计算机工程 ›› 2010, Vol. 36 ›› Issue (22): 165-167.doi: 10.3969/j.issn.1000-3428.2010.22.059

• 安全技术 • 上一篇    下一篇

基于NetFlow的动态K层特征模型库建立

郑建忠a,周世杰b,王 娟b   

  1. (电子科技大学 a. 示范性软件学院;b. 计算机科学与工程学院,成都 610054)
  • 出版日期:2010-11-20 发布日期:2010-11-18
  • 作者简介:郑建忠(1974-),男,工程师、硕士研究生,主研方向:网络与数据安全;周世杰,副教授、博士;王 娟,博士研究生
  • 基金项目:
    国家信息安全管理中心基金资助项目“网络态势感知与趋势分析系统”(2006C27)

Establishment of Dynamic K Layers Features Model Library Based on NetFlow

ZHENG Jian-zhonga, ZHOU Shi-jieb, WANG Juanb   

  1. (a. School of Software; b. School of Computer Science & Engineering, University of Electronic Science and Technology of China, Chengdu 610054, China)
  • Online:2010-11-20 Published:2010-11-18

摘要: 针对异常数据流的识别问题,提出基于NetFlow的动态K层特征模型库建立方法。描述动态K层异常特征模型的概念,建立K层特征模型库,更新K层特征模型表中的数据,调整分层优先级别。实验结果表明,该方法能快速识别异常数据流,有效减少匹配次数,提高匹配效率。

关键词: 流量分析, 异常检测, 特征模型

Abstract: Aiming at the recognition of abnormal data flows, this paper proposes an establishment method of K layers abnormal features model based on NetFlow, whose conception is described in detail, in addition to its realizable method. It updates the data of K layers features pattern and adjusts their multilayer PRI. Experimental result shows the method can quickly detect abnormal net-flows, obviously reduce the matching times and improve matching efficiency.

Key words: flow analysis, anomaly detection, features model

中图分类号: