Eureka AIR delivers breakthrough ideas for toughest innovation challenges, trusted by R&D personnel around the world.

Method for detecting HIDS abnormal traffic

A detection method and abnormal flow technology, applied in digital transmission systems, electrical components, transmission systems, etc., can solve the problems of inability to distinguish busy flow from abnormal flow, long detection time, false alarms, etc.

Inactive Publication Date: 2009-12-09
JIANGSU XINWANG TEC TECH
View PDF0 Cites 3 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0006] (1) Unable to distinguish busy traffic from abnormal traffic, resulting in false positives or missed negatives
[0007] (2) The setting of the traffic threshold is related to the specific network, lacks universality, and requires the support of technical personnel
[0008] (3) It can only be detected when a large-scale attack breaks out, and the detection time is relatively long

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Method for detecting HIDS abnormal traffic
  • Method for detecting HIDS abnormal traffic

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0018] The traffic files come from backscatter-20040301-0000-clean.pcap (DDoS traffic) and wittyworm-20040201.pcap (virus traffic) provided by www.caida.org, and attack data packets are played back to the LAN to simulate attack events through the traffic playback mechanism , through traffic collection programs, such as WinPcap, to obtain sample sequences containing attack traffic, through our actual operation and testing, the HIDS abnormal traffic detection method can basically achieve a 100% detection success rate for DDoS and wittyworm virus traffic, and the detection time is also shorter than Traditional detection algorithms are greatly reduced.

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention intends to provide a method for detecting abnormal traffic, particularly a convenient method for detecting abnormal traffic by calculating the variation of self-similarity indexes. The method can distinguish normal and abnormal traffic and reduce the detection time, which comprises the following steps: Step 1, initiating the sample queue FQueue, initiating the Hurst queue and HQueue for saving Hurst indexes, and initiating the Hurst index variation queue DHQueue; Step 2, calculating the Hurst indexes of the queue FQueue, saving the Hurst indexes to the queue HQueue, adding new nodes to the sample queue FQueue, and delaying for 10 seconds; Step 3, calculating delta H of all the Hurst values in the queue HQueue according to the following formula: delta H = H(m) - H(m-1), and adding the values to the queue DHQueue; and Step 4, reading the last value H(last) in the queue DHQueue on a circulatory basis, under the condition that delta H(last) is more than 0.2, if the difference between H(last) and 2 is more than 0, giving a warning of wittyworm virus, and if H(last) is less than 0.3, giving a warning of DDOS (Distributed Denial of Service) attack.

Description

technical field [0001] The invention is a method for detecting abnormal flow, which provides a convenient method for detecting abnormal flow by calculating the change of self-similarity index, and belongs to the cross field of computer application technology and intrusion detection. Background technique [0002] In addition to normal network traffic, the network also includes a lot of malicious attack traffic, which often causes network congestion or even paralysis. We call this kind of traffic abnormal traffic. Two kinds of harmful abnormal traffic in the existing network are DDoS (distributed denial of service) and Viruses and Worms (viruses and worms). [0003] Network viruses and network attacks have brought great harm to the normal operation of the network, but there is no way to fundamentally eliminate DDoS attacks and worms. However, through some technical means, such as detection and filtering, the harm caused by these attacks can be mitigated to a certain extent. ...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
IPC IPC(8): H04L12/26H04L12/56H04L29/06
Inventor 丁元彬张顺颐颜学智王攀
Owner JIANGSU XINWANG TEC TECH
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Eureka Blog
Learn More
PatSnap group products