期刊文献+

采用Netflow数据的典型异常流量检测方法 被引量:5

Typical Traffic Abnormal Detection Based on Netflow
下载PDF
导出
摘要 基于Netflow数据提出了根据流量特征进行异常检测的方法;分析了造成异常流量的DDoS和端口扫描的流量特征两种网络攻击行为;并根据其特征进行用户可控的实时异常流量检测,给出告警,报告异常的时空坐标。用户可以调整自己的参数设置,在计算时间和空间上平衡自己的参数,得到满意的结果。采用Web形式和CS架构模式进行异常监控的实时显示,用户可以实时地在任何连接到服务器的主机设置参数和查看检测结果。 The paper presents a method based on Netflow data and flow’s character to detect abnormal activities in the network. Two behaviors which induce abnormal activities: the properties of DDoS and port scan’s flows are analyzed. And abnormal flows in real time according to the user’s setup is detected, then alert the user and show the abnormal activities coordinates of the time-space. User can balance the time and space’s parameters to get satisfactory result. The CS model on Web is used to detect abnormal flows in real time, the users who connect to the server can setup the parameters and get the result.
出处 《电子科技大学学报》 EI CAS CSCD 北大核心 2009年第S1期57-60,74,共5页 Journal of University of Electronic Science and Technology of China
关键词 DDOS 流量特征 NETFLOW 端口扫描 实时检测 DDoS flow character netflow port scaning real time detecting
  • 相关文献

参考文献9

二级参考文献32

  • 1何慧,张宏莉,张伟哲,方滨兴,胡铭曾,陈雷.一种基于相似度的DDoS攻击检测方法[J].通信学报,2004,25(7):176-184. 被引量:36
  • 2庄肖斌,芦康俊,王理,卢建芝,李鸥.一种基于流量统计的DDoS攻击检测方法[J].计算机工程,2004,30(22):127-128. 被引量:11
  • 3李金明,王汝传.DDoS攻击源追踪的一种新包标记方案研究[J].通信学报,2005,26(11):18-23. 被引量:13
  • 4高能,冯登国,向继.一种基于数据挖掘的拒绝服务攻击检测技术[J].计算机学报,2006,29(6):944-951. 被引量:44
  • 5Arasu A, Babcock B, Babu S, et al. STREAM: The Stanford Stream Data Manager[J]. IEEE Data Engineering Bulletin, 2003, 26(1): 19-26.
  • 6Maxion R A, Feather F E. A Case Study of Ethernet Anomalies in a Distributed Computing Environment[J]. IEEE Transactions on Reliability, 1990, 39(4): 433-443.
  • 7Thottan M, Ji Chuanyi. Anomaly Detection in IP Networks[J]. IEEE Transactions on Signal Processing, 2003, 51(8): 2191-2204.
  • 8Goldman A. Anomaly Detection Based on an Iterative Local Statistical Approach[J]. Signal Processing, 2004, 84(7): 440-443.
  • 9Criscuolo P J. Distributed denial of service-trin00, tribe flood network [R]. Technical Report CIAC2319. Washington DC: Department of Energy, 2000.
  • 10Cabrera J B D, Lewis L, Qin Xinzhou, et al. Proactive detection of distributed denial of service attacks using MIB traffic variables: a feasibility study [A]. Proceedings of 2001 International Symposium on Integrated Network Management [C]. Piscataway, US

共引文献19

同被引文献18

  • 1Gabriel C. DoCoMo DEMANDS Google' s Help with Signaling Storm [Z ]. 2012.
  • 2Qian Feng, Wang Zhaoguang, Gao Yudong, et al. Periodic Transfers in Mobile Applications:Network-wide Origin, Impact, and Optimization [ C ]//Proceedings of International Conference on World Wide Web. New York, USA : ACM Press, 2012 : 51-60.
  • 3Li Qian,Chan E W W, Lee P C, et al. Characterization of 3G Control-plane Signaling Overhead from a Data- plane Perspective[C]//Proceedings of ACM Inter- national Conference on Modeling. New York, USA: ACM Press ,2012:325-332.
  • 4Parimala M,Lopez D, Senthilkumar N C. A Survey on Density Based Clustering Algorithms for Mining LargeSpatial Databases [J].International Journal of Advanced Science and Technology,2011,31 (1) :59-66.
  • 5Erman J, Gerber A, Hajiaghayi M T, et al. Network- aware Forward Caching [ C ]//Proceedings of Inter- national Conference on World Wide Web. New York, USA : ACM Press, 2009 : 291-300.
  • 6Racic R, Ma D, Chert Hao. Exploiting MMS Vulnerabilities to Stealthily Exhaust Mobile Phone' s Battery [ C ]//Proceedings of Securecomm & Workshops. Washington D. C. ,USA :IEEE Press ,2006 : 1-10.
  • 7Qian Feng, Wang Zhaoguang, Gerber A, et al. TOP : Tail Optimization Protocol for Cellular Radio Resource Alloca- tion [ C ]//Proceedings of ICNP' 10. Washington D. C. , USA: IEEE Press ,2010:285-294.
  • 8Shafiq M Z, Ji Lusheng,Liu A X, et al. A First Look at Cellular Network Performance During Crowded Events[ J]. ACM SIGMETRICS Performance Evaluation Review ,2013,41 ( 1 ) : 17-28.
  • 9Ricciato F, Hasenleithner E, Svoboda P, et al. On the Impact of Unwanted Traffic onto a 3G Network[ C ]// Proceedings of International Workshop on Security, Privacy and Trust in Pervasive and Ubiquitous Computing. New York, USA : ACM Press ,2006:49-56.
  • 10陈宁,徐同阁.NetFlow流量采集与存储技术的研究实现[J].计算机应用研究,2008,25(2):559-561. 被引量:12

引证文献5

二级引证文献7

相关作者

内容加载中请稍等...

相关机构

内容加载中请稍等...

相关主题

内容加载中请稍等...

浏览历史

内容加载中请稍等...
;
使用帮助 返回顶部