Rapid detection method for network flow anomaly

A technology for network traffic and anomaly detection, applied in data exchange networks, digital transmission systems, electrical components, etc., can solve the problems of real-time detection, difficulty, and difficulty in ensuring the accuracy of detection, etc., and achieve the effect of increasing speed

Inactive Publication Date: 2010-11-24
NORTHWESTERN POLYTECHNICAL UNIV +1
View PDF2 Cites 20 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

However, there are still some defects in this method: First, the scheme is still generated based on the feature library, and the feature library must be established and trained and learned in advance, and the feature library itself is subjectively established and cannot reflect the characteristics of the network itself, so it is still difficult to guarantee detection accuracy
Secondly, the solution does not consider the problem of detection speed. However, for various sudden and fast abnormalities and attacks that appear in large numbers today, detection speed is undoubtedly an important technical indicator.
Finally, there is a lag in the feature library matching itself, and training and learning occur after the abnormality occurs, so it is difficult to ensure real-time detection

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Rapid detection method for network flow anomaly
  • Rapid detection method for network flow anomaly
  • Rapid detection method for network flow anomaly

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0024] In the following, the present invention will be described through a process of quickly solving the Hurst exponent to detect traffic anomalies.

[0025] 1) Collect network traffic data.

[0026] Firstly, the network data packet is obtained, which is implemented by using the Winpcap (windows packet capture) library, which is a framework for packet capture and network analysis on the windows platform, and is used to capture and analyze network data packets. Use it to capture raw data packets, collect and collect statistics on network traffic. It is roughly divided into three steps: 1: Obtain the network card list; 2: Open the device list, set the network card mode to promiscuous mode; 3: Create a file for storing data packets and save the captured data packets.

[0027] The network traffic data acquisition steps include: first, obtain the information of all network devices in the system by calling the library function pcap_findalldevs(), and obtain the name of the local n...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses a rapid detection method for network flow anomaly, which aims to solve the problem of slow detection speed of the existing detection method for the network flow anomaly. The technical scheme of the invention is as follows: adopting a Hurst index which is used for describing the fractal characteristics of network flow to judge the occurrence of the anomaly; solving the Hurst index through the iteration of the sampled latest flow data; establishing an abnormal judgment threshold through the change of the Hurst index; and carrying out flow anomaly detection directly, and detecting the network flow anomaly in real time, thereby improving the speed of detecting the network flow anomaly.

Description

technical field [0001] The invention relates to a method for detecting abnormality of network flow, in particular to a fast method for detecting abnormality of network flow. Background technique [0002] With the development of the Internet, the network environment is becoming more and more complex. All kinds of sudden and fast anomalies and attacks often catch the anomaly detection system off guard. The rapidity and real-time performance of anomaly detection have become more and more important. However, the existing anomaly detection methods focus on the accuracy of detection, which cannot keep up with the needs of Internet development. [0003] The document "Network-Based Anomaly Detection Using an Elman Network, International Conference on Computer Communication and Mobile Computing (ICCNMC2005), 2005, pp.471-480" discloses a method for detecting network traffic anomalies using a simple recurrent neural network generation model, This method applies the aggregated informa...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): H04L12/24H04L12/26H04L12/56
Inventor 李慧贤王晓芬庞辽军裴庆祺赵军赵晓辉
Owner NORTHWESTERN POLYTECHNICAL UNIV
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap