CN111177281B - Access control method, device, equipment and storage medium - Google Patents
Access control method, device, equipment and storage medium Download PDFInfo
- Publication number
- CN111177281B CN111177281B CN201911379263.7A CN201911379263A CN111177281B CN 111177281 B CN111177281 B CN 111177281B CN 201911379263 A CN201911379263 A CN 201911379263A CN 111177281 B CN111177281 B CN 111177281B
- Authority
- CN
- China
- Prior art keywords
- access information
- information
- logical address
- access
- map
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000000034 method Methods 0.000 title claims abstract description 48
- 238000004458 analytical method Methods 0.000 claims abstract description 62
- 238000012544 monitoring process Methods 0.000 claims abstract description 16
- 238000004891 communication Methods 0.000 claims description 13
- 238000004590 computer program Methods 0.000 claims description 10
- 230000001105 regulatory effect Effects 0.000 claims description 3
- 238000007726 management method Methods 0.000 description 12
- 238000007405 data analysis Methods 0.000 description 3
- 238000010586 diagram Methods 0.000 description 3
- 238000012423 maintenance Methods 0.000 description 3
- 230000005540 biological transmission Effects 0.000 description 2
- 238000013481 data capture Methods 0.000 description 2
- 238000005516 engineering process Methods 0.000 description 2
- 230000006870 function Effects 0.000 description 2
- 230000000977 initiatory effect Effects 0.000 description 2
- 230000008569 process Effects 0.000 description 2
- 238000012545 processing Methods 0.000 description 2
- 230000008859 change Effects 0.000 description 1
- 239000003086 colorant Substances 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 230000000694 effects Effects 0.000 description 1
- 238000000605 extraction Methods 0.000 description 1
- 230000010365 information processing Effects 0.000 description 1
- 238000002372 labelling Methods 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 238000010223 real-time analysis Methods 0.000 description 1
- 230000007723 transport mechanism Effects 0.000 description 1
- 238000012384 transportation and delivery Methods 0.000 description 1
- 230000000007 visual effect Effects 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/20—Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
- G06F16/29—Geographical information databases
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/20—Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
- G06F16/28—Databases characterised by their database models, e.g. relational or object models
- G06F16/284—Relational databases
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/50—Network services
- H04L67/52—Network services specially adapted for the location of the user terminal
Landscapes
- Engineering & Computer Science (AREA)
- Databases & Information Systems (AREA)
- Theoretical Computer Science (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Physics & Mathematics (AREA)
- Data Mining & Analysis (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Remote Sensing (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- Computing Systems (AREA)
- Computer And Data Communications (AREA)
Abstract
The invention discloses an access control method, an access control device, access control equipment and a storage medium, wherein the method comprises the following steps: monitoring an internet data center, and copying any access information received by the internet data center for analysis when the internet data center is monitored to receive the any access information; analyzing the access information to obtain a source logical address which represents sending the access information and a corresponding target logical address to be accessed, wherein the source logical address and the corresponding target logical address are contained in the access information, and determining area information respectively corresponding to the source logical address and the target logical address according to a preset corresponding relation; and calling a preset map, and displaying the determined region information on the map so as to realize the control of the access information based on the information on the map. The technical scheme disclosed by the application is used for workers to realize the operations of effectively monitoring the internet data center and the like.
Description
Technical Field
The invention relates to the technical field of internet data centers, in particular to an access control method, device, equipment and storage medium.
Background
An Internet Data Center (IDC) is a standardized telecommunication professional computer room environment established by using existing Internet communication lines and bandwidth resources, and can provide all-round services in the aspects of server hosting, renting, related value increment and the like for enterprises and the like. The IDC is not only a data storage center but also a data circulation center, and is usually deployed in an Internet network data switching center, and how to manage and control information of the Internet data center is urgently needed to be solved today in the rapid development of IT.
Disclosure of Invention
The invention aims to provide an access control method, an access control device, access control equipment and a storage medium, which are convenient for workers to acquire the position information of access information received by an internet data center so as to realize corresponding operations such as control and the like.
The method can be used for the workers to realize the operations such as effective monitoring of the internet data center.
In order to achieve the above purpose, the invention provides the following technical scheme:
an access management and control method, comprising:
monitoring an internet data center, and copying any access information received by the internet data center for analysis when the internet data center is monitored to receive the any access information;
analyzing the access information to obtain a source logical address which represents sending of the access information and a corresponding target logical address which needs to be accessed, wherein the source logical address and the target logical address are contained in the access information, and determining area information which respectively corresponds to the source logical address and the target logical address according to a preset corresponding relation;
and calling a preset map, and displaying the determined region information on the map so as to realize the control of the access information based on the information on the map.
Preferably, the displaying the determined region information on the map includes:
displaying the determined region information on the map in an arrow manner; wherein the arrow points from the region of the region information corresponding to the source logical address to the region of the region information corresponding to the destination logical address, and different access information corresponds to arrows having different arrow marks.
Preferably, the analyzing the access information includes:
and if the monitored and copied access information is multiple, calling multiple preset analysis programs, and analyzing the multiple access information in parallel by using the multiple preset analysis programs.
Preferably, after copying the arbitrary access information received by the internet data center for parsing, the method further includes:
analyzing the access information to obtain an identifier of a source port sending the access information, an identifier of a corresponding destination port needing to be accessed, time for receiving the access information by a communication protocol for sending the access information and identity information of equipment sending the access information, wherein the identifier of the source port sending the access information, the identifier of the corresponding destination port needing to be accessed, the time for receiving the access information by the communication protocol for sending the access information and the identity information are contained in the access information, and the obtained information is marked at a specified position of a corresponding arrow on the map.
Preferably, the analyzing the access information includes:
and calling a preset key field, and extracting the content corresponding to the key field contained in the access information to obtain the information to be displayed on the map.
Preferably, the method further comprises the following steps:
receiving a field setting instruction input by the outside, and determining fields contained in the field setting instruction as key fields used for realizing analysis of the access information.
Preferably, the method further comprises the following steps:
and storing various items of information obtained by analyzing the access information into a pre-specified database in a Structured Query Language (SQL) file mode.
An access management control apparatus comprising:
a monitoring module to: monitoring an internet data center, and copying any access information received by the internet data center for analysis when monitoring that the internet data center receives the any access information;
a parsing module to: analyzing the access information to obtain a source logical address which represents sending of the access information and a corresponding target logical address which needs to be accessed, wherein the source logical address and the target logical address are contained in the access information, and determining area information which respectively corresponds to the source logical address and the target logical address according to a preset corresponding relation;
an output module to: calling a preset map, and displaying the determined region information on the map so as to realize the management and control of the access information based on the information on the map.
An access management device, comprising:
a memory for storing a computer program;
a processor configured to implement the steps of the access regulating method as described in any one of the above when the computer program is executed.
A computer readable storage medium having stored thereon a computer program which, when executed by a processor, carries out the steps of the access management method according to any one of the preceding claims.
The invention provides an access control method, an access control device, access control equipment and a storage medium, wherein the method comprises the following steps: monitoring an internet data center, and copying any access information received by the internet data center for analysis when the internet data center is monitored to receive the any access information; analyzing the access information to obtain a source logical address which represents sending the access information and a corresponding target logical address to be accessed, wherein the source logical address and the corresponding target logical address are contained in the access information, and determining area information respectively corresponding to the source logical address and the target logical address according to a preset corresponding relation; calling a preset map, and displaying the determined region information on the map so as to realize the management and control of the access information based on the information on the map. According to the technical scheme, when the internet data center receives the access information, the access information is analyzed to obtain the corresponding source logical address for sending the access information and the corresponding target logical address for receiving the access information, and then the region information to which the source logical address and the target logical address belong respectively is determined and displayed on the map, so that a worker can conveniently know the position information of the access information received by the internet data center at a glance based on the map information displayed on the map, and further the corresponding operations of management, maintenance, control and the like are realized; the technical scheme disclosed by the application is used for monitoring the internet data center and other operations by workers.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the embodiments or the prior art descriptions will be briefly described below, it is obvious that the drawings in the following description are only embodiments of the present invention, and for those skilled in the art, other drawings can be obtained according to the provided drawings without creative efforts.
Fig. 1 is a flowchart of an access control method according to an embodiment of the present invention;
fig. 2 is a schematic diagram of an implementation scheme of an access control method according to an embodiment of the present invention;
fig. 3 is a schematic structural diagram of an access control apparatus according to an embodiment of the present invention.
Detailed Description
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
Referring to fig. 1, a flowchart of an access control method according to an embodiment of the present invention is shown, where the method includes:
s11: the method comprises the steps of monitoring an internet data center, and copying any access information received by the internet data center for analysis when the internet data center receives the any access information.
An execution main body of the access control method provided by the embodiment of the present invention may be a corresponding access control device, and the access control device may be disposed in an internet data center, so the execution main body of the access control method may be the internet data center, and the following detailed description will be given by taking the execution main body of the access control method as the internet data center.
Specifically, the internet data center, as a center for network data exchange, receives data access requests, i.e., access information, from different regions; therefore, the network card of the server of the machine room (IDC machine room) to which the Internet data center belongs can be monitored in real time, so that when any data is received on the network card, before the network card transmits the received data to other equipment, the data received on the network card can be detected to obtain corresponding access information, the access information is copied to obtain a corresponding copy for analyzing the access information, meanwhile, the network card can transmit the received data to other equipment (such as a server and the like) according to a corresponding normal data transmission path, and the like, namely, when any data is received on the network card, the copy operation is appointed to the data received by the network card to obtain two identical access information, one of the two identical access information is transmitted to a processor in the server for processing, and the other access information is analyzed, so that on the premise that the normal processing of the network is not influenced and the access information can be processed in time, and finishing the operations of obtaining the access information, subsequent analysis and the like.
S12: analyzing the access information to obtain a source logical address which represents the sending of the access information and a corresponding target logical address to be accessed, which are contained in the access information, and determining area information respectively corresponding to the source logical address and the target logical address according to a preset corresponding relation.
The access information is analyzed according to a preset analysis strategy, so that a corresponding analysis result can be obtained, and the analysis strategy in the embodiment is a method required by the process of analyzing the access information to obtain the corresponding analysis result; the analysis result may include a logical address (source logical address) indicating the device that sends the access information and a logical address (destination logical address) indicating the device that the access information needs to be sent to, and the logical address in this embodiment may specifically be an IP address; after the analysis result is obtained, the area information corresponding to the source logical address and the area information corresponding to the destination logical address can be determined, so that the area where the equipment for sending the access information is located and the area where the equipment for sending the access information is located can be determined based on the analysis of the access information; the area in this embodiment is specifically an actual geographic location.
In addition, real area information (namely, an actual geographic position) of a logical address in a certain range determined according to actual needs can be collected in advance, a corresponding address base is established, the address base comprises a corresponding relation between the logical address and the area information to which the logical address belongs, after a source logical address and a destination logical address are determined, the area information corresponding to the source logical address and the destination logical address can be determined based on the corresponding relation in the address base, namely, the source logical address and the destination logical address are identified by using the address base, and therefore the area information where the device (or the user) initiating the access information is located and the area information where the device to which the access information needs to be sent is located are obtained.
S13: and calling a preset map, and displaying the determined region information on the map so as to realize the control of access information based on the information on the map.
In this embodiment, when the analysis result is output, a preset output format corresponding to the analysis result may be obtained first, and then the analysis result is output according to the preset output format, where the preset output format may be specifically determined according to the received format configuration information, or may be determined according to a format document stored in advance, so that the output mode of the analysis result meets the requirement, and thus, a worker may conveniently obtain and analyze corresponding information. In this embodiment, a map indicating a geographical position within a certain range may be preset, so that after the region information is determined, the region information is displayed on the region, and thus, the outside can obtain relevant information of the access information at a glance based on the map, and further, operations such as management and control of the access information are realized. In addition, the map may be displayed in a webpage, and certainly may be displayed in a document, which are all within the protection scope of the present invention.
According to the technical scheme, when the internet data center is monitored to receive the access information, the access information is analyzed to obtain the corresponding source logical address for sending the access information and the corresponding destination logical address for receiving the access information, and then the area information to which the source logical address and the destination logical address belong respectively is determined and displayed on the map, so that a worker can conveniently know the position information of the access information received by the internet data center at a glance based on the map information displayed on the map, and further the corresponding operations such as management, maintenance and control are realized; the technical scheme disclosed by the application can be used for workers to effectively monitor the internet data center and the like.
In addition, it should be noted that, in this embodiment, the internet data center may be monitored in real time to obtain corresponding access information, or a data capture policy may be preset, and then the access information may be obtained according to time set in the data capture policy, for example, the access information received by the internet data center is obtained at regular time, or the access information is obtained at a peak access time that is obtained in advance, or the access information is obtained according to time input from the outside, which is within the protection scope of the present invention, so that the access information can be obtained to meet different management requirements.
And after the corresponding analysis result of the access information is obtained, the access information can be displayed on a map in real time, so that the effect of realizing dynamic display along with the change of the access information is achieved.
The access control method provided by the embodiment of the invention displays the determined region information on a map, and may include:
displaying the determined region information on a map in an arrow manner; wherein the arrow points from the region of the region information corresponding to the source logical address to the region of the region information corresponding to the destination logical address, and different access information corresponds to arrows with different arrow marks.
It should be noted that, in this embodiment, in order to make the display of the access information more intuitive and clear, an arrow corresponding to the access information may be set, so that the arrow points from the area of the area information where the source logical address is located to the area of the area information where the destination logical address is located on the map; different arrow marks can be different colors set for different arrows, can also be different labels set for different arrows, can also be different connection modes set for different arrows, and of course, other settings can be carried out according to actual needs, and are all within the protection scope of the invention; therefore, the arrows on the map can be distinguished conveniently, and the display of the arrows on the map is further visual and clear.
The access control method provided in the embodiment of the present invention analyzes access information, and may include:
and if the monitored and copied access information is multiple, calling multiple preset analysis programs, and analyzing the multiple access information in parallel by using the multiple preset analysis programs.
It should be noted that if there are multiple (more than 1) access information received by the internet data center, in order to improve the efficiency of analyzing the access information, multiple preset analysis programs may be called, so that the multiple preset analysis programs are used to implement analysis of the multiple acquired access information in parallel in a one-to-one correspondence manner; the plurality of preset analysis programs may be a corresponding number of programs generated after the access information is acquired, or a certain number of preset analysis programs are preset and then directly called when needed; therefore, the information analysis efficiency is effectively improved.
The access control method provided in the embodiment of the present invention may further include, after copying the arbitrary access information received by the internet data center for analysis:
analyzing the access information to obtain an identifier of a source port for sending the access information, an identifier of a corresponding destination port needing to be accessed, time for receiving the access information by a communication protocol for realizing access information sending and identity information of equipment for sending the access information, which are contained in the access information, and marking the obtained information at a specified position of a corresponding arrow on a map.
It should be noted that the analysis result obtained in this embodiment may include any information obtained by analyzing the access information, and specifically, may further include an identifier of a port (source port) that sends the access information, an identifier of a port (destination port) to which the access information needs to be sent, a communication protocol that implements transmission of the access information, a time when the access information is received, and identity information (which may include an identity identifier or the like) of the device that sends the access information (or a user holding the device), and labeling the information at the designated position of the arrow of the access information, and the designated position can be a position near the arrow, therefore, the outside can acquire other information obtained by analyzing the access information from the corresponding position clearly after learning the arrow, and the management and control of the staff on the access information are further facilitated. In addition, the port identifier may include a serial number, a name, and the like of the port, and may be specifically set according to actual needs.
The access control method provided by the embodiment of the present invention analyzes access information, and may include:
and calling a preset key field, and extracting the content corresponding to the key field contained in the access information to obtain the information to be displayed on the map.
It should be noted that when the access information is analyzed to obtain the corresponding analysis result, the preset key field may be called, and then the content of the key field in the access information is read according to the message format specified in the corresponding communication protocol, or the content of the key field, which is the information to be displayed on the map, is obtained from the access information after the access information is converted into the readable format, so that the analysis result may be simply and effectively obtained in this way. In addition, the key fields may include fields indicating a logical address, a port identifier, a communication protocol, an identity identifier, and the like, and of course, other settings may be performed according to actual needs, which are within the protection scope of the present invention.
The access control method provided by the embodiment of the present invention may further include:
receiving a field setting instruction input by the outside, and determining fields contained in the field setting instruction as key fields used for realizing analysis of the access information.
It should be noted that the key field may be preset, or may be set according to a configuration request of a user, that is, a field setting instruction input from the outside is received, and then the field carried by the field is determined to be the key field; in addition, after the key field is determined and the updating request is received, the determined key field can be replaced by the field carried in the updating request, so that the updating of the key field is realized, the setting of the key field meets the current requirement of a user, and the analysis of the access information can meet the requirement of the user. In addition, the key fields can be stored after being determined, so that corresponding acquisition can be conveniently carried out when needed.
The access control method provided by the embodiment of the present invention may further include:
and storing various items of information obtained by analyzing the access information into a pre-specified database in a Structured Query Language (SQL) file mode.
Various information obtained by analyzing the access information, namely, fields in the analysis result can be stored in a Structured Query Language (SQL) file, and can be stored in a pre-specified database specifically; therefore, by the field storage mode, the maintenance time for information storage is reduced, and the subsequent query operation is facilitated.
In addition, constraint conditions when the analysis result is output can be set in the application, specifically, the access information can be analyzed to obtain a source logical address, a destination logical address, a communication protocol, a source port, a destination port, identity information of equipment sending the access information, time (access time information) for receiving the access information, area information corresponding to the source logical address and the destination logical address, and the like, and further when a worker needs to obtain the analysis result, the worker can input an inquiry request to an internet data center, further obtain information which meets the constraint conditions carried by the inquiry request in the analysis result and is information which needs to be output, and further output the information which is determined to need to be output according to the technical scheme disclosed by the application; in addition, the query request may include at least one constraint condition, where the constraint condition may be a region where the device initiating the access information is located, or access time information, or a device and a target website that are accessed. Therefore, after the analysis result is obtained, the analysis result can be screened according to the constraint condition, the analysis result meeting the constraint condition is obtained and output, and the current requirements of workers are further met.
In a specific application scenario, a schematic diagram of a framework for implementing an access control method provided in an embodiment of the present invention may be as shown in fig. 2, and a specific implementation process of the access control method may include:
step 201, acquiring IP address information and corresponding regional information within a certain range (such as the world) and storing the IP address information and the corresponding regional information into a database to form an address database so as to facilitate the use of a data analysis program;
step 202, deploying a data packet capturing program at a firewall at an entrance of an IDC machine room, and completing acquisition of access information by capturing information of a network card;
step 203, after the data packet capturing program is deployed, the data distribution center configures addresses of data analysis programs and distributes a plurality of data packets of access information to the plurality of data analysis programs;
step 204, the data analysis program obtains a corresponding analysis result by analyzing the access information and comparing the access information with the information in the address database, wherein the analysis result can comprise a data source (area information) for determining the access information of the packet capturing, and a database file, such as an SQL file, corresponding to the analysis result is generated;
step 205, data statistics and storage, wherein analysis results obtained by analyzing a data analysis program are stored in a preset database;
step 206, the data summarization center uses Java to summarize analysis results obtained by a plurality of data analysis programs, and displays the summarization results through a Web page so as to be convenient to check;
step 207, the Web can dynamically display the IDC computer room credit access amount, namely the real-time analysis result, by using js plug-in.
The method comprises a data packet capturing program, a data distribution center, a data analysis program, a data statistics and storage center, a data summarization center and WEB page display, so that a user can check the access amount information from each place to an IDC machine room through the WEB page. Therefore, the information of the area corresponding to the access information is positioned through the address database, the analysis result is stored by adopting the SQL file, and the time required by information processing is reduced.
An embodiment of the present invention further provides an access control apparatus, as shown in fig. 3, which may include:
a monitoring module 11 for: monitoring an internet data center, and copying any access information received by the internet data center for analysis when the internet data center is monitored to receive the any access information;
a parsing module 12 for: analyzing the access information to obtain a source logical address which represents the sending of the access information and a corresponding target logical address to be accessed, which are contained in the access information, and determining area information which respectively corresponds to the source logical address and the target logical address according to a preset corresponding relation;
an output module 13, configured to: and calling a preset map, and displaying the determined region information on the map so as to realize the management and control of the access information based on the information on the map.
In an access control apparatus provided in an embodiment of the present invention, the output module may include:
a display unit for: displaying the determined region information on a map in an arrow manner; wherein the arrow points from the region of the region information corresponding to the source logical address to the region of the region information corresponding to the destination logical address, and different access information corresponds to arrows having different arrow marks.
In an access control apparatus provided in an embodiment of the present invention, an analysis module may include:
an analysis unit configured to: and if the monitored and copied access information is multiple, calling multiple preset analysis programs, and analyzing the multiple access information in parallel by using the multiple preset analysis programs.
In the access control apparatus provided in the embodiment of the present invention, the parsing module is further configured to: after the arbitrary access information received by the internet data center is copied for analysis, analyzing the access information to obtain an identifier representing a source port sending the access information, an identifier corresponding to a destination port needing to be accessed, time of receiving the access information by a communication protocol for realizing access information sending and identity information of equipment sending the access information, wherein the identifier is contained in the access information; the output module is also used for marking the obtained information at the appointed position of the corresponding arrow on the map.
In an access control apparatus provided in an embodiment of the present invention, an analysis module may include:
an extraction unit to: and calling a preset key field, and extracting the content corresponding to the key field contained in the access information to obtain the information to be displayed on the map.
The access control device provided in the embodiment of the present invention may further include:
a setup module to: receiving a field setting instruction input from the outside, and determining fields contained in the field setting instruction as key fields used for realizing analysis of the access information.
The access control device provided in the embodiment of the present invention may further include:
a storage module to: and storing various items of information obtained by analyzing the access information into a pre-specified database in a Structured Query Language (SQL) file mode.
An embodiment of the present invention further provides an access control device, including:
a memory for storing a computer program;
a processor for implementing the steps of any one of the above access control methods when executing the computer program.
An embodiment of the present invention further provides a computer-readable storage medium, where a computer program is stored on the computer-readable storage medium, and when the computer program is executed by a processor, the steps of any one of the above access control methods are implemented.
It should be noted that, for the description of the relevant parts in the access control apparatus, the device and the storage medium provided in the embodiment of the present invention, reference is made to the detailed description of the corresponding parts in the access control method provided in the embodiment of the present invention, and details are not repeated here. In addition, parts of the technical solutions provided by the embodiments of the present invention that are consistent with the implementation principle of the corresponding technical solutions in the prior art are not described in detail, so as to avoid redundant description.
It will be understood by those skilled in the art that all or some of the steps of the methods disclosed above, and functional modules/units in the apparatus, may be implemented as software, firmware, hardware, and suitable combinations thereof. In a hardware implementation, the division between functional modules/units mentioned in the above description does not necessarily correspond to the division of physical components; for example, one physical component may have multiple functions, or one function or step may be performed by several physical components in cooperation. Some or all of the components may be implemented as software executed by a processor, such as a digital signal processor or microprocessor, or as hardware, or as an integrated circuit, such as an application specific integrated circuit. Such software may be distributed on computer readable media, which may include computer storage media (or non-transitory media) and communication media (or transitory media). The term computer storage media includes volatile and nonvolatile, removable and non-removable media implemented in any method or technology for storage of information such as computer readable instructions, data structures, program modules or other data, as is well known to those of ordinary skill in the art. Computer storage media includes, but is not limited to, RAM, ROM, EEPROM, flash memory or other memory technology, CD-ROM, Digital Versatile Disks (DVD) or other optical disk storage, magnetic cassettes, magnetic tape, magnetic disk storage or other magnetic storage devices, or any other medium which can be used to store the desired information and which can accessed by a computer. In addition, communication media typically embodies computer readable instructions, data structures, program modules or other data in a modulated data signal such as a carrier wave or other transport mechanism and includes any information delivery media as is well known to those skilled in the art. Moreover, the previous description of the disclosed embodiments is provided to enable any person skilled in the art to make or use the present invention. Various modifications to these embodiments will be readily apparent to those skilled in the art, and the generic principles defined herein may be applied to other embodiments without departing from the spirit or scope of the invention. Thus, the present invention is not intended to be limited to the embodiments shown herein but is to be accorded the widest scope consistent with the principles and novel features disclosed herein.
Claims (10)
1. An access management and control method, comprising:
monitoring an internet data center, and copying any access information received by the internet data center for analysis when monitoring that the internet data center receives the any access information;
analyzing the access information to obtain a source logical address which represents sending the access information and a corresponding target logical address to be accessed, wherein the source logical address and the corresponding target logical address are contained in the access information, and determining area information respectively corresponding to the source logical address and the target logical address according to a preset corresponding relation;
and calling a preset map, and displaying the determined region information on the map so as to realize the control of the access information based on the information on the map.
2. The method of claim 1, wherein displaying the determined regional information on the map comprises:
displaying the determined region information on the map in an arrow manner; wherein the arrow points from the region of the region information corresponding to the source logical address to the region of the region information corresponding to the destination logical address, and different access information corresponds to an arrow with a different arrow mark.
3. The method of claim 2, wherein parsing the access information comprises:
and if the monitored and copied access information is multiple, calling multiple preset analysis programs, and analyzing the multiple access information in parallel by using the multiple preset analysis programs.
4. The method of claim 3, wherein after copying the arbitrary access information received by the internet data center for parsing, further comprising:
analyzing the access information to obtain an identifier of a source port sending the access information, an identifier of a corresponding destination port needing to be accessed, time for receiving the access information by a communication protocol for sending the access information and identity information of equipment sending the access information, wherein the identifier of the source port sending the access information, the identifier of the corresponding destination port needing to be accessed, the time for receiving the access information by the communication protocol for sending the access information and the identity information are contained in the access information, and the obtained information is marked at a specified position of a corresponding arrow on the map.
5. The method of claim 4, wherein parsing the access information comprises:
and calling a preset key field, and extracting the content corresponding to the key field contained in the access information to obtain the information to be displayed on the map.
6. The method of claim 5, further comprising:
receiving a field setting instruction input from the outside, and determining fields contained in the field setting instruction as key fields used for realizing analysis of the access information.
7. The method of claim 6, further comprising:
and storing various items of information obtained by analyzing the access information into a pre-specified database in a Structured Query Language (SQL) file mode.
8. An access management apparatus, comprising:
a monitoring module to: monitoring an internet data center, and copying any access information received by the internet data center for analysis when the internet data center is monitored to receive the any access information;
an analysis module to: analyzing the access information to obtain a source logical address which represents sending of the access information and a corresponding target logical address which needs to be accessed, wherein the source logical address and the target logical address are contained in the access information, and determining area information which respectively corresponds to the source logical address and the target logical address according to a preset corresponding relation;
an output module to: and calling a preset map, and displaying the determined region information on the map so as to realize the control of the access information based on the information on the map.
9. An access management control device, comprising:
a memory for storing a computer program;
a processor for implementing the steps of the access regulating method according to any one of claims 1 to 7 when executing the computer program.
10. A computer-readable storage medium, having stored thereon a computer program which, when executed by a processor, carries out the steps of the access regulating method according to any one of claims 1 to 7.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201911379263.7A CN111177281B (en) | 2019-12-27 | 2019-12-27 | Access control method, device, equipment and storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201911379263.7A CN111177281B (en) | 2019-12-27 | 2019-12-27 | Access control method, device, equipment and storage medium |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN111177281A CN111177281A (en) | 2020-05-19 |
| CN111177281B true CN111177281B (en) | 2022-07-15 |
Family
ID=70650494
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201911379263.7A Active CN111177281B (en) | 2019-12-27 | 2019-12-27 | Access control method, device, equipment and storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN111177281B (en) |
Families Citing this family (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114374644B (en) * | 2021-12-22 | 2023-09-19 | 烟台东方瑞创达电子科技有限公司 | Industrial Internet identification analysis method and system based on infrastructure logic architecture |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101291259A (en) * | 2007-04-18 | 2008-10-22 | 阿里巴巴集团控股有限公司 | System and method for monitoring geographic position of website visitor and visiting status |
| CN105162627A (en) * | 2015-08-24 | 2015-12-16 | 上海天旦网络科技发展有限公司 | Method and system for discovering and presenting network application access information |
| CN110138601A (en) * | 2019-04-28 | 2019-08-16 | 中国人民银行清算总中心 | Centralized monitoring method and device |
| CN110351298A (en) * | 2019-07-24 | 2019-10-18 | ***通信集团黑龙江有限公司 | Access control method, device, equipment and storage medium |
Family Cites Families (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20070061451A1 (en) * | 2002-12-05 | 2007-03-15 | Michael Villado | Method and system for monitoring network communications in real-time |
-
2019
- 2019-12-27 CN CN201911379263.7A patent/CN111177281B/en active Active
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101291259A (en) * | 2007-04-18 | 2008-10-22 | 阿里巴巴集团控股有限公司 | System and method for monitoring geographic position of website visitor and visiting status |
| CN105162627A (en) * | 2015-08-24 | 2015-12-16 | 上海天旦网络科技发展有限公司 | Method and system for discovering and presenting network application access information |
| CN110138601A (en) * | 2019-04-28 | 2019-08-16 | 中国人民银行清算总中心 | Centralized monitoring method and device |
| CN110351298A (en) * | 2019-07-24 | 2019-10-18 | ***通信集团黑龙江有限公司 | Access control method, device, equipment and storage medium |
Non-Patent Citations (2)
| Title |
|---|
| "blog/ip-visualize/";youerning;《https://github.com/youerning/blog/tree/master/ip-visualize》;20180328;第1-10页 * |
| 网站流量评估监测***的设计与实现;袁雅萍;《煤炭技术》;20091010(第10期);第174-176页 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN111177281A (en) | 2020-05-19 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US10084681B2 (en) | Method and system for monitoring server cluster | |
| CN107169094B (en) | Information aggregation method and device | |
| CN113987074A (en) | Distributed service full-link monitoring method and device, electronic equipment and storage medium | |
| US20180287920A1 (en) | Intercepting application traffic monitor and analyzer | |
| CN110633195B (en) | Performance data display method and device, electronic equipment and storage medium | |
| CN108900374A (en) | A kind of data processing method and device applied to DPI equipment | |
| CN108734808A (en) | A kind of night watching method and system | |
| CN106921671B (en) | network attack detection method and device | |
| CN107426007A (en) | Method and system for the network device information in tracking network interchanger | |
| CN112134719A (en) | Method and system for analyzing base station security log | |
| CN112994982A (en) | Packet capture control method, device and system of cloud-real machine and storage medium | |
| CN110912731A (en) | NFV-based system and method for realizing service identification and topology analysis by adopting DPI technology | |
| CN111177281B (en) | Access control method, device, equipment and storage medium | |
| CN117176802B (en) | Full-link monitoring method and device for service request, electronic equipment and medium | |
| KR102314557B1 (en) | System for managing security control and method thereof | |
| CN104994181A (en) | Method for displaying dynamic MAC address table in distributed OLT system | |
| CN112448963A (en) | Method, device, equipment and storage medium for analyzing automatic attack industrial assets | |
| CN109474529B (en) | Method for feeding back terminal network associated data | |
| CN104468505B (en) | A kind of security audit daily record player method and device | |
| CN109495302B (en) | Link monitoring method, cloud server and computer readable storage medium | |
| CN114610689B (en) | Recording and analyzing method for request log in distributed environment | |
| CN111506769A (en) | Video file processing method and device, storage medium and electronic device | |
| CN115242692B (en) | Network asset custom protocol identification method, device, terminal and storage medium | |
| CN113778709B (en) | Interface calling method, device, server and storage medium | |
| CN106681894B (en) | Monitoring method and monitoring device of intelligent equipment |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |