CN116566688B - Network security analysis method and system based on big data - Google Patents
Network security analysis method and system based on big data Download PDFInfo
- Publication number
- CN116566688B CN116566688B CN202310560440.1A CN202310560440A CN116566688B CN 116566688 B CN116566688 B CN 116566688B CN 202310560440 A CN202310560440 A CN 202310560440A CN 116566688 B CN116566688 B CN 116566688B
- Authority
- CN
- China
- Prior art keywords
- network
- computer network
- network node
- computer
- central
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000004458 analytical method Methods 0.000 title claims abstract description 40
- 238000012544 monitoring process Methods 0.000 claims abstract description 59
- 230000006870 function Effects 0.000 claims description 28
- 238000004891 communication Methods 0.000 claims description 19
- 230000004927 fusion Effects 0.000 claims description 6
- 238000002955 isolation Methods 0.000 claims description 6
- 238000000034 method Methods 0.000 claims 2
- 239000002360 explosive Substances 0.000 abstract description 6
- 238000012545 processing Methods 0.000 abstract description 4
- 238000013528 artificial neural network Methods 0.000 description 4
- 238000011217 control strategy Methods 0.000 description 4
- 238000005516 engineering process Methods 0.000 description 4
- 238000012549 training Methods 0.000 description 4
- 230000005540 biological transmission Effects 0.000 description 3
- 238000004364 calculation method Methods 0.000 description 3
- 238000013500 data storage Methods 0.000 description 2
- 238000010586 diagram Methods 0.000 description 2
- 238000012546 transfer Methods 0.000 description 2
- 230000002159 abnormal effect Effects 0.000 description 1
- 238000001514 detection method Methods 0.000 description 1
- 238000005206 flow analysis Methods 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
- H04L63/0227—Filtering policies
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/30—Network architectures or network communication protocols for network security for supporting lawful interception, monitoring or retaining of communications or communication related information
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/40—Network security protocols
-
- Y—GENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y02—TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
- Y02D—CLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
- Y02D30/00—Reducing energy consumption in communication networks
- Y02D30/50—Reducing energy consumption in communication networks in wire-line communication networks, e.g. low power modes or reduced link rate
Abstract
The application relates to the field of big data processing, in particular to a network security analysis method and system based on big data, comprising the following steps: in a monitoring period, carrying out timing monitoring on central network nodes in a computer network group to obtain a plurality of state parameters of the central network nodes, and carrying out random monitoring on common network nodes in the computer network group to obtain one or more state parameters of the common network nodes; fusing a plurality of state parameters of the central network node with one or more state parameters of the common network node to obtain comprehensive state parameters of a computer network group; comparing the comprehensive state parameter with a preset threshold value; and if the comprehensive state parameter exceeds a preset threshold value, isolating the computer network group. The application can ensure the timeliness of network security analysis under the condition of explosive growth of network information, and avoid affecting other performances of the computer system.
Description
Technical Field
The application relates to the field of big data processing, in particular to a network security analysis method and system based on big data.
Background
Network security, generally refers to the security of a computer network, and in fact may also refer to the security of a computer communication network. A computer network is a system in which a plurality of independent computer systems, terminal devices, and data devices distributed in a region are connected by communication means for the purpose of sharing resources, and data exchange is performed under the control of a protocol. The computer communication network is a system for interconnecting a plurality of computers with independent functions through communication equipment and transmission media and realizing information transmission and exchange among the computers under the support of communication software. Whether it is a computer network or a computer communication network, the security of the computer network needs to be ensured, so that the security of information transmission between computers can be ensured, and therefore, effective network security analysis needs to be performed, and network security risks need to be found in time.
At present, the network security detection technology is the abnormal flow analysis and calculation technology, however, with the explosive growth of network information, if a computer system performs network security analysis according to the original resources allocated for network security analysis, the analysis speed is slow, the network security risk cannot be found timely, and if the computer system allocates more resources for network security analysis, other performances of the computer system (for example, the read-write performance of the computer system, the display performance of the computer system, etc.) are affected.
Therefore, under the condition of explosive growth of network information, how to ensure timeliness of network security analysis and avoid affecting other performances of the computer system is a technical problem which needs to be solved by those skilled in the art.
Disclosure of Invention
The application provides a network security analysis method and a system based on big data, which are used for guaranteeing timeliness of network security analysis and avoiding affecting other performances of a computer system under the condition of explosive growth of network information.
