CN106131197A - A kind of multifunctional intellectual cell management system - Google Patents

Abstract

A kind of multifunctional intellectual cell management system, including public conference room gateway, residential building gateway, outdoor communal facility gateway, cloud network, home server, cell management person's monitor supervision platform, detection device and execution device；Described detection device detects public conference room, outdoor communal facility and the temperature in residential building passageway, light intensity, humidity and noise information respectively, and be sent to home server by public conference room gateway, outdoor communal facility gateway and residential building gateway respectively, then it be sent to cloud network by home server and carry out data process and storage；Described cell management person's monitor supervision platform is connected with cloud network, is monitored above-mentioned information for manager, and is adjusted controlling to performing device according to the information obtained.

Description

A kind of multifunctional intellectual cell management system

Technical field

The present invention relates to cell management field, in particular to a kind of multifunctional intellectual cell management system.

Background technology

Along with the commercial house expanding economy, increasing people selects room, community to live, and the management of community, especially public The management in region, remains in local service end altogether, and along with increasing of inhabitation number, this local management mode is the most not Demand can be met, therefore, utilize cloud network to carry out the process of information and the trend stored into certainty.But, have here and It is related to information security, especially the information security issue of cloud network.

Summary of the invention

It is an object of the invention to provide a kind of multifunctional intellectual cell management system, to solve above-mentioned problem.

For solving above-mentioned technical problem, the technical solution used in the present invention is:

A kind of multifunctional intellectual cell management system, including public conference room gateway, residential building gateway, outdoor communal facility Gateway, cloud network, home server, cell management person's monitor supervision platform, detection device and execution device；Described detection device is respectively Detection public conference room, outdoor communal facility and the temperature in residential building passageway, light intensity, humidity and noise information, and pass through respectively Public conference room gateway, outdoor communal facility gateway and residential building gateway are sent to home server, then are passed by home server Deliver to cloud network and carry out data process and storage；Described cell management person's monitor supervision platform is connected with cloud network, for manager couple Above-mentioned information is monitored, and is adjusted controlling to performing device according to the information obtained.

Beneficial effect: utilize detection device that the parameters such as the temperature of each public territory, community, noise are detected, and lead to Crossing cloud network process data and store, manager controls to perform device and is adjusted after receiving feedback, system structure letter Single-throw money is low.

It should be appreciated that it is only exemplary that above general description and details hereinafter describe, can not be limited this Open.

Accompanying drawing explanation

Fig. 1 is the connection diagram of each module of the present invention；

Fig. 2 is the structured flowchart of secure visual system.

Reference:

Information data excavates module-1；Information pre-processing module-2；Information storage module-3；Information analysis and displaying mould Block-4；Data Dimensionality Reduction unit-21；Data identification unit-22；Data sorting unit-23；Contact relation analysis displaying submodule- 41；Submodule-42 is shown in daily record number of times distributional analysis；Between IP, information sends relation analysis displaying submodule-43；Sensitive mail turns Send out path analysis and show submodule-44；Distributed denial of service attack data analysis and displaying submodule-45；Public conference Room gateway-100；Residential building gateway-200；Outdoor communal facility gateway-300；Cloud network-400；Home server-500；Community Manager's monitor supervision platform-600；Detection device-700；Perform device-800；Secure visual system-900.

Accompanying drawing herein is merged in description and constitutes the part of this specification, it is shown that meet the enforcement of the present invention Example, and for explaining the principle of the present invention together with description.

Detailed description of the invention

Below by specific embodiment and combine accompanying drawing the present invention is described in further detail.

Application scenarios 1:

A kind of multifunctional intellectual cell management system as shown in Figure 1, including public conference room gateway 100, residential building net Pass 200, outdoor communal facility gateway 300, cloud network 400, home server 500, cell management person's monitor supervision platform 600, detection Device 700 and execution device 800；Described detection device 700 detects public conference room, outdoor communal facility and residential building mistake respectively The temperature in road, light intensity, humidity and noise information, and respectively by public conference room gateway 100, outdoor communal facility gateway 300 It is sent to home server 500 with residential building gateway 200, then is sent to cloud network 400 by home server 500 and carries out data Reason and storage；Described cell management person's monitor supervision platform 600 is connected with cloud network 400, supervises above-mentioned information for manager Control, and be adjusted controlling to performing device 800 according to the information obtained.

The present invention utilizes detection device to detect the parameters such as the temperature of each public territory, community, noise, and passes through Data are processed and store by cloud network, and manager controls to perform device and is adjusted after receiving feedback, system structure is simple Invest low.

Preferably, described execution device 800 includes controllable light strong illumination device, air-conditioning and dehydrating unit.

Preferably, described detection device 700 includes light intensity induction apparatus, humidity sensor, temperature sensor, noise measuring Device.

Preferably, as in figure 2 it is shown, also include secure visual system 900, for described cloud network is carried out visual Security monitoring, it includes that the information data being sequentially connected with excavates module 1, information pre-processing module 2, information storage module 3 and letter Breath is analyzed and display module 4；

Described information data excavates module 1, former for obtaining by the way of capturing network packet in LAN Beginning information data, described original information data includes that between IP, sensitive information sends detection data, mail-detection daily record data and divides Three kinds of data types of cloth Denial of Service attack data；

Described information pre-processing module 2, for original information data carries out Data Dimensionality Reduction, identify and classify pretreatment；

Described information storage module 3, is used for pretreated information data storing to the corresponding position of cloud storage resource pool In putting；

Described information analysis and display module 4, for realizing the extraction of information, analyzing and show, it includes that mail comes and goes Relation analysis shows that submodule 41, daily record number of times distributional analysis show that between submodule 42, IP, information sends relation analysis displaying Module 43, sensitivity email relaying path analysis and displaying submodule 44 and distributed denial of service attack data analysis are sub with displaying Module 45, particularly as follows:

(1) submodule 41 is shown in mail contact relation analysis, for the mail-detection day of storage in cloud storage resource pool Will data carry out extracting, analyze, process, and show a certain specify the time period in the sensitive mail contact relation that detects；Described Mail contact relation analysis shows that submodule 41 enables users to interact with interface by the calendar on design optional date, uses Family can arbitrarily select the time period to be checked, the following operation of concrete execution:

The time period selected according to user, the data in cloud storage resource pool are chosen by system, after choosing data With the form of dictionary, data are stored, through data being analyzed process, according to the transmitting-receiving corresponding relation of sensitive mail Generate corresponding matrix data model；Subsequently, by the form of chord figure, the transmitting-receiving of mail sensitive in the selected time period is closed System carries out visual presentation, and each different mailboxes are distributed in circle around, show email address at circular outside profile, if Having the transmission relation of sensitive information between different mailboxes, just do ribbon lines between two mailboxes, lines are thick One side represents the sender of mail, and the thin side of lines represents the recipient of mail；

(2) submodule 42 is shown in the distributional analysis of daily record number of times, for entering according to time period and the daily record quantity that detects Row classification and statistics, and show by the form of dendrogram, particularly as follows:

(2-1) log data set W of reception is divided into n time subset, i.e. W={W1, W2 according to the time period ..., Wj ..., Wn}；

(2-2) be manually set m daily record quantitative levels, by each time subset Wj divide m level subset, i.e. W1j, W2j ..., Wij ..., Wmj, wherein the span of m is [4,8]；

(2-3) with log data set W as root, Wj is ground floor node, and Wij is second layer joint structure tree TW；

(2-5) calculating the value of each node in tree TW, wherein the value of leaf node is the value of this data element, non- The value of leaf node is equal to the value sum of all child nodes of its lower floor, and so far log data set W has been configured to a tree-shaped Data structure；

(2-6) dendrogram that the tree data structure of generation is mapped as on two dimensional surface；

