CN107426210A - A kind of real-time traffic detection information storage method - Google Patents

A kind of real-time traffic detection information storage method Download PDF

Info

Publication number
CN107426210A
CN107426210A CN201710609833.1A CN201710609833A CN107426210A CN 107426210 A CN107426210 A CN 107426210A CN 201710609833 A CN201710609833 A CN 201710609833A CN 107426210 A CN107426210 A CN 107426210A
Authority
CN
China
Prior art keywords
packet
flow
real
beyond
time
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201710609833.1A
Other languages
Chinese (zh)
Inventor
李让剑
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Hefei Hongming Network Technology Co ltd
Original Assignee
Hefei Hongming Network Technology Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Hefei Hongming Network Technology Co ltd filed Critical Hefei Hongming Network Technology Co ltd
Priority to CN201710609833.1A priority Critical patent/CN107426210A/en
Publication of CN107426210A publication Critical patent/CN107426210A/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The invention discloses a kind of real-time traffic detection information storage method, including:Statistics and the equipment flow value of host communication within the unit interval;Flow value and unit interval length according to being counted in the unit interval draw the real-time traffic in the current one period;The flow reference value of every equipment is set, the flow of the real time measure is contrasted with standard value, is numbered device Host if setting value is above, the initial time beyond setting value and the amplitude beyond flow are integrated into the first packet;First packet is sent to storage device by route;Storage device main frame the first packet is split after by wherein device Host numbering, the initial time beyond setting value and the amplitude content write storage device beyond flow the first local data base in;The present invention can effectively avoid the long-range altered data of hacker, can ensure the transmission safety of data.

