Unlock instant, AI-driven research and patent intelligence for your innovation.

Network data acquisition method and system for network health condition modeling analysis

A network health and network data technology, applied in the direction of digital transmission system, transmission system, data exchange network, etc., can solve the problems of rising network resource utilization rate, interruption of host resource, usage, etc., to reduce misjudgment rate and improve accuracy , cost reduction effect

Active Publication Date: 2020-03-24
UNIV OF ELECTRONICS SCI & TECH OF CHINA
View PDF10 Cites 1 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

For example, DDos attacks use a large number of semi-connections to occupy bandwidth and host resources; 0Day vulnerabilities may use deserialization code injection to gain control of the host. The host utilization rate may not be high at the initial stage of the attack, and malicious scripts will be executed at the beginning of the attack. A large amount of host resources are occupied; network congestion will also increase the utilization rate of network resources, but the increase in utilization rate is a relatively long process; if there is a problem with the network hardware (such as a disconnected network cable), the transmission of a certain network card will suddenly be interrupted and the host The resource usage is normal; the network transmission will be interrupted suddenly due to artificial shutdown
Simply capturing network connection data cannot distinguish between artificial shutdown, network cable disconnection, and network congestion such as DDos
Traditional data sets do not make full use of host resource usage during collection, making subsequent analysis difficult and less accurate

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Network data acquisition method and system for network health condition modeling analysis
  • Network data acquisition method and system for network health condition modeling analysis
  • Network data acquisition method and system for network health condition modeling analysis

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0044] Please refer to figure 1and figure 2 , the present embodiment provides a network data collection method for network health modeling analysis, including the following steps:

[0045] S1, collect the first network data packet that contains the network node connection information from the controlled host through wireshark, and store it in the database after parsing it into a data packet in json format;

[0046] S2, collect the second network data packet that contains the network node status information from the controlled host, and store it in the database after parsing it into a data packet in json format;

[0047] S3. The first network data packet in json format and the second network data packet in json format are retrieved from the database, and spliced ​​into a combined network data packet in json format, and the first network data packet and the second network data retrieved are The capture time period corresponding to the packet is the same as the host ip;

[00...

Embodiment 2

[0057] Regarding the network node state information in Embodiment 1, this embodiment provides a method for judging the status of whether the controlled host in the information is powered off.

[0058] Please refer to Figure 5 (a), the state judging method when the controlled host is not shut down comprises the following steps:

[0059] a1. Ansible sends instructions to the controlled host, and the controlled host checks whether the shutdown notification script exists. If it exists, continue to step a2. If it does not exist, ansible configures the shutdown notification script for the controlled host, and then executes step a2;

[0060] a2. The controlled host sends the non-shutdown return result to ansible. The non-shutdown return result includes the cpu resource usage of the controlled host, the cpu usage rate, the total amount of memory, the memory usage rate, the information of the top ten processes that occupy the most cpu, and the swap District totals and usage;

[0061...

Embodiment 3

[0068] Please refer to Figure 6 , the present invention provides a network data acquisition system for modeling and analyzing network health conditions, including an intermediate switch, a gateway switch, a bypass monitoring machine, a controlled host and a control host, the control host communicates with the gateway switch, Ansible for collecting the second network data packets is installed, and ssh-free login can be realized between the control host and the controlled host, so that the control host and the controlled host can communicate through ssh; the gateway switch has port mirroring function; The bypass monitoring machine is installed with wireshark and winpcap.

[0069] In this embodiment, when ansible is installed, the ip of each controlled host is written in the ansible configuration file in the form of a list, and ansible configures the port and log file location, configures the log level, and needs to close the interference information.

[0070] In this embodimen...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention discloses a network data acquisition method and system for network health condition modeling analysis and relates to the technical field of network health analysis,. A control host is added to hardware, and network data acquisition comprises the following steps: acquiring network node connection information data from a controlled host through wirespark, analyzing the network node connection information data into a json format, and storing the network node connection information data into a database; collecting network node state information data from the controlled host, analyzing the network node state information data into a json format, and storing the network node state information data into a database; and calling the network node connection information and the network node state information data in the json format corresponding to the same time period and the host ip from the database, splicing the network node connection information and the network node state information data, and storing the spliced data in the database again for calling during network health condition analysis. The invention is low in network reconstruction cost, can provide accurate networkdata support, and facilitates the subsequent modeling analysis of the network data through employing a machine learning method.

Description

technical field [0001] The invention relates to the technical field of network health analysis, in particular to a network data collection method and system for network health status modeling and analysis. Background technique [0002] During the use of the Internet, we often encounter various network problems, so it is very important to be able to quickly trace the source of network problems. With the continuous improvement of machine learning models, there are more ideas for analysis and modeling of network health status. The analysis and modeling of network health status requires a large amount of data as support, and the current network status data is mostly analyzed based on connections, such as ids2012, ids2017, ids2018 and kdd99. The above data set has statistics on the duration, usage protocol, and average traffic of an attack. However, different network problems have different manifestation patterns. For example, DDos attacks use a large number of semi-connection...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Applications(China)
IPC IPC(8): H04L29/06H04L12/24
CPCH04L41/14H04L63/1408H04L69/22
Inventor 胡苏张骁张骁丰林迪梁宇吴薇薇
Owner UNIV OF ELECTRONICS SCI & TECH OF CHINA