CN114143058A - Data full-flow vulnerability acquisition method - Google Patents

Data full-flow vulnerability acquisition method Download PDF

Info

Publication number
CN114143058A
CN114143058A CN202111409419.9A CN202111409419A CN114143058A CN 114143058 A CN114143058 A CN 114143058A CN 202111409419 A CN202111409419 A CN 202111409419A CN 114143058 A CN114143058 A CN 114143058A
Authority
CN
China
Prior art keywords
data
analysis
network
flow
backtracking
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202111409419.9A
Other languages
Chinese (zh)
Inventor
赵慧奇
范芳
钟广源
杨明
武莹莹
张蓓
刘高源
张华杰
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Shandong University of Science and Technology
Original Assignee
Shandong University of Science and Technology
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Shandong University of Science and Technology filed Critical Shandong University of Science and Technology
Priority to CN202111409419.9A priority Critical patent/CN114143058A/en
Publication of CN114143058A publication Critical patent/CN114143058A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1433Vulnerability analysis
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/57Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
    • G06F21/577Assessing vulnerabilities and evaluating computer system security
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L47/00Traffic control in data switching networks
    • H04L47/10Flow control; Congestion control
    • H04L47/24Traffic characterised by specific attributes, e.g. priority or QoS
    • H04L47/2483Traffic characterised by specific attributes, e.g. priority or QoS involving identification of individual flows
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • H04L63/1425Traffic logging, e.g. anomaly detection

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Computing Systems (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Software Systems (AREA)
  • Theoretical Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The invention relates to a data full-flow vulnerability acquisition method, in particular to a method for locking vulnerabilities based on network full-flow backtracking analysis of a distributed architecture, which comprises the following steps: (1) capturing a network data packet (2), identifying, analyzing and restoring common protocols, (3) acquiring network full flow and analyzing historical data by backtracking, (4) performing data backtracking and data mining; the invention can realize omnibearing deep perspective analysis and backtracking on the network full flow, the analysis data is displayed to the data packet level at the bottom layer, the display time is accurate to microsecond level, various network information safety problems, APT Trojan penetration, hacker invasion, zombie remote control and the like can realize accurate analysis and rapid positioning, and the accurate locking of the loophole is realized.

Description

Data full-flow vulnerability acquisition method
Technical Field
The invention relates to the technical field of network space security, in particular to a data full-flow vulnerability acquisition method of a distributed architecture.
Background
The method is formally provided for making up for the defects of the domestic flow analysis technology, solves the problem of finding holes by full flow analysis, analyzes data to be displayed to a data packet level at the bottommost layer by performing omnibearing deep perspective analysis and backtracking on the network full flow, realizes accurate analysis and quick positioning on display time to a microsecond level, solves various network information safety problems, realizes APT Trojan penetration, hacker intrusion, zombie remote control and the like, and can change from passive to active, the method can break through monopoly of foreign mainstream manufacturers, get rid of dependence on foreign products, create full-flow analysis core technology innovation and product research and development of domestic independent intellectual property rights, and provide a brand-new management mode for network space safety work.
Disclosure of Invention
In order to overcome the shortcuts of the content, the invention provides a brand-new full-flow acquisition method and a network full-flow data storage technology and can meet the requirements of effective storage of network attacks and attack tracing vulnerabilities.
The full-flow vulnerability collecting method is characterized by comprising the following steps of: (1) capturing a network data packet (2), identifying, analyzing and restoring common protocols, (3) acquiring network full flow and analyzing historical data by backtracking, (4) performing data backtracking and data mining;
in step (1), network data packets are captured.
In the step (2), a protocol recognition engine is used for real-time recognition and analysis of original network traffic in full traffic analysis, the protocol analysis covers most of the main communication protocols of the L2-L7 layer, such as HTTP protocol, IGMP protocol, OSPF protocol, kerberos protocol or industrial control protocol, non-standard protocol, etc., which are common in the network, so that the protocols in the network are accurately decoded and counted, and a TRE protocol recognition filtering module is used for real-time filtering of low-value data in traffic, such as P2P, video, audio, live broadcast, etc., as required, and only high-value traffic is stored. The system provides eight types of metadata logs such as HTTP, DNS, mail logs, database logs, FTP logs, remote access logs, encrypted session logs and ICMP logs, and carries out comprehensive identification and audit on internet behaviors and intranet behaviors such as web access, mail, IM chat, file transmission, OA, database and the like which are common in the network.
In the step (3), a backtracking analysis server is adopted to carry out real-time acquisition and analysis on the original flow in the network and completely store the original flow; the analysis console is adopted to provide human-computer data interaction and is used for being connected with the analysis server to perform data display and backtracking analysis, and after the analysis console is successfully connected with the backtracking analysis server, various data analysis operations such as data mining, alarm analysis, abnormal communication analysis, backtracking analysis, data packet analysis and the like can be performed. The system can be simultaneously connected to a plurality of analysis servers through the console for remote centralized analysis.
In the step (4), network flow statistics is used to count various network indexes in a fixed time period, some available features in the statistical data are extracted, the original data packet is searched reversely according to the features to complete network data analysis, a log is generated by utilizing alarm and behavior analysis, and the original data packet is filtered and analyzed by taking IP and other information in the log as entry points. And completely backtracking any time through the original data packet, and positioning the time of a security event, a source IP, a destination IP, the cause of the event, the event passing and the influence caused by the event.
The positive progress effects of the invention are as follows:
the invention adopts an industry advanced autonomous intellectual property protocol recognition engine in the full flow analysis, and can realize 1500 network protocol recognition and more than 650 protocol fine field decoding.
At present, identification and decoding technologies aiming at common protocols such as HTTP, FTP, SMTP/POP3/IMAP4 and the like are realized, but aiming at network applications such as application software such as QQ, thunder, dog searching and the like, identification errors, omissions and the like can occur when an existing protocol identification engine is used for identifying the application software. The invention provides a new application identification engine which can accurately identify network application, integrates the flow label characteristics (address, port, zone bit and data packet length) and the flow load characteristics (content fingerprint, repetition relation and response relation), and can quickly and accurately identify the application to which the flow belongs.
The invention provides network basic data summary statistics and statistics of IP addresses, protocols, ports, countries and the like according to network data statistical analysis. The statistics are indexes summarized in the process of analyzing network problems for a long time, the indexes represent network flow information to a great extent, and network analysis is performed according to the information, so that vulnerability accurate locking can be achieved.
The invention provides a universal data access interface, the form of a development interface is supposed to adopt HTTP and HTTPS communication protocols, and the development interface supports exporting statistical data, original data packets, logs and other data and provides the statistical data, the original data packets, the logs and other data to other third-party application programs.
Description of the drawings:
FIG. 1 is a functional architecture diagram of a controller and server according to the present invention
FIG. 2 is a system architecture diagram of a controller and server according to the present invention
FIG. 3 is a flow chart of statistical analysis and body of network data according to the present invention
FIG. 4 is a core flow chart of the network data statistical analysis of the present invention
FIG. 5 is a flow chart of statistical recording and log query according to the present invention
FIG. 6 is a flow chart of a restful API interface implementation of the present invention
Detailed description of the invention
In order to make the objects, technical solutions and advantages of the present invention more apparent, the present invention is further described in detail below with reference to the accompanying drawings.
The invention provides a new application identification engine which can accurately identify network application, integrates the flow label characteristics (address, port, zone bit and data packet length) and the flow load characteristics (content fingerprint, repetition relation and response relation), and can quickly and accurately identify the application to which the flow belongs.
The application recognition engine includes three recognition modules: single packet identification, single stream identification, and multi-stream identification.
Figure BDA0003373715820000041
Single packet identification: the application of the current data packet is determined by one or more of the four attributes of port, TCP Flags, packet length and fingerprint.
Figure BDA0003373715820000042
Single-stream identification: the application of the current stream is determined by the repeated behavior of a series of feature packets within the same stream.
Figure BDA0003373715820000043
Multi-stream identification: the engine records the IP address port pair of other flows of known application obtained by an external analysis module (analyzing FTP flow or certificate flow) and can quickly search.
Through the network application recognition engine, common applications in a network can be quickly and accurately recognized, and communication parameters of the common applications can be counted and analyzed, wherein the communication parameters comprise communication time, duration, communication flow, communication content and the like, and specific fields can be extracted and filtered.
In addition, the method provides rapid decoding aiming at a specific protocol, supports single-thread decoding speed of more than 10wpps, is simple and easy to use in protocol text specification and supports protocol definition/filtering/output, and has high performance, expandability and stronger flexibility.
The protocol recognition engine provides the following capabilities:
1) support for identifying more than 1100 common protocols. The following protocol:
Figure BDA0003373715820000051
network base protocol: IP, TCP, IPV6, NTP, SCTP, STUN, TPTK;
Figure BDA0003373715820000052
e, mail protocol: SMTP, POP3, IMAP 4;
Figure BDA0003373715820000053
file transfer protocol: FTP, SFTP, NFS, RSYNC, SMB, SMBMAILSloPro, SMBPIPPro;
Figure BDA0003373715820000054
streaming media protocol: h323, SIP, H248, MGCP;
Figure BDA0003373715820000055
and (3) a tunnel encapsulation protocol: GRE, L2TP, PPTP, GTP, GTPV 2;
Figure BDA0003373715820000056
network user identity authentication protocol: RADIUS, Diameter, Kerberos, PAP, NTLM, TACACS, WPA/WPA2, WEP;
Figure BDA0003373715820000057
network password protocol: ISAKMP, ESP, AH, SSL/TLS, SSH, OCSP, X509Cer, etc.
2) Flow identification: the protocol in one flow is identified in units of flows.
3) Single packet identification: the identification is performed in units of packets, and each packet is identified.
As shown in fig. 1, the invention adopts a backtracking analysis server to perform real-time acquisition and analysis on network original traffic and completely store the original traffic; the analysis control console is mainly used for providing man-machine data interaction and is used for being connected with the analysis server to perform data display and backtracking analysis, when the analysis control console is successfully connected with the backtracking analysis server, various data analysis operations such as data mining, alarm analysis, abnormal communication analysis, backtracking analysis and data packet analysis can be performed, and the analysis control console can be simultaneously connected to a plurality of analysis servers to perform remote centralized analysis.
As shown in fig. 2, the analysis console supports one-to-many concurrent connection with the analysis server, that is, one analysis console can manage and analyze data of multiple analysis servers simultaneously, so as to facilitate unified management and analysis.
The data processing flow of the analysis server is as follows:
1) data acquisition: collecting original network flow in real time;
2) data packet preprocessing: sorting, copying, identifying and shunting;
3) and (3) multi-thread network analysis: data analysis, statistics and advanced analysis;
4) data storage: data packets, statistics, behavior logs, alarm logs.
Summary of the operating principle of the analysis console:
1) the analysis console firstly establishes connection with a server;
2) the console initiates a query;
3) the server checks the validity of inquiry, such as login authority, parameter conditions, time range and the like;
4) the server executes the query and returns data;
5) and the console receives and processes the return data.
As shown in fig. 3, the present invention uses statistical analysis of network data based on summary statistics of network basic data and statistics of IP addresses, protocols, ports, countries, etc. These statistics are indicators summarized in the process of analyzing network problems for a long time, and these indicators largely characterize the information of network traffic, and are analyzed according to the information.
Figure BDA0003373715820000071
Long time storage of statistical results
The data volume of the statistical data is smaller than that of the data packet, and the value of the statistical data is larger than that of the data packet itself in most cases, and the statistical data can play a decisive role in forensic analysis, so that the time length in months needs to be preserved.
Figure BDA0003373715820000072
Key IP address is configurable
A list of highlight IP addresses can be customized, with the IP addresses in the list being stored separately in a highlight IP table.
Figure BDA0003373715820000073
Custom application configurable
The user can input the combination of IP address, TCP/UDP port, IP address group and address segment, port group or range and various conditions in the self-definition according to the requirement, the system carries out the combination matching according to the conditions and counts the identified result into the application statistical table.
Figure BDA0003373715820000074
Summary statistics table
And providing total flow, network access flow, network outlet flow, total data packets, network access data packets, network outlet data packets, total data packet peak values, blocking summary statistics, alarm summary statistics and the like.
Figure BDA0003373715820000075
Protocol statistics
And statistics such as communication flow, data packets, load flow, TCP synchronous packets and the like of the protocol are provided.
Figure BDA0003373715820000076
Port statistics
And providing statistics of communication flow, data packets, load flow, TCP synchronous packets and the like of the co-port.
Figure BDA0003373715820000081
National statistics
Statistics such as communication flow, total data packets, sending flow, receiving flow, sending data packets, receiving data packets and the like are provided according to the statistics of the country.
Figure BDA0003373715820000082
IP address statistics
And providing statistics of communication flow, address position, affiliated country, total flow, total data packet, sending flow, receiving flow, sending data packet, receiving data packet, flow transceiving ratio and the like of the IP address.
Figure BDA0003373715820000083
Key IP address analysis
And providing customized adding of key IP addresses and performing communication statistics of the IP.
Figure BDA0003373715820000084
Applying statistical analysis
The application is identified and displayed through self-defined conditions of the self-defined application, such as ports, IP and the like, or an application list provided by a system.
Figure BDA0003373715820000085
IP session statistics
And statistics such as communication end points, countries, total traffic, total data packets, end point 1 sending traffic, end point 2 sending traffic and the like of the IP session are provided.
Figure BDA0003373715820000086
TCP session statistics
Statistics are provided for client IP address, client geographic location, client country, server IP address, server geographic location, server country, total traffic, traffic per second, client traffic, server traffic, etc.
Figure BDA0003373715820000087
UDP session statistics
Statistics are provided for node 1IP address, node 1 geographical location, node 1 country, node 2IP address, node 2 geographical location, node 2 country, total traffic, traffic per second, total packets, etc.
Figure BDA0003373715820000091
Alarm log statistics
Providing an alarm name, time of trigger, alarm level, alarm type, trigger IP address, port, target IP address, etc.
Figure BDA0003373715820000092
Behavior log statistics
Providing log output statistics of the triggered behavioral model.
Figure BDA0003373715820000093
Other metadata Log statistics
Statistics of various application logs such as DNS, HTTP, SSL, etc.
Figure BDA0003373715820000094
Exporting
When the related statistical data is too much and various statistical data needs to be analyzed, the statistical data needs to be locally managed, the survival csv format is derived from the data in the list, and the text is directly written so as to realize the segmentation.
As shown in fig. 4, the present invention provides rich data type analysis, such as statistical recording and storage analysis of data of alarm log, abnormal communication behavior, IP session, TCP session, etc.
Figure BDA0003373715820000095
Digging
As shown in fig. 5, the conventional packet traffic identification and analysis technique only analyzes "5 Tuples", i.e., "five-tuple" information in the packet header, including the source address, the destination address, the source port, the destination port, and the protocol type. Various statistical tables support the filtering of the reserved fields, for example, a table containing the five-tuple field can be filtered through the standard five-tuple filtering condition, so as to achieve the goal of data mining.
As shown in fig. 6, the invention is implemented by HTTPS using Restful, a third party does not need to log and authenticate, an HTTPS encryption mode is used for each request, and each request corresponds to a unique resource identifier. The interface belongs to short connection, and each request is a new session. At present, two types of access, namely GET and POST, are supported. The definition of URL needs to be standardized and unified, and the practicality needs to be strong, and is convenient easy-to-use. The shapes such as: the method comprises the following steps of http:// tsaverr, port/colisoft/tsa/{ client _ name }/apinamine/{ param }, wherein the client name can be configured according to actual conditions, the apine defines a specific data acquisition type, and the param fills in necessary request parameters, so that unified management is facilitated.
And the third party initiates a request according to the specified URL, the published apinamine and the param parameters required by the apinamine, and after the system receives the request, the system processes the request, returns the data or error information of the request and finishes the request.

Claims (5)

1. A data full-flow vulnerability collecting method is characterized by sequentially comprising the following steps:
(1) capturing network data packets
(2) Identifying, parsing and content restoration for common protocols
(3) Network full flow collection and historical data backtracking analysis
(4) Data backtracking and data mining.
2. The full-traffic data acquisition vulnerability method according to claim 1, characterized by: and (2) aiming at communication protocols commonly used in the network, such as HTTP, FTP, Telnet, SMTP/POP3 and the like, a rapid protocol recognition engine CSTRE is adopted to rapidly recognize and count the commonly used protocols, and reduction analysis is carried out on the transmission content of the commonly used protocols. For example, for HTTP communication, information about the file type (picture file, document file, compressed file, etc.), URL, file size, duration, etc. of the communication transmission may be extracted. Meanwhile, fast decoding of the protocol is supported and the decoding field can be flexibly extended.
3. The full-traffic data vulnerability gathering method according to claim 1 or 2, characterized by: and (3) adopting a backtracking analysis server to collect and analyze the original network in real time and completely store the original flow. Meanwhile, a communication interface is provided to transmit data with the control platform, an analysis console is adopted to provide man-machine data interaction, and the analysis console is connected with an analysis server to display and backtrack analysis of the data. The backtracking analysis server and the analysis console adopt a C/S technical architecture, the analysis server responds to the analysis console commands in real time and returns response data in time, and when a specified target network needs to be detected and analyzed, the analysis console can be connected to the server for remote data viewing and safety event analysis.
4. The full-traffic data vulnerability gathering method according to claim 2 or 3, characterized by: in the step (4), network flow statistics is used to count various network indexes in a fixed time period, backtracking analysis of any network object is supported, complete backtracking of any time through an original data packet is supported, and the time of a security event, a source IP, a destination IP, an event cause, an event pass and the influence caused by the event are positioned.
5. The full-traffic data vulnerability gathering method according to claim 2 or 3, characterized by: in the step (4), the data analysis time precision is nanosecond level, and the retrieval, mining and extraction of the flow data are carried out in various time windows of minutes, hours, days and the like.
CN202111409419.9A 2021-11-25 2021-11-25 Data full-flow vulnerability acquisition method Pending CN114143058A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202111409419.9A CN114143058A (en) 2021-11-25 2021-11-25 Data full-flow vulnerability acquisition method

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202111409419.9A CN114143058A (en) 2021-11-25 2021-11-25 Data full-flow vulnerability acquisition method

Publications (1)

Publication Number Publication Date
CN114143058A true CN114143058A (en) 2022-03-04

Family

ID=80391503

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202111409419.9A Pending CN114143058A (en) 2021-11-25 2021-11-25 Data full-flow vulnerability acquisition method

Country Status (1)

Country Link
CN (1) CN114143058A (en)

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20100031358A1 (en) * 2008-02-04 2010-02-04 Deutsche Telekom Ag System that provides early detection, alert, and response to electronic threats
CN108418758A (en) * 2018-01-05 2018-08-17 网宿科技股份有限公司 A kind of list packet recognition methods and flow bootstrap technique
CN110535855A (en) * 2019-08-28 2019-12-03 北京安御道合科技有限公司 A kind of network event method for monitoring and analyzing and system, information data processing terminal
CN111277570A (en) * 2020-01-10 2020-06-12 中电长城网际系统应用有限公司 Data security monitoring method and device, electronic equipment and readable medium
CN111866102A (en) * 2020-07-08 2020-10-30 张肇宁 Network IP address traceability system

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20100031358A1 (en) * 2008-02-04 2010-02-04 Deutsche Telekom Ag System that provides early detection, alert, and response to electronic threats
CN108418758A (en) * 2018-01-05 2018-08-17 网宿科技股份有限公司 A kind of list packet recognition methods and flow bootstrap technique
CN110535855A (en) * 2019-08-28 2019-12-03 北京安御道合科技有限公司 A kind of network event method for monitoring and analyzing and system, information data processing terminal
CN111277570A (en) * 2020-01-10 2020-06-12 中电长城网际系统应用有限公司 Data security monitoring method and device, electronic equipment and readable medium
CN111866102A (en) * 2020-07-08 2020-10-30 张肇宁 Network IP address traceability system

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
叶水勇;: "基于回溯技术的全景信息安全防护探究", 电力信息与通信技术, no. 07, pages 38 - 43 *

Similar Documents

Publication Publication Date Title
CN101924757B (en) Method and system for reviewing Botnet
CN111277587A (en) Malicious encrypted traffic detection method and system based on behavior analysis
US20160191549A1 (en) Rich metadata-based network security monitoring and analysis
US10547674B2 (en) Methods and systems for network flow analysis
CN103795709A (en) Network security detection method and system
US20070248084A1 (en) Symmetric connection detection
US9479523B2 (en) System and method for automated configuration of intrusion detection systems
US10116538B2 (en) Attributing network address translation device processed traffic to individual hosts
US11711398B2 (en) Distributed network security service
Ren et al. Distributed agent-based real time network intrusion forensics system architecture design
Kaushik et al. Network forensic system for ICMP attacks
CN110636076A (en) Host attack detection method and system
CN114338600A (en) Equipment fingerprint selection method and device, electronic equipment and medium
Zou et al. A flow classifier with tamper-resistant features and an evaluation of its portability to new domains
Buric et al. Challenges in network forensics
CN114143058A (en) Data full-flow vulnerability acquisition method
CN111343008B (en) Comprehensive measurement method and system for discovering IPv6 accelerated deployment state
Gezer et al. Exploitation of ICMP time exceeded packets for a large-scale router delay analysis.
CN114301802A (en) Confidential evaluation detection method and device and electronic equipment
Mukti et al. Integration of Low Interaction Honeypot and ELK Stack as Attack Detection Systems on Servers
Pelaez et al. VoIP network forensic patterns
Da-Yu et al. Extracting Suspicious IP Addresses from WhatsApp Network Traffic in Cybercrime Investigations
Preda et al. Internet of Things Traffic Characterization using flow and packet analysis
Al-Haj Baddar et al. Generating statistical insights into network behavior using SKETURE
Drago et al. Report of the third workshop on the usage of netflow/ipfix in network management

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination