摘要
基于Netflow数据提出了根据流量特征进行异常检测的方法;分析了造成异常流量的DDoS和端口扫描的流量特征两种网络攻击行为;并根据其特征进行用户可控的实时异常流量检测,给出告警,报告异常的时空坐标。用户可以调整自己的参数设置,在计算时间和空间上平衡自己的参数,得到满意的结果。采用Web形式和CS架构模式进行异常监控的实时显示,用户可以实时地在任何连接到服务器的主机设置参数和查看检测结果。
The paper presents a method based on Netflow data and flow’s character to detect abnormal activities in the network. Two behaviors which induce abnormal activities: the properties of DDoS and port scan’s flows are analyzed. And abnormal flows in real time according to the user’s setup is detected, then alert the user and show the abnormal activities coordinates of the time-space. User can balance the time and space’s parameters to get satisfactory result. The CS model on Web is used to detect abnormal flows in real time, the users who connect to the server can setup the parameters and get the result.
出处
《电子科技大学学报》
EI
CAS
CSCD
北大核心
2009年第S1期57-60,74,共5页
Journal of University of Electronic Science and Technology of China