Network measurement system
The network measurement system is a network passive measurement system that monitors network traffic in real time based on passive measurement technology and analyzes and evaluates network performance. Its system configuration is shown in Figure 1.
The probes are distributed at monitoring points in all levels of the network and are the actual performers of the measurement operation, with multiple network measurement tools residing on them. According to the measurement request described by the monitoring center in the strategy language, various network measurement functions are dispatched in combination, the measurement data is collected, buffered and refined, and the results are returned to the monitoring center as needed.
The monitoring center is the initiation point of the measurement task and the gathering point of the measurement results. According to the semantics of the network measurement strategy, a measurement request is sent to the probe (group) when a specific event (state) occurs, and the measurement results returned by the probe are analyzed and displayed.
The registration server provides some public services, such as component information service, system clock service, component registration and management service, etc.
The policy server provides policy interpretation and storage. A policy defines the behavior that the system needs to complete or the state it expects to achieve. It separates the control of behavior from the execution of behavior, that is, it defines what behavior must be executed when, but it does not define what specific action the behavior includes. So as long as the strategy is modified, the behavior and attributes of the system can be changed without interrupting system services without reprogramming.
Figure 1 Network measurement system configuration diagram
Attack detection and tracking Based on the analysis of SYN Flooding attacks, two components DetSYN and TraceSYN, which detect and track SYN Flooding attacks, are developed on the network measurement platform, and are located on the probe like other measurement tools. The monitoring center calls the detection tool on the remote probe through the strategy system to monitor a specific server; if an abnormality occurs, strengthen the detection and take active protective self-rescue measures; once the attack is confirmed, immediately alert the monitoring center; the monitoring center then The probe (group) in the suspicious user network issues a tracking task; the probe returns the tracking result after performing the tracking task; the monitoring center aggregates and generates an attack tracking report to confirm one or more possible attack sources (network); finally, for these The source of the attack takes some active defense measures to contain the attack at the source.
SYN Flooding attack defense mechanism based on network measurement system
Schneider Electric Industrial Division is a global leader in machine automation, discrete automation and process automation. Through superior products, innovative solutions and a deep understanding of the industry, the Industrial Division continuously helps customers increase production capacity, ensure safety and reduce energy consumption. The continuous and rapid development of the Industrial Division benefits from a close and seamless care for the customer's entire life cycle, and a healthy partner ecosystem that embraces unique channel partners and technology partners. The unparalleled broad portfolio of industrial divisions includes industrial control components, frequency converters, motion control, robotics, PLCs, DCS, process safety, software, HMI and sensors.
Schneider Modicon: Quantum 140 series processors, control cards, power modules and so on.
Schneider Modicon
Schneider Modicon,Modicon Plc Quantum Modicon,Original Schneider Modicon,Modicon Quantum
Xiamen The Anaswers Trade Co,.LTD , https://www.answersplc.com