期刊文献+

分布式异常流量监测系统的设计 被引量:2

A DISTRIBUTED SYSTEM DESIGN FOR DETECTING IP ANOMALY TRAFFIC
下载PDF
导出
摘要 提出一个基于分析Netflow数据的异常流量监测系统。通过特征模式匹配及与正常流量基线比较,来分析和判断网络的异常情况,并通过建立安全策略库,提出安全建议,实现对异常情况的处理,达到对IP网络的有效闭环管理。 A Netflow based traffic detection system is put forward in the article. It can analyze and judge network' s anomaly traffic by matching flow' s characters and comparing actual traffic with the natural baseline, creates security rule database, and makes suggestions to deal with anomaly in order to effectually manage IP network in closed-loop.
出处 《计算机应用与软件》 CSCD 北大核心 2008年第11期154-156,共3页 Computer Applications and Software
关键词 NETFLOW DOS/DDOS 异常检测 Netflow DoS/DDoS Anomaly detection
  • 相关文献

参考文献4

二级参考文献18

  • 1卿斯汉,蒋建春,马恒太,文伟平,刘雪飞.入侵检测技术研究综述[J].通信学报,2004,25(7):19-29. 被引量:234
  • 2Throttan M, Ji C. Adaptive thresholding for proactive network problem detection. In: IEEE International Workshop on Systems Management, Newport, Rhode Island, 1998. 108-116.
  • 3Maxion R A. Anomaly detection for diagnosis. In: Proceedings of the 20th International Symposium Fault-Tolerant Computing(FTCS-20), 1990. 20-27.
  • 4Maxion R A, Feather F E. A case study of Ethernet anomalies in a distributed computing environment. IEEE Transactions on Reliability, 1990, 39(4): 433-443.
  • 5Lawrence Ho L, Cavuto D J, Papavassiliou S, Zawadzki A G.Adaptive and automated detection of service anomalies in trans-action-oriented WAN's: Network analysis, algorithms, implementation, and deployment. IEEE Journal of Selected Areas in Communications, 2000, 18(5): 744-757.
  • 6Hood C S, Ji C. Beyond thresholds: An alternative method for extracting information from network measures. In: Proceedings of IEEE Globecom Conference, Phoenix, Arizona, 1997.487-491.
  • 7Ward A, Glynn P, Kathy Richardson. Internet service performance failure detection. Performance Evaluation, 1998, 26(3) : 38-44.
  • 8Alarcon-Aquio V, Barria J A. Anomaly detection in communication networks using wavelet. IEE Proceeding-Communication, 2001, 148(6): 355-362.
  • 9Huang P, Feldmann A, Willinger W. A non-intrusive, wavelet-based approach to detecting network performance problems.In: Proceedings of ACM SIGCOMM Internet Measurement Workshop, San Francisco Bay Area, 2001.
  • 10Mehdi Nassehi. Anomaly detection for Markov models. IBM Research Division, Zurich Research Laboratory, Ruschlikon,Switzerland: Research Report RZ 3011 ( # 93057), 1998.

共引文献81

同被引文献19

  • 1刘璇,张凤荔,叶李.基于NetFlow的用户行为挖掘算法设计[J].计算机应用研究,2009,26(2):713-715. 被引量:6
  • 2刘广义,卢泉,杨国良.基于NetFlow流量采样的误差分析[J].电信科学,2005,21(5):68-70. 被引量:3
  • 3于跃,朱程荣.基于Linux嵌入式嗅探器的设计与实现[J].计算机应用与软件,2007,24(6):162-164. 被引量:5
  • 4CLAISE B. Specification of the IP Flow Information Export(IPFIX) Protocol for the Exchange of IP Traffic Flow Information[S]. RFC 5101. January 2008.
  • 5GALVIN J, MCCLOGHRIE K. Administrative Model for version 2 of the Simple Network Management Protocol (SNM- Pv2)[S]. RFC 1445. April 1993.
  • 6FUENTES F, KAR D C. Ethereal vs. Tcpdump: a comparative study on packet sniffing tools educational purpose[J]. Journal of Computing Sciences in Colleges. 2005, Vol. 20, No. 4. pp. 169-176.
  • 7Programming with Pcap[EB/OL]. [2011-10-13]. http://www. tcpdump.org/pcap, htm.
  • 8TCPdump[EB/OL].[2011-11-16]. http://www.tcpdump.org.
  • 9Wireshark[EB/OL]. [2011-09-07]. http://www.wireshark.org.
  • 10WALDBUSSER S. Remote Network Monitoring Management Information Base[S]. RFC 1757, May 2000.

引证文献2

二级引证文献3

相关作者

内容加载中请稍等...

相关机构

内容加载中请稍等...

相关主题

内容加载中请稍等...

浏览历史

内容加载中请稍等...
;
使用帮助 返回顶部