WO2023035190A1 - Network topology visualization method and apparatus, and computer-readable medium - Google Patents

Network topology visualization method and apparatus, and computer-readable medium Download PDF

Info

Publication number
WO2023035190A1
WO2023035190A1 PCT/CN2021/117469 CN2021117469W WO2023035190A1 WO 2023035190 A1 WO2023035190 A1 WO 2023035190A1 CN 2021117469 W CN2021117469 W CN 2021117469W WO 2023035190 A1 WO2023035190 A1 WO 2023035190A1
Authority
WO
WIPO (PCT)
Prior art keywords
node
information
classification manner
computer network
classification
Prior art date
Application number
PCT/CN2021/117469
Other languages
French (fr)
Inventor
Xinyue LIU
Shuo WAN
Weidong Huang
Original Assignee
Siemens Aktiengesellschaft
Siemens Ltd., China
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Siemens Aktiengesellschaft, Siemens Ltd., China filed Critical Siemens Aktiengesellschaft
Priority to PCT/CN2021/117469 priority Critical patent/WO2023035190A1/en
Publication of WO2023035190A1 publication Critical patent/WO2023035190A1/en

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/02Details
    • H04L12/12Arrangements for remote connection or disconnection of substations or of equipment thereof

Definitions

  • Embodiments of the present invention relate to the field of computer network technologies, and in particular, to a network topology visualization method and apparatus, and a computer-readable medium.
  • connection relationships between nodes needs to be shown in an image formed by points (representing nodes in a computer network) and lines (representing connection relationships between nodes) .
  • An industrial network is used as an example, which includes a plurality of network nodes such as a router, a programmable logical controller (PLC) , a motion controller, a human machine interface (HMI) , assembly lines, a material transfer system, an automated guided vehicle (AAGV) , a smart meter, a sensor, and a supervisory control and data acquisition (SCADA) system.
  • network nodes such as a router, a programmable logical controller (PLC) , a motion controller, a human machine interface (HMI) , assembly lines, a material transfer system, an automated guided vehicle (AAGV) , a smart meter, a sensor, and a supervisory control and data acquisition (SCADA) system.
  • Embodiments of the present invention provide a network topology visualization method and apparatus, and a computer-readable medium, to analyze feature information of a node in a computer network to classify the node, and display nodes belonging to a same category in a same area. In this way, a network topology can be clearly displayed even when there are a plurality of nodes.
  • a classification manner of a node may be defined, and feature information of the node may be determined according to the defined classification manner for classification, to flexibly customize a display manner of the network topology.
  • a network topology visualization method includes: acquiring information about each node in a computer network; determining a first classification manner for classifying nodes in the computer network; determining feature information of the each node from the information about the each node according to the first classification manner, the feature information being used for classifying the each node in the computer network according to the first classification manner; determining a category to which the each node belongs according to the feature information of the each node; and displaying a topology of the computer network in different areas, where nodes belonging to a same category in the first classification manner are displayed in a same area, and nodes belonging to different categories in the first classification manner are displayed in different areas.
  • an apparatus including modules configured to perform the steps in the method according to the first aspect.
  • an apparatus including: at least one memory, configured to store computer-readable code; and at least one processor, configured to invoke the computer-readable code, to perform the steps in the method according to the first aspect.
  • a computer-readable medium storing computer-readable instructions, the computer-readable instructions, when executed by a processor, causing the processor to perform the steps in the method according to the first aspect.
  • the method further includes: determining, according to a second classification manner, a layer to which the each node in the computer network belongs according to the information about the each node, where nodes belonging to a same category in the second classification manner are located in a same layer, and nodes belonging to different categories in the second classification manner are located in different layers; and the displaying a topology of the computer network in different areas including: displaying the topology of the computer network in different areas in each layer, where nodes belonging to a same category in the first classification manner are displayed in a same area of the each layer, and nodes belonging to different categories in the first classification manner are displayed in different areas of the each layer.
  • nodes with different features may be further displayed in different areas, and the network topology is clearer.
  • the first classification manner selected by a user from a plurality of classification manners may be determined; or a predefined classification manner may be used as the first classification manner.
  • the user may customize the classification manner, to classify the nodes and display the structure according to an expected effect.
  • the network topology may be displayed according to the predefined classification manner.
  • At least two pieces of information about the each node in the computer network may be acquired; and when feature information of the each node is determined from the information about the each node according to the first classification manner, each of the at least two pieces of information about the each node may be digitized; and a vector used for representing the feature information of the each node may be generated by using the digitized information. Therefore, a mathematical method is provided for node feature extraction.
  • FIG. 1 is a schematic structural diagram of a network topology visualization apparatus according to an embodiment of the present invention.
  • FIG. 2 is a flowchart of a network topology visualization method according to an embodiment of the present invention.
  • FIG. 3 shows a visualization result of a network topology displayed in Example 1 of the present invention.
  • FIG. 4 shows a visualization result of a network topology displayed in Example 2 of the present invention.
  • Network topology visualization program 111 Information acquisition module 112: Processing module 113: Display module
  • L1 ⁇ L3 The first to the fourth floor Z1 ⁇ Z7: The first area to the seventh area
  • the term “include” and variants thereof represent open terms, and means “include but is not limited to” .
  • the term “based on” represents “at least partially based on” .
  • the terms “one embodiment” and “an embodiment” represent “at least one embodiment” .
  • the term “another embodiment” represents “at least one another embodiment” .
  • the terms “first” , “second” , and the like may represent different objects or the same object. Other definitions may be included explicitly or implicitly in the following. Unless otherwise clearly specified, the definition of one term is consistent in the entire specification.
  • FIG. 1 is a schematic structural diagram of a network topology visualization apparatus according to an embodiment of the present invention.
  • the network topology visualization apparatus 10 may be implemented as a network of a computer processor, to perform a network topology visualization method 200 in the embodiments of the present invention, or may be implemented as a single computer, a single-chip microcomputer, or a processing chip as shown in FIG. 1.
  • the apparatus includes at least one memory 101 including a computer-readable medium, such as a random access memory (RAM) .
  • the apparatus 10 further includes at least one processor 102 coupled to the at least one memory 101.
  • Computer-executable instructions are stored in the at least one memory 101. The computer-executable instructions may cause, when executed by the at least one processor 102, the at least one processor 102 to perform the steps described herein.
  • the at least one memory 101 shown in FIG. 1 may include a network topology visualization program 11, so that the at least one processor 102 performs the network topology visualization method 200 described in the embodiments of the present invention.
  • the network topology visualization program 11 may include:
  • an information acquisition module 111 configured to acquire information about each node in a computer network 30;
  • a processing module 112 configured to determine a first classification manner for classifying nodes in the computer network 30; determine feature information of the each node from the information about the each node according to the first classification manner, the feature information being used for classifying the each node in the computer network 30 in the first classification manner; and determine a category to which the each node belongs according to the feature information of the each node;
  • a display module 113 configured to display a topology of the computer network 30 in different areas, where nodes belonging to a same category in the first classification manner are displayed in a same area, and nodes belonging to different categories in the first classification manner are displayed in different areas.
  • the processing module 112 is further configured to determine, according to a second classification manner, a layer to which the each node in the computer network 30 belongs according to the information about the each node, where nodes belonging to a same category in the second classification manner are located in a same layer, and nodes belonging to different categories in the second classification manner are located in different layers; and the display module 113 is further configured to display the topology of the computer network 30 in different areas in each layer, where nodes belonging to a same category in the first classification manner are displayed in a same area of the each layer, and nodes belonging to different categories in the first classification manner are displayed in different areas of the each layer.
  • the processing module 112 is further configured to: determine the first classification manner selected by a user from a plurality of classification manners; or use a predefined classification manner as the first classification manner.
  • the information acquisition module 111 is further configured to acquire at least two pieces of information about the each node in the computer network 30; and when determining feature information of the each node from the information about the each node according to the first classification manner, the processing module 112 is further configured to:digitize each of the at least two pieces of information about the each node; and generate a vector used for representing the feature information of the each node by using the digitized information.
  • the foregoing modules may alternatively be considered as various functional modules implemented by hardware, and are configured to implement various functions involved in performing the network topology visualization method by the network topology visualization apparatus 10, such as pre-programing control logic of each procedure involved in the method into, for example, field-programmable gate array (FPGA) chips or complex programmable logic devices (CPLD) .
  • FPGA field-programmable gate array
  • CPLD complex programmable logic devices
  • the network topology visualization apparatus 10 may further include a communication interface 103 for communication between the network topology visualization apparatus 10 and other devices, such as communicating with the computer network 30 to obtain information about each node.
  • the embodiments of the present invention may include an apparatus provided with a different architecture than that shown in FIG. 1.
  • the foregoing architecture is only exemplary, and is used to explain the network topology visualization method 200 provided in the embodiments of the present invention.
  • the at least one processor 102 may include a microprocessor, an application specific integrated circuit (ASIC) , a digital signal processor (DSP) , a central processing unit (CPU) , a graphics processing unit (GPU) , a state machine, and the like.
  • Embodiments of the computer-readable medium include, but not limited to, floppy disks, CD-ROMs, magnetic disks, memory chips, ROM, RAM, ASICs, configured processors, all-optical media, all magnetic tapes, or other magnetic media, or any other medium from which the computer processor may read instructions.
  • various other forms of computer-readable media may send or carry instructions to the computer, including routers, private or public networks, or other wired and wireless transmission devices or channels.
  • the instructions may include code in any computer programming language, including C, C++, C language, Visual Basic, java, and JavaScript.
  • FIG. 2 is a flowchart of a network topology visualization method according to an embodiment of the present invention.
  • the method 200 may be performed by the foregoing network topology visualization apparatus 10, and may include the following steps:
  • S203 Determine feature information of the each node from the information about the each node according to the first classification manner, the feature information being used for classifying the each node in the computer network 30 in the first classification manner;
  • S205 Display a topology of the computer network 30 in different areas, where nodes belonging to a same category in the first classification manner are displayed in a same area, and nodes belonging to different categories in the first classification manner are displayed in different areas.
  • the apparatus 10 may obtain the information about the each node in a manner of active acquisition or passive sensing. If the active acquisition manner is used, the apparatus 10 may scan the nodes to collect port and service information by using a scanning tool; and if the passive sensing manner is used, the apparatus 10 passively monitors traffic packets and analyzes a network behavior of a device, to further obtain a connection relationship between information of a node and the node.
  • the apparatus 10 may acquire the following information of the node by using the scanning tool: IP address, MAC address, domain information, operating system information, application information (including an open protocol, a port number, and a service name) , customer premises equipment (CPE) names, hardware information, component information, sensor information, and other additional information structure array.
  • IP address IP address
  • MAC address IP address
  • domain information IP address
  • application information including an open protocol, a port number, and a service name
  • CPE customer premises equipment
  • the apparatus 10 may obtain the first classification manner selected by the user from a plurality of classification manners; or use a predefined classification manner as the first classification manner.
  • the apparatus 10 receives user input (such as selecting the classification manner through a mouse or a touch screen) , or the classification manner may be preset in the apparatus 10.
  • step S203 the apparatus 10 determines feature information of the each node from the information about the each node according to the determined first classification manner.
  • the apparatus 10 may obtain the feature information of the device through deep packet inspection by using a sniffing sensor.
  • the deep packet inspection includes active detection and passive monitoring.
  • node feature information DeviceFingerprintFeature may be expressed as:
  • DeviceFingerprintFeature ⁇ ID, DeviceName, IP, MAC, OrderId, CPE, OS STRUCTURE (Name, Version) , LIST [Patches] , Protocol STRUCTURE (PORT, PROTOCOL, SERVICE) , LIST [RelatedSensorId] , Description, EXTRA ⁇
  • ID is a node identifier
  • DeviceName is a node name
  • IP is the IP address
  • MAC is the MAC address
  • OrderId is a node serial number
  • CPE is a CPE name
  • OS STRUCTURE is system information including a name and a version
  • LIST [Patches] is a patch list
  • Protocol STRUCTURE is the application information (including the open protocol, the port number, and the service name)
  • LIST [RelatedSensorId] is the sensor information
  • Description is the description information
  • EXTRA is additional information.
  • node feature information is:
  • a case is provided in which the computer network 30 includes N nodes, or N pieces of the foregoing feature information are obtained.
  • Step S203 may include substep S2031 and substep S2032. After the at least one piece of information about the each node in the computer network 30 is acquired in step S201, in substep S2031, the apparatus 10 may digitize each piece of information about the each node; and in substep S2032, the apparatus 10 may generate a vector used for representing the feature information of the each node by using the digitized information.
  • vectorization For digital information such as the IP address and the MAC address, vectorization may be performed by using delimiters:
  • ⁇ 192.168.1.201 ⁇ may be converted to [192 168 1 201]
  • ⁇ 00: 1B: 1B: 82: 89: F2 ⁇ may be converted to [00 1B 1B 82 89 F2] .
  • vectorization may be performed by using word2vec.
  • vectorization may be performed by using one-hot encoding.
  • F M ⁇ N may be inputted into an auto-encoder to output a dimension-reduced feature matrix F' M' ⁇ N .
  • step S204 the apparatus 10 determines a category to which the each node belongs according to the feature information of the each node.
  • the vector generated in substep S2032 and used for representing the feature information of the each node may be inputted into a pre-trained model, for example, the XGBoost.
  • the XGBoost is used as a classifier, and an output thereof is the category to which the node belongs.
  • step S205 the apparatus 10 displays a topology (shown in FIG. 3) of the computer network 30 according to a pre-obtained connection relationship between nodes and node categories, where nodes belonging to a same category in the first classification manner are displayed in a same area, and nodes belonging to different categories in the first classification manner are displayed in different areas.
  • the topology of the computer network 30 may alternatively be displayed in different areas in a hierarchical manner.
  • step S206 may further include: determining, according to a second classification manner, a layer to which the each node in the computer network 30 belongs according to the information about the each node, where nodes belonging to a same category in the second classification manner are located in a same layer, and nodes belonging to different categories in the second classification manner are located in different layers.
  • the topology shown in FIG. 4
  • the topology (shown in FIG. 4) of the computer network 30 may be displayed in different areas in each layer, where nodes belonging to a same category in the first classification manner are displayed in a same area of the each layer, and nodes belonging to different categories in the first classification manner are displayed in different areas of the each layer.
  • an embodiment of the present invention further provides a computer-readable medium, storing computer-readable instructions, the computer-readable instructions, when executed by a processor, causing the processor to perform the foregoing network topology visualization method.
  • Embodiments of the computer-readable medium include a floppy disk, a hard disk, a magneto-optical disk, an optical disc (for example, a CD-ROM, a CD-R, a CD-RW, a DVD-ROM, a DVD-RAM, a DVD-RW, or a DVD-RW) , a magnetic tape, a non-volatile storage card, and a ROM.
  • the computer-readable instructions may be downloaded from a server computer or a cloud through a communication network.
  • the system structure described in the embodiments may be a physical structure or a logical structure. That is, some modules may be implemented by the same physical entity, or some modules may be implemented by a plurality of physical entities, or may be implemented by some components in a plurality of independent devices together.

Abstract

Embodiments of the present invention relate to computer network technologies, and in particular, to a network topology visualization method and apparatus, and a computer-readable medium. The method includes: acquiring (S201) information about each node in a computer network (30); determining (S202) a first classification manner for classifying nodes in the computer network (30); determining (S203) feature information of the each node from the information about the each node according to the first classification manner, the feature information being used for classifying the each node in the computer network (30) according to the first classification manner; determining (S204) a category to which the each node belongs according to the feature information of the each node; and displaying (S205) a topology of the computer network (30) in different areas, where nodes belonging to a same category in the first classification manner are displayed in a same area, and nodes belonging to different categories in the first classification manner are displayed in different areas.

Description

NETWORK TOPOLOGY VISUALIZATION METHOD AND APPARATUS, AND COMPUTER-READABLE MEDIUM TECHNICAL FIELD
Embodiments of the present invention relate to the field of computer network technologies, and in particular, to a network topology visualization method and apparatus, and a computer-readable medium.
BACKGROUND
During network topology visualization, connection relationships between nodes needs to be shown in an image formed by points (representing nodes in a computer network) and lines (representing connection relationships between nodes) .
Currently, most network topologies are processed hierarchically based on one or more attributes of devices to implement visualization, so that after processing, devices with the same attributes are on the same layer, and devices with different attributes are displayed on different layers.
With the rapid development of computer networks, there is an increasing number of network nodes, and connection relationships between nodes are increasingly complex. An industrial network is used as an example, which includes a plurality of network nodes such as a router, a programmable logical controller (PLC) , a motion controller, a human machine interface (HMI) , assembly lines, a material transfer system, an automated guided vehicle (AAGV) , a smart meter, a sensor, and a supervisory control and data acquisition (SCADA) system. There are a plurality of types of network nodes, and connection relationships between the nodes are very complex. If only the existing hierarchical manner is used for display, network topology information cannot be clearly and intuitively provided.
SUMMARY
Embodiments of the present invention provide a network topology visualization method and apparatus, and a computer-readable medium, to analyze feature information of a node in a computer network to classify the node, and display nodes belonging to a same category in a same area. In this way, a network topology can be clearly displayed even when there are a plurality of nodes. In addition, a classification manner of a node may be defined, and feature  information of the node may be determined according to the defined classification manner for classification, to flexibly customize a display manner of the network topology.
According to a first aspect, a network topology visualization method is provided. The method includes: acquiring information about each node in a computer network; determining a first classification manner for classifying nodes in the computer network; determining feature information of the each node from the information about the each node according to the first classification manner, the feature information being used for classifying the each node in the computer network according to the first classification manner; determining a category to which the each node belongs according to the feature information of the each node; and displaying a topology of the computer network in different areas, where nodes belonging to a same category in the first classification manner are displayed in a same area, and nodes belonging to different categories in the first classification manner are displayed in different areas.
According to a second aspect, an apparatus is provided, including modules configured to perform the steps in the method according to the first aspect.
According to a third aspect, an apparatus is provided, including: at least one memory, configured to store computer-readable code; and at least one processor, configured to invoke the computer-readable code, to perform the steps in the method according to the first aspect.
According to a fourth aspect, a computer-readable medium is provided, storing computer-readable instructions, the computer-readable instructions, when executed by a processor, causing the processor to perform the steps in the method according to the first aspect.
For any aspect above, optionally, the method further includes: determining, according to a second classification manner, a layer to which the each node in the computer network belongs according to the information about the each node, where nodes belonging to a same category in the second classification manner are located in a same layer, and nodes belonging to different categories in the second classification manner are located in different layers; and the displaying a topology of the computer network in different areas including: displaying the topology of the computer network in different areas in each layer, where nodes belonging to a same category in the first classification manner are displayed in a same area of the each layer, and nodes belonging to different categories in the first classification manner are displayed in different areas of the each layer.
In this way, based on hierarchical display, nodes with different features may be further displayed in different areas, and the network topology is clearer.
For any aspect above, optionally, when a first classification manner for classifying nodes in the computer network is determined, the first classification manner selected by a user from a plurality of classification manners may be determined; or a predefined classification manner may be used as the first classification manner.
In this way, the user may customize the classification manner, to classify the nodes and display the structure according to an expected effect. Alternatively, the network topology may be displayed according to the predefined classification manner.
For any aspect above, optionally, at least two pieces of information about the each node in the computer network may be acquired; and when feature information of the each node is determined from the information about the each node according to the first classification manner, each of the at least two pieces of information about the each node may be digitized; and a vector used for representing the feature information of the each node may be generated by using the digitized information. Therefore, a mathematical method is provided for node feature extraction.
BRIEF DESCRIPTION OF THE DRAWINGS
FIG. 1 is a schematic structural diagram of a network topology visualization apparatus according to an embodiment of the present invention.
FIG. 2 is a flowchart of a network topology visualization method according to an embodiment of the present invention.
FIG. 3 shows a visualization result of a network topology displayed in Example 1 of the present invention.
FIG. 4 shows a visualization result of a network topology displayed in Example 2 of the present invention.
List of reference numerals:
10: Network topology visualization apparatus
101: Memory 102: Processor 103: Communication interface
11: Network topology visualization program 111: Information acquisition module 112: Processing module 113: Display module
200: Network topology visualization method S201~S206: Method steps
30: Computer network
L1~L3: The first to the fourth floor Z1~Z7: The first area to the seventh area
DETAILED DESCRIPTION
A subject described in this specification is discussed now with reference to exemplary implementations. It should be understood that, discussion of the implementations is merely intended to make a person skilled in the art better understand and implement the subject described in this specification, and is not intended to limit the protection scope of the claims, the applicability, or examples. Changes may be made to the functions and arrangements of the discussed elements without departing from the protection scope of the content of embodiments of the present invention. Various processes or components may be omitted, replaced, or added in each example according to requirements. For example, the described method may be performed according to a sequence different from the sequence described herein, and steps may be added, omitted, or combined. In addition, features described in some examples may also be combined in other examples.
As used in this specification, the term "include" and variants thereof represent open terms, and means "include but is not limited to" . The term "based on" represents "at least partially based on" . The terms "one embodiment" and "an embodiment" represent "at least one embodiment" . The term "another embodiment" represents "at least one another embodiment" . The terms "first" , "second" , and the like may represent different objects or the same object. Other definitions may be included explicitly or implicitly in the following. Unless otherwise clearly specified, the definition of one term is consistent in the entire specification.
The following describes the embodiments of the present invention in detail with reference to FIG. 1 to FIG. 4.
FIG. 1 is a schematic structural diagram of a network topology visualization apparatus according to an embodiment of the present invention. The network topology visualization apparatus 10 may be implemented as a network of a computer processor, to perform a network topology visualization method 200 in the embodiments of the present invention, or may be implemented as a single computer, a single-chip microcomputer, or a processing chip as shown in FIG. 1. The apparatus includes at least one memory 101 including a computer-readable medium, such as a random access memory (RAM) . The apparatus 10 further includes at least one processor 102 coupled to the at least one memory 101. Computer-executable instructions are stored in the at least one memory 101. The computer-executable instructions may cause, when executed by the at least one processor 102, the at least one processor 102 to perform the steps described herein.
The at least one memory 101 shown in FIG. 1 may include a network topology visualization program 11, so that the at least one processor 102 performs the network  topology visualization method 200 described in the embodiments of the present invention. As shown in FIG. 1, the network topology visualization program 11 may include:
an information acquisition module 111, configured to acquire information about each node in a computer network 30;
processing module 112, configured to determine a first classification manner for classifying nodes in the computer network 30; determine feature information of the each node from the information about the each node according to the first classification manner, the feature information being used for classifying the each node in the computer network 30 in the first classification manner; and determine a category to which the each node belongs according to the feature information of the each node; and
display module 113, configured to display a topology of the computer network 30 in different areas, where nodes belonging to a same category in the first classification manner are displayed in a same area, and nodes belonging to different categories in the first classification manner are displayed in different areas.
Optionally, the processing module 112 is further configured to determine, according to a second classification manner, a layer to which the each node in the computer network 30 belongs according to the information about the each node, where nodes belonging to a same category in the second classification manner are located in a same layer, and nodes belonging to different categories in the second classification manner are located in different layers; and the display module 113 is further configured to display the topology of the computer network 30 in different areas in each layer, where nodes belonging to a same category in the first classification manner are displayed in a same area of the each layer, and nodes belonging to different categories in the first classification manner are displayed in different areas of the each layer.
Optionally, when determining a first classification manner for classifying nodes in the computer network 30, the processing module 112 is further configured to: determine the first classification manner selected by a user from a plurality of classification manners; or use a predefined classification manner as the first classification manner.
Optionally, the information acquisition module 111 is further configured to acquire at least two pieces of information about the each node in the computer network 30; and when determining feature information of the each node from the information about the each node according to the first classification manner, the processing module 112 is further configured to:digitize each of the at least two pieces of information about the each node; and generate a vector used for representing the feature information of the each node by using the digitized  information.
The foregoing modules may alternatively be considered as various functional modules implemented by hardware, and are configured to implement various functions involved in performing the network topology visualization method by the network topology visualization apparatus 10, such as pre-programing control logic of each procedure involved in the method into, for example, field-programmable gate array (FPGA) chips or complex programmable logic devices (CPLD) . The functions of the foregoing modules are performed by the chips or devices, and the specific implementation may be determined according to engineering practice.
In addition, the network topology visualization apparatus 10 may further include a communication interface 103 for communication between the network topology visualization apparatus 10 and other devices, such as communicating with the computer network 30 to obtain information about each node.
It should be mentioned that the embodiments of the present invention may include an apparatus provided with a different architecture than that shown in FIG. 1. The foregoing architecture is only exemplary, and is used to explain the network topology visualization method 200 provided in the embodiments of the present invention.
The at least one processor 102 may include a microprocessor, an application specific integrated circuit (ASIC) , a digital signal processor (DSP) , a central processing unit (CPU) , a graphics processing unit (GPU) , a state machine, and the like. Embodiments of the computer-readable medium include, but not limited to, floppy disks, CD-ROMs, magnetic disks, memory chips, ROM, RAM, ASICs, configured processors, all-optical media, all magnetic tapes, or other magnetic media, or any other medium from which the computer processor may read instructions. In addition, various other forms of computer-readable media may send or carry instructions to the computer, including routers, private or public networks, or other wired and wireless transmission devices or channels. The instructions may include code in any computer programming language, including C, C++, C language, Visual Basic, java, and JavaScript.
FIG. 2 is a flowchart of a network topology visualization method according to an embodiment of the present invention. The method 200 may be performed by the foregoing network topology visualization apparatus 10, and may include the following steps:
S201: Acquire information about each node in a computer network 30;
S202: Determine a first classification manner for classifying nodes in the computer network 30;
S203: Determine feature information of the each node from the information about the each node according to the first classification manner, the feature information being used for classifying the each node in the computer network 30 in the first classification manner;
S204: Determine a category to which the each node belongs according to the feature information of the each node; and
S205: Display a topology of the computer network 30 in different areas, where nodes belonging to a same category in the first classification manner are displayed in a same area, and nodes belonging to different categories in the first classification manner are displayed in different areas.
In step S201, the apparatus 10 may obtain the information about the each node in a manner of active acquisition or passive sensing. If the active acquisition manner is used, the apparatus 10 may scan the nodes to collect port and service information by using a scanning tool; and if the passive sensing manner is used, the apparatus 10 passively monitors traffic packets and analyzes a network behavior of a device, to further obtain a connection relationship between information of a node and the node.
For example, the apparatus 10 may acquire the following information of the node by using the scanning tool: IP address, MAC address, domain information, operating system information, application information (including an open protocol, a port number, and a service name) , customer premises equipment (CPE) names, hardware information, component information, sensor information, and other additional information structure array.
In step S202, the apparatus 10 may obtain the first classification manner selected by the user from a plurality of classification manners; or use a predefined classification manner as the first classification manner. For example, the apparatus 10 receives user input (such as selecting the classification manner through a mouse or a touch screen) , or the classification manner may be preset in the apparatus 10.
In step S203, the apparatus 10 determines feature information of the each node from the information about the each node according to the determined first classification manner. When the classification manner is different, the determined feature information is different, and a classification result obtained is also different because the classification is based on the feature information. For example, the apparatus 10 may obtain the feature information of the device through deep packet inspection by using a sniffing sensor. The deep packet inspection includes active detection and passive monitoring.
For example, node feature information DeviceFingerprintFeature may be expressed as:
DeviceFingerprintFeature= {ID, DeviceName, IP, MAC, OrderId, CPE, OS  STRUCTURE (Name, Version) , LIST [Patches] , Protocol STRUCTURE (PORT, PROTOCOL, SERVICE) , LIST [RelatedSensorId] , Description, EXTRA}
ID is a node identifier, DeviceName is a node name, IP is the IP address, MAC is the MAC address, OrderId is a node serial number, CPE is a CPE name, OS STRUCTURE is system information including a name and a version, and LIST [Patches] is a patch list, Protocol STRUCTURE is the application information (including the open protocol, the port number, and the service name) , LIST [RelatedSensorId] is the sensor information, Description is the description information, and EXTRA is additional information.
An example of the node feature information is:
DeviceFingerprintFeature =
{
ObjectId ( "5f8fa01bd2c6a07332f176bb2" ) ,
WINCC-HMI-1,
192. 168. 1. 201,
00: 1B: 1B: 82: 89: F2,
6AV7240-7ED07-0HA4,
Cpe: 2.3: o: Microsoft: windows_7: -: *: *: *: *: *: *: *,
Structure [Microsoft Windows 7 Ultimate, 6.1.7601] ,
LIST [KB976902, KB2834140, KB2541014, KB2670838, KB2534111, KB982018] ,
Structure [ [135, tcp, RPC] ,
[0, ICMP, ICMP] ,
[161, UDP, SNMP] ] ,
LIST [074AB7811D884203B8D5046C8CC19F97, 63FF069D4D714D63A42A59BDA1570645, 56611844D0EE441C820F1B5B31046EEA]
SIEMENS AG SIMATIC IPC477D, 6AV7240-7ED07-0HA4, E2950457 + TIA
None
}
A case is provided in which the computer network 30 includes N nodes, or N pieces of the foregoing feature information are obtained.
Step S203 may include substep S2031 and substep S2032. After the at least one piece of information about the each node in the computer network 30 is acquired in step S201, in substep S2031, the apparatus 10 may digitize each piece of information about the each node; and in substep S2032, the apparatus 10 may generate a vector used for representing the feature information of the each node by using the digitized information.
For digital information such as the IP address and the MAC address, vectorization may be performed by using delimiters:
For example, {192.168.1.201} may be converted to [192 168 1 201] , and {00: 1B: 1B: 82: 89: F2} may be converted to [00 1B 1B 82 89 F2] .
For text information such as the device name and the system information, vectorization may be performed by using word2vec.
For application information of each port, vectorization may be performed by using one-hot encoding.
Finally, an information set of the N nodes may be obtained, and a feature matrix F M×N may be further obtained
Optionally, F M×Nmay be inputted into an auto-encoder to output a dimension-reduced feature matrix F' M'×N.
In step S204, the apparatus 10 determines a category to which the each node belongs according to the feature information of the each node. The vector generated in substep S2032 and used for representing the feature information of the each node may be inputted into a pre-trained model, for example, the XGBoost. The XGBoost is used as a classifier, and an output thereof is the category to which the node belongs.
In step S205, the apparatus 10 displays a topology (shown in FIG. 3) of the computer network 30 according to a pre-obtained connection relationship between nodes and node categories, where nodes belonging to a same category in the first classification manner are displayed in a same area, and nodes belonging to different categories in the first classification manner are displayed in different areas.
Optionally, in the method 200, the topology of the computer network 30 may alternatively be displayed in different areas in a hierarchical manner.
Different from the foregoing steps, after the information about the each node is acquired, step S206 may further include: determining, according to a second classification manner, a layer to which the each node in the computer network 30 belongs according to the information about the each node, where nodes belonging to a same category in the second classification manner are located in a same layer, and nodes belonging to different categories in the second classification manner are located in different layers. Further, when the topology is displayed in step S205, the topology (shown in FIG. 4) of the computer network 30 may be displayed in different areas in each layer, where nodes belonging to a same category in the  first classification manner are displayed in a same area of the each layer, and nodes belonging to different categories in the first classification manner are displayed in different areas of the each layer.
In addition, an embodiment of the present invention further provides a computer-readable medium, storing computer-readable instructions, the computer-readable instructions, when executed by a processor, causing the processor to perform the foregoing network topology visualization method. Embodiments of the computer-readable medium include a floppy disk, a hard disk, a magneto-optical disk, an optical disc (for example, a CD-ROM, a CD-R, a CD-RW, a DVD-ROM, a DVD-RAM, a DVD-RW, or a DVD-RW) , a magnetic tape, a non-volatile storage card, and a ROM. Optionally, the computer-readable instructions may be downloaded from a server computer or a cloud through a communication network.
It should be noted that not all steps and modules in the procedures and the diagrams of the system structures are necessary, and some steps or modules may be omitted according to an actual need. An execution sequence of the steps is not fixed and may be adjusted as needed. The system structure described in the embodiments may be a physical structure or a logical structure. That is, some modules may be implemented by the same physical entity, or some modules may be implemented by a plurality of physical entities, or may be implemented by some components in a plurality of independent devices together.

Claims (10)

  1. A network topology visualization method (200) , comprising:
    acquiring (S201) information about each node in a computer network (30) ;
    determining (S202) a first classification manner for classifying nodes in the computer network (30) ;
    determining (S203) feature information of the each node from the information about the each node according to the first classification manner, the feature information being used for classifying the each node in the computer network (30) according to the first classification manner;
    determining (S204) a category to which the each node belongs according to the feature information of the each node; and
    displaying (S205) a topology of the computer network (30) in different areas, wherein nodes belonging to a same category in the first classification manner are displayed in a same area, and nodes belonging to different categories in the first classification manner are displayed in different areas.
  2. The method according to claim 1, further comprising:
    determining (S206) , according to a second classification manner, a layer to which the each node in the computer network (30) belongs according to the information about the each node, wherein nodes belonging to a same category in the second classification manner are located in a same layer, and nodes belonging to different categories in the second classification manner are located in different layers; and
    the displaying (S205) a topology of the computer network (30) in different areas comprising: displaying the topology of the computer network (30) in different areas in each layer, wherein nodes belonging to a same category in the first classification manner are displayed in a same area of the each layer, and nodes belonging to different categories in the first classification manner are displayed in different areas of the each layer.
  3. The method according to claim 1, wherein the determining (S202) a first classification manner for classifying nodes in the computer network (30) comprises:
    determining the first classification manner selected by a user from a plurality of classification manners; or
    using a predefined classification manner as the first classification manner.
  4. The method according to claim 1, wherein
    the acquiring (S201) information about each node in a computer network (30) comprises: acquiring at least one piece of information about the each node in the computer network (30) ; and
    the determining (S203) feature information of the each node from the information about the each node according to the first classification manner comprises:
    digitizing (S2031) each of the at least one piece of information about the each node; and
    generating (S2032) a vector used for representing the feature information of the each node by using the digitized information.
  5. A network topology visualization apparatus (10) , comprising:
    an information acquisition module (111) , configured to acquire information about each node in a computer network (30) ;
    a processing module (112) , configured to:
    determine a first classification manner for classifying nodes in the computer network (30) ;
    determine feature information of the each node from the information about the each node according to the first classification manner, the feature information being used for classifying the each node in the computer network (30) in the first classification manner;
    determine a category to which the each node belongs according to the feature information of the each node; and
    a display module (113) , configured to display a topology of the computer network (30) in different areas, wherein nodes belonging to a same category in the first classification manner are displayed in a same area, and nodes belonging to different categories in the first classification manner are displayed in different areas.
  6. The apparatus according to claim 5, wherein
    the processing module (112) is further configured to determine, according to a second classification manner, a layer to which the each node in the computer network (30) belongs according to the information about the each node, wherein nodes belonging to a same category in the second classification manner are located in a same layer, and nodes belonging to different categories in the second classification manner are located in different layers; and
    the display module (113) is further configured to display the topology of the computer network (30) in different areas in each layer, wherein nodes belonging to a same category in the first classification manner are displayed in a same area of the each layer, and nodes belonging to different categories in the first classification manner are displayed in different areas of the each layer.
  7. The apparatus according to claim 5, wherein when determining a first classification manner for classifying nodes in the computer network (30) , the processing module (112) is further configured to:
    determine the first classification manner selected by a user from a plurality of classification manners; or
    use a predefined classification manner as the first classification manner.
  8. The apparatus according to claim 5, wherein
    the information acquisition module (111) is further configured to acquire at least one piece of information about the each node in the computer network (30) ; and
    when determining feature information of the each node from the information about the each node according to the first classification manner, the processing module (112) is further configured to:
    digitize each of the at least one piece of information about the each node; and
    generate a vector used for representing the feature information of the each node by using the digitized information.
  9. A network topology visualization apparatus (10) , comprising:
    at least one memory (101) , configured to store computer-readable code; and
    at least one processor (102) , configured to invoke the computer-readable code, to perform the method according to any one of claims 1 to 4.
  10. A computer-readable medium, storing computer-readable instructions, the computer-readable instructions, when executed by a processor, causing the processor to perform the method according to any one of claims 1 to 4.
PCT/CN2021/117469 2021-09-09 2021-09-09 Network topology visualization method and apparatus, and computer-readable medium WO2023035190A1 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
PCT/CN2021/117469 WO2023035190A1 (en) 2021-09-09 2021-09-09 Network topology visualization method and apparatus, and computer-readable medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/CN2021/117469 WO2023035190A1 (en) 2021-09-09 2021-09-09 Network topology visualization method and apparatus, and computer-readable medium

Publications (1)

Publication Number Publication Date
WO2023035190A1 true WO2023035190A1 (en) 2023-03-16

Family

ID=85507111

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2021/117469 WO2023035190A1 (en) 2021-09-09 2021-09-09 Network topology visualization method and apparatus, and computer-readable medium

Country Status (1)

Country Link
WO (1) WO2023035190A1 (en)

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20100070505A1 (en) * 2008-09-18 2010-03-18 International Business Machines Corporation Classification of Data in a Hierarchical Data Structure
CN102208989A (en) * 2010-03-30 2011-10-05 国际商业机器公司 Network visualization processing method and device
CN109495316A (en) * 2018-12-13 2019-03-19 杭州电子科技大学 A kind of network characterisation method merging adjacency and angle of rotation of joint color similitude
CN109753589A (en) * 2018-11-28 2019-05-14 中国科学院信息工程研究所 A kind of figure method for visualizing based on figure convolutional network
CN112487033A (en) * 2020-11-30 2021-03-12 国网山东省电力公司电力科学研究院 Service visualization method and system for data flow and network topology construction

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20100070505A1 (en) * 2008-09-18 2010-03-18 International Business Machines Corporation Classification of Data in a Hierarchical Data Structure
CN102208989A (en) * 2010-03-30 2011-10-05 国际商业机器公司 Network visualization processing method and device
CN109753589A (en) * 2018-11-28 2019-05-14 中国科学院信息工程研究所 A kind of figure method for visualizing based on figure convolutional network
CN109495316A (en) * 2018-12-13 2019-03-19 杭州电子科技大学 A kind of network characterisation method merging adjacency and angle of rotation of joint color similitude
CN112487033A (en) * 2020-11-30 2021-03-12 国网山东省电力公司电力科学研究院 Service visualization method and system for data flow and network topology construction

Similar Documents

Publication Publication Date Title
CN110611651B (en) Network monitoring method, network monitoring device and electronic equipment
CN107683586A (en) Method and apparatus for rare degree of the calculating in abnormality detection based on cell density
TW522681B (en) Graphical user interface
CN106534146B (en) A kind of safety monitoring system and method
CN111325463A (en) Data quality detection method, device, equipment and computer readable storage medium
US20090198707A1 (en) System and method for managing firewall log records
CN111934922B (en) Method, device, equipment and storage medium for constructing network topology
US8856315B2 (en) Device classification system
US20150370848A1 (en) System and method for managing data integrity in electronic data storage
EP3808052A1 (en) Pattern match-based detection in iot security
CN108173692A (en) It is a kind of based on the whole network equipment sensory perceptual system being actively and passively combined and cognitive method
KR102061833B1 (en) Apparatus and method for investigating cyber incidents
CN105516390B (en) Domain name management method and device
CN109995582A (en) Asset equipment management system and method based on real-time status
CN111176202A (en) Safety management method, device, terminal equipment and medium for industrial control network
Feiertag et al. Intrusion detection inter-component adaptive negotiation
JP4361525B2 (en) Management method of physical connection state of communication device connected to communication network, information processing apparatus, and program
CN113965417A (en) Asset risk detection method and device
CN113916284A (en) Machine room environment monitoring method, device, equipment and storage medium
WO2023035190A1 (en) Network topology visualization method and apparatus, and computer-readable medium
US20220014415A1 (en) Deriving network device and host connection
Mercian et al. Mind the semantic gap: Policy intent inference from network metadata
CN111585830A (en) User behavior analysis method, device, equipment and storage medium
CN107102798A (en) Method, system and the correlation module of dynamic modification user interface
WO2023108832A1 (en) Network space map generation method and apparatus, and device and storage medium

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 21956375

Country of ref document: EP

Kind code of ref document: A1