KR20090054196A - 비정상 트래픽 탐지 장치 및 방법 - Google Patents
비정상 트래픽 탐지 장치 및 방법 Download PDFInfo
- Publication number
- KR20090054196A KR20090054196A KR1020070120935A KR20070120935A KR20090054196A KR 20090054196 A KR20090054196 A KR 20090054196A KR 1020070120935 A KR1020070120935 A KR 1020070120935A KR 20070120935 A KR20070120935 A KR 20070120935A KR 20090054196 A KR20090054196 A KR 20090054196A
- Authority
- KR
- South Korea
- Prior art keywords
- entropy
- graph
- network attack
- graph model
- network
- Prior art date
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1425—Traffic logging, e.g. anomaly detection
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L43/00—Arrangements for monitoring or testing data switching networks
- H04L43/04—Processing captured monitoring data, e.g. for logfile generation
- H04L43/045—Processing captured monitoring data, e.g. for logfile generation for graphical visualisation of monitoring data
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Data Mining & Analysis (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
Description
Claims (11)
- 네트워크 트래픽으로부터 비정상 트래픽을 탐지하는 장치에 있어서,상기 네트워크 트래픽으로부터 엔트로피를 추출하는 엔트로피 추출 모듈;상기 엔트로피를 이용하여 엔트로피 그래프를 생성하는 시각화 모듈;상기 엔트로피 그래프에 기반하여 각각의 네트워크 공격에 대한 그래프 모델을 갱신하는 그래프 모델 학습 모듈; 및상기 엔트로피 그래프 및 상기 각각의 네트워크 공격에 대한 그래프 모델에 기반하여 비정상 트래픽을 탐지하고 탐지 결과를 사용자에게 출력하는 비정상 트래픽 탐지 모듈을 포함하는 비정상 트래픽 탐지 장치.
- 제 1항에 있어서,상기 엔트로피는 근원지 IP 주소 엔트로피, 근원지 포트 엔트로피, 목적지 IP 주소 엔트로피 및 목적지 포트 엔트로피를 포함하는 비정상 트래픽 탐지 장치.
- 제 2항에 있어서,상기 엔트로피 그래프는 상기 근원지 IP 주소 엔트로피, 상기 근원지 포트 엔트로피, 상기 목적지 IP 주소 엔트로피 및 상기 목적지 포트 엔트로피를 표시하는 방사형 그래프인 비정상 트래픽 탐지 장치.
- 제 1항에 있어서,상기 그래프 모델 학습 모듈은 각각의 네트워크 공격에 대한 상기 엔트로피 그래프의 위협도를 산정하고, 상기 위협도에 기반하여 상기 각각의 네트워크 공격에 대한 그래프 모델의 갱신 여부를 결정하는 비정상 트래픽 탐지 장치.
- 제 1항에 있어서,상기 그래프 모델 학습 모듈은 각각의 네트워크 공격에 대한 하나 이상의 4차원 벡터 클러스터를 포함하고, 상기 그래프 모델은 상기 각각의 네트워크 공격에 대한 하나 이상의 4차원 벡터 클러스터의 중심 벡터에 대응하는 비정상 트래픽 탐지 장치.
- 제 5항에 있어서,상기 그래프 모델 학습 모듈은 상기 시각화 모듈에 의해 생성된 엔트로피 그래프를 이용하여 상기 각각의 네트워크 공격에 대한 4차원 벡터 클러스터를 다시 클러스터링하는 비정상 트래픽 탐지 장치.
- 네트워크 트래픽으로부터 비정상 트래픽을 탐지하는 방법에 있어서,(a) 상기 네트워크 트래픽으로부터 엔트로피를 추출하는 단계;(b) 상기 엔트로피를 이용하여 엔트로피 그래프를 생성하는 단계;(c) 상기 엔트로피 그래프에 기반하여 각각의 네트워크 공격에 대한 그래프 모델을 갱신하는 단계;(d) 상기 엔트로피 그래프 및 상기 각각의 네트워크 공격에 대한 그래프 모델에 기반하여 비정상 트래픽을 탐지하는 단계; 및(e) 탐지 결과를 사용자에게 출력하는 단계를 포함하는 비정상 트래픽 탐지 방법.
- 제 7항에 있어서,상기 엔트로피는 근원지 IP 주소 엔트로피, 근원지 포트 엔트로피, 목적지 IP 주소 엔트로피 및 목적지 포트 엔트로피를 포함하는 비정상 트래픽 탐지 방법.
- 제 8항에 있어서,상기 엔트로피 그래프는 상기 근원지 IP 주소 엔트로피, 상기 근원지 포트 엔트로피, 상기 목적지 IP 주소 엔트로피 및 상기 목적지 포트 엔트로피를 표시하는 방사형 그래프인 비정상 트래픽 탐지 방법.
- 제 7항에 있어서, 상기 단계 (c)는,(c1) 각각의 네트워크 공격에 대한 상기 엔트로피 그래프의 위협도를 산정하는 단계;(c2) 상기 위협도에 기반하여 상기 각각의 네트워크 공격에 대한 그래프 모델의 갱신 여부를 결정하는 단계; 및(c3) 상기 결정에 따라 상기 각각의 네트워크 공격에 대한 그래프 모델을 갱신하는 단계를 포함하는 비정상 트래픽 탐지 방법.
- 제 7항에 있어서,상기 단계 (c)는 상기 엔트로피 그래프를 이용하여 각각의 네트워크 공격에 대한 4차원 벡터 클러스터를 다시 클러스터링함으로써 상기 각각의 네트워크 공격에 대한 그래프 모델을 갱신하는 비정상 트래픽 탐지 방법.
Priority Applications (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
KR1020070120935A KR100974888B1 (ko) | 2007-11-26 | 2007-11-26 | 비정상 트래픽 탐지 장치 및 방법 |
US12/103,266 US7716329B2 (en) | 2007-11-26 | 2008-04-15 | Apparatus and method for detecting anomalous traffic |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
KR1020070120935A KR100974888B1 (ko) | 2007-11-26 | 2007-11-26 | 비정상 트래픽 탐지 장치 및 방법 |
Publications (2)
Publication Number | Publication Date |
---|---|
KR20090054196A true KR20090054196A (ko) | 2009-05-29 |
KR100974888B1 KR100974888B1 (ko) | 2010-08-11 |
Family
ID=40670695
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
KR1020070120935A KR100974888B1 (ko) | 2007-11-26 | 2007-11-26 | 비정상 트래픽 탐지 장치 및 방법 |
Country Status (2)
Country | Link |
---|---|
US (1) | US7716329B2 (ko) |
KR (1) | KR100974888B1 (ko) |
Cited By (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
KR101381558B1 (ko) * | 2012-08-30 | 2014-04-14 | 포항공과대학교 산학협력단 | 비정상 트래픽 탐지 방법 및 장치 |
US8775613B2 (en) | 2010-10-14 | 2014-07-08 | Electronics And Telecommunications Research Institute | Method and system for providing network monitoring, security event collection apparatus and service abnormality detection apparatus for network monitoring |
WO2019107704A1 (ko) * | 2017-11-29 | 2019-06-06 | 고려대학교 산학협력단 | 차량의 상태 검증과 이상 징후 탐지 장치 및 이를 포함하는 시스템 |
US10432653B2 (en) | 2017-07-28 | 2019-10-01 | Penta Security Systems Inc. | Method and apparatus for detecting anomaly traffic |
KR20220067834A (ko) * | 2020-11-18 | 2022-05-25 | 한국전자통신연구원 | 네트워크 패킷 기계학습 기반 지능형 서버 헬스체크 장치 |
Families Citing this family (96)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US9412123B2 (en) | 2003-07-01 | 2016-08-09 | The 41St Parameter, Inc. | Keystroke analysis |
US10999298B2 (en) | 2004-03-02 | 2021-05-04 | The 41St Parameter, Inc. | Method and system for identifying users and detecting fraud by use of the internet |
WO2007050244A2 (en) | 2005-10-27 | 2007-05-03 | Georgia Tech Research Corporation | Method and system for detecting and responding to attacking networks |
US11301585B2 (en) | 2005-12-16 | 2022-04-12 | The 41St Parameter, Inc. | Methods and apparatus for securely displaying digital images |
US8938671B2 (en) | 2005-12-16 | 2015-01-20 | The 41St Parameter, Inc. | Methods and apparatus for securely displaying digital images |
US8151327B2 (en) | 2006-03-31 | 2012-04-03 | The 41St Parameter, Inc. | Systems and methods for detection of session tampering and fraud prevention |
US7788544B2 (en) * | 2006-05-03 | 2010-08-31 | Computer Associates Think, Inc. | Autonomous system state tolerance adjustment for autonomous management systems |
US10027688B2 (en) | 2008-08-11 | 2018-07-17 | Damballa, Inc. | Method and system for detecting malicious and/or botnet-related domain names |
US20100235908A1 (en) * | 2009-03-13 | 2010-09-16 | Silver Tail Systems | System and Method for Detection of a Change in Behavior in the Use of a Website Through Vector Analysis |
US20100235909A1 (en) * | 2009-03-13 | 2010-09-16 | Silver Tail Systems | System and Method for Detection of a Change in Behavior in the Use of a Website Through Vector Velocity Analysis |
US9112850B1 (en) | 2009-03-25 | 2015-08-18 | The 41St Parameter, Inc. | Systems and methods of sharing information through a tag-based consortium |
CA2673135C (en) | 2009-07-17 | 2017-01-17 | Anomalous Networks, Inc. | Determining usage predictions and detecting anomalous user activity through traffic patterns |
JP4814364B2 (ja) * | 2009-09-10 | 2011-11-16 | 富士通株式会社 | 評価支援方法、評価支援プログラム、および評価支援装置 |
US8245301B2 (en) * | 2009-09-15 | 2012-08-14 | Lockheed Martin Corporation | Network intrusion detection visualization |
US8245302B2 (en) * | 2009-09-15 | 2012-08-14 | Lockheed Martin Corporation | Network attack visualization and response through intelligent icons |
US8578497B2 (en) | 2010-01-06 | 2013-11-05 | Damballa, Inc. | Method and system for detecting malware |
US8826438B2 (en) | 2010-01-19 | 2014-09-02 | Damballa, Inc. | Method and system for network-based detecting of malware from behavioral clustering |
US9516058B2 (en) | 2010-08-10 | 2016-12-06 | Damballa, Inc. | Method and system for determining whether domain names are legitimate or malicious |
US8631489B2 (en) | 2011-02-01 | 2014-01-14 | Damballa, Inc. | Method and system for detecting malicious domain names at an upper DNS hierarchy |
US8612169B2 (en) | 2011-04-26 | 2013-12-17 | International Business Machines Corporation | Method and system for detecting anomalies in a bipartite graph |
US9106689B2 (en) | 2011-05-06 | 2015-08-11 | Lockheed Martin Corporation | Intrusion detection using MDL clustering |
US10754913B2 (en) | 2011-11-15 | 2020-08-25 | Tapad, Inc. | System and method for analyzing user device information |
US9922190B2 (en) | 2012-01-25 | 2018-03-20 | Damballa, Inc. | Method and system for detecting DGA-based malware |
US9633201B1 (en) * | 2012-03-01 | 2017-04-25 | The 41St Parameter, Inc. | Methods and systems for fraud containment |
US9521551B2 (en) | 2012-03-22 | 2016-12-13 | The 41St Parameter, Inc. | Methods and systems for persistent cross-application mobile device identification |
US9159056B2 (en) * | 2012-07-10 | 2015-10-13 | Spigit, Inc. | System and method for determining the value of a crowd network |
WO2014022813A1 (en) | 2012-08-02 | 2014-02-06 | The 41St Parameter, Inc. | Systems and methods for accessing records via derivative locators |
US10547674B2 (en) | 2012-08-27 | 2020-01-28 | Help/Systems, Llc | Methods and systems for network flow analysis |
US10084806B2 (en) | 2012-08-31 | 2018-09-25 | Damballa, Inc. | Traffic simulation to identify malicious activity |
US9166994B2 (en) | 2012-08-31 | 2015-10-20 | Damballa, Inc. | Automation discovery to identify malicious activity |
US9680861B2 (en) | 2012-08-31 | 2017-06-13 | Damballa, Inc. | Historical analysis to identify malicious activity |
US9894088B2 (en) | 2012-08-31 | 2018-02-13 | Damballa, Inc. | Data mining to identify malicious activity |
WO2014078569A1 (en) | 2012-11-14 | 2014-05-22 | The 41St Parameter, Inc. | Systems and methods of global identification |
CN104113519B (zh) * | 2013-04-16 | 2017-07-14 | 阿里巴巴集团控股有限公司 | 网络攻击检测方法及其装置 |
US9571511B2 (en) * | 2013-06-14 | 2017-02-14 | Damballa, Inc. | Systems and methods for traffic classification |
US9485222B2 (en) * | 2013-08-20 | 2016-11-01 | Hewlett-Packard Development Company, L.P. | Data stream traffic control |
US10902327B1 (en) | 2013-08-30 | 2021-01-26 | The 41St Parameter, Inc. | System and method for device identification and uniqueness |
WO2015035559A1 (en) * | 2013-09-10 | 2015-03-19 | Symantec Corporation | Systems and methods for using event-correlation graphs to detect attacks on computing systems |
US9166997B1 (en) * | 2013-09-19 | 2015-10-20 | Symantec Corporation | Systems and methods for reducing false positives when using event-correlation graphs to detect attacks on computing systems |
US10545938B2 (en) | 2013-09-30 | 2020-01-28 | Spigit, Inc. | Scoring members of a set dependent on eliciting preference data amongst subsets selected according to a height-balanced tree |
US20150235152A1 (en) * | 2014-02-18 | 2015-08-20 | Palo Alto Research Center Incorporated | System and method for modeling behavior change and consistency to detect malicious insiders |
CN104240499B (zh) * | 2014-06-23 | 2016-08-24 | 银江股份有限公司 | 一种基于微波数据的异常拥堵点判别方法 |
US10091312B1 (en) | 2014-10-14 | 2018-10-02 | The 41St Parameter, Inc. | Data structures for intelligently resolving deterministic and probabilistic device identifiers to device profiles and/or groups |
US9930065B2 (en) | 2015-03-25 | 2018-03-27 | University Of Georgia Research Foundation, Inc. | Measuring, categorizing, and/or mitigating malware distribution paths |
US10367842B2 (en) * | 2015-04-16 | 2019-07-30 | Nec Corporation | Peer-based abnormal host detection for enterprise security systems |
US10374904B2 (en) | 2015-05-15 | 2019-08-06 | Cisco Technology, Inc. | Diagnostic network visualization |
US9967158B2 (en) | 2015-06-05 | 2018-05-08 | Cisco Technology, Inc. | Interactive hierarchical network chord diagram for application dependency mapping |
US10536357B2 (en) | 2015-06-05 | 2020-01-14 | Cisco Technology, Inc. | Late data detection in data center |
US10142353B2 (en) | 2015-06-05 | 2018-11-27 | Cisco Technology, Inc. | System for monitoring and managing datacenters |
CN104935609A (zh) * | 2015-07-17 | 2015-09-23 | 北京京东尚科信息技术有限公司 | 网络攻击检测方法及检测设备 |
US9985982B1 (en) * | 2015-12-21 | 2018-05-29 | Cisco Technology, Inc. | Method and apparatus for aggregating indicators of compromise for use in network security |
KR101644998B1 (ko) * | 2015-12-22 | 2016-08-02 | 엑스브레인 주식회사 | Convolutional Neural Network를 이용하여 비정상 입력 데이터를 검출하는 방법 및 장치 |
US10164991B2 (en) * | 2016-03-25 | 2018-12-25 | Cisco Technology, Inc. | Hierarchical models using self organizing learning topologies |
US10289438B2 (en) | 2016-06-16 | 2019-05-14 | Cisco Technology, Inc. | Techniques for coordination of application components deployed on distributed virtual machines |
US10708183B2 (en) | 2016-07-21 | 2020-07-07 | Cisco Technology, Inc. | System and method of providing segment routing as a service |
CN106453226A (zh) * | 2016-07-21 | 2017-02-22 | 柳州龙辉科技有限公司 | 一种检测地址熵值的方法 |
CN106254130B (zh) * | 2016-08-25 | 2019-06-07 | 华青融天(北京)技术股份有限公司 | 一种数据处理方法及装置 |
US10193915B2 (en) * | 2016-09-30 | 2019-01-29 | Oath Inc. | Computerized system and method for automatically determining malicious IP clusters using network activity data |
US10972388B2 (en) | 2016-11-22 | 2021-04-06 | Cisco Technology, Inc. | Federated microburst detection |
US10708152B2 (en) | 2017-03-23 | 2020-07-07 | Cisco Technology, Inc. | Predicting application and network performance |
US10523512B2 (en) | 2017-03-24 | 2019-12-31 | Cisco Technology, Inc. | Network agent for generating platform specific network policies |
US10594560B2 (en) | 2017-03-27 | 2020-03-17 | Cisco Technology, Inc. | Intent driven network policy platform |
US10764141B2 (en) | 2017-03-27 | 2020-09-01 | Cisco Technology, Inc. | Network agent for reporting to a network policy system |
US10873794B2 (en) | 2017-03-28 | 2020-12-22 | Cisco Technology, Inc. | Flowlet resolution for application performance monitoring and management |
CN107220541B (zh) * | 2017-05-26 | 2020-12-22 | 成都信息工程大学 | 一种基于soeks的社工攻击知识表示与挖掘方法 |
US10680887B2 (en) | 2017-07-21 | 2020-06-09 | Cisco Technology, Inc. | Remote device status audit and recovery |
US10554501B2 (en) | 2017-10-23 | 2020-02-04 | Cisco Technology, Inc. | Network migration assistant |
US10523541B2 (en) | 2017-10-25 | 2019-12-31 | Cisco Technology, Inc. | Federated network and application data analytics platform |
US10594542B2 (en) | 2017-10-27 | 2020-03-17 | Cisco Technology, Inc. | System and method for network root cause analysis |
US11233821B2 (en) | 2018-01-04 | 2022-01-25 | Cisco Technology, Inc. | Network intrusion counter-intelligence |
US10999149B2 (en) | 2018-01-25 | 2021-05-04 | Cisco Technology, Inc. | Automatic configuration discovery based on traffic flow data |
US10826803B2 (en) | 2018-01-25 | 2020-11-03 | Cisco Technology, Inc. | Mechanism for facilitating efficient policy updates |
US10574575B2 (en) | 2018-01-25 | 2020-02-25 | Cisco Technology, Inc. | Network flow stitching using middle box flow stitching |
US10798015B2 (en) | 2018-01-25 | 2020-10-06 | Cisco Technology, Inc. | Discovery of middleboxes using traffic flow stitching |
US11128700B2 (en) | 2018-01-26 | 2021-09-21 | Cisco Technology, Inc. | Load balancing configuration based on traffic flow telemetry |
US11159555B2 (en) | 2018-12-03 | 2021-10-26 | Accenture Global Solutions Limited | Generating attack graphs in agile security platforms |
US11283825B2 (en) | 2018-12-03 | 2022-03-22 | Accenture Global Solutions Limited | Leveraging attack graphs of agile security platform |
US11184385B2 (en) | 2018-12-03 | 2021-11-23 | Accenture Global Solutions Limited | Generating attack graphs in agile security platforms |
US11281806B2 (en) | 2018-12-03 | 2022-03-22 | Accenture Global Solutions Limited | Generating attack graphs in agile security platforms |
US11863580B2 (en) * | 2019-05-31 | 2024-01-02 | Varmour Networks, Inc. | Modeling application dependencies to identify operational risk |
US11695795B2 (en) | 2019-07-12 | 2023-07-04 | Accenture Global Solutions Limited | Evaluating effectiveness of security controls in enterprise networks using graph values |
WO2021087896A1 (en) * | 2019-11-07 | 2021-05-14 | Alibaba Group Holding Limited | Data-driven graph of things for data center monitoring copyright notice |
CN111049828B (zh) * | 2019-12-13 | 2021-05-07 | 国网浙江省电力有限公司信息通信分公司 | 网络攻击检测及响应方法及系统 |
EP3872665A1 (en) | 2020-02-28 | 2021-09-01 | Accenture Global Solutions Limited | Cyber digital twin simulator for security controls requirements |
CN111800391B (zh) * | 2020-06-12 | 2023-05-23 | 安天科技集团股份有限公司 | 端口扫描攻击的检测方法、装置、电子设备及存储介质 |
US11533332B2 (en) * | 2020-06-25 | 2022-12-20 | Accenture Global Solutions Limited | Executing enterprise process abstraction using process aware analytical attack graphs |
US11411976B2 (en) | 2020-07-09 | 2022-08-09 | Accenture Global Solutions Limited | Resource-efficient generation of analytical attack graphs |
US11562373B2 (en) * | 2020-08-06 | 2023-01-24 | Accenture Global Solutions Limited | Utilizing machine learning models, predictive analytics, and data mining to identify a vehicle insurance fraud ring |
US11831675B2 (en) | 2020-10-26 | 2023-11-28 | Accenture Global Solutions Limited | Process risk calculation based on hardness of attack paths |
US11973790B2 (en) | 2020-11-10 | 2024-04-30 | Accenture Global Solutions Limited | Cyber digital twin simulator for automotive security assessment based on attack graphs |
US11818152B2 (en) | 2020-12-23 | 2023-11-14 | Varmour Networks, Inc. | Modeling topic-based message-oriented middleware within a security system |
US11876817B2 (en) | 2020-12-23 | 2024-01-16 | Varmour Networks, Inc. | Modeling queue-based message-oriented middleware relationships in a security system |
US11880250B2 (en) | 2021-07-21 | 2024-01-23 | Accenture Global Solutions Limited | Optimizing energy consumption of production lines using intelligent digital twins |
US11895150B2 (en) | 2021-07-28 | 2024-02-06 | Accenture Global Solutions Limited | Discovering cyber-attack process model based on analytical attack graphs |
CN114499979B (zh) * | 2021-12-28 | 2022-12-06 | 云南电网有限责任公司信息中心 | 一种基于联邦学习的sdn网络异常流量协同检测方法 |
CN114244632B (zh) * | 2022-02-24 | 2022-05-03 | 上海观安信息技术股份有限公司 | 检测icmp网络扫描网络攻击行为的方法、装置、电子设备及介质 |
Family Cites Families (10)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP2562039B2 (ja) * | 1988-02-05 | 1996-12-11 | ティーディーケイ株式会社 | 非対称形ZnOバリスタおよびその製造方法 |
KR20020024508A (ko) | 2000-09-25 | 2002-03-30 | 김병기 | 네트워크 침입탐지를 위한 비정상행위 탐지기법 |
US7424619B1 (en) * | 2001-10-11 | 2008-09-09 | The Trustees Of Columbia University In The City Of New York | System and methods for anomaly detection and adaptive learning |
US20030236652A1 (en) * | 2002-05-31 | 2003-12-25 | Battelle | System and method for anomaly detection |
KR100520687B1 (ko) * | 2003-02-12 | 2005-10-11 | 박세웅 | 네트워크 상태 표시 장치 및 방법 |
JP4652741B2 (ja) * | 2004-08-02 | 2011-03-16 | インターナショナル・ビジネス・マシーンズ・コーポレーション | 異常検出装置、異常検出方法、異常検出プログラム、及び記録媒体 |
KR100725179B1 (ko) | 2005-06-28 | 2007-06-04 | 서원대학교산학협력단 | 목적지 네트워크 분포 엔트로피를 이용한 네트워크 트래픽어노멀리 검출 방법 |
US20070150949A1 (en) * | 2005-12-28 | 2007-06-28 | At&T Corp. | Anomaly detection methods for a computer network |
US7899611B2 (en) * | 2006-03-03 | 2011-03-01 | Inrix, Inc. | Detecting anomalous road traffic conditions |
US7577550B2 (en) * | 2007-04-30 | 2009-08-18 | Hewlett-Packard Development Company, L.P. | System and method for detecting performance anomalies in a computing system |
-
2007
- 2007-11-26 KR KR1020070120935A patent/KR100974888B1/ko active IP Right Grant
-
2008
- 2008-04-15 US US12/103,266 patent/US7716329B2/en not_active Expired - Fee Related
Cited By (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US8775613B2 (en) | 2010-10-14 | 2014-07-08 | Electronics And Telecommunications Research Institute | Method and system for providing network monitoring, security event collection apparatus and service abnormality detection apparatus for network monitoring |
KR101381558B1 (ko) * | 2012-08-30 | 2014-04-14 | 포항공과대학교 산학협력단 | 비정상 트래픽 탐지 방법 및 장치 |
US10432653B2 (en) | 2017-07-28 | 2019-10-01 | Penta Security Systems Inc. | Method and apparatus for detecting anomaly traffic |
WO2019107704A1 (ko) * | 2017-11-29 | 2019-06-06 | 고려대학교 산학협력단 | 차량의 상태 검증과 이상 징후 탐지 장치 및 이를 포함하는 시스템 |
KR20190063209A (ko) * | 2017-11-29 | 2019-06-07 | 고려대학교 산학협력단 | 차량의 상태 검증과 이상 징후 탐지 장치 및 이를 포함하는 시스템 |
KR20220067834A (ko) * | 2020-11-18 | 2022-05-25 | 한국전자통신연구원 | 네트워크 패킷 기계학습 기반 지능형 서버 헬스체크 장치 |
Also Published As
Publication number | Publication date |
---|---|
US20090138590A1 (en) | 2009-05-28 |
KR100974888B1 (ko) | 2010-08-11 |
US7716329B2 (en) | 2010-05-11 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
KR100974888B1 (ko) | 비정상 트래픽 탐지 장치 및 방법 | |
CN111935170B (zh) | 一种网络异常流量检测方法、装置及设备 | |
US7596810B2 (en) | Apparatus and method of detecting network attack situation | |
CN112953924A (zh) | 网络异常流量检测方法、系统、存储介质、终端及应用 | |
CN109218304B (zh) | 一种基于攻击图和协同进化的网络风险阻断方法 | |
CN109218321A (zh) | 一种网络入侵检测方法及系统 | |
US20100150008A1 (en) | Apparatus and method for displaying state of network | |
CN110798426A (zh) | 一种洪水类DoS攻击行为的检测方法、系统及相关组件 | |
CN108900556B (zh) | 基于HMM和混沌模型的DDoS攻击检测方法 | |
CN112437062B (zh) | 一种icmp隧道的检测方法、装置、存储介质和电子设备 | |
CN110012037A (zh) | 基于不确定性感知攻击图的网络攻击预测模型构建方法 | |
CN111835681A (zh) | 一种大规模流量异常主机检测方法和装置 | |
KR100950079B1 (ko) | 은닉마코프 모델을 이용한 확률적인 네트워크 이상징후탐지 장치 및 그 방법 | |
JP2007243459A (ja) | トラヒック状態抽出装置及び方法ならびにコンピュータプログラム | |
CN114363212A (zh) | 一种设备检测方法、装置、设备和存储介质 | |
CN110493217B (zh) | 一种分布式的态势感知方法和系统 | |
CN112533170A (zh) | 一种基于时间信誉序列的恶意节点识别方法 | |
CN112235242A (zh) | 一种c&c信道检测方法及系统 | |
CN109257384B (zh) | 基于访问节奏矩阵的应用层DDoS攻击识别方法 | |
TWI777766B (zh) | 偵測惡意網域查詢行為的系統及方法 | |
CN116132095A (zh) | 一种融合统计特征和图结构特征的隐蔽恶意流量检测方法 | |
CN112333155B (zh) | 一种异常流量的检测方法、系统、电子设备及存储介质 | |
JP2005203992A (ja) | ネットワーク異常検出装置、ネットワーク異常検出方法およびネットワーク異常検出プログラム | |
CN115225369B (zh) | 一种僵尸网络的检测方法、装置及设备 | |
CN111935072B (zh) | 一种云环境中基于警报关联的分布式入侵检测方法 |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
A201 | Request for examination | ||
E902 | Notification of reason for refusal | ||
E902 | Notification of reason for refusal | ||
E701 | Decision to grant or registration of patent right | ||
GRNT | Written decision to grant | ||
FPAY | Annual fee payment |
Payment date: 20130710 Year of fee payment: 4 |
|
FPAY | Annual fee payment |
Payment date: 20140630 Year of fee payment: 5 |
|
FPAY | Annual fee payment |
Payment date: 20150703 Year of fee payment: 6 |
|
FPAY | Annual fee payment |
Payment date: 20160801 Year of fee payment: 7 |
|
FPAY | Annual fee payment |
Payment date: 20180731 Year of fee payment: 9 |
|
FPAY | Annual fee payment |
Payment date: 20190516 Year of fee payment: 10 |