Automated Locating and Isolating Attack Sources in Local Area Networks
摘要
The security of local area networks (LANs) is very important for universities and big companies, which usually have a large-scale LAN. However, how to locate and isolate attack sources is a big problem. Current commonly used ways to locate and isolate attack sources are either labor-intensive or cannot support different network devices. In this article, a method of automated locating and isolating attack sources in LANs is proposed. The system consists of a relational database, a SNMP data collection program, an attack source localization engine, and an automated switch port isolation program. Moreover, the system that implements the algorithm has been developed and deployed to Shantou university campus network, which is a big LAN. Experimental data were collected in the Shantou university campus network for over five years. The performance of the algorithm was evaluate based on the precision and recall performance metrics. In Shantou university campus network a precision and recall of 1 and 0.94 were obtained. By means of the system, network engineers can locate and isolate attack source precisely and timely. Future research directions include adding IPV6 supporting and improving wireless network compatibility.