Title :
An Information Acquisition Method Based on NetFlow for Network Situation Awareness
Author :
Wang, Huiqiang ; Zhou, Renjie ; He, Yingjie
Author_Institution :
Coll. of Comput. Sci. & Technol., Harbin Eng. Univ., Harbin
Abstract :
Network situation information acquisition plays an important role in the entire process of network situation awareness. In this paper, we presented a multi-level, multi-perspective and multi-granularity traffic information acquisition method to get traffic information. In addition, we presented a multi-layer detection model that combines baseline based detection layer and signature based detection layer to acquire security incident information. Accordingly, we profiled portpsilas normal behavior for baseline based detection by statistical method and established an incident signature base for signature based detection.
Keywords :
digital signatures; telecommunication network management; telecommunication security; NetFlow; baseline based detection; incident signature; multigranularity traffic information acquisition; multilayer detection model; network situation awareness; network situation information acquisition; security incident information; signature based detection layer; statistical method; Application software; Biological system modeling; Communication system traffic control; Data visualization; Helium; Information security; Intrusion detection; Software engineering; Telecommunication traffic; Traffic control;
Conference_Titel :
Advanced Software Engineering and Its Applications, 2008. ASEA 2008
Conference_Location :
Hainan Island
Print_ISBN :
978-0-7695-3432-9
DOI :
10.1109/ASEA.2008.20
