Unlock instant, AI-driven research and patent intelligence for your innovation.

Network Data Acquisition Method for Network Health Modeling and Analysis

A network health and network data technology, applied in data exchange networks, digital transmission systems, electrical components, etc., can solve problems such as underutilization of host resources, sudden interruption of network transmission, and poor accuracy.

Active Publication Date: 2020-10-23
UNIV OF ELECTRONICS SCI & TECH OF CHINA
View PDF10 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

For example, DDos attacks use a large number of semi-connections to occupy bandwidth and host resources; 0Day vulnerabilities may use deserialization code injection to gain control of the host. The host utilization rate may not be high at the initial stage of the attack, and malicious scripts will be executed at the beginning of the attack. A large amount of host resources are occupied; network congestion will also increase the utilization rate of network resources, but the increase in utilization rate is a relatively long process; if there is a problem with the network hardware (such as a disconnected network cable), the transmission of a certain network card will suddenly be interrupted and the host The resource usage is normal; the network transmission will be interrupted suddenly due to artificial shutdown
Simply capturing network connection data cannot distinguish between artificial shutdown, network cable disconnection, and network congestion such as DDos
Traditional data sets do not make full use of host resource usage during collection, making subsequent analysis difficult and less accurate

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Network Data Acquisition Method for Network Health Modeling and Analysis
  • Network Data Acquisition Method for Network Health Modeling and Analysis
  • Network Data Acquisition Method for Network Health Modeling and Analysis

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0044] Please refer to figure 1 with figure 2 , the present embodiment provides a network data collection method for network health modeling analysis, including the following steps:

[0045] S1, collect the first network data packet that contains the network node connection information from the controlled host through wireshark, and store it in the database after parsing it into a data packet in json format;

[0046] S2, collect the second network data packet that contains the network node status information from the controlled host, and store it in the database after parsing it into a data packet in json format;

[0047] S3. The first network data packet in json format and the second network data packet in json format are retrieved from the database, and spliced ​​into a combined network data packet in json format, and the first network data packet and the second network data retrieved are The capture time period corresponding to the packet is the same as the host ip;

[00...

Embodiment 2

[0057] Regarding the network node state information in Embodiment 1, this embodiment provides a method for judging the status of whether the controlled host in the information is powered off.

[0058] Please refer to Figure 5 (a), the state judging method when the controlled host is not shut down comprises the following steps:

[0059] a1. Ansible sends instructions to the controlled host, and the controlled host checks whether the shutdown notification script exists. If it exists, continue to step a2. If it does not exist, ansible configures the shutdown notification script for the controlled host, and then executes step a2;

[0060] a2. The controlled host sends the non-shutdown return result to ansible. The non-shutdown return result includes the cpu resource usage of the controlled host, the cpu usage rate, the total amount of memory, the memory usage rate, the information of the top ten processes that occupy the most cpu, and the swap District totals and usage;

[0061...

Embodiment 3

[0068] Please refer to Image 6 , the present invention provides a network data acquisition system for modeling and analyzing network health conditions, including an intermediate switch, a gateway switch, a bypass monitoring machine, a controlled host and a control host, the control host communicates with the gateway switch, Ansible for collecting the second network data packets is installed, and ssh-free login can be realized between the control host and the controlled host, so that the control host and the controlled host can communicate through ssh; the gateway switch has port mirroring function; The bypass monitoring machine is installed with wireshark and winpcap.

[0069] In this embodiment, when ansible is installed, the ip of each controlled host is written in the ansible configuration file in the form of a list, and ansible configures the port and log file location, configures the log level, and needs to close the interference information.

[0070] In this embodiment...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention discloses a network data acquisition method for modeling and analysis of network health status, and relates to the technical field of network health analysis. A control host is added to the hardware, and the network data acquisition includes: collecting network node connection information from the controlled host through wireshark Data, and parse it into json format and store it in the database; collect network node status information data from the controlled host, parse it into json format and store it in the database; retrieve the corresponding time period and host from the database The network node connection information and network node status information data in the json format of ip are spliced ​​and stored in the database again for retrieval when analyzing the network health status. The present invention has low cost of network transformation, can provide accurate network data support, and facilitates subsequent modeling and analysis of network data by using a machine learning method.

Description

technical field [0001] The invention relates to the technical field of network health analysis, in particular to a network data collection method for modeling and analyzing network health conditions. Background technique [0002] During the use of the Internet, we often encounter various network problems, so it is very important to be able to quickly trace the source of network problems. With the continuous improvement of machine learning models, there are more ideas for analysis and modeling of network health status. The analysis and modeling of network health status requires a large amount of data as support, and the current network status data is mostly analyzed based on connections, such as ids2012, ids2017, ids2018 and kdd99. The above data set has statistics on the duration, usage protocol, and average traffic of an attack. However, different network problems have different manifestation patterns. For example, DDos attacks use a large number of semi-connections to o...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Patents(China)
IPC IPC(8): H04L29/06H04L12/24
CPCH04L41/14H04L63/1408H04L69/22
Inventor 胡苏张骁张骁丰林迪梁宇吴薇薇
Owner UNIV OF ELECTRONICS SCI & TECH OF CHINA