Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

A method and system for detecting abnormal flow

A detection method and detection system technology, which is applied in the field of network security, can solve the problems of flow recognition technology, such as strict requirements on computing performance and consumption of storage space, inability to realize abnormal flow location, and inability to apply abnormal flow identification, etc. Effects of Monitoring Burden, Improving Timeliness, and Reducing Costs

Inactive Publication Date: 2011-12-14
INST OF COMPUTING TECH CHINESE ACAD OF SCI
View PDF0 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0004] The anomaly detection methods under the traditional high-speed network mainly include the analysis of the network traffic or the analysis of the distribution change of the address port. Although these methods can detect the anomalies under the high-speed network and give an alarm to the anomalies, they cannot locate the abnormal flow. Therefore, abnormal data cannot be exported to help further analysis
The packet classification technology based on static rule sets mainly relies on static classification rules for classification, and cannot be applied to the identification of abnormal traffic.
[0005] Although the frequent item mining technology in data flow research can be used to solve the problem of abnormal flow identification, there are still some limitations in the implementation of the technology in the actual network environment. On the one hand, due to the limited computing and storage resources, the calculation of flow identification technology There are strict requirements on performance and storage space consumption; on the other hand, network data has dynamic characteristics, and it is necessary to pay more attention to short-term situation changes in monitoring. These existing algorithms are difficult to solve this problem, and existing technologies need to be improved.

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • A method and system for detecting abnormal flow
  • A method and system for detecting abnormal flow
  • A method and system for detecting abnormal flow

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0040] In order to make the purpose, technical solution and advantages of the present invention clearer, a method and system for detecting abnormal flow of the present invention will be further described in detail below in conjunction with the accompanying drawings and embodiments. It should be understood that the specific embodiments described here are only used to explain the present invention, not to limit the present invention.

[0041] The abnormal flow detection method and system of the present invention can detect TCP flows that try to frequently establish connections in the network in a short period of time, and realize the entropy value calculation of frequent items on the basis of mining data, helping to realize abnormal flow detection in high-speed network environments On-demand monitoring reduces the burden of network monitoring.

[0042] The method and system for detecting abnormal flow of the present invention will be described in detail below in conjunction with...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention discloses a method and system for detecting abnormal flow. The method includes: capturing IP packets in the network, collecting SYN packets satisfying preset conditions, and extracting the address information of the SYN packets as data items to form a data item set; mining the data item set within a preset time Frequently appearing data items are used as frequent items, and the address information corresponding to the frequent items is recorded, and the flow with abnormal behavior is located according to the frequent items; it also includes: calculating the entropy value of the frequent items to evaluate the abnormal situation of the network Provide evidence. It can quickly identify flows that try to frequently establish connections in the network on the premise of using only a small amount of computing and storage resources, which can help realize on-demand monitoring of abnormal flows and reduce the burden of network monitoring.

Description

technical field [0001] The invention relates to the field of network security, in particular to a method and system for detecting abnormal flows based on frequent item mining. Background technique [0002] In recent years, with the rapid development of the Internet, the types of services continue to increase, and various types of network threats emerge in an endless stream. Network data monitoring has become more and more important. With the rapid development of the Internet, the link bandwidth and business volume have increased exponentially, the network scale and complexity have continued to increase, and the improvement of semiconductor performance has relatively lagged behind, resulting in a prominent problem of mismatch between computing power and high-speed massive data. In a high-speed network environment, the new generation of network monitoring and security management system needs to consider adopting on-demand monitoring technology, so the data stream that does not...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Patents(China)
IPC IPC(8): H04L29/06H04L12/26H04L12/24
Inventor 戴磊云晓春肖军
Owner INST OF COMPUTING TECH CHINESE ACAD OF SCI
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com