Self adaptive network traffic sampling method for anomaly detection

An adaptive network and anomaly detection technology, applied in the field of sampling technology, can solve the problems of large storage space, low processing speed, sampling distortion, etc., and achieve the effect of saving storage space, improving processing speed, and simple algorithm

Inactive Publication Date: 2010-03-10
HARBIN ENG UNIV
View PDF0 Cites 15 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0005] The purpose of the present invention is to provide an adaptive network traffic sampling method for anomaly detection that can overcome defects such as sampling distortion, lack of flexibility, low processing speed, and large storage space.

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Self adaptive network traffic sampling method for anomaly detection
  • Self adaptive network traffic sampling method for anomaly detection
  • Self adaptive network traffic sampling method for anomaly detection

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0029] The following describes in detail by implementing the present invention in an IDS device. During implementation, an adaptive sampling module needs to be set in the IDS, which completes the sampling and statistics functions of network data packets.

[0030] The steps of the present invention are:

[0031] Step 1. Start the program, initialize the system parameters, and use the predefined sampling probability p 0 Packets are sampled until the second time interval is reached. Clear the arrays used to record the flow size and the number of sampled packets in the time interval respectively. The initial values ​​of the system parameters are as follows:

[0032] p 0

ε

T

T 1

T 2

0.9

0.001

10

15sec

30min

[0033] Step 2, capturing TCP / IP packets on the network in a bypass listening mode;

[0034] Step 3. Quickly classify the newly arrived data packets according to the flow identifier, and hash the flow ...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention provides a self adaptive network traffic sampling method for anomaly detection. Based on the ideal of time stratification, time is stratified into predefined non-overlapping intervals called as blocks or layers. In the same time interval, sampling is carried out on all data messages belonging to the same flow with the same probability, and whether the flow expires or not is detectedin real time. When the time interval ends, the flow is estimated with the number of the messages sampled in the current time interval and sampling probability, the flow distribution of the next time interval is predicted, then the predicted flow is taken as an important parameter for determining the sampling probability of the next time internal, and compulsory sampling is carried out on the datamessages of smaller flow by combining a compulsory sampling method. Compared with the prior art, the invention has simple and flexible algorithm, can provide a correct data source for anomaly detection, improve the high processing speed and save memory space.

Description

(1) Technical field [0001] This project deals with a sampling technique, specifically a packet sampling technique for anomaly detection. (2) Background technology [0002] With the development of large-scale and high-speed Internet, the full flow collection and measurement technology has been unable to continue. Due to the limitation of software and hardware of monitoring equipment, in high-speed links and routers, using packet sampling technology to reduce the number of data packets to be processed has become an important method in traffic monitoring and analysis, and it is also recommended by the IPFIX and PSAMP working groups of IETF method. Existing packet sampling algorithms have been widely used in network traffic monitoring and analysis, such as Cisco's NetFlow. In recent years, as security analysis has become more and more important, network traffic sampling data has been widely used as a data source for anomaly detection, such as to detect denial-of-service attack...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): H04L29/06
Inventor 杨武王巍苘大鹏何晓冰玄世昌莫锡昌康喜司贺华
Owner HARBIN ENG UNIV
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap