面向铁路客票系统的网络流量检测技术  

作　　者：胡金华 HU Jinhua(Shenzhen Yongda Electronic Information Co.,Ltd.,Shenzhen 518000,China;Information Technology Research Institute of Southwest Jiaotong University,Chengdu 610031,China)

机构地区：[1]深圳市永达电子信息股份有限公司,深圳518000 [2]西南交通大学信息化研究院,成都610031

出　　处：《信息网络安全》2024年第1期143-149,共7页Netinfo Security

摘　　要：随着互联网技术的发展,网络承载的业务越来越重要,传统设备级网管、监控面临着更大挑战,定位故障困难导致的业务损失难以控制,需要更全面的监控和分析手段来提升效率和保障能力。传统的通过静态规划匹配的网络异常检测方法在动态、复杂的网络环境中难以检测出未知异常和攻击类型,不能满足网络安全检测的需求。网络中的业务较多,依靠主动检测方式会给业务服务器带来新的负载压力,特别是应用层流量来自私有协议时,由于不能解码,进一步增大了检测和分析的难度。文章基于铁路客票系统提出一种面向铁路客票系统的网络流量检测技术,该技术可以计算流量主要特征对应的信息熵,并根据多个检查点历史流量的信息熵取值集合判断合法性,在兼顾流量内部特征以及流量间关系的情况下,取得更好的业务流量检测效果。As networks become increasingly complex,the services carried by the network are becoming more and more important.Traditional device-level network management and monitoring are facing increasing challenges.It was difficult to locate problem boundaries and control the business losses caused by faults.More comprehensive monitoring and analytical means control are needed to improve efficiency and capabilities.The traditional network anomaly detection method through static planning and matching is difficult to detect unknown anomalies and attack types in dynamic and complex network environments,and cannot meet the requirements of network security detection.In addition,services in the network,relying on active detection methods,will bring new load pressure to the service server.Especially when the application layer traffic is generated by encryption or private protocols,the inability to decode further increases the difficulty of detection and analysis.Based on the railway ticketing system,this paper proposed a network traffic detection technology for railway ticketing system.It could calculate the information entropy corresponding to the characteristic that affects the traffic,and judge it based on the information entropy value set of historical traffic at multiple checkpoints.Whether it was legal or not,this method comprehensively considers the internal characteristics of traffic and the relationship between traffic,and achieved better business traffic detection results.

关 键 词：铁路客票系统 信息熵 主成分分析 检查点 

分 类 号：TP309[自动化与计算机技术—计算机系统结构]