In order to solve the technical problems, the application provides the following technical scheme:
a network security analysis method based on big data comprises the following steps: step S110, grouping all network nodes of the computer network to form a plurality of computer network subgroups; step S120, in a monitoring period, carrying out timing monitoring on central network nodes in a computer network group to obtain a plurality of state parameters of the central network nodes, and carrying out random monitoring on common network nodes in the computer network group to obtain one or more state parameters of the common network nodes; step S130, fusing a plurality of state parameters of the central network node monitored at regular time with one or more state parameters of the common network node monitored at random to obtain comprehensive state parameters of a computer network group; step S140, comparing the comprehensive state parameters of the computer network group with a preset threshold value; step S150, if the comprehensive state parameters of the computer network subgroup exceed a preset threshold value, isolating the computer network subgroup; step 160, if the comprehensive state parameter of the computer network group does not exceed the preset threshold, entering the next monitoring period, continuing to monitor the central network node in the computer network group at regular time, and randomly monitoring the common network nodes in the computer network group.
The network security analysis method based on big data as described above, wherein preferably all network nodes of the computer network are grouped, comprises the following sub-steps: step S111, selecting a plurality of network nodes from all network nodes of the computer network as a central network node, and taking the rest network nodes of the computer network as common network nodes; step S112, the ordinary network nodes of the computer network are associated to the central network node, so that the central network node and the ordinary network nodes associated with the central network node form a computer network group.
The network security analysis method based on big data as described above, wherein it is preferable that the remaining resource index of the network node of the computer network is calculated; a predetermined number of network nodes are selected as central network nodes from the network nodes of the computer network in order of the remaining resource indicators from high to low.
The network security analysis method based on big data as described above, wherein it is preferable that a part of resources of the central network node is used to perform its basic function, another part of resources of the central network node is used to perform the group communication control policy, and the remaining resources of the central network node are used as idle resources; a part of the resources of the common network node are used for executing the basic functions thereof, and the rest of the resources of the common network node are used as idle resources.
The big data based network security analysis method as described above, wherein it is preferable to calculate the capacity of a link between a general network node of a computer network and each central network node to which the link is connected; the common network node of the computer network is associated to the central network node corresponding to the link with the largest link capacity.
A big data based network security analysis system comprising: the system comprises a network subgroup unit, a state parameter monitoring unit, a state parameter fusion unit, a comparison judging unit and a network subgroup isolation unit; a network subgroup grouping unit groups all network nodes of the computer network to form a plurality of computer network subgroups; in a monitoring period, the state parameter monitoring unit monitors central network nodes in the computer network group at regular time to obtain a plurality of state parameters of the central network nodes, and the state parameter monitoring unit monitors common network nodes in the computer network group at random to obtain one or more state parameters of the common network nodes; the state parameter fusion unit fuses the state parameters of the central network node monitored at regular time with one or more state parameters of the common network node monitored at random to obtain comprehensive state parameters of the computer network group; the comparison judging unit compares the comprehensive state parameters of the computer network group with a preset threshold value; if the comprehensive state parameters of the computer network group exceed a preset threshold value, the network group isolation unit isolates the computer network group; if the comprehensive state parameters of the computer network group do not exceed the preset threshold value, entering the next monitoring period, and continuously monitoring the central network nodes in the computer network group at regular time by the state parameter monitoring unit to randomly monitor the common network nodes in the computer network group.
The big data based network security analysis system as described above, wherein preferably the network small group unit comprises: a network node selection unit and a network node association unit; the network node selection unit selects a plurality of network nodes from all network nodes of the computer network as central network nodes, and takes the rest network nodes of the computer network as common network nodes; the network node association unit associates the common network nodes of the computer network to the central network node such that the central network node and its associated common network nodes form a computer network group.
The network security analysis system based on big data as described above, wherein it is preferable that the remaining resource index of the network node of the computer network is calculated; a predetermined number of network nodes are selected as central network nodes from the network nodes of the computer network in order of the remaining resource indicators from high to low.
The big data based network security analysis system as described above, wherein preferably, a part of the resources of the central network node are used to perform its basic functions, another part of the resources of the central network node are used to perform the group communication control policy, and the remaining resources of the central network node are used as idle resources; a part of the resources of the common network node are used for executing the basic functions thereof, and the rest of the resources of the common network node are used as idle resources.
The big data based network security analysis system as described above, wherein it is preferable to calculate the capacity of a link between a general network node of the computer network and each central network node to which the link is connected; the common network node of the computer network is associated to the central network node corresponding to the link with the largest link capacity.
Compared with the background art, the network security analysis method and system based on big data can ensure timeliness of network security analysis under the condition of explosive growth of network information and avoid affecting other performances of a computer system.
Drawings
In order to more clearly illustrate the embodiments of the present application or the technical solutions in the prior art, the drawings used in the embodiments or the description of the prior art will be briefly described below, and it is obvious that the drawings in the following description are only some embodiments described in the present application, and other drawings may be obtained according to these drawings for a person having ordinary skill in the art.
FIG. 1 is a flow chart of a big data based network security analysis method provided by an embodiment of the present application;
FIG. 2 is a flow chart of grouping all network nodes of a computer network provided by an embodiment of the present application;
fig. 3 is a schematic diagram of a network security analysis system based on big data according to an embodiment of the present application.
Detailed Description
Embodiments of the present application are described in detail below, examples of which are illustrated in the accompanying drawings, wherein like or similar reference numerals refer to like or similar elements or elements having like or similar functions throughout. The embodiments described below by referring to the drawings are illustrative only and are not to be construed as limiting the application.
Example 1
As shown in fig. 1, fig. 1 is a flowchart of a network security analysis method based on big data according to an embodiment of the present application.
The application provides a network security analysis method based on big data, which comprises the following steps:
step S110, grouping all network nodes of the computer network to form a plurality of computer network subgroups;
computer networks have a large number of network nodes, where the network nodes are various data processing devices, data communication control devices, and data terminal devices, common nodes are servers, personal computers, printers, workstations, trunks, switches, etc., and each network node has a unique network address. All network nodes of the computer network are required to be grouped to obtain a plurality of computer network groups in the application, and the computer network can be a local area network or a wide area network with a certain range limitation.
Specifically, as shown in fig. 2, all network nodes of the computer network are grouped, including the following sub-steps:
step S111, selecting a plurality of network nodes from all network nodes of the computer network as a central network node, and taking the rest network nodes of the computer network as common network nodes;
each network node of a computer network is provided with certain resources, for example: memory resources, hard disk resources, CPU resources, etc., and each network node in the computer network needs to occupy some of its own resources to perform basic functions, such as: perform data transfer functions, perform data storage functions, etc. However, since the resources owned by each network node of the computer network are different and the resources occupied by each network node of the computer network for performing the basic functions are also different, the resources remaining by each network node of the computer network are also different, and thus a plurality of network nodes with sufficient remaining resources (i.e., remaining resources greater than a threshold value) are selected from all network nodes of the computer network as central network nodes, while the remaining network nodes of the computer network are regarded as ordinary network nodes in the present application.
Wherein a part of the resources of the central network node are used for executing the basic functions thereof, another part of the resources of the central network node are used for executing the group communication control strategy, and the rest of the resources of the central network node are used as idle resources, wherein the group communication control strategy is a communication strategy which all network nodes in the computer network group should follow; a part of the resources of the common network node are used for executing the basic functions thereof, and the rest of the resources of the common network node are used as idle resources.
Specifically, according to the formulaCalculating to obtain the residual resource index of the network node of the computer network; wherein (1)>Is the (th) of computer network>Remaining resource indicators of the individual network nodes; />Is the (th) of computer network>Operating state parameters of the individual network nodes, if the first of the computer network>The individual network nodes are in the operating state, < > if>1, if the computer network is +.>The individual network node is in a stopped state, then +.>Is 0; />Is->Resource occupancy of seed resources to remaining resourcesAn influence factor of the source index; />Is the (th) of computer network>The personal network node is used to perform the basic functions +.>Resource occupancy rate of seed resources; />Is the number of resources. After the remaining resource indexes of the network nodes are obtained through calculation, a predetermined number of network nodes are selected from the network nodes of the computer network to serve as central network nodes according to the sequence from high to low of the remaining resource indexes.
