MALICIOUS TRAFFIC IDENTIFICATION METHOD AND RELATED APPARATUS

MALICIOUS TRAFFIC IDENTIFICATION METHOD AND RELATED APPARATUS

Embodiments of this application provide a malicious traffic identification method and a related apparatus. The malicious traffic identification method may include: determining a receiving time of first alarm traffic; obtaining, according to a preset policy, a plurality of pieces of second alarm traf...

Ausführliche Beschreibung

Gespeichert in:
Bibliographische Detailangaben
Hauptverfasser: ZHANG, Jia, DUAN, Haixin, ZHU, Annan, WAN, Rongfei
Format: Patent
Sprache:eng ; fre ; ger
Schlagworte:
ELECTRIC COMMUNICATION TECHNIQUE
ELECTRICITY
TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHICCOMMUNICATION
Online-Zugang:Volltext bestellen
Tags: Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
Beschreibung
Zusammenfassung:Embodiments of this application provide a malicious traffic identification method and a related apparatus. The malicious traffic identification method may include: determining a receiving time of first alarm traffic; obtaining, according to a preset policy, a plurality of pieces of second alarm traffic corresponding to the first alarm traffic within a target time period, where the target time period is a time period determined based on the receiving time, and a similarity between each of the plurality of pieces of second alarm traffic and the first alarm traffic is greater than a preset threshold; performing feature extraction on the plurality of pieces of second alarm traffic to obtain first feature information; and determining, based on the first feature information, whether the first alarm traffic is malicious traffic. In embodiments of this application, accuracy of malicious traffic identification on a live network can be improved by using a multi-flow traceback method.