[go: up one dir, main page]

CN202424749U - Intranet flow control system - Google Patents

Intranet flow control system Download PDF

Info

Publication number
CN202424749U
CN202424749U CN2011205149654U CN201120514965U CN202424749U CN 202424749 U CN202424749 U CN 202424749U CN 2011205149654 U CN2011205149654 U CN 2011205149654U CN 201120514965 U CN201120514965 U CN 201120514965U CN 202424749 U CN202424749 U CN 202424749U
Authority
CN
China
Prior art keywords
analyzer
collector
centroid
central node
control system
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Expired - Lifetime
Application number
CN2011205149654U
Other languages
Chinese (zh)
Inventor
王秋
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
State Grid Corp of China SGCC
State Grid Sichuan Electric Power Co Ltd
Original Assignee
SICHUAN ELECTRIC POWER CO Ltd GUANGAN ELECTRIC POWER BUREAU
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by SICHUAN ELECTRIC POWER CO Ltd GUANGAN ELECTRIC POWER BUREAU filed Critical SICHUAN ELECTRIC POWER CO Ltd GUANGAN ELECTRIC POWER BUREAU
Priority to CN2011205149654U priority Critical patent/CN202424749U/en
Application granted granted Critical
Publication of CN202424749U publication Critical patent/CN202424749U/en
Anticipated expiration legal-status Critical
Expired - Lifetime legal-status Critical Current

Links

Classifications

    • YGENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
    • Y02TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
    • Y02PCLIMATE CHANGE MITIGATION TECHNOLOGIES IN THE PRODUCTION OR PROCESSING OF GOODS
    • Y02P90/00Enabling technologies with a potential contribution to greenhouse gas [GHG] emissions mitigation
    • Y02P90/02Total factory control, e.g. smart factories, flexible manufacturing systems [FMS] or integrated manufacturing systems [IMS]

Landscapes

  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

本实用新型公开了一种内网流量控制系统,包括中心节点数据库、采集器、中心节点分析器和监控端,所述采集器设置在网络节点处并与中心节点连接,所述中心节点分析器也与中心节点连接,所述采集器对节点的进程流信息进行采集,并向与中心节点连接的中心节点分析器上报采集到的节点进程流信息,所述中心节点分析器对上报节点的进程流信息进行实时分析,输出分析结果,并写入与中心节点连接的中心节点数据库,所述监控端与中心节点分析器连接;监控端对采集器的配置命令通过中心节点分析器转发。通过本实用新型的内网流量控制系统对内网流量的监控中,具有识别性能高,识别误报率和漏报率低的优点。

The utility model discloses an intranet flow control system, which comprises a central node database, a collector, a central node analyzer and a monitoring terminal. The collector is arranged at a network node and connected to the central node. The central node analyzer Also connected with the central node, the collector collects the process flow information of the node, and reports the collected node process flow information to the central node analyzer connected to the central node, and the central node analyzer reports the process flow information of the node The flow information is analyzed in real time, the analysis results are output, and written into the central node database connected to the central node, and the monitoring terminal is connected to the central node analyzer; the configuration command of the monitoring terminal to the collector is forwarded through the central node analyzer. In the monitoring of the intranet flow through the intranet flow control system of the utility model, it has the advantages of high recognition performance and low recognition false alarm rate and false negative rate.

Description

内网流量控制系统Intranet flow control system

技术领域 technical field

本实用新型涉及电力行业流量监控领域,尤其涉及一种内网流量控制系统。 The utility model relates to the field of flow monitoring in the electric power industry, in particular to an intranet flow control system.