Step S112, the common network nodes of the computer network are associated to the central network node, so that the central network node and the associated common network nodes form a computer network group;
the two network nodes may be connected by a link, for example: a physical link or a logical link, the physical link refers to an actually existing communication connection path, and the logical link refers to a network path that logically functions. Whether the two network nodes are connected by a physical link or a logical link, the two network nodes have a link capacity therebetween, wherein the link capacity is the maximum amount of information that the link can accommodate per unit time.
The capacity of the link between the common network node of the computer network and each central network node connected with the link is calculated, and the common network node of the computer network is related to the central network node corresponding to the link with the largest link capacity, so that the central network node and the related common network nodes form a computer network group.
Specifically, according to the formulaComputer network obtained by calculationLink capacity of a link between a normal network node of a network and a central network node of a computer network, wherein ∈>Ordinary network node for computer network->Central network node to computer network->Link capacity of links between +.>For the influence of a common network node of a computer network on the link capacity of the links connected thereto, +.>For the influence of a central network node of a computer network on the link capacity of the links connected thereto, +.>Is the%>Performance parameters->Is the%>The weight of the performance parameter on its link capacity. For example: bandwidth, transmitter power, antenna technology, etc. are all performance parameters of the link.
Step S120, in a monitoring period, carrying out timing monitoring on central network nodes in a computer network group to obtain a plurality of state parameters of the central network nodes, and carrying out random monitoring on common network nodes in the computer network group to obtain one or more state parameters of the common network nodes;
in the computer network group, because the functions executed by the central network node are more, the probability that the central network node suffers risk is higher, and the probability that the common network node suffers risk is lower, so that in a monitoring period, the central network node is monitored at regular time according to a preset interval time to obtain a plurality of state parameters of the central network node, and the common network node is monitored randomly to obtain the state parameters of one common network node or a plurality of common nodes.
Step S130, fusing a plurality of state parameters of the central network node monitored at regular time with one or more state parameters of the common network node monitored at random to obtain comprehensive state parameters of a computer network group;
specifically, according to the formulaCalculating to obtain comprehensive state parameters of a computer network group in a monitoring period; wherein (1)>For monitoring period->Comprehensive status parameters of the internal computer network group, < ->For monitoring period->Internal timing monitored central network node +.>Personal status parameter->For monitoring period->The state parameter with the largest value among the state parameters of the central network node monitored by the internal timing,/->For monitoring period->Status parameter total amount of central network node monitored by internal timing,/->For monitoring period->Inside random monitored generic network node +.>Personal status parameter->For monitoring period->Status parameter total amount of internal random monitored common network node,/->For the influence weight of the status parameters of the central network node on the integrated status parameters of the computer network group,/for the central network node>The impact weight of the state parameters of the common network nodes on the comprehensive state parameters of the computer network group.
In the present application, the influence weight of the state parameters of the central network node on the comprehensive state parameters of the computer network groupAnd the influence weight of the state parameters of the generic network node on the integrated state parameters of the computer network group +.>All according to the historical state parameters of the central network node and the historical state parameters of the common network nodeAnd training the neural network.
Step S140, comparing the comprehensive state parameters of the computer network group with a preset threshold value;
after the comprehensive state parameters of the computer network group are obtained, the comprehensive state parameters of the computer network group are compared with a preset threshold value to determine whether the current state of the computer network group is in a dangerous state or a safe state, so that a basis is provided for the following operation. The preset threshold value may be an empirical value, or may be a finger obtained through training of a neural network.
Step S150, if the comprehensive state parameters of the computer network subgroup exceed a preset threshold value, isolating the computer network subgroup;
if the aggregate status parameter of a computer network group exceeds a preset threshold, then it is verified that the computer network group is currently in a dangerous state, thereby isolating the computer network group from affecting the security of other computer network groups associated therewith.
Step S160, if the comprehensive state parameters of the computer network group do not exceed the preset threshold, entering the next monitoring period, continuing to monitor the central network nodes in the computer network group at regular time, and randomly monitoring the common network nodes in the computer network group;
if the comprehensive state parameters of the computer network group do not exceed the preset threshold value, the computer network group is proved to be in a safe state currently, so that the next monitoring period is entered, the central network nodes in the computer network group are continuously monitored at fixed time to obtain a plurality of state parameters of the central network nodes, and the common network nodes are continuously monitored at random to obtain the state parameters of one common network node or a plurality of common nodes.
Example two
Fig. 3 is a schematic diagram of a network security analysis system based on big data according to an embodiment of the present application, as shown in fig. 3.
The application provides a network security analysis system 300 based on big data, comprising: a network subgroup unit 310, a state parameter monitoring unit 320, a state parameter fusion unit 330, a comparison judging unit 340 and a network subgroup isolation unit 350.
The network subgroup grouping unit 310 groups all network nodes of the computer network to form a plurality of computer network subgroups.
Computer networks have a large number of network nodes, where the network nodes are various data processing devices, data communication control devices, and data terminal devices, common nodes are servers, personal computers, printers, workstations, trunks, switches, etc., and each network node has a unique network address. All network nodes of the computer network are required to be grouped to obtain a plurality of computer network groups in the application, and the computer network can be a local area network or a wide area network with a certain range limitation.
Specifically, the network minor group grouping unit 310 includes: a network node selection unit 311 and a network node association unit 312.
The network node selection unit 311 selects a plurality of network nodes from all network nodes of the computer network as a central network node, and the remaining network nodes of the computer network as normal network nodes.
Each network node of a computer network is provided with certain resources, for example: memory resources, hard disk resources, CPU resources, etc., and each network node in the computer network needs to occupy some of its own resources to perform basic functions, such as: perform data transfer functions, perform data storage functions, etc. However, since the resources owned by each network node of the computer network are different and the resources occupied by each network node of the computer network for performing the basic functions are also different, the resources remaining by each network node of the computer network are also different, and thus a plurality of network nodes with sufficient remaining resources (i.e., remaining resources greater than a threshold value) are selected from all network nodes of the computer network as central network nodes, while the remaining network nodes of the computer network are regarded as ordinary network nodes in the present application.
Wherein a part of the resources of the central network node are used for executing the basic functions thereof, another part of the resources of the central network node are used for executing the group communication control strategy, and the rest of the resources of the central network node are used as idle resources, wherein the group communication control strategy is a communication strategy which all network nodes in the computer network group should follow; a part of the resources of the common network node are used for executing the basic functions thereof, and the rest of the resources of the common network node are used as idle resources.
Specifically, according to the formulaCalculating to obtain the residual resource index of the network node of the computer network; wherein (1)>Is the (th) of computer network>Remaining resource indicators of the individual network nodes; />Is the (th) of computer network>Operating state parameters of the individual network nodes, if the first of the computer network>The individual network nodes are in the operating state, < > if>1, if the computer network is +.>The individual network node is in a stopped state, then +.>Is 0; />Is->The influence factor of the resource occupancy rate of seed resources on the residual resource index; />Is the (th) of computer network>The personal network node is used to perform the basic functions +.>Resource occupancy rate of seed resources; />Is the number of resources. After the remaining resource indexes of the network nodes are obtained through calculation, a predetermined number of network nodes are selected from the network nodes of the computer network to serve as central network nodes according to the sequence from high to low of the remaining resource indexes.
The network node association unit 312 associates the common network nodes of the computer network to the central network node such that the central network node and its associated common network nodes form a computer network group.
The two network nodes may be connected by a link, for example: a physical link or a logical link, the physical link refers to an actually existing communication connection path, and the logical link refers to a network path that logically functions. Whether the two network nodes are connected by a physical link or a logical link, the two network nodes have a link capacity therebetween, wherein the link capacity is the maximum amount of information that the link can accommodate per unit time.
The capacity of the link between the common network node of the computer network and each central network node connected with the link is calculated, and the common network node of the computer network is related to the central network node corresponding to the link with the largest link capacity, so that the central network node and the related common network nodes form a computer network group.
Specifically, according to the formulaCalculating a link capacity of a link between a common network node of the computer network and a central network node of the computer network, wherein ∈>Ordinary network node for computer network->Central network node to computer network->Link capacity of links between +.>For the influence of a common network node of a computer network on the link capacity of the links connected thereto, +.>For the influence of a central network node of a computer network on the link capacity of the links connected thereto, +.>Is the%>Performance parameters->Is the%>The weight of the performance parameter on its link capacity. For example: bandwidth, transmitter power, antenna technology, etc. are all performance parameters of the link.
In a monitoring period, the state parameter monitoring unit 320 performs timing monitoring on central network nodes in the computer network group to obtain a plurality of state parameters of the central network nodes, and the state parameter monitoring unit 320 performs random monitoring on common network nodes in the computer network group to obtain one or more state parameters of the common network nodes.
In the computer network group, because the functions executed by the central network node are more, the probability that the central network node suffers risk is higher, and the probability that the common network node suffers risk is lower, so that in a monitoring period, the central network node is monitored at regular time according to a preset interval time to obtain a plurality of state parameters of the central network node, and the common network node is monitored randomly to obtain the state parameters of one common network node or a plurality of common nodes.
The state parameter fusion unit 330 fuses the plurality of state parameters of the central network node monitored at regular time and one or more state parameters of the common network node monitored at random to obtain the comprehensive state parameters of the computer network group.
Specifically, according to the formulaCalculating to obtain comprehensive state parameters of a computer network group in a monitoring period; wherein (1)>For monitoring period->Comprehensive status parameters of the internal computer network group, < ->For monitoring period->Internal timing monitored central network node +.>Personal status parameter->For monitoring period->The state parameter with the largest value among the state parameters of the central network node monitored by the internal timing,/->For monitoring period->Status parameter total amount of central network node monitored by internal timing,/->For monitoring period->Inside random monitored generic network node +.>Personal status parameter->For monitoring period->Status parameter total amount of internal random monitored common network node,/->For the influence weight of the status parameters of the central network node on the integrated status parameters of the computer network group,/for the central network node>The impact weight of the state parameters of the common network nodes on the comprehensive state parameters of the computer network group.
In the present application, the influence weight of the state parameters of the central network node on the comprehensive state parameters of the computer network groupAnd a common networkInfluence weight of the status parameters of the nodes on the integrated status parameters of the computer network group>The central network node is obtained by training through a neural network according to the historical state parameters of the central network node and the historical state parameters of the common network node.
The comparison and judgment unit 340 compares the comprehensive state parameters of the computer network subgroup with a preset threshold value.
After the comprehensive state parameters of the computer network group are obtained, the comprehensive state parameters of the computer network group are compared with a preset threshold value to determine whether the current state of the computer network group is in a dangerous state or a safe state, so that a basis is provided for the following operation. The preset threshold value may be an empirical value, or may be a finger obtained through training of a neural network.
If the aggregate status parameter of a computer network subgroup exceeds a preset threshold, the network subgroup isolation unit 350 isolates the computer network subgroup.
If the aggregate status parameter of a computer network group exceeds a preset threshold, then it is verified that the computer network group is currently in a dangerous state, thereby isolating the computer network group from affecting the security of other computer network groups associated therewith.
If the comprehensive state parameters of the computer network group do not exceed the preset threshold value, the next monitoring period is entered, and the state parameter monitoring unit 320 continues to monitor the central network nodes in the computer network group at regular time and randomly monitor the common network nodes in the computer network group.
If the comprehensive state parameters of the computer network group do not exceed the preset threshold value, the computer network group is proved to be in a safe state currently, so that the next monitoring period is entered, the central network nodes in the computer network group are continuously monitored at fixed time to obtain a plurality of state parameters of the central network nodes, and the common network nodes are continuously monitored at random to obtain the state parameters of one common network node or a plurality of common nodes.
The application groups all network nodes of the computer network, and monitors the central network nodes in the computer network group at regular time, and monitors the common network nodes in the computer network group at random, thereby ensuring the timeliness of network security analysis under the condition of explosive growth of network information, and avoiding monitoring all network nodes, thereby avoiding affecting other performances of the computer system.
It will be evident to those skilled in the art that the application is not limited to the details of the foregoing illustrative embodiments, and that the present application may be embodied in other specific forms without departing from the spirit or essential characteristics thereof. The present embodiments are, therefore, to be considered in all respects as illustrative and not restrictive, the scope of the application being indicated by the appended claims rather than by the foregoing description, and all changes which come within the meaning and range of equivalency of the claims are therefore intended to be embraced therein. Any reference sign in a claim should not be construed as limiting the claim concerned.
Furthermore, it should be understood that although the present disclosure describes embodiments, not every embodiment is provided with a separate embodiment, and that this description is provided for clarity only, and that the disclosure is not limited to the embodiments described in detail below, and that the embodiments described in the examples may be combined as appropriate to form other embodiments that will be apparent to those skilled in the art.
Claims (8)
1. The network security analysis method based on big data is characterized by comprising the following steps:
step S110, grouping all network nodes of the computer network to form a plurality of computer network subgroups;
grouping all network nodes of a computer network, comprising the sub-steps of:
step S111, selecting a plurality of network nodes with residual resources larger than a threshold value from all network nodes of the computer network as a central network node, and taking the residual network nodes of the computer network as common network nodes;
step S112, the common network nodes of the computer network are associated to the central network node, so that the central network node and the associated common network nodes form a computer network group;
step S120, in a monitoring period, carrying out timing monitoring on central network nodes in a computer network group to obtain a plurality of state parameters of the central network nodes, and carrying out random monitoring on common network nodes in the computer network group to obtain one or more state parameters of the common network nodes;
step S130, fusing a plurality of state parameters of the central network node monitored at regular time with one or more state parameters of the common network node monitored at random to obtain comprehensive state parameters of a computer network group;
step S140, comparing the comprehensive state parameters of the computer network group with a preset threshold value;
step S150, if the comprehensive state parameters of the computer network subgroup exceed a preset threshold value, isolating the computer network subgroup;
step 160, if the comprehensive state parameter of the computer network group does not exceed the preset threshold, entering the next monitoring period, continuing to monitor the central network node in the computer network group at regular time, and randomly monitoring the common network nodes in the computer network group.
2. The method for big data based network security analysis of claim 1,
calculating to obtain the residual resource index of the network node of the computer network;
a predetermined number of network nodes are selected as central network nodes from the network nodes of the computer network in order of the remaining resource indicators from high to low.
3. The big data based network security analysis method of claim 2, wherein a part of resources of the central network node are used to perform its basic functions, another part of resources of the central network node are used to perform the group communication control policy, and the remaining resources of the central network node are used as idle resources;
a part of the resources of the common network node are used for executing the basic functions thereof, and the rest of the resources of the common network node are used as idle resources.
4. A method of big data based network security analysis according to any of the claims 1-3, characterized in that the capacity of the link between a common network node of the computer network and each central network node to which the link is connected is calculated;
the common network node of the computer network is associated to the central network node corresponding to the link with the largest link capacity.
5. A big data based network security analysis system, comprising: the system comprises a network subgroup unit, a state parameter monitoring unit, a state parameter fusion unit, a comparison judging unit and a network subgroup isolation unit;
a network subgroup grouping unit groups all network nodes of the computer network to form a plurality of computer network subgroups;
the network group grouping unit comprises: a network node selection unit and a network node association unit;
the network node selection unit selects a plurality of network nodes with residual resources larger than a threshold value from all network nodes of the computer network as central network nodes, and takes the residual network nodes of the computer network as common network nodes;
the network node association unit associates the common network nodes of the computer network to the central network node so that the central network node and the common network nodes associated with the central network node form a computer network group;
in a monitoring period, the state parameter monitoring unit monitors central network nodes in the computer network group at regular time to obtain a plurality of state parameters of the central network nodes, and the state parameter monitoring unit monitors common network nodes in the computer network group at random to obtain one or more state parameters of the common network nodes;
the state parameter fusion unit fuses the state parameters of the central network node monitored at regular time with one or more state parameters of the common network node monitored at random to obtain comprehensive state parameters of the computer network group;
the comparison judging unit compares the comprehensive state parameters of the computer network group with a preset threshold value;
if the comprehensive state parameters of the computer network group exceed a preset threshold value, the network group isolation unit isolates the computer network group;
if the comprehensive state parameters of the computer network group do not exceed the preset threshold value, entering the next monitoring period, and continuously monitoring the central network nodes in the computer network group at regular time by the state parameter monitoring unit to randomly monitor the common network nodes in the computer network group.
6. The big data based network security analysis system of claim 5, wherein,
calculating to obtain the residual resource index of the network node of the computer network;
a predetermined number of network nodes are selected as central network nodes from the network nodes of the computer network in order of the remaining resource indicators from high to low.
7. The big data based network security analysis system of claim 6, wherein a portion of the resources of the central network node are used to perform its basic functions, another portion of the resources of the central network node are used to perform the group communication control policy, and the remaining resources of the central network node are used as free resources;
a part of the resources of the common network node are used for executing the basic functions thereof, and the rest of the resources of the common network node are used as idle resources.
8. The big data based network security analysis system of any of claims 5-7, wherein the capacity of the link between the regular network node of the computer network and each central network node to which the link is connected is calculated;
the common network node of the computer network is associated to the central network node corresponding to the link with the largest link capacity.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202310560440.1A CN116566688B (en) | 2023-05-18 | 2023-05-18 | Network security analysis method and system based on big data |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202310560440.1A CN116566688B (en) | 2023-05-18 | 2023-05-18 | Network security analysis method and system based on big data |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN116566688A CN116566688A (en) | 2023-08-08 |
| CN116566688B true CN116566688B (en) | 2023-10-17 |
Family
ID=87496136
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202310560440.1A Active CN116566688B (en) | 2023-05-18 | 2023-05-18 | Network security analysis method and system based on big data |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN116566688B (en) |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112165485A (en) * | 2020-09-25 | 2021-01-01 | 山东炎黄工业设计有限公司 | Intelligent prediction method for large-scale network security situation |
| CN114978770A (en) * | 2022-07-25 | 2022-08-30 | 睿至科技集团有限公司 | Internet of things security risk early warning management and control method and system based on big data |
| CN115412301A (en) * | 2022-08-02 | 2022-11-29 | 云南电网有限责任公司信息中心 | Network security prediction analysis method and system |
| CN116074062A (en) * | 2022-12-28 | 2023-05-05 | 上海明阳信息科技有限公司 | Internet-based network security test tube control system |
Family Cites Families (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US9503467B2 (en) * | 2014-05-22 | 2016-11-22 | Accenture Global Services Limited | Network anomaly detection |
-
2023
- 2023-05-18 CN CN202310560440.1A patent/CN116566688B/en active Active
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112165485A (en) * | 2020-09-25 | 2021-01-01 | 山东炎黄工业设计有限公司 | Intelligent prediction method for large-scale network security situation |
| CN114978770A (en) * | 2022-07-25 | 2022-08-30 | 睿至科技集团有限公司 | Internet of things security risk early warning management and control method and system based on big data |
| CN115412301A (en) * | 2022-08-02 | 2022-11-29 | 云南电网有限责任公司信息中心 | Network security prediction analysis method and system |
| CN116074062A (en) * | 2022-12-28 | 2023-05-05 | 上海明阳信息科技有限公司 | Internet-based network security test tube control system |
Also Published As
| Publication number | Publication date |
|---|---|
| CN116566688A (en) | 2023-08-08 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US11799949B2 (en) | Latency-based routing and load balancing in a network | |
| EP3637708B1 (en) | Network congestion processing method, device, and system | |
| US20090234908A1 (en) | Data transmission queuing using fault prediction | |
| EP2907085B1 (en) | Autonomic network sentinels | |
| Yao et al. | Core and spectrum allocation based on association rules mining in spectrally and spatially elastic optical networks | |
| CN104243405A (en) | Request processing method, device and system | |
| EP3993346B1 (en) | Method and device for distributed data storage | |
| CN114221994B (en) | Dynamic allocation method for PCIE (peripheral component interface express) password card virtualized resources | |
| CN112866132A (en) | Dynamic load balancer and method for massive identification | |
| US9462521B2 (en) | Data center network provisioning method and system thereof | |
| CA2857727C (en) | Computer-implemented method, computer system, computer program product to manage traffic in a network | |
| CN116566688B (en) | Network security analysis method and system based on big data | |
| CN101442439B (en) | Method for reporting interruption and PCI bus system | |
| CN116909953A (en) | Multipath planning method, device and medium | |
| CN101695049A (en) | Method and device for processing businesses in monitoring system | |
| EP1627316B1 (en) | Data collection in a computer cluster | |
| CN104468337B (en) | Method for message transmission and device, message management central apparatus and data center | |
| CN116701485A (en) | System optimization device, method, equipment and medium based on distributed retrieval system | |
| CN115766201A (en) | Solution for rapidly blocking large number of IP addresses | |
| CN105323320B (en) | A kind of method and device of content distribution | |
| Wang et al. | Optimization on information freshness for multi‐access users with energy harvesting cognitive radio networks | |
| CN111585894A (en) | Network routing method and device based on weight calculation | |
| GB2494858A (en) | Managing connections to a network in a mobile device | |
| CN103118123B (en) | Based on write back data method and the system of distributed server | |
| CN114356830B (en) | Bus terminal control method, device, computer equipment and storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |