Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

ISP anomalous traffic detection method and system

A technology of abnormal traffic and detection method, applied in the field of information security, can solve the problems of low false positive rate, no adaptive ability, abnormal detection ability of network traffic, etc., and achieve the effect of reducing false positive rate

Active Publication Date: 2011-01-12
四川通信科研规划设计有限责任公司
View PDF1 Cites 9 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0007] The purpose of the present invention is to provide a detection method and detection system for ISP abnormal traffic in view of the shortcomings of the prior art, which can solve the problems of low false alarm rate, poor or no self-adaptability, and also adopts the network The tolerance mechanism for abnormal traffic allows it to detect abnormal network traffic caused by a large number of sudden normal network access

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • ISP anomalous traffic detection method and system
  • ISP anomalous traffic detection method and system
  • ISP anomalous traffic detection method and system

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0034] All features disclosed in this specification, or steps in all methods or processes disclosed, may be combined in any manner, except for mutually exclusive features and / or steps.

[0035] Any feature disclosed in this specification (including any appended claims, abstract and drawings), unless expressly stated otherwise, may be replaced by alternative features which are equivalent or serve a similar purpose. That is, unless expressly stated otherwise, each feature is one example only of a series of equivalent or similar features.

[0036] Before introducing the specific implementation technical solution of the present invention, first introduce a theory on which the present invention is based. The biological immune system danger theory points out that the biological immune system generates an immune response based on "danger signals" rather than self / non-self identification. The immune protection mechanism of organisms can effectively protect the safety of organisms, an...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention discloses an ISP anomalous traffic detection method and a system, belonging to the field of information safety. The method comprises the following steps: capturing a network data packet; distinguishing a dangerous network data stream to determine a dangerous area; extracting the dangerous mode of the dangerous network data stream sent to the dangerous area; matching the dangerous mode with a memory detector, and meanwhile updating the antibody concentration of the memory detector; and according to the antibody concentration of the memory detector, determining the value at risk of the anomalous traffic of a network. The system of the invention comprises a network data packet acquisition module, a danger identification module, a dangerous area identification module, a network anomalous traffic mode identification module and a danger assessment module. The invention can solve the problems of low misinformation rate, poor self-adaption ability or no self-adaption ability. The invention also adopts the tolerance mechanism of the network anomalous traffic to cause the system to have the ability of detecting the anomalous network traffic caused by a large number of sudden normal network accesses.

Description

technical field [0001] The invention relates to the field of information security, in particular to an ISP abnormal traffic detection method and system. Background technique [0002] Traditional network anomaly traffic detection technology includes signature-based detection technology and anomaly detection technology. Signature-based abnormal network traffic detection technology (such as DDOS attack traffic, port scanning attack traffic, etc.) can only be detected when the signature database has saved the dangerous network data flow signature in advance, otherwise it will escape detection ; The traditional anomaly detection technology establishes a normal behavior model, and then compares it with the established normal behavior model. If it exceeds a certain threshold, an abnormality is detected, otherwise it is normal. Therefore, anomaly detection technology has the capability of unknown abnormal traffic. Commonly used anomaly detection methods include: MULTOPS method, D-W...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Applications(China)
IPC IPC(8): H04L29/06H04L12/26H04L12/24H04L12/56H04L45/50
Inventor 曾金全唐伟文
Owner 四川通信科研规划设计有限责任公司
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products