CN116566688A - Network security analysis method and system based on big data - Google Patents

Network security analysis method and system based on big data Download PDF

Info

Publication number
CN116566688A
CN116566688A CN202310560440.1A CN202310560440A CN116566688A CN 116566688 A CN116566688 A CN 116566688A CN 202310560440 A CN202310560440 A CN 202310560440A CN 116566688 A CN116566688 A CN 116566688A
Authority
CN
China
Prior art keywords
network
computer network
computer
network node
central
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN202310560440.1A
Other languages
Chinese (zh)
Other versions
CN116566688B (en
Inventor
郑惠
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Tianyun Rongchuang Data Science & Technology Beijing Co ltd
Original Assignee
Tianyun Rongchuang Data Science & Technology Beijing Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Tianyun Rongchuang Data Science & Technology Beijing Co ltd filed Critical Tianyun Rongchuang Data Science & Technology Beijing Co ltd
Priority to CN202310560440.1A priority Critical patent/CN116566688B/en
Publication of CN116566688A publication Critical patent/CN116566688A/en
Application granted granted Critical
Publication of CN116566688B publication Critical patent/CN116566688B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • H04L63/0227Filtering policies
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/30Network architectures or network communication protocols for network security for supporting lawful interception, monitoring or retaining of communications or communication related information
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/40Network security protocols
    • YGENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
    • Y02TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
    • Y02DCLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
    • Y02D30/00Reducing energy consumption in communication networks
    • Y02D30/50Reducing energy consumption in communication networks in wire-line communication networks, e.g. low power modes or reduced link rate

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Technology Law (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The application relates to the field of big data processing, in particular to a network security analysis method and system based on big data, comprising the following steps: in a monitoring period, carrying out timing monitoring on central network nodes in a computer network group to obtain a plurality of state parameters of the central network nodes, and carrying out random monitoring on common network nodes in the computer network group to obtain one or more state parameters of the common network nodes; fusing a plurality of state parameters of the central network node with one or more state parameters of the common network node to obtain comprehensive state parameters of a computer network group; comparing the comprehensive state parameter with a preset threshold value; and if the comprehensive state parameter exceeds a preset threshold value, isolating the computer network group. The method and the device can ensure timeliness of network security analysis under the condition of explosive growth of network information, and avoid affecting other performances of the computer system.

Description

Network security analysis method and system based on big data
Technical Field
The application relates to the field of big data processing, in particular to a network security analysis method and system based on big data.
Background
Network security, generally refers to the security of a computer network, and in fact may also refer to the security of a computer communication network. A computer network is a system in which a plurality of independent computer systems, terminal devices, and data devices distributed in a region are connected by communication means for the purpose of sharing resources, and data exchange is performed under the control of a protocol. The computer communication network is a system for interconnecting a plurality of computers with independent functions through communication equipment and transmission media and realizing information transmission and exchange among the computers under the support of communication software. Whether it is a computer network or a computer communication network, the security of the computer network needs to be ensured, so that the security of information transmission between computers can be ensured, and therefore, effective network security analysis needs to be performed, and network security risks need to be found in time.
At present, the network security detection technology is the abnormal flow analysis and calculation technology, however, with the explosive growth of network information, if a computer system performs network security analysis according to the original resources allocated for network security analysis, the analysis speed is slow, the network security risk cannot be found timely, and if the computer system allocates more resources for network security analysis, other performances of the computer system (for example, the read-write performance of the computer system, the display performance of the computer system, etc.) are affected.
Therefore, under the condition of explosive growth of network information, how to ensure timeliness of network security analysis and avoid affecting other performances of the computer system is a technical problem which needs to be solved by those skilled in the art.
Disclosure of Invention
The application provides a network security analysis method and system based on big data, which are used for guaranteeing timeliness of network security analysis and avoiding affecting other performances of a computer system under the condition of explosive growth of network information.
In order to solve the technical problems, the application provides the following technical scheme:
a network security analysis method based on big data comprises the following steps: step S110, grouping all network nodes of the computer network to form a plurality of computer network subgroups; step S120, in a monitoring period, carrying out timing monitoring on central network nodes in a computer network group to obtain a plurality of state parameters of the central network nodes, and carrying out random monitoring on common network nodes in the computer network group to obtain one or more state parameters of the common network nodes; step S130, fusing a plurality of state parameters of the central network node monitored at regular time with one or more state parameters of the common network node monitored at random to obtain comprehensive state parameters of a computer network group; step S140, comparing the comprehensive state parameters of the computer network group with a preset threshold value; step S150, if the comprehensive state parameters of the computer network subgroup exceed a preset threshold value, isolating the computer network subgroup; step 160, if the comprehensive state parameter of the computer network group does not exceed the preset threshold, entering the next monitoring period, continuing to monitor the central network node in the computer network group at regular time, and randomly monitoring the common network nodes in the computer network group.
The network security analysis method based on big data as described above, wherein preferably all network nodes of the computer network are grouped, comprises the following sub-steps: step S111, selecting a plurality of network nodes from all network nodes of the computer network as a central network node, and taking the rest network nodes of the computer network as common network nodes; step S112, the ordinary network nodes of the computer network are associated to the central network node, so that the central network node and the ordinary network nodes associated with the central network node form a computer network group.
The network security analysis method based on big data as described above, wherein it is preferable that the remaining resource index of the network node of the computer network is calculated; a predetermined number of network nodes are selected as central network nodes from the network nodes of the computer network in order of the remaining resource indicators from high to low.
The network security analysis method based on big data as described above, wherein it is preferable that a part of resources of the central network node is used to perform its basic function, another part of resources of the central network node is used to perform the group communication control policy, and the remaining resources of the central network node are used as idle resources; a part of the resources of the common network node are used for executing the basic functions thereof, and the rest of the resources of the common network node are used as idle resources.
The big data based network security analysis method as described above, wherein it is preferable to calculate the capacity of a link between a general network node of a computer network and each central network node to which the link is connected; the common network node of the computer network is associated to the central network node corresponding to the link with the largest link capacity.
A big data based network security analysis system comprising: the system comprises a network subgroup unit, a state parameter monitoring unit, a state parameter fusion unit, a comparison judging unit and a network subgroup isolation unit; a network subgroup grouping unit groups all network nodes of the computer network to form a plurality of computer network subgroups; in a monitoring period, the state parameter monitoring unit monitors central network nodes in the computer network group at regular time to obtain a plurality of state parameters of the central network nodes, and the state parameter monitoring unit monitors common network nodes in the computer network group at random to obtain one or more state parameters of the common network nodes; the state parameter fusion unit fuses the state parameters of the central network node monitored at regular time with one or more state parameters of the common network node monitored at random to obtain comprehensive state parameters of the computer network group; the comparison judging unit compares the comprehensive state parameters of the computer network group with a preset threshold value; if the comprehensive state parameters of the computer network group exceed a preset threshold value, the network group isolation unit isolates the computer network group; if the comprehensive state parameters of the computer network group do not exceed the preset threshold value, entering the next monitoring period, and continuously monitoring the central network nodes in the computer network group at regular time by the state parameter monitoring unit to randomly monitor the common network nodes in the computer network group.
The big data based network security analysis system as described above, wherein preferably the network small group unit comprises: a network node selection unit and a network node association unit; the network node selection unit selects a plurality of network nodes from all network nodes of the computer network as central network nodes, and takes the rest network nodes of the computer network as common network nodes; the network node association unit associates the common network nodes of the computer network to the central network node such that the central network node and its associated common network nodes form a computer network group.
The network security analysis system based on big data as described above, wherein it is preferable that the remaining resource index of the network node of the computer network is calculated; a predetermined number of network nodes are selected as central network nodes from the network nodes of the computer network in order of the remaining resource indicators from high to low.
The big data based network security analysis system as described above, wherein preferably, a part of the resources of the central network node are used to perform its basic functions, another part of the resources of the central network node are used to perform the group communication control policy, and the remaining resources of the central network node are used as idle resources; a part of the resources of the common network node are used for executing the basic functions thereof, and the rest of the resources of the common network node are used as idle resources.
The big data based network security analysis system as described above, wherein it is preferable to calculate the capacity of a link between a general network node of the computer network and each central network node to which the link is connected; the common network node of the computer network is associated to the central network node corresponding to the link with the largest link capacity.
Compared with the background art, the network security analysis method and system based on big data can ensure timeliness of network security analysis under the condition that network information is exploded and increased, and avoid affecting other performances of a computer system.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the embodiments or the description of the prior art will be briefly described below, and it is obvious that the drawings in the following description are only some embodiments described in the present invention, and other drawings may be obtained according to these drawings for a person having ordinary skill in the art.
FIG. 1 is a flow chart of a big data based network security analysis method provided by an embodiment of the present application;
FIG. 2 is a flow chart of grouping all network nodes of a computer network provided by an embodiment of the present application;
fig. 3 is a schematic diagram of a network security analysis system based on big data according to an embodiment of the present application.
Detailed Description
Embodiments of the present invention are described in detail below, examples of which are illustrated in the accompanying drawings, wherein like or similar reference numerals refer to like or similar elements or elements having like or similar functions throughout. The embodiments described below by referring to the drawings are illustrative only and are not to be construed as limiting the invention.
Example 1
As shown in fig. 1, fig. 1 is a flowchart of a network security analysis method based on big data provided in an embodiment of the present application.
The application provides a network security analysis method based on big data, which comprises the following steps:
step S110, grouping all network nodes of the computer network to form a plurality of computer network subgroups;
computer networks have a large number of network nodes, where the network nodes are various data processing devices, data communication control devices, and data terminal devices, common nodes are servers, personal computers, printers, workstations, trunks, switches, etc., and each network node has a unique network address. All network nodes of the computer network need to be grouped to obtain a plurality of computer network groups in the application, and the computer network referred to herein may be a local area network or a wide area network with a certain range limitation.
Specifically, as shown in fig. 2, all network nodes of the computer network are grouped, including the following sub-steps:
step S111, selecting a plurality of network nodes from all network nodes of the computer network as a central network node, and taking the rest network nodes of the computer network as common network nodes;
each network node of a computer network is provided with certain resources, for example: memory resources, hard disk resources, CPU resources, etc., and each network node in the computer network needs to occupy some of its own resources to perform basic functions, such as: perform data transfer functions, perform data storage functions, etc. However, since the resources owned by each network node of the computer network are different and the resources occupied by each network node of the computer network for performing the basic functions are also different, the resources remaining by each network node of the computer network are also different, and thus, a plurality of network nodes with sufficient remaining resources (i.e., remaining resources greater than a threshold value) are selected from all network nodes of the computer network as central network nodes, and the remaining network nodes of the computer network are regarded as ordinary network nodes in the present application.
Wherein a part of the resources of the central network node are used for executing the basic functions thereof, another part of the resources of the central network node are used for executing the group communication control strategy, and the rest of the resources of the central network node are used as idle resources, wherein the group communication control strategy is a communication strategy which all network nodes in the computer network group should follow; a part of the resources of the common network node are used for executing the basic functions thereof, and the rest of the resources of the common network node are used as idle resources.
Specifically, according to the formulaCalculating to obtain the residual resource index of the network node of the computer network; wherein (1)>Is the (th) of computer network>Remaining resource indicators of the individual network nodes; />Is the (th) of computer network>Operating state parameters of individual network nodes, in particular of the computer network/>The individual network nodes are in the operating state, < > if>1, if the computer network is +.>The individual network node is in a stopped state, then +.>Is 0; />Is->The influence factor of the resource occupancy rate of seed resources on the residual resource index; />Is the (th) of computer network>The personal network node is used to perform the basic functions +.>Resource occupancy rate of seed resources; />Is the number of resources. After the remaining resource indexes of the network nodes are obtained through calculation, a predetermined number of network nodes are selected from the network nodes of the computer network to serve as central network nodes according to the sequence from high to low of the remaining resource indexes.
Step S112, the common network nodes of the computer network are associated to the central network node, so that the central network node and the associated common network nodes form a computer network group;
the two network nodes may be connected by a link, for example: a physical link or a logical link, the physical link refers to an actually existing communication connection path, and the logical link refers to a network path that logically functions. Whether the two network nodes are connected by a physical link or a logical link, the two network nodes have a link capacity therebetween, wherein the link capacity is the maximum amount of information that the link can accommodate per unit time.
The capacity of the link between the common network node of the computer network and each central network node connected with the link is calculated, and the common network node of the computer network is related to the central network node corresponding to the link with the largest link capacity, so that the central network node and the related common network nodes form a computer network group.
Specifically, according to the formulaCalculating a link capacity of a link between a common network node of the computer network and a central network node of the computer network, wherein ∈>Ordinary network node for computer network->Central network node to computer network->Link capacity of links between +.>For the influence of a common network node of a computer network on the link capacity of the links connected thereto, +.>For the influence of a central network node of a computer network on the link capacity of the links connected thereto, +.>Is the%>Performance parameters->Is the%>The weight of the performance parameter on its link capacity. For example: bandwidth, transmitter power, antenna technology, etc. are all performance parameters of the link.
Step S120, in a monitoring period, carrying out timing monitoring on central network nodes in a computer network group to obtain a plurality of state parameters of the central network nodes, and carrying out random monitoring on common network nodes in the computer network group to obtain one or more state parameters of the common network nodes;
in the computer network group, because the functions executed by the central network node are more, the probability that the central network node suffers risk is higher, and the probability that the common network node suffers risk is lower, so that in a monitoring period, the central network node is monitored at regular time according to a preset interval time to obtain a plurality of state parameters of the central network node, and the common network node is monitored randomly to obtain the state parameters of one common network node or a plurality of common nodes.
Step S130, fusing a plurality of state parameters of the central network node monitored at regular time with one or more state parameters of the common network node monitored at random to obtain comprehensive state parameters of a computer network group;
specifically, according to the formulaCalculating to obtain comprehensive state parameters of a computer network group in a monitoring period; wherein (1)>For monitoring period->Internal computingComprehensive state parameters of the machine network group, +.>For monitoring period->Internal timing monitored central network node +.>Personal status parameter->For monitoring period->The state parameter with the largest value among the state parameters of the central network node monitored by the internal timing,/->For monitoring period->Status parameter total amount of central network node monitored by internal timing,/->For monitoring period->Inside random monitored generic network node +.>Personal status parameter->For monitoring period->Status parameter total amount of internal random monitored common network node,/->Status parameters for a central network nodeInfluence weight on the comprehensive status parameters of the computer network group, +.>The impact weight of the state parameters of the common network nodes on the comprehensive state parameters of the computer network group.
In the present application, the impact weight of the status parameters of the central network node on the comprehensive status parameters of the computer network groupAnd the influence weight of the state parameters of the generic network node on the integrated state parameters of the computer network group +.>The central network node is obtained by training through a neural network according to the historical state parameters of the central network node and the historical state parameters of the common network node.
Step S140, comparing the comprehensive state parameters of the computer network group with a preset threshold value;
after the comprehensive state parameters of the computer network group are obtained, the comprehensive state parameters of the computer network group are compared with a preset threshold value to determine whether the current state of the computer network group is in a dangerous state or a safe state, so that a basis is provided for the following operation. The preset threshold value may be an empirical value, or may be a finger obtained through training of a neural network.
Step S150, if the comprehensive state parameters of the computer network subgroup exceed a preset threshold value, isolating the computer network subgroup;
if the aggregate status parameter of a computer network group exceeds a preset threshold, then it is verified that the computer network group is currently in a dangerous state, thereby isolating the computer network group from affecting the security of other computer network groups associated therewith.
Step S160, if the comprehensive state parameters of the computer network group do not exceed the preset threshold, entering the next monitoring period, continuing to monitor the central network nodes in the computer network group at regular time, and randomly monitoring the common network nodes in the computer network group;
if the comprehensive state parameters of the computer network group do not exceed the preset threshold value, the computer network group is proved to be in a safe state currently, so that the next monitoring period is entered, the central network nodes in the computer network group are continuously monitored at fixed time to obtain a plurality of state parameters of the central network nodes, and the common network nodes are continuously monitored at random to obtain the state parameters of one common network node or a plurality of common nodes.
Example two
As shown in fig. 3, fig. 3 is a schematic diagram of a network security analysis system based on big data according to an embodiment of the present application.
The present application provides a big data based network security analysis system 300, comprising: a network subgroup unit 310, a state parameter monitoring unit 320, a state parameter fusion unit 330, a comparison judging unit 340 and a network subgroup isolation unit 350.
The network subgroup grouping unit 310 groups all network nodes of the computer network to form a plurality of computer network subgroups.
Computer networks have a large number of network nodes, where the network nodes are various data processing devices, data communication control devices, and data terminal devices, common nodes are servers, personal computers, printers, workstations, trunks, switches, etc., and each network node has a unique network address. All network nodes of the computer network need to be grouped to obtain a plurality of computer network groups in the application, and the computer network referred to herein may be a local area network or a wide area network with a certain range limitation.
Specifically, the network minor group grouping unit 310 includes: a network node selection unit 311 and a network node association unit 312.
The network node selection unit 311 selects a plurality of network nodes from all network nodes of the computer network as a central network node, and the remaining network nodes of the computer network as normal network nodes.
Each network node of a computer network is provided with certain resources, for example: memory resources, hard disk resources, CPU resources, etc., and each network node in the computer network needs to occupy some of its own resources to perform basic functions, such as: perform data transfer functions, perform data storage functions, etc. However, since the resources owned by each network node of the computer network are different and the resources occupied by each network node of the computer network for performing the basic functions are also different, the resources remaining by each network node of the computer network are also different, and thus, a plurality of network nodes with sufficient remaining resources (i.e., remaining resources greater than a threshold value) are selected from all network nodes of the computer network as central network nodes, and the remaining network nodes of the computer network are regarded as ordinary network nodes in the present application.
Wherein a part of the resources of the central network node are used for executing the basic functions thereof, another part of the resources of the central network node are used for executing the group communication control strategy, and the rest of the resources of the central network node are used as idle resources, wherein the group communication control strategy is a communication strategy which all network nodes in the computer network group should follow; a part of the resources of the common network node are used for executing the basic functions thereof, and the rest of the resources of the common network node are used as idle resources.
Specifically, according to the formulaCalculating to obtain the residual resource index of the network node of the computer network; wherein (1)>Is the (th) of computer network>Remaining resource indicators of the individual network nodes; />Is a computer networkThe%>Operating state parameters of the individual network nodes, if the first of the computer network>The individual network nodes are in the operating state, < > if>1, if the computer network is +.>The individual network node is in a stopped state, then +.>Is 0; />Is->The influence factor of the resource occupancy rate of seed resources on the residual resource index; />Is the (th) of computer network>The personal network node is used to perform the basic functions +.>Resource occupancy rate of seed resources; />Is the number of resources. After the remaining resource indexes of the network nodes are obtained through calculation, a predetermined number of network nodes are selected from the network nodes of the computer network to serve as central network nodes according to the sequence from high to low of the remaining resource indexes.
The network node association unit 312 associates the common network nodes of the computer network to the central network node such that the central network node and its associated common network nodes form a computer network group.
The two network nodes may be connected by a link, for example: a physical link or a logical link, the physical link refers to an actually existing communication connection path, and the logical link refers to a network path that logically functions. Whether the two network nodes are connected by a physical link or a logical link, the two network nodes have a link capacity therebetween, wherein the link capacity is the maximum amount of information that the link can accommodate per unit time.
The capacity of the link between the common network node of the computer network and each central network node connected with the link is calculated, and the common network node of the computer network is related to the central network node corresponding to the link with the largest link capacity, so that the central network node and the related common network nodes form a computer network group.
Specifically, according to the formulaCalculating a link capacity of a link between a common network node of the computer network and a central network node of the computer network, wherein ∈>Ordinary network node for computer network->Central network node to computer network->Link capacity of links between +.>For the influence of a common network node of a computer network on the link capacity of the links connected thereto, +.>Connecting a central network node pair to a computer networkEffects of link capacity of the link, +.>Is the%>Performance parameters->Is the%>The weight of the performance parameter on its link capacity. For example: bandwidth, transmitter power, antenna technology, etc. are all performance parameters of the link.
In a monitoring period, the state parameter monitoring unit 320 performs timing monitoring on central network nodes in the computer network group to obtain a plurality of state parameters of the central network nodes, and the state parameter monitoring unit 320 performs random monitoring on common network nodes in the computer network group to obtain one or more state parameters of the common network nodes.
In the computer network group, because the functions executed by the central network node are more, the probability that the central network node suffers risk is higher, and the probability that the common network node suffers risk is lower, so that in a monitoring period, the central network node is monitored at regular time according to a preset interval time to obtain a plurality of state parameters of the central network node, and the common network node is monitored randomly to obtain the state parameters of one common network node or a plurality of common nodes.
The state parameter fusion unit 330 fuses the plurality of state parameters of the central network node monitored at regular time and one or more state parameters of the common network node monitored at random to obtain the comprehensive state parameters of the computer network group.
Specifically, according to the formulaCalculating the comprehensive state parameters of the computer network group in one monitoring periodThe method comprises the steps of carrying out a first treatment on the surface of the Wherein (1)>For monitoring period->Comprehensive status parameters of the internal computer network group, < ->For monitoring period->Internal timing monitored central network node +.>Personal status parameter->For monitoring period->The state parameter with the largest value among the state parameters of the central network node monitored by the internal timing,/->For monitoring period->Status parameter total amount of central network node monitored by internal timing,/->For monitoring period->Inside random monitored generic network node +.>Personal status parameter->For monitoring period->Status parameter total amount of internal random monitored common network node,/->For the influence weight of the status parameters of the central network node on the integrated status parameters of the computer network group,/for the central network node>The impact weight of the state parameters of the common network nodes on the comprehensive state parameters of the computer network group.
In the present application, the impact weight of the status parameters of the central network node on the comprehensive status parameters of the computer network groupAnd the influence weight of the state parameters of the generic network node on the integrated state parameters of the computer network group +.>The central network node is obtained by training through a neural network according to the historical state parameters of the central network node and the historical state parameters of the common network node.
The comparison and judgment unit 340 compares the comprehensive state parameters of the computer network subgroup with a preset threshold value.
After the comprehensive state parameters of the computer network group are obtained, the comprehensive state parameters of the computer network group are compared with a preset threshold value to determine whether the current state of the computer network group is in a dangerous state or a safe state, so that a basis is provided for the following operation. The preset threshold value may be an empirical value, or may be a finger obtained through training of a neural network.
If the aggregate status parameter of a computer network subgroup exceeds a preset threshold, the network subgroup isolation unit 350 isolates the computer network subgroup.
If the aggregate status parameter of a computer network group exceeds a preset threshold, then it is verified that the computer network group is currently in a dangerous state, thereby isolating the computer network group from affecting the security of other computer network groups associated therewith.
If the comprehensive state parameters of the computer network group do not exceed the preset threshold value, the next monitoring period is entered, and the state parameter monitoring unit 320 continues to monitor the central network nodes in the computer network group at regular time and randomly monitor the common network nodes in the computer network group.
If the comprehensive state parameters of the computer network group do not exceed the preset threshold value, the computer network group is proved to be in a safe state currently, so that the next monitoring period is entered, the central network nodes in the computer network group are continuously monitored at fixed time to obtain a plurality of state parameters of the central network nodes, and the common network nodes are continuously monitored at random to obtain the state parameters of one common network node or a plurality of common nodes.
Because the method groups all network nodes of the computer network, and monitors the central network nodes in the computer network group at regular time, and monitors the common network nodes in the computer network group at random, the timeliness of network security analysis can be ensured under the condition of explosive growth of network information, and the monitoring of all network nodes is avoided, so that other performances affecting the computer system are avoided.
It will be evident to those skilled in the art that the invention is not limited to the details of the foregoing illustrative embodiments, and that the present invention may be embodied in other specific forms without departing from the spirit or essential characteristics thereof. The present embodiments are, therefore, to be considered in all respects as illustrative and not restrictive, the scope of the invention being indicated by the appended claims rather than by the foregoing description, and all changes which come within the meaning and range of equivalency of the claims are therefore intended to be embraced therein. Any reference sign in a claim should not be construed as limiting the claim concerned.
Furthermore, it should be understood that although the present disclosure describes embodiments, not every embodiment is provided with a separate embodiment, and that this description is provided for clarity only, and that the disclosure is not limited to the embodiments described in detail below, and that the embodiments described in the examples may be combined as appropriate to form other embodiments that will be apparent to those skilled in the art.

Claims (10)

1. The network security analysis method based on big data is characterized by comprising the following steps:
step S110, grouping all network nodes of the computer network to form a plurality of computer network subgroups;
step S120, in a monitoring period, carrying out timing monitoring on central network nodes in a computer network group to obtain a plurality of state parameters of the central network nodes, and carrying out random monitoring on common network nodes in the computer network group to obtain one or more state parameters of the common network nodes;
step S130, fusing a plurality of state parameters of the central network node monitored at regular time with one or more state parameters of the common network node monitored at random to obtain comprehensive state parameters of a computer network group;
step S140, comparing the comprehensive state parameters of the computer network group with a preset threshold value;
step S150, if the comprehensive state parameters of the computer network subgroup exceed a preset threshold value, isolating the computer network subgroup;
step 160, if the comprehensive state parameter of the computer network group does not exceed the preset threshold, entering the next monitoring period, continuing to monitor the central network node in the computer network group at regular time, and randomly monitoring the common network nodes in the computer network group.
2. The big data based network security analysis method of claim 1, wherein grouping all network nodes of the computer network comprises the sub-steps of:
step S111, selecting a plurality of network nodes from all network nodes of the computer network as a central network node, and taking the rest network nodes of the computer network as common network nodes;
step S112, the ordinary network nodes of the computer network are associated to the central network node, so that the central network node and the ordinary network nodes associated with the central network node form a computer network group.
3. The method for big data based network security analysis of claim 2, wherein,
calculating to obtain the residual resource index of the network node of the computer network;
a predetermined number of network nodes are selected as central network nodes from the network nodes of the computer network in order of the remaining resource indicators from high to low.
4. A method of analyzing network security based on big data according to claim 3, wherein a part of the resources of the central network node are used for performing its basic functions, another part of the resources of the central network node are used for performing the group communication control policy, and the remaining resources of the central network node are used as free resources;
a part of the resources of the common network node are used for executing the basic functions thereof, and the rest of the resources of the common network node are used as idle resources.
5. The big data based network security analysis method of any of claims 2-4, wherein the capacity of the link between the regular network node of the computer network and each central network node to which the link is connected is calculated;
the common network node of the computer network is associated to the central network node corresponding to the link with the largest link capacity.
6. A big data based network security analysis system, comprising: the system comprises a network subgroup unit, a state parameter monitoring unit, a state parameter fusion unit, a comparison judging unit and a network subgroup isolation unit;
a network subgroup grouping unit groups all network nodes of the computer network to form a plurality of computer network subgroups;
in a monitoring period, the state parameter monitoring unit monitors central network nodes in the computer network group at regular time to obtain a plurality of state parameters of the central network nodes, and the state parameter monitoring unit monitors common network nodes in the computer network group at random to obtain one or more state parameters of the common network nodes;
the state parameter fusion unit fuses the state parameters of the central network node monitored at regular time with one or more state parameters of the common network node monitored at random to obtain comprehensive state parameters of the computer network group;
the comparison judging unit compares the comprehensive state parameters of the computer network group with a preset threshold value;
if the comprehensive state parameters of the computer network group exceed a preset threshold value, the network group isolation unit isolates the computer network group;
if the comprehensive state parameters of the computer network group do not exceed the preset threshold value, entering the next monitoring period, and continuously monitoring the central network nodes in the computer network group at regular time by the state parameter monitoring unit to randomly monitor the common network nodes in the computer network group.
7. The big data based network security analysis system of claim 6, wherein the network small group unit comprises: a network node selection unit and a network node association unit;
the network node selection unit selects a plurality of network nodes from all network nodes of the computer network as central network nodes, and takes the rest network nodes of the computer network as common network nodes;
the network node association unit associates the common network nodes of the computer network to the central network node such that the central network node and its associated common network nodes form a computer network group.
8. The big data based network security analysis system of claim 7, wherein,
calculating to obtain the residual resource index of the network node of the computer network;
a predetermined number of network nodes are selected as central network nodes from the network nodes of the computer network in order of the remaining resource indicators from high to low.
9. The big data based network security analysis system of claim 8, wherein a portion of the resources of the central network node are used to perform its basic functions, another portion of the resources of the central network node are used to perform the group communication control policy, and the remaining resources of the central network node are used as free resources;
a part of the resources of the common network node are used for executing the basic functions thereof, and the rest of the resources of the common network node are used as idle resources.
10. The big data based network security analysis system of any of claims 7-9, wherein the capacity of the link between the regular network node of the computer network and each central network node to which the link is connected is calculated;
the common network node of the computer network is associated to the central network node corresponding to the link with the largest link capacity.
CN202310560440.1A 2023-05-18 2023-05-18 Network security analysis method and system based on big data Active CN116566688B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202310560440.1A CN116566688B (en) 2023-05-18 2023-05-18 Network security analysis method and system based on big data

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202310560440.1A CN116566688B (en) 2023-05-18 2023-05-18 Network security analysis method and system based on big data

Publications (2)

Publication Number Publication Date
CN116566688A true CN116566688A (en) 2023-08-08
CN116566688B CN116566688B (en) 2023-10-17

Family

ID=87496136

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202310560440.1A Active CN116566688B (en) 2023-05-18 2023-05-18 Network security analysis method and system based on big data

Country Status (1)

Country Link
CN (1) CN116566688B (en)

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20150341379A1 (en) * 2014-05-22 2015-11-26 Accenture Global Services Limited Network anomaly detection
CN112165485A (en) * 2020-09-25 2021-01-01 山东炎黄工业设计有限公司 Intelligent prediction method for large-scale network security situation
CN114978770A (en) * 2022-07-25 2022-08-30 睿至科技集团有限公司 Internet of things security risk early warning management and control method and system based on big data
CN115412301A (en) * 2022-08-02 2022-11-29 云南电网有限责任公司信息中心 Network security prediction analysis method and system
CN116074062A (en) * 2022-12-28 2023-05-05 上海明阳信息科技有限公司 Internet-based network security test tube control system

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20150341379A1 (en) * 2014-05-22 2015-11-26 Accenture Global Services Limited Network anomaly detection
CN112165485A (en) * 2020-09-25 2021-01-01 山东炎黄工业设计有限公司 Intelligent prediction method for large-scale network security situation
CN114978770A (en) * 2022-07-25 2022-08-30 睿至科技集团有限公司 Internet of things security risk early warning management and control method and system based on big data
CN115412301A (en) * 2022-08-02 2022-11-29 云南电网有限责任公司信息中心 Network security prediction analysis method and system
CN116074062A (en) * 2022-12-28 2023-05-05 上海明阳信息科技有限公司 Internet-based network security test tube control system

Also Published As

Publication number Publication date
CN116566688B (en) 2023-10-17

Similar Documents

Publication Publication Date Title
US11799949B2 (en) Latency-based routing and load balancing in a network
EP3637708B1 (en) Network congestion processing method, device, and system
EP2907085B1 (en) Autonomic network sentinels
Yao et al. Core and spectrum allocation based on association rules mining in spectrally and spatially elastic optical networks
CN110809060B (en) Monitoring system and monitoring method for application server cluster
CN112491700A (en) Network path adjusting method, system, device, electronic equipment and storage medium
CN112866132A (en) Dynamic load balancer and method for massive identification
EP2863597B1 (en) Computer-implemented method, computer system, computer program product to manage traffic in a network
CN101442439B (en) Method for reporting interruption and PCI bus system
CN116566688B (en) Network security analysis method and system based on big data
Lin et al. Security function virtualization based moving target defense of SDN-enabled smart grid
CN101951571A (en) Short message retrying method and short message gateway
EP1627316B1 (en) Data collection in a computer cluster
CN104468337B (en) Method for message transmission and device, message management central apparatus and data center
CN114827157B (en) Cluster task processing method, device and system, electronic equipment and readable medium
US20220156113A1 (en) Network Service Load Distribution System And Method Thereof
Wang et al. Optimization on information freshness for multi‐access users with energy harvesting cognitive radio networks
CN102833093B (en) Network failure processing method, Apparatus and system
Wu et al. A scalable mutual exclusion algorithm for mobile ad hoc networks
CN111585894A (en) Network routing method and device based on weight calculation
CN103118123B (en) Based on write back data method and the system of distributed server
CN114356830B (en) Bus terminal control method, device, computer equipment and storage medium
GB2494858A (en) Managing connections to a network in a mobile device
CN115297057B (en) Network flow control method based on information management platform
Wu et al. SCASys: a smart congestion control algorithm selection system

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant