CN1764126A - Method for detecting and monitoring gusty abnormal network flow - Google Patents
Method for detecting and monitoring gusty abnormal network flow Download PDFInfo
- Publication number
- CN1764126A CN1764126A CN 200510110267 CN200510110267A CN1764126A CN 1764126 A CN1764126 A CN 1764126A CN 200510110267 CN200510110267 CN 200510110267 CN 200510110267 A CN200510110267 A CN 200510110267A CN 1764126 A CN1764126 A CN 1764126A
- Authority
- CN
- China
- Prior art keywords
- flow
- network
- attack
- information
- statistics
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Abstract
The detection and monitor method for burst abnormal network flow comprises: simulating and realizing the worm attack on NS-2 network simulator platform and DDoS distributed denial service attack, gathering the network flow information by Net Flow protocol, determining the behavior character of abnormal source, and taking control measures to interrupt attack. This invention originates to integrates character comparison and flow self-learning, overcomes the problem that SNMP protocol is lack for analysis and hard to determine flow abnormal threshold, and improves efficiency and practicality of monitor flow greatly. The experiment shows: this method is very well in real-time, and lays the foundation of inverse track well.
Description
Technical field
What the present invention relates to is a kind of method of networking technology area, specifically is a kind of detection and method for supervising of gusty abnormal network flow.
Background technology
Based on network attack has become the serious obstruction of current network information system, particularly worm-type virus is attacked and distributed denial of service attack, utilize the leak of network service, system service or utilize the finiteness of Internet resources, system resource, having is exactly the imperfection that utilizes procotol and authentication mechanism self again, attack by starting large scale network at short notice, consume specific resources, realize the target of attack of Denial of Service attack.Existing network security mechanism as intruding detection system (IDS), fire compartment wall and VPN (virtual private network) (VPN) and tolerate that attack technology all also do not consider the detection and the tracking problem in network attack source, though detect attack also lack network range from dynamic response.At these traffic attacks, countermeasure mostly is the protection algorithm setting such as Random Drop, SYN Cookie, the bandwidth constraints greatly, realize IDS and ways such as firewall linkage and technical specialist's analytical attack, but produce little effect mostly, can only alleviate ddos attack and can not really solve ddos attack.Wherein the problem of most critical just is to distinguish how efficiently normal discharge and unusual attack traffic.Current relatively effective method is " black hole " technology of China domestic NSFOCUS company and in the world by the AM IPS technology of TopLayer company exploitation.As seen, the exception of network traffic monitoring technology is the primary technological means that solves the abnormal flow problem.The acquisition mode of current network abnormal flow is divided into three kinds: the monitoring technology of the full mirror image of flow Network Based, based on the monitoring technology of SNMP with based on three kinds of common technologies of monitoring technology of NetFlow.Also have based on bag analysis (BPF) model of intercepting network packet in addition.Usually the network manager of local area network (LAN) likes using MRTG, but its function is more single, and analytic function is not strong, and its flow information of collecting is the statistical information of port, can not be used for complicated analysis.So no matter NetFlow can both satisfy the needs that exception of network traffic is analyzed on resource consumption still is network collection information the level of detail.
Find through literature search prior art, Chinese patent application numbers 200310101710.5, patent name " a kind of device and method of realizing abnormal flow control ", adopt the real-time sampling analysis mode in this patent, short bag in certain period is analyzed rather than lasting dynamic the analysis, though reduced the work of treatment amount, it is complete inadequately that the effect of analytic statistics just seems, and cannot effectively solve for the unexpected abnormality stream detection in crack in short-term.
Summary of the invention
The object of the invention is at the deficiencies in the prior art, a kind of detection and method for supervising of gusty abnormal network flow are provided, make it pass through model analysis to flow, improve the efficient that paroxysmal abnormality detects, for intrusion detection provides reliable foundation to the real-time backward tracing and the protection of attack source.
The present invention is achieved by the following technical solutions, the present invention is by the worm attack under the NS-2 network simulation applicator platform and the The Realization of Simulation of DDoS distributed denial of service attack, adopt network traffics to analyze agreement NetFlow network traffic information is carried out collection analysis, judge the behavioural characteristic of anomaly source, take corresponding control measures to interrupt this type of attack at last.
Below the present invention is further illustrated, comprise the steps:
(1) flow mapping is gathered, and gathers flow information under the whole network environment by NetFlow under the NS-2 analogue simulation environment;
(2) statistics, sortingand merging are classified to flow according to the website that the user visited, and sorted flow are added up, and deposit pairing RRD circular database then in, set up network zones of different, the discharge record information of different periods;
(3) simulation worm attack and ddos attack are attacked the abnormal flow feature that causes by the monitoring method collection analysis based on statistics, as searching in information bank less than just adding this characteristic information, handle unusual simultaneously;
(4) by statistical analysis, carry out volume forecasting to network traffics;
(5) according to the flow information of preserving in the RRD database, the rendered visualization chart;
(6) reverse information trace is carried out in the source of attack traffic, and relevant flow information is carried out association analysis, to judge the position of attack source.
The present invention is directed to traditional flow collection method, adopt, finely solved the burst flow blockage problem that DDoS and worm attack cause, further improved the stability of network service in conjunction with NetFlow and abnormality detection discrimination technology based on MRTG.Make respective handling for the abnormal flow that determines by the IDS interlock, realize the Intelligent Flow control and management.When anomaly analysis, it is fixed not need the user to get in advance, by the means that feature detection and abnormality detection combine, dynamically unknown ddos attack feature is added in the information bank, therefore the intelligent level of present technique is further improved.
The present invention has characteristics such as low consumption of resources and information gathering is detailed, adopt popular self-similarity network forecast model, can alleviate the intensity of information gathering preferably, extract the burst feature reliablely, can accelerate the data processing speed of the network equipment greatly.Especially in the complicated network structure, device resource is various, under the huge environment of network information flow, the present invention can fine solution based on the overload problem of SNMP flow collection method, thereby the tolerance of network is improved greatly.Go back in addition cost low, dispose easily, excellent in efficiency, to characteristics such as web influence are little.
Description of drawings
Fig. 1 is a flow chart of the present invention
Fig. 2 hides Markov model for 2-state of the present invention
Embodiment
Below in conjunction with accompanying drawing realization of the present invention is further specified.System based on the inventive method is made up of acquisition module, alanysis module, detection processing module, volume forecasting module, graphics module and six of backward tracing modules, and specifically practicing of each module is as follows:
(1) acquisition module---flow mapping is gathered, and gathers flow information under the whole network environment by NetFlow under the NS-2 analogue simulation environment;
(2) alanysis module---statistics, sortingand merging, difference according to user institute access site is classified to flow, and sorted flow added up, deposit pairing RRD circular database then in, set up network zones of different, the discharge record information of different periods;
(3) detect processing module---simulation worm attack and ddos attack, attack the abnormal flow feature that causes by monitoring method collection analysis based on statistics, as in information bank, searching, use modes such as cutting off connection, filtration, flow restriction to handle unusually simultaneously less than just adding this characteristic information;
(4) volume forecasting module---by statistical analysis, carry out volume forecasting, reduce resource consumption, improve the real-time that network traffics are handled simultaneously network traffics.
(5) graphics module---according to the flow information of preserving in the RRD database, the rendered visualization chart;
(6) backward tracing module---reverse information trace is carried out in the source to attack traffic, and relevant flow information is carried out association analysis, to judge the position of attack source.The foundation that provides law to solve.
The statistical information that NetFlow collects from network traffics comprises statistics based on each user, based on the statistics of the statistics of every kind of agreement, per-port basis with based on the statistics of every kind of equipment, can provide than the more detailed traffic flow information of the snmp protocol that is operated in link layer, when flow takes place to change suddenly, which agreement the energy express analysis goes out, serve port goes wrong, and further determines to cause the main frame of network traffics sudden change.Protocal analysis adopts high-performance RRD circular database, and being fit to very much also provides powerful data compression, drawing function simultaneously based on the seasonal effect in time series storage, can greatly improve efficiency for data access.
In this case study on implementation, the unexpected abnormality flow of the NS-2 environment being simulated the initiation of ddos attack and worm attack down adopts the hiding Markov model (2 state Hidden Markov Model) of 2-state to carry out the off-note statistics.The threshold detection method that this is conventional, rate of false alarm is lower, and real-time is stronger.Be implemented as follows:
Hypothesis network flow velocity satisfies Gaussian Profile N (μ h, σ h) in this model, and μ h is that average σ h is a variance.Markovian transition matrix T is followed in conversion between the state, as shown in Figure 2
According to these six parameter (μ
1, σ
1, μ
2, σ
2, p, q) flow that NetFlow is collected carries out statistic of classification, and choosing according to maximum similarity criterion (maximum likelihood criteria) of parameter promptly guarantees to satisfy the data flow probability of occurrence maximum of these parameters.Studies show that this-model is inadequate for the feature of describing whole network flow, but enough for the division that is used for flowing.
Stream based on HMM is divided, and is proved to be effectively for unusual attacks such as detecting DDOS.Used detection window control synchronization to handle the size of stream, window size generally uses 12,18 or 24, and real-time efficient height can satisfy the requirement of on-line monitoring like this.The unknown characteristics that extracts deposits the behavioral characteristics storehouse in by abnormality detection, and which kind of attack pattern occurs just directly determining from feature database when this class is attacked when next time is again.
The inventive method combines feature and compares and the flow self study when unusual judgement, still count initiative in network performance monitoring field based on stream, can solve snmp protocol analytic function deficiency, the Traffic Anomaly threshold value is difficult to problems such as judgement, thereby the efficient of traffic monitoring and practicality are improved greatly.The present invention is used to the appointment watch-dog in the NS-2 analog simulation environment is carried out the flow collection management, experiment shows, this method real-time, through the stream information after the RRD stores processor is fully detailed when characterizing network state, has established good basis for further carrying out backward tracing.
Claims (5)
1, a kind of detection of gusty abnormal network flow and method for supervising, it is characterized in that, The Realization of Simulation by worm attack under the NS-2 network simulation applicator platform and DDoS distributed denial of service attack, adopt network traffics to analyze agreement NetFlow network traffic information is carried out collection analysis, judge the behavioural characteristic of anomaly source, take corresponding control measures to interrupt this type of attack at last.
2, the detection of gusty abnormal network flow according to claim 1 and method for supervising is characterized in that, comprise the steps:
(1) flow mapping is gathered, and gathers flow information under the whole network environment by NetFlow under the NS-2 analogue simulation environment;
(2) statistics, sortingand merging are classified to flow according to the website that the user visited, and sorted flow are added up, and deposit pairing RRD circular database then in, set up network zones of different, the discharge record information of different periods;
(3) simulation worm attack and ddos attack are attacked the abnormal flow feature that causes by the monitoring method collection analysis based on statistics, as searching in information bank less than just adding this characteristic information, handle unusual simultaneously;
(4) by statistical analysis, carry out volume forecasting to network traffics;
(5) according to the flow information of preserving in the RRD database, the rendered visualization chart;
(6) reverse information trace is carried out in the source of attack traffic, and relevant flow information is carried out association analysis, to judge the position of attack source.
3, the detection of gusty abnormal network flow according to claim 2 and method for supervising, it is characterized in that, the statistical information that NetFlow collects from network traffics comprises statistics based on each user, based on the statistics of the statistics of every kind of agreement, per-port basis with based on the statistics of every kind of equipment, provide than the more detailed traffic flow information of the snmp protocol that is operated in link layer, when flow takes place to change suddenly, which agreement the energy express analysis goes out, serve port goes wrong, and further determines to cause the main frame of network traffics sudden change.
4, the detection of gusty abnormal network flow according to claim 2 and method for supervising is characterized in that, handle unusual mode for cutting off connection, filtration or flow restriction.
5, the detection of gusty abnormal network flow according to claim 2 and method for supervising, it is characterized in that, the unexpected abnormality flow of the NS-2 environment being simulated the initiation of ddos attack and worm attack down adopts the hiding Markov model of 2-state to carry out the off-note statistics, is implemented as follows:
Suppose that the network flow velocity satisfies Gaussian Profile N (μ h, σ h), μ h is that average σ h is a variance, and markovian transition matrix T is followed in the conversion between the state,
According to these six parameter μ
1, σ
1, μ
2, σ
2, p, q carries out statistic of classification to the flow that NetFlow collects, and choosing according to maximum similarity criterion of parameter promptly guarantees to satisfy the data flow probability of occurrence maximum of these parameters.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CNB2005101102677A CN100384149C (en) | 2005-11-11 | 2005-11-11 | Method for detecting and monitoring gusty abnormal network flow |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CNB2005101102677A CN100384149C (en) | 2005-11-11 | 2005-11-11 | Method for detecting and monitoring gusty abnormal network flow |
Publications (2)
Publication Number | Publication Date |
---|---|
CN1764126A true CN1764126A (en) | 2006-04-26 |
CN100384149C CN100384149C (en) | 2008-04-23 |
Family
ID=36748092
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CNB2005101102677A Expired - Fee Related CN100384149C (en) | 2005-11-11 | 2005-11-11 | Method for detecting and monitoring gusty abnormal network flow |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN100384149C (en) |
Cited By (29)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101510826B (en) * | 2008-12-17 | 2010-12-22 | 天津大学 | DDoS aggression detection method based on visualization |
CN101217377B (en) * | 2008-01-18 | 2010-12-22 | 南京邮电大学 | A detecting method of distributed denial of service attacking based on improved sequence scale regulation |
CN101505219B (en) * | 2009-03-18 | 2011-03-16 | 杭州华三通信技术有限公司 | Method and protecting apparatus for defending denial of service attack |
CN101136922B (en) * | 2007-04-28 | 2011-04-13 | 华为技术有限公司 | Service stream recognizing method, device and distributed refusal service attack defending method, system |
CN101521604B (en) * | 2009-04-03 | 2011-04-20 | 南京邮电大学 | Strategy-based distributed performance monitoring method |
CN102209010A (en) * | 2011-06-10 | 2011-10-05 | 北京神州绿盟信息安全科技股份有限公司 | Network test system and method |
CN102281295A (en) * | 2011-08-06 | 2011-12-14 | 黑龙江大学 | Method for easing distributed denial of service attacks |
CN101714929B (en) * | 2009-11-19 | 2012-03-07 | 中国科学院计算技术研究所 | Method and system for quantitatively calculating network availability indexes |
CN102821081A (en) * | 2011-06-10 | 2012-12-12 | 中国电信股份有限公司 | Method and system for monitoring DDOS (distributed denial of service) attacks in small flow |
CN104038372A (en) * | 2014-05-30 | 2014-09-10 | 国家电网公司 | Power wide area network (WAN) flow monitoring method |
CN104796301A (en) * | 2015-03-31 | 2015-07-22 | 北京奇艺世纪科技有限公司 | Network traffic abnormity judgment and device |
CN105187451A (en) * | 2015-10-09 | 2015-12-23 | 携程计算机技术(上海)有限公司 | Website flow abnormity detection method and system |
CN105337951A (en) * | 2014-08-15 | 2016-02-17 | 中国电信股份有限公司 | Method and device carrying out path backtracking for system attack |
CN105681063A (en) * | 2014-11-18 | 2016-06-15 | 中国移动通信集团北京有限公司 | Method and apparatus for monitoring network index |
CN106027406A (en) * | 2016-05-23 | 2016-10-12 | 电子科技大学 | NS3 simulation system flow importing method based on Netflow |
CN106034056A (en) * | 2015-03-18 | 2016-10-19 | 北京启明星辰信息安全技术有限公司 | Service safety analysis method and system thereof |
CN106209839A (en) * | 2016-07-08 | 2016-12-07 | 杭州迪普科技有限公司 | The means of defence of invasion message and device |
CN106453434A (en) * | 2016-12-20 | 2017-02-22 | 北京启明星辰信息安全技术有限公司 | Monitoring method and monitoring system for network traffic |
CN106789944A (en) * | 2016-11-29 | 2017-05-31 | 神州网云(北京)信息技术有限公司 | Attack main body in attack determines method and device |
CN106899601A (en) * | 2017-03-10 | 2017-06-27 | 北京华清信安科技有限公司 | Network attack defence installation and method based on cloud and local platform |
CN104023342B (en) * | 2007-11-20 | 2017-10-13 | 泰斯特瑞有限公司 | For the system and method for the scale for determining cellular telecommunication network |
CN107800706A (en) * | 2017-11-06 | 2018-03-13 | 国网福建省电力有限公司 | A kind of network attack dynamic monitoring method based on Gaussian distribution model |
CN109639524A (en) * | 2018-12-13 | 2019-04-16 | 国网上海市电力公司 | Communication network data method for visualizing, device and equipment based on volume forecasting |
CN111198805A (en) * | 2018-11-20 | 2020-05-26 | 北京京东尚科信息技术有限公司 | Abnormity monitoring method and device |
CN111343206A (en) * | 2020-05-19 | 2020-06-26 | 上海飞旗网络技术股份有限公司 | Active defense method and device for data flow attack |
CN112152895A (en) * | 2020-09-02 | 2020-12-29 | 珠海格力电器股份有限公司 | Intelligent household equipment control method, device, equipment and computer readable medium |
CN112422433A (en) * | 2020-11-10 | 2021-02-26 | 合肥浩瀚深度信息技术有限公司 | DDoS attack tracing method, device and system based on NetFlow |
CN113038035A (en) * | 2020-10-29 | 2021-06-25 | 中国农业银行股份有限公司福建省分行 | AI video point counting method for live pig breeding |
CN114978617A (en) * | 2022-05-06 | 2022-08-30 | 国网湖北省电力有限公司信息通信公司 | Network attack threat statistical judgment method based on Markov process learning model |
Family Cites Families (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN1257632C (en) * | 2002-12-11 | 2006-05-24 | 中国科学院研究生院 | Firm gateway system and its attack detecting method |
CN1282331C (en) * | 2003-10-21 | 2006-10-25 | 中兴通讯股份有限公司 | Device and method for realizing abnormal flow control |
-
2005
- 2005-11-11 CN CNB2005101102677A patent/CN100384149C/en not_active Expired - Fee Related
Cited By (43)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101136922B (en) * | 2007-04-28 | 2011-04-13 | 华为技术有限公司 | Service stream recognizing method, device and distributed refusal service attack defending method, system |
CN104023342B (en) * | 2007-11-20 | 2017-10-13 | 泰斯特瑞有限公司 | For the system and method for the scale for determining cellular telecommunication network |
CN101217377B (en) * | 2008-01-18 | 2010-12-22 | 南京邮电大学 | A detecting method of distributed denial of service attacking based on improved sequence scale regulation |
CN101510826B (en) * | 2008-12-17 | 2010-12-22 | 天津大学 | DDoS aggression detection method based on visualization |
CN101505219B (en) * | 2009-03-18 | 2011-03-16 | 杭州华三通信技术有限公司 | Method and protecting apparatus for defending denial of service attack |
CN101521604B (en) * | 2009-04-03 | 2011-04-20 | 南京邮电大学 | Strategy-based distributed performance monitoring method |
CN101714929B (en) * | 2009-11-19 | 2012-03-07 | 中国科学院计算技术研究所 | Method and system for quantitatively calculating network availability indexes |
CN102821081B (en) * | 2011-06-10 | 2014-12-17 | 中国电信股份有限公司 | Method and system for monitoring DDOS (distributed denial of service) attacks in small flow |
CN102209010A (en) * | 2011-06-10 | 2011-10-05 | 北京神州绿盟信息安全科技股份有限公司 | Network test system and method |
CN102821081A (en) * | 2011-06-10 | 2012-12-12 | 中国电信股份有限公司 | Method and system for monitoring DDOS (distributed denial of service) attacks in small flow |
CN102209010B (en) * | 2011-06-10 | 2013-09-25 | 北京神州绿盟信息安全科技股份有限公司 | Network test system and method |
CN102281295B (en) * | 2011-08-06 | 2015-01-21 | 黑龙江大学 | Method for easing distributed denial of service attacks |
CN102281295A (en) * | 2011-08-06 | 2011-12-14 | 黑龙江大学 | Method for easing distributed denial of service attacks |
CN104038372A (en) * | 2014-05-30 | 2014-09-10 | 国家电网公司 | Power wide area network (WAN) flow monitoring method |
CN104038372B (en) * | 2014-05-30 | 2016-03-09 | 国家电网公司 | Electric power wide area flux monitoring method |
CN105337951B (en) * | 2014-08-15 | 2019-04-23 | 中国电信股份有限公司 | The method and apparatus of path backtracking is carried out to system attack |
CN105337951A (en) * | 2014-08-15 | 2016-02-17 | 中国电信股份有限公司 | Method and device carrying out path backtracking for system attack |
CN105681063A (en) * | 2014-11-18 | 2016-06-15 | 中国移动通信集团北京有限公司 | Method and apparatus for monitoring network index |
CN106034056B (en) * | 2015-03-18 | 2020-04-24 | 北京启明星辰信息安全技术有限公司 | Method and system for analyzing business safety |
CN106034056A (en) * | 2015-03-18 | 2016-10-19 | 北京启明星辰信息安全技术有限公司 | Service safety analysis method and system thereof |
CN104796301A (en) * | 2015-03-31 | 2015-07-22 | 北京奇艺世纪科技有限公司 | Network traffic abnormity judgment and device |
CN105187451B (en) * | 2015-10-09 | 2018-10-09 | 携程计算机技术(上海)有限公司 | Website traffic method for detecting abnormality and system |
CN105187451A (en) * | 2015-10-09 | 2015-12-23 | 携程计算机技术(上海)有限公司 | Website flow abnormity detection method and system |
CN106027406A (en) * | 2016-05-23 | 2016-10-12 | 电子科技大学 | NS3 simulation system flow importing method based on Netflow |
CN106027406B (en) * | 2016-05-23 | 2019-03-15 | 电子科技大学 | NS3 analogue system flow introduction method based on Netflow |
CN106209839A (en) * | 2016-07-08 | 2016-12-07 | 杭州迪普科技有限公司 | The means of defence of invasion message and device |
CN106209839B (en) * | 2016-07-08 | 2019-08-06 | 杭州迪普科技股份有限公司 | Invade the means of defence and device of message |
CN106789944A (en) * | 2016-11-29 | 2017-05-31 | 神州网云(北京)信息技术有限公司 | Attack main body in attack determines method and device |
CN106453434A (en) * | 2016-12-20 | 2017-02-22 | 北京启明星辰信息安全技术有限公司 | Monitoring method and monitoring system for network traffic |
CN106899601A (en) * | 2017-03-10 | 2017-06-27 | 北京华清信安科技有限公司 | Network attack defence installation and method based on cloud and local platform |
CN107800706B (en) * | 2017-11-06 | 2021-03-30 | 国网福建省电力有限公司 | Network attack dynamic monitoring method based on Gaussian distribution model |
CN107800706A (en) * | 2017-11-06 | 2018-03-13 | 国网福建省电力有限公司 | A kind of network attack dynamic monitoring method based on Gaussian distribution model |
CN111198805A (en) * | 2018-11-20 | 2020-05-26 | 北京京东尚科信息技术有限公司 | Abnormity monitoring method and device |
CN111198805B (en) * | 2018-11-20 | 2024-02-02 | 北京京东尚科信息技术有限公司 | Abnormality monitoring method and device |
CN109639524A (en) * | 2018-12-13 | 2019-04-16 | 国网上海市电力公司 | Communication network data method for visualizing, device and equipment based on volume forecasting |
CN111343206B (en) * | 2020-05-19 | 2020-08-21 | 上海飞旗网络技术股份有限公司 | Active defense method and device for data flow attack |
CN111343206A (en) * | 2020-05-19 | 2020-06-26 | 上海飞旗网络技术股份有限公司 | Active defense method and device for data flow attack |
CN112152895A (en) * | 2020-09-02 | 2020-12-29 | 珠海格力电器股份有限公司 | Intelligent household equipment control method, device, equipment and computer readable medium |
CN113038035A (en) * | 2020-10-29 | 2021-06-25 | 中国农业银行股份有限公司福建省分行 | AI video point counting method for live pig breeding |
CN113038035B (en) * | 2020-10-29 | 2022-05-17 | 中国农业银行股份有限公司福建省分行 | AI video point counting method for live pig breeding |
CN112422433A (en) * | 2020-11-10 | 2021-02-26 | 合肥浩瀚深度信息技术有限公司 | DDoS attack tracing method, device and system based on NetFlow |
CN114978617A (en) * | 2022-05-06 | 2022-08-30 | 国网湖北省电力有限公司信息通信公司 | Network attack threat statistical judgment method based on Markov process learning model |
CN114978617B (en) * | 2022-05-06 | 2023-08-08 | 国网湖北省电力有限公司信息通信公司 | Network attack threat statistics judgment method based on Markov process learning model |
Also Published As
Publication number | Publication date |
---|---|
CN100384149C (en) | 2008-04-23 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN100384149C (en) | Method for detecting and monitoring gusty abnormal network flow | |
CN109302378B (en) | SDN network DDoS attack detection method | |
CN105208037B (en) | A kind of DoS/DDoS attack detectings and filter method based on lightweight intrusion detection | |
CN107483455B (en) | Flow-based network node anomaly detection method and system | |
WO2021088372A1 (en) | Neural network-based ddos detection method and system in sdn network | |
CN101309179B (en) | Real-time flux abnormity detection method on basis of host activity and communication pattern analysis | |
CN108040074B (en) | Real-time network abnormal behavior detection system and method based on big data | |
CN105577679B (en) | A kind of anomalous traffic detection method based on feature selecting and density peaks cluster | |
CN101980506A (en) | Flow characteristic analysis-based distributed intrusion detection method | |
CN113079143A (en) | Flow data-based anomaly detection method and system | |
CN1794661A (en) | Network performance analysis report system based on IPv6 and its implementing method | |
CN102271068A (en) | Method for detecting DOS/DDOS (denial of service/distributed denial of service) attack | |
CN102271091A (en) | Method for classifying network abnormal events | |
CN103067192A (en) | Analytic system and method of network flow | |
CN111600876B (en) | Slow denial of service attack detection method based on MFOPA algorithm | |
CN106254318A (en) | A kind of Analysis of Network Attack method | |
CN110162968A (en) | A kind of Network Intrusion Detection System based on machine learning | |
CN110719270A (en) | FCM algorithm-based slow denial of service attack detection method | |
CN106209902A (en) | A kind of network safety system being applied to intellectual property operation platform and detection method | |
Tran et al. | One-class support vector machine for anomaly network traffic detection | |
Chiu et al. | Semi-supervised learning for false alarm reduction | |
Onut et al. | A Feature Classification Scheme For Network Intrusion Detection. | |
CN111490976B (en) | Dynamic baseline management and monitoring method for industrial control network | |
CN113162939A (en) | Detection and defense system for DDoS (distributed denial of service) attack under SDN (software defined network) based on improved k-nearest neighbor algorithm | |
Wei-wei et al. | Prediction model of network security situation based on regression analysis |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
C14 | Grant of patent or utility model | ||
GR01 | Patent grant | ||
CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20080423 Termination date: 20211111 |
|
CF01 | Termination of patent right due to non-payment of annual fee |