CN116915509A - Flow alarm processing method and device, computer equipment and storage medium - Google Patents
Flow alarm processing method and device, computer equipment and storage medium Download PDFInfo
- Publication number
- CN116915509A CN116915509A CN202311175235.XA CN202311175235A CN116915509A CN 116915509 A CN116915509 A CN 116915509A CN 202311175235 A CN202311175235 A CN 202311175235A CN 116915509 A CN116915509 A CN 116915509A
- Authority
- CN
- China
- Prior art keywords
- analysis
- flow
- flow alarm
- server
- task
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000003672 processing method Methods 0.000 title claims abstract description 23
- 238000003860 storage Methods 0.000 title claims abstract description 17
- 238000004458 analytical method Methods 0.000 claims abstract description 267
- 238000012545 processing Methods 0.000 claims abstract description 37
- 238000000034 method Methods 0.000 claims abstract description 36
- 238000001514 detection method Methods 0.000 claims description 42
- 230000005856 abnormality Effects 0.000 claims description 17
- 230000004044 response Effects 0.000 claims description 15
- 238000004590 computer program Methods 0.000 claims description 9
- 238000012216 screening Methods 0.000 claims description 5
- 238000010586 diagram Methods 0.000 description 8
- 230000002159 abnormal effect Effects 0.000 description 6
- 238000004891 communication Methods 0.000 description 5
- 230000006870 function Effects 0.000 description 5
- 238000009826 distribution Methods 0.000 description 4
- 230000000694 effects Effects 0.000 description 4
- 230000008569 process Effects 0.000 description 4
- 230000006399 behavior Effects 0.000 description 3
- 230000008878 coupling Effects 0.000 description 3
- 238000010168 coupling process Methods 0.000 description 3
- 238000005859 coupling reaction Methods 0.000 description 3
- 238000013475 authorization Methods 0.000 description 2
- 238000012544 monitoring process Methods 0.000 description 2
- 239000004065 semiconductor Substances 0.000 description 2
- 238000006467 substitution reaction Methods 0.000 description 2
- 206010000117 Abnormal behaviour Diseases 0.000 description 1
- 241000700605 Viruses Species 0.000 description 1
- 230000015556 catabolic process Effects 0.000 description 1
- 238000006731 degradation reaction Methods 0.000 description 1
- 230000001934 delay Effects 0.000 description 1
- ZXQYGBMAQZUVMI-GCMPRSNUSA-N gamma-cyhalothrin Chemical compound CC1(C)[C@@H](\C=C(/Cl)C(F)(F)F)[C@H]1C(=O)O[C@H](C#N)C1=CC=CC(OC=2C=CC=CC=2)=C1 ZXQYGBMAQZUVMI-GCMPRSNUSA-N 0.000 description 1
- 230000036541 health Effects 0.000 description 1
- 230000003993 interaction Effects 0.000 description 1
- 230000001788 irregular Effects 0.000 description 1
- 238000004519 manufacturing process Methods 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 238000012806 monitoring device Methods 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 238000005457 optimization Methods 0.000 description 1
- 238000011160 research Methods 0.000 description 1
- 238000012546 transfer Methods 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1425—Traffic logging, e.g. anomaly detection
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
- H04L41/06—Management of faults, events, alarms or notifications
- H04L41/0631—Management of faults, events, alarms or notifications using root cause analysis; using analysis of correlation between notifications, alarms or events based on decision criteria, e.g. hierarchy, tree or time analysis
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/20—Network architectures or network communication protocols for network security for managing network security; network security policies in general
Abstract
The disclosure provides a flow alarm processing method, a flow alarm processing device, computer equipment and a storage medium, and relates to the technical field of computers. The method can utilize the flow alarm analysis request of the client to generate a flow alarm analysis task, acquire an analysis result corresponding to the flow alarm analysis task, and feed back the analysis result to the client through the server, so that the method can help a user of the client to analyze the flow alarm information and help the user of the client to apply the flow alarm information to network security.
Description
Technical Field
The disclosure relates to the technical field of computers, and in particular relates to a flow alarm processing method, a flow alarm processing device, computer equipment and a storage medium.
Background
Network traffic detection devices are a tool for monitoring and analyzing data traffic on a computer network. These devices are commonly used for network security, performance optimization, and resource management purposes. They can help users identify unusual activity, monitor network performance, manage bandwidth, and deal with network attacks. When the network flow detection device identifies an abnormality, the network flow detection device can generate flow alarm information which can help a user identify and cope with potential network security risks in time.
However, to understand and make efficient use of the traffic alert information, a user is required to have a certain degree of network security knowledge, and without such knowledge, the network traffic monitoring device is difficult to function.
Disclosure of Invention
The embodiment of the disclosure at least provides a flow alarm processing method, a flow alarm processing device, computer equipment and a storage medium.
In a first aspect, an embodiment of the present disclosure provides a flow alert processing method, applied to a server, where the method includes:
acquiring a flow alarm analysis request sent by a client; the flow alarm analysis request carries the flow alarm information of the client; the flow alarm information is generated by the network flow detection equipment of the client side aiming at the detected abnormality;
generating a flow alarm analysis task to be processed based on the flow alarm analysis request;
acquiring an analysis report corresponding to the flow alarm analysis task;
and sending the analysis report to the client so that the client can display the analysis report.
In an alternative embodiment, the flow alert analysis request further indicates analysis requirement information; the analysis demand information indicates that there is at least one problem to be analyzed; and indicating an analysis result corresponding to the problem to be analyzed in the analysis report.
In an alternative embodiment, the server includes a plurality of sub-servers; the obtaining the analysis report corresponding to the flow alarm analysis task includes:
screening out a target sub-server from the plurality of sub-servers, and distributing the traffic alarm analysis task to the target sub-server;
and acquiring an analysis report corresponding to the flow alarm analysis task by using the target sub-server.
In an alternative embodiment, the screening the target sub-server from the plurality of sub-servers includes:
acquiring allocation influence information of the plurality of sub-servers; the allocation influence information comprises the number of tasks allocated to the sub-server and/or the information of the analysis field of the sub-server;
and determining the target sub-server from the plurality of sub-servers based on the traffic alert analysis task and the allocation impact information.
In an optional implementation manner, the obtaining, by using the target sub-server, an analysis report corresponding to the traffic alert analysis task includes:
displaying a task processing page by using the target sub-server in response to task processing operation; a first area in the task processing page displays task information corresponding to a flow alarm analysis task distributed by a server, and a second area in the task processing page is used for acquiring an analysis report corresponding to the flow alarm analysis task;
the analysis report is obtained from the second region in response to a report submission operation.
In an alternative embodiment, after the flow alert analysis task is assigned to the target sub-server, the method further includes:
and sending a task allocation notification to the target sub-server, and displaying the task allocation notification by using the target sub-server.
In a second aspect, an embodiment of the present disclosure further provides another flow alert processing method, applied to a client, where the method includes:
in response to the detection of the abnormality by the network flow detection device, acquiring and displaying flow alarm information generated by the network flow detection device;
responding to a flow alarm analysis operation, and generating a flow alarm analysis request carrying the flow alarm information;
the flow alarm analysis request is sent to a server, so that the server generates a flow alarm analysis task corresponding to the flow alarm analysis request, the flow alarm analysis task is distributed to sub-servers, and an analysis report corresponding to the flow alarm analysis task is obtained;
the analysis report is obtained and presented.
In an alternative embodiment, the generating, in response to a flow alert analysis operation, a flow alert analysis request carrying the flow alert information includes:
responding to a flow alarm analysis operation, and displaying a problem input page; the problem input page is used for acquiring at least one problem to be analyzed;
and responding to the problem submitting operation, generating a flow report analysis request carrying the flow alarm information and at least one problem to be analyzed, which is acquired from the problem input page.
In a third aspect, an embodiment of the present disclosure further provides a flow alert processing apparatus, including:
the first acquisition module is used for acquiring a flow alarm analysis request sent by the client; the flow alarm analysis request carries the flow alarm information of the client; the flow alarm information is generated by the network flow detection equipment of the client side aiming at the detected abnormality;
the first generation module is used for generating a flow alarm analysis task to be processed based on the flow alarm analysis request;
the second acquisition module is used for acquiring an analysis report corresponding to the flow alarm analysis task;
and the first sending module is used for sending the analysis report to the client so that the client can display the analysis report.
In a fourth aspect, an embodiment of the present disclosure further provides another flow alert processing apparatus, including:
the third acquisition module is used for responding to the detection of the abnormality by the network flow detection equipment and acquiring and displaying the flow alarm information generated by the network flow detection equipment;
the second generation module is used for responding to the flow alarm analysis operation and generating a flow alarm analysis request carrying the flow alarm information;
the second sending module is used for sending the flow alarm analysis request to a server so that the server generates a flow alarm analysis task corresponding to the flow alarm analysis request and acquires an analysis report corresponding to the flow alarm analysis task;
and the display module is used for acquiring and displaying the analysis report.
In a fifth aspect, an optional implementation manner of the disclosure further provides a computer device, a processor, and a memory, where the memory stores machine-readable instructions executable by the processor, and the processor is configured to execute the machine-readable instructions stored in the memory, and when executed by the processor, the machine-readable instructions perform the steps in the first aspect, or any of the possible implementation manners of the first aspect, or perform the steps in the second aspect, or any of the possible implementation manners of the second aspect.
In a sixth aspect, an optional implementation manner of the disclosure further provides a computer readable storage medium, where a computer program is stored, the computer program when executed performs the steps of the first aspect, or any of the possible implementation manners of the first aspect, or performs the steps of the second aspect, or any of the possible implementation manners of the second aspect.
The description of the effects of the flow alert processing apparatus, the computer device, and the computer-readable storage medium is referred to the description of the flow alert processing method, and is not repeated here.
It is to be understood that both the foregoing general description and the following detailed description are exemplary and explanatory only and are not restrictive of the aspects of the disclosure.
The flow alarm processing method, the flow alarm processing device, the computer equipment and the storage medium provided by the embodiment of the disclosure can utilize the flow alarm analysis request of the client to generate the flow alarm analysis task, acquire the analysis report of the flow alarm analysis task, and feed back the analysis report to the client through the server, so that a user of the client can be helped to analyze the flow alarm information, and the user of the client is helped to apply the flow alarm information to network security.
The foregoing objects, features and advantages of the disclosure will be more readily apparent from the following detailed description of the preferred embodiments taken in conjunction with the accompanying drawings.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present disclosure, the drawings required for the embodiments are briefly described below, which are incorporated in and constitute a part of the specification, these drawings showing embodiments consistent with the present disclosure and together with the description serve to illustrate the technical solutions of the present disclosure. It is to be understood that the following drawings illustrate only certain embodiments of the present disclosure and are therefore not to be considered limiting of its scope, for the person of ordinary skill in the art may admit to other equally relevant drawings without inventive effort.
FIG. 1 illustrates a schematic diagram of a flow alert processing system provided by some embodiments of the present disclosure;
FIG. 2 illustrates a flow chart of a flow alert processing method provided by some embodiments of the present disclosure;
FIG. 3 illustrates a flow chart of another flow alert processing method provided by some embodiments of the present disclosure;
FIG. 4 illustrates a schematic diagram of a flow alert processing apparatus provided by some embodiments of the present disclosure;
FIG. 5 illustrates a schematic diagram of another flow alert processing apparatus provided by some embodiments of the present disclosure;
fig. 6 illustrates a schematic diagram of a computer device provided by some embodiments of the present disclosure.
Detailed Description
For the purposes of making the objects, technical solutions and advantages of the embodiments of the present disclosure more apparent, the technical solutions in the embodiments of the present disclosure will be clearly and completely described below with reference to the drawings in the embodiments of the present disclosure, and it is apparent that the described embodiments are only some embodiments of the present disclosure, but not all embodiments. The components of the disclosed embodiments generally described and illustrated herein may be arranged and designed in a wide variety of different configurations. Thus, the following detailed description of the embodiments of the present disclosure is not intended to limit the scope of the disclosure, as claimed, but is merely representative of selected embodiments of the disclosure. All other embodiments, which can be made by those skilled in the art based on the embodiments of this disclosure without making any inventive effort, are intended to be within the scope of this disclosure.
According to research, if a user needs to understand and effectively utilize the flow alarm information generated by the network flow detection device, the user needs to have a certain degree of network security knowledge, and the network flow detection device is difficult to function under the condition that the user does not have the knowledge.
Based on the above study, the disclosure provides a flow alarm processing method, a device, a computer device and a storage medium, which can utilize a flow alarm analysis request of a client to generate a flow alarm analysis task, acquire an analysis report of the flow alarm analysis task, and feed back the analysis report to the client through a server, so that a user of the client can be helped to analyze flow alarm information, and the user of the client is helped to apply the flow alarm information to network security.
The present invention is directed to a method for manufacturing a semiconductor device, and a semiconductor device manufactured by the method.
It should be noted that: like reference numerals and letters denote like items in the following figures, and thus once an item is defined in one figure, no further definition or explanation thereof is necessary in the following figures.
For the sake of understanding the present embodiment, first, a detailed description will be given of a flow alarm processing system disclosed in an embodiment of the present disclosure, where the flow alarm processing system provided in the embodiment of the present disclosure may include at least one client and a server, and the server may be further configured with a plurality of sub-servers.
The client can be provided with network flow detection equipment; the network traffic detection device may detect network traffic corresponding to the client, where the detected network traffic may originate from any host in the network cluster where the client is located.
The network flow detection device can acquire the network flow of the total switch of any network cluster passing through under the condition of acquiring the authorization of the user, detect the acquired network flow, and generate flow alarm information when abnormality is detected.
The server can acquire a flow alarm analysis request sent by the client, generate a flow alarm analysis task and distribute the flow alarm analysis task to the sub-servers; the user of the sub-server can execute the flow alarm analysis task and feed back the corresponding analysis report to the server; the server then feeds back the analysis report to the client.
The server can comprise a management platform, a work order system and a notification system, wherein the management platform can receive a flow alarm analysis request of a client, generate a flow alarm analysis task by calling a calling interface of the work order system, distribute the flow alarm analysis task to a sub-server, and notify the sub-server of the flow alarm analysis task to be processed by calling the calling interface of the notification system.
The flow alarm processing method provided in the embodiment of the present disclosure is described below by taking an execution body as a server as an example.
Referring to fig. 2, a flowchart of a flow alert processing method according to an embodiment of the present disclosure is shown, where the method includes steps S201 to S204, in which:
s201, acquiring a flow alarm analysis request sent by a client; the flow alarm analysis request carries the flow alarm information of the client; the traffic alert information is generated for the network traffic detection device of the client for the detected anomaly.
The client can be deployed with a network flow detection device, and the network flow detection device is a tool for monitoring and analyzing data flow on a computer network, can generate flow alarm information when abnormality is detected, and can help a user to timely identify and cope with potential network security risks.
The flow alert information may be used to alert various abnormal conditions, such as:
intrusion attempt alarms: if the traffic detection device detects network traffic associated with a known attack pattern or malicious behavior, such as port scanning, malware propagation, etc., the system may generate an alarm of the intrusion attempt.
Abnormal traffic pattern alert: the device may monitor abnormal traffic that does not coincide with normal network traffic patterns, such as abnormally large data transfers, traffic peaks, etc., which may be indicative of potential problems.
Malware activity alert: if the device detects traffic associated with malware communications, such as communications with a known command and control server, an alert regarding malware activity may be generated.
Abnormal user behavior alert: the traffic detection device may monitor for abnormal behavior related to a particular user or host, such as abnormally frequent login attempts by the user, which may indicate that the account was stolen.
And (3) data leakage alarm: if the device monitors potentially sensitive data leaks, such as large data flows to irregular locations, alarms may be generated regarding the data leaks.
Refer to distributed denial of service (Distributed Denial of Service, DDoS) attack alarms: the device may detect signs of a DDoS attack, such as abnormally large amounts of request traffic, and may generate alarms regarding the DDoS attack.
Abnormal protocol usage alert: if the traffic detection device detects unusual protocol usage, or detects unauthorized protocol traffic, an alert regarding the abnormal protocol usage may be generated.
Network equipment fault alarm: the device may also monitor for signs of network device failure or performance degradation, such as high packet loss rates, increased delays, etc., and generate alarms regarding network health.
Policy violation alerting: if the device detects traffic that violates a security policy or access control rule, an alert may be generated regarding the policy violation.
Uploading malicious behaviors: upon detecting that an executable file is uploaded to a server and executed, the executable file may be a Trojan horse, a virus, a malicious script, etc.
The network flow detection device can detect the network flow of the network cluster where the client is located, and the network flow detection device can acquire the network flow of the total switch passing through the network cluster under the condition that user authorization is acquired, so that the normal operation of the network flow is not influenced in the detection process, and flow alarm information can be generated when abnormality is detected.
The client can display the flow alarm information and provide an option for flow alarm analysis under the condition that the generation of the flow alarm information is detected, the user can directly initiate an analysis request for the flow alarm, and after the client is authorized by the user, the client can generate the flow alarm analysis request and send the flow alarm analysis request to the server.
The flow alarm analysis request may carry flow alarm information detected by the client.
In one possible implementation, the user of the client may have specific needs, such as a host needing to know the influence of the flow alarm information, the risk type indicated by the flow alarm information, and the like, and the client may provide an entry for obtaining the information, so as to collect analysis requirement information input by the user and add the analysis requirement information to the flow alarm analysis request.
S202, generating a flow alarm analysis task to be processed based on the flow alarm analysis request.
After the server obtains the flow alarm analysis request, the flow alarm analysis request can be processed to generate a flow alarm analysis task to be processed. The generated flow alarm analysis task can carry the flow alarm information and the identification information of the client, and the identification information of the client can be used for positioning the flow alarm analysis task.
The flow alarm analysis task can also carry a task identifier, so that the flow alarm analysis task can be managed conveniently.
In the case that the flow alarm analysis request carries analysis requirement information of the user, the analysis requirement information can be added into the flow alarm analysis task.
S203, acquiring an analysis report corresponding to the flow alarm analysis task.
After obtaining the traffic alert analysis task, the server may distribute the traffic alert analysis task to a network security expert, the network security expert performs the traffic alert analysis task, and obtains an analysis report fed back by the network security expert.
For example, the server may assign the traffic alert analysis task to an appropriate sub-server (i.e., a target sub-server), where the user corresponding to the sub-server may be a network security expert, and the target sub-server may display the traffic alert analysis task to the corresponding network security expert, and the network security expert analyzes the traffic alert information and solves the analysis requirement set by the user of the client.
The sub-server may then obtain the analysis report entered by the network security expert and feed it back to the server.
When the server distributes the traffic alarm analysis task, a plurality of sub-servers to be selected can be determined first, and distribution influence information of each sub-server can be obtained.
The sub-servers to be selected may be sub-servers corresponding to different network security specialists, and the allocation influence information may include the number of tasks allocated to the sub-servers and/or the information of the analysis field of the sub-servers.
And then, the server can determine a target sub-server from the plurality of sub-servers by utilizing the distribution influence information and the flow alarm analysis task, and send the flow alarm analysis task to the determined target sub-server.
In this step, the server may allocate an appropriate target sub-server to the traffic alert analysis task based on the task amount and/or the adequacy field of the network security expert according to the allocation influence information, so as to improve the processing speed of the traffic alert analysis task and the processing quality of the traffic alert analysis task.
After the server distributes the flow alarm analysis task to the target sub-server, the server can also send a task distribution notice to the target sub-server, and the target sub-server can display the task distribution notice to remind a network security expert of the flow alarm analysis task to be processed.
The server may illustratively present the task processing page in response to the task processing operations of the network security specialist through the target sub-server. The task processing page may include a first area and a second area. The first area may display task information corresponding to the flow alarm analysis task allocated by the server, and the second area in the task processing page may be used to obtain an analysis report corresponding to the flow alarm analysis task.
The task processing page can be displayed by a target sub-server, an application program for executing the task processing page can be operated on the target sub-server, and a network security expert can utilize the application program to feed back an analysis report.
S204, sending the analysis report to the client so that the client can display the analysis report.
After the analysis report is obtained, the analysis report can be sent to the client so that the client displays the analysis report and the content of the analysis report is transmitted to the user of the client.
For example, in a specific implementation process, the server may send the analysis report to the client immediately after obtaining the analysis report, or may wait for the client to actively obtain the analysis report, or periodically send the analysis report that is not fed back to the client in a centralized manner.
According to the flow alarm processing method provided by the embodiment of the disclosure, the flow alarm analysis request of the client can be utilized to generate the flow alarm analysis task, the analysis report of the flow alarm analysis task is obtained and fed back to the client through the server, so that a user of the client can be helped to analyze the flow alarm information, and the user of the client is helped to apply the flow alarm information to network security.
Referring to fig. 3, a schematic diagram of another flow alert processing method according to an embodiment of the present disclosure is shown, where an execution body of the method is a client, and the method includes:
s301, responding to the detection of the abnormality by the network flow detection device, acquiring and displaying the flow alarm information generated by the network flow detection device.
S302, responding to the flow alarm analysis operation, and generating a flow alarm analysis request carrying flow alarm information.
S303, sending the flow alarm analysis request to a server so that the server generates a flow alarm analysis task corresponding to the flow alarm analysis request and acquires an analysis report corresponding to the flow alarm analysis task.
S304, acquiring and displaying an analysis report.
In one possible implementation manner, generating a flow alarm analysis request carrying the flow alarm information in response to a flow alarm analysis operation includes:
responding to a flow alarm analysis operation, and displaying a problem input page; the problem input page is used for acquiring at least one problem to be analyzed;
and responding to the problem submitting operation, generating a flow report analysis request carrying flow alarm information and at least one problem to be analyzed, which is acquired from a problem input page.
In this embodiment, the client may display a problem input page, and the user may input at least one problem to be analyzed in the problem input page and perform a problem submitting operation, and the client may generate analysis requirement information from the acquired problem to be analyzed and add the analysis requirement information to the flow alert analysis request, so that the sub-server may provide more personalized service for the analysis requirement information.
When the analysis demand information is acquired, the problem input page can display a plurality of options, the options can correspond to different preset problems, a user can select the problems meeting the demands of the user from the options, and a text describing the demands of the user can also be input through the input area.
It will be appreciated by those skilled in the art that in the above-described method of the specific embodiments, the written order of steps is not meant to imply a strict order of execution but rather should be construed according to the function and possibly inherent logic of the steps.
Based on the same inventive concept, the embodiments of the present disclosure further provide a flow alarm analysis device corresponding to the flow alarm analysis method, and since the principle of solving the problem by the device in the embodiments of the present disclosure is similar to that of the flow alarm analysis method in the embodiments of the present disclosure, the implementation of the device may refer to the implementation of the method, and the repetition is omitted.
Referring to fig. 4, a schematic diagram of a flow alarm analysis device according to an embodiment of the disclosure is provided, where the device is used in a server, and includes:
a first obtaining module 410, configured to obtain a flow alert analysis request sent by a client; the flow alarm analysis request carries the flow alarm information of the client; the flow alarm information is generated by the network flow detection equipment of the client side aiming at the detected abnormality;
the first generating module 420 is configured to generate a traffic alert analysis task to be processed based on the traffic alert analysis request;
a second obtaining module 430, configured to obtain an analysis report corresponding to the flow alert analysis task;
and the first sending module 440 is configured to send an analysis report to the client, so that the client displays the analysis report.
In an alternative embodiment, the flow alert analysis request also indicates analysis requirement information; the analysis demand information indicates that at least one problem to be analyzed exists; and indicating an analysis result corresponding to the problem to be analyzed in the analysis report.
In an alternative embodiment, the server includes a plurality of sub-servers, and the second obtaining module 430 is specifically configured to:
screening out target sub-servers from the plurality of sub-servers, and distributing a flow alarm analysis task to the target sub-servers;
and acquiring an analysis report corresponding to the flow alarm analysis task by using the target sub-server.
In an alternative embodiment, the second obtaining module 430 is specifically configured to:
acquiring allocation influence information of a plurality of sub-servers; the allocation influence information comprises the number of tasks allocated by the sub-servers and/or the information of the analysis field of the sub-servers;
and determining the target sub-server from the plurality of sub-servers based on the traffic alert analysis task and the allocation impact information.
In an alternative embodiment, the second obtaining module 430 is specifically configured to:
displaying a task processing page by using a target sub-server in response to task processing operation; the first area in the task processing page displays task information corresponding to the flow alarm analysis task distributed by the server, and the second area in the task processing page is used for acquiring an analysis report corresponding to the flow alarm analysis task;
in response to the report submission operation, an analysis report is obtained from the second area.
In an alternative embodiment, after the flow alert analysis task is assigned to the target sub-server, the second obtaining module 430 is further configured to:
and sending the task allocation notification to the target sub-server, and displaying the task allocation notification by using the target sub-server.
Referring to fig. 5, a schematic diagram of another flow alert analysis apparatus according to an embodiment of the disclosure is provided, where the apparatus is used for a client, and includes:
a third obtaining module 510, configured to obtain and display, in response to the network traffic detection device detecting the abnormality, traffic alert information generated by the network traffic detection device;
a second generating module 520, configured to generate a flow alarm analysis request carrying flow alarm information in response to a flow alarm analysis operation;
the second sending module 530 is configured to send a flow alarm analysis request to the server, so that the server generates a flow alarm analysis task corresponding to the flow alarm analysis request, and obtains an analysis report corresponding to the flow alarm analysis task;
and a presentation module 540 for acquiring and presenting the analysis report.
In an alternative embodiment, the second generating module 520 is specifically configured to:
responding to a flow alarm analysis operation, and displaying a problem input page; the problem input page is used for acquiring at least one problem to be analyzed;
and responding to the problem submitting operation, generating a flow report analysis request carrying flow alarm information and at least one problem to be analyzed, which is acquired from a problem input page.
The process flow of each module in the apparatus and the interaction flow between the modules may be described with reference to the related descriptions in the above method embodiments, which are not described in detail herein.
The embodiment of the disclosure further provides a computer device, as shown in fig. 6, which is a schematic structural diagram of the computer device provided by the embodiment of the disclosure, including:
a processor 61 and a memory 62; the memory 62 stores machine readable instructions executable by the processor 61, the processor 61 being configured to execute the machine readable instructions stored in the memory 62, the machine readable instructions when executed by the processor 61, the processor 61 performing the steps of:
acquiring a flow alarm analysis request sent by a client; the flow alarm analysis request carries the flow alarm information of the client; the flow alarm information is generated by the network flow detection equipment of the client side aiming at the detected abnormality;
generating a flow alarm analysis task to be processed based on the flow alarm analysis request;
acquiring an analysis report corresponding to a flow alarm analysis task;
the analysis report is sent to the client to cause the client to present the analysis report.
Alternatively, the processor 61 performs the steps of:
in response to the network flow detection device detecting the abnormality, acquiring and displaying flow alarm information generated by the network flow detection device;
responding to the flow alarm analysis operation, and generating a flow alarm analysis request carrying flow alarm information;
the flow alarm analysis request is sent to a server, so that the server generates a flow alarm analysis task corresponding to the flow alarm analysis request, and an analysis report corresponding to the flow alarm analysis task is obtained;
an analysis report is obtained and presented.
The memory 62 includes a memory 621 and an external memory 622; the memory 621 is also referred to as an internal memory, and is used for temporarily storing operation data in the processor 61 and data exchanged with the external memory 622 such as a hard disk, and the processor 61 exchanges data with the external memory 622 via the memory 621.
The specific execution process of the above instruction may refer to the steps of the flow alarm processing method described in the embodiments of the present disclosure, which is not described herein again.
The disclosed embodiments also provide a computer readable storage medium having stored thereon a computer program which, when executed by a processor, performs the steps of the flow alert processing method described in the method embodiments above. Wherein the storage medium may be a volatile or nonvolatile computer readable storage medium.
The embodiments of the present disclosure further provide a computer program product, where the computer program product carries program code, and instructions included in the program code may be used to perform the steps of the flow alarm processing method described in the foregoing method embodiments, and specifically refer to the foregoing method embodiments and are not described herein in detail.
Wherein the above-mentioned computer program product may be realized in particular by means of hardware, software or a combination thereof. In an alternative embodiment, the computer program product is embodied as a computer storage medium, and in another alternative embodiment, the computer program product is embodied as a software product, such as a software development kit (Software Development Kit, SDK), or the like.
It will be clear to those skilled in the art that, for convenience and brevity of description, specific working procedures of the above-described system and apparatus may refer to corresponding procedures in the foregoing method embodiments, which are not described herein again. In the several embodiments provided in the present disclosure, it should be understood that the disclosed systems, devices, and methods may be implemented in other manners. The above-described apparatus embodiments are merely illustrative, for example, the division of the units is merely a logical function division, and there may be other manners of division in actual implementation, and for example, multiple units or components may be combined or integrated into another system, or some features may be omitted, or not performed. Alternatively, the coupling or direct coupling or communication connection shown or discussed with each other may be through some communication interface, device or unit indirect coupling or communication connection, which may be in electrical, mechanical or other form.
The units described as separate units may or may not be physically separate, and units shown as units may or may not be physical units, may be located in one place, or may be distributed on a plurality of network units. Some or all of the units may be selected according to actual needs to achieve the purpose of the solution of this embodiment.
In addition, each functional unit in each embodiment of the present disclosure may be integrated in one processing unit, or each unit may exist alone physically, or two or more units may be integrated in one unit.
The functions, if implemented in the form of software functional units and sold or used as a stand-alone product, may be stored in a non-volatile computer readable storage medium executable by a processor. Based on such understanding, the technical solution of the present disclosure may be embodied in essence or a part contributing to the prior art or a part of the technical solution, or in the form of a software product stored in a storage medium, including several instructions to cause a computer device (which may be a personal computer, a server, or a network device, etc.) to perform all or part of the steps of the method described in the embodiments of the present disclosure. And the aforementioned storage medium includes: a U-disk, a removable hard disk, a Read-Only Memory (ROM), a random access Memory (Random Access Memory, RAM), a magnetic disk, or an optical disk, or other various media capable of storing program codes.
Finally, it should be noted that: the foregoing examples are merely specific embodiments of the present disclosure, and are not intended to limit the scope of the disclosure, but the present disclosure is not limited thereto, and those skilled in the art will appreciate that while the foregoing examples are described in detail, it is not limited to the disclosure: any person skilled in the art, within the technical scope of the disclosure of the present disclosure, may modify or easily conceive changes to the technical solutions described in the foregoing embodiments, or make equivalent substitutions for some of the technical features thereof; such modifications, changes or substitutions do not depart from the spirit and scope of the technical solutions of the embodiments of the disclosure, and are intended to be included within the scope of the present disclosure. Therefore, the protection scope of the present disclosure shall be subject to the protection scope of the claims.
Claims (12)
1. A method for processing a flow alert, applied to a server, the method comprising:
acquiring a flow alarm analysis request sent by a client; the flow alarm analysis request carries the flow alarm information of the client; the flow alarm information is generated by the network flow detection equipment of the client side aiming at the detected abnormality;
generating a flow alarm analysis task to be processed based on the flow alarm analysis request;
acquiring an analysis report corresponding to the flow alarm analysis task;
and sending the analysis report to the client so that the client can display the analysis report.
2. The method of claim 1, wherein the flow alert analysis request further indicates analysis demand information; the analysis demand information indicates that there is at least one problem to be analyzed; and indicating an analysis result corresponding to the problem to be analyzed in the analysis report.
3. The method of claim 1, wherein the server comprises a plurality of sub-servers; the obtaining the analysis report corresponding to the flow alarm analysis task includes:
screening out a target sub-server from the plurality of sub-servers, and distributing the traffic alarm analysis task to the target sub-server;
and acquiring an analysis report corresponding to the flow alarm analysis task by using the target sub-server.
4. The method of claim 3, wherein said screening out target sub-servers from said plurality of sub-servers comprises:
acquiring allocation influence information of the plurality of sub-servers; the allocation influence information comprises the number of tasks allocated to the sub-server and/or the information of the analysis field of the sub-server;
and determining the target sub-server from the plurality of sub-servers based on the traffic alert analysis task and the allocation impact information.
5. The method of claim 3, wherein the obtaining, by the target sub-server, an analysis report corresponding to the traffic alert analysis task includes:
displaying a task processing page by using the target sub-server in response to task processing operation; a first area in the task processing page displays task information corresponding to a flow alarm analysis task distributed by a server, and a second area in the task processing page is used for acquiring an analysis report corresponding to the flow alarm analysis task;
the analysis report is obtained from the second region in response to a report submission operation.
6. The method of claim 3, wherein after assigning the traffic alert analysis task to the target sub-server, the method further comprises:
and sending a task allocation notification to the target sub-server, and displaying the task allocation notification by using the target sub-server.
7. A method for processing a traffic alert, the method comprising:
in response to the detection of the abnormality by the network flow detection device, acquiring and displaying flow alarm information generated by the network flow detection device;
responding to a flow alarm analysis operation, and generating a flow alarm analysis request carrying the flow alarm information;
the flow alarm analysis request is sent to a server, so that the server generates a flow alarm analysis task corresponding to the flow alarm analysis request, and an analysis report corresponding to the flow alarm analysis task is obtained;
the analysis report is obtained and presented.
8. The method of claim 7, wherein generating a flow alert analysis request carrying the flow alert information in response to a flow alert analysis operation comprises:
responding to a flow alarm analysis operation, and displaying a problem input page; the problem input page is used for acquiring at least one problem to be analyzed;
and responding to the problem submitting operation, generating a flow report analysis request carrying the flow alarm information and at least one problem to be analyzed, which is acquired from the problem input page.
9. A flow alert processing apparatus for a server, comprising:
the first acquisition module is used for acquiring a flow alarm analysis request sent by the client; the flow alarm analysis request carries the flow alarm information of the client; the flow alarm information is generated by the network flow detection equipment of the client side aiming at the detected abnormality;
the first generation module is used for generating a flow alarm analysis task to be processed based on the flow alarm analysis request;
the second acquisition module is used for acquiring an analysis report corresponding to the flow alarm analysis task;
and the first sending module is used for sending the analysis report to the client so that the client can display the analysis report.
10. A traffic alert processing apparatus for a client, comprising:
the third acquisition module is used for responding to the detection of the abnormality by the network flow detection equipment and acquiring and displaying the flow alarm information generated by the network flow detection equipment;
the second generation module is used for responding to the flow alarm analysis operation and generating a flow alarm analysis request carrying the flow alarm information;
the second sending module is used for sending the flow alarm analysis request to a server so that the server generates a flow alarm analysis task corresponding to the flow alarm analysis request and acquires an analysis report corresponding to the flow alarm analysis task;
and the display module is used for acquiring and displaying the analysis report.
11. A computer device, comprising: a processor, a memory storing machine readable instructions executable by the processor for executing the machine readable instructions stored in the memory, which when executed by the processor, perform the steps of the flow alert processing method according to any one of claims 1 to 6 or the steps of the flow alert processing method according to claim 7 or 8.
12. A computer-readable storage medium, on which a computer program is stored which, when being executed by a computer device, performs the steps of the flow alert processing method according to any one of claims 1 to 6, or performs the steps of the flow alert processing method according to claim 7 or 8.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202311175235.XA CN116915509A (en) | 2023-09-12 | 2023-09-12 | Flow alarm processing method and device, computer equipment and storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202311175235.XA CN116915509A (en) | 2023-09-12 | 2023-09-12 | Flow alarm processing method and device, computer equipment and storage medium |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN116915509A true CN116915509A (en) | 2023-10-20 |
Family
ID=88367228
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202311175235.XA Pending CN116915509A (en) | 2023-09-12 | 2023-09-12 | Flow alarm processing method and device, computer equipment and storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN116915509A (en) |
Citations (14)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1482765A (en) * | 2002-09-13 | 2004-03-17 | 华为技术有限公司 | Analysing and alarm displaying Method and system thereof |
| CN1997059A (en) * | 2006-12-15 | 2007-07-11 | 华为技术有限公司 | Alarm management method, alarming method and its device and system |
| CN101114945A (en) * | 2007-09-04 | 2008-01-30 | 华为技术有限公司 | Method for controlling alarm flux, managing equipment, managed equipment and system |
| CN102082702A (en) * | 2009-11-27 | 2011-06-01 | 华为技术有限公司 | Terminal alarm processing method, device and system thereof |
| CN104243236A (en) * | 2014-09-17 | 2014-12-24 | 深圳供电局有限公司 | Method, system and servers for analyzing monitoring system operation and maintenance alarm data |
| CN109783260A (en) * | 2018-12-13 | 2019-05-21 | 平安普惠企业管理有限公司 | Intelligent IT whole process O&M method, apparatus, equipment and readable storage medium storing program for executing |
| CN110798348A (en) * | 2019-10-28 | 2020-02-14 | 海南电网有限责任公司 | Fault warning method, server and system for power distribution communication network |
| CN111478889A (en) * | 2020-03-27 | 2020-07-31 | 新浪网技术(中国)有限公司 | Alarm method and device |
| CN111770085A (en) * | 2020-06-28 | 2020-10-13 | 杭州安恒信息技术股份有限公司 | Network security system, method, equipment and medium |
| CN112448864A (en) * | 2020-11-03 | 2021-03-05 | 晏平 | Flow alarm monitoring method and device, computer equipment and storage medium |
| CN113688015A (en) * | 2021-08-25 | 2021-11-23 | 深圳华远云联数据科技有限公司 | Alarm notification method, device, server and storage medium |
| CN113869717A (en) * | 2021-09-26 | 2021-12-31 | 杭州安恒信息安全技术有限公司 | Analysis and study method, device, equipment and storage medium for alarm log |
| CN114721912A (en) * | 2021-01-04 | 2022-07-08 | 腾讯科技(深圳)有限公司 | Data analysis method, device, equipment and medium |
| CN116208998A (en) * | 2022-12-21 | 2023-06-02 | 中盈优创资讯科技有限公司 | Automatic 5G card end-to-end fault delimitation and positioning method and device supporting AI |
-
2023
- 2023-09-12 CN CN202311175235.XA patent/CN116915509A/en active Pending
Patent Citations (14)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1482765A (en) * | 2002-09-13 | 2004-03-17 | 华为技术有限公司 | Analysing and alarm displaying Method and system thereof |
| CN1997059A (en) * | 2006-12-15 | 2007-07-11 | 华为技术有限公司 | Alarm management method, alarming method and its device and system |
| CN101114945A (en) * | 2007-09-04 | 2008-01-30 | 华为技术有限公司 | Method for controlling alarm flux, managing equipment, managed equipment and system |
| CN102082702A (en) * | 2009-11-27 | 2011-06-01 | 华为技术有限公司 | Terminal alarm processing method, device and system thereof |
| CN104243236A (en) * | 2014-09-17 | 2014-12-24 | 深圳供电局有限公司 | Method, system and servers for analyzing monitoring system operation and maintenance alarm data |
| CN109783260A (en) * | 2018-12-13 | 2019-05-21 | 平安普惠企业管理有限公司 | Intelligent IT whole process O&M method, apparatus, equipment and readable storage medium storing program for executing |
| CN110798348A (en) * | 2019-10-28 | 2020-02-14 | 海南电网有限责任公司 | Fault warning method, server and system for power distribution communication network |
| CN111478889A (en) * | 2020-03-27 | 2020-07-31 | 新浪网技术(中国)有限公司 | Alarm method and device |
| CN111770085A (en) * | 2020-06-28 | 2020-10-13 | 杭州安恒信息技术股份有限公司 | Network security system, method, equipment and medium |
| CN112448864A (en) * | 2020-11-03 | 2021-03-05 | 晏平 | Flow alarm monitoring method and device, computer equipment and storage medium |
| CN114721912A (en) * | 2021-01-04 | 2022-07-08 | 腾讯科技(深圳)有限公司 | Data analysis method, device, equipment and medium |
| CN113688015A (en) * | 2021-08-25 | 2021-11-23 | 深圳华远云联数据科技有限公司 | Alarm notification method, device, server and storage medium |
| CN113869717A (en) * | 2021-09-26 | 2021-12-31 | 杭州安恒信息安全技术有限公司 | Analysis and study method, device, equipment and storage medium for alarm log |
| CN116208998A (en) * | 2022-12-21 | 2023-06-02 | 中盈优创资讯科技有限公司 | Automatic 5G card end-to-end fault delimitation and positioning method and device supporting AI |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US11647039B2 (en) | User and entity behavioral analysis with network topology enhancement | |
| US10375572B2 (en) | User interface for security protection and remote management of network endpoints | |
| WO2019133451A1 (en) | Platform and method for enhanced-cyber-attack detection and response employing a global data store | |
| US11757920B2 (en) | User and entity behavioral analysis with network topology enhancements | |
| CN111274583A (en) | Big data computer network safety protection device and control method thereof | |
| US20050097339A1 (en) | Method and system for addressing intrusion attacks on a computer system | |
| CN104704472A (en) | Detection and mitigation of side-channel attacks | |
| CN112039894B (en) | Network access control method, device, storage medium and electronic equipment | |
| EP2839632A1 (en) | Systems, methods, apparatuses and computer program products for providing mobile device protection | |
| US20150074756A1 (en) | Signature rule processing method, server, and intrusion prevention system | |
| US20160373447A1 (en) | Unauthorized access detecting system and unauthorized access detecting method | |
| CN111131221B (en) | Interface checking device, method and storage medium | |
| EP3657371A1 (en) | Information processing device, information processing method, and information processing program | |
| EP2788913B1 (en) | Data center infrastructure management system incorporating security for managed infrastructure devices | |
| CN112926048A (en) | Abnormal information detection method and device | |
| CN109815701B (en) | Software security detection method, client, system and storage medium | |
| CN112187533B (en) | Virtual network equipment defense method, device, electronic equipment and medium | |
| CN111737232A (en) | Database management method, system, device, equipment and computer storage medium | |
| CN112650180B (en) | Safety warning method, device, terminal equipment and storage medium | |
| JP2005242754A (en) | Security management system | |
| Kang et al. | A strengthening plan for enterprise information security based on cloud computing | |
| KR101641306B1 (en) | Apparatus and method of monitoring server | |
| CN116915509A (en) | Flow alarm processing method and device, computer equipment and storage medium | |
| CN108322460B (en) | Business system flow monitoring system | |
| CN111212077A (en) | Host access system and method |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |