| With the rapid development of Internet technology, network has now become an important way of information transmission. However, network attacks make the services over network paralysis, and nations, enterprises and individuals have suffered huge economic losses. Therefore, the demand for preventing network intrusions is becoming huge. Many academic institutions and commercial organizations have been focused on Netflow technology after its proposition, and related researches have been developed. This paper studies the security events acquisition technology by using NetFlow, which takes the NetFlow data as analysis object and acquires security events precisely.This paper expounds NetFlow technology principles and application situations. Network security event acquisition technologies are discussed, and the ICMP attacks and DDoS attacks are especially studied. The ICMP attacks are classified, and corresponding acquisition technologies are proposed with the characters of local networks. For the DDoS attacks, the high numbered ports entropy is proposed with the model of multilevel detection, and SVM is used to find the attacks.The sensor of network security situation based on NetFlow is designed and implemented followed with an experimental verification. This paper's main work include: the physical design of the network security situation sensor, the functions of data query and events acquisition and an experiment platform is built for the verification of the sensor. |
PDF Full Text Request