(3) between IP, information sends relation analysis displaying submodule 43, for being pointed to cloud storage resource pool relevant position Between IP sensitive information send detection data carry out extracting, analyze, statistical disposition, by visual presentation form and interface alternation exhibition Sensitive information between IP different in showing certain period of time sends incidence relation；Between described IP, information sends relation analysis displaying Submodule 43 uses the time period to select mechanism and scatterplot layout exhibition method, uses joint form presentation-entity, and lines represent real With size of node, contact between body, represents that between IP, information sends the degree of strength of incidence relation, according to click thing Part selectively carries out level displaying；Mouse-over there will be the details of correspondent entity, described detailed letter on node Breath includes that ID, discovery time, click entity will select all IP related with selected node, and only display should Sub-network figure, the most also shows its corresponding relation sending information with the form of word；It is provided with search mechanisms, user simultaneously The IP related information that a certain IP selects to want to check can be inputted；

(4) sensitive email relaying path analysis and displaying submodule 44, for by analyzing and processing statistics mail-detection day Detection data in will data and email relaying relation, show the road that a certain specific mail is forwarded between different mailboxes Footpath, particularly as follows:

First, user inputs the key word contained by mail header to be searched for or mail header, system in search box According to key word, mail header all of in mail record data is carried out fuzzy matching retrieval, if not retrieving defeated with user Enter the mail matched, then send information reminding user and re-enter；If being successfully retrieved relative recording, result just will be retrieved Showing user with the form of Table content, be that the title of each mail adds Click event simultaneously, user clicks on target postal The title of part, backstage again carries out retrieval coupling, finds the forwarding record of this mail according to mail selected by user to mail record, And the article receiving and sending people every time forwarded is carried out statistic record with the form of dictionary, the data required for structure visual presentation；? After, show that the forward-path of mail is presented to user and provides interactive function with the form of a stacking dendrogram, if certain postal Case is afterbody recipient, then the summit of tree diagram is hollow display, if this email relaying is also given additionally by this mailbox One or several mailboxes, then the tree diagram node representing this mailbox is set to solid；

(5) distributed denial of service attack data analysis with show submodule 45, be used for extracting, analyze and show distributed Denial of Service attack data, particularly as follows:

1) distributed denial of service attack data analysis and displaying submodule 45 are from the relevant position of cloud storage resource pool Extracting distributed denial of service attack data, use Hash table to store, in Hash table, keyword uses character string forms, word Symbol string forms by source IP, port numbers and according to the time label three selected by the time interval of user's setting, appoints in these three Anticipating when a newly-built element occurs different and newly-built element will be inserted in Hash table, each element is in the future graphical Being all a node in expression, the relation representing and being connected between main frame, the value that in Hash table, keyword is corresponding represents this time Connect the data total amount in communication activity；

2) calculate the coordinate figure of all nodes, and then the point with coordinate information is drawn, and according to different demands Carry out time interval, the adjustment of unit radius parameter that figure shows, the principle followed when wherein drawing is: host node and in Line between heart node represents the size of amount of communication data in time interval, maps according to certain coefficient, and communicate number Representing according to amount different colours, the expression amount of communication data that color is red is bigger；Host node is made up of some concentric circulars, face The contrast intensity of color represents the port number related in this connection.

In this embodiment, utilize visual technology, be directed in network security detecting system in the network captured Sensitive information type and transmission situation etc. carry out visual displaying, from five different angles, network security are detected data It is analyzed and shows, accurate, comprehensive and facilitate management personnel to make corresponding to judge and decision-making；The distributed refusal arranged Service attack data analysis can carry out various dimensions to distributed denial of service attack pattern with displaying submodule 45 and show, and root According to the adjustment of the different unit radius parameters that demand carries out time interval, figure shows, improve the performance that user is mutual.

Preferably, described information pre-processing module 2 includes Data Dimensionality Reduction unit 21, data identification unit 22 and data classification Unit 23, particularly as follows:

(1) Data Dimensionality Reduction unit 21, for use the PCA of improvement eliminate between original information data superfluous Remaining, reduce the dimension of original information data, the PCA of described improvement is:

1) N bar original information data to be analyzed is mentioned, as matrix X=[x₁,x₂,…,x_N], wherein x_iBe i-th former Beginning information data；

2) meansigma methods of N bar original information data is solved:

$\stackrel{\‾}{x}=\frac{1}{N}\underset{i=1}{\overset{N}{\Σ}}{x}_i$

3) the covariance matrix A of N bar original information data is solved:

$A=\frac{1}{N}\underset{i=1}{\overset{N}{\Σ}}(x_i-\stackrel{\‾}{x}){(x_i-\stackrel{\‾}{x})}^T$

4) according to the eigenvalue problem calculating main component element of covariance matrix A:

Aδ_i=μ_iδ_i

Wherein μ_i, δ_iIt is respectively eigenvalue and the characteristic of correspondence vector of A；

5) according to given precision ρ, by numerical computation method, front M eigenvalue of maximum is solved:

$\underset{i=1}{\overset{M}{\Σ}}{\mathrm{\μ}}_i/\underset{i=1}{\overset{N}{\Σ}}{\mathrm{\μ}}_i\≥\mathrm{\ρ}$

Wherein, the span of M is

6) front M eigenvalue of maximum and characteristic of correspondence vector, order are taken

Φ=[δ₁,δ₂,…,δ_M], Γ=diag (μ₁,μ₂,…,μ_M)

Then there is A Φ=Φ Γ；

7) the new matrix Y=Φ of low-dimensional vector composition is calculated^TX；

(2) data identification unit 22, for the original information data after reducing dimension is identified detection, remove not phase The information data closed, obtains relevant information data；

(3) data sorting unit 23, for classifying according to data type to relevant information data.

Preferably, described data identification unit 22 includes being identified distributed denial of service attack data, particularly as follows:

1) the K bar original information data matrix after dimensionality reduction is set as Y '=Φ^TX ', wherein X '=[x₁,x₂..., x_K], x₁∈ X ', selection Db3 small echo is as analysis wavelet, and selects maximum decomposition scale, uses decomposition algorithm to carry out wavelet decomposition Y ' and obtains To matrix of wavelet coefficients, when j≤out to out, from matrix of wavelet coefficients, extract high frequency coefficient, calculate the variance of little coefficient After Ψ, and according to [j, log₂Ψ] fitting a straight line tries to achieve slope k, thus solves the self similar parameter Hurst value of network traffics H:

H=(k-1)/2

2) the Hurst changing value Δ H=H the most in the same time tried to achieve by analysis_t-H_t-1, set threshold T, if Δ H ＞ T, it is determined that distributed denial of service attack occurs, preserves corresponding original information data；If Δ H≤T, it is determined that distributed refusal takes Business is attacked and is not sent, and removes corresponding original information data.Take m=4,

In the present embodiment, information pre-processing module 2 arranges Data Dimensionality Reduction unit 21, data identification unit 22 and data Taxon 23, carries out dimensionality reduction, identifies and classification process, thus realize storing different types of data original information data In the diverse location of cloud storage resource pool, beneficially information analysis and the display module 4 extraction to corresponding data, improve further The speed of service of system.The present embodiment value m=4,The speed of service of system improves 2%.

Preferably, the transmitting-receiving corresponding relation of described mail is obtained by the TCP closure obtaining mail, first passes through solution The network packet that analysis obtains, obtains including source IP address, purpose IP address, source port, destination interface, the information of serial number, And with four-tuple 1: source IP address, source port, purpose IP address, destination interface and four-tuple 2: purpose IP address, destination interface, Source IP address, source port, indicate the both direction that TCP connects respectively, then by the application layer data of network packet according to sequence In the row number journal file that sequentially write is corresponding with TCP closure.

Preferably, described Table content includes mail ID, mail header, mail time, mail originator and Email attachment Number.

Application scenarios 2:

A kind of multifunctional intellectual cell management system as shown in Figure 1, including public conference room gateway 100, residential building net Pass 200, outdoor communal facility gateway 300, cloud network 400, home server 500, cell management person's monitor supervision platform 600, detection Device 700 and execution device 800；Described detection device 700 detects public conference room, outdoor communal facility and residential building mistake respectively The temperature in road, light intensity, humidity and noise information, and respectively by public conference room gateway 100, outdoor communal facility gateway 300 It is sent to home server 500 with residential building gateway 200, then is sent to cloud network 400 by home server 500 and carries out data Reason and storage；Described cell management person's monitor supervision platform 600 is connected with cloud network 400, supervises above-mentioned information for manager Control, and be adjusted controlling to performing device 800 according to the information obtained.

The present invention utilizes detection device to detect the parameters such as the temperature of each public territory, community, noise, and passes through Data are processed and store by cloud network, and manager controls to perform device and is adjusted after receiving feedback, system structure is simple Invest low.

Preferably, described execution device 800 includes controllable light strong illumination device, air-conditioning and dehydrating unit.

Preferably, described detection device 700 includes light intensity induction apparatus, humidity sensor, temperature sensor, noise measuring Device.

Preferably, as in figure 2 it is shown, also include secure visual system 900, for described cloud network is carried out visual Security monitoring, it includes that the information data being sequentially connected with excavates module 1, information pre-processing module 2, information storage module 3 and letter Breath is analyzed and display module 4；

Described information data excavates module 1, former for obtaining by the way of capturing network packet in LAN Beginning information data, described original information data includes that between IP, sensitive information sends detection data, mail-detection daily record data and divides Three kinds of data types of cloth Denial of Service attack data；

Described information pre-processing module 2, for original information data carries out Data Dimensionality Reduction, identify and classify pretreatment；

Described information storage module 3, is used for pretreated information data storing to the corresponding position of cloud storage resource pool In putting；

Described information analysis and display module 4, for realizing the extraction of information, analyzing and show, it includes that mail comes and goes Relation analysis shows that submodule 41, daily record number of times distributional analysis show that between submodule 42, IP, information sends relation analysis displaying Module 43, sensitivity email relaying path analysis and displaying submodule 44 and distributed denial of service attack data analysis are sub with displaying Module 45, particularly as follows:

(1) submodule 41 is shown in mail contact relation analysis, for the mail-detection day of storage in cloud storage resource pool Will data carry out extracting, analyze, process, and show a certain specify the time period in the sensitive mail contact relation that detects；Described Mail contact relation analysis shows that submodule 41 enables users to interact with interface by the calendar on design optional date, uses Family can arbitrarily select the time period to be checked, the following operation of concrete execution:

The time period selected according to user, the data in cloud storage resource pool are chosen by system, after choosing data With the form of dictionary, data are stored, through data being analyzed process, according to the transmitting-receiving corresponding relation of sensitive mail Generate corresponding matrix data model；Subsequently, by the form of chord figure, the transmitting-receiving of mail sensitive in the selected time period is closed System carries out visual presentation, and each different mailboxes are distributed in circle around, show email address at circular outside profile, if Having the transmission relation of sensitive information between different mailboxes, just do ribbon lines between two mailboxes, lines are thick One side represents the sender of mail, and the thin side of lines represents the recipient of mail；

(2) submodule 42 is shown in the distributional analysis of daily record number of times, for entering according to time period and the daily record quantity that detects Row classification and statistics, and show by the form of dendrogram, particularly as follows:

(2-1) log data set W of reception is divided into n time subset, i.e. W={W1, W2 according to the time period ..., Wj ..., Wn}；

(2-2) be manually set m daily record quantitative levels, by each time subset Wj divide m level subset, i.e. W1j, W2j ..., Wij ..., Wmj, wherein the span of m is [4,8]；

(2-3) with log data set W as root, Wj is ground floor node, and Wij is second layer joint structure tree TW；

(2-5) calculating the value of each node in tree TW, wherein the value of leaf node is the value of this data element, non- The value of leaf node is equal to the value sum of all child nodes of its lower floor, and so far log data set W has been configured to a tree-shaped Data structure；

(2-6) dendrogram that the tree data structure of generation is mapped as on two dimensional surface；

(3) between IP, information sends relation analysis displaying submodule 43, for being pointed to cloud storage resource pool relevant position Between IP sensitive information send detection data carry out extracting, analyze, statistical disposition, by visual presentation form and interface alternation exhibition Sensitive information between IP different in showing certain period of time sends incidence relation；Between described IP, information sends relation analysis displaying Submodule 43 uses the time period to select mechanism and scatterplot layout exhibition method, uses joint form presentation-entity, and lines represent real With size of node, contact between body, represents that between IP, information sends the degree of strength of incidence relation, according to click thing Part selectively carries out level displaying；Mouse-over there will be the details of correspondent entity, described detailed letter on node Breath includes that ID, discovery time, click entity will select all IP related with selected node, and only display should Sub-network figure, the most also shows its corresponding relation sending information with the form of word；It is provided with search mechanisms, user simultaneously The IP related information that a certain IP selects to want to check can be inputted；

(4) sensitive email relaying path analysis and displaying submodule 44, for by analyzing and processing statistics mail-detection day Detection data in will data and email relaying relation, show the road that a certain specific mail is forwarded between different mailboxes Footpath, particularly as follows:

First, user inputs the key word contained by mail header to be searched for or mail header, system in search box According to key word, mail header all of in mail record data is carried out fuzzy matching retrieval, if not retrieving defeated with user Enter the mail matched, then send information reminding user and re-enter；If being successfully retrieved relative recording, result just will be retrieved Showing user with the form of Table content, be that the title of each mail adds Click event simultaneously, user clicks on target postal The title of part, backstage again carries out retrieval coupling, finds the forwarding record of this mail according to mail selected by user to mail record, And the article receiving and sending people every time forwarded is carried out statistic record with the form of dictionary, the data required for structure visual presentation；? After, show that the forward-path of mail is presented to user and provides interactive function with the form of a stacking dendrogram, if certain postal Case is afterbody recipient, then the summit of tree diagram is hollow display, if this email relaying is also given additionally by this mailbox One or several mailboxes, then the tree diagram node representing this mailbox is set to solid；

(5) distributed denial of service attack data analysis with show submodule 45, be used for extracting, analyze and show distributed Denial of Service attack data, particularly as follows:

1) distributed denial of service attack data analysis and displaying submodule 45 are from the relevant position of cloud storage resource pool Extracting distributed denial of service attack data, use Hash table to store, in Hash table, keyword uses character string forms, word Symbol string forms by source IP, port numbers and according to the time label three selected by the time interval of user's setting, appoints in these three Anticipating when a newly-built element occurs different and newly-built element will be inserted in Hash table, each element is in the future graphical Being all a node in expression, the relation representing and being connected between main frame, the value that in Hash table, keyword is corresponding represents this time Connect the data total amount in communication activity；

2) calculate the coordinate figure of all nodes, and then the point with coordinate information is drawn, and according to different demands Carry out time interval, the adjustment of unit radius parameter that figure shows, the principle followed when wherein drawing is: host node and in Line between heart node represents the size of amount of communication data in time interval, maps according to certain coefficient, and communicate number Representing according to amount different colours, the expression amount of communication data that color is red is bigger；Host node is made up of some concentric circulars, face The contrast intensity of color represents the port number related in this connection.

In this embodiment, utilize visual technology, be directed in network security detecting system in the network captured Sensitive information type and transmission situation etc. carry out visual displaying, from five different angles, network security are detected data It is analyzed and shows, accurate, comprehensive and facilitate management personnel to make corresponding to judge and decision-making；The distributed refusal arranged Service attack data analysis can carry out various dimensions to distributed denial of service attack pattern with displaying submodule 45 and show, and root According to the adjustment of the different unit radius parameters that demand carries out time interval, figure shows, improve the performance that user is mutual.

Preferably, described information pre-processing module 2 includes Data Dimensionality Reduction unit 21, data identification unit 22 and data classification Unit 23, particularly as follows:

(1) Data Dimensionality Reduction unit 21, for use the PCA of improvement eliminate between original information data superfluous Remaining, reduce the dimension of original information data, the PCA of described improvement is:

1) N bar original information data to be analyzed is mentioned, as matrix X=[x₁,x₂,…,x_N], wherein x_iBe i-th former Beginning information data；

2) meansigma methods of N bar original information data is solved:

$\stackrel{\‾}{x}=\frac{1}{N}\underset{i=1}{\overset{N}{\Σ}}{x}_i$

3) the covariance matrix A of N bar original information data is solved:

$A=\frac{1}{N}\underset{i=1}{\overset{N}{\Σ}}(x_i-\stackrel{\‾}{x}){(x_i-\stackrel{\‾}{x})}^T$

4) according to the eigenvalue problem calculating main component element of covariance matrix A:

Aδ_i=μ_iδ_i

Wherein μ_i, δ_iIt is respectively eigenvalue and the characteristic of correspondence vector of A；

5) according to given precision ρ, by numerical computation method, front M eigenvalue of maximum is solved:

$\underset{i=1}{\overset{M}{\Σ}}{\mathrm{\μ}}_i/\underset{i=1}{\overset{N}{\Σ}}{\mathrm{\μ}}_i\≥\mathrm{\ρ}$

Wherein, the span of M is

6) front M eigenvalue of maximum and characteristic of correspondence vector, order are taken

Φ=[δ₁,δ₂,…,δ_M], Γ=diag (μ₁,μ₂,…,μ_M)

Then there is A Φ=Φ Γ；

7) the new matrix Y=Φ of low-dimensional vector composition is calculated^TX；

(2) data identification unit 22, for the original information data after reducing dimension is identified detection, remove not phase The information data closed, obtains relevant information data；

(3) data sorting unit 23, for classifying according to data type to relevant information data.

Preferably, described data identification unit 22 includes being identified distributed denial of service attack data, particularly as follows:

1) the K bar original information data matrix after dimensionality reduction is set as Y '=Φ^TX ', wherein X '=[x₁,x₂,…,x_K], x_j∈ X ', selection Db3 small echo is as analysis wavelet, and selects maximum decomposition scale, uses decomposition algorithm to carry out wavelet decomposition Y ' and obtains To matrix of wavelet coefficients, when j≤out to out, from matrix of wavelet coefficients, extract high frequency coefficient, calculate the variance of little coefficient After Ψ, and according to [j, log₂Ψ] fitting a straight line tries to achieve slope k, thus solves the self similar parameter Hurst value of network traffics H:

H=(k-1)/2

2) the Hurst changing value Δ H=H the most in the same time tried to achieve by analysis_t-H_t-1, set threshold T, if Δ H ＞ T, it is determined that distributed denial of service attack occurs, preserves corresponding original information data；If Δ H≤T, it is determined that distributed refusal takes Business is attacked and is not sent, and removes corresponding original information data.Take m=5,

In the present embodiment, information pre-processing module 2 arranges Data Dimensionality Reduction unit 21, data identification unit 22 and data Taxon 23, carries out dimensionality reduction, identifies and classification process, thus realize storing different types of data original information data In the diverse location of cloud storage resource pool, beneficially information analysis and the display module 4 extraction to corresponding data, improve further The speed of service of system.The present embodiment value m=5,The speed of service of system improves 1.8%.

Preferably, the transmitting-receiving corresponding relation of described mail is obtained by the TCP closure obtaining mail, first passes through solution The network packet that analysis obtains, obtains including source IP address, purpose IP address, source port, destination interface, the information of serial number, And with four-tuple 1: source IP address, source port, purpose IP address, destination interface and four-tuple 2: purpose IP address, destination interface, Source IP address, source port, indicate the both direction that TCP connects respectively, then by the application layer data of network packet according to sequence In the row number journal file that sequentially write is corresponding with TCP closure.

Preferably, described Table content includes mail ID, mail header, mail time, mail originator and Email attachment Number.

Application scenarios 3:

A kind of multifunctional intellectual cell management system as shown in Figure 1, including public conference room gateway 100, residential building net Pass 200, outdoor communal facility gateway 300, cloud network 400, home server 500, cell management person's monitor supervision platform 600, detection Device 700 and execution device 800；Described detection device 700 detects public conference room, outdoor communal facility and residential building mistake respectively The temperature in road, light intensity, humidity and noise information, and respectively by public conference room gateway 100, outdoor communal facility gateway 300 It is sent to home server 500 with residential building gateway 200, then is sent to cloud network 400 by home server 500 and carries out data Reason and storage；Described cell management person's monitor supervision platform 600 is connected with cloud network 400, supervises above-mentioned information for manager Control, and be adjusted controlling to performing device 800 according to the information obtained.

The present invention utilizes detection device to detect the parameters such as the temperature of each public territory, community, noise, and passes through Data are processed and store by cloud network, and manager controls to perform device and is adjusted after receiving feedback, system structure is simple Invest low.

Preferably, described execution device 800 includes controllable light strong illumination device, air-conditioning and dehydrating unit.

Preferably, described detection device 700 includes light intensity induction apparatus, humidity sensor, temperature sensor, noise measuring Device.

Preferably, as in figure 2 it is shown, also include secure visual system 900, for described cloud network is carried out visual Security monitoring, it includes that the information data being sequentially connected with excavates module 1, information pre-processing module 2, information storage module 3 and letter Breath is analyzed and display module 4；

Described information data excavates module 1, former for obtaining by the way of capturing network packet in LAN Beginning information data, described original information data includes that between IP, sensitive information sends detection data, mail-detection daily record data and divides Three kinds of data types of cloth Denial of Service attack data；

Described information pre-processing module 2, for original information data carries out Data Dimensionality Reduction, identify and classify pretreatment；

Described information storage module 3, is used for pretreated information data storing to the corresponding position of cloud storage resource pool In putting；

Described information analysis and display module 4, for realizing the extraction of information, analyzing and show, it includes that mail comes and goes Relation analysis shows that submodule 41, daily record number of times distributional analysis show that between submodule 42, IP, information sends relation analysis displaying Module 43, sensitivity email relaying path analysis and displaying submodule 44 and distributed denial of service attack data analysis are sub with displaying Module 45, particularly as follows:

(1) submodule 41 is shown in mail contact relation analysis, for the mail-detection day of storage in cloud storage resource pool Will data carry out extracting, analyze, process, and show a certain specify the time period in the sensitive mail contact relation that detects；Described Mail contact relation analysis shows that submodule 41 enables users to interact with interface by the calendar on design optional date, uses Family can arbitrarily select the time period to be checked, the following operation of concrete execution:

The time period selected according to user, the data in cloud storage resource pool are chosen by system, after choosing data With the form of dictionary, data are stored, through data being analyzed process, according to the transmitting-receiving corresponding relation of sensitive mail Generate corresponding matrix data model；Subsequently, by the form of chord figure, the transmitting-receiving of mail sensitive in the selected time period is closed System carries out visual presentation, and each different mailboxes are distributed in circle around, show email address at circular outside profile, if Having the transmission relation of sensitive information between different mailboxes, just do ribbon lines between two mailboxes, lines are thick One side represents the sender of mail, and the thin side of lines represents the recipient of mail；

(2) submodule 42 is shown in the distributional analysis of daily record number of times, for entering according to time period and the daily record quantity that detects Row classification and statistics, and show by the form of dendrogram, particularly as follows:

(2-1) log data set W of reception is divided into n time subset, i.e. W={W1, W2 according to the time period ..., Wj ..., Wn}；

(2-2) be manually set m daily record quantitative levels, by each time subset Wj divide m level subset, i.e. W1j, W2j ..., Wij ..., Wmj, wherein the span of m is [4,8]；

(2-3) with log data set W as root, Wj is ground floor node, and Wij is second layer joint structure tree TW；

(2-5) calculating the value of each node in tree TW, wherein the value of leaf node is the value of this data element, non- The value of leaf node is equal to the value sum of all child nodes of its lower floor, and so far log data set W has been configured to a tree-shaped Data structure；

(2-6) dendrogram that the tree data structure of generation is mapped as on two dimensional surface；

(3) between IP, information sends relation analysis displaying submodule 43, for being pointed to cloud storage resource pool relevant position Between IP sensitive information send detection data carry out extracting, analyze, statistical disposition, by visual presentation form and interface alternation exhibition Sensitive information between IP different in showing certain period of time sends incidence relation；Between described IP, information sends relation analysis displaying Submodule 43 uses the time period to select mechanism and scatterplot layout exhibition method, uses joint form presentation-entity, and lines represent real With size of node, contact between body, represents that between IP, information sends the degree of strength of incidence relation, according to click thing Part selectively carries out level displaying；Mouse-over there will be the details of correspondent entity, described detailed letter on node Breath includes that ID, discovery time, click entity will select all IP related with selected node, and only display should Sub-network figure, the most also shows its corresponding relation sending information with the form of word；It is provided with search mechanisms, user simultaneously The IP related information that a certain IP selects to want to check can be inputted；

(4) sensitive email relaying path analysis and displaying submodule 44, for by analyzing and processing statistics mail-detection day Detection data in will data and email relaying relation, show the road that a certain specific mail is forwarded between different mailboxes Footpath, particularly as follows:

First, user inputs the key word contained by mail header to be searched for or mail header, system in search box According to key word, mail header all of in mail record data is carried out fuzzy matching retrieval, if not retrieving defeated with user Enter the mail matched, then send information reminding user and re-enter；If being successfully retrieved relative recording, result just will be retrieved Showing user with the form of Table content, be that the title of each mail adds Click event simultaneously, user clicks on target postal The title of part, backstage again carries out retrieval coupling, finds the forwarding record of this mail according to mail selected by user to mail record, And the article receiving and sending people every time forwarded is carried out statistic record with the form of dictionary, the data required for structure visual presentation；? After, show that the forward-path of mail is presented to user and provides interactive function with the form of a stacking dendrogram, if certain postal Case is afterbody recipient, then the summit of tree diagram is hollow display, if this email relaying is also given additionally by this mailbox One or several mailboxes, then the tree diagram node representing this mailbox is set to solid；

(5) distributed denial of service attack data analysis with show submodule 45, be used for extracting, analyze and show distributed Denial of Service attack data, particularly as follows:

1) distributed denial of service attack data analysis and displaying submodule 45 are from the relevant position of cloud storage resource pool Extracting distributed denial of service attack data, use Hash table to store, in Hash table, keyword uses character string forms, word Symbol string forms by source IP, port numbers and according to the time label three selected by the time interval of user's setting, appoints in these three Anticipating when a newly-built element occurs different and newly-built element will be inserted in Hash table, each element is in the future graphical Being all a node in expression, the relation representing and being connected between main frame, the value that in Hash table, keyword is corresponding represents this time Connect the data total amount in communication activity；

2) calculate the coordinate figure of all nodes, and then the point with coordinate information is drawn, and according to different demands Carry out time interval, the adjustment of unit radius parameter that figure shows, the principle followed when wherein drawing is: host node and in Line between heart node represents the size of amount of communication data in time interval, maps according to certain coefficient, and communicate number Representing according to amount different colours, the expression amount of communication data that color is red is bigger；Host node is made up of some concentric circulars, face The contrast intensity of color represents the port number related in this connection.

In this embodiment, utilize visual technology, be directed in network security detecting system in the network captured Sensitive information type and transmission situation etc. carry out visual displaying, from five different angles, network security are detected data It is analyzed and shows, accurate, comprehensive and facilitate management personnel to make corresponding to judge and decision-making；The distributed refusal arranged Service attack data analysis can carry out various dimensions to distributed denial of service attack pattern with displaying submodule 45 and show, and root According to the adjustment of the different unit radius parameters that demand carries out time interval, figure shows, improve the performance that user is mutual.

Preferably, described information pre-processing module 2 includes Data Dimensionality Reduction unit 21, data identification unit 22 and data classification Unit 23, particularly as follows:

(1) Data Dimensionality Reduction unit 21, for use the PCA of improvement eliminate between original information data superfluous Remaining, reduce the dimension of original information data, the PCA of described improvement is:

1) N bar original information data to be analyzed is mentioned, as matrix X=[x₁,x₂,…,x_N], wherein x_iBe i-th former Beginning information data；

2) meansigma methods of N bar original information data is solved:

$\stackrel{\‾}{x}=\frac{1}{N}\underset{i=1}{\overset{N}{\Σ}}{x}_i$

3) the covariance matrix A of N bar original information data is solved:

$A=\frac{1}{N}\underset{i=1}{\overset{N}{\Σ}}(x_i-\stackrel{\‾}{x}){(x_i-\stackrel{\‾}{x})}^T$

4) according to the eigenvalue problem calculating main component element of covariance matrix A:

Aδ_i=μ_iδ_i

Wherein μ_i, δ_iIt is respectively eigenvalue and the characteristic of correspondence vector of A；

5) according to given precision ρ, by numerical computation method, front M eigenvalue of maximum is solved:

$\underset{i=1}{\overset{M}{\Σ}}{\mathrm{\μ}}_i/\underset{i=1}{\overset{N}{\Σ}}{\mathrm{\μ}}_i\≥\mathrm{\ρ}$

Wherein, the span of M is

6) front M eigenvalue of maximum and characteristic of correspondence vector, order are taken

Φ=[δ₁,δ₂..., δ_M], Γ=diag (μ₁,μ₂..., μ_M)

Then there is A Φ=Φ Γ；

7) the new matrix Y=Φ of low-dimensional vector composition is calculated^TX；

(2) data identification unit 22, for the original information data after reducing dimension is identified detection, remove not phase The information data closed, obtains relevant information data；

(3) data sorting unit 23, for classifying according to data type to relevant information data.

Preferably, described data identification unit 22 includes being identified distributed denial of service attack data, particularly as follows:

1) the K bar original information data matrix after dimensionality reduction is set as Y '=Φ^TX ', wherein X '=[x₁,x₂,…,x_K], x_j∈ X ', selection Db3 small echo is as analysis wavelet, and selects maximum decomposition scale, uses decomposition algorithm to carry out wavelet decomposition Y ' and obtains To matrix of wavelet coefficients, when j≤out to out, from matrix of wavelet coefficients, extract high frequency coefficient, calculate the variance of little coefficient After Ψ, and according to [j, log₂Ψ] fitting a straight line tries to achieve slope k, thus solves the self similar parameter Hurst value of network traffics H:

H=(k-1)/2

2) the Hurst changing value Δ H=H the most in the same time tried to achieve by analysis_t-H_t-1, set threshold T, if Δ H ＞ T, it is determined that distributed denial of service attack occurs, preserves corresponding original information data；If Δ H≤T, it is determined that distributed refusal takes Business is attacked and is not sent, and removes corresponding original information data.Take m=6,

In the present embodiment, information pre-processing module 2 arranges Data Dimensionality Reduction unit 21, data identification unit 22 and data Taxon 23, carries out dimensionality reduction, identifies and classification process, thus realize storing different types of data original information data In the diverse location of cloud storage resource pool, beneficially information analysis and the display module 4 extraction to corresponding data, improve further The speed of service of system.The present embodiment value m=6,The speed of service of system improves 1.6%.

Preferably, the transmitting-receiving corresponding relation of described mail is obtained by the TCP closure obtaining mail, first passes through solution The network packet that analysis obtains, obtains including source IP address, purpose IP address, source port, destination interface, the information of serial number, And with four-tuple 1: source IP address, source port, purpose IP address, destination interface and four-tuple 2: purpose IP address, destination interface, Source IP address, source port, indicate the both direction that TCP connects respectively, then by the application layer data of network packet according to sequence In the row number journal file that sequentially write is corresponding with TCP closure.

Preferably, described Table content includes mail ID, mail header, mail time, mail originator and Email attachment Number.

Application scenarios 4:

A kind of multifunctional intellectual cell management system as shown in Figure 1, including public conference room gateway 100, residential building net Pass 200, outdoor communal facility gateway 300, cloud network 400, home server 500, cell management person's monitor supervision platform 600, detection Device 700 and execution device 800；Described detection device 700 detects public conference room, outdoor communal facility and residential building mistake respectively The temperature in road, light intensity, humidity and noise information, and respectively by public conference room gateway 100, outdoor communal facility gateway 300 It is sent to home server 500 with residential building gateway 200, then is sent to cloud network 400 by home server 500 and carries out data Reason and storage；Described cell management person's monitor supervision platform 600 is connected with cloud network 400, supervises above-mentioned information for manager Control, and be adjusted controlling to performing device 800 according to the information obtained.

The present invention utilizes detection device to detect the parameters such as the temperature of each public territory, community, noise, and passes through Data are processed and store by cloud network, and manager controls to perform device and is adjusted after receiving feedback, system structure is simple Invest low.

Preferably, described execution device 800 includes controllable light strong illumination device, air-conditioning and dehydrating unit.

Preferably, described detection device 700 includes light intensity induction apparatus, humidity sensor, temperature sensor, noise measuring Device.

Preferably, as in figure 2 it is shown, also include secure visual system 900, for described cloud network is carried out visual Security monitoring, it includes that the information data being sequentially connected with excavates module 1, information pre-processing module 2, information storage module 3 and letter Breath is analyzed and display module 4；

Described information data excavates module 1, former for obtaining by the way of capturing network packet in LAN Beginning information data, described original information data includes that between IP, sensitive information sends detection data, mail-detection daily record data and divides Three kinds of data types of cloth Denial of Service attack data；

Described information pre-processing module 2, for original information data carries out Data Dimensionality Reduction, identify and classify pretreatment；

Described information storage module 3, is used for pretreated information data storing to the corresponding position of cloud storage resource pool In putting；

Described information analysis and display module 4, for realizing the extraction of information, analyzing and show, it includes that mail comes and goes Relation analysis shows that submodule 41, daily record number of times distributional analysis show that between submodule 42, IP, information sends relation analysis displaying Module 43, sensitivity email relaying path analysis and displaying submodule 44 and distributed denial of service attack data analysis are sub with displaying Module 45, particularly as follows:

(1) submodule 41 is shown in mail contact relation analysis, for the mail-detection day of storage in cloud storage resource pool Will data carry out extracting, analyze, process, and show a certain specify the time period in the sensitive mail contact relation that detects；Described Mail contact relation analysis shows that submodule 41 enables users to interact with interface by the calendar on design optional date, uses Family can arbitrarily select the time period to be checked, the following operation of concrete execution:

The time period selected according to user, the data in cloud storage resource pool are chosen by system, after choosing data With the form of dictionary, data are stored, through data being analyzed process, according to the transmitting-receiving corresponding relation of sensitive mail Generate corresponding matrix data model；Subsequently, by the form of chord figure, the transmitting-receiving of mail sensitive in the selected time period is closed System carries out visual presentation, and each different mailboxes are distributed in circle around, show email address at circular outside profile, if Having the transmission relation of sensitive information between different mailboxes, just do ribbon lines between two mailboxes, lines are thick One side represents the sender of mail, and the thin side of lines represents the recipient of mail；

(2) submodule 42 is shown in the distributional analysis of daily record number of times, for entering according to time period and the daily record quantity that detects Row classification and statistics, and show by the form of dendrogram, particularly as follows:

(2-1) log data set W of reception is divided into n time subset, i.e. W={W1, W2 according to the time period ..., Wj ..., Wn}；

(2-2) be manually set m daily record quantitative levels, by each time subset Wj divide m level subset, i.e. W1j, W2j ..., Wij ..., Wmj, wherein the span of m is [4,8]；

(2-3) with log data set W as root, Wj is ground floor node, and Wij is second layer joint structure tree TW；

(2-5) calculating the value of each node in tree TW, wherein the value of leaf node is the value of this data element, non- The value of leaf node is equal to the value sum of all child nodes of its lower floor, and so far log data set W has been configured to a tree-shaped Data structure；

(2-6) dendrogram that the tree data structure of generation is mapped as on two dimensional surface；

(3) between IP, information sends relation analysis displaying submodule 43, for being pointed to cloud storage resource pool relevant position Between IP sensitive information send detection data carry out extracting, analyze, statistical disposition, by visual presentation form and interface alternation exhibition Sensitive information between IP different in showing certain period of time sends incidence relation；Between described IP, information sends relation analysis displaying Submodule 43 uses the time period to select mechanism and scatterplot layout exhibition method, uses joint form presentation-entity, and lines represent real With size of node, contact between body, represents that between IP, information sends the degree of strength of incidence relation, according to click thing Part selectively carries out level displaying；Mouse-over there will be the details of correspondent entity, described detailed letter on node Breath includes that ID, discovery time, click entity will select all IP related with selected node, and only display should Sub-network figure, the most also shows its corresponding relation sending information with the form of word；It is provided with search mechanisms, user simultaneously The IP related information that a certain IP selects to want to check can be inputted；

(4) sensitive email relaying path analysis and displaying submodule 44, for by analyzing and processing statistics mail-detection day Detection data in will data and email relaying relation, show the road that a certain specific mail is forwarded between different mailboxes Footpath, particularly as follows:

First, user inputs the key word contained by mail header to be searched for or mail header, system in search box According to key word, mail header all of in mail record data is carried out fuzzy matching retrieval, if not retrieving defeated with user Enter the mail matched, then send information reminding user and re-enter；If being successfully retrieved relative recording, result just will be retrieved Showing user with the form of Table content, be that the title of each mail adds Click event simultaneously, user clicks on target postal The title of part, backstage again carries out retrieval coupling, finds the forwarding record of this mail according to mail selected by user to mail record, And the article receiving and sending people every time forwarded is carried out statistic record with the form of dictionary, the data required for structure visual presentation；? After, show that the forward-path of mail is presented to user and provides interactive function with the form of a stacking dendrogram, if certain postal Case is afterbody recipient, then the summit of tree diagram is hollow display, if this email relaying is also given additionally by this mailbox One or several mailboxes, then the tree diagram node representing this mailbox is set to solid；

(5) distributed denial of service attack data analysis with show submodule 45, be used for extracting, analyze and show distributed Denial of Service attack data, particularly as follows:

1) distributed denial of service attack data analysis and displaying submodule 45 are from the relevant position of cloud storage resource pool Extracting distributed denial of service attack data, use Hash table to store, in Hash table, keyword uses character string forms, word Symbol string forms by source IP, port numbers and according to the time label three selected by the time interval of user's setting, appoints in these three Anticipating when a newly-built element occurs different and newly-built element will be inserted in Hash table, each element is in the future graphical Being all a node in expression, the relation representing and being connected between main frame, the value that in Hash table, keyword is corresponding represents this time Connect the data total amount in communication activity；

2) calculate the coordinate figure of all nodes, and then the point with coordinate information is drawn, and according to different demands Carry out time interval, the adjustment of unit radius parameter that figure shows, the principle followed when wherein drawing is: host node and in Line between heart node represents the size of amount of communication data in time interval, maps according to certain coefficient, and communicate number Representing according to amount different colours, the expression amount of communication data that color is red is bigger；Host node is made up of some concentric circulars, face The contrast intensity of color represents the port number related in this connection.

In this embodiment, utilize visual technology, be directed in network security detecting system in the network captured Sensitive information type and transmission situation etc. carry out visual displaying, from five different angles, network security are detected data It is analyzed and shows, accurate, comprehensive and facilitate management personnel to make corresponding to judge and decision-making；The distributed refusal arranged Service attack data analysis can carry out various dimensions to distributed denial of service attack pattern with displaying submodule 45 and show, and root According to the adjustment of the different unit radius parameters that demand carries out time interval, figure shows, improve the performance that user is mutual.

Preferably, described information pre-processing module 2 includes Data Dimensionality Reduction unit 21, data identification unit 22 and data classification Unit 23, particularly as follows:

(1) Data Dimensionality Reduction unit 21, for use the PCA of improvement eliminate between original information data superfluous Remaining, reduce the dimension of original information data, the PCA of described improvement is:

1) N bar original information data to be analyzed is mentioned, as matrix X=[x₁,x₂,…,x_N], wherein x_iBe i-th former Beginning information data；

2) meansigma methods of N bar original information data is solved:

$\stackrel{\‾}{x}=\frac{1}{N}\underset{i=1}{\overset{N}{\Σ}}{x}_i$

3) the covariance matrix A of N bar original information data is solved:

$A=\frac{1}{N}\underset{i=1}{\overset{N}{\Σ}}(x_i-\stackrel{\‾}{x}){(x_i-\stackrel{\‾}{x})}^T$

4) according to the eigenvalue problem calculating main component element of covariance matrix A:

Aδ_i=μ_iδ_i

Wherein μ_i, δ_iIt is respectively eigenvalue and the characteristic of correspondence vector of A；

5) according to given precision ρ, by numerical computation method, front M eigenvalue of maximum is solved:

$\underset{i=1}{\overset{M}{\Σ}}{\mathrm{\μ}}_i/\underset{i=1}{\overset{N}{\Σ}}{\mathrm{\μ}}_i\≥\mathrm{\ρ}$

Wherein, the span of M is

6) front M eigenvalue of maximum and characteristic of correspondence vector, order are taken

Φ=[δ₁,δ₂,…,δ_M], Γ=diag (μ₁,μ₂,…,μ_M)

Then there is A Φ=Φ Γ；

7) the new matrix Y=Φ of low-dimensional vector composition is calculated^TX；

(2) data identification unit 22, for the original information data after reducing dimension is identified detection, remove not phase The information data closed, obtains relevant information data；

(3) data sorting unit 23, for classifying according to data type to relevant information data.

Preferably, described data identification unit 22 includes being identified distributed denial of service attack data, particularly as follows:

1) the K bar original information data matrix after dimensionality reduction is set as Y '=Φ^TX ', wherein X '=[x₁,x₂,…,x_K], x_j∈ X ', selection Db3 small echo is as analysis wavelet, and selects maximum decomposition scale, uses decomposition algorithm to carry out wavelet decomposition Y ' and obtains To matrix of wavelet coefficients, when j≤out to out, from matrix of wavelet coefficients, extract high frequency coefficient, calculate the variance of little coefficient After Ψ, and according to [j, log₂Ψ] fitting a straight line tries to achieve slope k, thus solves the self similar parameter Hurst value of network traffics H:

H=(k-1)/2

2) the Hurst changing value Δ H=H the most in the same time tried to achieve by analysis_t-H_t-1, set threshold T, if Δ H ＞ T, it is determined that distributed denial of service attack occurs, preserves corresponding original information data；If Δ H≤T, it is determined that distributed refusal takes Business is attacked and is not sent, and removes corresponding original information data.Take m=7,

In the present embodiment, information pre-processing module 2 arranges Data Dimensionality Reduction unit 21, data identification unit 22 and data Taxon 23, carries out dimensionality reduction, identifies and classification process, thus realize storing different types of data original information data In the diverse location of cloud storage resource pool, beneficially information analysis and the display module 4 extraction to corresponding data, improve further The speed of service of system.The present embodiment value m=7,The speed of service of system improves 1.5%.

Preferably, the transmitting-receiving corresponding relation of described mail is obtained by the TCP closure obtaining mail, first passes through solution The network packet that analysis obtains, obtains including source IP address, purpose IP address, source port, destination interface, the information of serial number, And with four-tuple 1: source IP address, source port, purpose IP address, destination interface and four-tuple 2: purpose IP address, destination interface, Source IP address, source port, indicate the both direction that TCP connects respectively, then by the application layer data of network packet according to sequence In the row number journal file that sequentially write is corresponding with TCP closure.

Preferably, described Table content includes mail ID, mail header, mail time, mail originator and Email attachment Number.

Application scenarios 5:

A kind of multifunctional intellectual cell management system as shown in Figure 1, including public conference room gateway 100, residential building net Pass 200, outdoor communal facility gateway 300, cloud network 400, home server 500, cell management person's monitor supervision platform 600, detection Device 700 and execution device 800；Described detection device 700 detects public conference room, outdoor communal facility and residential building mistake respectively The temperature in road, light intensity, humidity and noise information, and respectively by public conference room gateway 100, outdoor communal facility gateway 300 It is sent to home server 500 with residential building gateway 200, then is sent to cloud network 400 by home server 500 and carries out data Reason and storage；Described cell management person's monitor supervision platform 600 is connected with cloud network 400, supervises above-mentioned information for manager Control, and be adjusted controlling to performing device 800 according to the information obtained.

The present invention utilizes detection device to detect the parameters such as the temperature of each public territory, community, noise, and passes through Data are processed and store by cloud network, and manager controls to perform device and is adjusted after receiving feedback, system structure is simple Invest low.

Preferably, described execution device 800 includes controllable light strong illumination device, air-conditioning and dehydrating unit.

Preferably, described detection device 700 includes light intensity induction apparatus, humidity sensor, temperature sensor, noise measuring Device.

Preferably, as in figure 2 it is shown, also include secure visual system 900, for described cloud network is carried out visual Security monitoring, it includes that the information data being sequentially connected with excavates module 1, information pre-processing module 2, information storage module 3 and letter Breath is analyzed and display module 4；

Described information data excavates module 1, former for obtaining by the way of capturing network packet in LAN Beginning information data, described original information data includes that between IP, sensitive information sends detection data, mail-detection daily record data and divides Three kinds of data types of cloth Denial of Service attack data；

Described information pre-processing module 2, for original information data carries out Data Dimensionality Reduction, identify and classify pretreatment；

Described information storage module 3, is used for pretreated information data storing to the corresponding position of cloud storage resource pool In putting；

Described information analysis and display module 4, for realizing the extraction of information, analyzing and show, it includes that mail comes and goes Relation analysis shows that submodule 41, daily record number of times distributional analysis show that between submodule 42, IP, information sends relation analysis displaying Module 43, sensitivity email relaying path analysis and displaying submodule 44 and distributed denial of service attack data analysis are sub with displaying Module 45, particularly as follows:

(1) submodule 41 is shown in mail contact relation analysis, for the mail-detection day of storage in cloud storage resource pool Will data carry out extracting, analyze, process, and show a certain specify the time period in the sensitive mail contact relation that detects；Described Mail contact relation analysis shows that submodule 41 enables users to interact with interface by the calendar on design optional date, uses Family can arbitrarily select the time period to be checked, the following operation of concrete execution:

The time period selected according to user, the data in cloud storage resource pool are chosen by system, after choosing data With the form of dictionary, data are stored, through data being analyzed process, according to the transmitting-receiving corresponding relation of sensitive mail Generate corresponding matrix data model；Subsequently, by the form of chord figure, the transmitting-receiving of mail sensitive in the selected time period is closed System carries out visual presentation, and each different mailboxes are distributed in circle around, show email address at circular outside profile, if Having the transmission relation of sensitive information between different mailboxes, just do ribbon lines between two mailboxes, lines are thick One side represents the sender of mail, and the thin side of lines represents the recipient of mail；

(2) submodule 42 is shown in the distributional analysis of daily record number of times, for entering according to time period and the daily record quantity that detects Row classification and statistics, and show by the form of dendrogram, particularly as follows:

(2-1) log data set W of reception is divided into n time subset, i.e. W={W1, W2 according to the time period ..., Wj ..., Wn}；

(2-2) be manually set m daily record quantitative levels, by each time subset Wj divide m level subset, i.e. W1j, W2j ..., Wij ..., Wmj, wherein the span of m is [4,8]；

(2-3) with log data set W as root, Wj is ground floor node, and Wij is second layer joint structure tree TW；

(2-5) calculating the value of each node in tree TW, wherein the value of leaf node is the value of this data element, non- The value of leaf node is equal to the value sum of all child nodes of its lower floor, and so far log data set W has been configured to a tree-shaped Data structure；

(2-6) dendrogram that the tree data structure of generation is mapped as on two dimensional surface；

(3) between IP, information sends relation analysis displaying submodule 43, for being pointed to cloud storage resource pool relevant position Between IP sensitive information send detection data carry out extracting, analyze, statistical disposition, by visual presentation form and interface alternation exhibition Sensitive information between IP different in showing certain period of time sends incidence relation；Between described IP, information sends relation analysis displaying Submodule 43 uses the time period to select mechanism and scatterplot layout exhibition method, uses joint form presentation-entity, and lines represent real With size of node, contact between body, represents that between IP, information sends the degree of strength of incidence relation, according to click thing Part selectively carries out level displaying；Mouse-over there will be the details of correspondent entity, described detailed letter on node Breath includes that ID, discovery time, click entity will select all IP related with selected node, and only display should Sub-network figure, the most also shows its corresponding relation sending information with the form of word；It is provided with search mechanisms, user simultaneously The IP related information that a certain IP selects to want to check can be inputted；

(4) sensitive email relaying path analysis and displaying submodule 44, for by analyzing and processing statistics mail-detection day Detection data in will data and email relaying relation, show the road that a certain specific mail is forwarded between different mailboxes Footpath, particularly as follows:

First, user inputs the key word contained by mail header to be searched for or mail header, system in search box According to key word, mail header all of in mail record data is carried out fuzzy matching retrieval, if not retrieving defeated with user Enter the mail matched, then send information reminding user and re-enter；If being successfully retrieved relative recording, result just will be retrieved Showing user with the form of Table content, be that the title of each mail adds Click event simultaneously, user clicks on target postal The title of part, backstage again carries out retrieval coupling, finds the forwarding record of this mail according to mail selected by user to mail record, And the article receiving and sending people every time forwarded is carried out statistic record with the form of dictionary, the data required for structure visual presentation；? After, show that the forward-path of mail is presented to user and provides interactive function with the form of a stacking dendrogram, if certain postal Case is afterbody recipient, then the summit of tree diagram is hollow display, if this email relaying is also given additionally by this mailbox One or several mailboxes, then the tree diagram node representing this mailbox is set to solid；

(5) distributed denial of service attack data analysis with show submodule 45, be used for extracting, analyze and show distributed Denial of Service attack data, particularly as follows:

1) distributed denial of service attack data analysis and displaying submodule 45 are from the relevant position of cloud storage resource pool Extracting distributed denial of service attack data, use Hash table to store, in Hash table, keyword uses character string forms, word Symbol string forms by source IP, port numbers and according to the time label three selected by the time interval of user's setting, appoints in these three Anticipating when a newly-built element occurs different and newly-built element will be inserted in Hash table, each element is in the future graphical Being all a node in expression, the relation representing and being connected between main frame, the value that in Hash table, keyword is corresponding represents this time Connect the data total amount in communication activity；

2) calculate the coordinate figure of all nodes, and then the point with coordinate information is drawn, and according to different demands Carry out time interval, the adjustment of unit radius parameter that figure shows, the principle followed when wherein drawing is: host node and in Line between heart node represents the size of amount of communication data in time interval, maps according to certain coefficient, and communicate number Representing according to amount different colours, the expression amount of communication data that color is red is bigger；Host node is made up of some concentric circulars, face The contrast intensity of color represents the port number related in this connection.

In this embodiment, utilize visual technology, be directed in network security detecting system in the network captured Sensitive information type and transmission situation etc. carry out visual displaying, from five different angles, network security are detected data It is analyzed and shows, accurate, comprehensive and facilitate management personnel to make corresponding to judge and decision-making；The distributed refusal arranged Service attack data analysis can carry out various dimensions to distributed denial of service attack pattern with displaying submodule 45 and show, and root According to the adjustment of the different unit radius parameters that demand carries out time interval, figure shows, improve the performance that user is mutual.

Preferably, described information pre-processing module 2 includes Data Dimensionality Reduction unit 21, data identification unit 22 and data classification Unit 23, particularly as follows:

(1) Data Dimensionality Reduction unit 21, for use the PCA of improvement eliminate between original information data superfluous Remaining, reduce the dimension of original information data, the PCA of described improvement is:

1) N bar original information data to be analyzed is mentioned, as matrix X=[x₁,x₂,…,x_N], wherein x_iBe i-th former Beginning information data；

2) meansigma methods of N bar original information data is solved:

$\stackrel{\‾}{x}=\frac{1}{N}\underset{i=1}{\overset{N}{\Σ}}{x}_i$

3) the covariance matrix A of N bar original information data is solved:

$A=\frac{1}{N}\underset{i=1}{\overset{N}{\Σ}}(x_i-\stackrel{\‾}{x}){(x_i-\stackrel{\‾}{x})}^T$

4) according to the eigenvalue problem calculating main component element of covariance matrix A:

Aδ_i=μ_iδ_i

Wherein μ_i, δ_iIt is respectively eigenvalue and the characteristic of correspondence vector of A；

5) according to given precision ρ, by numerical computation method, front M eigenvalue of maximum is solved:

$\underset{i=1}{\overset{M}{\Σ}}{\mathrm{\μ}}_i/\underset{i=1}{\overset{N}{\Σ}}{\mathrm{\μ}}_i\≥\mathrm{\ρ}$

Wherein, the span of M is

6) front M eigenvalue of maximum and characteristic of correspondence vector, order are taken

Φ=[δ₁,δ₂,…,δ_M], Γ=diag (μ₁,μ₂,…,μ_M)

Then there is A Φ=Φ Γ；

7) the new matrix Y=Φ of low-dimensional vector composition is calculated^TX；

(2) data identification unit 22, for the original information data after reducing dimension is identified detection, remove not phase The information data closed, obtains relevant information data；

(3) data sorting unit 23, for classifying according to data type to relevant information data.

Preferably, described data identification unit 22 includes being identified distributed denial of service attack data, particularly as follows:

1) the K bar original information data matrix after dimensionality reduction is set as Y '=Φ^TX ', wherein X '=[x₁,x₂,…,x_K], x_j∈ X ', selection Db3 small echo is as analysis wavelet, and selects maximum decomposition scale, uses decomposition algorithm to carry out wavelet decomposition Y ' and obtains To matrix of wavelet coefficients, when j≤out to out, from matrix of wavelet coefficients, extract high frequency coefficient, calculate the variance of little coefficient After Ψ, and according to [j, log₂Ψ] fitting a straight line tries to achieve slope k, thus solves the self similar parameter Hurst value of network traffics H:

H=(k-1)/2

2) the Hurst changing value Δ H=H the most in the same time tried to achieve by analysis_t-H_t-1, set threshold T, if Δ H ＞ T, it is determined that distributed denial of service attack occurs, preserves corresponding original information data；If Δ H≤T, it is determined that distributed refusal takes Business is attacked and is not sent, and removes corresponding original information data.Take m=8,

In the present embodiment, information pre-processing module 2 arranges Data Dimensionality Reduction unit 21, data identification unit 22 and data Taxon 23, carries out dimensionality reduction, identifies and classification process, thus realize storing different types of data original information data In the diverse location of cloud storage resource pool, beneficially information analysis and the display module 4 extraction to corresponding data, improve further The speed of service of system.The present embodiment value m=8,The speed of service of system improves 1.4%.

Preferably, the transmitting-receiving corresponding relation of described mail is obtained by the TCP closure obtaining mail, first passes through solution The network packet that analysis obtains, obtains including source IP address, purpose IP address, source port, destination interface, the information of serial number, And with four-tuple 1: source IP address, source port, purpose IP address, destination interface and four-tuple 2: purpose IP address, destination interface, Source IP address, source port, indicate the both direction that TCP connects respectively, then by the application layer data of network packet according to sequence In the row number journal file that sequentially write is corresponding with TCP closure.

Preferably, described Table content includes mail ID, mail header, mail time, mail originator and Email attachment Number.

The foregoing is only the preferred embodiments of the present invention, be not limited to the present invention, for the skill of this area For art personnel, the present invention can have various modifications and variations.All within the spirit and principles in the present invention, that is made any repaiies Change, equivalent, improvement etc., should be included within the scope of the present invention.

Claims (3)

1. a multifunctional intellectual cell management system, is characterized in that, including public conference room gateway, residential building gateway, outdoor Communal facility gateway, cloud network, home server, cell management person's monitor supervision platform, detection device and execution device；Described detection Device detects public conference room, outdoor communal facility and the temperature in residential building passageway, light intensity, humidity and noise information respectively, and It is sent to home server respectively by public conference room gateway, outdoor communal facility gateway and residential building gateway, then by this locality Server is sent to cloud network and carries out data process and storage；Described cell management person's monitor supervision platform is connected with cloud network, is used for Above-mentioned information is monitored by manager, and is adjusted controlling to performing device according to the information obtained.

A kind of multifunctional intellectual cell management system the most according to claim 1, is characterized in that, described execution device includes Controllable light strong illumination device, air-conditioning and dehydrating unit.

A kind of multifunctional intellectual cell management system the most according to claim 2, is characterized in that, described detection device includes Light intensity induction apparatus, humidity sensor, temperature sensor, noise monitor.