新一代深度报文检测设备对城市安全态势感知的影响被引量：1

Influence of new generation deep packet detection equipment on urban security situational awareness

下载PDF

导出

摘要随着网络规模的不断壮大,网络结构的日益复杂,网络病毒、Dos/DDos攻击等构成的威胁和损失越来越大,传统的网络安全管理模式仅仅依靠防火墙、防病毒、IDS等单一的网络安全防护技术来实现被动的网络安全管理,已满足不了目前网络安全的要求,城市安全态势感知研究便应运而生。态势感知中的新一代深度报文检测设备采用了新的深度报文检测技术,深度报文检测技术对比传统检测技术,加入了应用层分析,能够准确识别各种应用。采用了净荷特征匹配技术、交互式业务识别技术、行为模式识别技术、深度流检测技术。带来的好处包含:可视化全网、流量细粒度管理、及时发现和抑制异常流量、输出全量日志功能、减少或延迟带宽投入。 With the continuous expansion of the network scale,the increasing complexity of the network structure,and the increasing threats and losses posed by network viruses and DOS/DDoS attacks,the traditional network security management mode can not meet the current requirements of network security by relying only on a single network security protection technology such as firewall,anti-virus and IDS to realize passive network security management,The research on urban security situational awareness came into being.The new generation of deep message detection equipment in situational awareness adopts new deep message detection technology.Compared with traditional detection technology,deep message detection technology adds application layer analysis,which can accurately identify various applications.Payload feature matching technology,interactive service recognition technology,behavior pattern recognition technology and deep flow detection technology are adopted.The benefits include:visualization of the whole network,fine-grained traffic management,timely detection and suppression of abnormal traffic,output of full log function,and reduction or delay of bandwidth investment.

作者姚青谢永恒周汉川余勇万月亮 YAO Qing;XIE Yongheng;ZHOU Hanchuan;YU Yong;Wan Yueliang(Beijing Ruian Technology Co.,Ltd,Beijing 100083,China)

机构地区北京锐安科技有限公司

出处《长江信息通信》 2022年第2期15-19,共5页 Changjiang Information & Communications

关键词态势感知城市安全深度报文检测净荷特征匹配技术可视化全网全量日志 Situation Awareness Urban safety Deep Packet Detection Payload feature matching technology Visualization of the whole network Full log

分类号 TP391 [自动化与计算机技术—计算机应用技术]

引文网络
相关文献

参考文献4

1方滨兴.定义网络空间安全[J].网络与信息安全学报,2018,4(1):1-5. 被引量：63
2杨洁,袁仑,林平,丛蓉,程钢,尼万-安瑟瑞.Characterizing Internet Backbone Traffic Based on Deep Packets Inpection and Deep Flows Inspection[J].China Communications,2012,9(5):42-54. 被引量：4
3胡斌,周志洪,姚立红,李建华.结合报文负载与流指纹特征的恶意流量检测[J].计算机工程,2020,46(11):157-163. 被引量：14
4高妮,高岭,贺毅岳,王海.基于自编码网络特征降维的轻量级入侵检测模型[J].电子学报,2017,45(3):730-739. 被引量：57

二级参考文献32

1http://www.c 114.net/topic/1358/a413769.html.
2COSTA C, CUNHA I, BORGES A, et al. Analyzing Client Interactivity in Streanmg Media [C]// Proceedings of the 13th International Conference on World Wide Web: May 17-22, 2004, NY, USA. ACM Press, 2004: 534-543.
3MAHANTI A, WIIJJAMSON C, EACGER D. Taffic Analy- sis of a Web Proxy Caching Hierarchy[J]. IEEE Network, 2000, 14(3): 16-23.
4SRIPANIDKULCHAI K, MAGGS B, ZHANG Hui. An A- nalysis of Live StrearNng Workloads on the Intemet[C]// Proceedings of the 4th ACM SIC~;OMM Conference on Intemet Measurement: October 25-27, 2004, Taormina, Sici- ly, Italy. ACM Press, 2004: 41-54.
5CIFLIKLI C, GEZER A, OZSAHIN A, et al. Turkey Corn-parison of Bittorrent Packet Traffic Characteristics over IPv6 and lPv4[J]. Application of Inforrmtion and Connm- nication Technologies, 2009: 1-5.
6MAIER G, FELDMANN A, PAXSON V, et al. On Domi- nant Characteristics of Residential Broadband Intemet Traffic[C]//Proceedings of the 9th ACM SIGCOMM Con- ference on Intemet Measurerr~nt Conference: November 4-6, 2009, Chicago, IL, USA. ACM Press, 2009: 90-102.
7SARO1U S, GUMMADI K, DUMN R, et al. An Analysis of Intemet Content Delivery Systerm[C]//Proceedings of the 5th Symposium on Operating Systerva Design and Imple- mentation, December 2002, Boston, MA. ACM SIGOPS Operating Systerm Review, 2002, 36(SI): 315-327.
8I,EIFIOWITZ N, RIPEANU M, WIERZBICKI A. Decon- structing the Kazaa Network[C]// Proceedings of the 3rd IEEE~ Workshop on Intemet Applications : June 23-24, 2003. 1EEE Conputer Society, 2003: 112-120.
9SEN S, WANG Jia. Analyzing Peer-to-Peer Traffic Across Large Networks [J]. 1EEE/ACM Transactions on Networ- king, 2004, 12(2): 219-232.
10ERMAN J, MAHANTI A, ARLITT M, et al. Identifying and Discriminating between Web and Peer-to-Peer Traffic in the Network Core[C]//Proceedings of the 16th interna- tional conference on World Wide Web, 2007: 883-892.