基于异常流量可视化的通信网络入侵攻击路径智能跟踪技术
|
摘要
为了解决通信网络的安全问题,防止通信网络被入侵,通过异常流量可视化方法研究了一种有效的通信网络入侵攻击路径跟踪技术。把流量采集点网卡设置成多样模式,对通信网络中的镜像流量进行采集。针对交换机上内外网间的端口流量,通过流量处理中心将不同网段采集点流量数据集合在一起统一处理,产生流量态势。针对采集及经处理后的流量,通过Set Timer()定时器函数发送消息,对消息进行处理,重绘窗口,实现流量可视化显示。将流量不对称性、SYN/ACK不对称性和方差过大作为异常流量特征参数,对异常流量进行检测。对流量异常入口进行限速处理,逐级向上进行限速,使得路径中已进行限速路由器下的全部路由器均限速,被标记的流量不会由于拥塞被删除。在减缓入侵的状态下通过异常流量,按照标记对攻击路径进行跟踪。结果表明,通过选择异常流量特征可有效检测异常流量;所提技术路径跟踪收敛速度与误报率比其他技术更低。可见,所提技术跟踪准确性好,整体性能优。
In order to solve the security problem of communication network and prevent communication network from being intruded,an effective path tracking technology of communication network intrusion attack is studied by using abnormal traffic visualization method. The flow collection point network card is set into a variety of modes to collect the mirrored traffic in the communication network. Aiming at the port traffic between the internal and external networks on the switch,the traffic data of different network segments are processed together by the traffic processing center to generate the traffic situation. For the collected and processed traffic,messages are sent through SetTimer() timer function,processed,redrawn windows,and visualized flow display is realized. Flow asymmetry,SYN/ACK asymmetry and large variance are used as characteristic parameters of abnormal flow to detect abnormal flow. The abnormal entrance of traffic is processed to speed limit step by step,so that all routers under speed-limited routers in the path are speed-limited,and the marked traffic will not be deleted due to congestion. The attack path is tracked according to the markup when the intrusion is slowed down. The results show that abnormal traffic can be detected effectively by selecting abnormal traffic characteristics,and the convergence speed and false alarm rate of the proposed technology are lower than those of other technologies. It can be seen that the tracking accuracy of the proposed technology is good and the overall performance is excellent.
In order to solve the security problem of communication network and prevent communication network from being intruded,an effective path tracking technology of communication network intrusion attack is studied by using abnormal traffic visualization method. The flow collection point network card is set into a variety of modes to collect the mirrored traffic in the communication network. Aiming at the port traffic between the internal and external networks on the switch,the traffic data of different network segments are processed together by the traffic processing center to generate the traffic situation. For the collected and processed traffic,messages are sent through SetTimer() timer function,processed,redrawn windows,and visualized flow display is realized. Flow asymmetry,SYN/ACK asymmetry and large variance are used as characteristic parameters of abnormal flow to detect abnormal flow. The abnormal entrance of traffic is processed to speed limit step by step,so that all routers under speed-limited routers in the path are speed-limited,and the marked traffic will not be deleted due to congestion. The attack path is tracked according to the markup when the intrusion is slowed down. The results show that abnormal traffic can be detected effectively by selecting abnormal traffic characteristics,and the convergence speed and false alarm rate of the proposed technology are lower than those of other technologies. It can be seen that the tracking accuracy of the proposed technology is good and the overall performance is excellent.
引文
1李伟伟,马媛媛,周诚,等.电力光网攻击路径生成和可视化展示方法研究[J].科学技术与工程,2017,17(10):246-250Li Weiwei,Ma Yuanyuan,Zhou Cheng,et al.Electric power optical network attack path generation and visualization display method research[J].Science Technology and Engineering,2017,17(10):246-250
2张凤斌,孙刚,张斌.一种基于免疫入侵检测的攻击路径标志技术研究[J].计算机应用研究,2014,31(1):217-221Zhang Fengbin,Sun Gang,Zhang Bin.Technology research of attack path identification based on immune intrusion detection[J].Application Research of Computers,2014,31(1):217-221
3翟继强,唐远新,叶飞,等.利用分治策略实现DDo S攻击路径标识题[J].哈尔滨理工大学学报,2014,19(5):76-82Zhai Jiqiang,Tang Yuanxin,Ye Fei,et al.Implementation of DDo Sattack path labeling using divide-and-conquer strategy[J].Journal of Harbin University of Science and Technology,2014,19(5):76-82
4郑剑,周艳丽,刘聪.基于攻击路径和PCA算法的报警关联方法[J].计算机工程与设计,2017,38(2):328-333Zheng Jian,Zhou Yanli,Liu Cong.Alert correlation method based on attack path and principal component analysis algorithm[J].Computer Engineering and Design,2017,38(2):328-333
5王铭鑫,周华春,陈佳,等.一种SDN中基于熵值计算的异常流量检测方法[J].电信科学,2015,31(9):83-89Wang Mingxin,Zhou Huachun,Chen Jia,et al.An entropy based anomaly traffic detection approach in SDN[J].Telecommunications Science,2015,31(9):83-89
6肖体伟.基于Hadoop的云端异常流量检测与分析平台[J].电子技术应用,2015,41(5):116-118Xiao Tiwei.Hadoop based anomaly flow detection and analysis platform of cloud computing[J].Application of Electronic Technique,2015,41(5):116-118
7陈鹏,司健,于子桓,等.基于信息熵的网络流异常监测和三维可视方法[J].计算机工程与应用,2015,51(12):88-93Chen Peng,Si Jian,Yu Zihuan,et al.Flow abnormity supervision based on information entropy and 3D visualization[J].Computer Engineering and Applications,2015,51(12):88-93
8王俊士.基于模糊PID控制的网络异常流量监控设计[J].科技通报,2016,32(5):142-146Wang Junshi.Network abnormal traffic monitoring based on fuzzy PID control[J].Bulletin of Science and Technology,2016,32(5):142-146
9陈丁,赵军,吴春旺.互联网中混合入侵信息节点定位识别仿真[J].计算机仿真,2017,34(7):195-198Chen Ding,Zhao Jun,Wu Chunwang.Localization and identification of hybrid intrusion information nodes in internet[J].Computer Simulation,2017,34(7):195-198
10 Sedjelmaci H,Senouci S M,Ansari N.Intrusion detection and ejection framework against lethal attacks in UAV-aided networks:Abayesian game-theoretic methodology[J].IEEE Transactions on Intelligent Transportation Systems,2017,18(5):1143-1153
11刘利波,迟江波.多功能网络实时流量监控系统优化研究[J].电子设计工程,2018,26(14):67-71Liu Libo,Chi Jiangbo.Optimization of multi-function network realtime traffic monitoring system[J].Electronic Design Engineering,2018,26(14):67-71
12滕翠,梁川,梁碧珍.基于攻击路径图的网络攻击意图识别技术研究[J].现代电子技术,2016,39(7):93-96Teng Cui,Liang Chuan,Liang Bizhen.Research on network attack intention recognition technology based on attack path graph[J].Modern Electronics Technique,2016,39(7):93-96
13朱子环,耿卫国,陈锋,等.称重法低温流量校准测控系统设计与实现[J].计算机测量与控制,2014,22(10):3155-3157Zhu Zihuan,Geng Weiguo,Chen Feng,et al.Design and implementation of measurement and control system at low temperature flow calibration for weighing method[J].Computer Measurement&Control,2014,22(10):3155-3157
14 Ramakrishnan S,Devaraju S.Attack’s feature selection-based network intrusion detection system using fuzzy control language[J].International Journal of Fuzzy Systems,2016,19(2):1-13
15 Fossaceca J M,Mazzuchi T A,Sarkani S.MARK-ELM:application of a novel multiple kernel learning framework for improving the robustness of network intrusion detection[J].Expert Systems with Applications,2015,42(8):4062-4080
2张凤斌,孙刚,张斌.一种基于免疫入侵检测的攻击路径标志技术研究[J].计算机应用研究,2014,31(1):217-221Zhang Fengbin,Sun Gang,Zhang Bin.Technology research of attack path identification based on immune intrusion detection[J].Application Research of Computers,2014,31(1):217-221
3翟继强,唐远新,叶飞,等.利用分治策略实现DDo S攻击路径标识题[J].哈尔滨理工大学学报,2014,19(5):76-82Zhai Jiqiang,Tang Yuanxin,Ye Fei,et al.Implementation of DDo Sattack path labeling using divide-and-conquer strategy[J].Journal of Harbin University of Science and Technology,2014,19(5):76-82
4郑剑,周艳丽,刘聪.基于攻击路径和PCA算法的报警关联方法[J].计算机工程与设计,2017,38(2):328-333Zheng Jian,Zhou Yanli,Liu Cong.Alert correlation method based on attack path and principal component analysis algorithm[J].Computer Engineering and Design,2017,38(2):328-333
5王铭鑫,周华春,陈佳,等.一种SDN中基于熵值计算的异常流量检测方法[J].电信科学,2015,31(9):83-89Wang Mingxin,Zhou Huachun,Chen Jia,et al.An entropy based anomaly traffic detection approach in SDN[J].Telecommunications Science,2015,31(9):83-89
6肖体伟.基于Hadoop的云端异常流量检测与分析平台[J].电子技术应用,2015,41(5):116-118Xiao Tiwei.Hadoop based anomaly flow detection and analysis platform of cloud computing[J].Application of Electronic Technique,2015,41(5):116-118
7陈鹏,司健,于子桓,等.基于信息熵的网络流异常监测和三维可视方法[J].计算机工程与应用,2015,51(12):88-93Chen Peng,Si Jian,Yu Zihuan,et al.Flow abnormity supervision based on information entropy and 3D visualization[J].Computer Engineering and Applications,2015,51(12):88-93
8王俊士.基于模糊PID控制的网络异常流量监控设计[J].科技通报,2016,32(5):142-146Wang Junshi.Network abnormal traffic monitoring based on fuzzy PID control[J].Bulletin of Science and Technology,2016,32(5):142-146
9陈丁,赵军,吴春旺.互联网中混合入侵信息节点定位识别仿真[J].计算机仿真,2017,34(7):195-198Chen Ding,Zhao Jun,Wu Chunwang.Localization and identification of hybrid intrusion information nodes in internet[J].Computer Simulation,2017,34(7):195-198
10 Sedjelmaci H,Senouci S M,Ansari N.Intrusion detection and ejection framework against lethal attacks in UAV-aided networks:Abayesian game-theoretic methodology[J].IEEE Transactions on Intelligent Transportation Systems,2017,18(5):1143-1153
11刘利波,迟江波.多功能网络实时流量监控系统优化研究[J].电子设计工程,2018,26(14):67-71Liu Libo,Chi Jiangbo.Optimization of multi-function network realtime traffic monitoring system[J].Electronic Design Engineering,2018,26(14):67-71
12滕翠,梁川,梁碧珍.基于攻击路径图的网络攻击意图识别技术研究[J].现代电子技术,2016,39(7):93-96Teng Cui,Liang Chuan,Liang Bizhen.Research on network attack intention recognition technology based on attack path graph[J].Modern Electronics Technique,2016,39(7):93-96
13朱子环,耿卫国,陈锋,等.称重法低温流量校准测控系统设计与实现[J].计算机测量与控制,2014,22(10):3155-3157Zhu Zihuan,Geng Weiguo,Chen Feng,et al.Design and implementation of measurement and control system at low temperature flow calibration for weighing method[J].Computer Measurement&Control,2014,22(10):3155-3157
14 Ramakrishnan S,Devaraju S.Attack’s feature selection-based network intrusion detection system using fuzzy control language[J].International Journal of Fuzzy Systems,2016,19(2):1-13
15 Fossaceca J M,Mazzuchi T A,Sarkani S.MARK-ELM:application of a novel multiple kernel learning framework for improving the robustness of network intrusion detection[J].Expert Systems with Applications,2015,42(8):4062-4080