Abstract
With the rapid growth of network traffic, in order to monitor network traffic, the author proposes a baseline based traffic inspection method. The main objective is to develop a global system for identifying malicious traffic, rather than a precise method for detecting the types of worms produced by malicious traffic. Although traffic is caused by the causes, network administrators can use this international search technique to detect malicious traffic data. The system based approach mainly includes designing time based on the traditional traffic model, detecting various equipments and network traffic process, and configuring the traffic flow according to each time frame. This method uses Cisco's NetFlow Collector, a NetFlow Collector (NFC), to collect raw NetFlow data transmitted by the device through UDP every 5 minutes. the Then, three-dimensional data such as communication port, communication time, and traffic flow (bytes or packets) is used to filter, remove the different values, calculate the base values, and compare the real-time results with the base values to check the traffic defects in the current network. If there are differences between the monitoring data and the system configuration at the same time, the system will issue an abnormal warning, and as time accumulates, the alarm level will gradually escalate.
Publisher
Scalable Computing: Practice and Experience