Research On Methods Of Detecting Security Sensitive Events Of Mobile Communications

With the rapid development of computer networks an d mobile communication networks;the network information security threats become more frequent and complex,especially in Security and high sensitivity of the application areas,such as network and communications services,banking,finance and so on.In this paper,we focus on the DDo S attacks and the brute force attacks in the current network.From the perspective of network flow,this paper analyzes the attack characteristics deeply and constructs the onlin e detection scheme of abnormal behavior to ensure the security of the network.Aiming at the shortcomings of the existing DDo S detection method,a DDo S attack detection scheme based on network flow is proposed.The network flow characteristics of different DDo S attacks are analyzed,and the entropy of the source IP and the destination port number is calculat ed.Accounting for the proportion of special packets to describe the number of changes;based on multiple features of the comprehensive judgments can avoid a single attribution to the shortcomings of high error.The improved CUSUM algorithm can dynamically adjust the allowable deviation,such as when the mean haves drift trend the allowable deviation decrease and the allowable deviation will return to the normal level when the trend disappears.The method can speed up the response time of the algorithm when the drift occurs,and can effectively Improve the detection of small drift effect.According to typical remote communication and control protocol TELNET,SSH and FTP,propose a brute force attacks detection method which is based on the number of standard deviation of the mean value of packet size and the standard deviation of the mean value of the packet s sending rate to judge the user's behavior pattern.The brute force attacks will lead to a long time without fluctuations or small fluctuation of the eigenvalue,if there are multiple process,and the eigenvalue standard deviation is less than the threshold that there is a brute force attacks.In the small local area network environment,establish the security anomaly detection program for attack simulatio n and performance testing.The performance of DDo S attack detection method is evaluated from the three aspects of false positive rate,false negative rate and accuracy.The results show that the accuracy of SYN_FLOOD,UDP_FLOOD and ICMP_FLOOD are not less than 98%,and the false negative rate and false alarm rate are not higher than 4%;TELNET,FTP,SSH protocol brute force attacks detection accuracy of not less than 9 5%,false positive rate and false negative rate of not more than 10%.The test results sho w that this scheme can realize real-time detection of DDo S and the brute force attacks in the network.