CN114465963A - Switch abnormity detection method and device, electronic equipment and computer readable medium - Google Patents

Switch abnormity detection method and device, electronic equipment and computer readable medium Download PDF

Info

Publication number
CN114465963A
CN114465963A CN202111597203.XA CN202111597203A CN114465963A CN 114465963 A CN114465963 A CN 114465963A CN 202111597203 A CN202111597203 A CN 202111597203A CN 114465963 A CN114465963 A CN 114465963A
Authority
CN
China
Prior art keywords
input port
communication protocol
switch
response
port
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN202111597203.XA
Other languages
Chinese (zh)
Other versions
CN114465963B (en
Inventor
陈光宇
李永贵
杜江涛
薛亮
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing Huanyu Boya Technology Co ltd
Original Assignee
Beijing Huanyu Boya Technology Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing Huanyu Boya Technology Co ltd filed Critical Beijing Huanyu Boya Technology Co ltd
Priority to CN202111597203.XA priority Critical patent/CN114465963B/en
Publication of CN114465963A publication Critical patent/CN114465963A/en
Application granted granted Critical
Publication of CN114465963B publication Critical patent/CN114465963B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L49/00Packet switching elements
    • H04L49/30Peripheral units, e.g. input or output ports
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L49/00Packet switching elements
    • H04L49/55Prevention, detection or correction of errors
    • H04L49/555Error detection
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • H04L63/1425Traffic logging, e.g. anomaly detection

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Maintenance And Management Of Digital Transmission (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The embodiment of the disclosure discloses a switch abnormity detection method, a switch abnormity detection device, electronic equipment and a computer readable medium. One embodiment of the method comprises: in response to the current state of the switch being the active state, for each input port of the switch: in response to the fact that the current state of the input port is determined to be a data transmission state, determining whether a preset target communication protocol group has a target communication protocol which is the same as a communication protocol corresponding to the data transmitted by the input port; in response to determining that a target communication protocol identical to the communication protocol corresponding to the data transmitted by the input port exists in the target communication protocol group, determining whether the port identification of the input port is identical to the port identification corresponding to the target communication protocol; in response to determining that the port identification is different from the port identification corresponding to the target communication protocol, an abnormal data transmission log corresponding to the input port is generated. The implementation mode reduces the possibility of abnormal data transmission of the switch and reduces the invasion of network viruses.

Description

Switch abnormity detection method and device, electronic equipment and computer readable medium
Technical Field
The embodiment of the disclosure relates to the technical field of computers, in particular to a method and a device for detecting abnormality of a switch, electronic equipment and a computer readable medium.
Background
The switch is a terminal for data collection in network communication and is also a key device for preventing network virus intrusion. Currently, for monitoring data transmission in a switch, the following methods are generally adopted: after the data transmission is completed, security detection is carried out on the data after the data transmission is completed so as to prevent network virus intrusion.
However, the following technical problems generally exist in the above manner:
firstly, the security detection of data transmitted by the switch cannot be carried out in real time, so that the possibility of abnormity of the data transmitted by the switch is high, and network virus intrusion is easily caused;
second, devices that transmit anomalous data cannot be monitored, resulting in lower security of the switch.
Disclosure of Invention
This summary is provided to introduce a selection of concepts in a simplified form that are further described below in the detailed description. This summary is not intended to identify key features or essential features of the claimed subject matter, nor is it intended to be used to limit the scope of the claimed subject matter.
Some embodiments of the present disclosure propose a switch anomaly detection method, apparatus, electronic device and computer readable medium to solve one or more of the technical problems mentioned in the background section above.
In a first aspect, some embodiments of the present disclosure provide a switch anomaly detection method, applied to a switch, including: in response to the current state of the switch being the running state, for each input port of the switch, executing the following processing steps: determining whether the current state of the input port is a data transmission state; in response to determining that the current state of the input port is the data transmission state, determining whether a preset target communication protocol group has a target communication protocol which is the same as a communication protocol corresponding to the data transmitted by the input port; in response to determining that a target communication protocol identical to the communication protocol corresponding to the data transmitted by the input port exists in the target communication protocol group, determining whether the port identifier of the input port is identical to the port identifier corresponding to the target communication protocol; and in response to determining that the port identifier of the input port is different from the port identifier corresponding to the target communication protocol, generating an abnormal data transmission log corresponding to the input port, and disconnecting the network connection of the input port.
In a second aspect, some embodiments of the present disclosure provide an apparatus for detecting an abnormality of a switch, where the apparatus includes: the data processing unit is configured to respond to the current state of the switch as a running state, and for each input port of the switch, execute the following processing steps: determining whether the current state of the input port is a data transmission state; in response to determining that the current state of the input port is the data transmission state, determining whether a preset target communication protocol group has a target communication protocol which is the same as a communication protocol corresponding to the data transmitted by the input port; in response to determining that a target communication protocol identical to the communication protocol corresponding to the data transmitted by the input port exists in the target communication protocol group, determining whether the port identifier of the input port is identical to the port identifier corresponding to the target communication protocol; and in response to determining that the port identifier of the input port is different from the port identifier corresponding to the target communication protocol, generating an abnormal data transmission log corresponding to the input port, and disconnecting the network connection of the input port.
In a third aspect, some embodiments of the present disclosure provide an electronic device, comprising: one or more processors; a storage device having one or more programs stored thereon, which when executed by one or more processors, cause the one or more processors to implement the method described in any of the implementations of the first aspect.
In a fourth aspect, some embodiments of the present disclosure provide a computer readable medium on which a computer program is stored, wherein the program, when executed by a processor, implements the method described in any of the implementations of the first aspect.
The above embodiments of the present disclosure have the following advantages: by the switch abnormity detection method of some embodiments of the disclosure, the safety detection can be performed on the data transmitted by the switch in real time, so that the possibility of abnormal data transmission by the switch is reduced, and the intrusion of network viruses is reduced. In particular, the reasons for the easy invasion of network viruses are: the security detection of the data transmitted by the switch cannot be carried out in real time, so that the possibility of abnormity of the data transmitted by the switch is high, and the network virus invasion is easily caused. Based on this, the switch anomaly detection method according to some embodiments of the present disclosure, in response to the current state of the switch being the running state, performs the following processing steps for each input port of the switch: first, it is determined whether the current state of the input port is a data transmission state. Then, in response to determining that the current state of the input port is the data transmission state, it is determined whether a target communication protocol identical to the communication protocol corresponding to the data transmitted by the input port exists in a preset target communication protocol group. Therefore, when the switch transmits data, whether the data transmitted by the switch conforms to a preset communication protocol (target communication protocol) can be detected in real time. Then, in response to determining that a target communication protocol identical to the communication protocol corresponding to the data transmitted by the input port exists in the target communication protocol group, determining whether the port identifier of the input port is identical to the port identifier corresponding to the target communication protocol. Thus, it is possible to detect whether or not the communication protocol corresponding to the data transmitted from the input port is a preset communication protocol corresponding to the input port. And finally, in response to the fact that the port identification of the input port is different from the port identification corresponding to the target communication protocol, generating an abnormal data transmission log corresponding to the input port, and disconnecting the network connection of the input port. Therefore, when the data transmitted by the input port does not conform to the preset communication protocol, the network connection of the input port can be disconnected. Therefore, the transmission of abnormal data is avoided, the possibility of the exchanger for transmitting the abnormal data is reduced, and the invasion of network viruses is reduced.
Drawings
The above and other features, advantages and aspects of various embodiments of the present disclosure will become more apparent by referring to the following detailed description when taken in conjunction with the accompanying drawings. Throughout the drawings, the same or similar reference numbers refer to the same or similar elements. It should be understood that the drawings are schematic and that elements and elements are not necessarily drawn to scale.
Fig. 1 is a schematic diagram of one application scenario of a switch anomaly detection method of some embodiments of the present disclosure;
fig. 2 is a flow diagram of some embodiments of a switch anomaly detection method according to the present disclosure;
FIG. 3 is a flow diagram of further embodiments of a switch anomaly detection method according to the present disclosure;
fig. 4 is a schematic block diagram of some embodiments of a switch anomaly detection apparatus according to the present disclosure;
FIG. 5 is a schematic structural diagram of an electronic device suitable for use in implementing some embodiments of the present disclosure.
Detailed Description
Embodiments of the present disclosure will be described in more detail below with reference to the accompanying drawings. While certain embodiments of the present disclosure are shown in the drawings, it is to be understood that the disclosure may be embodied in various forms and should not be construed as limited to the embodiments set forth herein. Rather, these embodiments are provided for a more thorough and complete understanding of the present disclosure. It should be understood that the drawings and embodiments of the disclosure are for illustration purposes only and are not intended to limit the scope of the disclosure.
It should be noted that, for convenience of description, only the portions related to the related invention are shown in the drawings. The embodiments and features of the embodiments in the present disclosure may be combined with each other without conflict.
It should be noted that the terms "first", "second", and the like in the present disclosure are only used for distinguishing different devices, modules or units, and are not used for limiting the order or interdependence relationship of the functions performed by the devices, modules or units.
It is noted that references to "a", "an", and "the" modifications in this disclosure are intended to be illustrative rather than limiting, and that those skilled in the art will recognize that "one or more" may be used unless the context clearly dictates otherwise.
The names of messages or information exchanged between devices in the embodiments of the present disclosure are for illustrative purposes only, and are not intended to limit the scope of the messages or information.
The present disclosure will be described in detail below with reference to the accompanying drawings in conjunction with embodiments.
Fig. 1 is a schematic diagram of an application scenario of a switch anomaly detection method according to some embodiments of the present disclosure.
In the application scenario of fig. 1, first, the computing device 101 may execute the following processing steps for each input port of the switch in response to the current state of the switch being the running state: determining whether the current state of the input port is a data transmission state; in response to determining that the current state of the input port is the data transmission state, determining whether a preset target communication protocol group 102 has a target communication protocol that is the same as a communication protocol corresponding to the data transmitted by the input port; in response to determining that a target communication protocol identical to the communication protocol corresponding to the data transmitted by the input port exists in the target communication protocol group 102, determining whether the port identifier of the input port is identical to the port identifier corresponding to the target communication protocol; in response to determining that the port identifier of the input port is different from the port identifier corresponding to the target communication protocol, generating an abnormal data transmission log 103 corresponding to the input port, and disconnecting the network connection of the input port.
The computing device 101 may be hardware or software. When the computing device is hardware, it may be implemented as a distributed cluster composed of multiple servers or terminal devices, or may be implemented as a single server or a single terminal device. When the computing device is embodied as software, it may be installed in the hardware devices enumerated above. It may be implemented, for example, as multiple software or software modules to provide distributed services, or as a single software or software module. And is not particularly limited herein.
It should be understood that the number of computing devices in FIG. 1 is merely illustrative. There may be any number of computing devices, as implementation needs dictate.
With continued reference to fig. 2, a flow 200 of some embodiments of a switch anomaly detection method according to the present disclosure is shown. The switch abnormity detection method is applied to a switch and comprises the following steps:
step 201, in response to that the current state of the switch is the running state, for each input port of the switch, executing the following processing steps:
in step 2011, it is determined whether the current status of the input port is a data transmission status.
In some embodiments, an executing agent of the switch anomaly detection method (e.g., computing device 101 shown in fig. 1) may determine whether the current state of the input port is a data transfer state. Here, the execution subject of the switch abnormality detection method may refer to a processor of the switch. Here, the operational state may characterize that the switch is currently operational. Here, the data transmission status may indicate that the input port is transmitting data.
Step 2012, in response to determining that the current state of the input port is the data transmission state, determining whether a target communication protocol identical to the communication protocol corresponding to the data transmitted by the input port exists in a preset target communication protocol group.
In some embodiments, the executing entity may determine, in response to determining that the current state of the input port is the data transmission state, whether a target communication protocol identical to a communication protocol corresponding to the data transmitted by the input port exists in a preset target communication protocol group. Here, the target communication protocol in the target communication protocol group may be a preset communication protocol for transmitting data corresponding to a certain input port of the switch. For example, the communication Protocol may be TCP/IP (Transport Control Protocol/Internet Protocol, transmission Control Protocol/Internet Protocol). For example, the a input port corresponds to the TCP protocol and the B input port corresponds to the IP protocol. Here, the communication protocol corresponding to the data transmitted by the input port may refer to a protocol to which the data transmitted by the current input port conforms. For example, the content of the data transmitted by the current input port conforms to the content defined by the communication protocol TCP protocol.
Step 2013, in response to determining that a target communication protocol identical to the communication protocol corresponding to the data transmitted by the input port exists in the target communication protocol group, determining whether the port identifier of the input port is identical to the port identifier corresponding to the target communication protocol.
In some embodiments, the executing agent may determine whether the port identifier of the input port is the same as the port identifier corresponding to the target communication protocol in response to determining that the target communication protocol identical to the communication protocol corresponding to the data transmitted by the input port exists in the target communication protocol group. Here, the port identification may uniquely represent a certain input port. For example, the port identification may be "001", which may represent an a input port. In practice, the execution body may determine whether the port identifier of the input port is the same as the port identifier of the input port corresponding to the target communication protocol.
Step 2014, in response to determining that the port identifier of the input port is different from the port identifier corresponding to the target communication protocol, generating an abnormal data transmission log corresponding to the input port, and disconnecting the network connection of the input port.
In some embodiments, the execution agent may generate an abnormal data transmission log corresponding to the input port and disconnect a network connection of the input port in response to determining that the port identifier of the input port is different from the port identifier corresponding to the target communication protocol. Here, the abnormal data transmission log may be a log indicating that a communication protocol corresponding to the data transmitted by the input port does not match a preset communication protocol corresponding to the input port. For example, the abnormal data transmission log may be "the data transmitted by the a input port does not conform to the preset communication protocol", that is, the content of the data transmitted by the a input port is different from the content defined by the preset communication protocol.
Optionally, in response to that the current state of the input port is not the data transmission state, determining a duration of the current state of the input port.
In some embodiments, the execution entity may determine a duration of the current state of the input port in response to the current state of the input port not being the data transfer state. In practice, the current state of the input port is not the data transmission state, i.e. it indicates that the input port is not transmitting data currently. Here, the duration of the current state of the input port, i.e., the duration of the time during which the input port is not currently transmitting data, is determined.
Optionally, in response to that the duration is greater than or equal to a preset duration, generating an abnormal state log corresponding to the input port, and controlling the switch to perform alarm processing.
In some embodiments, the execution main body may generate an abnormal state log corresponding to the input port in response to the duration being greater than or equal to a preset duration, and control the switch to perform alarm processing. Here, the setting of the preset time period is not limited. Here, the abnormal state log may be a log representing that the input port has not transmitted data for a long time. For example, the exception status log may be "a input port has not transmitted data for 10 minutes". Here, the alarm processing may refer to issuing an alarm tone. For example, the switch is controlled to emit an alarm tone.
Optionally, in response to not receiving the data transmission termination instruction corresponding to the input port and detecting that the current state of the input port is the data transmission termination state, generating an exception log corresponding to the input port, and controlling the switch to perform alarm processing.
In some embodiments, the execution agent may generate an exception log corresponding to the input port and control the switch to perform an alarm process in response to not receiving a data transmission termination instruction corresponding to the input port and detecting that the current state of the input port is a data transmission termination state. Here, the data transfer termination instruction may refer to an instruction to stop the input port from transferring data. Here, the data transfer termination state may indicate that the input port is not currently transferring data. Here, the abnormality log may be a log characterizing that the input port abnormally terminates transmission data. Here, the alarm processing may refer to issuing an alarm tone. For example, the switch is controlled to emit an alarm tone.
Optionally, the generated abnormal data transmission log is sent to a preset alarm terminal to perform an alarm operation.
In some embodiments, the execution main body may send each generated abnormal data transmission log to a preset alarm terminal to perform an alarm operation. Here, the preset alarm terminal may refer to a preset maintenance terminal. Here, the alarm operation may mean issuing an alarm tone.
Optionally, in response to receiving a reset instruction corresponding to the switch, a password input by a user in a password display screen of the switch is received.
In some embodiments, the execution body may receive a password input by a user in a password display screen of the switch in response to receiving a reset instruction corresponding to the switch. Here, the reset instruction may be an instruction to restore the program in the switch to factory settings. Here, the password display screen of the switch may refer to a display screen provided on an outer surface of the switch and communicatively connected to the execution main body.
Optionally, it is determined whether the password is a preset password.
In some embodiments, the execution subject may determine whether the password is a preset password. Here, the setting of the preset password is not limited.
Optionally, in response to determining that the password is a preset password, the switch is reset.
In some embodiments, the execution subject may perform a reset process on the switch in response to determining that the password is a preset password. Here, the reset process may refer to restoring the program in the switch to factory settings.
Therefore, the reset of the switch caused by the mistaken sending of the reset command can be prevented by using the set password.
The above embodiments of the present disclosure have the following advantages: by the switch abnormity detection method of some embodiments of the disclosure, the safety detection can be performed on the data transmitted by the switch in real time, so that the possibility of abnormal data transmission by the switch is reduced, and the intrusion of network viruses is reduced. In particular, the reasons for the easy invasion of network viruses are: the security detection of the data transmitted by the switch cannot be carried out in real time, so that the possibility of abnormity of the data transmitted by the switch is high, and the network virus invasion is easily caused. Based on this, the switch anomaly detection method according to some embodiments of the present disclosure, in response to the current state of the switch being the running state, performs the following processing steps for each input port of the switch: first, it is determined whether the current state of the input port is a data transmission state. Then, in response to determining that the current state of the input port is the data transmission state, it is determined whether a target communication protocol identical to the communication protocol corresponding to the data transmitted by the input port exists in a preset target communication protocol group. Therefore, when the switch transmits data, whether the data transmitted by the switch conforms to a preset communication protocol (target communication protocol) can be detected in real time. Then, in response to determining that a target communication protocol identical to the communication protocol corresponding to the data transmitted by the input port exists in the target communication protocol group, determining whether the port identifier of the input port is identical to the port identifier corresponding to the target communication protocol. Thus, it is possible to detect whether or not the communication protocol corresponding to the data transmitted from the input port is a preset communication protocol corresponding to the input port. And finally, in response to the fact that the port identification of the input port is different from the port identification corresponding to the target communication protocol, generating an abnormal data transmission log corresponding to the input port, and disconnecting the network connection of the input port. Therefore, when the data transmitted by the input port does not conform to the preset communication protocol, the network connection of the input port can be disconnected. Therefore, the transmission of abnormal data is avoided, the possibility of the exchanger for transmitting the abnormal data is reduced, and the invasion of network viruses is reduced.
With further reference to fig. 3, further embodiments of a switch anomaly detection method according to the present disclosure are shown. The switch abnormity detection method is applied to a switch and comprises the following steps:
step 301, in response to that the current state of the switch is the running state, for each input port of the switch, executing the following processing steps:
step 3011, determine whether the current status of the input port is a data transmission status.
Step 3012, in response to determining that the current state of the input port is the data transmission state, determining whether a target communication protocol identical to the communication protocol corresponding to the data transmitted by the input port exists in a preset target communication protocol group.
Step 3013, in response to determining that a target communication protocol identical to the communication protocol corresponding to the data transmitted by the input port exists in the target communication protocol group, determining whether the port identifier of the input port is identical to the port identifier corresponding to the target communication protocol.
Step 3014, in response to determining that the port identifier of the input port is different from the port identifier corresponding to the target communication protocol, generating an abnormal data transmission log corresponding to the input port, and disconnecting the network connection of the input port.
In some embodiments, the specific implementation and technical effects of steps 3011-3014 may refer to steps 2011-2014 in the embodiments corresponding to fig. 2, which is not described herein again.
Step 3015, in response to determining that there is no target communication protocol in the target communication protocol group that is the same as the communication protocol corresponding to the data transmitted by the input port, disconnecting the network connection of the input port, and generating an abnormal transmission log corresponding to the input port.
In some embodiments, an executing agent (e.g., the computing device 101 shown in fig. 1) of the switch anomaly detection method may disconnect a network connection of the input port and generate an anomaly transmission log corresponding to the input port in response to determining that a target communication protocol identical to a communication protocol corresponding to the data transmitted by the input port does not exist in the target communication protocol group. Here, the abnormal transmission log may refer to a log in which the input port suddenly interrupts transmission during data transmission.
Step 3016, determine the device id included in the data transmitted by the input port as an abnormal device id.
In some embodiments, the execution subject may determine a device identifier included in the data transmitted by the input port as an abnormal device identifier. Here, the device identification may refer to an identification of a device that transmits data.
Step 3017, send the abnormal transmission log and the abnormal device identifier to a preset fault handling terminal.
In some embodiments, the execution subject may send the abnormal transmission log and the abnormal device identifier to a preset fault handling terminal. Here, the fault handling terminal may be a terminal that handles an abnormal device. In practice, after the abnormal transmission log and the abnormal equipment identifier are sent to a preset fault processing terminal, a maintenance worker can be notified to timely maintain abnormal equipment.
The related content in step 3015 and 3017 serves as an inventive point of the present disclosure, thereby solving the technical problem two mentioned in the background art that "the device for transmitting abnormal data cannot be monitored, resulting in lower security of the switch. ". The factors that lead to lower security of the switch tend to be as follows: the equipment for transmitting abnormal data cannot be monitored, so that the security of the switch is low. If the above-mentioned factors are solved, the effect of improving the security of the switch can be achieved. To achieve this, first, in response to determining that the target communication protocol group does not have the same target communication protocol as the communication protocol corresponding to the data transmitted by the input port, the network connection of the input port is disconnected, and an abnormal transmission log corresponding to the input port is generated. This can prevent transmission of abnormal data and prevent intrusion of network viruses. Then, the device identifier included in the data transmitted by the input port is determined as an abnormal device identifier. Therefore, the equipment which sends out abnormal data can be tracked, and the equipment which transmits the abnormal data can be monitored conveniently. And finally, sending the abnormal transmission log and the abnormal equipment identifier to a preset fault processing terminal. Therefore, the maintenance personnel at the fault processing terminal can be conveniently and timely informed to timely maintain the abnormal equipment, so that the safety of the switch is improved.
Optionally, before the processing step 301, the method further includes:
first, a preset communication protocol set is obtained.
In some embodiments, the execution body may obtain a preset communication protocol set from the terminal device through a wired connection or a wireless connection. Wherein, the communication protocol in the communication protocol group corresponds to at least one input port of the switch. Here, the communication protocol in the communication protocol group may refer to a protocol of data transmitted by one or more predetermined input ports. For example, the communication protocol may be an IP protocol.
And secondly, acquiring the equipment identifier of the equipment to be connected of each input port of the switch to obtain an equipment identifier group.
In some embodiments, the execution main body may obtain, from the terminal device, the device identifier of the device to be connected to each input port of the switch in a wired connection or wireless connection manner, to obtain the device identifier group. Here, the input port to-be-connected device may refer to a device previously set to connect a certain input port. Here, the device identification may uniquely represent a certain device.
And thirdly, performing association processing on each communication protocol in the communication protocol group, the port identifier corresponding to the input port of the communication protocol and the equipment identifier corresponding to the port identifier to generate an associated communication protocol as a target communication protocol to obtain a target communication protocol group.
In some embodiments, the executing body may perform association processing on each communication protocol in the communication protocol group, a port identifier corresponding to the input port of the communication protocol, and an equipment identifier corresponding to the port identifier, so as to generate an associated communication protocol as a target communication protocol, and obtain a target communication protocol group. Here, the association process may refer to a splicing process.
Optionally, in response to that the current state of the switch is the power-on state, for each input port of the switch, the following detection steps are performed:
firstly, determining whether the communication protocol currently corresponding to the input port is a preset communication protocol corresponding to the input port. Here, the powered-on state may characterize the just-powered-on switch. In practice, the execution body may detect whether a communication protocol associated with the port identifier of the input port is a preset communication protocol corresponding to the port identifier.
Thereby, it is possible to detect whether the communication protocol of the input port is tampered with.
And a second step of replacing the communication protocol currently corresponding to the input port with a preset communication protocol corresponding to the input port in response to determining that the communication protocol currently corresponding to the input port is not the preset communication protocol corresponding to the input port.
Therefore, the communication protocol corresponding to the input port can be corrected in time under the condition that the communication protocol corresponding to the input port is tampered, so that subsequent data transmission abnormity is prevented.
As can be seen from fig. 3, compared with the description of some embodiments corresponding to fig. 2, the process 300 in some embodiments corresponding to fig. 3 facilitates timely notifying a serviceman of the fault handling terminal to timely perform maintenance on the abnormal device, so as to improve the security of the switch.
With further reference to fig. 4, as an implementation of the methods shown in the above figures, the present disclosure provides some embodiments of a switch anomaly detection apparatus, which correspond to those of the method embodiments shown in fig. 2, and which may be applied in various electronic devices.
As shown in fig. 4, the switch abnormality detection apparatus 400 of some embodiments includes: a data processing unit 401. Wherein, the data processing unit 401 is configured to, in response to the current state of the switch being the running state, execute the following processing steps for each input port of the switch: determining whether the current state of the input port is a data transmission state; in response to determining that the current state of the input port is the data transmission state, determining whether a preset target communication protocol group has a target communication protocol which is the same as a communication protocol corresponding to the data transmitted by the input port; in response to determining that a target communication protocol identical to the communication protocol corresponding to the data transmitted by the input port exists in the target communication protocol group, determining whether the port identifier of the input port is identical to the port identifier corresponding to the target communication protocol; and in response to the fact that the port identification of the input port is different from the port identification corresponding to the target communication protocol, generating an abnormal data transmission log corresponding to the input port, and disconnecting the network connection of the input port.
It will be understood that the elements described in the apparatus 400 correspond to various steps in the method described with reference to fig. 2. Thus, the operations, features and resulting advantages described above with respect to the method are also applicable to the apparatus 400 and the units included therein, and will not be described herein again.
Referring now to FIG. 5, a block diagram of an electronic device (e.g., computing device 101 of FIG. 1)500 suitable for use in implementing some embodiments of the present disclosure is shown. The electronic devices in some embodiments of the present disclosure may include, but are not limited to, mobile terminals such as mobile phones, notebook computers, digital broadcast receivers, PDAs (personal digital assistants), PADs (tablet computers), PMPs (portable multimedia players), and the like, and fixed terminals such as digital TVs, desktop computers, and the like. The electronic device shown in fig. 5 is only an example, and should not bring any limitation to the functions and the scope of use of the embodiments of the present disclosure.
As shown in fig. 5, electronic device 500 may include a processing means (e.g., central processing unit, graphics processor, etc.) 501 that may perform various appropriate actions and processes in accordance with a program stored in a Read Only Memory (ROM)502 or a program loaded from a storage means 508 into a Random Access Memory (RAM) 503. In the RAM503, various programs and data necessary for the operation of the electronic apparatus 500 are also stored. The processing device 501, the ROM502, and the RAM503 are connected to each other through a bus 504. An input/output (I/O) interface 505 is also connected to bus 504.
Generally, the following devices may be connected to the I/O interface 505: input devices 506 including, for example, a touch screen, touch pad, keyboard, mouse, camera, microphone, accelerometer, gyroscope, etc.; output devices 507 including, for example, a Liquid Crystal Display (LCD), speakers, vibrators, and the like; storage devices 508 including, for example, magnetic tape, hard disk, etc.; and a communication device 509. The communication means 509 may allow the electronic device 500 to communicate with other devices wirelessly or by wire to exchange data. While fig. 5 illustrates an electronic device 500 having various means, it is to be understood that not all illustrated means are required to be implemented or provided. More or fewer devices may alternatively be implemented or provided. Each block shown in fig. 5 may represent one device or may represent multiple devices as desired.
In particular, according to some embodiments of the present disclosure, the processes described above with reference to the flow diagrams may be implemented as computer software programs. For example, some embodiments of the present disclosure include a computer program product comprising a computer program embodied on a computer readable medium, the computer program comprising program code for performing the method illustrated in the flow chart. In some such embodiments, the computer program may be downloaded and installed from a network via the communication means 509, or installed from the storage means 508, or installed from the ROM 502. The computer program, when executed by the processing device 501, performs the above-described functions defined in the methods of some embodiments of the present disclosure.
It should be noted that the computer readable medium described in some embodiments of the present disclosure may be a computer readable signal medium or a computer readable storage medium or any combination of the two. A computer readable storage medium may be, for example, but not limited to, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device, or any combination of the foregoing. More specific examples of the computer readable storage medium may include, but are not limited to: an electrical connection having one or more wires, a portable computer diskette, a hard disk, a Random Access Memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or flash memory), an optical fiber, a portable compact disc read-only memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing. In some embodiments of the disclosure, a computer readable storage medium may be any tangible medium that can contain, or store a program for use by or in connection with an instruction execution system, apparatus, or device. In some embodiments of the present disclosure, however, a computer readable signal medium may include a propagated data signal with computer readable program code embodied therein, for example, in baseband or as part of a carrier wave. Such a propagated data signal may take any of a variety of forms, including, but not limited to, electro-magnetic, optical, or any suitable combination thereof. A computer readable signal medium may also be any computer readable medium that is not a computer readable storage medium and that can communicate, propagate, or transport a program for use by or in connection with an instruction execution system, apparatus, or device. Program code embodied on a computer readable medium may be transmitted using any appropriate medium, including but not limited to: electrical wires, optical cables, RF (radio frequency), etc., or any suitable combination of the foregoing.
In some embodiments, the clients, servers may communicate using any currently known or future developed network Protocol, such as HTTP (HyperText Transfer Protocol), and may interconnect with any form or medium of digital data communication (e.g., a communications network). Examples of communication networks include a local area network ("LAN"), a wide area network ("WAN"), the Internet (e.g., the Internet), and peer-to-peer networks (e.g., ad hoc peer-to-peer networks), as well as any currently known or future developed network.
The computer readable medium may be embodied in the electronic device; or may exist separately without being assembled into the electronic device. The computer readable medium carries one or more programs which, when executed by the electronic device, cause the electronic device to: in response to the current state of the switch being the running state, for each input port of the switch, executing the following processing steps: determining whether the current state of the input port is a data transmission state; in response to determining that the current state of the input port is the data transmission state, determining whether a preset target communication protocol group has a target communication protocol which is the same as a communication protocol corresponding to the data transmitted by the input port; in response to determining that a target communication protocol identical to the communication protocol corresponding to the data transmitted by the input port exists in the target communication protocol group, determining whether the port identifier of the input port is identical to the port identifier corresponding to the target communication protocol; and in response to determining that the port identifier of the input port is different from the port identifier corresponding to the target communication protocol, generating an abnormal data transmission log corresponding to the input port, and disconnecting the network connection of the input port.
Computer program code for carrying out operations for embodiments of the present disclosure may be written in any combination of one or more programming languages, including an object oriented programming language such as Java, Smalltalk, C + +, and conventional procedural programming languages, such as the "C" programming language or similar programming languages. The program code may execute entirely on the user's computer, partly on the user's computer, as a stand-alone software package, partly on the user's computer and partly on a remote computer or entirely on the remote computer or server. In the case of a remote computer, the remote computer may be connected to the user's computer through any type of network, including a Local Area Network (LAN) or a Wide Area Network (WAN), or the connection may be made to an external computer (for example, through the Internet using an Internet service provider).
The flowchart and block diagrams in the figures illustrate the architecture, functionality, and operation of possible implementations of systems, methods and computer program products according to various embodiments of the present disclosure. In this regard, each block in the flowchart or block diagrams may represent a module, segment, or portion of code, which comprises one or more executable instructions for implementing the specified logical function(s). It should also be noted that, in some alternative implementations, the functions noted in the block may occur out of the order noted in the figures. For example, two blocks shown in succession may, in fact, be executed substantially concurrently, or the blocks may sometimes be executed in the reverse order, depending upon the functionality involved. It will also be noted that each block of the block diagrams and/or flowchart illustration, and combinations of blocks in the block diagrams and/or flowchart illustration, can be implemented by special purpose hardware-based systems which perform the specified functions or acts, or combinations of special purpose hardware and computer instructions.
The units described in some embodiments of the present disclosure may be implemented by software, and may also be implemented by hardware. The described units may also be provided in a processor, and may be described as: a processor includes a data processing unit. Where the names of the units do not in some cases constitute a limitation on the units themselves, for example, a data processing unit may also be described as "in response to the current state of the switch being an operational state, for each input port of the switch, performing the following processing steps: determining whether the current state of the input port is a data transmission state; in response to determining that the current state of the input port is the data transmission state, determining whether a preset target communication protocol group has a target communication protocol which is the same as a communication protocol corresponding to the data transmitted by the input port; in response to determining that a target communication protocol identical to the communication protocol corresponding to the data transmitted by the input port exists in the target communication protocol group, determining whether the port identifier of the input port is identical to the port identifier corresponding to the target communication protocol; and a unit "for generating an abnormal data transmission log corresponding to the input port and disconnecting the network connection of the input port, in response to determining that the port identification of the input port is different from the port identification corresponding to the target communication protocol.
The functions described herein above may be performed, at least in part, by one or more hardware logic components. For example, without limitation, exemplary types of hardware logic components that may be used include: field Programmable Gate Arrays (FPGAs), Application Specific Integrated Circuits (ASICs), Application Specific Standard Products (ASSPs), systems on a chip (SOCs), Complex Programmable Logic Devices (CPLDs), and the like.
The foregoing description is only exemplary of the preferred embodiments of the disclosure and is illustrative of the principles of the technology employed. It will be appreciated by those skilled in the art that the scope of the invention in the embodiments of the present disclosure is not limited to the specific combination of the above-mentioned features, but also encompasses other embodiments in which any combination of the above-mentioned features or their equivalents is made without departing from the inventive concept as defined above. For example, the above features and (but not limited to) technical features with similar functions disclosed in the embodiments of the present disclosure are mutually replaced to form the technical solution.

Claims (10)

1. A method for detecting abnormal switch is applied to the switch and comprises the following steps:
in response to the current state of the switch being a running state, for each input port of the switch, performing the following processing steps:
determining whether the current state of the input port is a data transmission state;
in response to the fact that the current state of the input port is determined to be the data transmission state, determining whether a target communication protocol identical to a communication protocol corresponding to the data transmitted by the input port exists in a preset target communication protocol group;
in response to determining that a target communication protocol identical to the communication protocol corresponding to the data transmitted by the input port exists in the target communication protocol group, determining whether the port identification of the input port is identical to the port identification corresponding to the target communication protocol;
in response to determining that the port identification of the input port is different from the port identification corresponding to the target communication protocol, generating an abnormal data transmission log corresponding to the input port, and disconnecting the network connection of the input port.
2. The method of claim 1, wherein the method further comprises:
and sending the generated abnormal data transmission log to a preset alarm terminal to perform alarm operation.
3. The method of claim 1, wherein the processing step further comprises:
in response to the current state of the input port not being the data transmission state, determining a duration of the current state of the input port;
and responding to the condition that the duration is greater than or equal to the preset duration, generating an abnormal state log corresponding to the input port, and controlling the switch to perform alarm processing.
4. The method of claim 1, wherein prior to the processing step, the method further comprises:
acquiring a preset communication protocol group, wherein a communication protocol in the communication protocol group corresponds to at least one input port of the switch;
acquiring equipment identification of equipment to be connected of each input port of the switch to obtain an equipment identification group;
and performing association processing on each communication protocol in the communication protocol group, the port identifier corresponding to the input port of the communication protocol and the equipment identifier corresponding to the port identifier to generate an associated communication protocol as a target communication protocol, so as to obtain a target communication protocol group.
5. The method according to one of claims 1-4, wherein the method further comprises:
in response to receiving a reset instruction corresponding to the switch, receiving a password input by a user in a password display screen of the switch;
determining whether the password is a preset password;
and in response to determining that the password is a preset password, resetting the switch.
6. The method of one of claims 1-3, wherein the processing step further comprises:
and in response to the fact that a data transmission termination instruction corresponding to the input port is not received and the fact that the current state of the input port is a data transmission termination state is detected, generating an abnormal log corresponding to the input port, and controlling the switch to perform alarm processing.
7. The method of claim 4, wherein the method further comprises:
in response to the current state of the switch being a power-on state, for each input port of the switch, performing the following detection steps:
determining whether the current corresponding communication protocol of the input port is a preset communication protocol corresponding to the input port;
and in response to determining that the communication protocol currently corresponding to the input port is not the preset communication protocol corresponding to the input port, replacing the communication protocol currently corresponding to the input port with the preset communication protocol corresponding to the input port.
8. A switch abnormality detection device is applied to a switch, and comprises:
a data processing unit configured to respond to the current state of the switch being a running state, and for each input port of the switch, execute the following processing steps: determining whether the current state of the input port is a data transmission state; in response to the fact that the current state of the input port is determined to be the data transmission state, determining whether a target communication protocol which is the same as a communication protocol corresponding to the data transmitted by the input port exists in a preset target communication protocol group or not; in response to determining that a target communication protocol identical to the communication protocol corresponding to the data transmitted by the input port exists in the target communication protocol group, determining whether the port identification of the input port is identical to the port identification corresponding to the target communication protocol; in response to determining that the port identification of the input port is different from the port identification corresponding to the target communication protocol, generating an abnormal data transmission log corresponding to the input port, and disconnecting the network connection of the input port.
9. An electronic device, comprising:
one or more processors;
a storage device having one or more programs stored thereon;
when executed by the one or more processors, cause the one or more processors to implement the method of any one of claims 1-7.
10. A computer-readable medium, on which a computer program is stored, wherein the program, when executed by a processor, implements the method of any one of claims 1-7.
CN202111597203.XA 2021-12-24 2021-12-24 Switch abnormity detection method and device, electronic equipment and computer readable medium Active CN114465963B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202111597203.XA CN114465963B (en) 2021-12-24 2021-12-24 Switch abnormity detection method and device, electronic equipment and computer readable medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202111597203.XA CN114465963B (en) 2021-12-24 2021-12-24 Switch abnormity detection method and device, electronic equipment and computer readable medium

Publications (2)

Publication Number Publication Date
CN114465963A true CN114465963A (en) 2022-05-10
CN114465963B CN114465963B (en) 2022-10-25

Family

ID=81407039

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202111597203.XA Active CN114465963B (en) 2021-12-24 2021-12-24 Switch abnormity detection method and device, electronic equipment and computer readable medium

Country Status (1)

Country Link
CN (1) CN114465963B (en)

Citations (13)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104995874A (en) * 2012-12-20 2015-10-21 罗伯特·博世有限公司 Data transmission protocol with protocol exception state
CN105429987A (en) * 2015-11-25 2016-03-23 西安科技大学 Security system for computer network
CN106559407A (en) * 2015-11-19 2017-04-05 国网智能电网研究院 A kind of Network traffic anomaly monitor system based on SDN
CN107135519A (en) * 2017-06-15 2017-09-05 广东欧珀移动通信有限公司 The detection method and device of abnormality processing function
CN109525558A (en) * 2018-10-22 2019-03-26 深信服科技股份有限公司 Leaking data detection method, system, device and storage medium
CN109698774A (en) * 2019-02-20 2019-04-30 北京百度网讯科技有限公司 Method and device for monitoring device working condition
US10613977B1 (en) * 2018-09-27 2020-04-07 Amazon Technologies, Inc. Target port with distributed transactions
CN111526121A (en) * 2020-03-24 2020-08-11 杭州迪普科技股份有限公司 Intrusion prevention method and device, electronic equipment and computer readable medium
CN111565202A (en) * 2020-07-15 2020-08-21 腾讯科技(深圳)有限公司 Intranet vulnerability attack defense method and related device
CN111654388A (en) * 2020-04-03 2020-09-11 北京天地和兴科技有限公司 Method for positioning network abnormal access equipment
CN111711616A (en) * 2020-05-29 2020-09-25 武汉蜘易科技有限公司 Network zone boundary safety protection system, method and equipment
CN111788795A (en) * 2018-03-02 2020-10-16 住友电气工业株式会社 Switch device, monitoring method, and monitoring program
CN112769819A (en) * 2021-01-05 2021-05-07 重庆邮电大学 IDC information security system based on depth security

Patent Citations (13)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104995874A (en) * 2012-12-20 2015-10-21 罗伯特·博世有限公司 Data transmission protocol with protocol exception state
CN106559407A (en) * 2015-11-19 2017-04-05 国网智能电网研究院 A kind of Network traffic anomaly monitor system based on SDN
CN105429987A (en) * 2015-11-25 2016-03-23 西安科技大学 Security system for computer network
CN107135519A (en) * 2017-06-15 2017-09-05 广东欧珀移动通信有限公司 The detection method and device of abnormality processing function
CN111788795A (en) * 2018-03-02 2020-10-16 住友电气工业株式会社 Switch device, monitoring method, and monitoring program
US10613977B1 (en) * 2018-09-27 2020-04-07 Amazon Technologies, Inc. Target port with distributed transactions
CN109525558A (en) * 2018-10-22 2019-03-26 深信服科技股份有限公司 Leaking data detection method, system, device and storage medium
CN109698774A (en) * 2019-02-20 2019-04-30 北京百度网讯科技有限公司 Method and device for monitoring device working condition
CN111526121A (en) * 2020-03-24 2020-08-11 杭州迪普科技股份有限公司 Intrusion prevention method and device, electronic equipment and computer readable medium
CN111654388A (en) * 2020-04-03 2020-09-11 北京天地和兴科技有限公司 Method for positioning network abnormal access equipment
CN111711616A (en) * 2020-05-29 2020-09-25 武汉蜘易科技有限公司 Network zone boundary safety protection system, method and equipment
CN111565202A (en) * 2020-07-15 2020-08-21 腾讯科技(深圳)有限公司 Intranet vulnerability attack defense method and related device
CN112769819A (en) * 2021-01-05 2021-05-07 重庆邮电大学 IDC information security system based on depth security

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
左青云: "《一种基于SDN的在线流量异常检测方法》", 《西安电子科技大学学报》 *
李雪: "《SDN交换机DDoS攻击检测研究与设计》", 《中国优秀硕士学位论文全文数据库》 *

Also Published As

Publication number Publication date
CN114465963B (en) 2022-10-25

Similar Documents

Publication Publication Date Title
CN109981647B (en) Method and apparatus for detecting brute force cracking
JP2022537004A (en) Secondary link monitoring method for vehicle communication, vehicle communication terminal, electronic device and computer program
CN112416632B (en) Event communication method and device, electronic equipment and computer readable medium
CN112630557A (en) Equipment state detection method, device, equipment and medium
CN110896362A (en) Fault detection method and device
CN114465963B (en) Switch abnormity detection method and device, electronic equipment and computer readable medium
CN114257632B (en) Method and device for reconnecting broken wire, electronic equipment and readable storage medium
US20200028733A1 (en) Method and apparatus for processing information
CN111131382A (en) Message monitoring method and device
CN114679295B (en) Firewall security configuration method and device
CN114844772A (en) Management method and system based on Zabbix monitoring platform
CN110888770B (en) Method and device for transmitting information
CN114745276B (en) Switch bandwidth adjusting method and device, electronic equipment and computer readable medium
CN109474478B (en) Method, device and system for monitoring transmission data abnormity
CN113763646A (en) Device control method, device, electronic device and computer readable medium
CN109918257B (en) Hard disk exception handling method and device
CN111290873A (en) Fault processing method and device
CN112671822B (en) Service request processing method, device, storage medium, server and system
CN114693313B (en) Identification code-based warehousing equipment detection method and device, electronic equipment and medium
CN116760741B (en) Data state monitoring method, device, equipment and medium
CN117632345A (en) Method and device for executing interface program
CN115604147A (en) Industrial control network-based host testing method, device, equipment and computer medium
CN113934599A (en) Information processing method, device, electronic equipment and computer readable medium
CN115934461A (en) Service system monitoring method, device, medium and equipment
CN113760635A (en) Method and device for determining connection abnormity, electronic equipment and storage medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant