| Since the Tunis World Summit on the Information Society(WSIS) formally proposed the concept of Internet of Things(IOT) for the first time in 2005, embedded devices grows rapidly. They extend the network functionalities to their respective systems and realize automation and intelligent. However, these embedded nodes also bring many network intrusion points to the enterprises. The most serious is that the incremental value of intelligent networking equipment products are considered very low, so few manufacturers will take costs to ensure the safety. Such as Vo IP conference phones, microphones and other wearable devices. They may switch on to record sensitive information without being detected when get into the enterprise network.In order to alleviate the embedded network security risks, in addition to the safety design of the device itself, but can also deploy nodes in the network to analyze security trends. In this way, network managers will make faster decisions.The object of this study is the data collection and analysis in embedded network environment. Data is the basis, and what kind of data is the urgent problem. Because of the environment diversification, the difference between the data is relatively large. For general network data flow, we mainly collect SNMP and NetFlow traffic analysis and analyze topology. In addition, log files are important but have a deep dependent on the platform, so we do not discuss it in this paper. For the specific network data, we also design an agent framework for many kinds of communication protocols to transplant between different embedded platforms and load different data collection policy modules according to the respective environment. Task agent provides powerful features and good portability, but its internal functions are not complex. It supports different embedded network environment by the rich loaded/unloaded modules.This paper will also discuss network performance, storage processing capacity and many non-functional properties like portability, maintainability, reliability and timeliness. Regional monitoring software aggregates, processes and stores a variety of collected data. It also executes the anomaly detection, topology discovery and other tasks. Here we use the hierarchical and modular design methods to facilitate the completion of the replacement of old functions by new as far as possible in the transplant work to adapt to different application scenarios and process data in a variety of formats. In addition, it should reduce the coupling degree between the task agent and the regional monitoring software.At last, we will test a variety of functional features and non-functional properties to reflect the rationality, stability and adaptability of the whole structure design. Although the achievement is just a nascent presentation, the ideas and design in it and recommendations mentioned but not yet implemented will have significance for the future development and enrichment. |
PDF Full Text Request