CN110324354B - Method, device and system for network tracking long chain attack - Google Patents

Method, device and system for network tracking long chain attack Download PDF

Info

Publication number
CN110324354B
CN110324354B CN201910626786.0A CN201910626786A CN110324354B CN 110324354 B CN110324354 B CN 110324354B CN 201910626786 A CN201910626786 A CN 201910626786A CN 110324354 B CN110324354 B CN 110324354B
Authority
CN
China
Prior art keywords
server
data
abnormal
cluster
data segments
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201910626786.0A
Other languages
Chinese (zh)
Other versions
CN110324354A (en
Inventor
段彬
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Wuhan Sipuling Technology Co Ltd
Original Assignee
Wuhan Sipuling Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Wuhan Sipuling Technology Co Ltd filed Critical Wuhan Sipuling Technology Co Ltd
Priority to CN201910626786.0A priority Critical patent/CN110324354B/en
Publication of CN110324354A publication Critical patent/CN110324354A/en
Application granted granted Critical
Publication of CN110324354B publication Critical patent/CN110324354B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/14Network analysis or design
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/14Network analysis or design
    • H04L41/145Network analysis or design involving simulating, designing, planning or modelling of a network
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • H04L63/1416Event detection, e.g. attack signature detection
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • H04L63/1425Traffic logging, e.g. anomaly detection
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/20Network architectures or network communication protocols for network security for managing network security; network security policies in general
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2463/00Additional details relating to network architectures or network communication protocols for network security covered by H04L63/00
    • H04L2463/146Tracing the source of attacks

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)
  • Computer And Data Communications (AREA)

Abstract

The invention discloses a method, a device and a system for tracking a long chain attack by a network.

Description

Method, device and system for network tracking long chain attack
Technical Field
The present application relates to the field of network security technologies, and in particular, to a method, an apparatus, and a system for tracking a long chain attack by a network.
Background
At present, network communication faces increasingly hidden security problems, many attacks come from hidden and fragmented forms, and the existing method for preventing network attacks fails. Especially today's networks often have a large number of network nodes and attackers can spread the fragments across various network nodes to avoid discovery. A method for monitoring attacks on a network based on big data and tracking fragments is urgently needed.
Disclosure of Invention
The invention aims to provide a method, a device and a system for network tracking long chain attack.
In a first aspect, the present application provides a method for network tracing long chain attack, the method comprising:
the cluster master server sends an instruction to each network node, wherein the instruction is used for instructing each network node to upload a local data segment to the cluster server;
after receiving the instruction, each network node splits the local data stream passing through the network node into a plurality of data segments, stores data segment copies, and packages and uploads the data segment copies to a cluster server at service processing intervals;
the cluster master server collects the load state of each cluster server, selects the server with the lightest current load as an execution server, and schedules the received copy of the encapsulated data segment to the execution server;
after receiving the encapsulated data fragment copy, the execution server merges the analyzed data fragment with the local historical data fragment of the called cluster server; the merging comprises merging according to at least one standard of the network node, the sending terminal, the data type and the corresponding access behavior;
the execution server calls an analysis model to analyze the merged data segments, finds abnormal data segments possibly existing in the merged data segments, marks network nodes or terminals to which a plurality of abnormal data segments belong as abnormal points, and analyzes whether logic association exists among the abnormal data segments;
if the plurality of abnormal data segments have logical association, establishing a front-back association relation of the corresponding abnormal points, and marking the abnormal points as a path point in a potential attack track; if the logical association does not exist among the plurality of abnormal data segments, the front-back association relation among the corresponding abnormal points is disconnected, and the approach points of the abnormal data segments in the potential attack track are deleted;
the execution server transmits the front-back association relation, the passing point and the potential attack track to a display processing device;
the execution server trains the analysis model according to the pre-and-post incidence relation and the abnormal data segment;
and after receiving the front-back association relationship, the route points and the potential attack tracks, the display processing device marks the route points on a mapped network node architecture diagram, marks the front-back association relationship corresponding to each node in the diagram, draws the potential attack tracks and displays the potential attack tracks on a large screen.
With reference to the first aspect, in a first possible implementation manner of the first aspect, the cluster master server collects load states of the cluster servers in a fixed period.
With reference to the first aspect, in a second possible implementation manner of the first aspect, the cluster master server sends an instruction to each network node at a fixed period.
With reference to the first aspect, in a third possible implementation manner of the first aspect, the uploading, by the network node, the copy of the data segment at the service processing interval includes: and preferentially processing the service data, and uploading a data fragment copy to the server when no service data needs to be processed or transmitted.
In a second aspect, the present application provides an apparatus for network tracing long chain attack, which is applied to a network node and performs all or part of the method, and the apparatus includes:
the system comprises an instruction receiving unit, a cluster server and a cluster server, wherein the instruction receiving unit is used for receiving an instruction sent by the cluster server to each network node, and the instruction is used for instructing each network node to upload a local data segment to the cluster server;
the data processing unit is used for splitting the local data stream passing through the network node into a plurality of data fragments and storing data fragment copies;
and the data sending unit is used for packaging and uploading the data segment copies to the cluster server at the service processing interval.
In a third aspect, the present application provides a server for network tracing long chain attack, located on a network side, and performing all or part of the method, where the server includes:
the data receiving unit is used for receiving the packaged data segment copies scheduled by the cluster main server and selecting the packaged data segment copies as the execution servers; the cluster master server collects the load state of each cluster server and selects the server with the lightest current load as an execution server;
the data merging unit is used for merging the analyzed data segment with the local historical data segment of the cluster server after receiving the encapsulated data segment copy; the merging comprises merging according to at least one standard of the network node, the sending terminal, the data type and the corresponding access behavior;
the abnormal analysis unit is used for analyzing the merged data segments by using an analysis model, searching abnormal data segments possibly existing in the merged data segments, marking network nodes or terminals to which a plurality of abnormal data segments belong as abnormal points, and analyzing whether logic association exists among the plurality of abnormal data segments;
if the plurality of abnormal data segments have logical association, establishing a front-back association relation of the corresponding abnormal points, and marking the abnormal points as a path point in a potential attack track; if the logical association does not exist among the plurality of abnormal data segments, the front-back association relation among the corresponding abnormal points is disconnected, and the approach points of the abnormal data segments in the potential attack track are deleted;
the transmission unit is used for transmitting the front and back incidence relation, the passing point and the potential attack track to a display processing device;
and the model training unit is used for training the analysis model according to the pre-and-post incidence relation and the abnormal data segment.
In a fourth aspect, the present application provides a system for network tracing long chain attacks, the system comprising a plurality of network nodes applying the apparatus as described in the second aspect, a cluster master server, and the server as described in the third aspect.
The invention provides a method, a device and a system for tracking a long chain attack by a network.
Drawings
In order to more clearly illustrate the technical solutions in the embodiments of the present invention, the drawings needed to be used in the embodiments will be briefly described below, and it is obvious for those skilled in the art that other drawings can be obtained according to these drawings without creative efforts.
FIG. 1 is a flow chart of a method for tracking a long chain attack by a network according to the present invention;
FIG. 2 is a diagram of the internal structure of the device for tracking long chain attacks in the network according to the present invention;
FIG. 3 is an internal structure diagram of a server for network tracing long chain attack according to the present invention;
fig. 4 is an architecture diagram of the system for network tracing long chain attack according to the present invention.
Detailed Description
The preferred embodiments of the present invention will be described in detail below with reference to the accompanying drawings so that the advantages and features of the present invention can be more easily understood by those skilled in the art, and the scope of the present invention will be more clearly and clearly defined.
Fig. 1 is a flowchart of a method for tracking a long chain attack by a network according to the present application, where the method includes:
the cluster master server sends an instruction to each network node, wherein the instruction is used for instructing each network node to upload a local data segment to the cluster server;
after receiving the instruction, each network node splits the local data stream passing through the network node into a plurality of data segments, stores data segment copies, and packages and uploads the data segment copies to a cluster server at service processing intervals;
the cluster master server collects the load state of each cluster server, selects the server with the lightest current load as an execution server, and schedules the received copy of the encapsulated data segment to the execution server;
after receiving the encapsulated data fragment copy, the execution server merges the analyzed data fragment with the local historical data fragment of the called cluster server; the merging comprises merging according to at least one standard of the network node, the sending terminal, the data type and the corresponding access behavior;
the execution server calls an analysis model to analyze the merged data segments, finds abnormal data segments possibly existing in the merged data segments, marks network nodes or terminals to which a plurality of abnormal data segments belong as abnormal points, and analyzes whether logic association exists among the abnormal data segments;
if the plurality of abnormal data segments have logical association, establishing a front-back association relation of the corresponding abnormal points, and marking the abnormal points as a path point in a potential attack track; if the logical association does not exist among the plurality of abnormal data segments, the front-back association relation among the corresponding abnormal points is disconnected, and the approach points of the abnormal data segments in the potential attack track are deleted;
the execution server transmits the front-back association relation, the passing point and the potential attack track to a display processing device;
the execution server trains the analysis model according to the pre-and-post incidence relation and the abnormal data segment;
and after receiving the front-back association relationship, the route points and the potential attack tracks, the display processing device marks the route points on a mapped network node architecture diagram, marks the front-back association relationship corresponding to each node in the diagram, draws the potential attack tracks and displays the potential attack tracks on a large screen.
In some preferred embodiments, the cluster master server collects the load status of each cluster server at a fixed period.
In some preferred embodiments, the cluster master server sends instructions to the respective network nodes at a fixed period.
In some preferred embodiments, the network node uploading the copy of the data segment at the traffic processing gap comprises: and preferentially processing the service data, and uploading a data fragment copy to the server when no service data needs to be processed or transmitted.
Fig. 2 is an internal structural diagram of an apparatus for network tracing long chain attack provided in the present application, the apparatus including:
the system comprises an instruction receiving unit, a cluster server and a cluster server, wherein the instruction receiving unit is used for receiving an instruction sent by the cluster server to each network node, and the instruction is used for instructing each network node to upload a local data segment to the cluster server;
the data processing unit is used for splitting the local data stream passing through the network node into a plurality of data fragments and storing data fragment copies;
and the data sending unit is used for packaging and uploading the data segment copies to the cluster server at the service processing interval.
In some preferred embodiments, the apparatus uploading the copy of the data segment at the traffic processing slot comprises: and preferentially processing the service data, and uploading a data fragment copy to the server when no service data needs to be processed or transmitted.
Fig. 3 is an internal structural diagram of a server for network tracing long chain attack provided in the present application, where the server includes:
the data receiving unit is used for receiving the packaged data segment copies scheduled by the cluster main server and selecting the packaged data segment copies as the execution servers; the cluster master server collects the load state of each cluster server and selects the server with the lightest current load as an execution server;
the data merging unit is used for merging the analyzed data segment with the local historical data segment of the cluster server after receiving the encapsulated data segment copy; the merging comprises merging according to at least one standard of the network node, the sending terminal, the data type and the corresponding access behavior;
the abnormal analysis unit is used for analyzing the merged data segments by using an analysis model, searching abnormal data segments possibly existing in the merged data segments, marking network nodes or terminals to which a plurality of abnormal data segments belong as abnormal points, and analyzing whether logic association exists among the plurality of abnormal data segments;
if the plurality of abnormal data segments have logical association, establishing a front-back association relation of the corresponding abnormal points, and marking the abnormal points as a path point in a potential attack track; if the logical association does not exist among the plurality of abnormal data segments, the front-back association relation among the corresponding abnormal points is disconnected, and the approach points of the abnormal data segments in the potential attack track are deleted;
the transmission unit is used for transmitting the front and back incidence relation, the passing point and the potential attack track to a display processing device;
and the model training unit is used for training the analysis model according to the pre-and-post incidence relation and the abnormal data segment.
In some preferred embodiments, the cluster master server collects the load status of each cluster server at a fixed period.
In some preferred embodiments, the cluster master server sends instructions to the respective network nodes at a fixed period.
Fig. 4 is an architecture diagram of a system for network tracing long chain attack provided by the present application, the system includes a plurality of network nodes to which the apparatus shown in fig. 2 is applied, a cluster master server, and a server shown in fig. 3.
In specific implementation, the present invention further provides a computer storage medium, where the computer storage medium may store a program, and the program may include some or all of the steps in the embodiments of the present invention when executed. The storage medium may be a magnetic disk, an optical disk, a read-only memory (ROM) or a Random Access Memory (RAM).
Those skilled in the art will readily appreciate that the techniques of the embodiments of the present invention may be implemented as software plus a required general purpose hardware platform. Based on such understanding, the technical solutions in the embodiments of the present invention may be embodied in the form of a software product, which may be stored in a storage medium, such as a ROM/RAM, a magnetic disk, an optical disk, etc., and includes several instructions for enabling a computer device (which may be a personal computer, a server, or a network device, etc.) to execute the method according to the embodiments or some parts of the embodiments.
The same and similar parts in the various embodiments of the present specification may be referred to each other. In particular, for the embodiments, since they are substantially similar to the method embodiments, the description is simple, and the relevant points can be referred to the description in the method embodiments.
The above-described embodiments of the present invention should not be construed as limiting the scope of the present invention.

Claims (7)

1. A method for tracking long chain attack by a network is characterized by comprising the following steps:
the cluster master server sends an instruction to each network node, wherein the instruction is used for instructing each network node to upload a local data segment to the cluster server;
after receiving the instruction, each network node splits the local data stream passing through the network node into a plurality of data segments, stores the data segments, and packages and uploads the data segments to a cluster server at service processing intervals;
the cluster master server collects the load state of each cluster server, selects the server with the lightest current load as an execution server, and schedules the received encapsulated data fragments to the execution server;
after receiving the encapsulated data fragment, the execution server merges the analyzed data fragment with the local historical data fragment of the called cluster server; the merging comprises merging according to at least one standard of the network node, the sending terminal, the data type and the corresponding access behavior;
the execution server calls an analysis model to analyze the merged data segments, finds abnormal data segments possibly existing in the merged data segments, marks network nodes or terminals to which a plurality of abnormal data segments belong as abnormal points, and analyzes whether logic association exists among the abnormal data segments;
if the plurality of abnormal data segments have logical association, establishing a front-back association relation of the corresponding abnormal points, and marking the abnormal points as a path point in a potential attack track; if the logical association does not exist among the plurality of abnormal data segments, the front-back association relation among the corresponding abnormal points is disconnected, and the approach points of the abnormal data segments in the potential attack track are deleted;
the execution server transmits the pre-and-post association relation, the approach point and the potential attack track to a display processing device;
the execution server trains the analysis model according to the pre-and-post incidence relation and the abnormal data segment;
and after receiving the pre-and-post association relationship, the path point and the potential attack track, the display processing device marks the path point on a mapped network node architecture diagram, marks the corresponding pre-and-post association relationship on each node in the diagram, draws the potential attack track and displays the potential attack track on a large screen.
2. The method of claim 1, wherein the cluster master server collects the load status of each cluster server for a fixed period.
3. The method according to any of claims 1-2, wherein the cluster master server sends instructions to the respective network nodes at a fixed period.
4. The method of claim 3, wherein the network node uploading a data segment at a traffic processing gap comprises: and preferentially processing the service data, and uploading the data fragments to the server when no service data needs to be processed or transmitted.
5. An apparatus for network tracing long chain attack, applied on a network node, for performing the method according to any one of claims 1-4, comprising:
the system comprises an instruction receiving unit, a cluster server and a cluster server, wherein the instruction receiving unit is used for receiving an instruction sent by the cluster server to each network node, and the instruction is used for instructing each network node to upload a local data segment to the cluster server;
the data processing unit is used for splitting a data stream local via the network node into a plurality of data fragments and storing the data fragments;
and the data sending unit is used for packaging and uploading the data fragments to the cluster server at the service processing interval.
6. A server for network tracing long chain attack, located on the network side, for performing the method according to any one of claims 1 to 4, comprising:
the data receiving unit is used for receiving the encapsulated data fragments scheduled by the cluster main server and selecting the encapsulated data fragments as the execution servers; the cluster master server collects the load state of each cluster server and selects the server with the lightest current load as an execution server;
the data merging unit is used for merging the analyzed data segment with the local historical data segment of the cluster server after receiving the encapsulated data segment; the merging comprises merging according to at least one standard of the network node, the sending terminal, the data type and the corresponding access behavior;
the abnormal analysis unit is used for analyzing the merged data segments by using an analysis model, searching abnormal data segments possibly existing in the merged data segments, marking network nodes or terminals to which a plurality of abnormal data segments belong as abnormal points, and analyzing whether logic association exists among the plurality of abnormal data segments;
if the plurality of abnormal data segments have logical association, establishing a front-back association relation of the corresponding abnormal points, and marking the abnormal points as a path point in a potential attack track; if the logical association does not exist among the plurality of abnormal data segments, the front-back association relation among the corresponding abnormal points is disconnected, and the approach points of the abnormal data segments in the potential attack track are deleted;
the transmission unit is used for transmitting the pre-and-post association relation, the approach point and the potential attack track to a display processing device;
and the model training unit is used for training the analysis model according to the pre-and-post incidence relation and the abnormal data segment.
7. A system for network tracing long chain attacks, the system comprising a plurality of network nodes applying the apparatus of claim 5, a cluster master server, and the server of claim 6.
CN201910626786.0A 2019-07-11 2019-07-11 Method, device and system for network tracking long chain attack Active CN110324354B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201910626786.0A CN110324354B (en) 2019-07-11 2019-07-11 Method, device and system for network tracking long chain attack

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201910626786.0A CN110324354B (en) 2019-07-11 2019-07-11 Method, device and system for network tracking long chain attack

Publications (2)

Publication Number Publication Date
CN110324354A CN110324354A (en) 2019-10-11
CN110324354B true CN110324354B (en) 2022-02-25

Family

ID=68122008

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201910626786.0A Active CN110324354B (en) 2019-07-11 2019-07-11 Method, device and system for network tracking long chain attack

Country Status (1)

Country Link
CN (1) CN110324354B (en)

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104901962A (en) * 2015-05-28 2015-09-09 北京椒图科技有限公司 Method and device for detecting webpage attack data
CN105072083A (en) * 2015-07-03 2015-11-18 华侨大学 Network active tracking method and system based on network flow watermarking
CN105376245A (en) * 2015-11-27 2016-03-02 杭州安恒信息技术有限公司 Rule-based detection method of ATP attack behavior
CN105763529A (en) * 2015-12-12 2016-07-13 哈尔滨安天科技股份有限公司 Attack chain obtaining method and system in network environment
CN106254317A (en) * 2016-07-21 2016-12-21 柳州龙辉科技有限公司 A kind of data security exception monitoring system
CN108418843A (en) * 2018-06-11 2018-08-17 中国人民解放军战略支援部队信息工程大学 Network attack target identification method based on attack graph and system

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US10289841B2 (en) * 2015-04-16 2019-05-14 Nec Corporation Graph-based attack chain discovery in enterprise security systems

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104901962A (en) * 2015-05-28 2015-09-09 北京椒图科技有限公司 Method and device for detecting webpage attack data
CN105072083A (en) * 2015-07-03 2015-11-18 华侨大学 Network active tracking method and system based on network flow watermarking
CN105376245A (en) * 2015-11-27 2016-03-02 杭州安恒信息技术有限公司 Rule-based detection method of ATP attack behavior
CN105763529A (en) * 2015-12-12 2016-07-13 哈尔滨安天科技股份有限公司 Attack chain obtaining method and system in network environment
CN106254317A (en) * 2016-07-21 2016-12-21 柳州龙辉科技有限公司 A kind of data security exception monitoring system
CN108418843A (en) * 2018-06-11 2018-08-17 中国人民解放军战略支援部队信息工程大学 Network attack target identification method based on attack graph and system

Also Published As

Publication number Publication date
CN110324354A (en) 2019-10-11

Similar Documents

Publication Publication Date Title
EP3855692A1 (en) Network security monitoring method, network security monitoring device, and system
CN110365674B (en) Method, server and system for predicting network attack surface
US20060277295A1 (en) Monitoring system and monitoring method
CN105684382A (en) Packet control method, switch and controller
CN108900374B (en) Data processing method and device applied to DPI equipment
US9537758B2 (en) Dynamic redirection of network traffic within a system under test
CN112350854B (en) Flow fault positioning method, device, equipment and storage medium
CN105743732B (en) Method and system for recording transmission path and distribution condition of local area network files
CN109600375A (en) Message tracing method, device, electronic equipment and storage medium
CN110381047B (en) Network attack surface tracking method, server and system
CN110365673B (en) Method, server and system for isolating network attack plane
CN112543149B (en) Method for preventing IPFIX message from being lost, application thereof and ASIC chip
CN110351273B (en) Method, device and system for network tracking long chain attack
CN110351274B (en) Network attack surface tracking method, server and system
CN111741328B (en) Video analysis method, electronic device, storage medium and system
CN110324354B (en) Method, device and system for network tracking long chain attack
CN110365675B (en) Method, device and system for network tracking long chain attack
CN110324353B (en) Method, device and system for network tracking long chain attack
CN110378404B (en) Method, device and system for network tracking long chain attack
CN109831335A (en) A kind of data monitoring method, monitor terminal, storage medium and data monitoring system
CN106254375B (en) A kind of recognition methods of hotspot equipment and device
CN114598622A (en) Data monitoring method and device, storage medium and computer equipment
CN107995037B (en) Pre-judging method and device for wide area network optimization
KR102221052B1 (en) Fault Management System for SDN Network Equipment that supports open flow protocol
CN113055291B (en) Data packet sending method, router and data packet transmission system

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant