基于异常流量可视化的通信网络入侵攻击路径智能跟踪技术

Intelligent Tracking Technology for Communication Network Attack Path Based on Abnormal Traffic Visualization

为了解决通信网络的安全问题,防止通信网络被入侵,通过异常流量可视化方法研究了一种有效的通信网络入侵攻击路径跟踪技术。把流量采集点网卡设置成多样模式,对通信网络中的镜像流量进行采集。针对交换机上内外网间的端口流量,通过流量处理中心将不同网段采集点流量数据集合在一起统一处理,产生流量态势。针对采集及经处理后的流量,通过Set Timer()定时器函数发送消息,对消息进行处理,重绘窗口,实现流量可视化显示。将流量不对称性、SYN/ACK不对称性和方差过大作为异常流量特征参数,对异常流量进行检测。对流量异常入口进行限速处理,逐级向上进行限速,使得路径中已进行限速路由器下的全部路由器均限速,被标记的流量不会由于拥塞被删除。在减缓入侵的状态下通过异常流量,按照标记对攻击路径进行跟踪。结果表明,通过选择异常流量特征可有效检测异常流量;所提技术路径跟踪收敛速度与误报率比其他技术更低。可见,所提技术跟踪准确性好,整体性能优。

In order to solve the security problem of communication network and prevent communication network from being intruded, an effective path tracking technology of communication network intrusion attack is studied by using abnormal traffic visualization method. The flow collection point network card is set into a variety of modes to collect the mirrored traffic in the communication network. Aiming at the port traffic between the internal and external networks on the switch, the traffic data of different network segments are processed together by the traffic processing center to generate the traffic situation. For the collected and processed traffic, messages are sent through SetTimer() timer function, processed, redrawn windows, and visualized flow display is realized. Flow asymmetry, SYN/ACK asymmetry and large variance are used as characteristic parameters of abnormal flow to detect abnormal flow. The abnormal entrance of traffic is processed to speed limit step by step, so that all routers under speed-limited routers in the path are speed-limited, and the marked traffic will not be deleted due to congestion. The attack path is tracked according to the markup when the intrusion is slowed down. The results show that abnormal traffic can be detected effectively by selecting abnormal traffic characteristics, and the convergence speed and false alarm rate of the proposed technology are lower than those of other technologies. It can be seen that the tracking accuracy of the proposed technology is good and the overall performance is excellent.