set to carry out recursion analysis on each network element and each branch of the network route by combining a logistic regression method, and conclusion information of whether the network has dual-uplink same-wavelength-division and whether the network has uplink and interconnection same-board cards is stored and analyzed and output;

Analyzing whether the physical routes are overlapped or not through the dual-uplink same-route analysis model, the interconnection and uplink same-route analysis model and the transmission false ring analysis model, wherein the specific process is as follows:

the network data of the network structure is extracted and cleaned from a big data platform, the standardization and standardization of the data are realized, network safety analysis rules about a double-uplink same-route analysis model, an interconnection and uplink same-route analysis model and a transmission false ring analysis model are configured based on network safety hidden trouble levels, a decision tree algorithm is adopted, a maximum tree depth level is set to carry out recursion each network element and each branch of the network route by combining a logistic regression method, and conclusion information of whether the network is in double-uplink same-route, interconnection and uplink same-route or not and whether a false ring is transmitted or not is stored and analyzed and output.

8. A system for network structural security analysis, implementing a method for network structural security analysis according to any of claims 1-7, comprising:

the conversion module is used for converting the relational data related to the network structure into network routing information;

the model building module is used for preprocessing data of the big data platform, building a network analysis model based on a network structure according to the network routing information, and training, evaluating, applying and optimizing the network analysis model;

And the analysis module is used for adopting a decision tree algorithm, and carrying out layer-by-layer step analysis on the network structure by configuring the network analysis model to obtain a network structural security analysis result.

9. An electronic device comprising at least one processor, and a memory communicatively coupled to the at least one processor; wherein the memory stores instructions executable by the at least one processor to enable the at least one processor to perform a method for network structural security analysis as claimed in any one of claims 1 to 7.

10. A storage medium storing a computer program, characterized in that the computer program, when executed by a processor, implements a method for network structural security analysis according to any one of claims 1 to 7.

Images