通信学报
• • 上一篇 下一篇
马云龙,姜彩萍,张千里,王继龙
出版日期:
发布日期:
Online:
Published:
摘要: 提出了一种基于IPFIX(IP数据流信息输出)网络流量数据准确检测可疑和异常DNS、识别DNS流量放大攻击行为的算法。该算法已在清华大学校园网实际部署运行,能够有效检测到校园网内部DNS的异常行为并发送告警信息,从而及时控制攻击行为,实现异常流量的及时监测和预警。
Abstract: An algorithm based on IPFIX network flow data is proposed. By using proposed algorithm, suspicious and abnormal DNS will be detected accurately, and DNS traffic amplification attack will be distinguished rapidly. This algorithm has been applied in the Tsinghua University campus network. In our practice, DNS abnormal behaviors have been detected and alarm information has been sent to administrators. Thus, abnormal attack behaviors are restrained in time, and the monitoring and warning for abnormal traffic are all realized.
马云龙,姜彩萍,张千里,王继龙. 基于IPFIX的DNS异常行为检测方法[J]. 通信学报.
0 / / 推荐
导出引用管理器 EndNote|Reference Manager|ProCite|BibTeX|RefWorks
链接本文: https://www.infocomm-journal.com/txxb/CN/
https://www.infocomm-journal.com/txxb/CN/Y2014/V35/IZ1/2
