Eureka AIR delivers breakthrough ideas for toughest innovation challenges, trusted by R&D personnel around the world.

Method for detecting and classifying all-network flow abnormity on line

A network traffic and abnormal technology, applied in the direction of data exchange network, digital transmission system, electrical components, etc., can solve the problems of immediate identification, unable to meet the actual needs of network security management, etc., achieve low storage overhead, meet real-time detection and classification network Exceptional, low-time-complexity effects

Active Publication Date: 2010-09-29
中国人民解放军陆军炮兵防空兵学院
View PDF3 Cites 70 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

For the first time, Lakhina et al. used the traffic matrix as a data source, and applied the subspace method based on principal component analysis to successfully detect abnormal behaviors that are difficult to appear on a single link on the entire network view, but this method is still an offline processing method.
[0004] The above-mentioned network traffic anomaly detection and classification methods are all offline processing methods, so they cannot be immediately identified when an attack occurs and corresponding security measures are taken for defense
This type of post-mortem analysis method cannot meet the actual needs of current network security management.
How to detect traffic anomalies online in real time from the perspective of the entire network, and classify the detection results in real time, so as to meet the practical needs of network security, is a topic that has been researched by scientific and technological personnel in this field, but has not yet been seen in this regard report

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Method for detecting and classifying all-network flow abnormity on line
  • Method for detecting and classifying all-network flow abnormity on line
  • Method for detecting and classifying all-network flow abnormity on line

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0033] Such as Picture 1-1 , Figure 1-2 , Figure 1-3 , diagram 2-1 , Figure 2-2 , image 3 As shown, the online detection and classification method of the whole network traffic anomaly of the present invention comprises the following steps:

[0034] The first step is to collect NetFlow traffic:

[0035] After the NetFlow traffic collector is used to receive the NetFlow data packets sent from the border router, the collector will analyze the data packets and aggregate the data flow to form a variety of data suitable for statistical analysis, and then transmit them to the central console through the network for storage. into the database;

[0036] The second step is to construct a flow matrix measured by the entropy of flow characteristics:

[0037]Based on the original NetFlow flow data stored in the central console database, according to the routing information of the border gateway protocol, a traffic matrix measured by the entropy of different flow characteristics...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention discloses a method for detecting and classifying all-network flow abnormity on line. The method comprises the following steps of: (I) acquiring network flow (NetFlow), namely, receiving a NetFlow data packet transmitted from a border router by adopting a NetFlow collector, resolving the data packet and aggregating data streams to form data suitable for statistical analysis, and transmitting the data to a central control board through network to store in a database; (II) building a flow matrix taking the entropy of flow characteristics as measure; (III) detecting the flow abnormity on line by adopting a main increment component analyzing method; and (IV) constructing sample points in four-dimensional space by utilizing residual vector acquired through on-line detection and classifying the flow abnormity on line by adopting an increment k-mean value clustering method. The method has the advantages of detecting the flow abnormity on line, classifying the flow abnormity on line in real time, meeting the requirement on the real-time detection and classification of the flow abnormity better and laying the technical foundation for subsequently defending against network attack, along with lower time complexity and storage expenditure.

Description

technical field [0001] The invention relates to a method for detecting and classifying Internet flow security, in particular to a method for online detecting and classifying abnormal flow of the whole network. Background technique [0002] Along with the rapid development of the Internet, all kinds of network attacks are becoming more and more rampant, and the problem of network security has attracted more and more attention from people. In order to effectively contain these network attacks, network administrators must discover abnormal behaviors of network traffic in real time from a large amount of network monitoring data, such as denial of service attacks (DoS), distributed denial of service attacks (DDoS), flash crowd (flash crowd) ), etc., and take corresponding defensive measures in time. [0003] At present, most of the network traffic anomaly detection and classification methods adopt offline batch processing method for the traffic of a single link. This requires t...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
IPC IPC(8): H04L12/56H04L12/26H04L29/06
Inventor 钱叶魁陈鸣刘凤荣商文忠黄振山阮宜武
Owner 中国人民解放军陆军炮兵防空兵学院
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com