CN117201261A - Method and device for identifying access relationship - Google Patents
Method and device for identifying access relationship Download PDFInfo
- Publication number
- CN117201261A CN117201261A CN202311210677.3A CN202311210677A CN117201261A CN 117201261 A CN117201261 A CN 117201261A CN 202311210677 A CN202311210677 A CN 202311210677A CN 117201261 A CN117201261 A CN 117201261A
- Authority
- CN
- China
- Prior art keywords
- access
- level access
- relation
- information
- level
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 239
- 230000008569 process Effects 0.000 claims abstract description 196
- 238000012545 processing Methods 0.000 claims abstract description 67
- 238000004891 communication Methods 0.000 claims abstract description 34
- 238000012800 visualization Methods 0.000 claims abstract description 32
- 238000010586 diagram Methods 0.000 claims description 50
- 238000004458 analytical method Methods 0.000 claims description 27
- 238000006243 chemical reaction Methods 0.000 claims description 14
- 238000004590 computer program Methods 0.000 claims description 13
- 230000000007 visual effect Effects 0.000 claims description 13
- 238000012216 screening Methods 0.000 claims description 6
- 230000006870 function Effects 0.000 description 6
- 230000003287 optical effect Effects 0.000 description 4
- 238000004140 cleaning Methods 0.000 description 3
- 238000012986 modification Methods 0.000 description 3
- 230000004048 modification Effects 0.000 description 3
- 239000000835 fiber Substances 0.000 description 2
- 238000005206 flow analysis Methods 0.000 description 2
- 230000000644 propagated effect Effects 0.000 description 2
- 230000004044 response Effects 0.000 description 2
- 239000004065 semiconductor Substances 0.000 description 2
- 230000003068 static effect Effects 0.000 description 2
- 230000002457 bidirectional effect Effects 0.000 description 1
- 238000010276 construction Methods 0.000 description 1
- 238000013461 design Methods 0.000 description 1
- 230000000694 effects Effects 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- 239000004973 liquid crystal related substance Substances 0.000 description 1
- 238000012544 monitoring process Methods 0.000 description 1
- 239000013307 optical fiber Substances 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
Landscapes
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention discloses a method and a device for identifying access relations, and relates to the technical field of computers. The method comprises the steps of reading a load balancing log in a target load balancer to extract first access data, analyzing the first access data to obtain a system level access relation, and calculating corresponding system level access strength; capturing a communication data packet in a target process to extract second access data, analyzing the second access data to obtain a process-level access relation, and calculating the corresponding process-level access strength; combining the system-level access relationship and the process-level access relationship to obtain a corresponding network access relationship; and carrying out visualization processing on the network access relation, and carrying out enhanced display on a visualization processing result according to the system-level access strength and the process-level access strength respectively. Therefore, the embodiment of the invention can solve the technical problems that the network access relation and the network access strength cannot be comprehensively combed and the dynamic display is carried out.
Description
Technical Field
The present invention relates to the field of computer technologies, and in particular, to a method and apparatus for identifying an access relationship.
Background
At present, the establishment of various data center networks drives a great deal of network management and control requirements, and the supervision and treatment of the access relationship inside each network is the focus.
In the process of implementing the present invention, the inventor finds that at least the following problems exist in the prior art:
in the prior art, the supervision processing efficiency of the access relation in the network is lower. On the one hand, a part of the prior art only draws a static network topological graph through physical connection or route information among devices, the obtained image information is small in quantity, and monitoring and analysis on actual network traffic and actual communication requests are lacked. In addition, in the other part of the prior art, the application-level access relation of the corresponding part is obtained by carrying out flow analysis on network equipment such as a network switch, a firewall and the like, but the communication relation of other levels in the network cannot be obtained, so that the internal access relation of the network cannot be completely analyzed, identified and carded. On the other hand, a small part of the prior art judges the access relation inside the network through manual experience, so that the efficiency is low and the labor cost is high.
Disclosure of Invention
In view of the above, the embodiment of the invention provides a method and a device for identifying access relations, which can solve the technical problems that the network access relations and the network access strength cannot be comprehensively combed and the dynamic display is performed.
In a first aspect, an embodiment of the present invention provides a method for identifying an access relationship, including reading a load balancing log in a target load balancer to extract first access data, analyzing the first access data to obtain a system-level access relationship, and calculating a corresponding system-level access strength; capturing a communication data packet in a target process to extract second access data, analyzing the second access data to obtain a process-level access relation, and calculating the corresponding process-level access strength; combining the system-level access relationship and the process-level access relationship to obtain a corresponding network access relationship; and carrying out visualization processing on the network access relation, and carrying out enhanced display on a visualization processing result according to the system-level access strength and the process-level access strength respectively.
Optionally, parsing obtains a system-level access relationship, including:
breaking down the first access data into a plurality of system level access records to, for each system level access record:
extracting to obtain corresponding source address, source port number, destination address and destination port number,
combining the source address, the source port number as guest system information,
and merging the destination address, the destination port number as visited system information,
And generating a corresponding system-level access relation according to the visitor system information and the visited system information.
Optionally, parsing obtains a process-level access relationship, including:
breaking down the second access data into a plurality of process-level access records to, for each process-level access record:
extracting to obtain corresponding source address, source port number, destination address and destination port number,
combining the source address, the source port number as guest process information,
and merging the destination address, the destination port number as the accessed process information,
and generating a corresponding process-level access relation according to the visitor process information and the visited process information.
Optionally, combining the system level access relationship and the process level access relationship includes:
converting each system-level access relation according to a preset first conversion rule to obtain a corresponding device-level access relation, wherein each device-level access relation comprises corresponding visitor device information and visited device information;
converting each process level access relation according to a preset second conversion rule to obtain a corresponding thread level access relation, wherein each thread level access relation comprises corresponding visitor thread information and visited thread information;
To combine the system level access relationship, the device level access relationship, the process level access relationship, and the thread level access relationship.
Optionally, the visualizing the network access relation includes:
generating a corresponding topological structure diagram according to visitor system information, visited system information, visitor process information, visited process information, visitor equipment information, visited equipment information, visitor thread information and visited thread information which are included in the network access relation;
for each link in the topology map: determining a corresponding network access relation, and analyzing to obtain a corresponding access direction so as to convert the link into a corresponding directed edge according to the access direction;
and obtaining a corresponding directed topological graph and carrying out visual display.
Optionally, after obtaining the corresponding directed topology map and performing visual display, the method includes:
acquiring an image folding instruction, and analyzing to obtain a corresponding folding range;
and screening the network access relation according to the folding range to obtain a target network access relation, generating a corresponding target topological structure diagram according to the target network access relation, converting the corresponding target topological structure diagram into a corresponding target directed topological diagram, and visually displaying the target directed topological diagram.
Optionally, after the visualization processing result is enhanced and displayed according to the system-level access strength and the process-level access strength, the method includes:
the updated load balancing log is read in the target load balancing device at regular time to extract and obtain third access data, and the updated system level access relation is obtained through analysis;
the updated communication data packet is periodically grabbed in the target process to extract fourth access data, and the updated process-level access relation is obtained through analysis;
combining the updated system-level access relationship and the updated process-level access relationship to obtain an updated network access relationship;
and updating the corresponding directed topology graph according to the updated network access relation, and visually displaying the updated directed topology graph.
In a second aspect, an embodiment of the present invention provides an apparatus for identifying an access relationship, including an analysis processing module, configured to read a load balancing log in a target load balancer, to extract first access data, to analyze the first access data to obtain a system-level access relationship, and to calculate a corresponding system-level access strength; capturing a communication data packet in a target process to extract second access data, analyzing the second access data to obtain a process-level access relation, and calculating the corresponding process-level access strength; the merging processing module is used for combining the system-level access relation and the process-level access relation to obtain a corresponding network access relation; and the visualization processing module is used for carrying out visualization processing on the network access relation and carrying out enhanced display on a visualization processing result according to the system-level access strength and the process-level access strength respectively.
Optionally, the parsing module is further configured to: when the system-level access relation is obtained through analysis, the first access data is disassembled into a plurality of system-level access records, so that each system-level access record is obtained: extracting to obtain a corresponding source address, a source port number, a target address and a target port number, merging the source address and the source port number to be used as guest system information, merging the target address and the target port number to be used as visited system information, and generating a corresponding system level access relation according to the guest system information and the visited system information.
Optionally, the parsing module is further configured to: when the process-level access relation is obtained through analysis, the second access data is disassembled into a plurality of process-level access records, so that each process-level access record is obtained: extracting to obtain a corresponding source address, a source port number, a target address and a target port number, merging the source address and the source port number to be used as guest process information, merging the target address and the target port number to be used as visited process information, and generating a corresponding process level access relation according to the guest process information and the visited process information.
Optionally, the merging processing module is further configured to: when the system-level access relation and the process-level access relation are combined, each system-level access relation is converted according to a preset first conversion rule to obtain a corresponding equipment-level access relation, wherein each equipment-level access relation comprises corresponding visitor equipment information and visited equipment information; converting each process level access relation according to a preset second conversion rule to obtain a corresponding thread level access relation, wherein each thread level access relation comprises corresponding visitor thread information and visited thread information; to combine the system level access relationship, the device level access relationship, the process level access relationship, and the thread level access relationship.
Optionally, the visualization processing module is further configured to: when the network access relation is subjected to visualization processing, generating a corresponding topological structure diagram according to visitor system information, visited system information, visitor process information, visited process information, visitor equipment information, visited equipment information, visitor thread information and visited thread information which are included in the network access relation; for each link in the topology map: determining a corresponding network access relation, and analyzing to obtain a corresponding access direction so as to convert the link into a corresponding directed edge according to the access direction; and obtaining a corresponding directed topological graph and carrying out visual display.
Optionally, the visualization processing module is further configured to: obtaining a corresponding directed topological graph, visually displaying the directed topological graph, obtaining an image folding instruction, and analyzing the image folding instruction to obtain a corresponding folding range; and screening the network access relation according to the folding range to obtain a target network access relation, generating a corresponding target topological structure diagram according to the target network access relation, converting the corresponding target topological structure diagram into a corresponding target directed topological diagram, and visually displaying the target directed topological diagram.
Optionally, the visualization processing module is further configured to: after the visualized processing results are enhanced and displayed according to the system-level access intensity and the process-level access intensity, the updated load balancing log is read in a target load balancer at regular time to extract and obtain third access data, and the updated system-level access relation is obtained through analysis; the updated communication data packet is periodically grabbed in the target process to extract fourth access data, and the updated process-level access relation is obtained through analysis; combining the updated system-level access relationship and the updated process-level access relationship to obtain an updated network access relationship; and updating the corresponding directed topology graph according to the updated network access relation, and visually displaying the updated directed topology graph.
In a third aspect, an embodiment of the present invention provides an electronic device, including: one or more processors; and a storage device configured to store one or more programs that, when executed by the one or more processors, cause the one or more processors to implement the method for identifying access relationships according to any of the embodiments described above.
In a fourth aspect, embodiments of the present invention provide a computer program product comprising a computer program which, when executed by a processor, implements a method of identifying an access relationship as described in any of the embodiments above.
In a fifth aspect, an embodiment of the present invention provides a computer readable medium having stored thereon a computer program, where the program when executed by a processor implements the method for identifying an access relationship according to any of the above embodiments.
Further effects of the above-described non-conventional alternatives are described below in connection with the embodiments.
Drawings
The drawings are included to provide a better understanding of the invention and are not to be construed as unduly limiting the invention. Wherein:
FIG. 1 is a schematic diagram of the main flow of a method of identifying access relationships according to a first embodiment of the invention;
FIG. 2 is a schematic diagram of a network access relationship topology according to an embodiment of the invention;
FIG. 3 is a schematic diagram of the main flow of a method of identifying access relationships according to a second embodiment of the invention;
FIG. 4 is a schematic diagram of the main flow of a method of identifying access relationships according to a third embodiment of the invention;
FIG. 5 is a schematic diagram of the main modules of an apparatus for identifying access relationships according to a first embodiment of the invention;
FIG. 6 is an exemplary system architecture diagram in which embodiments of the present invention may be applied;
fig. 7 is a schematic diagram of a computer system suitable for use in implementing an embodiment of the invention.
Detailed Description
Exemplary embodiments of the present invention will now be described with reference to the accompanying drawings, in which various details of the embodiments of the present invention are included to facilitate understanding, and are to be considered merely exemplary. Accordingly, those of ordinary skill in the art will recognize that various changes and modifications of the embodiments described herein can be made without departing from the scope and spirit of the invention. Also, descriptions of well-known functions and constructions are omitted in the following description for clarity and conciseness.
Fig. 1 is a schematic diagram of the main flow of a method for identifying an access relationship according to a first embodiment of the present invention, and as shown in fig. 1, the method for identifying an access relationship includes:
Step S101, a load balancing log is read in a target load balancer to extract and obtain first access data, a system level access relation is obtained through analysis, and corresponding system level access intensity is calculated.
In an embodiment, the processing in this step can obtain the load distribution log of the network request between different systems through a load balancer (deployed in the form of network equipment or software) deployed outside the systems, so as to parse and obtain multiple access records between the systems, and further determine the access direction and the access strength between the different systems. Therefore, the technical scheme can obtain the system-level access relation inside a certain network based on actual network flow analysis, rather than obtaining the theoretical system-level access relation based on the topology structure diagram analysis of the network in the prior art, so that the real inter-system network inter-access requirement and running condition can be mastered, and the usability and performance of the system can be further improved.
In some embodiments, in order to accurately parse system-level access data (i.e., first access data), when parsing results in a system-level access relationship, the first access data may be broken down into multiple system-level access records to, for each system-level access record: extracting to obtain a corresponding source address, a source port number, a target address and a target port number, merging the source address and the source port number to be used as guest system information, merging the target address and the target port number to be used as visited system information, and generating a corresponding system level access relation according to the guest system information and the visited system information.
Step S102, capturing the communication data packet in the target process to extract second access data, analyzing the second access data to obtain a process-level access relation, and calculating the corresponding process-level access strength.
In an embodiment, the processing of this step can monitor a designated process in a single system through a software tool (or method) configured in the system, and grab to obtain a corresponding network communication data packet, so as to parse to obtain a corresponding inter-process communication direction. Therefore, the technical scheme can analyze the access relation among a plurality of processes in each system based on the actually generated inter-process communication record, so as to obtain the real network communication condition in the system, and can be obviously different from the theoretical value of the inter-process access relation determined according to the preset authority in the prior art. In summary, by the technical scheme, a more complete, accurate and highly time-efficient process-level access relationship can be obtained.
In some embodiments, to improve the accuracy of resolving the process-level access data (i.e., the second access data), the second access data may be broken down into multiple process-level access records when resolving the process-level access relationship to each process-level access record: extracting to obtain a corresponding source address, a source port number, a target address and a target port number, merging the source address and the source port number to be used as guest process information, merging the target address and the target port number to be used as visited process information, and generating a corresponding process level access relation according to the guest process information and the visited process information.
In a further embodiment, in order to further improve the analysis efficiency of the first access data or the second access data, the data cleaning process may be performed first after the first access data or the second access data is obtained. By data cleaning, invalid or repeated data in the first access data and the second access data can be removed rapidly, so that the data volume of analysis processing is reduced. Further, information in the access data, which is irrelevant to the access object and the access relation, such as response time, response status code and the like, can be filtered. Meanwhile, in the process of data cleaning, access data with higher similarity (such as access records with consistent source address, source port number, target address and target port number) can be marked as the same kind, so that the subsequent processing is convenient to count the corresponding access strength of each access relation.
Step S103, combining the system-level access relation and the process-level access relation to obtain a corresponding network access relation.
In an embodiment, through the processing of this step, the internal access relationship of the corresponding network can be comprehensively carded. The request distribution condition among different systems is monitored through a global view, so that load balance and high availability are ensured; meanwhile, communication among service processes is deeply known in a packet capturing mode, so that network problems and bottlenecks inside are found. For example, the system-level access relationship includes (system a→system B), and the process-level access relationship includes (process a1→process a 2) of system a and (process b1→process B2) of system B, so that the cross-system process access relationship (process a1→process a2→process b1→process B2) is obtained in combination.
In some embodiments, in order to obtain an access relationship set related to more network devices or communication media inside a certain network, when the system-level access relationship and the process-level access relationship are combined, each system-level access relationship may be converted according to a preset first conversion rule to obtain a corresponding device-level access relationship, where each device-level access relationship includes corresponding guest device information and visited device information; converting each process level access relation according to a preset second conversion rule to obtain a corresponding thread level access relation, wherein each thread level access relation comprises corresponding visitor thread information and visited thread information; to combine the system level access relationship, the device level access relationship, the process level access relationship, and the thread level access relationship. For example, if the process a includes threads a1 and a2 and the process B includes threads B1 and B2, then according to the bidirectional access relationship between the process a and the process B, any thread in the process a can access in both directions with any thread in the process B. Through the processing of the step, the efficiency of obtaining the corresponding access rights of the network equipment or the communication medium can be further improved.
Step S104, carrying out visualization processing on the network access relation, and carrying out enhanced display on a visualization processing result according to the system-level access strength and the process-level access strength respectively.
In the embodiment, through the processing of the step, the internal access relation of a certain network can be displayed more intuitively in the forms of images, diagrams, charts and the like, so that a user is assisted to capture corresponding access parameter information more efficiently and intuitively in the corresponding generated view.
In some embodiments, in order to obtain a comprehensive, accurate and intuitive whole-network access relationship view, when the network access relationship is visualized, a corresponding topology structure diagram may be generated according to guest system information, visited system information, guest process information, visited process information, guest device information, visited device information, visitor thread information and visited thread information included in the network access relationship; for each link in the topology map: determining a corresponding network access relation, and analyzing to obtain a corresponding access direction so as to convert the link into a corresponding directed edge according to the access direction; and obtaining a corresponding directed topological graph and carrying out visual display. As shown in the topology structure diagram of fig. 2, the topology nodes included in the network include: thread A, system B, system C, and process D; the process A can access the system B, and the real-time access strength is 3 times per day; the system B can mutually visit with the system C, and the real-time visit intensity is 7 times per day; the thread D can access the system C, and the real-time access strength is 20 times per day; by synchronously displaying the internal architecture and the access direction of the network, the information quantity of the network topology graph can be effectively improved, and the method is obviously different from the static topology graph in which the actual communication direction cannot be obtained in the prior art. In a further embodiment, the access strength of each network access relationship may be enhanced by visual factors such as layout, image element selection, color saturation, etc.
In some embodiments, in order to simultaneously meet the requirements of visual display of the overall network topology and the local network topology, the network topology map may be folded by receiving a user instruction, and the specific processing includes: obtaining a corresponding directed topological graph, visually displaying the directed topological graph, obtaining an image folding instruction, and analyzing the image folding instruction to obtain a corresponding folding range; and screening the network access relation according to the folding range to obtain a target network access relation, generating a corresponding target topological structure diagram according to the target network access relation, converting the corresponding target topological structure diagram into a corresponding target directed topological diagram, and visually displaying the target directed topological diagram.
In some embodiments, in order to update the directed topology graph synchronously according to the data traffic updated in real time, so as to improve the timeliness and the dynamics of the directed topology graph generated by the technical scheme, after the visualization processing result is enhanced and displayed according to the system-level access strength and the process-level access strength, the updated load balancing log is read in the target load balancer at regular time, so as to extract and obtain third access data, and the updated system-level access relationship is obtained by analysis; the updated communication data packet is periodically grabbed in the target process to extract fourth access data, and the updated process-level access relation is obtained through analysis; combining the updated system-level access relationship and the updated process-level access relationship to obtain an updated network access relationship; and updating the corresponding directed topology graph according to the updated network access relation, and visually displaying the updated directed topology graph.
Fig. 3 is a schematic diagram of the main flow of a method for identifying an access relationship according to a second embodiment of the present invention, the method for identifying an access relationship comprising:
in step S301, a load balancing log is read in the target load balancer to extract and obtain first access data.
Step S302, the first access data is disassembled into a plurality of system level access records, and each system level access record is converted into a corresponding system level access relationship.
Preferably, for each system level access record: extracting to obtain a corresponding source address, a source port number, a target address and a target port number, merging the source address and the source port number to be used as guest system information, merging the target address and the target port number to be used as visited system information, and generating a corresponding system level access relation according to the guest system information and the visited system information.
Step S303, calculating the corresponding system level access strength of each system level access relation.
Step S304, capturing the communication data packet in the target process to extract and obtain second access data.
Step S305, the second access data is disassembled into a plurality of process level access records, and each process level access record is converted into a corresponding process level access relationship.
Preferably, for each process level access record: extracting to obtain a corresponding source address, a source port number, a target address and a target port number, merging the source address and the source port number to be used as guest process information, merging the target address and the target port number to be used as visited process information, and generating a corresponding process level access relation according to the guest process information and the visited process information.
Step S306, the process level access strength corresponding to each process level access relation is calculated.
Step S307, combining the system-level access relationship and the process-level access relationship to obtain a corresponding network access relationship.
Step S308, generating a corresponding topological structure diagram according to the network access relation.
Step S309, converting each link in the topology structure chart into a corresponding directed edge, to obtain a corresponding directed topology chart.
Step S310, an image folding instruction is acquired, and a corresponding folding range is obtained through analysis.
And step S311, updating the network access relation according to the folding range, and updating the directed topology graph according to the updated network access relation.
Step S312, the updated directed topology graph is visually displayed.
Fig. 4 is a schematic diagram of a main flow of a method for identifying an access relationship according to a third embodiment of the present invention, the method for identifying an access relationship includes:
in step S401, the load balancing log is read in the target load balancer to extract and obtain the first access data.
Step S402, the first access data is disassembled into a plurality of system level access records, and each system level access record is converted into a corresponding system level access relationship.
Step S403, calculating the system level access strength corresponding to each system level access relationship.
Step S404, according to a preset first conversion rule, converting each system-level access relation to obtain a corresponding device-level access relation.
Step S405, capturing the communication data packet in the target process to extract the second access data.
In step S406, the second access data is disassembled into a plurality of process level access records, and each process level access record is converted into a corresponding process level access relationship.
Step S407, calculating the process level access strength corresponding to each process level access relation.
Step S408, according to a preset second conversion rule, converting each process level access relation to obtain a corresponding thread level access relation.
Step S409, merging the system-level access relationship, the device-level access relationship, the process-level access relationship, and the thread-level access relationship to obtain a corresponding network access relationship.
Step S410, generating a corresponding directed topology graph according to the network access relationship.
In step S411, the updated load balancing log is read in the target load balancer at regular time to extract the third access data, and the updated system level access relationship is obtained by parsing.
Step S412, periodically grabbing the updated communication data packet in the target process to extract the fourth access data, and analyzing the updated process-level access relationship.
Step S413, combining the updated system-level access relationship and the updated process-level access relationship to obtain an updated network access relationship.
Step S414, updating the corresponding directed topology graph according to the updated network access relation, and visually displaying the updated directed topology graph.
Fig. 5 is a schematic diagram of main modules of an apparatus for identifying an access relationship according to an embodiment of the present invention, and as shown in fig. 5, the apparatus 500 for identifying an access relationship includes a parsing processing module 501, a merging processing module 502, and a visualization processing module 503. The analysis processing module 501 reads the load balancing log in the target load balancer to extract and obtain the first access data, analyzes and obtains the system level access relation, calculates the corresponding system level access strength, and grabs the communication data packet in the target process to extract and obtain the second access data, analyzes and obtains the process level access relation, and calculates the corresponding process level access strength; the merging processing module 502 combines the system-level access relationship and the process-level access relationship to obtain a corresponding network access relationship; the visualization processing module 503 performs visualization processing on the network access relationship, and performs enhanced display on the visualization processing result according to the system level access strength and the process level access strength respectively.
In some embodiments, the parsing processing module 501 is further configured to: when the system-level access relation is obtained through analysis, the first access data is disassembled into a plurality of system-level access records, so that each system-level access record is obtained: extracting to obtain a corresponding source address, a source port number, a target address and a target port number, merging the source address and the source port number to be used as guest system information, merging the target address and the target port number to be used as visited system information, and generating a corresponding system level access relation according to the guest system information and the visited system information.
In some embodiments, the parsing processing module 501 is further configured to: when the process-level access relation is obtained through analysis, the second access data is disassembled into a plurality of process-level access records, so that each process-level access record is obtained: extracting to obtain a corresponding source address, a source port number, a target address and a target port number, merging the source address and the source port number to be used as guest process information, merging the target address and the target port number to be used as visited process information, and generating a corresponding process level access relation according to the guest process information and the visited process information.
In some embodiments, the merge processing module 502 is further configured to: when the system-level access relation and the process-level access relation are combined, each system-level access relation is converted according to a preset first conversion rule to obtain a corresponding equipment-level access relation, wherein each equipment-level access relation comprises corresponding visitor equipment information and visited equipment information; converting each process level access relation according to a preset second conversion rule to obtain a corresponding thread level access relation, wherein each thread level access relation comprises corresponding visitor thread information and visited thread information; to combine the system level access relationship, the device level access relationship, the process level access relationship, and the thread level access relationship.
In some embodiments, the visualization processing module 503 is further configured to: when the network access relation is subjected to visualization processing, generating a corresponding topological structure diagram according to visitor system information, visited system information, visitor process information, visited process information, visitor equipment information, visited equipment information, visitor thread information and visited thread information which are included in the network access relation; for each link in the topology map: determining a corresponding network access relation, and analyzing to obtain a corresponding access direction so as to convert the link into a corresponding directed edge according to the access direction; and obtaining a corresponding directed topological graph and carrying out visual display.
In some embodiments, the visualization processing module 503 is further configured to: obtaining a corresponding directed topological graph, visually displaying the directed topological graph, obtaining an image folding instruction, and analyzing the image folding instruction to obtain a corresponding folding range; and screening the network access relation according to the folding range to obtain a target network access relation, generating a corresponding target topological structure diagram according to the target network access relation, converting the corresponding target topological structure diagram into a corresponding target directed topological diagram, and visually displaying the target directed topological diagram.
In some embodiments, the visualization processing module 503 is further configured to: after the visualized processing results are enhanced and displayed according to the system-level access intensity and the process-level access intensity, the updated load balancing log is read in a target load balancer at regular time to extract and obtain third access data, and the updated system-level access relation is obtained through analysis; the updated communication data packet is periodically grabbed in the target process to extract fourth access data, and the updated process-level access relation is obtained through analysis; combining the updated system-level access relationship and the updated process-level access relationship to obtain an updated network access relationship; and updating the corresponding directed topology graph according to the updated network access relation, and visually displaying the updated directed topology graph.
It should be noted that, in the method for identifying an access relationship and the device for identifying an access relationship according to the present invention, there is a corresponding relationship in implementation contents, so repeated contents will not be described.
Fig. 6 illustrates an exemplary system architecture 600 to which a method of identifying an access relationship or an apparatus of identifying an access relationship of an embodiment of the present invention may be applied.
As shown in fig. 6, the system architecture 600 may include terminal devices 601, 602, 603, a network 604, and a server 605. The network 604 is used as a medium to provide communication links between the terminal devices 601, 602, 603 and the server 605. The network 604 may include various connection types, such as wired, wireless communication links, or fiber optic cables, among others.
A user may interact with the server 605 via the network 604 using the terminal devices 601, 602, 603 to receive or send messages, etc. Various communication client applications can be installed on the terminal devices 601, 602, 603.
The terminal devices 601, 602, 603 may be various electronic devices having a page display screen and supporting web browsing, including but not limited to smartphones, tablets, laptop and desktop computers, and the like.
The server 605 may be a server providing various services, such as a background management server (by way of example only) providing support for users with the terminal devices 601, 602, 603. The background management server may analyze and process the received data such as the product information query request, and feedback the processing result (e.g., the target push information, the product information—only an example) to the terminal device.
It should be noted that, the method for identifying the access relationship according to the embodiment of the present invention is generally performed by the server 605, and accordingly, the computing device is generally disposed in the server 605.
It should be understood that the number of terminal devices, networks and servers in fig. 6 is merely illustrative. There may be any number of terminal devices, networks, and servers, as desired for implementation.
Referring now to FIG. 7, there is illustrated a schematic diagram of a computer system 700 suitable for use in implementing an embodiment of the present invention. The terminal device shown in fig. 7 is only an example, and should not impose any limitation on the functions and the scope of use of the embodiment of the present invention.
As shown in fig. 7, the computer system 700 includes a Central Processing Unit (CPU) 701, which can perform various appropriate actions and processes according to a program stored in a Read Only Memory (ROM) 702 or a program loaded from a storage section 708 into a Random Access Memory (RAM) 703. In the RAM703, various programs and data required for the operation of the computer system 700 are also stored. The CPU701, ROM702, and RAM703 are connected to each other through a bus 704. An input/output (I/O) interface 705 is also connected to bus 704.
The following components are connected to the I/O interface 705: an input section 706 including a keyboard, a mouse, and the like; an output section 707 including a Cathode Ray Tube (CRT), a liquid crystal page display processor (LCD), and the like, and a speaker, and the like; a storage section 708 including a hard disk or the like; and a communication section 709 including a network interface card such as a LAN card, a modem, or the like. The communication section 709 performs communication processing via a network such as the internet. The drive 710 is also connected to the I/O interface 705 as needed. A removable medium 711 such as a magnetic disk, an optical disk, a magneto-optical disk, a semiconductor memory, or the like is mounted on the drive 710 as necessary, so that a computer program read therefrom is mounted into the storage section 708 as necessary.
In particular, according to embodiments of the present disclosure, the processes described above with reference to flowcharts may be implemented as computer software programs. For example, embodiments of the present disclosure include a computer program product comprising a computer program embodied on a computer readable medium, the computer program comprising program code for performing the method shown in the flow chart. In such an embodiment, the computer program may be downloaded and installed from a network via the communication portion 709, and/or installed from the removable medium 711. The above-described functions defined in the system of the present invention are performed when the computer program is executed by a Central Processing Unit (CPU) 701.
The computer readable medium shown in the present invention may be a computer readable signal medium or a computer readable storage medium, or any combination of the two. The computer readable storage medium can be, for example, but not limited to, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device, or a combination of any of the foregoing. More specific examples of the computer-readable storage medium may include, but are not limited to: an electrical connection having one or more wires, a portable computer diskette, a hard disk, a Random Access Memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or flash memory), an optical fiber, a portable compact disc read-only memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing. In the context of this document, a computer readable storage medium may be any tangible medium that can contain, or store a program for use by or in connection with an instruction execution system, apparatus, or device. In the present invention, however, the computer-readable signal medium may include a data signal propagated in baseband or as part of a carrier wave, with the computer-readable program code embodied therein. Such a propagated data signal may take any of a variety of forms, including, but not limited to, electro-magnetic, optical, or any suitable combination of the foregoing. A computer readable signal medium may also be any computer readable medium that is not a computer readable storage medium and that can communicate, propagate, or transport a program for use by or in connection with an instruction execution system, apparatus, or device. Program code embodied on a computer readable medium may be transmitted using any appropriate medium, including but not limited to: wireless, wire, fiber optic cable, RF, etc., or any suitable combination of the foregoing.
The flowcharts and block diagrams in the figures illustrate the architecture, functionality, and operation of possible implementations of systems, methods and computer program products according to various embodiments of the present invention. In this regard, each block in the flowchart or block diagrams may represent a module, segment, or portion of code, which comprises one or more executable instructions for implementing the specified logical function(s). It should also be noted that, in some alternative implementations, the functions noted in the block may occur out of the order noted in the figures. For example, two blocks shown in succession may, in fact, be executed substantially concurrently, or the blocks may sometimes be executed in the reverse order, depending upon the functionality involved. It will also be noted that each block of the block diagrams or flowchart illustration, and combinations of blocks in the block diagrams or flowchart illustration, can be implemented by special purpose hardware-based systems which perform the specified functions or acts, or combinations of special purpose hardware and computer instructions.
The modules involved in the embodiments of the present invention may be implemented in software or in hardware. The described modules may also be provided in a processor, for example, as: a processor includes an parsing processing module, a merging processing module, and a visualization processing module. The names of these modules do not constitute a limitation on the module itself in some cases.
As another aspect, the present invention also provides a computer-readable medium that may be contained in the apparatus described in the above embodiments; or may be present alone without being fitted into the device. The computer readable medium carries one or more programs, which when executed by the device, cause the device to include reading a load balancing log in a target load balancer to extract first access data, parse the first access data to obtain a system level access relationship, and calculate a corresponding system level access strength; capturing a communication data packet in a target process to extract second access data, analyzing the second access data to obtain a process-level access relation, and calculating the corresponding process-level access strength; combining the system-level access relationship and the process-level access relationship to obtain a corresponding network access relationship; and carrying out visualization processing on the network access relation, and carrying out enhanced display on a visualization processing result according to the system-level access strength and the process-level access strength respectively.
According to the technical scheme provided by the embodiment of the invention, the technical problems that the network access relation and the network access strength cannot be comprehensively combed and the dynamic display is carried out in the prior art can be solved.
The above embodiments do not limit the scope of the present invention. It will be apparent to those skilled in the art that various modifications, combinations, sub-combinations and alternatives can occur depending upon design requirements and other factors. Any modifications, equivalent substitutions and improvements made within the spirit and principles of the present invention should be included in the scope of the present invention.
Claims (17)
1. A method of identifying access relationships, comprising:
reading a load balancing log in a target load balancer to extract first access data, analyzing the first access data to obtain a system-level access relation, and calculating corresponding system-level access strength;
capturing a communication data packet in a target process to extract second access data, analyzing the second access data to obtain a process-level access relation, and calculating the corresponding process-level access strength;
combining the system-level access relationship and the process-level access relationship to obtain a corresponding network access relationship;
and carrying out visualization processing on the network access relation, and carrying out enhanced display on a visualization processing result according to the system-level access strength and the process-level access strength respectively.
2. The method of claim 1, wherein resolving results in a system level access relationship, comprising:
breaking down the first access data into a plurality of system level access records to, for each system level access record:
extracting to obtain corresponding source address, source port number, destination address and destination port number,
combining the source address, the source port number as guest system information,
and merging the destination address, the destination port number as visited system information,
and generating a corresponding system-level access relation according to the visitor system information and the visited system information.
3. The method of claim 1, wherein resolving results in a process-level access relationship, comprising:
breaking down the second access data into a plurality of process-level access records to, for each process-level access record:
extracting to obtain corresponding source address, source port number, destination address and destination port number,
combining the source address, the source port number as guest process information,
and merging the destination address, the destination port number as the accessed process information,
and generating a corresponding process-level access relation according to the visitor process information and the visited process information.
4. The method of claim 1, wherein combining the system-level access relationship and the process-level access relationship comprises:
converting each system-level access relation according to a preset first conversion rule to obtain a corresponding device-level access relation, wherein each device-level access relation comprises corresponding visitor device information and visited device information;
converting each process level access relation according to a preset second conversion rule to obtain a corresponding thread level access relation, wherein each thread level access relation comprises corresponding visitor thread information and visited thread information;
to combine the system level access relationship, the device level access relationship, the process level access relationship, and the thread level access relationship.
5. The method according to any one of claims 1-4, wherein visualizing the network access relationship comprises:
generating a corresponding topological structure diagram according to visitor system information, visited system information, visitor process information, visited process information, visitor equipment information, visited equipment information, visitor thread information and visited thread information which are included in the network access relation;
For each link in the topology map: determining a corresponding network access relation, and analyzing to obtain a corresponding access direction so as to convert the link into a corresponding directed edge according to the access direction;
and obtaining a corresponding directed topological graph and carrying out visual display.
6. The method of claim 5, wherein after obtaining the corresponding directed topology map and visually displaying, the method comprises:
acquiring an image folding instruction, and analyzing to obtain a corresponding folding range;
and screening the network access relation according to the folding range to obtain a target network access relation, generating a corresponding target topological structure diagram according to the target network access relation, converting the corresponding target topological structure diagram into a corresponding target directed topological diagram, and visually displaying the target directed topological diagram.
7. The method according to claim 5, wherein after the visual processing result is displayed in an enhanced manner according to the system-level access strength and the process-level access strength, respectively, the method comprises:
the updated load balancing log is read in the target load balancing device at regular time to extract and obtain third access data, and the updated system level access relation is obtained through analysis;
The updated communication data packet is periodically grabbed in the target process to extract fourth access data, and the updated process-level access relation is obtained through analysis;
combining the updated system-level access relationship and the updated process-level access relationship to obtain an updated network access relationship;
and updating the corresponding directed topology graph according to the updated network access relation, and visually displaying the updated directed topology graph.
8. An apparatus for identifying access relationships, comprising:
the analysis processing module reads the load balancing log in the target load balancer to extract and obtain first access data, analyzes and obtains a system-level access relation, and calculates corresponding system-level access strength; capturing a communication data packet in a target process to extract second access data, analyzing the second access data to obtain a process-level access relation, and calculating the corresponding process-level access strength;
the merging processing module is used for combining the system-level access relation and the process-level access relation to obtain a corresponding network access relation;
and the visualization processing module is used for carrying out visualization processing on the network access relation and carrying out enhanced display on a visualization processing result according to the system-level access strength and the process-level access strength respectively.
9. The apparatus of claim 8, wherein resolving results in a system-level access relationship, comprising:
the analysis processing module is used for:
breaking down the first access data into a plurality of system level access records to, for each system level access record:
extracting to obtain corresponding source address, source port number, destination address and destination port number,
combining the source address, the source port number as guest system information,
and merging the destination address, the destination port number as visited system information,
and generating a corresponding system-level access relation according to the visitor system information and the visited system information.
10. The apparatus of claim 8, wherein resolving results in a process-level access relationship, comprising:
the analysis processing module is used for:
breaking down the second access data into a plurality of process-level access records to, for each process-level access record:
extracting to obtain corresponding source address, source port number, destination address and destination port number,
combining the source address, the source port number as guest process information,
and merging the destination address, the destination port number as the accessed process information,
And generating a corresponding process-level access relation according to the visitor process information and the visited process information.
11. The apparatus of claim 8, wherein combining the system-level access relationship and the process-level access relationship comprises:
the merging processing module is used for:
converting each system-level access relation according to a preset first conversion rule to obtain a corresponding device-level access relation, wherein each device-level access relation comprises corresponding visitor device information and visited device information;
converting each process level access relation according to a preset second conversion rule to obtain a corresponding thread level access relation, wherein each thread level access relation comprises corresponding visitor thread information and visited thread information;
to combine the system level access relationship, the device level access relationship, the process level access relationship, and the thread level access relationship.
12. The apparatus according to any one of claims 8-11, wherein visualizing the network access relationship comprises:
the visual processing module is used for:
generating a corresponding topological structure diagram according to visitor system information, visited system information, visitor process information, visited process information, visitor equipment information, visited equipment information, visitor thread information and visited thread information which are included in the network access relation;
For each link in the topology map: determining a corresponding network access relation, and analyzing to obtain a corresponding access direction so as to convert the link into a corresponding directed edge according to the access direction;
and obtaining a corresponding directed topological graph and carrying out visual display.
13. The apparatus of claim 12, wherein after obtaining the corresponding directed topology map and visually displaying, the apparatus comprises:
the visual processing module is used for:
acquiring an image folding instruction, and analyzing to obtain a corresponding folding range;
and screening the network access relation according to the folding range to obtain a target network access relation, generating a corresponding target topological structure diagram according to the target network access relation, converting the corresponding target topological structure diagram into a corresponding target directed topological diagram, and visually displaying the target directed topological diagram.
14. The apparatus of claim 12, wherein after the enhanced display of the visualization process result according to the system level access strength and the process level access strength, respectively, the apparatus comprises:
the visual processing module is used for:
the updated load balancing log is read in the target load balancing device at regular time to extract and obtain third access data, and the updated system level access relation is obtained through analysis;
The updated communication data packet is periodically grabbed in the target process to extract fourth access data, and the updated process-level access relation is obtained through analysis;
combining the updated system-level access relationship and the updated process-level access relationship to obtain an updated network access relationship;
and updating the corresponding directed topology graph according to the updated network access relation, and visually displaying the updated directed topology graph.
15. An electronic device, comprising:
one or more processors;
storage means for storing one or more programs,
when executed by the one or more processors, causes the one or more processors to implement the method of any of claims 1-7.
16. A computer program product comprising a computer program which, when executed by a processor, implements the method according to any of claims 1-7.
17. A computer readable medium, on which a computer program is stored, characterized in that the program, when being executed by a processor, implements the method according to any of claims 1-7.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202311210677.3A CN117201261A (en) | 2023-09-19 | 2023-09-19 | Method and device for identifying access relationship |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202311210677.3A CN117201261A (en) | 2023-09-19 | 2023-09-19 | Method and device for identifying access relationship |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN117201261A true CN117201261A (en) | 2023-12-08 |
Family
ID=88997663
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202311210677.3A Pending CN117201261A (en) | 2023-09-19 | 2023-09-19 | Method and device for identifying access relationship |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN117201261A (en) |
-
2023
- 2023-09-19 CN CN202311210677.3A patent/CN117201261A/en active Pending
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN106489251B (en) | The methods, devices and systems of applied topology relationship discovery | |
| US20140351394A1 (en) | Reporting performance capabilities of a computer resource service | |
| CN109902446B (en) | Method and apparatus for generating information prediction model | |
| CN110753089A (en) | Method, device, medium and electronic equipment for managing client | |
| CN110765752B (en) | Test question generation method and device, electronic equipment and computer readable storage medium | |
| CN111324342A (en) | Method, device, medium and electronic equipment for generating interface layer code | |
| CN112291121B (en) | Data processing method and related equipment | |
| KR101595024B1 (en) | data analyzing system based on user intent | |
| CN113722369A (en) | Method, device, equipment and storage medium for predicting field monitoring data | |
| CN110727692B (en) | Method and device for setting linkage chart | |
| CN112954056A (en) | Monitoring data processing method and device, electronic equipment and storage medium | |
| CN111158881B (en) | Data processing method, device, electronic equipment and computer readable storage medium | |
| CN112035256A (en) | Resource allocation method, device, electronic equipment and medium | |
| CN111274104B (en) | Data processing method, device, electronic equipment and computer readable storage medium | |
| CN111382058B (en) | Service testing method and device, server and storage medium | |
| CN117201261A (en) | Method and device for identifying access relationship | |
| CN113468342B (en) | Knowledge graph-based data model construction method, device, equipment and medium | |
| Davalos et al. | ChimeraPy: A Scientific Distributed Streaming Framework for Real-time Multimodal Data Retrieval and Processing | |
| CN113792869B (en) | Video processing method and device based on neural network chip and electronic equipment | |
| CN115202973A (en) | Application running state determining method and device, electronic equipment and medium | |
| CN114372826A (en) | Freight rate data processing method, system, equipment and storage medium | |
| CN111382057B (en) | Test case generation method, test method and device, server and storage medium | |
| CN111625692B (en) | Feature extraction method, device, electronic equipment and computer readable medium | |
| de Camargo Magano et al. | Abstracting Big Data Processing Tools for Smart Cities | |
| CN111026571B (en) | Processor down-conversion processing method and device and electronic equipment |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |