A Classification Method for Network Abnormal Events

A classification method and network anomaly technology, which is applied in the network field to achieve the effect of improving accuracy and ensuring real-time requirements

Active Publication Date: 2011-12-07
四川易诚智讯科技有限公司
View PDF4 Cites 42 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0009] The purpose of the present invention is to solve the problems existing in the existing network abnormal event classification method, and propose a network abnormal event classification method

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • A Classification Method for Network Abnormal Events
  • A Classification Method for Network Abnormal Events
  • A Classification Method for Network Abnormal Events

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0020] The present invention will be further elaborated below in conjunction with the accompanying drawings and specific embodiments.

[0021] The network abnormal event classification method of the present invention firstly extracts the flow characteristic parameters at the detected abnormal time points from the network flow data, and then calculates relative entropy and agglomerative hierarchical clustering according to the method of extracting flow characteristic parameters—abnormal characteristics Multi-time series representation - building an initial classification tree - finding the subtree with the smallest distance to the newly captured anomaly and analyzing it to complete the anomaly classification of the backbone network. The specific process diagram is as follows figure 1 As shown, a detailed description is given below.

[0022] Specifically include the following steps:

[0023] S1. Obtain flow data in the network from network devices, and extract flow characteris...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses a method for classifying network abnormal events. The method disclosed by the invention comprises the following steps of: firstly, extracting flow characteristic parameters from network flow data; and, determining a historical time window and constructing abnormal characteristic multi-time sequences according to a detected abnormal time point, wherein the accuracy for classifying abnormal events of a backbone network can be effectively improved by sufficiently utilizing the time correlation of a flow behavior; simultaneously, different kinds of abnormal events having similar characteristics can be effectively distinguished by analyzing the similarity between the abnormal characteristic multi-time sequences; and the real-time requirement for classifying the abnormalevents of the backbone network can be ensured by utilizing an information entropy to process mass data.

Description

technical field [0001] The invention belongs to the field of network technology, in particular to a method for classifying abnormal network events. Background technique [0002] Abnormal network events are manifested as deviations of traffic behavior in the network from its normal behavior. It may be network abuse, such as DoS attack, DDoS attack, port scanning, etc.; it may also be equipment failure, such as router port failure; it may also be legitimate user behavior, such as Flash Crowd, etc. In order to quickly formulate an emergency plan when an abnormal network event occurs and reduce the harm of the abnormal event, real-time classification of the abnormal network event has become a problem that has been widely concerned by the academic circles in recent years. [0003] At present, the classification of abnormal events in the backbone network mainly faces the following difficulties: [0004] 1. The traffic in the backbone network is huge. It is bound to consume a lot...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): H04L12/56H04L12/26H04L12/24
Inventor 胡光岷马力周颖杰
Owner 四川易诚智讯科技有限公司
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap