CN116192697B - Method, device, equipment and medium for monitoring outbound traffic of data analysis system - Google Patents
Method, device, equipment and medium for monitoring outbound traffic of data analysis system Download PDFInfo
- Publication number
- CN116192697B CN116192697B CN202310408865.0A CN202310408865A CN116192697B CN 116192697 B CN116192697 B CN 116192697B CN 202310408865 A CN202310408865 A CN 202310408865A CN 116192697 B CN116192697 B CN 116192697B
- Authority
- CN
- China
- Prior art keywords
- outbound traffic
- root
- resolution
- matrix
- requests
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L43/00—Arrangements for monitoring or testing data switching networks
- H04L43/08—Monitoring or testing based on specific metrics, e.g. QoS, energy consumption or environmental parameters
- H04L43/0876—Network utilisation, e.g. volume of load or congestion level
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L43/00—Arrangements for monitoring or testing data switching networks
- H04L43/50—Testing arrangements
-
- Y—GENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y02—TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
- Y02D—CLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
- Y02D30/00—Reducing energy consumption in communication networks
- Y02D30/50—Reducing energy consumption in communication networks in wire-line communication networks, e.g. low power modes or reduced link rate
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Environmental & Geological Engineering (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The embodiment of the disclosure discloses an outbound traffic monitoring method, device, equipment and medium of a data analysis system, wherein the method comprises the following steps: transmitting a plurality of resolution requests to a plurality of root servers by using a plurality of probe nodes; determining node outbound traffic proportion matrixes of the plurality of root servers according to the results of the plurality of analysis requests; determining an outbound traffic matrix of the plurality of root servers based on the number of resolution requests of the plurality of root servers and the node outbound traffic proportion matrix; and determining the outbound traffic proportion of the plurality of root servers based on the outbound traffic matrix and the number of analytic requests of the plurality of root servers. According to the embodiment of the disclosure, the ratio of the outbound traffic of the root servers can be rapidly and accurately determined, so that the in-home analytic server can be scientifically set according to the monitoring result, and the data security is improved.
Description
Technical Field
The disclosure relates to the technical field of data analysis, in particular to an outbound flow monitoring method, device, equipment and medium of a data analysis system.
Background
In a data analysis system, for example, in an identification analysis system or a domain name analysis system, operation requests of analysis nodes are monitored, so that performance and working states of the analysis nodes can be known according to monitoring conditions.
When an analysis request is transmitted to the data analysis system, sometimes, an analysis is performed by an overseas analysis server. If the amount of overseas parsing is too large, the security of the data in the environment may be reduced. How to reasonably monitor the outbound flow of the data analysis system so as to scientifically set an in-house analysis server according to the monitoring result and improve the data security is a problem to be solved urgently.
Disclosure of Invention
The embodiment of the disclosure provides an outbound flow monitoring method, device, equipment and medium of a data analysis system, which can reasonably monitor the outbound flow of the data analysis system.
In a first aspect of an embodiment of the present disclosure, there is provided an outbound traffic monitoring method of a data analysis system, including:
transmitting a plurality of resolution requests to a plurality of root servers by using a plurality of probe nodes;
determining node outbound traffic proportion matrixes of the plurality of root servers according to the results of the plurality of analysis requests;
determining an outbound traffic matrix of the plurality of root servers based on the number of resolution requests of the plurality of root servers and the node outbound traffic proportion matrix;
and determining the outbound traffic proportion of the plurality of root servers based on the outbound traffic matrix and the number of analytic requests of the plurality of root servers.
In one embodiment of the disclosure, the determining the node outbound traffic proportion matrix of the plurality of root servers according to the results of the plurality of parsing requests includes:
extracting a root image identifier of each resolution request from the results of the plurality of resolution requests;
determining an analysis server classification of each analysis request based on a matching relationship between a root image identifier and an intra-image identifier of each analysis request, wherein the analysis server classification comprises an intra-image analysis server and an overseas analysis server;
and determining the node outbound traffic proportion matrix based on the resolution server classification of each resolution request and the address information and the operator information of each resolution request.
In one embodiment of the disclosure, the address information of each resolution request includes a region to which each resolution request belongs, and the operator information of each resolution request includes an operator to which each resolution request belongs, and the matrix elements in the outbound traffic matrix characterize outbound traffic under the region to which each resolution request belongs and the operator to which each resolution request belongs.
In one embodiment of the disclosure, the determining the outbound traffic proportion of the plurality of root servers based on the outbound traffic matrix and the number of resolution requests of the plurality of root servers includes:
extracting the outbound traffic of each root server from the outbound traffic matrix;
extracting the number of analysis requests of each root server from the number of analysis requests of the plurality of root servers;
the outbound traffic proportion of each root server is determined based on the outbound traffic of each root server and the number of resolution requests of each root server.
In one embodiment of the disclosure, after the determining the outbound traffic matrix of the plurality of root servers based on the number of resolution requests of the plurality of root servers and the node outbound traffic proportion matrix, the method further comprises:
extracting the outbound traffic of each region from the outbound traffic matrix;
extracting the number of analysis requests of each region from the number of analysis requests of the plurality of root servers;
the ratio of the outbound traffic for each region is determined based on the outbound traffic for each region and the number of resolution requests for each region.
In a second aspect of the embodiments of the present disclosure, there is provided an outbound traffic monitoring device of a data analysis system, including:
the analysis request sending module is used for sending a plurality of analysis requests to a plurality of root servers by utilizing a plurality of detection nodes;
the outbound traffic proportion matrix determining module is used for determining node outbound traffic proportion matrixes of the plurality of root servers according to the results of the plurality of analysis requests;
an outbound traffic matrix determining module, configured to determine an outbound traffic matrix of the plurality of root servers based on the number of resolution requests of the plurality of root servers and the node outbound traffic proportion matrix;
and the outbound traffic proportion determining module is used for determining the outbound traffic proportion of the plurality of root servers based on the outbound traffic matrix and the analysis request quantity of the plurality of root servers.
In one embodiment of the disclosure, the outbound traffic proportion matrix determining module is configured to extract a root image identifier of each resolution request from results of the plurality of resolution requests; the outbound traffic proportion matrix determining module is further configured to determine an resolution server classification of each resolution request based on a matching relationship between a root image identifier and an intra-image identifier of each resolution request, where the resolution server classification includes an intra-resolution server and an extra-resolution server; the outbound traffic proportion matrix determining module is further configured to determine the node outbound traffic proportion matrix based on the resolution server classification of each resolution request, and address information and operator information of each resolution request.
In one embodiment of the disclosure, the address information of each resolution request includes a region to which each resolution request belongs, and the operator information of each resolution request includes an operator to which each resolution request belongs, and the matrix elements in the outbound traffic matrix characterize outbound traffic under the region to which each resolution request belongs and the operator to which each resolution request belongs.
In one embodiment of the disclosure, the outbound traffic proportion determination module is configured to extract the outbound traffic of each root server from the outbound traffic matrix; the outbound traffic proportion determining module is further used for extracting the analysis request quantity of each root server from the analysis request quantity of the plurality of root servers; the outbound traffic proportion determining module is further configured to determine an outbound traffic proportion of each root server based on the outbound traffic of each root server and the number of resolution requests of each root server.
In one embodiment of the disclosure, the outbound traffic proportion determination module is further to extract the outbound traffic for each region from the outbound traffic matrix; the outbound traffic proportion determining module is further used for extracting the analysis request quantity of each region from the analysis request quantity of the plurality of root servers; the outbound traffic proportion determination module is further used for determining the outbound traffic proportion of each region based on the outbound traffic of each region and the number of analysis requests of each region.
In a third aspect of the disclosed embodiments, there is provided an electronic device, including:
a memory for storing a computer program;
and the processor is used for executing the computer program stored in the memory, and when the computer program is executed, the method for monitoring the outbound traffic of the data analysis system according to the first aspect is realized.
A fourth aspect of the embodiments of the present disclosure provides a computer-readable storage medium having a computer program stored thereon, where the computer program, when executed by a processor, implements the method for monitoring an outbound traffic of the data analysis system according to the first aspect.
According to the method, the device, the equipment and the medium for monitoring the outbound flow of the data analysis system, the detection nodes are deployed in a plurality of areas respectively, the detection nodes deployed in the plurality of areas are utilized to send a plurality of analysis requests to a plurality of root servers, the node outbound flow proportion matrixes of the plurality of root servers can be determined according to the results of the plurality of analysis requests, the outbound flow matrixes of the plurality of root servers can be determined according to the analysis request quantity of the representation actual values of the plurality of root servers and the node outbound flow proportion matrixes, and then the outbound flow proportions of the plurality of root servers can be determined rapidly and accurately according to the outbound flow matrixes and the analysis request quantity of the plurality of root servers, so that the method is beneficial to scientifically setting the in-house analysis servers according to the monitoring results and improving the data safety.
The technical scheme of the present disclosure is described in further detail below through the accompanying drawings and examples.
Drawings
The accompanying drawings, which are incorporated in and constitute a part of this specification, illustrate embodiments of the disclosure and together with the description, serve to explain the principles of the disclosure.
The disclosure may be more clearly understood from the following detailed description taken in conjunction with the accompanying drawings in which:
FIG. 1 is a flow chart of an outbound traffic monitoring method for a data analysis system according to one embodiment of the present disclosure;
FIG. 2 is a block diagram of an outbound traffic monitoring device of a data analysis system according to one embodiment of the present disclosure;
fig. 3 is a block diagram of an electronic device in one embodiment of the present disclosure.
Detailed Description
Various exemplary embodiments of the present disclosure will now be described in detail with reference to the accompanying drawings. It should be noted that: the relative arrangement of the components and steps, numerical expressions and numerical values set forth in these embodiments do not limit the scope of the present disclosure unless it is specifically stated otherwise.
It will be appreciated by those of skill in the art that the terms "first," "second," etc. in embodiments of the present disclosure are used merely to distinguish between different steps, devices or modules, etc., and do not represent any particular technical meaning nor necessarily logical order between them.
It should also be understood that in embodiments of the present disclosure, "plurality" may refer to two or more, and "at least one" may refer to one, two or more.
It should also be appreciated that any component, data, or structure referred to in the presently disclosed embodiments may be generally understood as one or more without explicit limitation or the contrary in the context.
In addition, the term "and/or" in this disclosure is merely an association relationship describing an association object, and indicates that three relationships may exist, for example, a and/or B may indicate: a exists alone, A and B exist together, and B exists alone. In addition, the character "/" in the present disclosure generally indicates that the front and rear association objects are an or relationship.
It should also be understood that the description of the various embodiments of the present disclosure emphasizes the differences between the various embodiments, and that the same or similar features may be referred to each other, and for brevity, will not be described in detail.
The following description of at least one exemplary embodiment is merely illustrative in nature and is in no way intended to limit the disclosure, its application, or uses.
Techniques, methods, and apparatus known to one of ordinary skill in the relevant art may not be discussed in detail, but are intended to be part of the specification where appropriate.
It should be noted that: like reference numerals and letters denote like items in the following figures, and thus once an item is defined in one figure, no further discussion thereof is necessary in subsequent figures.
Embodiments of the present disclosure may be applicable to electronic devices such as terminal devices, computer systems, servers, etc., which may operate with numerous other general purpose or special purpose computing system environments or configurations. Examples of well known terminal devices, computing systems, environments, and/or configurations that may be suitable for use with the terminal device, computer system, server, or other electronic device include, but are not limited to: personal computer systems, server computer systems, thin clients, thick clients, hand-held or laptop devices, microprocessor-based systems, set-top boxes, programmable consumer electronics, network personal computers, small computer systems, mainframe computer systems, and distributed cloud computing technology environments that include any of the foregoing, and the like.
Electronic devices such as terminal devices, computer systems, servers, etc. may be described in the general context of computer system-executable instructions, such as program modules, being executed by a computer system. Generally, program modules may include routines, programs, objects, components, logic, data structures, etc., that perform particular tasks or implement particular abstract data types. The computer system/server may be implemented in a distributed cloud computing environment in which tasks are performed by remote processing devices that are linked through a communications network. In a distributed cloud computing environment, program modules may be located in both local and remote computing system storage media including memory storage devices.
Fig. 1 is a flow chart illustrating an outbound traffic monitoring method of a data analysis system according to an embodiment of the present disclosure. As shown in fig. 1, the method for monitoring the outbound traffic of the data analysis system may include:
s1: a plurality of resolution requests are sent to a plurality of root servers using a plurality of probing nodes.
And respectively deploying the detection nodes in a plurality of areas, and sending a plurality of analysis requests to a plurality of root servers of the data analysis system in a preset time period by utilizing the detection nodes respectively deployed in the plurality of areas. Wherein, when the data resolution system is a domain name system (Domain Name System, DNS) resolution system, the plurality of resolution requests may be a plurality of DNS resolution requests; when the data resolution system is an identity resolution system, the plurality of resolution requests may be a plurality of identity resolution requests.
In one example of the present disclosure, 1 probe node is deployed for each of 3 operators in 31 preset provincial regions, and 93 probe nodes are deployed in total. The 93 probe nodes are used to send K parsing requests to 13 root servers of the data parsing system in total in one hour. Wherein K is an integer greater than 13.
S2: and determining node outbound traffic proportion matrixes of the plurality of root servers according to the results of the plurality of analysis requests.
The method comprises the steps of obtaining the appointed information used for representing that the analysis server is an overseas analysis server or an inner analysis server in each analysis request result from the results of a plurality of analysis requests, and further counting each analysis request result, so that the node outbound flow proportion matrix is obtained.
In one example of the present disclosure, a node outbound traffic scaling matrix
The following are provided:
wherein, the liquid crystal display device comprises a liquid crystal display device,
is root mark, represent->
To->
Root; />
For province identification, subscripts 1-31 represent 31 provincial regions; />
For operator identification, subscripts 1 to 3 represent 3 large operators, respectively.
S3: an outbound traffic matrix for the plurality of root servers is determined based on the number of resolved requests for the plurality of root servers and the node outbound traffic proportion matrix.
Obtaining an analytic request quantity matrix characterizing actual values of multiple root servers
According to the analysis request quantity matrix and the node outbound traffic proportion matrix +.>
The outbound traffic matrix of a plurality of root servers can be obtained>
:
S4: the outbound traffic proportion of the plurality of root servers is determined based on the outbound traffic matrix and the number of resolved requests of the plurality of root servers.
The outbound traffic proportion for a plurality of root servers may be determined by the following formula:
in this embodiment, detection nodes are deployed in multiple regions, multiple resolution requests are sent to multiple root servers by using the detection nodes deployed in multiple regions, node outbound flow rate proportion matrixes of the multiple root servers can be determined according to the results of the multiple resolution requests, outbound flow rate matrixes of the multiple root servers can be determined according to the resolution request quantity of the actual values represented by the multiple root servers and the node outbound flow rate proportion matrixes, and then the outbound flow rate proportions of the multiple root servers can be rapidly and accurately determined according to the outbound flow rate matrixes and the resolution request quantity of the multiple root servers, so that the configuration of the internal resolution servers according to monitoring results is facilitated, and the internal resolution servers can be resolved as much as possible, thereby improving data security.
In one embodiment of the present disclosure, step S2 may include:
s2-1: the root image identifier of each resolution request is extracted from the results of the plurality of resolution requests.
S2-2: a resolution server classification for each resolution request is determined based on a matching relationship between a root image identifier and an intra image identifier for each resolution request. The analysis server classification comprises an intra-environment analysis server and an extra-environment analysis server.
Judging whether the node is in an environment or not through the root image identifier, when the return value of the query_status field is normal, the root server responds successfully, at the moment, the root_mirror_identifier (the answer server identifier, the pre-stored server belongs to the environment or the classification identifier outside the environment) field returns the root image identifier of the response, the root_mirror_identifier is matched with the pre-stored environment image identifier, if the matching is successful, the node is represented to be responded by the root server in the environment, and the request is analyzed in the environment, otherwise, the node is responded outside the environment.
S2-3: and determining a node outbound traffic proportion matrix based on the resolution server classification of each resolution request, and the address information and the operator information of each resolution request.
In this embodiment, the root image identifier of each parsing request is matched with the pre-stored intra-image identifier, and according to the matching result, it can be quickly determined that each parsing request is processed by the intra-parsing server and the extra-parsing server, so that the node outbound traffic proportion matrix can be quickly and accurately generated.
In one embodiment of the present disclosure,the address information of each resolution request includes the region to which each resolution request belongs. The area may be one of the preset 31 provincial areas. The operator information for each resolution request includes the operator to which each resolution request belongs. Wherein the operator may be one of 3 large operators. Correspondingly, the outbound traffic matrix
The matrix elements of (a) characterize the outbound traffic in the area and under the operator to which it belongs.
In this embodiment, when each cleaning request includes address information and operator information, an outbound traffic matrix characterizing outbound traffic under different provinces and different operators may be generated quickly, which is helpful to quickly determine outbound traffic proportions under different provinces and different operators, and further is helpful to scientifically set an in-house analysis server, and the in-house analysis server analyzes as much as possible, so as to improve data security.
In one embodiment of the present disclosure, step S4 may include:
s4-1: the outbound traffic for each root server is extracted from the outbound traffic matrix. For example from an outbound traffic matrix
Extracting the outbound traffic of each operator of each root server.
S4-2: the number of resolution requests of each root server is extracted from the number of resolution requests of a plurality of root servers. For example, the request quantity matrix can be analyzed
And extracting the number of analysis requests of each operator of each root server.
S4-3: the outbound traffic proportion of each root server is determined based on the outbound traffic of each root server and the number of resolution requests of each root server. For example, by an outbound traffic matrix
Analyzing the request quantity matrix->
Calculating to obtain the exit flow ratio of the root server +.>
。
In this embodiment, when each cleaning request includes address information and operator information, the outbound traffic ratio under different operators of different root servers may be quickly and accurately determined.
In one embodiment of the present disclosure, after step S3, it may further include:
s4-4: the outbound traffic for each region is extracted from the outbound traffic matrix. For example from an outbound traffic matrix
Extracting the outbound traffic of each operator in each region.
S4-5: the number of resolution requests for each region is extracted from the number of resolution requests for a plurality of root servers. For example, the request quantity matrix can be analyzed
And extracting the analysis request quantity of each operator in each region.
S4-6: determining the ratio of the outbound traffic of each region based on the outbound traffic of each region and the number of resolution requests of each region
. The ratio of the outgoing traffic of each area can be determined by the following formula +.>
:
In this embodiment, when each cleaning request includes address information and operator information, the outbound traffic ratio under different operators in different areas may be quickly and accurately determined.
Fig. 2 is a block diagram illustrating an outbound traffic monitoring device of a data analysis system according to an embodiment of the present disclosure. As shown in fig. 2, the outbound traffic monitoring device of the data analysis system may include:
an analysis request sending module 100, configured to send a plurality of analysis requests to a plurality of root servers by using a plurality of probe nodes;
the outbound traffic proportion matrix determining module 200 is configured to determine node outbound traffic proportion matrices of the plurality of root servers according to results of the plurality of parsing requests;
an outbound traffic matrix determining module 300, configured to determine outbound traffic matrices of the plurality of root servers based on the number of parsing requests of the plurality of root servers and the node outbound traffic proportion matrix;
the outbound traffic proportion determining module 400 is configured to determine outbound traffic proportions of the plurality of root servers based on the outbound traffic matrix and the number of parsing requests of the plurality of root servers.
In one embodiment of the present disclosure, the outbound traffic proportion matrix determination module 200 is configured to extract a root image identifier of each resolution request from the results of a plurality of resolution requests; the outbound traffic proportion matrix determining module 200 is further configured to determine an resolution server classification for each resolution request based on a matching relationship between a root image identifier and an intra image identifier of each resolution request, where the resolution server classification includes an intra resolution server and an extra resolution server; the outbound traffic proportion matrix determining module 200 is further configured to determine a node outbound traffic proportion matrix based on the resolution server classification of each resolution request, and the address information and the operator information of each resolution request.
In one embodiment of the disclosure, the address information of each resolution request includes a region to which each resolution request belongs, the operator information of each resolution request includes a belonging operator of each resolution request, and the matrix elements in the outbound traffic matrix characterize outbound traffic under the belonging region and the belonging operator.
In one embodiment of the present disclosure, the outbound traffic proportion determination module 400 is configured to extract the outbound traffic of each root server from the outbound traffic matrix; the outbound traffic proportion determining module 400 is further configured to extract the number of resolution requests of each root server from the number of resolution requests of the plurality of root servers; the outbound traffic ratio determining module 400 is further configured to determine an outbound traffic ratio of each root server based on the outbound traffic of each root server and the number of resolution requests of each root server.
In one embodiment of the present disclosure, the outbound traffic proportion determination module 400 is further configured to extract the outbound traffic for each region from the outbound traffic matrix; the outbound traffic proportion determining module 400 is further configured to extract the number of resolution requests of each region from the number of resolution requests of the plurality of root servers; the outbound traffic ratio determination module 400 is further configured to determine an outbound traffic ratio for each region based on the outbound traffic for each region and the number of resolution requests for each region.
It should be noted that, the specific implementation of the outbound traffic monitoring device of the data analysis system according to the embodiments of the present disclosure is similar to the specific implementation of the outbound traffic monitoring method of the data analysis system according to the embodiments of the present disclosure, and specific reference is made to the description of the outbound traffic monitoring method portion of the data analysis system, so that redundancy is reduced and redundant description is omitted.
In addition, the embodiment of the disclosure also provides an electronic device, which comprises:
a memory for storing a computer program;
and the processor is used for executing the computer program stored in the memory, and when the computer program is executed, the method for monitoring the outbound traffic of the data analysis system according to any embodiment of the disclosure is realized.
Fig. 3 is a block diagram of an electronic device in one embodiment of the present disclosure. As shown in fig. 3, the electronic device includes one or more processors and memory.
The processor may be a Central Processing Unit (CPU) or other form of processing unit having data processing and/or instruction execution capabilities, and may control other components in the electronic device to perform the desired functions.
The memory may include one or more computer program products that may include various forms of computer-readable storage media, such as volatile memory and/or non-volatile memory. The volatile memory may include, for example, random Access Memory (RAM) and/or cache memory (cache), and the like. The non-volatile memory may include, for example, read Only Memory (ROM), hard disk, flash memory, and the like. One or more computer program instructions may be stored on the computer readable storage medium that can be executed by a processor to implement the outbound traffic monitoring methods and/or other desired functions of the data parsing system of the various embodiments of the disclosure described above.
In one example, the electronic device may further include: input devices and output devices, which are interconnected by a bus system and/or other forms of connection mechanisms (not shown).
In addition, the input device may include, for example, a keyboard, a mouse, and the like.
The output device may output various information including the determined distance information, direction information, etc., to the outside. The output devices may include, for example, a display, speakers, a printer, and a communication network and remote output devices connected thereto, etc.
Of course, only some of the components of the electronic device relevant to the present disclosure are shown in fig. 3 for simplicity, components such as buses, input/output interfaces, etc. being omitted. In addition, the electronic device may include any other suitable components depending on the particular application.
In addition to the methods and apparatus described above, embodiments of the present disclosure may also be a computer program product comprising computer program instructions which, when executed by a processor, cause the processor to perform the steps in the method of monitoring outbound traffic of a data analysis system according to various embodiments of the present disclosure described in the above section of the present description.
The computer program product may write program code for performing the operations of embodiments of the present disclosure in any combination of one or more programming languages, including an object oriented programming language such as Java, C++ or the like and conventional procedural programming languages, such as the "C" programming language or similar programming languages. The program code may execute entirely on the user's computing device, partly on the user's device, as a stand-alone software package, partly on the user's computing device, partly on a remote computing device, or entirely on the remote computing device or server.
Furthermore, embodiments of the present disclosure may also be a computer-readable storage medium, having stored thereon computer program instructions, which when executed by a processor, cause the processor to perform the steps in the method of monitoring outbound traffic of a data analysis system according to various embodiments of the present disclosure described in the above section of the present disclosure.
The computer readable storage medium may employ any combination of one or more readable media. The readable medium may be a readable signal medium or a readable storage medium. The readable storage medium may include, for example, but is not limited to, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device, or a combination of any of the foregoing. More specific examples (a non-exhaustive list) of the readable storage medium would include the following: an electrical connection having one or more wires, a portable disk, a hard disk, random Access Memory (RAM), read-only memory (ROM), erasable programmable read-only memory (EPROM or flash memory), optical fiber, portable compact disk read-only memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing.
Those of ordinary skill in the art will appreciate that: all or part of the steps for implementing the above method embodiments may be implemented by hardware associated with program instructions, where the foregoing program may be stored in a computer readable storage medium, and when executed, the program performs steps including the above method embodiments; and the aforementioned storage medium includes: various media that can store program code, such as ROM, RAM, magnetic or optical disks.
The basic principles of the present disclosure have been described above in connection with specific embodiments, however, it should be noted that the advantages, benefits, effects, etc. mentioned in the present disclosure are merely examples and not limiting, and these advantages, benefits, effects, etc. are not to be considered as necessarily possessed by the various embodiments of the present disclosure. Furthermore, the specific details disclosed herein are for purposes of illustration and understanding only, and are not intended to be limiting, since the disclosure is not necessarily limited to practice with the specific details described.
In this specification, each embodiment is described in a progressive manner, and each embodiment is mainly described in a different manner from other embodiments, so that the same or similar parts between the embodiments are mutually referred to. For system embodiments, the description is relatively simple as it essentially corresponds to method embodiments, and reference should be made to the description of method embodiments for relevant points.
The block diagrams of the devices, apparatuses, devices, systems referred to in this disclosure are merely illustrative examples and are not intended to require or imply that the connections, arrangements, configurations must be made in the manner shown in the block diagrams. As will be appreciated by one of skill in the art, the devices, apparatuses, devices, systems may be connected, arranged, configured in any manner. Words such as "including," "comprising," "having," and the like are words of openness and mean "including but not limited to," and are used interchangeably therewith. The terms "or" and "as used herein refer to and are used interchangeably with the term" and/or "unless the context clearly indicates otherwise. The term "such as" as used herein refers to, and is used interchangeably with, the phrase "such as, but not limited to.
The methods and apparatus of the present disclosure may be implemented in a number of ways. For example, the methods and apparatus of the present disclosure may be implemented by software, hardware, firmware, or any combination of software, hardware, firmware. The above-described sequence of steps for the method is for illustration only, and the steps of the method of the present disclosure are not limited to the sequence specifically described above unless specifically stated otherwise. Furthermore, in some embodiments, the present disclosure may also be implemented as programs recorded in a recording medium, the programs including machine-readable instructions for implementing the methods according to the present disclosure. Thus, the present disclosure also covers a recording medium storing a program for executing the method according to the present disclosure.
It is also noted that in the apparatus, devices and methods of the present disclosure, components or steps may be disassembled and/or assembled. Such decomposition and/or recombination should be considered equivalent to the present disclosure.
The previous description of the disclosed aspects is provided to enable any person skilled in the art to make or use the present disclosure. Various modifications to these aspects will be readily apparent to those skilled in the art, and the generic principles defined herein may be applied to other aspects without departing from the scope of the disclosure. Thus, the present disclosure is not intended to be limited to the aspects shown herein but is to be accorded the widest scope consistent with the principles and novel features disclosed herein.
The foregoing description has been presented for purposes of illustration and description. Furthermore, this description is not intended to limit the embodiments of the disclosure to the form disclosed herein. Although a number of example aspects and embodiments have been discussed above, a person of ordinary skill in the art will recognize certain variations, modifications, alterations, additions, and subcombinations thereof.
Claims (7)
1. An outbound traffic monitoring method for a data analysis system, comprising:
transmitting a plurality of resolution requests to a plurality of root servers by using a plurality of probe nodes;
determining node outbound traffic proportion matrixes of the plurality of root servers according to the results of the plurality of analysis requests;
determining an outbound traffic matrix of the plurality of root servers based on the number of resolution requests of the plurality of root servers and the node outbound traffic proportion matrix;
determining the outbound traffic proportion of the plurality of root servers based on the outbound traffic matrix and the number of analytic requests of the plurality of root servers;
and determining a node outbound traffic proportion matrix of the plurality of root servers according to the results of the plurality of parsing requests, wherein the node outbound traffic proportion matrix comprises:
extracting a root image identifier of each resolution request from the results of the plurality of resolution requests;
determining an analysis server classification of each analysis request based on a matching relationship between a root image identifier and an intra-image identifier of each analysis request, wherein the analysis server classification comprises an intra-image analysis server and an overseas analysis server;
determining the node outbound traffic proportion matrix based on the resolution server classification of each resolution request, and the address information and the operator information of each resolution request;
wherein the determining the outbound traffic proportion of the plurality of root servers based on the outbound traffic matrix and the number of analytic requests of the plurality of root servers comprises:
extracting the outbound traffic of each root server from the outbound traffic matrix;
extracting the number of analysis requests of each root server from the number of analysis requests of the plurality of root servers;
the outbound traffic proportion of each root server is determined based on the outbound traffic of each root server and the number of resolution requests of each root server.
2. The method of claim 1, wherein the address information for each resolution request includes a region to which each resolution request belongs, and the operator information for each resolution request includes an operator to which each resolution request belongs, and wherein the matrix elements in the outbound traffic matrix characterize outbound traffic under the region to which each resolution request belongs and the operator to which each resolution request belongs.
3. The method of claim 2, further comprising, after the determining the outbound traffic matrix for the plurality of root servers based on the number of resolved requests for the plurality of root servers and the node outbound traffic proportion matrix:
extracting the outbound traffic of each region from the outbound traffic matrix;
extracting the number of analysis requests of each region from the number of analysis requests of the plurality of root servers;
the ratio of the outbound traffic for each region is determined based on the outbound traffic for each region and the number of resolution requests for each region.
4. An outbound traffic monitoring device for a data analysis system, comprising:
the analysis request sending module is used for sending a plurality of analysis requests to a plurality of root servers by utilizing a plurality of detection nodes;
the outbound traffic proportion matrix determining module is used for determining node outbound traffic proportion matrixes of the plurality of root servers according to the results of the plurality of analysis requests;
an outbound traffic matrix determining module, configured to determine an outbound traffic matrix of the plurality of root servers based on the number of resolution requests of the plurality of root servers and the node outbound traffic proportion matrix;
an outbound traffic proportion determining module configured to determine outbound traffic proportions of the plurality of root servers based on the outbound traffic matrix and the number of resolution requests of the plurality of root servers;
the outbound traffic proportion matrix determining module is used for extracting a root mirror image identifier of each analysis request from the results of the plurality of analysis requests; the outbound traffic proportion matrix determining module is further configured to determine an resolution server classification of each resolution request based on a matching relationship between a root image identifier and an intra-image identifier of each resolution request, where the resolution server classification includes an intra-resolution server and an extra-resolution server; the outbound traffic proportion matrix determining module is further used for determining the node outbound traffic proportion matrix based on the classification of the analytic server of each analytic request and the address information and the operator information of each analytic request;
the outbound traffic proportion determining module is used for extracting the outbound traffic of each root server from the outbound traffic matrix; the outbound traffic proportion determining module is further used for extracting the analysis request quantity of each root server from the analysis request quantity of the plurality of root servers; the outbound traffic proportion determining module is further configured to determine an outbound traffic proportion of each root server based on the outbound traffic of each root server and the number of resolution requests of each root server.
5. The apparatus of claim 4, wherein the address information for each resolution request comprises a region to which each resolution request belongs, and the operator information for each resolution request comprises an operator to which each resolution request belongs, the matrix elements in the outbound traffic matrix characterizing outbound traffic under the region to which each resolution request belongs and the operator to which each resolution request belongs.
6. An electronic device, comprising:
a memory for storing a computer program;
a processor for executing a computer program stored in the memory, and which, when executed, implements the method for monitoring the outbound traffic of a data analysis system as claimed in any one of claims 1 to 3.
7. A computer readable storage medium having stored thereon a computer program, which when executed by a processor, implements the method for monitoring the outbound traffic of a data analysis system according to any one of the preceding claims 1-3.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202310408865.0A CN116192697B (en) | 2023-04-17 | 2023-04-17 | Method, device, equipment and medium for monitoring outbound traffic of data analysis system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202310408865.0A CN116192697B (en) | 2023-04-17 | 2023-04-17 | Method, device, equipment and medium for monitoring outbound traffic of data analysis system |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN116192697A CN116192697A (en) | 2023-05-30 |
| CN116192697B true CN116192697B (en) | 2023-07-07 |
Family
ID=86450827
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202310408865.0A Active CN116192697B (en) | 2023-04-17 | 2023-04-17 | Method, device, equipment and medium for monitoring outbound traffic of data analysis system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN116192697B (en) |
Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN111581371A (en) * | 2020-05-07 | 2020-08-25 | 中国信息安全测评中心 | Network security analysis method and device based on outbound data network flow |
| CN113315811A (en) * | 2021-04-29 | 2021-08-27 | 北京奇虎科技有限公司 | Identifier analysis method and device based on alliance block chain, storage medium and server |
| CN114124463A (en) * | 2021-10-27 | 2022-03-01 | 中国电子科技集团公司第三十研究所 | Method and system for identifying hidden network encryption application service based on network behavior characteristics |
| CN114169874A (en) * | 2021-07-30 | 2022-03-11 | 珠海闪蜂科技有限公司 | Aggregated payment implementation method and terminal for automatic conversion of multiple payment currencies of e-commerce platform |
| CN114363208A (en) * | 2021-12-31 | 2022-04-15 | 中国信息通信研究院 | Method and device for testing energy efficiency ratio of data center, electronic equipment and storage medium |
| CN115051927A (en) * | 2022-07-01 | 2022-09-13 | 中国信息通信研究院 | Data network development method and system |
| CN115378742A (en) * | 2022-10-25 | 2022-11-22 | 北京创新乐知网络技术有限公司 | Data processing method and device based on cloud computing |
Family Cites Families (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US11936541B2 (en) * | 2018-11-02 | 2024-03-19 | Telefonaktiebolaget Lm Ericsson (Publ) | Method and apparatus for prediction of device failure |
-
2023
- 2023-04-17 CN CN202310408865.0A patent/CN116192697B/en active Active
Patent Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN111581371A (en) * | 2020-05-07 | 2020-08-25 | 中国信息安全测评中心 | Network security analysis method and device based on outbound data network flow |
| CN113315811A (en) * | 2021-04-29 | 2021-08-27 | 北京奇虎科技有限公司 | Identifier analysis method and device based on alliance block chain, storage medium and server |
| CN114169874A (en) * | 2021-07-30 | 2022-03-11 | 珠海闪蜂科技有限公司 | Aggregated payment implementation method and terminal for automatic conversion of multiple payment currencies of e-commerce platform |
| CN114124463A (en) * | 2021-10-27 | 2022-03-01 | 中国电子科技集团公司第三十研究所 | Method and system for identifying hidden network encryption application service based on network behavior characteristics |
| CN114363208A (en) * | 2021-12-31 | 2022-04-15 | 中国信息通信研究院 | Method and device for testing energy efficiency ratio of data center, electronic equipment and storage medium |
| CN115051927A (en) * | 2022-07-01 | 2022-09-13 | 中国信息通信研究院 | Data network development method and system |
| CN115378742A (en) * | 2022-10-25 | 2022-11-22 | 北京创新乐知网络技术有限公司 | Data processing method and device based on cloud computing |
Also Published As
| Publication number | Publication date |
|---|---|
| CN116192697A (en) | 2023-05-30 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US10248910B2 (en) | Detection mitigation and remediation of cyberattacks employing an advanced cyber-decision platform | |
| US9736173B2 (en) | Differential dependency tracking for attack forensics | |
| US20160164893A1 (en) | Event management systems | |
| US20160019388A1 (en) | Event correlation based on confidence factor | |
| CN107547495B (en) | System and method for protecting a computer from unauthorized remote management | |
| US11546380B2 (en) | System and method for creation and implementation of data processing workflows using a distributed computational graph | |
| US11080307B1 (en) | Detection of outliers in text records | |
| WO2022147339A1 (en) | Automated threat model generation | |
| US11973793B2 (en) | Bifurcating security event processing | |
| CN111586005A (en) | Scanner scanning behavior identification method and device | |
| CN110830500B (en) | Network attack tracking method and device, electronic equipment and readable storage medium | |
| CN113709147B (en) | Network security event response method, device and equipment | |
| CN110955890B (en) | Method and device for detecting malicious batch access behaviors and computer storage medium | |
| CN116192697B (en) | Method, device, equipment and medium for monitoring outbound traffic of data analysis system | |
| Wirz et al. | Design and development of a cloud-based ids using apache KAFKA and spark streaming | |
| EP3679506A2 (en) | Advanced cybersecurity threat mitigation for inter-bank financial transactions | |
| WO2022046365A1 (en) | Advanced detection of identity-based attacks | |
| WO2021055964A1 (en) | System and method for crowd-sourced refinement of natural phenomenon for risk management and contract validation | |
| CN107066538B (en) | Data statistics method and device | |
| CN113810351A (en) | Method and device for determining attacker of network attack and computer readable storage medium | |
| CN113839957B (en) | Unauthorized vulnerability detection method and device | |
| CN115277477B (en) | Flow detection method and device based on simple object access protocol | |
| US20220247763A1 (en) | Dynamic Computer Threat Alert System and Method | |
| CN117675404A (en) | Abnormality detection method and device for access behaviors, electronic equipment and storage medium | |
| CN115967582A (en) | Monitoring method and device for industrial internet node, equipment and medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |