Network exception detection method based on quick clustering algorithm

A clustering algorithm and network anomaly technology, applied in the direction of data exchange network, digital transmission system, electrical components, etc., can solve the problems that it is difficult to meet the needs of effective extraction of security information, and the intrusion mode cannot be extracted.

Inactive Publication Date: 2008-08-13
西安交大捷普网络科技有限公司
View PDF0 Cites 41 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0003] The purpose of the present invention is to provide a network anomaly detection method based on a fast clustering algorithm to overcome that the existing technology cannot extract representative intrusion patterns from data containing a large amount of redundant information, and it is difficult to meet the requirements of effective extraction of security information. need question

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Network exception detection method based on quick clustering algorithm
  • Network exception detection method based on quick clustering algorithm
  • Network exception detection method based on quick clustering algorithm

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0052] The present invention will be described in detail below with reference to the drawings and embodiments.

[0053] A method for network anomaly detection based on a fast clustering algorithm, which is implemented through the following steps:

[0054] Step 1: Grab the TCP / IP traffic data packets on the network in a bypass listening mode, and collect the data;

[0055] Step 2: Perform data preprocessing, decompose the attributes of the captured data packets, and send the filtered data to Step 3 and Step 5 at the same time;

[0056] Step 3: Use the fast clustering algorithm to cluster the filtered data, which includes

[0057] Algorithm: fast clustering algorithm for mixed type data;

[0058] Input: data set E, sampling times n;

[0059] output: each cluster;

[0060] Its operation process is:

[0061] (1)Search_m(E,n); / / Get the initial cluster center m1, m2

[0062] (2) Repeat

[0063] (3) Read new record e i ;

[0064] (4) calculation m ...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention relates to a network anomaly detection and intrusion detection technology field, especially to a network anomaly detection method based on rapid clusering algorithm. The invention is to overcome the problem in prior art that a representative intrusion mode can not be extracted from the data comprising a great mount of redundant information and the effective extracting require for a security information is difficult to satisfy. The method of the invention comprises: a step 1, capturing a data package on the net in a by-pass interception mode; a step 2, performing a data pretreatment to transmit the filtered data to a step 3 and a step 5 at the same time; a step 3, clustering dividing the filtered data by the rapid clusering algorithm; a step 4, putting the deviant behavior divided form the step 3 into a intrusion detection mode database; a step 5, receiving the filtered data from the step 2 in real time which is detected by a detection engine, if an abnormity is discovered, alarming or informing a firewall to break the connection.

Description

Technical field: [0001] The invention relates to the technical field of network anomaly detection and intrusion detection, in particular to a method for detecting network anomalies based on a fast clustering algorithm. Background technique: [0002] Intrusion Detection System (IDS) is a new generation of security protection technology after traditional security protection measures such as firewall and data encryption. The intrusion detection system can help network systems quickly discover network attacks, expand the security management capabilities of system administrators, and improve the integrity of information security infrastructure. Although IDS cannot completely prevent computer systems from being attacked and damaged, it can enable administrators to detect attacks in near real time and take corresponding actions when computer systems are attacked, and at the same time prevent further attacks in the future. Detecting the capabilities of the system is an effective wa...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): H04L12/26H04L12/24H04L29/06
Inventor 刘涛白亮张永彬赵卫栋
Owner 西安交大捷普网络科技有限公司
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap