FortiDDoS是使用历史流量基线进行检测的
Understanding FortiDDoS Detection Mode
In Detection Mode, FortiDDoS logs events and builds traffic statistics for SPPs, but it does not take actions: it
does not drop or block traffic, and it does not aggressively age connections. Packets are passed through the
system to and from protected subnets. Any logs and reports that show drop or blocking activity are actually
simulations of drop or block actions the system would have taken if it were deployed in Prevention Mode.
When you get started with FortiDDoS, you deploy it in Detection Mode for 2-14 days so that the FortiDDoS
system can learn the baseline of normal inbound and outbound traffic. The length of the initial learning period
depends upon the seasonality of traffic (its predictable or expected variations) and how representative of normal
traffic conditions the learning period is. Ensure that there are no attacks during the initial learning period and that
it is long enough to be a representative period of activity. If activity is heavier in one part of the week than
another, ensure that your initial learning period includes periods of both high and low activity. Weekends alone
are an insufficient learning period for businesses that have substantially different traffic during the week. Thus, it
is better to start the learning period on a weekday. In most cases, 7 days is sufficient to capture the weekly
seasonality in traffic.
At the end of the initial learning period, you can adopt system-recommended thresholds (usually lower than the
factory default) and continue to use Detection Mode to review logs for false positives and false negatives. As
needed, you repeat the tuning: adjust thresholds and monitor the results.
When you are satisfied with the system settings, change to Prevention Mode. In Prevention Mode, the appliance
drops packets and blocks sources that violate ACL rules and DDoS attack detection thresholds.
相关文章
- canvas操作图片,进行面板画图,旋转等
- 「补课」进行时:设计模式(11)——游戏中的策略模式
- 数字图像处理 使用C#进行图像处理四 边缘检测
- 机器学习笔记 - 使用 GAN 进行数据增强以进行缺陷检测
- PCL 点云按坐标值大小进行排序
- C# 对Word文档进行处理
- Atitit 如何利用先有索引项进行查询性能优化
- Excel:Excel使用技巧经验总结之(利用Excel自带功能统计各个字段不同类别及其个数并进行图表可视化+非编程实现)图文教程之详细攻略
- CV之FD&FA:利用MTCNN的脚本实现对LFW数据集进行FD人脸检测和FA人脸校准
- Android 内存优化使用profile 和 MAT 工具进行内存泄漏检测
- 【SVR-SVDD】基于支持向量-SVDD 进行异常检测研究(Matlab代码实现)
- 基于多尺度形态学梯度进行边缘检测(Matlab代码实现)
- 【图像处理】基于MATLAB形态学矩阵块和线段提取的方法来进行图像特征检测
- Python获取照片, 实现颜值检测, 进行排名~
- 物体检测实战:使用 OpenCV 进行 YOLO 对象检测
- 如何进行需求结构化管理?
- Ubuntu下进行交叉编译时报错:arm-arago-linux-gnueabi-gcc: No such file or directory
- 如何一键进行重装Win11系统
- LabVIEW对NI Linux RT应用程序性能进行基准测试
- C++里使用二分法查找和lambda表达式进行比较
- 商户怎样选择商业wifi进行移动营销
- 一文4000字教你如何使用可视化的Docker进行UI自动化测试
- 黑客是如何利用你的浏览器进行挖矿的?
- 利用CTU-13数据集进行僵尸网络检测
- 【转】webshell检测——使用auditd进行system调用审计
- 使用isolation forest进行dns网络流量异常检测
- Kitten编程猫 里的克隆体无法进行边缘检测
- 文本的检测、识别实战:使用 Tesseract 进行 OpenCV OCR 和文本识别
- 【CV】第 3 章:使用 OpenCV 和 CNN 进行面部检测
- 【Spark NLP】第 8 章:使用 Keras 进行序列建模
- 深度学习笔记:用卷积神经网络进行MNIST手写数字识别
- yolov4视频目标检测:使用C++版本联合CUDA11.2的OpenCV 5.x编译生成opencv-python==5.x进行推理