CN112446955A - Method and device for displaying network security information - Google Patents
Method and device for displaying network security information Download PDFInfo
- Publication number
- CN112446955A CN112446955A CN202011477774.5A CN202011477774A CN112446955A CN 112446955 A CN112446955 A CN 112446955A CN 202011477774 A CN202011477774 A CN 202011477774A CN 112446955 A CN112446955 A CN 112446955A
- Authority
- CN
- China
- Prior art keywords
- network security
- security information
- areas
- information
- attack
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING OR CALCULATING; COUNTING
- G06T—IMAGE DATA PROCESSING OR GENERATION, IN GENERAL
- G06T17/00—Three dimensional [3D] modelling, e.g. data description of 3D objects
- G06T17/05—Geographic models
-
- G—PHYSICS
- G06—COMPUTING OR CALCULATING; COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for program control, e.g. control units
- G06F9/06—Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
- G06F9/44—Arrangements for executing specific programs
- G06F9/451—Execution arrangements for user interfaces
-
- G—PHYSICS
- G06—COMPUTING OR CALCULATING; COUNTING
- G06T—IMAGE DATA PROCESSING OR GENERATION, IN GENERAL
- G06T15/00—3D [Three Dimensional] image rendering
- G06T15/005—General purpose rendering architectures
Landscapes
- Engineering & Computer Science (AREA)
- Physics & Mathematics (AREA)
- Software Systems (AREA)
- Theoretical Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Geometry (AREA)
- Computer Graphics (AREA)
- Remote Sensing (AREA)
- Human Computer Interaction (AREA)
- General Engineering & Computer Science (AREA)
- Information Transfer Between Computers (AREA)
Abstract
The disclosure relates to a method and a device for displaying network security information, electronic equipment and a computer readable medium. The method comprises the following steps: acquiring network security information of a plurality of areas, wherein the network security information comprises network attack information; respectively summarizing the quantity of the network security information of each area in the plurality of areas; generating a three-dimensional earth model including the plurality of regions; determining display parameters according to the quantity of the network security information; displaying the network security information in the three-dimensional earth model in a floating frame mode according to the display parameters and the plurality of areas. The network security information display method, the network security information display device, the electronic equipment and the computer readable medium can ensure good display effect and are closer to reality, so that the network security information can be displayed more clearly, and user experience is improved.
Description
Technical Field
The present disclosure relates to the field of computer information processing, and in particular, to a method and an apparatus for displaying network security information, an electronic device, and a computer-readable medium.
Background
While the innovation and innovation opportunities brought by virtualization, cloud computing, BYOD, and big data, hacker attacks and security protection technologies have also undergone rapid evolution. With the arrival of the big data era, mass data continuously flow in enterprises, ways for entering internal networks of the enterprises are more and more, hackers can utilize advanced targeted attacks such as APT and the like to continuously find out network 'weaknesses', hide the weaknesses and start fatal attacks at any time.
In the face of massive attack data, how to better present the attack data to the user and make the user understand that the problem becomes a troublesome problem that must be faced and solved in the network security situation awareness system.
The above information disclosed in this background section is only for enhancement of understanding of the background of the disclosure and therefore it may contain information that does not constitute prior art that is already known to a person of ordinary skill in the art.
Disclosure of Invention
In view of this, the present disclosure provides a method and an apparatus for displaying network security information, an electronic device, and a computer readable medium, which can ensure a good presentation effect and better approach to reality, and simultaneously perform deduplication on similar logs to visually present the similar logs on corresponding areas, thereby reducing bad interaction experience caused by a large amount of similar data and making attacks presented more clearly.
Additional features and advantages of the disclosure will be set forth in the detailed description which follows, or in part will be obvious from the description, or may be learned by practice of the disclosure.
According to an aspect of the present disclosure, a method for displaying network security information is provided, where the method includes: acquiring network security information of a plurality of areas, wherein the network security information comprises network attack information; respectively summarizing the quantity of the network security information of each area in the plurality of areas; generating a three-dimensional earth model including the plurality of regions; determining display parameters according to the quantity of the network security information; displaying the network security information in the three-dimensional earth model in a floating frame mode according to the display parameters and the plurality of areas.
In an exemplary embodiment of the present disclosure, before acquiring network security information of a plurality of areas, the method further includes: loading page resources by a client; and after the page resources are loaded, the client sends an information acquisition request to a background server, wherein the information acquisition request comprises the plurality of areas.
In an exemplary embodiment of the present disclosure, acquiring network security information of a plurality of areas includes: the background server receives the information acquisition request; and acquiring the network security information of the plurality of areas according to the information acquisition request.
In an exemplary embodiment of the present disclosure, before acquiring network security information of a plurality of areas, the method further includes: and the background server pushes the network security information to the client in a WebSocket mode.
In an exemplary embodiment of the present disclosure, separately aggregating the number of the network security information of each of the plurality of areas includes: the background server collects the attack source number and the total attack times of each area in the plurality of areas; generating a JSON file according to the region name, the attack source number and the total attack times; and sending the JSON file to the client.
In an exemplary embodiment of the present disclosure, generating a three-dimensional earth model including the plurality of regions therein includes: generating the three-dimensional earth model based on page resources and the plurality of zone renderings.
In an exemplary embodiment of the present disclosure, determining the presentation parameter according to the amount of the network security information includes: generating a radius parameter corresponding to each region according to the number of attack sources of the region; and generating a height parameter corresponding to each region according to the total attack times of the region.
In an exemplary embodiment of the present disclosure, displaying the network security information in the three-dimensional earth model in a floating frame according to the display parameter and the plurality of regions includes: acquiring a plurality of radius parameters and a plurality of height parameters corresponding to a plurality of areas; generating a plurality of rendering apertures and a plurality of rendering light columns according to the plurality of radius parameters and the plurality of height parameters; displaying the plurality of rendering apertures and the plurality of rendering light columns in a plurality of regions in the three-dimensional earth model in the form of floating frames.
In an exemplary embodiment of the present disclosure, further comprising: periodically acquiring real-time network security information by the background server; carrying out duplicate removal processing on the network security information; generating a display parameter according to the network security information after the duplicate removal processing; displaying the network security information in the three-dimensional earth model in a floating frame mode according to the display parameters and the plurality of areas.
According to an aspect of the present disclosure, a device for displaying network security information is provided, the device including: the information module is used for acquiring network security information of a plurality of areas, wherein the network security information comprises network attack information; the summarizing module is used for summarizing the quantity of the network security information of each area in the plurality of areas; a model module for generating a three-dimensional earth model, the three-dimensional earth model including the plurality of regions; the parameter module is used for determining display parameters according to the quantity of the network security information; and the display module is used for displaying the network security information in the three-dimensional earth model in a floating frame mode according to the display parameters and the plurality of areas.
According to an aspect of the present disclosure, an electronic device is provided, the electronic device including: one or more processors; storage means for storing one or more programs; when executed by one or more processors, cause the one or more processors to implement a method as above.
According to an aspect of the disclosure, a computer-readable medium is proposed, on which a computer program is stored, which program, when being executed by a processor, carries out the method as above.
According to the method, the device, the electronic equipment and the computer readable medium for displaying the network security information, network security information of a plurality of areas is obtained, wherein the network security information comprises network attack information; respectively summarizing the quantity of the network security information of each area in the plurality of areas; generating a three-dimensional earth model including the plurality of regions; determining display parameters according to the quantity of the network security information; the basis show the parameter with a plurality of regions will network security information is in with the form show of floating frame mode among the three-dimensional earth model, can be when guaranteeing good presentation effect, also more close to reality, simultaneously, carry out the duplicate removal with similar log, audio-visual presentation has reduced the not good interactive experience that a large amount of similar data caused, lets the attack present more surveyability.
It is to be understood that both the foregoing general description and the following detailed description are exemplary and explanatory only and are not restrictive of the disclosure.
Drawings
The above and other objects, features and advantages of the present disclosure will become more apparent by describing in detail exemplary embodiments thereof with reference to the attached drawings. The drawings described below are merely some embodiments of the present disclosure, and other drawings may be derived from those drawings by those of ordinary skill in the art without inventive effort.
Fig. 1 is a schematic diagram of a method for displaying network security information in the prior art.
Fig. 2 is a system block diagram illustrating a method and an apparatus for presenting network security information according to an exemplary embodiment.
Fig. 3 is a flowchart illustrating a method for presenting network security information according to an exemplary embodiment.
Fig. 4 is a flowchart illustrating a method for presenting network security information according to another exemplary embodiment.
Fig. 5 is a schematic diagram illustrating a method for presenting network security information according to another exemplary embodiment.
Fig. 6 is a block diagram illustrating a device for presenting network security information according to an example embodiment.
FIG. 7 is a block diagram illustrating an electronic device in accordance with an example embodiment.
FIG. 8 is a block diagram illustrating a computer-readable medium in accordance with an example embodiment.
Detailed Description
Example embodiments will now be described more fully with reference to the accompanying drawings. Example embodiments may, however, be embodied in many different forms and should not be construed as limited to the embodiments set forth herein; rather, these embodiments are provided so that this disclosure will be thorough and complete, and will fully convey the concept of example embodiments to those skilled in the art. The same reference numerals denote the same or similar parts in the drawings, and thus, a repetitive description thereof will be omitted.
Furthermore, the described features, structures, or characteristics may be combined in any suitable manner in one or more embodiments. In the following description, numerous specific details are provided to give a thorough understanding of embodiments of the disclosure. One skilled in the relevant art will recognize, however, that the subject matter of the present disclosure can be practiced without one or more of the specific details, or with other methods, components, devices, steps, and so forth. In other instances, well-known methods, devices, implementations, or operations have not been shown or described in detail to avoid obscuring aspects of the disclosure.
The block diagrams shown in the figures are functional entities only and do not necessarily correspond to physically separate entities. I.e. these functional entities may be implemented in the form of software, or in one or more hardware modules or integrated circuits, or in different networks and/or processor means and/or microcontroller means.
The flow charts shown in the drawings are merely illustrative and do not necessarily include all of the contents and operations/steps, nor do they necessarily have to be performed in the order described. For example, some operations/steps may be decomposed, and some operations/steps may be combined or partially combined, so that the actual execution sequence may be changed according to the actual situation.
It will be understood that, although the terms first, second, third, etc. may be used herein to describe various components, these components should not be limited by these terms. These terms are used to distinguish one element from another. Thus, a first component discussed below may be termed a second component without departing from the teachings of the disclosed concept. As used herein, the term "and/or" includes any and all combinations of one or more of the associated listed items.
It is to be understood by those skilled in the art that the drawings are merely schematic representations of exemplary embodiments, and that the blocks or processes shown in the drawings are not necessarily required to practice the present disclosure and are, therefore, not intended to limit the scope of the present disclosure.
The technical abbreviations involved in this disclosure are explained as follows:
network situation awareness system: the situation awareness system is an environment-based capability of dynamically and integrally knowing security risks, and is a mode of improving the capabilities of discovery, identification, understanding, analysis and response handling of security threats from a global perspective on the basis of security big data, and finally falls to the ground of security capabilities for decision and action. The method comprises a series of technologies such as vulnerability mining, network attack, user behavior analysis and the like and related innovative products.
Network attack: refers to any type of attack action on a computer information system, infrastructure, computer network, or personal computer device. For computers and computer networks, the destruction, uncovering, modifying, disabling software or services, stealing or accessing data from any computer without authorization, is considered an attack on the computer and computer network.
Visual presentation: the theory, method and technology are that the data is converted into the graph or the image is displayed on the screen by using the computer graphics and the image processing technology, and then the interactive processing is carried out. The method relates to a plurality of fields of computer graphics, image processing, computer vision, computer aided design and the like, and becomes a comprehensive technology for researching a series of problems of data representation, data processing, decision analysis and the like.
For regional attack information in network attack, a common implementation scheme is that a two-dimensional map is used as a background, the total amount of attack information in each region is collected, the information of thermodynamic diagrams is adopted to present, and a log list is presented in a special region for real-time attack logs. As shown in fig. 1, the middle map portion presents the total attack information of the area by using different colors in a thermodynamic diagram manner, and simultaneously presents the real-time log information in the table at the lower right corner.
By adopting the regional thermodynamic diagram mode, the information of the total attack amount of each region can be visually presented to a certain extent, meanwhile, the presentation of the log information is continued in a table form, the log is dynamically refreshed, and a strong interactive feeling is brought to people.
However, with the thermodynamic diagram mode, many times when the total attack amount of different areas is close, color distinction is not obvious, and attack summary information of other dimensions, such as the number of attackers in an area, cannot be presented more friendly. Meanwhile, the amount of attack logs is large, the log contents are similar, and the log contents are presented in a table form, so that better visual experience cannot be brought to people to a certain extent, and the log contents cannot be responded to regional information.
The method for displaying the network security information can better display the attack information of various dimensions of the region, reduces the influence of similar logs when the logs are displayed in real time, and simultaneously responds to the region information. The present disclosure is described in detail below with the aid of specific examples.
Fig. 2 is a system block diagram illustrating a method, an apparatus, an electronic device, and a computer-readable medium for presenting network security information according to an example embodiment.
As shown in fig. 2, the system architecture 20 may include terminal devices 201, 202, 203, a network 204, and a server 205. The network 204 serves as a medium for providing communication links between the terminal devices 201, 202, 203 and the server 205. Network 204 may include various connection types, such as wired, wireless communication links, or fiber optic cables, to name a few.
The user may use the terminal devices 201, 202, 203 to interact with the server 205 via the network 204 to receive or send messages or the like. Various image presentation applications, such as a web browser application, a search application, an instant messaging tool, a mailbox client, social platform software, etc., may be installed on the terminal devices 201, 202, 203.
The terminal devices 201, 202, 203 may be various electronic devices having a display screen and supporting web browsing, including but not limited to smart phones, tablet computers, laptop portable computers, desktop computers, and the like.
The server 205 may be a server providing various services, and the server 205 may perform processing such as analysis on the received network security information, and feed back the processing result to the terminal device for display.
The server 205 may, for example, obtain network security information for a plurality of regions, the network security information including network attack information; the server 205 may, for example, aggregate the amount of network security information for each of the plurality of regions, respectively; the server 205 may transmit the above information to the terminal apparatuses 201, 202, 203; the terminal device 201, 202, 203 may for example generate a three-dimensional earth model comprising the plurality of regions; the terminal device 201, 202, 203 may determine the presentation parameters, for example, according to the amount of the network security information; the terminal device 201, 202, 203 may present the network security information in the three-dimensional earth model in the form of a floating frame, for example, depending on the presentation parameters and the plurality of regions.
The server 205 may be a single entity server, or may be composed of a plurality of servers, for example, it should be noted that the method for presenting network security information provided by the embodiments of the present disclosure may be executed by the terminal devices 201, 202, and 203 and the server 205, and accordingly, the means for presenting network security information may be disposed in the terminal devices 201, 202, and 203 and the server 205.
Fig. 3 is a flowchart illustrating a method for presenting network security information according to an exemplary embodiment. The method 30 for displaying network security information at least includes steps S302 to S308.
As shown in fig. 3, in S302, network security information of a plurality of areas is acquired, the network security information including network attack information.
In one embodiment, one may for example: loading page resources by a client; after the page resources are loaded, the client sends an information acquisition request to a background server, wherein the information acquisition request comprises the plurality of areas; the background server receives the information acquisition request; and acquiring the network security information of the plurality of areas according to the information acquisition request.
In one embodiment, it is also possible, for example: and the background server pushes the network security information to the client in a WebSocket mode.
In S304, the number of network security information of each of the plurality of areas is summarized respectively. The method comprises the following steps: the background server collects the attack source number and the total attack times of each area in the plurality of areas; generating a JSON file according to the region name, the attack source number and the total attack times; and sending the JSON file to the client.
After receiving the request, the background server collects attack information according to the region information, inquires the attack source quantity and total attack times of each region, and returns the attack source quantity and total attack times to the front end in a JSON format, wherein the JSON format can be as follows:
in S306, a three-dimensional earth model is generated, the three-dimensional earth model including the plurality of regions therein. The method comprises the following steps: generating the three-dimensional earth model based on page resources and the plurality of zone renderings.
In S308, a display parameter is determined according to the amount of the network security information. The method comprises the following steps: generating a radius parameter corresponding to each region according to the number of attack sources of the region; and generating a height parameter corresponding to each region according to the total attack times of the region.
More specifically, the attacker number atteckercount is mapped into a value R in a numerical range of [1-5 ]; the total attack number atteckcount is mapped to a value H in the numerical interval of 1-10.
In S310, the network security information is displayed in the three-dimensional earth model in a floating frame manner according to the display parameters and the plurality of regions. The method comprises the following steps: acquiring a plurality of radius parameters and a plurality of height parameters corresponding to a plurality of areas; generating a plurality of rendering apertures and a plurality of rendering light columns according to the plurality of radius parameters and the plurality of height parameters; displaying the plurality of rendering apertures and the plurality of rendering light columns in a plurality of regions in the three-dimensional earth model in the form of floating frames.
More specifically, after obtaining a mapping value R corresponding to an attacker, rendering an aperture with a radius R at a geographic position corresponding to the earth according to a regional position ([ "regional longitude", "regional latitude"); and after the mapping value H corresponding to the total attack number is obtained, rendering a light column with the height of H on the geographic position corresponding to the earth according to the regional position ([ "regional longitude", "regional latitude' ]).
When the background inquires the regional attack information, the attacker number and the total attack number of each region are collected, the 3D earth is used for replacing a two-dimensional map at the front end, and the attacker number and the total attack number of the region are presented at the same time by using the presentation means of the aperture and the light beam on each region. And simultaneously, abandoning an attack log presentation mode in a table mode, carrying out duplicate removal operation on similar data before returning the real-time attack log by a background, returning to the front end, presenting the attack log near a light beam in a corresponding area according to the geographical position information of an attack source of the attack log by adopting a dynamic floating frame mode on the 3D earth, and carrying out periodical display and hiding effect switching.
Multi-dimensional attack information presentation is more intuitively carried out by using an aperture and a light beam on the 3D earth; mapping an aperture and an optical column according to the number of attackers and the total attack amount; the attack logs and the areas are combined to present, so that the network security information display method disclosed by the invention can be closer to the reality while ensuring a good presentation effect, and meanwhile, the similar logs are deduplicated and visually presented in the corresponding areas, so that bad interaction experience caused by a large amount of similar data is reduced, and the attack presentation is more clear.
It should be clearly understood that this disclosure describes how to make and use particular examples, but the principles of this disclosure are not limited to any details of these examples. Rather, these principles can be applied to many other embodiments based on the teachings of the present disclosure.
Fig. 4 is a flowchart illustrating a method for presenting network security information according to another exemplary embodiment. The flow 40 shown in fig. 4 is a supplementary description of the flow shown in fig. 3.
As shown in fig. 4, in S402, periodically obtaining real-time network security information by the background server. The client periodically requests the server to acquire the real-time network security information.
In S404, the network security information is subjected to deduplication processing. After receiving the request, the server performs deduplication on the real-time attack logs in a period of time according to the information of the attackers and the attack types, enriches the geographical position information corresponding to the attack sources after obtaining the attack logs, obtains a real-time log set, and returns the real-time log set to the front end in a JSON format, wherein the JSON format is as follows:
in S406, a display parameter is generated according to the network security information after the deduplication processing.
In S408, the network security information is displayed in the three-dimensional earth model in a floating frame manner according to the display parameters and the plurality of regions. And the client receives the real-time log after the duplication removal, presents the attack log on a 3D map in a floating frame mode according to the geographical position information in the log, and periodically switches the display and hiding effects of the floating frame.
According to the method in the present disclosure, the attack region information is presented through a 3D technique, and the specific presentation effect is shown in fig. 5. The good presentation effect is guaranteed, simultaneously, the similar logs are subjected to duplication elimination, the similar logs are visually presented in the corresponding areas, poor interaction experience caused by a large amount of similar data is reduced, and attacks are presented more clearly.
Those skilled in the art will appreciate that all or part of the steps implementing the above embodiments are implemented as computer programs executed by a CPU. When executed by the CPU, performs the functions defined by the above-described methods provided by the present disclosure. The program may be stored in a computer readable storage medium, which may be a read-only memory, a magnetic or optical disk, or the like.
Furthermore, it should be noted that the above-mentioned figures are only schematic illustrations of the processes involved in the methods according to exemplary embodiments of the present disclosure, and are not intended to be limiting. It will be readily understood that the processes shown in the above figures are not intended to indicate or limit the chronological order of the processes. In addition, it is also readily understood that these processes may be performed synchronously or asynchronously, e.g., in multiple modules.
The following are embodiments of the disclosed apparatus that may be used to perform embodiments of the disclosed methods. For details not disclosed in the embodiments of the apparatus of the present disclosure, refer to the embodiments of the method of the present disclosure.
Fig. 6 is a block diagram illustrating a presentation apparatus of network security information according to another exemplary embodiment. As shown in fig. 6, the device 60 for displaying network security information includes: an information module 602, a summary module 604, a model module 606, a parameter module 608, and a presentation module 610.
The information module 602 is configured to obtain network security information of a plurality of areas, where the network security information includes network attack information; can be for example: loading page resources by a client; after the page resources are loaded, the client sends an information acquisition request to a background server, wherein the information acquisition request comprises the plurality of areas; the background server receives the information acquisition request; and acquiring the network security information of the plurality of areas according to the information acquisition request.
The summarizing module 604 is configured to summarize the number of network security information of each of the plurality of areas; the summarizing module 604 is further configured to summarize, by the backend server, the number of attack sources and the total attack times of each of the plurality of regions; generating a JSON file according to the region name, the attack source number and the total attack times; and sending the JSON file to the client.
The model module 606 is configured to generate a three-dimensional earth model, which includes the plurality of regions; model module 606 is also for generating the three-dimensional earth model based on page resources and the plurality of zone renderings.
The parameter module 608 is configured to determine a display parameter according to the amount of the network security information; the parameter module 608 is further configured to generate a radius parameter corresponding to each region according to the number of attack sources of the region; and generating a height parameter corresponding to each region according to the total attack times of the region.
The display module 610 is configured to display the network security information in the three-dimensional earth model in a floating frame manner according to the display parameters and the plurality of regions. The display module 610 is further configured to obtain a plurality of radius parameters and a plurality of height parameters corresponding to the plurality of regions; generating a plurality of rendering apertures and a plurality of rendering light columns according to the plurality of radius parameters and the plurality of height parameters; displaying the plurality of rendering apertures and the plurality of rendering light columns in a plurality of regions in the three-dimensional earth model in the form of floating frames.
According to the display device of the network security information, network security information of a plurality of areas is obtained, wherein the network security information comprises network attack information; respectively summarizing the quantity of the network security information of each area in the plurality of areas; generating a three-dimensional earth model including the plurality of regions; determining display parameters according to the quantity of the network security information; the basis show the parameter with a plurality of regions will network security information is in with the form show of floating frame mode among the three-dimensional earth model, can be when guaranteeing good presentation effect, also more close to reality, simultaneously, carry out the duplicate removal with similar log, audio-visual presentation has reduced the not good interactive experience that a large amount of similar data caused, lets the attack present more surveyability.
FIG. 7 is a block diagram illustrating an electronic device in accordance with an example embodiment.
An electronic device 700 according to this embodiment of the disclosure is described below with reference to fig. 7. The electronic device 700 shown in fig. 7 is only an example and should not bring any limitation to the functions and the scope of use of the embodiments of the present disclosure.
As shown in fig. 7, electronic device 700 is embodied in the form of a general purpose computing device. The components of the electronic device 700 may include, but are not limited to: at least one processing unit 710, at least one memory unit 720, a bus 730 that connects the various system components (including the memory unit 720 and the processing unit 710), a display unit 740, and the like.
Wherein the storage unit stores program code that can be executed by the processing unit 710 to cause the processing unit 710 to perform the steps according to various exemplary embodiments of the present disclosure described in this specification. For example, the processing unit 710 may perform the steps as shown in fig. 3, 4.
The memory unit 720 may include readable media in the form of volatile memory units, such as a random access memory unit (RAM)7201 and/or a cache memory unit 7202, and may further include a read only memory unit (ROM) 7203.
The memory unit 720 may also include a program/utility 7204 having a set (at least one) of program modules 7205, such program modules 7205 including, but not limited to: an operating system, one or more application programs, other program modules, and program data, each of which, or some combination thereof, may comprise an implementation of a network environment.
The electronic device 700 may also communicate with one or more external devices 700' (e.g., keyboard, pointing device, bluetooth device, etc.), such that a user can communicate with devices with which the electronic device 700 interacts, and/or any devices (e.g., router, modem, etc.) with which the electronic device 700 can communicate with one or more other computing devices. Such communication may occur via an input/output (I/O) interface 750. Also, the electronic device 700 may communicate with one or more networks (e.g., a Local Area Network (LAN), a Wide Area Network (WAN), and/or a public network such as the internet) via the network adapter 760. The network adapter 760 may communicate with other modules of the electronic device 700 via the bus 730. It should be appreciated that although not shown in the figures, other hardware and/or software modules may be used in conjunction with the electronic device 700, including but not limited to: microcode, device drivers, redundant processing units, external disk drive arrays, RAID systems, tape drives, and data backup storage systems, among others.
Through the above description of the embodiments, those skilled in the art will readily understand that the exemplary embodiments described herein may be implemented by software, or by software in combination with necessary hardware. Therefore, as shown in fig. 8, the technical solution according to the embodiment of the present disclosure may be embodied in the form of a software product, which may be stored in a non-volatile storage medium (which may be a CD-ROM, a usb disk, a removable hard disk, etc.) or on a network, and includes several instructions to enable a computing device (which may be a personal computer, a server, or a network device, etc.) to execute the above method according to the embodiment of the present disclosure.
The software product may employ any combination of one or more readable media. The readable medium may be a readable signal medium or a readable storage medium. A readable storage medium may be, for example, but not limited to, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device, or any combination of the foregoing. More specific examples (a non-exhaustive list) of the readable storage medium include: an electrical connection having one or more wires, a portable disk, a hard disk, a Random Access Memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or flash memory), an optical fiber, a portable compact disc read-only memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing.
The computer readable storage medium may include a propagated data signal with readable program code embodied therein, for example, in baseband or as part of a carrier wave. Such a propagated data signal may take many forms, including, but not limited to, electro-magnetic, optical, or any suitable combination thereof. A readable storage medium may also be any readable medium that is not a readable storage medium and that can communicate, propagate, or transport a program for use by or in connection with an instruction execution system, apparatus, or device. Program code embodied on a readable storage medium may be transmitted using any appropriate medium, including but not limited to wireless, wireline, optical fiber cable, RF, etc., or any suitable combination of the foregoing.
Program code for carrying out operations for the present disclosure may be written in any combination of one or more programming languages, including an object oriented programming language such as Java, C + + or the like and conventional procedural programming languages, such as the "C" programming language or similar programming languages. The program code may execute entirely on the user's computing device, partly on the user's device, as a stand-alone software package, partly on the user's computing device and partly on a remote computing device, or entirely on the remote computing device or server. In the case of a remote computing device, the remote computing device may be connected to the user computing device through any kind of network, including a Local Area Network (LAN) or a Wide Area Network (WAN), or may be connected to an external computing device (e.g., through the internet using an internet service provider).
The computer readable medium carries one or more programs which, when executed by a device, cause the computer readable medium to perform the functions of: acquiring network security information of a plurality of areas, wherein the network security information comprises network attack information; respectively summarizing the quantity of the network security information of each area in the plurality of areas; generating a three-dimensional earth model including the plurality of regions; determining display parameters according to the quantity of the network security information; displaying the network security information in the three-dimensional earth model in a floating frame mode according to the display parameters and the plurality of areas.
Those skilled in the art will appreciate that the modules described above may be distributed in the apparatus according to the description of the embodiments, or may be modified accordingly in one or more apparatuses unique from the embodiments. The modules of the above embodiments may be combined into one module, or further split into multiple sub-modules.
Through the above description of the embodiments, those skilled in the art will readily understand that the exemplary embodiments described herein may be implemented by software, or by software in combination with necessary hardware. Therefore, the technical solution according to the embodiments of the present disclosure may be embodied in the form of a software product, which may be stored in a non-volatile storage medium (which may be a CD-ROM, a usb disk, a removable hard disk, etc.) or on a network, and includes several instructions to enable a computing device (which may be a personal computer, a server, a mobile terminal, or a network device, etc.) to execute the method according to the embodiments of the present disclosure.
Exemplary embodiments of the present disclosure are specifically illustrated and described above. It is to be understood that the present disclosure is not limited to the precise arrangements, instrumentalities, or instrumentalities described herein; on the contrary, the disclosure is intended to cover various modifications and equivalent arrangements included within the spirit and scope of the appended claims.
Claims (10)
1. A method for displaying network security information is characterized by comprising the following steps:
acquiring network security information of a plurality of areas, wherein the network security information comprises network attack information;
respectively summarizing the quantity of the network security information of each area in the plurality of areas;
generating a three-dimensional earth model including the plurality of regions;
determining display parameters according to the quantity of the network security information;
displaying the network security information in the three-dimensional earth model in a floating frame mode according to the display parameters and the plurality of areas.
2. The method of claim 1, wherein prior to obtaining network security information for a plurality of regions, further comprising:
loading page resources by a client;
and after the page resources are loaded, the client sends an information acquisition request to a background server, wherein the information acquisition request comprises the plurality of areas.
3. The method of claim 2, wherein obtaining network security information for a plurality of regions comprises:
the background server receives the information acquisition request;
and acquiring the network security information of the plurality of areas according to the information acquisition request.
4. The method of claim 1, wherein prior to obtaining network security information for a plurality of regions, further comprising:
and the background server pushes the network security information to the client in a WebSocket mode.
5. The method of claim 1, wherein aggregating the amount of network security information for each of the plurality of regions separately comprises:
the background server collects the attack source number and the total attack times of each area in the plurality of areas;
generating a JSON file according to the region name, the attack source number and the total attack times;
and sending the JSON file to the client.
6. The method of claim 1, wherein generating a three-dimensional earth model including the plurality of regions comprises:
generating the three-dimensional earth model based on page resources and the plurality of zone renderings.
7. The method of claim 1, wherein determining the exposure parameter based on the amount of network security information comprises:
generating a radius parameter corresponding to each region according to the number of attack sources of the region;
and generating a height parameter corresponding to each region according to the total attack times of the region.
8. The method of claim 7, wherein presenting the network security information in the three-dimensional earth model in a floating frame in accordance with the presentation parameters and the plurality of regions comprises:
acquiring a plurality of radius parameters and a plurality of height parameters corresponding to a plurality of areas;
generating a plurality of rendering apertures and a plurality of rendering light columns according to the plurality of radius parameters and the plurality of height parameters;
displaying the plurality of rendering apertures and the plurality of rendering light columns in a plurality of regions in the three-dimensional earth model in the form of floating frames.
9. The method of claim 1, further comprising:
periodically acquiring real-time network security information by the background server;
carrying out duplicate removal processing on the network security information;
generating a display parameter according to the network security information after the duplicate removal processing;
displaying the network security information in the three-dimensional earth model in a floating frame mode according to the display parameters and the plurality of areas.
10. A device for displaying network security information is characterized by comprising:
the information module is used for acquiring network security information of a plurality of areas, wherein the network security information comprises network attack information;
the summarizing module is used for summarizing the quantity of the network security information of each area in the plurality of areas;
a model module for generating a three-dimensional earth model, the three-dimensional earth model including the plurality of regions;
the parameter module is used for determining display parameters according to the quantity of the network security information;
and the display module is used for displaying the network security information in the three-dimensional earth model in a floating frame mode according to the display parameters and the plurality of areas.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202011477774.5A CN112446955A (en) | 2020-12-15 | 2020-12-15 | Method and device for displaying network security information |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202011477774.5A CN112446955A (en) | 2020-12-15 | 2020-12-15 | Method and device for displaying network security information |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN112446955A true CN112446955A (en) | 2021-03-05 |
Family
ID=74739437
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202011477774.5A Pending CN112446955A (en) | 2020-12-15 | 2020-12-15 | Method and device for displaying network security information |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN112446955A (en) |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN115150127A (en) * | 2022-05-23 | 2022-10-04 | 奇安信科技集团股份有限公司 | A visual display method and device in network security attack and defense |
| CN119743276A (en) * | 2024-10-21 | 2025-04-01 | 博智安全科技股份有限公司 | A network security situation display method, device, equipment, medium and product |
Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105516174A (en) * | 2015-12-25 | 2016-04-20 | 北京奇虎科技有限公司 | Network attack tracking display system and method |
| CN110336785A (en) * | 2019-05-22 | 2019-10-15 | 北京瀚海思创科技有限公司 | The method for visualizing and storage medium of network attack chain figure |
-
2020
- 2020-12-15 CN CN202011477774.5A patent/CN112446955A/en active Pending
Patent Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105516174A (en) * | 2015-12-25 | 2016-04-20 | 北京奇虎科技有限公司 | Network attack tracking display system and method |
| CN110336785A (en) * | 2019-05-22 | 2019-10-15 | 北京瀚海思创科技有限公司 | The method for visualizing and storage medium of network attack chain figure |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN115150127A (en) * | 2022-05-23 | 2022-10-04 | 奇安信科技集团股份有限公司 | A visual display method and device in network security attack and defense |
| CN115150127B (en) * | 2022-05-23 | 2025-07-25 | 奇安信科技集团股份有限公司 | Visual display method and device in network security attack and defense |
| CN119743276A (en) * | 2024-10-21 | 2025-04-01 | 博智安全科技股份有限公司 | A network security situation display method, device, equipment, medium and product |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US11294616B2 (en) | Systems and methods for the secure synchronization of user interface state amongst computing devices | |
| US10148675B1 (en) | Block-level forensics for distributed computing systems | |
| US20130007895A1 (en) | Managing access control for a screen sharing session | |
| US10552521B2 (en) | Analyzing a click path in a spherical landscape viewport | |
| WO2019003161A1 (en) | Rendering images using ray tracing with multiple light sources | |
| CN109660581B (en) | Physical machine management method, device and system | |
| CN108804445A (en) | Heating power drawing generating method and device | |
| CN112446955A (en) | Method and device for displaying network security information | |
| CN112965916A (en) | Page testing method, page testing device, electronic equipment and readable storage medium | |
| CN112115502A (en) | Data processing method and device and data processing device | |
| CN112328564A (en) | Special resource sharing method and device and electronic equipment | |
| CN110389981B (en) | Data display method, device, electronic equipment and computer readable storage medium | |
| CN116192789A (en) | A cloud document processing method, device and electronic equipment | |
| US20130036374A1 (en) | Method and apparatus for providing a banner on a website | |
| CN112347382A (en) | Product page sharing method and device and electronic equipment | |
| US10996945B1 (en) | Splitting programs into distributed parts | |
| Letić et al. | Real-time map projection in virtual reality using WebVR | |
| CN116758198A (en) | Image reconstruction method, device, equipment and storage medium | |
| CN113567636B (en) | Air quality display method, system and device | |
| CN112769787A (en) | Website system network security anti-crawler calculation method and device | |
| CN114238723A (en) | Page display method, device, equipment and medium | |
| US20190286732A1 (en) | Augmenting structured data | |
| US11068610B2 (en) | Securing digital content on mobile devices | |
| US12260004B2 (en) | Systems and methods for rendering secured content items | |
| KR102671203B1 (en) | Method and system for preventing screen capture using visual optical illusion |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20210305 |