基于全流量回溯分析系统的城市轨道交通运维方式研究

Research on Urban Rail Transit Operation and Maintenance Mode Based on Full-Traffic Retrospective Analysis System

随着互联网+的不断发展,业务系统对网络服务质量及运维要求不断提高,传统的网络安全产品缺乏对未知攻击的检测能力和对流量的深度分析能力。本文建立了一套基于全流量回溯分析系统的运维方式,提出了由传统的被动网络运维方式转变为主动运维的运维理念,并提供信息安全方面的完善和补充方法。通过全流量回溯分析系统获得了轨道交通网络中重点专业中各个网络黄金KPI指标运行基线规律,首先定位异常流量,然后发现并检索异常流量,最终提取异常流量的攻击模型。结果表明系统能有效地监控全网中各个关键流量的运行状态和流量成分,同时能对各个专业进行数据化分析和预警,为网络运维中的故障提供有效防治手段,在信息安全方面也能提供事后溯源取证的手段。

With the continuous development of Internet plus,the business system's requirements for network service quality and operation and maintenance are constantly improving.Traditional network security products lack the ability to detect unknown attacks and in-depth analysis of traffic.This paper establishes a set of operation and maintenance methods based on full-traffic retrospective analysis system,puts forward the operation and maintenance concept of transforming the traditional passive network operation and maintenance mode into active operation and maintenance,and provides improvement and supplementary methods in information security.Through the full-traffic retrospective analysis system,the operation baseline rule of each network's golden KPl indicators in thekey disciplines in the rail transit network has been obtained.Firstly,abnormal traffic was located,then abnormal traffic was discovered and retrieved,and finally the attack model of abnormal traffic was extracted.The results indicate that the system can effectively monitor the operational status and traffic components of various key traffic in the entire network,and can conduct data-driven analysis and early warning for various specialties.providing effective prevention and control measures for faults in network operation and maintenance.In terms of information security,it can also provide a means of tracing and obtaining evidence afterwards.