MALICIOUS TRAFFIC IDENTIFICATION METHOD AND RELATED APPARATUS

MALICIOUS TRAFFIC IDENTIFICATION METHOD AND RELATED APPARATUS

Embodiments of this disclosure provide a malicious traffic identification method and a related apparatus. The malicious traffic identification method may include: determining a receiving time of first alarm traffic; obtaining, according to a preset policy, a plurality of pieces of second alarm traff...

Ausführliche Beschreibung

Gespeichert in:
Bibliographische Detailangaben
Hauptverfasser: Wan, Rongfei, Zhu, Annan, Zhang, Jia, Duan, Haixin
Format: Patent
Sprache:eng
Schlagworte:
ELECTRIC COMMUNICATION TECHNIQUE
ELECTRICITY
TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHICCOMMUNICATION
Online-Zugang:Volltext bestellen
Tags: Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
Beschreibung
Zusammenfassung:Embodiments of this disclosure provide a malicious traffic identification method and a related apparatus. The malicious traffic identification method may include: determining a receiving time of first alarm traffic; obtaining, according to a preset policy, a plurality of pieces of second alarm traffic corresponding to the first alarm traffic within a target time period, where the target time period is a time period determined based on the receiving time, and a similarity between each of the plurality of pieces of second alarm traffic and the first alarm traffic is greater than a preset threshold; performing feature extraction on the plurality of pieces of second alarm traffic to obtain first feature information; and determining, based on the first feature information, whether the first alarm traffic is malicious traffic. In embodiments of this disclosure, accuracy of malicious traffic identification on a live network can be improved by using a multi-flow traceback method.