基于NetFlow的网络态势感知信息获取方法

2008 Advanced Software Engineering and Its Applications Pub Date : 2008-12-13 DOI:10.1109/ASEA.2008.20

Huiqiang Wang, Renjie Zhou, Yingjie He

{"title":"基于NetFlow的网络态势感知信息获取方法","authors":"Huiqiang Wang, Renjie Zhou, Yingjie He","doi":"10.1109/ASEA.2008.20","DOIUrl":null,"url":null,"abstract":"Network situation information acquisition plays an important role in the entire process of network situation awareness. In this paper, we presented a multi-level, multi-perspective and multi-granularity traffic information acquisition method to get traffic information. In addition, we presented a multi-layer detection model that combines baseline based detection layer and signature based detection layer to acquire security incident information. Accordingly, we profiled portpsilas normal behavior for baseline based detection by statistical method and established an incident signature base for signature based detection.","PeriodicalId":223823,"journal":{"name":"2008 Advanced Software Engineering and Its Applications","volume":"49 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2008-12-13","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"2","resultStr":"{\"title\":\"An Information Acquisition Method Based on NetFlow for Network Situation Awareness\",\"authors\":\"Huiqiang Wang, Renjie Zhou, Yingjie He\",\"doi\":\"10.1109/ASEA.2008.20\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Network situation information acquisition plays an important role in the entire process of network situation awareness. In this paper, we presented a multi-level, multi-perspective and multi-granularity traffic information acquisition method to get traffic information. In addition, we presented a multi-layer detection model that combines baseline based detection layer and signature based detection layer to acquire security incident information. Accordingly, we profiled portpsilas normal behavior for baseline based detection by statistical method and established an incident signature base for signature based detection.\",\"PeriodicalId\":223823,\"journal\":{\"name\":\"2008 Advanced Software Engineering and Its Applications\",\"volume\":\"49 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2008-12-13\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"2\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2008 Advanced Software Engineering and Its Applications\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/ASEA.2008.20\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2008 Advanced Software Engineering and Its Applications","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/ASEA.2008.20","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 2

摘要

网络态势信息获取在整个网络态势感知过程中起着重要作用。本文提出了一种多层次、多视角、多粒度的交通信息获取方法。此外，我们还提出了一种基于基线的检测层和基于签名的检测层相结合的多层检测模型来获取安全事件信息。在此基础上，采用统计方法对门户正常行为进行分析，并建立事件签名库进行基于签名的检测。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

An Information Acquisition Method Based on NetFlow for Network Situation Awareness

Network situation information acquisition plays an important role in the entire process of network situation awareness. In this paper, we presented a multi-level, multi-perspective and multi-granularity traffic information acquisition method to get traffic information. In addition, we presented a multi-layer detection model that combines baseline based detection layer and signature based detection layer to acquire security incident information. Accordingly, we profiled portpsilas normal behavior for baseline based detection by statistical method and established an incident signature base for signature based detection.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

2008 Advanced Software Engineering and Its Applications

自引率

0.00%

发文量