背景技术 Background technique

随着互联网的普及,网络安全事件的发生离我们越来越近,我们可能遇到如下情况:  With the popularity of the Internet, the occurrence of network security incidents is getting closer and closer to us, and we may encounter the following situations: 

1)员工利用工作时间,聊天、炒股、玩网络游戏等行为,影响工作效率;  1) Employees use working hours to chat, trade stocks, play online games and other behaviors, which affect work efficiency;

2)员工访问不良网站,遭受恶意代码、间谍软件及钓鱼式攻击等,影响企业网络正常运行;  2) Employees visit bad websites and suffer malicious code, spyware and phishing attacks, etc., affecting the normal operation of the corporate network;

3)员工随意使用P2P下载、在线视频等,严重占用网络带宽,导致正常业务无法获取足够网络资源;  3) Employees randomly use P2P downloads, online videos, etc., seriously occupying network bandwidth, resulting in the inability to obtain sufficient network resources for normal business;

4)员工浏览非法网站、发表敏感信息和传播非法言论,造成恶劣社会影响,并可能导致国家法律问题;  4) Employees browse illegal websites, publish sensitive information and spread illegal speeches, causing adverse social impact and may lead to national legal issues;

 5)员工随意通过EMAIL、即时通讯等方式发送敏感业务信息,导致信息外泄事件发生;  5) Employees randomly send sensitive business information through EMAIL, instant messaging, etc., resulting in information leakage incidents;

6)合规性管理要求。根据《互联网安全保护技术措施规定》中明确要求互联网服务提供者和连接到互联网上的企事业单位必须记录、跟踪网络运行状态,监测互联网安全事件,并对网络中的违法信息进行管理。  6) Compliance management requirements. According to the "Regulations on Technical Measures for Internet Security Protection", Internet service providers and enterprises and institutions connected to the Internet must record and track network operation status, monitor Internet security incidents, and manage illegal information on the network. the

在内网流量监控中,要想做到有效的监控,首先要达到有效的流量分析,这就涉及到具体的流量检测,在当前的内网流量监控系统中,针对P2P流的检测一直是难点,也是当今的热点。 In intranet traffic monitoring, in order to achieve effective monitoring, we must first achieve effective traffic analysis, which involves specific traffic detection. In the current intranet traffic monitoring system, the detection of P2P flow has always been a difficult point , is also a hot spot today.

P2P流量具有以下基本特征: P2P traffic has the following basic characteristics:

(1)P2P应用的平均连接时间比较长,有别于传统应用连接时间较短的特性。 (1) The average connection time of P2P applications is relatively long, which is different from the short connection time of traditional applications.

(2)由于负载均衡,P2P主机通常只建立较少的端口连接,有别于传统主机通信连接较多的特性。 (2) Due to load balancing, P2P hosts usually only establish fewer port connections, which is different from the characteristics of more traditional host communication connections.

(3)P2P主机既作服务器又作客户端,有别于传统主机只承担一个角色的特征。 (3) The P2P host is both a server and a client, which is different from the traditional host that only assumes one role.

(4)由于 P2P协议自身特点,它会与众多用户连接并交换信息,有别于传统用户只与少量几个用户或服务器进行连接的特征。 (4) Due to the characteristics of the P2P protocol itself, it will connect and exchange information with many users, which is different from the characteristics that traditional users only connect with a few users or servers.

(5)P2P主机流量更多体现为上行下行流量基本对称,有别于传统主机下行流量大于上行流量的特征。 (5) The flow of P2P hosts is more reflected in the basic symmetry of upstream and downstream traffic, which is different from the characteristic that the downstream traffic of traditional hosts is greater than the upstream traffic.

当前常用的P2P流检测方法 Currently Commonly Used P2P Flow Detection Methods

(1)端口匹配:通过数据包的协议类型、端口号来进行P2P识别。缺点是:不断有新的协议、新的端口加入到这个P2P应用端口表里来,端口表不好维护;另外动态的端口不好维护;同时对于一些VPN的应用或者通过NAT转换的应用无能为力。 (1) Port matching: P2P identification is carried out through the protocol type and port number of the data packet. The disadvantages are: there are new protocols and ports added to the P2P application port table, the port table is not easy to maintain; in addition, the dynamic ports are not easy to maintain; at the same time, it is powerless for some VPN applications or applications converted by NAT.

 (2)深度数据包检测:对P2P数据包特征比特串进行匹配. 例如对于BT,如果IP包的数据区包含BT协议的特征串“BitTorrent protocol”,那么就禁止该数据包通过。这样,BT对等连接的握手无法建立,下载也无法继续。这种检测方法易于理解、升级方便、维护简单,并且命中率非常高,原理上说基本上能检测出所有的P2P流量,因而是目前运用最普遍也是最成熟的方法。然而这种方法也存在以下不足之处:检测效率较低、需要预先定义识别规则、需要分析数据包中一定长度的净载荷内容,不仅存在侵犯用户隐私的隐患,且给存储空间带来了更高的要求。 (2) Deep packet inspection: Match the characteristic bit string of the P2P data packet. For example, for BT, if the data area of the IP packet contains the characteristic string "BitTorrent protocol" of the BT protocol, then the data packet is prohibited from passing. In this way, the handshake of the BT peer-to-peer connection cannot be established, and the download cannot continue. This detection method is easy to understand, easy to upgrade, easy to maintain, and has a very high hit rate. In principle, it can basically detect all P2P traffic, so it is currently the most common and mature method. However, this method also has the following disadvantages: the detection efficiency is low, the identification rules need to be defined in advance, and the payload content of a certain length in the data packet needs to be analyzed, which not only has the hidden danger of violating user privacy, but also brings more storage space high demands.

(3)基于流特征的识别: 作为一种充分利用客户端资源的新型应用,P2P应用在网络层和传输层表现出来的流量特征相对于其它应用,如HTTP、FTP、DNS等,有许多不同的地方。基于流量特征的检测技术即是通过检测这些新的流量特征来发现P2P应用。 (3) Identification based on flow characteristics: As a new type of application that makes full use of client resources, the flow characteristics of P2P applications at the network layer and transport layer are different from other applications, such as HTTP, FTP, DNS, etc. The place. The detection technology based on traffic characteristics is to discover P2P applications by detecting these new traffic characteristics.

发明内容 Contents of the invention

本实用新型克服了现有技术的不足,提供一种识别性能高、识别的误报率和漏报率低的内网流量控制系统。 The utility model overcomes the deficiencies of the prior art, and provides an intranet flow control system with high recognition performance and low recognition false alarm rate and false negative rate.

为解决上述的技术问题,本实用新型采用以下技术方案: In order to solve the above-mentioned technical problems, the utility model adopts the following technical solutions:

一种内网流量控制系统,包括中心节点数据库、采集器、中心节点分析器和监控端,所述采集器设置在网络节点处并与中心节点连接,所述中心节点分析器也与中心节点连接,所述采集器对节点的进程流信息进行采集,并向与中心节点连接的中心节点分析器上报采集到的节点进程流信息,所述中心节点分析器对上报节点的进程流信息进行实时分析,输出分析结果,并写入与中心节点连接的中心节点数据库,所述监控端与中心节点分析器连接。 An intranet flow control system, comprising a central node database, a collector, a central node analyzer and a monitoring terminal, the collector is arranged at a network node and connected to the central node, and the central node analyzer is also connected to the central node , the collector collects the process flow information of the node, and reports the collected node process flow information to the central node analyzer connected to the central node, and the central node analyzer performs real-time analysis on the process flow information of the reported node , output the analysis result, and write it into the central node database connected with the central node, and the monitoring terminal is connected with the central node analyzer.

为了更好的实现本实用新型,下面作出进一步技术改进: In order to better realize the utility model, further technical improvements are made below:

作为优选:上述监控端对采集器的配置命令通过中心节点分析器转发。 As a preference: the configuration command of the monitoring terminal to the collector is forwarded through the central node analyzer.

作为优选:上述采集器根据配置命令来调整采集器的滑动窗口大小和采集的指标内容。 Preferably, the above-mentioned collector adjusts the size of the sliding window of the collector and the collected index content according to the configuration command.

作为优选:上述监控端将中心节点分析器的分析结果进行图形化显示,并将图形化信息提供给与其连接的网管服务器,所述监控端上设置有与网管服务器连接的接口。 As a preference: the monitoring terminal graphically displays the analysis results of the central node analyzer, and provides graphical information to the network management server connected thereto, and the monitoring terminal is provided with an interface connected to the network management server.

作为优选:上述采集器和中心节点分析器提供可扩展功能模块。 As a preference: the above-mentioned collector and central node analyzer provide expandable function modules.

作为优选:上述可扩展功能模块为内网监控、网络分析、僵尸网络识别、终端管理、键盘记录、语音监听中的一种。 Preferably: the above-mentioned expandable function module is one of intranet monitoring, network analysis, botnet identification, terminal management, keylogging, and voice monitoring.

本实用新型还可以是以下技术方案: The utility model can also be the following technical solutions:

上述的采集器有三个。 There are three collectors mentioned above.

与现有技术相比,本实用新型的有益效果是: Compared with the prior art, the beneficial effects of the utility model are:

通过本实用新型的内网流量控制系统对内网流量的监控中,具有识别性能高,识别误报率和漏报率低的特点。 In the monitoring of the intranet flow through the intranet flow control system of the utility model, it has the characteristics of high identification performance and low identification false alarm rate and false negative rate.

附图说明 Description of drawings

图1为本实用新型的原理示意图; Fig. 1 is the schematic diagram of the principle of the utility model;

其中,附图中的附图标记所对应的名称为: Wherein, the names corresponding to the reference signs in the accompanying drawings are:

1-中心节点数据库,2-采集器,3-中心节点,4-中心节点分析器,5-监控端。 1-central node database, 2-collector, 3-central node, 4-central node analyzer, 5-monitoring terminal.

具体实施方式 Detailed ways

下面结合实施例对本实用新型作进一步地详细说明,但本实用新型的实施方式不限于此。 The utility model will be further described in detail below in conjunction with the examples, but the implementation of the utility model is not limited thereto.

如图1所示,一种内网流量控制系统,包括中心节点数据库1、采集器2、中心节点分析器4和监控端5,所述采集器2设置在网络节点处并与中心节点3连接,所述中心节点分析器4也与中心节点3连接,所述采集器2对节点的进程流信息进行采集,并向与中心节点3连接的中心节点分析器4上报采集到的节点进程流信息,所述中心节点分析器4对上报节点的进程流信息进行实时分析,输出分析结果,并写入与中心节点3连接的中心节点数据库1,所述监控端5与中心节点分析器4连接。 As shown in Figure 1, a kind of intranet flow control system comprises a central node database 1, a collector 2, a central node analyzer 4 and a monitoring terminal 5, and the collector 2 is arranged at a network node and connected to a central node 3 , the central node analyzer 4 is also connected to the central node 3, the collector 2 collects the process flow information of the node, and reports the collected node process flow information to the central node analyzer 4 connected to the central node 3 , the central node analyzer 4 analyzes the process flow information of the reporting node in real time, outputs the analysis result, and writes it into the central node database 1 connected to the central node 3, and the monitoring terminal 5 is connected to the central node analyzer 4.

监控端5对采集器2的配置命令通过中心节点分析器4转发;监控端5将中心节点分析器4的分析结果进行图形化显示,并将图形化信息提供给与其连接的外部网管服务器,所述监控端5上设置有与外部网管服务器连接的接口。 The configuration command of the monitoring terminal 5 to the collector 2 is forwarded by the central node analyzer 4; the monitoring terminal 5 graphically displays the analysis results of the central node analyzer 4, and provides the graphical information to the external network management server connected thereto. The monitoring terminal 5 is provided with an interface connected to an external network management server.

采集器2根据配置命令来调整采集器2的滑动窗口大小和采集的指标内容。 The collector 2 adjusts the size of the sliding window of the collector 2 and the collected index content according to the configuration command.

采集器2和中心节点分析器4提供可扩展功能模块,可扩展功能模块为内网监控、网络分析、僵尸网络识别、终端管理、键盘记录、语音监听中的一种。 The collector 2 and the central node analyzer 4 provide an expandable function module, and the expandable function module is one of intranet monitoring, network analysis, botnet identification, terminal management, keyboard recording, and voice monitoring.

本实施例的采集器2为三个,当然采集器2的个数根据实际情况而定。 There are three collectors 2 in this embodiment, and of course the number of collectors 2 depends on the actual situation.

下面对本实施例的工作流程进行进一步的描述: The workflow of this embodiment is further described below:

1.  新的采集器2向中心节点分析器4发送注册信息; 1. The new collector 2 sends registration information to the central node analyzer 4;

2.  中心节点分析器4返回给采集器2分配的认证账号和认证密码; 2. The central node analyzer 4 returns the authentication account number and authentication password assigned by the collector 2;

3.  采集器2向中心节点分析器发送认证信息; 3. Collector 2 sends authentication information to the central node analyzer;

4.  中心节点分析器4验证认证信息,成功后向监控端5提示有新的采集器2上线,同时向采集器2返回认证成功信息; 4. The central node analyzer 4 verifies the authentication information, and when successful, prompts the monitoring terminal 5 that a new collector 2 is online, and returns authentication success information to the collector 2 at the same time;

5.  采集器2采集节点的进程行为信息; 5. Collector 2 collects process behavior information of nodes;

6.  滑动窗口时间到,采集器2向中心节点分析器4上报节点的进程行为信息; 6. When the sliding window time is up, the collector 2 reports the process behavior information of the node to the central node analyzer 4;

7.  中心节点分析器4分析节点的进程行为信息; 7. The central node analyzer 4 analyzes the process behavior information of the node;

8.  监控端5根据分析结果进行显示。 8. The monitoring terminal 5 displays according to the analysis results.

本实用新型的内网流量控制系统具有如下特点: The intranet flow control system of the present invention has the following characteristics:

1)     支持对内部网络多节点进程的网络连接实时监控,并采集所有进程网络连接的详细信息,包括网络连接的源IP和目的IP,源端口和目的端口,以及网络连接状态; 1) Supports real-time monitoring of network connections of internal network multi-node processes, and collects detailed information about network connections of all processes, including source IP and destination IP, source port and destination port, and network connection status of network connections;

2)     支持对网络内部多节点进程的网络传输实时监控,采用winpcap进行抓包,获得滑动窗口内的总流量和上下行流量,从而分别得出每个进程的网络传输率和上下行流量比。 2) Support real-time monitoring of network transmission of multi-node processes inside the network, use winpcap to capture packets, obtain the total traffic and upstream and downstream traffic in the sliding window, and then obtain the network transmission rate and upstream and downstream traffic ratio of each process respectively.

3)     在对网络内部多节点进程网络抓包的基础上,对数据包进行分析。从而构建出与该节点交互的节点图,从而计算该节点的节点分布度。 3) On the basis of capturing packets of multi-node processes inside the network, analyze the data packets. In this way, a node graph interacting with the node is constructed to calculate the node distribution degree of the node.

4)     中心节点3对网络内部多节点进程的网络行为进行统计,利用多特征判断算法和多节点行为相似度算法来检测P2P节点和P2P进程。 4) The central node 3 makes statistics on the network behavior of multi-node processes inside the network, and uses multi-feature judgment algorithm and multi-node behavior similarity algorithm to detect P2P nodes and P2P processes.

内网流量控制系统在对系统进程网络行为进行采集的基础之上,给出良好的监控界面。 The intranet flow control system provides a good monitoring interface on the basis of collecting the network behavior of the system process.

目前所实现的Demo便能实现以下功能: The currently implemented Demo can achieve the following functions:

A.  即时动态显示网络内部节点所有进程的网络平均连接数曲线; A. Real-time dynamic display of the average network connection number curve of all processes of the internal nodes of the network;

B.  即时动态显示网络内部节点所有进程的网络传输率曲线; B. Real-time dynamic display of the network transmission rate curve of all processes of the internal nodes of the network;

C.  即时动态显示网络内部节点所有进程的上下行流量比曲线; C. Real-time dynamic display of the uplink and downlink traffic ratio curves of all processes of the internal nodes of the network;

D.  即时动态显示网络内部节点所有进程的网络连接节点分布度曲线; D. Real-time dynamic display of the network connection node distribution curve of all processes of the internal nodes of the network;

E.  采用滑动窗口模式上报进程网络行为信息,中心节点负责分析这些行为信息,根据多特征判断算法和多节点行为相似度算法识别P2P节点和P2P进程。 E. Use the sliding window mode to report process network behavior information, and the central node is responsible for analyzing these behavior information, and identifying P2P nodes and P2P processes according to the multi-feature judgment algorithm and multi-node behavior similarity algorithm.

F.  提供开放的接口,只需简单的开发便能支持多种网络流量分析和识别功能。 F. Provide an open interface, which can support a variety of network traffic analysis and identification functions with simple development.

综上所述,便可以较好地实现本实用新型。 In summary, the utility model can be better realized.

以上内容是结合具体的优选实施方式对本实用新型所作的进一步详细说明,不能认定本实用新型的具体实施只局限于这些说明。对于本实用新型所属技术领域的普通技术人员来说,在不脱离本实用新型构思的前提下,还可以做出若干简单推演或替换,都应当视为属于本实用新型的保护范围。 The above content is a further detailed description of the utility model in combination with specific preferred embodiments, and it cannot be assumed that the specific implementation of the utility model is only limited to these descriptions. For a person of ordinary skill in the technical field to which the utility model belongs, without departing from the concept of the utility model, some simple deduction or substitutions can also be made, which should be regarded as belonging to the protection scope of the utility model.

Claims (7)

1. Intranet flow control system; It is characterized in that: described control system comprises Centroid database (1), collector (2), Centroid analyzer (4) and monitoring client (5); Said collector (2) is arranged on the network node place and is connected with Centroid (3); Said Centroid analyzer (4) also is connected with Centroid (3), and said collector (2) is gathered the process flow information of node, and reports the node process flow information that collects to the Centroid analyzer (4) that is connected with Centroid (3); Said Centroid analyzer (4) carries out real-time analysis to the process flow information that reports node; The output analysis result, and write the Centroid database (1) that is connected with Centroid (3), said monitoring client (5) also is connected with Centroid analyzer (4).
2. Intranet flow control system according to claim 1 is characterized in that: said monitoring client (5) is transmitted through Centroid analyzer (4) the configuration order of collector (2).
3. Intranet flow control system according to claim 2 is characterized in that: said collector (2) is adjusted the sliding window size and the index content of gathering of collector (2) according to configuration order.
4. Intranet flow control system according to claim 1; It is characterized in that: said monitoring client (5) graphically shows the analysis result of Centroid analyzer (4); And graphical information offered connected NM server, said monitoring client (5) is provided with the interface that is connected with NM server.
5. Intranet flow control system according to claim 1 is characterized in that: said collector (2) and Centroid analyzer (4) provide the extendable functions module.
6. Intranet flow control system according to claim 5 is characterized in that: said extendable functions module is a kind of in Intranet monitoring, network analysis, Botnet identification, terminal management, keyboard record, the audio monitoring.
7. Intranet flow control system according to claim 1 is characterized in that: described collector (2) has three.
CN2011205149654U 2011-12-12 2011-12-12 Intranet flow control system Expired - Lifetime CN202424749U (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN2011205149654U CN202424749U (en) 2011-12-12 2011-12-12 Intranet flow control system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN2011205149654U CN202424749U (en) 2011-12-12 2011-12-12 Intranet flow control system

Publications (1)

Publication Number Publication Date
CN202424749U true CN202424749U (en) 2012-09-05

Family

ID=46749471

Family Applications (1)

Application Number Title Priority Date Filing Date
CN2011205149654U Expired - Lifetime CN202424749U (en) 2011-12-12 2011-12-12 Intranet flow control system

Country Status (1)

Country Link
CN (1) CN202424749U (en)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103544091A (en) * 2013-10-31 2014-01-29 北京国双科技有限公司 Method and device for monitoring Windows process
CN106656616A (en) * 2016-12-29 2017-05-10 北京天元创新科技有限公司 Whole network flow analysis method of computer network
CN108965043A (en) * 2018-06-11 2018-12-07 武汉般若互动科技有限公司 One kind being based on enterprise web site flow quantity intelligent detection system

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103544091A (en) * 2013-10-31 2014-01-29 北京国双科技有限公司 Method and device for monitoring Windows process
CN106656616A (en) * 2016-12-29 2017-05-10 北京天元创新科技有限公司 Whole network flow analysis method of computer network
CN108965043A (en) * 2018-06-11 2018-12-07 武汉般若互动科技有限公司 One kind being based on enterprise web site flow quantity intelligent detection system

Similar Documents

Publication Publication Date Title
Chen et al. An effective conversation‐based botnet detection method
CN101656634B (en) Intrusion detection method based on IPv6 network environment
Wang et al. An entropy-based distributed DDoS detection mechanism in software-defined networking
CN104836702B (en) Mainframe network unusual checking and sorting technique under a kind of large traffic environment
Karagiannis et al. Profiling the end host
CN109962903A (en) A home gateway security monitoring method, device, system and medium
Gomes et al. Detection and classification of peer-to-peer traffic: A survey
CN104601570A (en) Network security monitoring method based on bypass monitoring and software packet capturing technology
CN103428224A (en) Method and device for intelligently defending DDoS attacks
CN111935170A (en) Network abnormal flow detection method, device and equipment
CN105721255A (en) Industrial control protocol vulnerability mining system based on fuzzy test
CN106101015A (en) A kind of mobile Internet traffic classes labeling method and system
CN102014025B (en) Method for detecting P2P botnet structure based on network flow clustering
CN103152222B (en) A kind of Intrusion Detection based on host group character detects speed and becomes the method for attacking domain name
Cai et al. Detecting HTTP botnet with clustering network traffic
CN101572711A (en) Network-based detection method of rebound ports Trojan horse
CN104363240A (en) Unknown threat comprehensive detection method based on information flow behavior validity detection
CN105488396B (en) A kind of intelligent grid service security gateway system based on data stream association analytical technology
CN110581850A (en) Gene detection method based on network flow
Xu et al. Secure the Internet, one home at a time
CN102984165B (en) Wireless network secure supervisory control system and method
CN107070952A (en) A kind of network node Traffic Anomaly analysis method and system
Shanthi et al. Detection of botnet by analyzing network traffic flow characteristics using open source tools
CN202424749U (en) Intranet flow control system
CN101577644B (en) A peer-to-peer network application traffic identification method

Legal Events

Date Code Title Description
C14 Grant of patent or utility model
GR01 Patent grant
ASS Succession or assignment of patent right

Owner name: STATE GRID CORPORATION OF CHINA

Effective date: 20140228

C56 Change in the name or address of the patentee

Owner name: GUANG'AN POWER SUPPLY COMPANY, STATE GRID SICHUAN

Free format text: FORMER NAME: GUANG'AN ELECTRIC POWER BUREAU OF SICHUAN ELECTRIC POWER CORPORATION

CP01 Change in the name or title of a patent holder
CP01 Change in the name or title of a patent holder

Address after: 199 No. 638000 Guang'an city of Sichuan Province, Jinan Avenue

Patentee after: GUANG'AN POWER SUPPLY COMPANY, STATE GRID SICHUAN ELECTRIC POWER Co.,Ltd.

Address before: 199 No. 638000 Guang'an city of Sichuan Province, Jinan Avenue

Patentee before: Sichuan Electric Power Co.,Ltd. Guangan Electric Power Bureau

TR01 Transfer of patent right
TR01 Transfer of patent right

Effective date of registration: 20140228

Address after: 199 No. 638000 Guang'an city of Sichuan Province, Jinan Avenue

Patentee after: GUANG'AN POWER SUPPLY COMPANY, STATE GRID SICHUAN ELECTRIC POWER Co.,Ltd.

Patentee after: State Grid Corporation of China

Address before: 199 No. 638000 Guang'an city of Sichuan Province, Jinan Avenue

Patentee before: GUANG'AN POWER SUPPLY COMPANY, STATE GRID SICHUAN ELECTRIC POWER Co.,Ltd.

CX01 Expiry of patent term
CX01 Expiry of patent term

Granted publication date: 20120905