| 摘要 |
A method and a device for feature information analysis, comprising the following features: obtaining a plurality of data packets of a session to be analyzed (101); extracting from each such data packet the feature values of preset session features (102); computing said feature values to obtain session feature information of said session to be analyzed (103). In an embodiment, a session is the basic unit of analysis, thus allowing for overall analysis of a session, yielding session feature information able to reflect a whole session. Also provided in the embodiments are a method and system for detecting network attacks capable of detecting, on the basis of the session feature information obtained during a preset time interval from a session to be analyzed, the network session attacks occurring during said interval, thus resolving the problem in prior art that network session attacks cannot be detected on the basis of data flow feature information, making possible effective detection of network session attacks, and enhancing the completeness of network session attack detection. |
