NetFlow sampling processing method based on abnormity feedback

A processing method and abnormal technology, applied in the direction of digital transmission system, data exchange network, electrical components, etc., can solve the problems of inability to real-time feedback and utilization of network traffic status, inability to intervene, increase the receiving pressure of routing traffic collection points, etc., to achieve real-time Feedback and utilization, avoid receiving, reduce the effect of receiving pressure

Active Publication Date: 2017-04-26
NANJING UNIV OF SCI & TECH
View PDF3 Cites 9 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

However, after analyzing the results of NetFlow data, the network administrator will carry out the next step, and cannot intervene in time for abnormalities in the network. Therefore, ...

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • NetFlow sampling processing method based on abnormity feedback
  • NetFlow sampling processing method based on abnormity feedback
  • NetFlow sampling processing method based on abnormity feedback

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0065] combine figure 1 , the present invention is based on the NetFlow sampling processing method of abnormal feedback, comprises the following steps:

[0066] Step 1: The anomaly analyzer analyzes the NetFlow data and extracts the characteristic values ​​of the NetFlow records corresponding to the abnormal traffic. First check whether the source address of a single flow record is abnormal. If the source address of the flow is 127.0.0.1 or the broadcast address in this domain, it can be directly determined that the flow is abnormal. Then check whether the source and destination addresses of the flow are equal. If they are equal, abnormal traffic occurs on the network; filter out the NetFlow record corresponding to the abnormal traffic, and extract the characteristic value of the NetFlow record corresponding to the abnormal traffic, that is, the six-tuple {source address, Destination address, protocol type, source port, destination port, packet length}. The detection process...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses a NetFlow sampling processing method based on abnormity feedback. The method includes that by taking the NetFlow principle as the basis, and by means of the analysis result output by an abnormity analysis server, the eigenvalues recorded by the NetFlow corresponding to the abnormal flow are extracted, a feeder performs the abnormity detection based on the statistic result, outputs the behavior characteristic parameters of a prevention strategy, transmits the parameters to a routing flow acquisition point and an acquisition server, the routing flow acquisition point adjusts the sampling rate of an abnormal flow package, and the acquisition server adjusts the flow reception weight for the routing flow acquisition point. The NetFlow sampling processing method makes full use of the analysis result of abnormal analysis, automatically adjusts the sampling rate of the routing flow acquisition point in real time, adjusts the acquisition strategy of the acquisition server, prevents the invalid flow acquisition, reduces the receiving pressure from the routing flow acquisition point and realizes the real-time feedback and utilization of the network flow state.

Description

technical field [0001] The invention belongs to the technical field of network flow sampling processing, in particular to a NetFlow sampling processing method based on abnormal feedback. Background technique [0002] With the development of the Internet, the number of network users and access devices is increasing, which puts pressure on the safe operation of the computer network, and due to the upgrade of the operating system and the patching of vulnerabilities, virus attacks that invade hosts and then destroy them account for a large proportion of the attacks. The proportion is gradually decreasing, and these attacks turn into malicious consumption of limited resources of the network or occupation of the system, thereby destroying the ability of the system to provide external services, but traditional system upgrades cannot detect and prevent such attacks. Therefore, the real-time monitoring work of the computer network status is very necessary. The real-time monitoring o...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
IPC IPC(8): H04L12/26H04L29/06
CPCH04L43/022H04L43/04H04L63/1425
Inventor 张文强李千目戚湧王印海
Owner NANJING UNIV OF SCI & TECH
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap