Device and method for detecting network access abnormality based on data stream behavior analysis

A technology of behavior analysis and network access, applied in the network field

Active Publication Date: 2011-07-20
CERTUS NETWORK TECHNANJING
View PDF5 Cites 75 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0007] The purpose of the present invention is to overcome the above-mentioned shortcomings in the prior art, and provide a method that can quickly and efficiently summarize traffic behavior in the application environment of large-scale data traffic analysis, identify abnormal traffic, and effectively avoid the undetectable increase in slow abnormal traffic. network access anomaly detection device and method based on data flow behavior analysis, which improves the detection accuracy, and the application method is relatively simple, the application cost is low, and the scope of application is wide

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Device and method for detecting network access abnormality based on data stream behavior analysis
  • Device and method for detecting network access abnormality based on data stream behavior analysis
  • Device and method for detecting network access abnormality based on data stream behavior analysis

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0061] In order to understand the technical content of the present invention more clearly, the following examples are given in detail.

[0062] see figure 1 As shown in FIG. 1 , it is a schematic structural diagram of the network access anomaly detection device based on data flow behavior analysis of the present invention.

[0063] In a specific embodiment, the device includes a traffic information collection module, an abnormal behavior detection module, and an abnormal traffic processing module, the input end of the traffic information collection module is connected to the routing device outside the detection device, and the traffic information collection module The output end of the abnormal behavior detection module is connected to the input end of the abnormal traffic processing module respectively, the output end of the abnormal behavior detection module is connected to the input end of the abnormal traffic processing module, and the abnormal traffic processing module T...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention relates to a device for detecting network access abnormality based on data stream behavior analysis, comprising a flow information collection module, an abnormal behavior detection module and an abnormal flow processing module, wherein the flow information collection module is respectively connected with the abnormal behavior detection module and the abnormal flow processing module;and the abnormal behavior detection module is connected with the abnormal flow processing module. The invention also relates to a method for using the device. In the method, obvious abnormal flow data is filtered out firstly, then a network behavior model is used to detect the filtered flow data, and the network behavior model is automatically updated; and finally, the flow is blocked according to detection results. The device and method provided by the invention is utilized to establish a normal network behavior model. The model is compared with real-time data so as to detect whether real-time flow is abnormal; and the network behavior model is dynamically modified, abnormal flow sources are analyzed, and the abnormal flow is blocked, thus identifying the abnormal flow quickly and effectively and improving the accuracy of the detection.

Description

technical field [0001] The present invention relates to the field of network technology, in particular to the field of network access anomaly detection devices and methods, in particular to a network access anomaly detection device and method based on data flow behavior analysis. Background technique [0002] Currently, the existing network flow traffic analysis techniques are divided into the following categories: [0003] 1. By summing up the network traffic and setting a threshold to judge whether there is any abnormality in the network traffic. For example, through the SNMP interface on the network device, regularly obtain the data flow of the relevant network port, such as the total number of unicast packets, the total number of bytes of unicast packets, etc., and compare them with the preset threshold to determine whether abnormal. [0004] 2. By analyzing single or several consecutive data packets, it is judged whether the data packets belong to abnormal traffic. F...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): H04L12/26H04L12/56H04L47/20
Inventor 逯利军钱培专
Owner CERTUS NETWORK TECHNANJING
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap