CN101557324A - Real-time visual detection method for DDoS attack - Google Patents
Real-time visual detection method for DDoS attack Download PDFInfo
- Publication number
- CN101557324A CN101557324A CNA200810154205XA CN200810154205A CN101557324A CN 101557324 A CN101557324 A CN 101557324A CN A200810154205X A CNA200810154205X A CN A200810154205XA CN 200810154205 A CN200810154205 A CN 200810154205A CN 101557324 A CN101557324 A CN 101557324A
- Authority
- CN
- China
- Prior art keywords
- bounding box
- octree
- node
- scene
- address
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Landscapes
- Computer And Data Communications (AREA)
Abstract
The invention belongs to the technical field of computer network safety and relates to a real-time visual detection method for DDoS attack. The method comprises the following steps: extracting a source IP address, a destination IP address, a destination port number from raw data, and taking time for receiving a datagram as four dimensions of a visual model; establishing a display model, standardizing the data and transferring the data into a same value domain; establishing a bounding box in a 3D scene for each network datum, and organizing all elements in the scene by a scene graph; setting a space size of the octree bounding box, establishing and generating an octree structure of the scene; displaying adding and deletion of particle nodes in the scene, and rendering and displaying the nodes in a frustum by a GPU; and detecting whether DDoS attack occurs by an interactive operation. The method provides multi-view, multi-angle and a plurality of interactive performances, thus greatly increasing possibility that a network manager detects network attack.
Description
Technical field
The invention belongs to the visual field of network security.A kind of real-time visual detection method is provided.
Background technology
DDoS is a kind of Denial of Service attack of the special shape based on DoS.It is the attack in force mode of a kind of distribution, cooperation.Main target is bigger website, as the website of enterprise web site, search engine and government department.Basic DoS attack is as long as the unit that can connect Internet just can realize that ddos attack then is to utilize a collection of controlled machines to launch a offensive to a machine, has bigger destructiveness.
The information visualization technology is on the basis of present information processing platform, according to the needs of user to information, utilize the suitable various information of visual symbolic representation and the relation of information inside and outside, make people more convenient, promptly carry out alternately with information source, find to be hidden in all kinds of knowledge in the information.The diversity of the kind difference of information, the complexity of information application and user's different demands causes people to research and develop the different visualization technique of a large amount of forms.
The multivariate data of network security visual higher-dimension, non-structureization often to be processed, these data have characteristics such as scale is big, nonumeric type simultaneously; On the incidence relation of data, be faced with and concern difficulties such as implicitization, time dependence is strong, type is many; Aspect drafting, there is not unified display model yet.In the network safety information visualization technique, obtained initial achievements, at first, aspect display mode and method for drafting, proposed to utilize scatter diagram (Scatterplot), color map (Color Map), pel (Glyphs), parallel axes coordinate (Parallel Coordinate), self-organizing mapping modes such as (Self-Organizing Maps) to carry out the analysis and the warning of network and system monitoring, abnormality detection, invasive discovery, pattern.But in the tool model of in the past research and development, in the visual model of network security, the generation of image does not use GPU to quicken, therefore formation speed is slow, and take a large amount of CPU times, make the system model reflection slowly, produce very big influence for real-time network safety system.
Summary of the invention
In view of this, the objective of the invention is to overcome the above-mentioned deficiency of prior art, a kind of real-time visual detection method is provided, this kind detection method, utilize GPU to quicken visualization processing, can offloading the CPU, can analyze efficiently and the display network data, thereby make the user can find ddos attack existing main frame scanning in early stage, TCP and ongoing ddos attack.The present invention adopts following technical scheme:
The detection method that a kind of DDos of data visualization Network Based attacks comprises the following steps:
The first step: from initial data, extract source IP address, purpose IP address, the destination slogan, the datagram time of reception is as the four dimensions of Visualization Model;
Second step: create display model, source IP address is mapped to the x axle, purpose IP map addresses is to the z axle, the destination slogan is mapped to the y axle, and three data are carried out standardization, be transformed in the same codomain, for each network data, in three-dimensional scenic, create a bounding box, utilize scene graph to come all elements in the organizing scenario;
The 3rd step: the space size of octree bounding box is set, sets up and generate the octree structure of this scene;
The 4th step: utilize octree structure,, carry out the interpolation that scene shows the particle node, reject, and utilize GPU that the node that is in the frustum is played up demonstration by the crossing check of frustum and bounding box;
The 5th step: detect whether be subjected to ddos attack by interactive operation.
