Which of the following options is correct about the sequence-by-flow detection of AntiDDoS?
1. The Netflow analysis device samples the current network traffic.
2 Send a drainage command to the cleaning center;
3 Discover DDoS attack traffic;
4. Netflor: analysis equipment sends alarms to ATIC Management Center;
5 abnormal flow is drained to the cleaning center for further inspection and cleaning;
6 The cleaning center sends the host of the attacked object IF address server to the router to implement the drainage.
7 Cleaning logs sent to the management center to generate reports;
8 The cleaned traffic is sent to the original destination server.

Traditional firewalls have weak application layer analysis and processing capabilities, and cannot correctly analyze malicious code that is doped in the allowable application data stream. Many attacks or malicious behavior often use firewall open application data streams to cause damage, resulting in application layers threat can penetrate the firewall.

Threat after the big data intelligent security analysis platform detect will be synchronized to each network device, and then continue to learn and optimize by collecting to the logs from the network device.

Viruses can damage computer systems and falsify or damage business data: Spyware collects, use and disseminate sensitive information from employees. These malicious software seriously interfere with the normal business operations of enterprises. Desktop anti-virus software can solve the problem of viruses and spyware globally.

For SYN flood attacks, TCP source authentication and TCP proxy can be used for defense.
Which of the following description is correct?