TWI423619B - Intelligent network monitoring system - Google Patents

Intelligent network monitoring system Download PDF

Info

Publication number
TWI423619B
TWI423619B TW98136174A TW98136174A TWI423619B TW I423619 B TWI423619 B TW I423619B TW 98136174 A TW98136174 A TW 98136174A TW 98136174 A TW98136174 A TW 98136174A TW I423619 B TWI423619 B TW I423619B
Authority
TW
Taiwan
Prior art keywords
network
knowledge
fuzzy
fuzzy inference
network traffic
Prior art date
Application number
TW98136174A
Other languages
Chinese (zh)
Other versions
TW201115974A (en
Inventor
Jian-Xing Li
wei-jun Sun
zhi-yuan Xu
Hui-Min Wang
Yan-Liang Chen
Fu-Sheng Bai
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed filed Critical
Priority to TW98136174A priority Critical patent/TWI423619B/en
Publication of TW201115974A publication Critical patent/TW201115974A/en
Application granted granted Critical
Publication of TWI423619B publication Critical patent/TWI423619B/en

Links

Landscapes

  • Data Exchanges In Wide-Area Networks (AREA)

Description

智慧型網路監控系統Smart network monitoring system

本發明是有關於一種智慧型網路監控系統,特別是指一種基於網路流量知識本體(Ontology)之智慧型網路監控系統。The invention relates to a smart network monitoring system, in particular to a smart network monitoring system based on a network traffic knowledge ontology.

目前是通訊時代,各行各業無不需要網路,網路的重要性不可言喻。相關網路設備的市場銷售量迅速增加,且對網路監控系統之需求日益提升。At present, it is the age of communication. There is no need for internet in all walks of life. The importance of the Internet is inexplicable. The market sales of related network devices are rapidly increasing, and the demand for network monitoring systems is increasing.

目前,既有的網路流量監控系統只能顯示出“流量”或“線路佔有率”,但是不同的網路環境下,相同的網路流量數值有著不同的代表意義,因此以目前的網路流量監控系而言,仍然必須透過網路管理人員才可以得知這些數值所代表的網路流量意義。At present, the existing network traffic monitoring system can only display "traffic" or "line occupancy rate", but in different network environments, the same network traffic value has different representative meanings, so the current network In the case of traffic monitoring, the network administrator must still be able to know the meaning of the network traffic represented by these values.

此外,市場上網路監控系統動輒數百萬,非一般中小企業及學校所能負擔。以學校單位來看,依據97學年度教育部之統計,目前台灣擁有171所大專院校。其中,除了幾間擁有五年五百億及教學卓越計畫的學校之外,其他學校對於網路流量監控之議題其實都非常關注但是卻苦無經費來建置動輒數百萬的網路監控系統。因此,有必要尋求解決之道。In addition, there are millions of network monitoring systems on the market that can be afforded by non-sMEs and schools. In terms of school units, according to the statistics of the Ministry of Education in the 97th school year, Taiwan currently has 171 colleges and universities. Among them, in addition to several schools with five-year 50 billion and teaching excellence programs, other schools are very concerned about the issue of network traffic monitoring, but have no money to build millions of network monitoring. system. Therefore, it is necessary to seek a solution.

因此,本發明之目的,即在提供一種智慧型網路監控系統。Accordingly, it is an object of the present invention to provide a smart network monitoring system.

於是,本發明智慧型網路監控系統用以監控一特定建築物之多數網路設備之網路流量。該系統包含一網路流量資料擷取單元、一知識本體儲存庫及一模糊推論引擎。該網路流量資料擷取單元用以從該等網路設備擷取網路流量資料。該知識本體儲存庫用以儲存至少一網路監控領域專家針對該特定建築物所提供的網路監控領域知識。該模糊推論引擎用以基於該知識本體儲存庫中的網路監控領域知識,將該網路流量資料擷取單元所傳來的網路流量資料轉換成網路流量語意。Thus, the intelligent network monitoring system of the present invention is used to monitor the network traffic of most network devices of a particular building. The system comprises a network traffic data retrieval unit, a knowledge ontology repository and a fuzzy inference engine. The network traffic data capture unit is configured to retrieve network traffic data from the network devices. The knowledge ontology repository is used to store at least one knowledge of the network monitoring field provided by an expert in the field of network monitoring for the specific building. The fuzzy inference engine is configured to convert the network traffic data transmitted by the network traffic data extraction unit into network traffic semantics based on the knowledge of the network monitoring domain in the knowledge ontology repository.

本發明之功效在於,當網路流量發生異常時,可即時提供符合人類思考模式的告警語意,以告知網管人員即時採取適當的處理措施。此外,本發明之建置費用係為一般中小企業及學校所能負擔,故可讓一般中小企業及學校省下龐大的客製化網路環境流量監控費用。The effect of the invention is that when the network traffic is abnormal, the alarm semantics in accordance with the human thinking mode can be provided immediately, so that the network administrator can immediately take appropriate measures. In addition, the construction cost of the present invention is affordable for general SMEs and schools, so that general SMEs and schools can save a large amount of customized network environment traffic monitoring costs.

有關本發明之前述及其他技術內容、特點與功效,在以下配合參考圖式之一個較佳實施例的詳細說明中,將可清楚的呈現。The above and other technical contents, features and advantages of the present invention will be apparent from the following detailed description of the preferred embodiments.

在本發明被詳細描述之前,要注意的是,在以下的說明內容中,類似的元件是以相同的編號來表示。Before the present invention is described in detail, it is noted that in the following description, similar elements are denoted by the same reference numerals.

參閱圖1,本發明智慧型網路監控系統1之較佳實施例用以監控一特定建築物之多數網路設備9之網路流量。在本較佳實施例中,係以一學校中的建築物做為該特定建築物來進行說明,然本發明中的特定建築物並不限於學校中的建築物,可以是需利用本發明智慧型網路監控系統1來監控網路設備9之網路流量之任何特定建築物。該智慧型網路監控系統1包含一網路流量資料擷取單元11、一包括一知識本體儲存庫131及一模糊推論引擎132之模糊推論控制器13、一告警單元14及一網路監控介面15。Referring to Figure 1, a preferred embodiment of the intelligent network monitoring system 1 of the present invention is used to monitor the network traffic of a majority of network devices 9 of a particular building. In the preferred embodiment, a building in a school is used as the specific building. However, the specific building in the present invention is not limited to a building in a school, and may be utilized by the wisdom of the present invention. The network monitoring system 1 monitors any particular building of the network traffic of the network device 9. The intelligent network monitoring system 1 includes a network traffic data capturing unit 11, a fuzzy inference controller 13 including a knowledge body repository 131 and a fuzzy inference engine 132, an alarm unit 14, and a network monitoring interface. 15.

該網路流量資料擷取單元11用以從該等網路設備9擷取網路流量資料。這些網路流量資料需要事先經由網路管理人員來加以定義。例如,在本較佳實施例中,透過學校的網路管理人員所定義的重要資料為:建築、校區、樓層、IP位址、別名、類別、時間、連接埠、模糊變數、流量進入、流量流出、設備最大流出量及設備最大進入量等。這些網路流量資料根據不同的網路環境將會有所不同,如實體位置的建築、校區及樓層,或是網路設備9的模糊變數、設備最大流出量及設備最大進入量等,所以在此網路流量資料擷取單元11之建置過程中最重要的關鍵在於網路環境內的網路管理人員。The network traffic data capturing unit 11 is configured to retrieve network traffic data from the network devices 9. These network traffic data needs to be defined in advance by network administrators. For example, in the preferred embodiment, the important information defined by the school's network administrators is: building, campus, floor, IP address, alias, category, time, port, fuzzy variable, traffic entry, Flow outflow, maximum outflow of equipment, and maximum inflow of equipment. These network traffic data will vary according to different network environments, such as the building, campus and floor of the physical location, or the fuzzy variables of the network device 9, the maximum outflow of the device, and the maximum amount of equipment entering, so The most important key in the process of building the network traffic data capture unit 11 is the network administrators in the network environment.

上述網路管理人員指的便是對網路環境熟悉的網路監控領域專家8,其基於對於該特定網路環境的知識,建立起此網路環境的知識本體,並將其儲存至該知識本體儲存庫131。The above network administrator refers to the network monitoring domain expert 8 who is familiar with the network environment, and based on the knowledge of the specific network environment, establishes the knowledge ontology of the network environment and stores it to the knowledge. The ontology repository 131.

參閱圖1~4,該知識本體儲存庫131用以儲存至少一個網路監控領域專家8針對該特定網路環境所提供的網路監控領域知識,其主要是用來描述該特定網路環境之領域知識,其包括領域層(Domain Layer)、種類層(Category Layer)、概念(Concept)、屬性(Attribute)、操作(Operation)及實例層(Instance Layer)。如圖2所示,其即為本較佳實施例中該知識本體儲存庫12中所儲存的知識本體,其中領域層即是該知識本體,種類層則有校區1、校區2...及校區n,概念代表了每台網路設備9的名稱,屬性則是概念的屬性,其主要用法在於描述概念所包含的屬性值有哪些,且這些屬性也是代表對於概念的關鍵項目。因此,在本發明系統1建置的過程中,係先透過領域專家8定義網路設備9的關鍵屬性,再建置此網路設備9的知識本體。至於操作,則是對於概念而言的操作概念。另外,實例層表示實際網路環境中的實例。如圖3、4所示,圖3為本較佳實施例中的網路設備9之概念範例,圖4則是其實例。因此,知識本體儲存庫131即是將網路流量資料利用領域專家8所定義的知識本體來加以儲存,以便做即時模糊推論或是未來進行網路資料分析之用。Referring to FIG. 1 to FIG. 4, the knowledge ontology repository 131 is configured to store at least one network monitoring domain expert 8 knowledge of the network monitoring domain provided by the specific network environment, which is mainly used to describe the specific network environment. Domain knowledge, including Domain Layer, Category Layer, Concept, Attribute, Operation, and Instance Layer. As shown in FIG. 2, it is the knowledge ontology stored in the knowledge ontology repository 12 in the preferred embodiment, wherein the domain layer is the knowledge ontology, and the category layer has a campus area 1 and a campus area 2. And campus n, the concept represents the name of each network device 9, the attribute is the attribute of the concept, its main usage is to describe the attribute values contained in the concept, and these attributes are also representative of the key items for the concept. Therefore, in the process of the system 1 of the present invention, the domain attribute expert 8 is first used to define the key attributes of the network device 9, and then the knowledge ontology of the network device 9 is built. As for the operation, it is the concept of operation for the concept. In addition, the instance layer represents an instance in the actual network environment. As shown in FIG. 3 and FIG. 4, FIG. 3 is a conceptual example of the network device 9 in the preferred embodiment, and FIG. 4 is an example thereof. Therefore, the knowledge ontology repository 131 stores the knowledge ontology defined by the network traffic data domain expert 8 for immediate fuzzy inference or future network data analysis.

參閱圖1、5,該模糊推論引擎132用以基於該知識本體儲存庫131中的網路監控領域知識,將該網路流量資料擷取單元11所傳來的網路流量資料轉換成網路流量語意。亦即,該模糊推論引擎132藉由擷取該網路流量資料擷取單元11所傳來的數值,並根據網路監控領域專家8在該知識本體儲存庫131中所定義的模糊推論知識庫1311,可得到某一台網路設備9的關鍵數值。在本較佳實施例中,主要是要判斷出校園中建築對建築之間的網路上傳及下載量。如圖5所示,每條網路線路(或是埠(Port))都有其網路流量輸入模糊變數,例如其語意項可以是非常低(V_Low)、低(Low)、中(Medium)、高(High)及非常高(V_High)等,故每條網路線路即是一個輸入模糊變數。舉例來說,當某一網路設備9之線路網路流量為66Mbps時,因其僅對應至語意項為〝高〞之梯型曲線,故66Mbps之線路網路流量所對應之輸入模糊變數即為〝高〞;然而,當某一網路設備9之線路網路流量為72Mbps時,由於其同時對應至語意項為〝高〞及〝非常高〞之梯型曲線,故在本發明實施例中將取可能性(縱座標)較高者,即取語意項為〝高〞之梯型曲線,故72Mbps之線路網路流量所對應之輸入模糊變數即為〝高〞。於是,藉由綜合所有網路線路以如圖6、7、8所示者(稍後將詳述)加以分析,將可判斷出建築物與建築物之間的網路流量,以得到某一建築物之流量情況語意。Referring to FIG. 1 and FIG. 5, the fuzzy inference engine 132 is configured to convert the network traffic data transmitted by the network traffic data extraction unit 11 into a network based on the knowledge of the network monitoring domain in the knowledge ontology repository 131. Traffic semantics. That is, the fuzzy inference engine 132 captures the value transmitted by the network traffic data extraction unit 11 and according to the fuzzy inference knowledge base defined by the network monitoring domain expert 8 in the knowledge ontology repository 131. 1311, the key value of a certain network device 9 can be obtained. In the preferred embodiment, it is mainly to determine the amount of network uploads and downloads between buildings in the campus. As shown in Figure 5, each network line (or port) has its network traffic input fuzzy variable, for example, its semantic terms can be very low (V_Low), low (Low), medium (Medium). , High and Very High (V_High), so each network line is an input fuzzy variable. For example, when the network traffic of a certain network device 9 is 66 Mbps, since it only corresponds to the ladder curve of the semantic term, the input fuzzy variable corresponding to the network traffic of 66 Mbps is However, when the network traffic of a certain network device 9 is 72 Mbps, since it corresponds to a ladder curve of a high-level and a very high-order, the embodiment of the present invention. The higher the possibility (the ordinate) of the lieutenant, that is, the meaning of the word is the ladder curve of the 〝高〝, so the input fuzzy variable corresponding to the network traffic of 72 Mbps is 〝高〞. Therefore, by synthesizing all the network lines as shown in Figures 6, 7, and 8 (described later in detail), it is possible to determine the network traffic between the building and the building to obtain a certain The flow of the building is semantic.

在該模糊推論引擎132將網路流量資料轉換成網路流量語意的過程中,首先必需定義個別網路線路流量上傳及下載的輸入模糊變數,至於整體輸出上傳及下載流量則是利用綜合分析個別線路上傳及下載流量所得到的。其中,個別線路的上傳(下載)量即是一個輸入模糊變數,而整體網路上傳(下載)流量則是一個輸出模糊變數。在本實施例中,網路線路的流量與輸入模糊變數間的隸屬函數係採用專家法,由領域專家8根據個別網路環境定義,所以針對不同網路環境,所得到的隸屬函數會不盡相同,最後可將輸入網路流量數值轉換成符合網路監控領域專家8之領域知識之語意。In the process of the fuzzy inference engine 132 converting the network traffic data into the semantics of the network traffic, it is first necessary to define the input fuzzy variables of the upload and download of the individual network line traffic, and the overall output upload and download traffic is analyzed by using the comprehensive analysis. Line upload and download traffic. Among them, the upload (download) amount of an individual line is an input fuzzy variable, and the overall network upload (download) traffic is an output fuzzy variable. In this embodiment, the membership function between the traffic of the network line and the input fuzzy variable is an expert method, and the domain expert 8 defines according to the individual network environment, so the obtained membership function is incomplete for different network environments. In the same way, the value of the input network traffic can be converted into the semantics of the domain knowledge of experts in the field of network monitoring.

參閱圖1、6、7、8,在本較佳實施例中,該知識本體儲存庫131係利用一模糊標記語言(Fuzzy Markup Language,FML)來建置,且包括一模糊推論知識庫(Knowledge Base)1311及一模糊推論規則庫(Rule Base)1312。FML語言是由Acampora和Loia等學者提出,是以XML為基礎並結合模糊邏輯所定義出來的語言。FML基本上分為三層式架構,分別是XML、文件類型定義(Document Type Definition,DTD)及可擴展樣式表轉換語言(Extensible Stylesheet Language Transformations,XSLT)。其中,XML是將模糊邏輯控制建立成一種新的標記語言,DTD是要定義出可以在FML合法使用的標籤元件,XSLT的功用在於將模糊控制描述轉換成特定的程式語言。Referring to Figures 1, 6, 7, and 8, in the preferred embodiment, the knowledge ontology repository 131 is constructed using a Fuzzy Markup Language (FML) and includes a fuzzy inference knowledge base (Knowledge). Base) 1311 and a fuzzy inference rule base (Rule Base) 1312. The FML language is proposed by scholars such as Acampora and Loia, and is a language defined on the basis of XML and combined with fuzzy logic. FML is basically divided into three layers of architecture, namely XML, Document Type Definition (DTD) and Extensible Stylesheet Language Transformations (XSLT). Among them, XML is to establish fuzzy logic control into a new markup language. DTD is to define the tag component that can be legally used in FML. The function of XSLT is to convert the fuzzy control description into a specific programming language.

如圖6所示,其為基於網路流量知識本體之智慧型網路監控系統之FML架構圖(以本案申請人台南大學校園中的學生宿舍懷遠齋的上傳網路流量為例)。在本較佳實施例中,本系統1之根節點為模糊推論控制器(Controller)13,其在FML程式語言中,可以<FUZZYCONTROL>標籤表示。<FUZZYCONTROL>標籤使用三個子標籤,分別為type、defuzzifymethod及ip,其中:(1)type表示模糊控制器的型態,例如MAMDANI;(2)defuzzifymethod定義解模糊化的方法;(3)ip代表在網路上這個模糊控制器的網路位址。As shown in FIG. 6, it is a FML architecture diagram of a smart network monitoring system based on the network traffic knowledge ontology (taking the uploading network traffic of the student dormitory Huaiyuanzhai in the case of the applicant's campus in Tainan University as an example). In the preferred embodiment, the root node of the system 1 is a fuzzy inference controller (Controller) 13, which can be represented by a <FUZZYCONTROL> tag in the FML programming language. The <FUZZYCONTROL> tag uses three subtags, type, defuzzifymethod, and ip, where: (1) type represents the type of the fuzzy controller, such as MAMDANI; (2) defuzzifymethod defines the method of defuzzification; (3) ip represents The network address of this fuzzy controller on the network.

此外,圖6中所示之左子樹為模糊推論知識庫1311,若以FML語言撰寫程式碼,將以<KNOWLEDGEBASE>標籤表示。<KNOWLEDGEBASE>使用<FUZZYVARIABLE>及<FUZZYTERM>子標籤來描述模糊概念(例如:校園網路線路某一個埠)及其語意項(例如:流量非常高)。<FUZZYVARIABLE>的標籤有name、scale、domainLeft、domainRight、type及ip,其中:(1)name為模糊概念的名稱;(2)scale為模糊概念的測量單位;(3)domainLeft及domainRight為模糊概念的區間;(4)type為模糊概念在規則中的角色;(5)ip代表在網路上模糊知識庫131的網路位址。<FUZZYTERM>只有一個標籤為name,用來定義模糊概念的語意項。In addition, the left subtree shown in FIG. 6 is the fuzzy inference knowledge base 1311. If the code is written in the FML language, it will be represented by the <KNOWLEDGEBASE> tag. <KNOWLEDGEBASE> uses the <FUZZYVARIABLE> and <FUZZYTERM> subtags to describe the concept of blurring (for example, one of the campus network lines) and its semantics (for example, very high traffic). The tags of <FUZZYVARIABLE> are name, scale, domainLeft, domainRight, type, and ip, where: (1) name is the name of the fuzzy concept; (2) scale is the unit of measurement of the fuzzy concept; (3) domainLeft and domainRight are fuzzy concepts (4) type is the role of the fuzzy concept in the rule; (5) ip represents the network address of the fuzzy knowledge base 131 on the network. <FUZZYTERM> has only one label named, which is used to define the semantics of the fuzzy concept.

以圖6、7、8中所舉出的實例來說,圖6中的左子樹及其對應程式碼圖7說明本案申請人台南大學中從格致樓(其建築物代號為A)到懷遠齋(其建築物代號為E)的每條線路之懷遠齋下載流量(共四條,即四個模糊變數)的五個模糊集合。在此例中,每條線路的輸入模糊變數可設定為五個模糊集合,其語意項分別為非常低(Very_Low)、低(Low)、中(Medium)、高(High)及非常高(Very_High);輸出模糊變數則是建築物流量程度,亦定義為五個模糊集合,其語意項亦分別為非常低(Very_Low)、低(Low)、中(Medium)、高(High)及非常高(Very_High)。In the example illustrated in Figures 6, 7, and 8, the left subtree in Figure 6 and its corresponding code Figure 7 illustrate the applicant from the Tainan University in the case of Gezhilou (its building code is A) to Huaiyuan Five fuzzy sets of Huaiyuanzhai download traffic (four in total, four fuzzy variables) for each line of Zhai (its building code is E). In this example, the input fuzzy variable for each line can be set to five fuzzy sets, with semantic terms being Very Low (Lery_Low), Low (Low), Medium (High), High (High), and Very High (Very_High). The output fuzzy variable is the degree of building traffic. It is also defined as five fuzzy sets. The semantic terms are also very low (Very_Low), low (Low), medium (Medium), high (High) and very high ( Very_High).

再者,圖6中所示之右子樹為模糊推論規則庫1312,若以FML語言撰寫程式碼,將以<RULEBASE>標籤表示。<RULEBASE>有兩個子標籤,分別為inferenceengine及ip。inferenceengine定義推論方式,例如MINMAXMINMAMDANI;ip代表在網路上這個模糊控制器的網路位址。每個單一規則以標籤<RULE>表示,<RULE>所使用的子標籤分別有id、connector、weight及ip,其中:(1)id為規則的代號;(2)connector為邏輯運算的運算元;(3)weight為該規則的權重值;(4)ip代表在網路上模糊規則庫的網路位址。模糊規則的IF-PART及THEN-PART分別以標籤<ANTECEDENT>及<CONSEQUENT>表示,<CLAUSEA>及<CLAUSEC>分別定義IF-PART及THEN-PART的模糊子句,並以(1)<VARIABLE>標籤描述模糊概念;(2)<TERM>標籤描述模糊概念語意項;(3)<TSKPARAM>描述TSK模糊控制型態THEN-PART參數。因此,在本較佳實施例中,由於FML是對於模糊推論的通用標籤語言,其具有通用性以及可明確詳細表達出規則庫1311及知識庫1312,並且日後可使用FML快速建構適用於不同網路環境之智慧型網路監控系統1。如圖7、8所示,其等分別為本實施例中以FML語言所撰寫的模糊推論知識庫1311及模糊推論規則庫1312之程式碼(以本案申請人台南大學校園中的學生宿舍懷遠齋的上傳網路流量部分程式碼為例)。Furthermore, the right subtree shown in FIG. 6 is the fuzzy inference rule base 1312. If the code is written in the FML language, it will be represented by the <RULEBASE> tag. <RULEBASE> has two subtags, inferenceengine and ip. The inferenceengine defines the inference method, such as MINMAXMINMAMDANI; ip represents the network address of the fuzzy controller on the network. Each single rule is represented by the label <RULE>, and the sub-labels used by <RULE> are id, connector, weight, and ip, respectively: (1) id is the code of the rule; (2) the operator is the operation element of the logical operation (3) weight is the weight value of the rule; (4) ip represents the network address of the fuzzy rule base on the network. The fuzzy rules of IF-PART and THEN-PART are represented by the tags <ANTECEDENT> and <CONSEQUENT>, respectively, <CLAUSEA> and <CLAUSEC> define the fuzzy clauses of IF-PART and THEN-PART, respectively, and (1)<VARIABLE > Label describes the fuzzy concept; (2) <TERM> label describes the fuzzy concept semantics; (3) <TSKPARAM> describes the TSK fuzzy control type THEN-PART parameters. Therefore, in the preferred embodiment, since FML is a general-purpose tag language for fuzzy inference, it has versatility and can express the rule base 1311 and the knowledge base 1312 in detail, and can be quickly constructed and applied to different networks by using FML in the future. Smart network monitoring system for road environment 1. As shown in FIG. 7 and FIG. 8 , the codes of the fuzzy inference knowledge base 1311 and the fuzzy inference rule base 1312 written in the FML language in the present embodiment are respectively used as the student dormitory Huai Yuanzhai on the campus of the applicant of Tainan University. The upload network traffic part of the code is an example).

以圖6、7、8中所舉出的實例來說,圖6中的右子樹及其對應程式碼圖8說明欲得到從格致樓(其建築物代號為A)到懷遠齋(其建築物代號為E)的懷遠齋整體建築物之下載流量語意所需用到的模糊規則庫。在如圖6所示之具有四條線路(Port)的系統中,由於其代表具有四個輸入模糊變數,且每個輸入模糊變數有五個模糊集合,所以總共有54 =625條模糊規則,如圖6之右子樹。其部份範例程式碼則如圖8所示。In the example illustrated in Figures 6, 7, and 8, the right subtree in Figure 6 and its corresponding code Figure 8 illustrate the desire to obtain from Gezhilou (its building code is A) to Huaiyuanzhai (its building The fuzzy rule base used for the download traffic semantics of the entire building of Huaiyuanzhai with the code name E). In a system with four ports as shown in FIG. 6, since its representative has four input fuzzy variables, and each input fuzzy variable has five fuzzy sets, there are a total of 5 4 = 625 fuzzy rules. As shown in the right subtree of Figure 6. Some of the sample code is shown in Figure 8.

該告警單元14主要的功能就是接收模糊推論引擎132的輸出(整體網路流量語意)。若該輸出出現異常現象,如High或是Very High,則告警單元14會利用電子郵件及/或手機簡訊的方式告知網路管理員,並在網路監控介面15上顯示警告訊息,在第一時間告知網管人員並進而解決問題,其中該網路監控介面15例如可以Network Weathermap技術來實施。至於在其他正常流量(Very low、Low及Medium)之情況下,該整體網路流量語意則僅是平常地顯示在網路監控介面15上,而不會經由告警單元14以電子郵件及/或手機簡訊的方式告知網路管理員。The primary function of the alert unit 14 is to receive the output of the fuzzy inference engine 132 (the overall network traffic semantics). If the output is abnormal, such as High or Very High, the alarm unit 14 will notify the network administrator by means of email and/or mobile phone newsletter, and display a warning message on the network monitoring interface 15, first The time informs the network administrator and solves the problem, wherein the network monitoring interface 15 can be implemented, for example, by Network Weathermap technology. In the case of other normal traffic (Very low, Low, and Medium), the overall network traffic semantics is only displayed on the network monitoring interface 15 normally, without being sent via the alert unit 14 by email and/or Tell the network administrator how to use the mobile phone newsletter.

因此,本發明藉由知識本體儲存庫131、模糊推論引擎13、告警單元14及網路監控介面15等元件之協同運作,可以提供網路環境中一建築物的網路即時流量語意,其代表本發明系統1所能產生的最終告警語意。此告警語意最主要的目的為,網路管理人員可以透過此告警語意了解到,目前有哪幾棟大樓網路流量是正常或是緊急,可以第一時間了解整個環境的網路狀況,而不是被動的等待通知才能了解網路出問題。本發明系統1不但可以讓網路管理人員主動地了解網路流量狀況,並可更進一步透過知識本體儲存庫131的資料去分析了解整個網路環境的網路使用情況。Therefore, the present invention can provide network real-time traffic semantics of a building in a network environment by cooperative operation of components such as the knowledge ontology repository 131, the fuzzy inference engine 13, the alarm unit 14, and the network monitoring interface 15. The final warning semantics that can be produced by the system 1 of the present invention. The main purpose of this warning is that the network administrator can use this warning to understand which network traffic is normal or urgent, and can understand the network status of the entire environment in the first time, instead of Passively waiting for notifications to understand the problem with the network. The system 1 of the present invention not only allows the network administrator to actively understand the network traffic status, but also further analyzes the network usage of the entire network environment through the data of the knowledge ontology repository 131.

以下藉由將本發明系統1之技術實施於由本案申請人國立臺南大學之知識本體應用暨軟體工程研究室所架設之虛擬實驗環境,來測試本發明之實際效能。The actual performance of the present invention is tested by implementing the technology of the system 1 of the present invention in a virtual experimental environment set up by the Knowledge Ontology Application and Software Engineering Laboratory of the National Taiwan University of Tainan.

實驗一(正常狀態):Experiment 1 (normal state):

參閱圖5本實施例中網路流量與所對應的可能性之關係、圖6之FML架構圖、圖9,以及以下表1、2,本案發明人利用某個時間點(2008年12月24日22時22分55秒)的學生宿舍(懷遠齋)即時網路下載流量的資料,分析在這個時間點的即時網路流量情況。此棟學生宿舍共有四條主要網路流量線路(或是埠(Port)),代表此建築物有四個輸入的模糊變數,故可擷取這四個模糊變數的輸入值。這四個輸入值代表此學生宿舍之四條網路的即時下載流量(如表1及表2所示)。將這四個即時下載流量經過模糊推論後,可得到該學生宿舍的即時網路下載流量的語意項為“非常低”,其實驗結果如圖10之網路監控介面15所示,並得知實驗結果與網路管理人員的判斷結果相符合。Referring to FIG. 5, the relationship between the network traffic and the corresponding possibility in this embodiment, the FML architecture diagram of FIG. 6, FIG. 9, and the following Tables 1, 2, the inventor of the present invention uses a certain point in time (December 24, 2008) At 22:22:55, the student dormitory (Huaiyuanzhai) immediately downloads traffic data and analyzes the instantaneous network traffic at this point in time. There are four main network traffic lines (or Ports) in this residence hall, which means that the building has four input fuzzy variables, so the input values of these four fuzzy variables can be retrieved. These four input values represent the instantaneous download traffic of the four networks in this student residence (as shown in Table 1 and Table 2). After the fuzzy inference of the four instant download traffic, the semantic meaning of the real-time network download traffic of the student dormitory is “very low”, and the experimental result is shown in the network monitoring interface 15 of FIG. 10, and it is known. The experimental results are consistent with the judgments of the network administrators.

實驗二(迴圈造成的異常狀態):Experiment 2 (abnormal state caused by loops):

參閱以下表3、4及圖10,接著發明人模擬其中一條網路線造成線路流量迴圈的情形,例如有人不小心將同一條網路線都接到線路來源的網路孔中。此時,整台網路設備9的流量會被這個迴路阻塞,因而造成這個迴路上會負載設備網路9可以提供的最大網路流量,進一步可能造成網路癱瘓。表3及表4為在這個情況下所得到的網路流量資料,其經過本發明系統1處理後會產生如圖10所示的警告頁面。如圖11所示,其顯示整體建築網路流量線路是不正常的,且本發明中的告警單元14可更進一步以電子郵件或手機簡訊等方式主動提醒管理者有異常現象產生,以讓網路管理人員更迅速找出有問題的地方為懷遠齋的埠5/1,以達到本系統1之告警作用。Referring to Tables 3, 4 and 10 below, the inventors then simulate a situation in which one of the network routes causes a loop of the line flow, for example, someone accidentally connects the same network route to the network hole of the line source. At this point, the traffic of the entire network device 9 will be blocked by this loop, thus causing the maximum network traffic that the device network 9 can provide on this loop, which may further cause network congestion. Tables 3 and 4 show the network traffic data obtained in this case, which is processed by the system 1 of the present invention to generate a warning page as shown in FIG. As shown in FIG. 11, it shows that the overall building network traffic line is abnormal, and the alarm unit 14 in the present invention can further actively remind the manager of an abnormal phenomenon by means of an email or a mobile phone newsletter, so as to let the network The road management personnel quickly found out that the problem was the 埠5/1 of Huaiyuanzhai to achieve the alarm function of the system 1.

實驗三(使用P2P軟體造成的異常狀態):Experiment 3 (Using P2P software caused by abnormal state):

參閱以下表5、6及圖11,另外,本案發明人還根據歷史資料模擬出另一種網路流量異常狀態。此種狀態是住宿學生於半夜時間利用P2P軟體下載影片導致該棟宿舍網路流量異常暴增。如表5中2009年5月19日00時00分00秒至2009年5月19日00時20分00秒之五組記錄所示,當利用本發明系統1監控網路流量時,可發現某學生宿舍(益友齋)此時間段的網路流量暴增,且是因為有學生使用P2P軟體所造成。由於P2P軟體目前幾乎被用於下載非法影音及軟體,許多學校已經開始禁止使用,故利用本發明監控系統1可發現校園內是否發生此種異常狀況。如圖11所示,其為表5、6中的第一組記錄(2009年5月19日00時00分00秒)經過本發明系統1處理後所產生的警告頁面。如圖11所示,其顯示使用P2P軟體所造成的益友齋下載異常之情況。Refer to Tables 5, 6 and Figure 11 below. In addition, the inventor of the present invention also simulated another abnormality of network traffic based on historical data. In this state, the use of P2P software to download videos in the middle of the night caused the students to abnormally increase the traffic of the dormitory. As shown in the five sets of records in Table 5 from 00:00:00 on May 19, 2009 to 00:20:00 on May 19, 2009, when using the system 1 of the present invention to monitor network traffic, it can be found A student dormitory (Yiyouzhai) experienced a surge in network traffic during this time period and was caused by students using P2P software. Since P2P software is currently used to download illegal audio and video and software, many schools have begun to ban use, so the monitoring system 1 of the present invention can be used to detect whether such an abnormality occurs in the campus. As shown in FIG. 11, it is the warning page generated by the first group of records in Tables 5 and 6 (00:00:00 on May 19, 2009) after being processed by the system 1 of the present invention. As shown in FIG. 11, it shows the case where the download of the Yiyouzhai caused by the P2P software is abnormal.

綜上所述,當網路流量發生異常時,本發明智慧型網路監控系統可即時提供符合人類思考模式的告警語意,以告知網管人員即時採取適當的處理措施。此外,本發明之建置費用係為一般中小企業及學校所能負擔,故可讓一般中小企業及學校省下龐大的客製化網路環境流量監控費用,故確實能達成本發明之目的。In summary, when the network traffic is abnormal, the intelligent network monitoring system of the present invention can immediately provide a warning semantics in accordance with the human thinking mode, so as to inform the network administrator to take appropriate measures immediately. In addition, the construction cost of the present invention is affordable for general SMEs and schools, so that general SMEs and schools can save a large amount of custom network environment traffic monitoring costs, so the object of the present invention can be achieved.

惟以上所述者,僅為本發明之較佳實施例而已,當不能以此限定本發明實施之範圍,即大凡依本發明申請專利範圍及發明說明內容所作之簡單的等效變化與修飾,皆仍屬本發明專利涵蓋之範圍內。The above is only the preferred embodiment of the present invention, and the scope of the invention is not limited thereto, that is, the simple equivalent changes and modifications made by the scope of the invention and the description of the invention are All remain within the scope of the invention patent.

1...智慧型網路監控系統1. . . Smart network monitoring system

11...網路流量資料擷取單元11. . . Network traffic data retrieval unit

13...模糊推論控制器13. . . Fuzzy inference controller

131...知識本體儲存庫131. . . Knowledge ontology repository

1311...模糊推論知識庫1311. . . Fuzzy inference knowledge base

1312...模糊推論規則庫1312. . . Fuzzy inference rule base

132...模糊推論引擎132. . . Fuzzy inference engine

14...告警單元14. . . Alarm unit

15...網路監控介面15. . . Network monitoring interface

8...網路監控領域專家8. . . Expert in network monitoring

9...網路設備9. . . Network device

圖1是一系統方塊圖,說明本發明智慧型網路監控系統之較佳實施例;1 is a system block diagram showing a preferred embodiment of the intelligent network monitoring system of the present invention;

圖2是一樹狀示意圖,說明該較佳實施例中知識本體儲存庫中所儲存的的知識本體;2 is a tree diagram illustrating the knowledge ontology stored in the knowledge ontology repository in the preferred embodiment;

圖3是一示意圖,說明該較佳實施例中網路設備之概念之範例;3 is a schematic diagram showing an example of the concept of a network device in the preferred embodiment;

圖4是一示意圖,說明該較佳實施例中網路設備之實例之範例;4 is a schematic diagram showing an example of an example of a network device in the preferred embodiment;

圖5是一曲線圖,說明該較佳實施例中網路線路(或稱為埠(Port))的流量與輸入模糊變數間的隸屬函數之範例;Figure 5 is a graph illustrating an example of a membership function between a flow of a network line (or referred to as a Port) and an input fuzzy variable in the preferred embodiment;

圖6是一架構圖,說明該較佳實施例中的FML架構圖(以本案申請人台南大學校園中的學生宿舍懷遠齋的上傳網路流量為例);6 is an architectural diagram illustrating the FML architecture diagram in the preferred embodiment (taking the uploading network traffic of the student dormitory Huaiyuanzhai on the campus of the applicant's Tainan University as an example);

圖7是一段程式碼,說明該較佳實施例中知識庫之FML程式碼範例;Figure 7 is a block diagram showing an example of the FML code of the knowledge base in the preferred embodiment;

圖8是一段程式碼,說明該較佳實施例中規則庫之FML程式碼範例;Figure 8 is a block diagram showing an example of the FML code of the rule base in the preferred embodiment;

圖9是一電腦操作畫面,說明該較佳實施例中實驗一之網路監控介面;9 is a computer operation screen illustrating the network monitoring interface of Experiment 1 in the preferred embodiment;

圖10是一電腦操作畫面,說明該較佳實施例中實驗二之網路監控介面;及10 is a computer operation screen illustrating the network monitoring interface of Experiment 2 in the preferred embodiment; and

圖11是一電腦操作畫面,說明該較佳實施例中實驗三之網路監控介面。Figure 11 is a computer operation screen illustrating the network monitoring interface of Experiment 3 in the preferred embodiment.

1...智慧型網路監控系統1. . . Smart network monitoring system

11...網路流量資料擷取單元11. . . Network traffic data retrieval unit

13...模糊推論控制器13. . . Fuzzy inference controller

131...知識本體儲存庫131. . . Knowledge ontology repository

1311...模糊推論知識庫1311. . . Fuzzy inference knowledge base

1312...模糊推論規則庫1312. . . Fuzzy inference rule base

132...模糊推論引擎132. . . Fuzzy inference engine

14...告警單元14. . . Alarm unit

15...網路監控介面15. . . Network monitoring interface

8...網路監控領域專家8. . . Expert in network monitoring

9...網路設備9. . . Network device

Claims (5)

一種智慧型網路監控系統,用以監控一特定建築物之多數網路設備之網路流量,該系統包含:一網路流量資料擷取單元,用以從該等網路設備擷取網路流量資料;一知識本體儲存庫,用以儲存至少一網路監控領域專家針對該特定建築物所提供的網路監控領域知識,其是用來描述該特定建築物之領域知識,其包括領域層、種類層、概念、屬性、操作及實例層,其中該知識本體儲存庫是以將該等網路設備視為概念且將該等網路設備之關鍵功能視為概念之屬性之方式來建構,其中該知識本體儲存庫包括一模糊推論知識庫及一模糊推論規則庫,該模糊推論知識庫及模糊推論規則庫係利用一模糊標記語言來建置,該模糊推論知識庫用以儲存該網路監控領域專家所定義之該等網路設備之所有線路之輸入模糊變數與多數語意項之隸屬函數,且該模糊推論規則庫用以儲存該網路監控領域專家所定義之多數模糊推論規則;及一模糊推論引擎,用以基於該知識本體儲存庫中的網路監控領域知識,將該網路流量資料擷取單元所傳來的網路流量資料轉換成網路流量語意,其中該模糊推論引擎根據該模糊推論知識庫中的隸屬函數及該等模糊推論規則,將該網路流量資料擷取單元所傳來的 網路流量資料轉換成該特定建築物之輸出模糊變數,以作為該特定建築物之網路流量語意。 A smart network monitoring system for monitoring network traffic of a majority of network devices in a particular building, the system comprising: a network traffic data retrieval unit for extracting networks from the network devices Traffic data; a knowledge ontology repository for storing at least one knowledge of the network monitoring field provided by an expert in the field of network monitoring for the specific building, which is used to describe the domain knowledge of the specific building, including the domain layer , a category layer, a concept, an attribute, an operation, and an instance layer, wherein the knowledge ontology repository is constructed in such a way that the network devices are considered concepts and the key functions of the network devices are treated as concepts. The knowledge ontology repository includes a fuzzy inference knowledge base and a fuzzy inference rule base. The fuzzy inference knowledge base and the fuzzy inference rule base are constructed by using a fuzzy markup language, and the fuzzy inference knowledge base is used to store the network. The input fuzzy variable of all the lines of the network devices defined by the monitoring domain expert and the membership function of the majority semantics, and the fuzzy inference rule base is used Storing a plurality of fuzzy inference rules defined by experts in the network monitoring field; and a fuzzy inference engine for transmitting the network traffic data extraction unit based on the knowledge of the network monitoring domain in the knowledge ontology repository The network traffic data is converted into a network traffic semantics, wherein the fuzzy inference engine transmits the network traffic data extraction unit according to the membership function in the fuzzy inference knowledge base and the fuzzy inference rules. The network traffic data is converted into the output fuzzy variable of the particular building as the semantics of the network traffic for that particular building. 依據申請專利範圍第1項所述之智慧型網路監控系統,更包括一告警單元,用以當該等網路設備之網路流量資料顯示為異常時,透過一預定方式即時發出表示網路流量為異常之告警語意。 According to the smart network monitoring system described in claim 1, the alarm network further includes an alarm unit for instantly transmitting the network through a predetermined method when the network traffic data of the network device is abnormal. The traffic is an abnormal alarm semantic. 依據申請專利範圍第2項所述之智慧型網路監控系統,其中該預定方式為電子郵件。 The smart network monitoring system according to claim 2, wherein the predetermined method is an email. 依據申請專利範圍第2項所述之智慧型網路監控系統,其中該預定方式為手機簡訊。 According to the smart network monitoring system described in claim 2, wherein the predetermined method is a mobile phone newsletter. 依據申請專利範圍第1項所述之智慧型網路監控系統,更包含一網路監控介面,用以呈現該等網路流量語意。According to the intelligent network monitoring system described in claim 1, the network monitoring interface further includes a network monitoring interface for presenting the semantics of the network traffic.
TW98136174A 2009-10-26 2009-10-26 Intelligent network monitoring system TWI423619B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
TW98136174A TWI423619B (en) 2009-10-26 2009-10-26 Intelligent network monitoring system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
TW98136174A TWI423619B (en) 2009-10-26 2009-10-26 Intelligent network monitoring system

Publications (2)

Publication Number Publication Date
TW201115974A TW201115974A (en) 2011-05-01
TWI423619B true TWI423619B (en) 2014-01-11

Family

ID=44934653

Family Applications (1)

Application Number Title Priority Date Filing Date
TW98136174A TWI423619B (en) 2009-10-26 2009-10-26 Intelligent network monitoring system

Country Status (1)

Country Link
TW (1) TWI423619B (en)

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104570976A (en) * 2013-10-22 2015-04-29 富泰华工业(深圳)有限公司 Monitoring system and method

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5687290A (en) * 1993-09-20 1997-11-11 Cabletron Systems, Inc. Method and apparatus for monitoring and controlling communications networks
TWI223528B (en) * 2001-05-24 2004-11-01 Chunghwa Telecom Co Ltd Intelligent network element monitoring and control management system
TWI226164B (en) * 1999-08-31 2005-01-01 Andersen Consulting Llp A system, method and article of manufacture for a network-based predictive fault management system
US6883101B1 (en) * 2000-02-08 2005-04-19 Harris Corporation System and method for assessing the security posture of a network using goal oriented fuzzy logic decision rules
TW200943875A (en) * 2008-04-01 2009-10-16 Arcadyan Technology Corp Method for network transmission

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5687290A (en) * 1993-09-20 1997-11-11 Cabletron Systems, Inc. Method and apparatus for monitoring and controlling communications networks
TWI226164B (en) * 1999-08-31 2005-01-01 Andersen Consulting Llp A system, method and article of manufacture for a network-based predictive fault management system
US6883101B1 (en) * 2000-02-08 2005-04-19 Harris Corporation System and method for assessing the security posture of a network using goal oriented fuzzy logic decision rules
TWI223528B (en) * 2001-05-24 2004-11-01 Chunghwa Telecom Co Ltd Intelligent network element monitoring and control management system
TW200943875A (en) * 2008-04-01 2009-10-16 Arcadyan Technology Corp Method for network transmission

Also Published As

Publication number Publication date
TW201115974A (en) 2011-05-01

Similar Documents

Publication Publication Date Title
US11888883B2 (en) Threat disposition analysis and modeling using supervised machine learning
US20190258747A1 (en) Interactive digital twin
US10346142B1 (en) Automated streaming data model generation
US20160036898A1 (en) Cloud based server to support facility operations management
Scherp et al. A core ontology on events for representing occurrences in the real world
US20190260831A1 (en) Distributed integrated fabric
Boman et al. Flexible IoT middleware for integration of things and applications
Patton et al. SemantEco: A semantically powered modular architecture for integrating distributed environmental and ecological data
da Silva Machado et al. EXEHDA-HM: A compositional approach to explore contextual information on hybrid models
Xue et al. Context-aware intelligent service system for coal mine industry
US11469974B1 (en) Analytics for edge devices to intelligently throttle data reporting
Wongthongtham et al. Big data challenges for the Internet of Things (IoT) paradigm
US8700637B2 (en) Complex event processing engine
TWI423619B (en) Intelligent network monitoring system
TW201626324A (en) Equipment and warning event process method for smart community and system thereof
Stevens et al. Research in network monitoring: Connections with SPM and new directions
Prabowo et al. Cognitive City Platform as Digital Public Infrastructure for Developing a Smart, Sustainable and Resilient City in Indonesia
Li et al. Design of smart home management system based on MQTT and FBP
Singh et al. Event analytics on microblogs
van Lier Cyber-physical systems of systems and complexity science: The whole is more than the sum of individual and autonomous cyber-physical systems
CN114528554A (en) Information security operation scene monitoring display platform
Kester Using formal concepts analysis techniques in mining data from criminal databases and profiling events based on factors to understand criminal environments
Nagarajan et al. Model-based decision support system for improving emergency response
Amato et al. A smart decision support systems based on a fast classifier and a semantic post reasoner
CN108989146A (en) A kind of monitoring method and monitoring system of computer hardware equipment

Legal Events

Date Code Title Description
MM4A Annulment or lapse of patent due to non-payment of fees