Description

A kind of real-time traffic detection information storage method
Technical field
The present invention relates to network safety filed, and in particular to a kind of real-time traffic detection information storage method.
Background technology
In network communication field, the jumbo growth in face of network traffics is a common technique problem.On one host One or more equipments for surfing the net, each network card equipment and the extraneous data interaction carried out can be connected with, all gives host data stream Amount brings a certain degree of burden.It is more general need in the industry that thus the data traffic of network card equipment, which is monitored, is Balanced each network equipment score load, it is necessary to monitor the real-time traffic of each equipment and preservation in real time.
The content of the invention
It is an object of the invention to overcome the above-mentioned problems in the prior art, there is provided a kind of real-time traffic detection information Storage method, the long-range altered data of hacker can be effectively avoided, the transmission safety of data can be ensured.
To realize above-mentioned technical purpose and the technique effect, the present invention is to be achieved through the following technical solutions:
A kind of real-time traffic detection information storage method, including:Statistics and the equipment stream of host communication within the unit interval Value;Flow value and unit interval length according to being counted in the unit interval draw the real-time streams in the current one period Amount;The flow reference value of every equipment is set, the flow of the real time measure is contrasted with standard value, if setting value is above Device Host is numbered, the initial time beyond setting value and the amplitude beyond flow are integrated into the first packet;Described One packet is sent to storage device by route;The storage device main frame will wherein equipment master after the first packet is split First local data base of machine numbering, the initial time beyond setting value and the amplitude content write storage device beyond flow In.
Further, the data base management system that first database uses is orcle.
Further, the data base management system is acquiescence equilibrium allocation, and the acquisition units time of flow information is 3 seconds Integral multiple.
Further, first packet is before sending by its device Host numbering, beyond the initial time of setting value Information and in the packet of amplitude information random writing first of flow, and second will be write after the packing of specific writing mode In packet, the second database is write after the second packet encryption, the storage device main frame will with reference to the second packet Device Host numbering in first packet, the initial time beyond setting value and the write-in of the amplitude content beyond flow first Database.
Further, second packet is remotely sent to main control computer using SSL encryption mode.
Further, containing the byte quantity letter in the also unit interval in first packet and the second packet Breath, the storage device main frame are combined before the second packet extracts the first packet content and counted by the first packet and second Consistency checking is carried out according to the byte quantity information in the unit interval in bag.
The present invention income effect be:
Real-time traffic is stored in the memory of strange land in time, and flow information carried out using data base management system Management, convenient inquiry and follow-up use, when hacker is attacked server using flow attacking mode, storage device Main frame combines the second packet by the device Host numbering in the first packet, the initial time beyond setting value and beyond stream The amplitude content of amount writes the first database, can effectively avoid the long-range altered data of hacker, can ensure the transmission peace of data Entirely.
Brief description of the drawings
In order to illustrate the technical solution of the embodiments of the present invention more clearly, used required for being described below to embodiment Accompanying drawing is briefly described, it should be apparent that, drawings in the following description are only some embodiments of the present invention, for ability For the those of ordinary skill of domain, on the premise of not paying creative work, it can also be obtained according to these accompanying drawings other attached Figure.
Fig. 1 is the FB(flow block) of storage method of the present invention;
Fig. 2 is the structural representation of the first packet.
Embodiment
Below in conjunction with the accompanying drawing in the embodiment of the present invention, the technical scheme in the embodiment of the present invention is carried out clear, complete Site preparation describes, it is clear that described embodiment is only part of the embodiment of the present invention, rather than whole embodiments.It is based on Embodiment in the present invention, those of ordinary skill in the art are obtained all other under the premise of creative work is not made Embodiment, belong to the scope of protection of the invention.
As shown in Figure 1-2, the present invention is a kind of real-time traffic detection information storage method, including:United within the unit interval The equipment flow value of meter and host communication;Flow value and unit interval length according to being counted in the unit interval draw current list Real-time traffic in the period of position;The flow reference value of every equipment is set, the flow of the real time measure and standard value are carried out pair Than device Host being numbered if setting value is above, the initial time beyond setting value and the amplitude beyond flow are integrated For the first packet;First packet is sent to storage device by route;After storage device main frame splits the first packet By wherein device Host numbering, the initial time beyond setting value and the amplitude content write storage device beyond flow the In one local data base, what deserves to be explained is, when host operating system is run, the operating system of main frame will not record often in itself The running situation of one process, and whether normal operation.But the normal activity of the process operated on main frame may also be deposited In hidden danger, the real-time traffic monitoring method of the present embodiment can assist host operating system to carry out process monitoring, the real-time traffic Monitoring method not only can analysis process in real time flow occupancy situation, additionally it is possible to prompted automatically according to customized monitoring strategies There is the process that abnormal possibility largely takes flow.Wherein, the unit interval can refer to the unit interval of bandwidth, i.e., ratio per second Spy, for the data traffic situation for each network interface card that monitoring analysis current host system is connected, it can first obtain each network interface card Facility information.And it is possible to the traffic conditions that facility information and statistics are obtained are presented to user in real time, it is directly perceived to provide Monitoring data.
Wherein, the data base management system that the first database uses is orcle.
Wherein, data base management system is acquiescence equilibrium allocation, and the acquisition units time of flow information is the integer of 3 seconds Times.
Wherein, the first packet before sending by its device Host numbering, the start time information beyond setting value and In the packet of amplitude information random writing first of flow, and the second packet is write after specific writing mode is packed It is interior, the second database is write after the encryption of the second packet, storage device main frame combines the second packet by the first packet Device Host numbering, the initial time beyond setting value and the amplitude content beyond flow write the first database.
Wherein, the second packet is remotely sent to main control computer using SSL encryption mode.
Wherein, set in the first packet and the second packet containing the byte quantity information in the also unit interval, storage Standby main frame, which is combined before the second packet extracts the first packet content, passes through the unit in the first packet and the second packet Byte quantity information in time carries out consistency checking, the real-time traffic monitoring method provided in the present embodiment, in unit The present flow rate value for each network card equipment that time statistics is connected with main frame, the flow bandwidth of calculating main frame;It is determined that with flow band The flow reference value of each network card equipment of width matching, and according to the flow reference value of each network card equipment to described each Network card equipment carries out traffic monitoring, can the accurately defeated flow for monitoring any network interface card in real time, and can to the statistics of each network interface card At any time, to realize monitoring in real time.On this basis, the big port of flow accounting can also be determined whether, and Malice IP is identified, effectively overcomes the saturation network attack of hacker.
In the description of this specification, the description of reference term " one embodiment ", " example ", " specific example " etc. means Feature, which is lived, with reference to specific features, structure, the material that the embodiment or example describe is contained at least one implementation of the invention In example or example.In this manual, identical embodiment or example are not necessarily referring to the schematic representation of above-mentioned term. Moreover, specific features, structure, material or the feature of description can close in any one or more embodiments or example Suitable mode combines.
Present invention disclosed above preferred embodiment is only intended to help and illustrates the present invention.Preferred embodiment is not detailed All details are described, it is only described embodiment also not limit the invention.Obviously, according to the content of this specification, It can make many modifications and variations.This specification is chosen and specifically describes these embodiments, is to preferably explain the present invention Principle and practical application so that skilled artisan can be best understood by and utilize the present invention.The present invention is only Limited by claims and its four corner and equivalent.

Claims (6)

  1. A kind of 1. real-time traffic detection information storage method, it is characterised in that:Including:
    Statistics and the equipment flow value of host communication within the unit interval;
    Flow value and unit interval length according to being counted in the unit interval draw the real-time traffic in the current one period;
    The flow reference value of every equipment is set, the flow of the real time measure is contrasted with standard value, if being above setting value Then device Host is numbered, the initial time beyond setting value and the amplitude beyond flow are integrated into the first packet;
    First packet is sent to storage device by route;
    The storage device main frame numbers wherein device Host, beyond the initial time of setting value after the first packet is split And in the first local data base of the amplitude content write storage device of flow.
  2. A kind of 2. real-time traffic detection information storage method as claimed in claim 1, it is characterised in that:First database The data base management system used is orcle.
  3. A kind of 3. real-time traffic detection information storage method as claimed in claim 2, it is characterised in that:The data base administration System is acquiescence equilibrium allocation, and the acquisition units time of flow information is the integral multiple of 3 seconds.
  4. A kind of 4. real-time traffic detection information storage method as claimed in claim 1, it is characterised in that:First packet Before sending by its device Host numbering, the start time information beyond setting value and the amplitude information data block beyond flow In the packet of random writing first, and write after specific writing mode is packed in the second packet, second packet adds The second database of write-in after close, the storage device main frame combine the second packet and compile the device Host in the first packet Number, the initial time beyond setting value and the amplitude content beyond flow write the first database.
  5. A kind of 5. real-time traffic detection information storage method as claimed in claim 4, it is characterised in that:Second packet Remotely sent to main control computer using SSL encryption mode.
  6. A kind of 6. real-time traffic detection information storage method as described in any one in claim 1-5, it is characterised in that:Institute State in the first packet and the second packet containing the byte quantity information in the also unit interval, the storage device main frame knot Close before the second packet extracts the first packet content by the unit interval in the first packet and the second packet Byte quantity information carries out consistency checking.
CN201710609833.1A 2017-07-25 2017-07-25 A kind of real-time traffic detection information storage method Pending CN107426210A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201710609833.1A CN107426210A (en) 2017-07-25 2017-07-25 A kind of real-time traffic detection information storage method

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201710609833.1A CN107426210A (en) 2017-07-25 2017-07-25 A kind of real-time traffic detection information storage method

Publications (1)

Publication Number Publication Date
CN107426210A true CN107426210A (en) 2017-12-01

Family

ID=60431099

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201710609833.1A Pending CN107426210A (en) 2017-07-25 2017-07-25 A kind of real-time traffic detection information storage method

Country Status (1)

Country Link
CN (1) CN107426210A (en)

Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101119371A (en) * 2007-08-28 2008-02-06 杭州华三通信技术有限公司 Method, client terminal, server and system for preventing network attack using ARP
CN102567185A (en) * 2011-12-31 2012-07-11 北京新媒传信科技有限公司 Monitoring method of application server
US20130042323A1 (en) * 2010-01-08 2013-02-14 Juniper Networks, Inc. High availability for network security devices
US8427947B1 (en) * 2004-09-29 2013-04-23 Marvell Israel (M.I.S.L) Ltd. Method and apparatus for preventing head of line blocking in an ethernet system
CN105429801A (en) * 2015-12-10 2016-03-23 北京奇虎科技有限公司 Traffic monitoring method and apparatus
CN106203128A (en) * 2015-04-30 2016-12-07 宋青见 Web data encipher-decipher method, device and system
CN106656647A (en) * 2015-10-30 2017-05-10 北京国双科技有限公司 Real-time flow monitoring method and real-time flow monitoring device

Patent Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8427947B1 (en) * 2004-09-29 2013-04-23 Marvell Israel (M.I.S.L) Ltd. Method and apparatus for preventing head of line blocking in an ethernet system
CN101119371A (en) * 2007-08-28 2008-02-06 杭州华三通信技术有限公司 Method, client terminal, server and system for preventing network attack using ARP
US20130042323A1 (en) * 2010-01-08 2013-02-14 Juniper Networks, Inc. High availability for network security devices
CN102567185A (en) * 2011-12-31 2012-07-11 北京新媒传信科技有限公司 Monitoring method of application server
CN106203128A (en) * 2015-04-30 2016-12-07 宋青见 Web data encipher-decipher method, device and system
CN106656647A (en) * 2015-10-30 2017-05-10 北京国双科技有限公司 Real-time flow monitoring method and real-time flow monitoring device
CN105429801A (en) * 2015-12-10 2016-03-23 北京奇虎科技有限公司 Traffic monitoring method and apparatus

Similar Documents

Publication Publication Date Title
CN105959144B (en) Secure data acquisition and method for detecting abnormality and system towards industrial control network
CN110401624A (en) The detection method and system of source net G system mutual message exception
CN110912927B (en) Method and device for detecting control message in industrial control system
DE112018008119T5 (en) Modifying a resource allocation or strategy in response to control information from a virtual network function
CN110808874B (en) Cross-machine-room service monitoring method and device, storage medium and server
CN104283897B (en) Wooden horse communication feature rapid extracting method based on multiple data stream cluster analysis
CN106685984A (en) Network threat analysis system and method based on data pocket capture technology
CN105656575B (en) Multi-client real time spectrum monitoring system and its method based on GPU
CN105897599A (en) Communication apparatus, communication system, and communication method
KR102129375B1 (en) Deep running model based tor site active fingerprinting system and method thereof
CN107135234A (en) The method and apparatus that a kind of data traffic monitors control
CN104320305B (en) A kind of network equipment forwarding service monitoring method and system
CN106878199A (en) The collocation method and device of a kind of access information
CN107979506A (en) Flow obtains and high in the clouds display systems, method, apparatus and equipment
CN106686007A (en) Active flow analysis method for finding intranet controlled rerouting nodes
CN208128283U (en) Information security of computer network monitor system
CN108270643A (en) The detection method and equipment of link between Leaf-Spine interchangers
CN105553743B (en) Obtain method, system, first network equipment and the third network equipment of log
CN109039959A (en) A kind of the consistency judgment method and relevant apparatus of SDN network rule
Granby et al. SDN-PANDA: Software-defined network platform for anomaly detection applications
CN107613313A (en) A kind of player method and device of multiple live videos
CN112822146A (en) Network connection monitoring method, device, system and computer readable storage medium
CN107426210A (en) A kind of real-time traffic detection information storage method
CN107506184A (en) The treating method and apparatus of system application message
CN104468190B (en) A kind of wifi data packet snapping method, device and intelligent terminal

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication

Application publication date: 20171201

RJ01 Rejection of invention patent application after publication