摘要
网络流量是分析主机网络状态的重要因素.在分析主机正常、异常状态下流量特征的基础上,将正异常网络行为流量特征分析结果存入匹配库中.基于2种状态下的分析对比,从而设计基于流数据特征匹配的多级主机流量分析方法.并设计和实现主机流量统计分析系统,为主机用户做好预警工作.首先参照主机流量特征以及常见攻击种类,采用基于进程应用类型方法对主机流量分类.通过模拟攻击实验,将主机异常流量特征存入匹配库.实验测试结果表明,基于流数据特征匹配的多级主机流量统计分析系统能够对木马、Ddos等攻击进行有效预警.
Network traffic is an important factor to analyze the state of host network. On the basisof analyzing the flow characteristics of the normal and abnormal state of the host, the result of theabnormal network behavior flow characteristics are deposited in the matching library. Based on theanalysis and contrast of two states, the method of multilevel host flow analysis based on thecharacteristic matching of stream data is designed. In order to do early warning work for the hostusers, we design the host flow statistical analysis system. F irs t ly, the classification of host trafficis based on the process application type method 〉 referring to the host traffic characteristics and thecommon attack types. By simulating attack experiments, the abnormal flow characteristics of thehost are deposited into the matching library. The experimental results show that the multilevelhost flow statistical analysis system based on the characteristic matching of stream data caneffectively prevent the Trojans and Ddos attacks.
出处
《信息安全研究》
2017年第5期469-476,共8页
Journal of Information Security Research
基金
中共北京市委组织部优秀人才培养资助项目(2014000020124G101)
北京市教育委员会科技计划重点项目(KZ201411232036)
国家自然科学基金项目(71571021)
关键词
主机网络流量
网络行为
流量特征
特征匹配
模拟攻击
host network traffic
network behavior
flow characteristics
feature matching
simulated attack