As preferred implementation, the real-time visual detection method at ddos attack of the present invention, in second step wherein, carry out following standardization to three data:
The computing formula of source IP address corresponding position on the x axle: sIP.val/sIP.maxval*lengthX, wherein, the decimal system numerical value that sIP.val converts to for the source IP address that will show; SIP.maxval is the numerical value after 32 IP convert the decimal system to,, converts 255.255.255.255 to numerical value behind the decimal system: 2^32-1 that is; LengthX is the X-axis length of scene;
The computing formula of destination slogan corresponding position on the y axle: dPort.val/dPort.maxval*lengthY, wherein, dPort.val is current port numbers, dPort.maxval is maximum port numbers, promptly 65535, lengthY: the Y-axis length of scene;
The computing formula of corresponding position on the x axle, purpose IP address: dIp.val/dIp.maxval*lengthZ, wherein, the decimal system numerical value that dIP.val becomes for the purpose IP address transition that will show, dIP.maxval is the numerical value after 32 IP convert the decimal system to, be about to the numerical value after 255.255.255.255 converts the decimal system to: 2^32-1, lengthZ are the X-axis length of scene.
Follow these steps to scene is inquired about:
(4), obtain the bounding box of this tree, and itself and inquiry are intersected calculating with bounding box from the Octree root;
(5) if the inquiry bounding box comprises the bounding box of this tree fully, then recurrence is added the scenario node that subtree comprised to the Query Result tabulation to all subtrees;
(6) if bounding box partly intersects the bounding box of this tree, then each subtree of this tree is carried out recurrence and judge.
Follow these steps to add the node of Octree:
(1) obtains the bounding box of the node that will be added into scene;
(2), obtain the bounding box of this tree from the Octree root;
(3) whether the bounding box size of judging this Octree is the twice of the bounding box size of the node that will add;
(4) if more than octree bounding box size the twice for the node bounding box size that will add, then the center according to which and this node in eight subtrees of this Octree of position calculation of the node that will add comprises mutually, and this algorithm of recursive call inserts this stalk with node and sets; Otherwise the Octree of this Octree for suitable this node size is described, thereby articulates this node on this Octree;
In described the 4th step, follow these steps to carry out:
(1) obtains the frustum of video camera;
(2) obtain the bounding box of Octree subtree;
(3) frustum and bounding box are intersected check;
(4) if intersect, obtain the Octree scenario node that is articulated under this Octree subtree, bounding box and the frustum to each node intersects check respectively, if intersect, adds and plays up formation;
(5) eight these algorithms of child nodes difference recursive call setting for this eight fork;
(6) utilize GPU that the node that is in the frustum is played up.
Compared with prior art, the present invention has following beneficial effect:
1, higher real-time.The GPU that the display model of detection method of the present invention institute foundation adopts is hardware-accelerated, and better balanced load has utilized concurrency between CPU and the GPU and GPU to floating data, and the high efficiency that vector calculates has obtained better display effect in real time.
2, detect ddos attack validity.The nonterminal character of ddos attack---TCP, main frame scanning and ddos attack feature can both show tangible geometric properties in the computer software of display model according to the present invention and detection method foundation.And under the great situation of data volume, the accelerating engine of 3D efficiently that this system had also can very smooth demonstration.This has fully proved validity and the practicality of computer software of the present invention in the ddos attack context of detection, for further defending DDoS (Distributed Denial of Service) attacks provides favourable clue.
3, system interactive is good.The network manager can rotate the visual angle with mouse, and the convergent-divergent visual angle is convenient to comprehensively careful observation of data.And this computer software adds Visualization Model to the time as fourth dimension, allowing the network manager to control in the current Visualization Model data presented by the method that drags slider bar screens data, be convenient to the potential regularity of network attack is attacked, periodically attack and find prevention.This computer software can also carry out the face inquiry at three dimensions, and the network manager can browse whole purpose IP section in the mode that drags slider bar, source IP section or destination interface section.
Description of drawings
Fig. 1 utilizes system model to detect the flow process of ddos attack;
Fig. 2 is an Octree scene management design sketch;
Fig. 3 is the interface that computer software of the present invention carries out scan for inquiries;
Fig. 4 is the interface that computer software of the present invention carries out the data read screening and filtering;
Fig. 5 is the display effect figure of TCP in computer software of the present invention;
Fig. 6 is main frame scanning and the display effect figure of TCP in computer software of the present invention;
Fig. 7 is two kinds of different ddos attacks display effect figure in computer software of the present invention.
Embodiment
The present invention proposes a kind of network security visualization display model and DDos attack detection method that quickens based on GPU.The inventor shows and detection method according to this kind, has set up a cover computer software, utilizes this system, and the phase-split network data are found ddos attack existing main frame scanning in early stage, TCP and ongoing ddos attack efficiently.The display model of computer software of the present invention adopts the XNA software kit based on DirectX bottom 3D accelerating interface.Be example with the computer software below, the present invention is described in detail.
The first step, network data obtain and show
(1) acquisition of network data
From initial data, extract source IP address, purpose IP address, the destination slogan, the datagram time of reception is as the four dimensions of Visualization Model.Is the IP address transition that the decimal system does not have the symbol shaping and counts uint, the time is converted to system's ticktock number and data are sorted.Create the operable abstract data type Particle of display model, source IP is mapped to the x axle, purpose IP is mapped to the z axle, and destination interface is mapped to the y axle, and three data are carried out standardization, is transformed in the same codomain.For each data, create a bounding box at three dimensions, be convenient in octree image scene management device, create node.
Standardized means is as follows:
The computing formula of source IP address corresponding position on the x axle: sIP.val/sIP.maxval*lengthX, wherein, the decimal system numerical value that sIP.val converts to for the source IP address that will show; SIP.maxval is the numerical value after 32 IP convert the decimal system to,, converts 255.255.255.255 to numerical value behind the decimal system: 2^32-1 that is; LengthX is the X-axis length of scene;
The computing formula of destination slogan corresponding position on the y axle: dPort.val/dPort.maxval*lengthY, wherein, dPort.val is current port numbers, dPort.maxval is maximum port numbers, promptly 65535, lengthY: the Y-axis length of scene;
The computing formula of corresponding position on the x axle, purpose IP address: dIp.val/dIp.maxval*lengthZ, wherein, the decimal system numerical value that dIP.val becomes for the purpose IP address transition that will show, dIP.maxval is the numerical value after 32 IP convert the decimal system to, be about to the numerical value after 255.255.255.255 converts the decimal system to: 2^32-1, lengthZ are the X-axis length of scene.
(2) display model of network data
Computer software of the present invention has adopted hardware-accelerated on showing, utilizes the high performance graphics display card to handle the demonstration of variety of network data.Traditional Visualization Model, reading of all data, handle, show all to be put on the CPU and carry out the burden of the CPU of increase, visual real-time is had a greatly reduced quality, that adopts on display model is hardware-accelerated, and better balanced load has utilized concurrency between CPU and the GPU and GPU to floating data, the high efficiency that vector calculates has obtained better display effect.The foundation of this display model comprises the following steps:
1) definition data structure
2) generate scene framework---cube
3) meaning of mark interface reference axis and corresponding last dividing value
4) color---color of black and the scene background---blueness of definition particle node
5) to operation---the scaling of the scene of system, rotation, node is mutual
6) be created on dialog box under the various sights, and function button in the dialog box
Computing on the GPU comprises the following aspects:
1. the playing up of node in the scene.Operation is rejected in the interpolation of node in the scene.By the initial value of CPU preparation data to be displayed, deliver to then and carry out standardized calculation among the GPU, and have GPU that node is played up demonstration.
2. the scene figure plays up.The scaling of scene, the rotation transformation operation.The observation viewpoint is fixed and can smoothly be moved on the sphere of the given radius of distance viewpoint, is convenient at obstructed angular observation object.It is the radius of sphere that video camera can change with the distance of viewpoint, is convenient to closely observe local data.Physical characteristic has been adopted in the stretching of distance, makes video camera carry out level and smooth displacement.
(3) the scene management principle of Octree
Computer software of the present invention, the display model that is adopted have used Octree scene management device that each particle is managed, the data that the video data of energy high speed and extraction user at a high speed need when being convenient to user interactions.
(a) scene is added arthmetic statement
1). obtain the bounding box (Axis Align Bounding Box) of the node that will be added into the scene management device
2). from the Octree root, obtain the bounding box (Axis Align Bounding Box) of this tree
3). whether the bounding box size of judging this Octree is the twice of the bounding box size of the node that will add
4) if. more than octree bounding box size the twice for the node bounding box size that will add, then the center according to which and this node in eight subtrees of this Octree of position calculation of the node that will add comprises mutually, and this algorithm of recursive call inserts this stalk with node and sets
5). otherwise the Octree of this Octree for suitable this node size is described, thus articulate this node on this Octree.
(b) scenario queries arthmetic statement
1). from the Octree root, the bounding box (Axis Align Bounding Box) and the inquiry of obtaining this tree are intersected calculating with bounding box
2) if. the inquiry bounding box comprises the bounding box of this tree fully, and then recurrence is added the scenario node that subtree comprised to the Query Result tabulation to all subtrees
3) if. bounding box partly intersects the bounding box of this tree, then each subtree of this tree is carried out recurrence and judges.
(c) the rejecting arthmetic statement of scene
1). obtain the frustum (Frustum) of video camera-be visual scope enclosure body.
2). obtain the bounding box (Axis Align Bounding Box) of Octree subtree
3). frustum and bounding box are intersected check
4) if. intersect, obtain the Octree scenario node that is articulated under this Octree subtree, bounding box and the frustum to each node intersects check respectively, if crossing, formation is played up in adding
5). for eight these algorithms of child nodes difference recursive call of this eight forks tree.
In second step, detect ddos attack by interactive operation
(a) point of each black is a network data in the window, according to its source IP address (x axle), purpose IP address (z axle), destination interface (y axle) is located each data in three-dimensional position.Form by three faces and three reference axis in the main window, each reference axis is marked by the Label in the UI storehouse that ProjectGaia provides, and allow the user to drag slider bar three dimensions is carried out the face inquiry, inquiry face shows that in visual main window what Query Result was real-time is presented in the data scanning window.By this scan for inquiries function, the network manager can better find assault in conjunction with Visualization Model and data query;
(b) data filter instrument, the network manager can drag slider bar the data that are presented in the Visualization Model are carried out screening and filtering.The zero-time of the set point value representative data of vertical slider bar, the set point value of parallel slider bar are represented the time interval that begins from zero-time.The network manager can find certain network event of periodic network attack or certain period by this data filter function;
(c) the native system model also has rotation and zoom function, by rotation three-dimensional bags confining space, is convenient to the observation of network manager to the video data model, better judges attack mode.
System model is to the detection effect of DDoS
As shown in Figure 5, computer software of the present invention can be easy to detect one of the nonterminal character TCP of ddos attack.TCP normally main frame connects entirely each port of destination host or half connects scanning.We are as can be seen from figure, the inquiry scan function that provides by computer software of the present invention, we move to scan box among the figure on clearly that line segment, found from main frame 222.30.24.26 from port 0 to the highest 65535 pairs of scannings that IP is the 202.113.12.9 main frame.
As shown in Figure 6, computer software of the present invention found to stem from IP be the main frame of 222.30.24.26 to entire I P network segment main frame at 25 ports, i.e. the main frame of ftp server port scanning.We use the inquiry scan function of computer software of the present invention, have promptly found this attack by the location source IP address.
As shown in Figure 7, computer software of the present invention can help the network manager to find the pattern of ddos attack.In first kind of ddos attack, purpose IP be the main frame of 123.191.88.193 be subjected to the source IP address that comes from each forgery at about 0 to 2000 the ddos attack in well known port space.An other line segment that is parallel to purpose IP axle then is to be 202.113.12.9 at purpose IP fully, and destination interface is the ddos attack of 25 FTP service.
Claims (5)
1. the real-time visual detection method at ddos attack comprises the following steps:
The first step: from initial data, extract source IP address, purpose IP address, the destination slogan, the datagram time of reception is as the four dimensions of Visualization Model;
Second step: create display model, source IP address is mapped to the x axle, purpose IP map addresses is to the z axle, the destination slogan is mapped to the y axle, and three data are carried out standardization, be transformed in the same codomain, for each network data, in three-dimensional scenic, create a bounding box, utilize scene graph to come all elements in the organizing scenario;
The 3rd step: the space size of octree bounding box is set, sets up and generate the octree structure of this scene;
The 4th step: utilize octree structure,, carry out the interpolation that scene shows the particle node, reject, and utilize GPU that the node that is in the frustum is played up demonstration by the crossing check of frustum and bounding box;
The 5th step: detect whether be subjected to ddos attack by interactive operation.
2. the real-time visual detection method at ddos attack according to claim 1 is characterized in that, in second step wherein, three data is carried out following standardization:
The computing formula of source IP address corresponding position on the x axle: sIP.val/sIP.maxval*lengthX, wherein, the decimal system numerical value that sIP.val converts to for the source IP address that will show; SIP.maxval is the numerical value after 32 IP convert the decimal system to,, converts 255.255.255.255 to numerical value behind the decimal system: 2^32-1 that is; LengthX is the X-axis length of scene;
The computing formula of destination slogan corresponding position on the y axle: dPort.val/dPort.maxval*lengthY, wherein, dPort.val is current port numbers, dPort.maxval is maximum port numbers, promptly 65535, lengthY: the Y-axis length of scene;
The computing formula of corresponding position on the x axle, purpose IP address: dIp.val/dIp.maxval*lengthZ, wherein, the decimal system numerical value that dIP.val becomes for the purpose IP address transition that will show, dIP.maxval is the numerical value after 32 IP convert the decimal system to, be about to the numerical value after 255.255.255.255 converts the decimal system to: 2^32-1, lengthZ are the X-axis length of scene.
3. the real-time visual detection method at ddos attack according to claim 1 is characterized in that, follows these steps to scene is inquired about:
(1), obtains the bounding box of this tree, and itself and inquiry are intersected calculating with bounding box from the Octree root;
(2) if the inquiry bounding box comprises the bounding box of this tree fully, then recurrence is added the scenario node that subtree comprised to the Query Result tabulation to all subtrees;
(3) if bounding box partly intersects the bounding box of this tree, then each subtree of this tree is carried out recurrence and judge.
4. the real-time visual detection method at ddos attack according to claim 1 is characterized in that, follows these steps to add the node of Octree:
(1) obtains the bounding box of the node that will be added into scene;
(2), obtain the bounding box of this tree from the Octree root;
(3) whether the bounding box size of judging this Octree is the twice of the bounding box size of the node that will add;
(4) if more than octree bounding box size the twice for the node bounding box size that will add, then the center according to which and this node in eight subtrees of this Octree of position calculation of the node that will add comprises mutually, and this algorithm of recursive call inserts this stalk with node and sets; Otherwise the Octree of this Octree for suitable this node size is described, thereby articulates this node on this Octree.
5. the real-time visual detection method at ddos attack according to claim 1 is characterized in that, in the 4th step wherein, follows these steps to carry out:
(1) obtains the frustum of video camera;
(2) obtain the bounding box of Octree subtree;
(3) frustum and bounding box are intersected check;
(4) if intersect, obtain the Octree scenario node that is articulated under this Octree subtree, bounding box and the frustum to each node intersects check respectively, if intersect, adds and plays up formation;
(5) eight these algorithms of child nodes difference recursive call setting for this eight fork;
(6) utilize GPU that the node that is in the frustum is played up.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN200810154205XA CN101557324B (en) | 2008-12-17 | 2008-12-17 | Real-time visual detection method for DDoS attack |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN200810154205XA CN101557324B (en) | 2008-12-17 | 2008-12-17 | Real-time visual detection method for DDoS attack |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN101557324A true CN101557324A (en) | 2009-10-14 |
| CN101557324B CN101557324B (en) | 2011-06-08 |
Family
ID=41175278
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN200810154205XA Expired - Fee Related CN101557324B (en) | 2008-12-17 | 2008-12-17 | Real-time visual detection method for DDoS attack |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN101557324B (en) |
Cited By (15)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101820357A (en) * | 2010-02-11 | 2010-09-01 | 哈尔滨工业大学 | Network security incident visualization system |
| CN102299911A (en) * | 2011-06-22 | 2011-12-28 | 天津大学 | DDos attack detection method based on concentric axis multidimensional data visualization model |
| CN102546524A (en) * | 2010-12-09 | 2012-07-04 | 中国科学院沈阳计算技术研究所有限公司 | Detection method aiming at SIP (Session Initiation Protocol) single-source flooding attacks and SIP intrusion-detection system |
| CN103021016A (en) * | 2012-12-05 | 2013-04-03 | 上海创图网络科技发展有限公司 | Processing method of massive three-dimensional geographical information and data during rendering process |
| CN104301183A (en) * | 2014-10-23 | 2015-01-21 | 北京知道创宇信息技术有限公司 | WEB container detection method and device based on IP section scanning |
| CN105516174A (en) * | 2015-12-25 | 2016-04-20 | 北京奇虎科技有限公司 | Network attack tracking display system and method |
| CN106953837A (en) * | 2015-11-03 | 2017-07-14 | 丛林网络公司 | With the visual integrating security system of threat |
| CN108650251A (en) * | 2018-04-27 | 2018-10-12 | 北京奇安信科技有限公司 | A kind of display processing method and device of network security comprehensive situation perception data |
| CN110311924A (en) * | 2019-07-26 | 2019-10-08 | 杭州迪普科技股份有限公司 | Network security risk data display method, device, electronic equipment |
| WO2020168682A1 (en) * | 2019-02-21 | 2020-08-27 | 清华大学 | Network space coordinate system creation method and apparatus based on autonomous system |
| CN112256791A (en) * | 2020-10-27 | 2021-01-22 | 北京微步在线科技有限公司 | Network attack event display method and storage medium |
| CN113407874A (en) * | 2020-03-16 | 2021-09-17 | 北京国双科技有限公司 | Network address display method and device, electronic equipment and readable storage medium |
| CN113542036A (en) * | 2021-09-14 | 2021-10-22 | 广州锦行网络科技有限公司 | Demonstration method, electron and demonstration device for network attack behaviors |
| CN114978720A (en) * | 2022-05-26 | 2022-08-30 | 沈阳理工大学 | Intelligent detection method for visual representation of distributed denial of service attack |
| CN116614321A (en) * | 2023-07-20 | 2023-08-18 | 北京立思辰安科技术有限公司 | Interface display method for network attack, electronic equipment and storage medium |
Family Cites Families (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101083563B (en) * | 2007-07-20 | 2010-08-11 | 杭州华三通信技术有限公司 | Method and apparatus for preventing distributed refuse service attack |
| CN101150581A (en) * | 2007-10-19 | 2008-03-26 | 华为技术有限公司 | Detection method and device for DDoS attack |
-
2008
- 2008-12-17 CN CN200810154205XA patent/CN101557324B/en not_active Expired - Fee Related
Cited By (22)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101820357B (en) * | 2010-02-11 | 2012-10-10 | 哈尔滨工业大学 | Network security incident visualization system |
| CN101820357A (en) * | 2010-02-11 | 2010-09-01 | 哈尔滨工业大学 | Network security incident visualization system |
| CN102546524A (en) * | 2010-12-09 | 2012-07-04 | 中国科学院沈阳计算技术研究所有限公司 | Detection method aiming at SIP (Session Initiation Protocol) single-source flooding attacks and SIP intrusion-detection system |
| CN102546524B (en) * | 2010-12-09 | 2014-09-03 | 中国科学院沈阳计算技术研究所有限公司 | Detection method aiming at SIP (Session Initiation Protocol) single-source flooding attacks and SIP intrusion-detection system |
| CN102299911A (en) * | 2011-06-22 | 2011-12-28 | 天津大学 | DDos attack detection method based on concentric axis multidimensional data visualization model |
| CN102299911B (en) * | 2011-06-22 | 2014-04-30 | 天津大学 | DDos attack detection method based on concentric axis multidimensional data visualization model |
| CN103021016A (en) * | 2012-12-05 | 2013-04-03 | 上海创图网络科技发展有限公司 | Processing method of massive three-dimensional geographical information and data during rendering process |
| CN104301183A (en) * | 2014-10-23 | 2015-01-21 | 北京知道创宇信息技术有限公司 | WEB container detection method and device based on IP section scanning |
| CN106953837B (en) * | 2015-11-03 | 2020-09-25 | 瞻博网络公司 | Security management system and security management method |
| CN106953837A (en) * | 2015-11-03 | 2017-07-14 | 丛林网络公司 | With the visual integrating security system of threat |
| CN105516174A (en) * | 2015-12-25 | 2016-04-20 | 北京奇虎科技有限公司 | Network attack tracking display system and method |
| CN108650251A (en) * | 2018-04-27 | 2018-10-12 | 北京奇安信科技有限公司 | A kind of display processing method and device of network security comprehensive situation perception data |
| WO2020168682A1 (en) * | 2019-02-21 | 2020-08-27 | 清华大学 | Network space coordinate system creation method and apparatus based on autonomous system |
| US11943249B2 (en) | 2019-02-21 | 2024-03-26 | Tsinghua University | Cyberspace coordinate system creation method and apparatus based on autonomous system |
| CN110311924A (en) * | 2019-07-26 | 2019-10-08 | 杭州迪普科技股份有限公司 | Network security risk data display method, device, electronic equipment |
| CN113407874A (en) * | 2020-03-16 | 2021-09-17 | 北京国双科技有限公司 | Network address display method and device, electronic equipment and readable storage medium |
| CN112256791A (en) * | 2020-10-27 | 2021-01-22 | 北京微步在线科技有限公司 | Network attack event display method and storage medium |
| CN113542036A (en) * | 2021-09-14 | 2021-10-22 | 广州锦行网络科技有限公司 | Demonstration method, electron and demonstration device for network attack behaviors |
| CN113542036B (en) * | 2021-09-14 | 2022-01-04 | 广州锦行网络科技有限公司 | Demonstration method, electron and demonstration device for network attack behaviors |
| CN114978720A (en) * | 2022-05-26 | 2022-08-30 | 沈阳理工大学 | Intelligent detection method for visual representation of distributed denial of service attack |
| CN116614321A (en) * | 2023-07-20 | 2023-08-18 | 北京立思辰安科技术有限公司 | Interface display method for network attack, electronic equipment and storage medium |
| CN116614321B (en) * | 2023-07-20 | 2023-10-20 | 北京立思辰安科技术有限公司 | Interface display method for network attack, electronic equipment and storage medium |
Also Published As
| Publication number | Publication date |
|---|---|
| CN101557324B (en) | 2011-06-08 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN101557324B (en) | Real-time visual detection method for DDoS attack | |
| Liu et al. | Enhanced skeleton visualization for view invariant human action recognition | |
| Doumanoglou et al. | Recovering 6D object pose and predicting next-best-view in the crowd | |
| Lin et al. | Line segment extraction for large scale unorganized point clouds | |
| Furukawa et al. | Manhattan-world stereo | |
| CN103412871B (en) | Method and device for generating visualized view | |
| CN105975512B (en) | A kind of construction method for the multidimensional property visualization generalized model for taking locus into account | |
| Lee et al. | Automatic integration of facade textures into 3D building models with a projective geometry based line clustering | |
| CN103138986A (en) | Website abnormal access behavior detection method based on visual analysis | |
| CN105678842A (en) | Manufacturing method and device for three-dimensional map of indoor environment | |
| As' ari et al. | 3D shape descriptor for object recognition based on Kinect-like depth image | |
| CN115179326B (en) | Continuous collision detection method for articulated robot | |
| Huang et al. | MuMod: A micro-unit connection approach for hybrid-order community detection | |
| Liu et al. | 3d action recognition using data visualization and convolutional neural networks | |
| Yang et al. | Robust line detection using two-orthogonal direction image scanning | |
| CN102299911A (en) | DDos attack detection method based on concentric axis multidimensional data visualization model | |
| Tschopp et al. | Superquadric object representation for optimization-based semantic SLAM | |
| CN102567465A (en) | Method for searching geometrical similarity of three-dimensional models on the basis of compound eye vision | |
| CN116823816B (en) | Detection equipment and detection method based on security monitoring static memory | |
| Holzinger et al. | On graph extraction from image data | |
| CN116958485A (en) | Visual field analysis method and device | |
| CN112232249A (en) | Remote sensing image change detection method and device based on depth features | |
| CN114529689B (en) | Ceramic cup defect sample amplification method and system based on antagonistic neural network | |
| Scholz et al. | Level of Detail for Real-Time Volumetric Terrain Rendering. | |
| Zhou et al. | Multi-attribute joint point cloud super-resolution with adversarial feature graph networks |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| CF01 | Termination of patent right due to non-payment of annual fee | ||
| CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20110608 Termination date: 20201217 |