Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Neural network-based low amplitude network flow anomaly detection method

A neural network and network traffic technology, applied in the field of abnormal detection of low-amplitude network traffic based on neural networks, can solve the problems that the OD flow traffic cannot be directly measured, the OD flow inversion results are inaccurate, and the detection steps are affected. Solve the effect of inversion error affecting the detection

Inactive Publication Date: 2011-05-25
SHENZHEN Y& D ELECTRONICS CO LTD
View PDF2 Cites 10 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

However, OD flow traffic cannot be directly measured. It is generally obtained in two ways. One is obtained by combining flow-level data obtained by netflow with routing protocol analysis. This method usually cannot be used in the real-time online detection process; the other is is obtained by inversion of directly measured link data. However, there are serious underdetermination problems in various inversion techniques. Although the underdetermination problem can be overcome by introducing prior information or modeling OD flow, the flow The abnormality does not match the prior information under normal conditions, or it is difficult to find a certain mathematical model to model the OD flow, which makes the OD flow inversion result inaccurate, which directly affects the detection based on the OD inversion result step

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Neural network-based low amplitude network flow anomaly detection method
  • Neural network-based low amplitude network flow anomaly detection method
  • Neural network-based low amplitude network flow anomaly detection method

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0019] The present invention will be further described below in conjunction with the accompanying drawings.

[0020] figure 1 A schematic diagram of the principle of the neural network module in the present invention is shown. Described neural network module comprises first and second multi-layer recursive neural network 2; The input of described second multi-layer recurrent neural network 2 is link flow L (m)={l that can be directly measured 1 (m), l 2 (m),...,l n (m)}, where n is the number of link traffic, m is the current sampling moment, l n (m) is the nth link flow; the output of the second multi-layer recursive neural network 2 is the partial OD flow estimation flow, and the partial OD flow estimation flow is expressed as The input of the first multi-layer recurrent neural network 1 is the link flow L(m) and the partial OD flow estimated flow as a supplementary constraint input, since the partial OD flow estimated flow is the second multi-layer recurrent neural net...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention discloses a neural network-based low amplitude network flow anomaly detection method. In the method, a neural network module comprises a second multilayer recurrent neural network and a first multilayer recurrent neural network, the input of the second multilayer recurrent neural network is directly measurable link flow, and the output of the second multilayer recurrent neural network is the estimated flow of part of origin-destination (OD) flow; and the input of the first multilayer recurrent neural network is the link flow and the estimated flow of the part of OD flow, which is output by the second multilayer recurrent neural network and serves as supplementary constraint input, and the output of the first multilayer recurrent neural network is the estimated value of a characteristic parameter. In the invention, the step of inversion from a link to the OD flow is skipped, so the influences of errors generated in a prediction process on a detection step are avoided effectively, and the real-time prediction of the OD flow correlation at next moment can be provided. When the method is used, the detection of hidden flow anomaly is easier, the detection process does not completely rely on the estimation from the link to the OD flow any more, the problem that the inversion error influences the detection is solved, and the frame allows for estimation from link flow to multiple OD flow characteristic parameters.

Description

technical field [0001] The invention relates to a method for detecting abnormal network flow, in particular to a method for detecting abnormally low amplitude network flow based on a neural network. Background technique [0002] Abnormal behaviors in the network, such as equipment failures, link or node errors, sudden access, and some abnormal behaviors caused by malicious reasons such as DDoS attacks and worm propagation, will lead to network performance degradation and even network unavailability. These anomalies have distributed characteristics, that is, they exist in multiple links at the same time, forming distributed traffic anomalies; and abnormal traffic may be extremely hidden from a single link, and does not show obvious abnormal characteristics. It is very difficult for network managers to detect and respond to these low-magnitude covert traffic anomalies in a timely and effective manner. [0003] Existing network traffic anomaly detection methods include link tr...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
IPC IPC(8): H04L12/26H04L1/00G06N3/08
Inventor 李宗林戚建淮
Owner SHENZHEN Y& D ELECTRONICS CO LTD
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com