CN106603326B - 基于异常反馈的NetFlow采样处理方法 - Google Patents
基于异常反馈的NetFlow采样处理方法 Download PDFInfo
- Publication number
- CN106603326B CN106603326B CN201610940054.5A CN201610940054A CN106603326B CN 106603326 B CN106603326 B CN 106603326B CN 201610940054 A CN201610940054 A CN 201610940054A CN 106603326 B CN106603326 B CN 106603326B
- Authority
- CN
- China
- Prior art keywords
- flow
- abnormal
- netflow
- traffic
- acquisition
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L43/00—Arrangements for monitoring or testing data switching networks
- H04L43/02—Capturing of monitoring data
- H04L43/022—Capturing of monitoring data by sampling
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L43/00—Arrangements for monitoring or testing data switching networks
- H04L43/04—Processing captured monitoring data, e.g. for logfile generation
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1425—Traffic logging, e.g. anomaly detection
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Security & Cryptography (AREA)
- Data Mining & Analysis (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
Description
特征描述 | 权重 | 攻击类型 |
流数大、平均包长小、源地址少且目的端口多 | 0 | 面向主机的端口扫描 |
流数大、平均包长小、源地址多且目的端口少 | 0 | 面向网络的端口扫描 |
流数大、平均包长小、源地址少且SYN多 | 0 | Dos、DDos(TCP SYN) |
目的地址多且目的端口都是445 | 0 | 震荡波变种 |
目的地址多、协议号为17且目标端口为1434 | 0 | SQL Slammer蠕虫 |
目的地址多且目的端口都是12345 | 0 | Netbus Trojan |
出现大量目的端口号为80、包数为3、字节数为144的包 | 0 | Red code |
流数大、目标地址单一且源端口都为25 | 0 | 垃圾邮件服务器或感染了某种邮件蠕虫 |
特征描述 | 权重 |
流数大、源地址不多、源端口不多 | 1 |
流数大、源地址多、源端口不多 | 2 |
流数大、源地址多、源端口多 | 3 |
Claims (4)
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201610940054.5A CN106603326B (zh) | 2016-11-01 | 2016-11-01 | 基于异常反馈的NetFlow采样处理方法 |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201610940054.5A CN106603326B (zh) | 2016-11-01 | 2016-11-01 | 基于异常反馈的NetFlow采样处理方法 |
Publications (2)
Publication Number | Publication Date |
---|---|
CN106603326A CN106603326A (zh) | 2017-04-26 |
CN106603326B true CN106603326B (zh) | 2020-06-05 |
Family
ID=58590338
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201610940054.5A Active CN106603326B (zh) | 2016-11-01 | 2016-11-01 | 基于异常反馈的NetFlow采样处理方法 |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN106603326B (zh) |
Families Citing this family (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN109495428A (zh) * | 2017-09-12 | 2019-03-19 | 蓝盾信息安全技术股份有限公司 | 一种基于流量特征和随机森林的端口扫描检测方法 |
CN109474623B (zh) * | 2018-12-25 | 2022-03-01 | 杭州迪普科技股份有限公司 | 网络安全防护及其参数确定方法、装置及设备、介质 |
CN110365713B (zh) * | 2019-08-22 | 2021-12-14 | 中国科学技术大学 | 针对高级持续性威胁的网络防御资源最优分配方法 |
CN111641591B (zh) * | 2020-04-30 | 2022-12-06 | 杭州博联智能科技股份有限公司 | 云服务安全防御方法、装置、设备及介质 |
CN115514686A (zh) * | 2021-06-23 | 2022-12-23 | 深信服科技股份有限公司 | 一种流量采集方法、装置及电子设备和存储介质 |
CN113890843B (zh) * | 2021-09-13 | 2023-10-31 | 中盈优创资讯科技有限公司 | 基于netflow分析资源提供业务占比情况四阶报表的方法及装置 |
CN115118781B (zh) * | 2022-06-27 | 2023-05-26 | 平安银行股份有限公司 | 业务状态的处理方法、装置、电子设备及存储介质 |
Citations (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101795215A (zh) * | 2010-01-28 | 2010-08-04 | 哈尔滨工程大学 | 网络流量异常检测方法及检测装置 |
Family Cites Families (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US7133365B2 (en) * | 2001-11-02 | 2006-11-07 | Internap Network Services Corporation | System and method to provide routing control of information over networks |
US9219689B2 (en) * | 2013-03-15 | 2015-12-22 | International Business Machines Corporation | Source-driven switch probing with feedback request |
-
2016
- 2016-11-01 CN CN201610940054.5A patent/CN106603326B/zh active Active
Patent Citations (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101795215A (zh) * | 2010-01-28 | 2010-08-04 | 哈尔滨工程大学 | 网络流量异常检测方法及检测装置 |
Non-Patent Citations (2)
Title |
---|
"基于NetFlow的特征感知自适应的流采样方法";刘晨光等;《计算机工程与应用》;20130326;第1-4页 * |
刘晨光等."基于NetFlow的特征感知自适应的流采样方法".《计算机工程与应用》.2013,第1-4页. * |
Also Published As
Publication number | Publication date |
---|---|
CN106603326A (zh) | 2017-04-26 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN106603326B (zh) | 基于异常反馈的NetFlow采样处理方法 | |
US8001601B2 (en) | Method and apparatus for large-scale automated distributed denial of service attack detection | |
US9130982B2 (en) | System and method for real-time reporting of anomalous internet protocol attacks | |
US20190034631A1 (en) | System and method for malware detection | |
CN107018084B (zh) | 基于sdn架构的ddos攻击防御网络安全方法 | |
Zhong et al. | DDoS detection system based on data mining | |
US20150215285A1 (en) | Network traffic processing system | |
Haris et al. | Detecting TCP SYN flood attack based on anomaly detection | |
Alaidaros et al. | An overview of flow-based and packet-based intrusion detection performance in high speed networks | |
CN101640666A (zh) | 一种面向目标网络的流量控制装置及方法 | |
Kshirsagar et al. | CPU load analysis & minimization for TCP SYN flood detection | |
Hareesh et al. | Anomaly detection system based on analysis of packet header and payload histograms | |
Nair et al. | A study on botnet detection techniques | |
Wang et al. | Exploiting Artificial Immune systems to detect unknown DoS attacks in real-time | |
Li et al. | DDoS attack detection algorithms based on entropy computing | |
Shahrestani et al. | Architecture for applying data mining and visualization on network flow for botnet traffic detection | |
KR20090083767A (ko) | 은닉마코프 모델을 이용한 확률적인 네트워크 이상징후탐지 장치 및 그 방법 | |
Araki et al. | Subspace clustering for interpretable botnet traffic analysis | |
Haris et al. | Anomaly detection of IP header threats | |
Haris et al. | TCP SYN flood detection based on payload analysis | |
Du et al. | IP packet size entropy-based scheme for detection of DoS/DDoS attacks | |
CN111641628A (zh) | 一种子网欺骗DDoS攻击监测预警方法 | |
Wei et al. | TDSC: Two-stage DDoS detection and defense system based on clustering | |
CN112671743A (zh) | 基于流量自相似性的DDoS入侵检测方法及相关装置 | |
Alaidaros et al. | From Packet-based Towards Hybrid Packet-based and Flow-based Monitoring for Efficient Intrusion Detection: An overview |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
CB03 | Change of inventor or designer information | ||
CB03 | Change of inventor or designer information |
Inventor after: Li Qianmu Inventor after: Zhang Wenqiang Inventor after: Qi Yong Inventor after: Wang Yinhai Inventor before: Zhang Wenqiang Inventor before: Li Qianmu Inventor before: Qi Yong Inventor before: Wang Yinhai |
|
GR01 | Patent grant | ||
GR01 | Patent grant | ||
EE01 | Entry into force of recordation of patent licensing contract | ||
EE01 | Entry into force of recordation of patent licensing contract |
Application publication date: 20170426 Assignee: NANJING SINOVATIO TECHNOLOGY Co.,Ltd. Assignor: NANJING University OF SCIENCE AND TECHNOLOGY Contract record no.: X2022980008506 Denomination of invention: NetFlow sampling processing method based on abnormal feedback Granted publication date: 20200605 License type: Common License Record date: 20220622 |