基于多Agent模型的网络协同探测系统  

作　　者：刘妍蕾[1] 李勇[1] 韩俊飞[1] 王鹏[1] 王蓓[1] LIU Yanlei;LI Yong;HAN Junfei;WANG Peng;WANG Bei(Institute of Information and Communication Technology,Inner Mongolia Electric Power Research Institute,Hohhot 010020,Inner Mongolia,China)

机构地区：[1]内蒙古电力科学研究院信息通信技术研究所,内蒙古呼和浩特010020

出　　处：《沈阳工业大学学报》2025年第2期265-272,共8页Journal of Shenyang University of Technology

基　　金：国家自然科学基金项目(51577028);内蒙古电力(集团)有限责任公司科技项目(内电科信〔2020〕29号)。

摘　　要：【目的】在网络技术迅猛发展的背景下,传统网络探测技术因效率和准确性不高,难以适应复杂的网络管理需求。尤其在电力通信网中,网络流量、结构和负载的统计与管理变得复杂,导致网络安全事件发生时,网络管理技术人员难以迅速提出有效的补救方案,影响互联网服务质量和社会秩序。因此,提出了基于多Agent模型的网络协同探测系统,旨在提高网络探测的效率和准确性。【方法】通过综合使用主动和被动探测的网络拓扑算法,并集成多种Agent和动态决策机制,显著提升了网络探测的效率和准确性。主动式探测技术利用Traceroute算法发现网络中的活动设备和开放端口,而被动式探测技术根据SNMP等协议收集网络流量中的详细信息,两者结合获得更完整的网络资产视图。设计了融合主动式与被动式网络探测技术的模块部署与技术架构,并建立了分布式探测系统组织结构。【结果】仿真实验与分析结果表明,在相同测试环境和流程下,与单一的被动式和主动式网络探测系统相比,网络协同探测系统在耗时较少的情况下,具有更强的通信性能和更短的探测时间。【结论】网络协同探测系统在仿真实验中展现出优越的通信性能和探测效率,能够在短时间内探知到更多的主机,且数据流量更大,覆盖范围更广,进一步验证了该系统的可行性和有效性。实际测试中,在包含多种操作系统的复杂网络环境下,基于多Agent模型的网络协同探测系统探知到的主机数量最多,且能够明确主机操作系统的组成。该系统不仅提高了网络探测的效率和准确性,而且对实时性要求较高的应用场景具有重要意义,有助于提升网络管理的响应速度和处理能力,对网络安全和优化具有重要的理论和实践价值。对于能够满足广泛工程需求的网络协同探测系统而言,其理论机理及探测时间仍然存在一定�[Objective]In the context of rapidly advancing network technology,due to the insufficient efficiency and accuracy,traditional network detection techniques struggle to meet the complex demands of network management.Particularly in power communication networks,the statistics and management of network traffic,structure,and load become intricate,which makes it difficult for network management technicians to quickly propose effective remedial measures when cyber security events occur.This affects the quality of Internet services and the stability of social order.Therefore,a network cooperative detection system based on a multi-Agent model was proposed to enhance the efficiency and accuracy of network detection.[Methods]The efficiency and accuracy of network detection were significantly improved by integrating active and passive detection functions into a network topology algorithm and incorporating various agents and dynamic decision-making mechanisms.The active detection technology used the Traceroute algorithm to discover active devices and open ports in the network,while the passive detection technology collected detailed information from network traffic in line with protocols such as simple network management protocol(SNMP).A more comprehensive view of network assets was obtained by the combination of the two.In the specific research,a module deployment and technical architecture that integrated active and passive network detection technologies was designed,and an organizational structure of the distributed detection system was established.[Results]Simulation experiments and analysis show that under the same testing environment and process,compared to single passive and active network detection systems,the network cooperative detection system has stronger communication performance and shorter detection time while consuming less time.[Conclusion]In summary,the network cooperative detection system demonstrates superior communication performance and detection efficiency in simulation experiments,capable of detecting

关 键 词：网络探测 多AGENT模型 拓扑信息 决策算法 简单网络管理协议 地址解析协议 通信机制 

分 类 号：TM73[电气工程—电力系统及自动化]