Anomaly detection method based on network flow analysis

A network traffic and anomaly detection technology, applied in the field of information security, can solve problems such as high detection complexity and unsatisfactory detection accuracy, and achieve the effect of reducing the dimensionality of traffic characteristics, improving performance, and improving accuracy

Active Publication Date: 2013-04-03
BEIJING UNIV OF TECH
View PDF3 Cites 37 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

The shortcomings of existing methods are mainly reflected in the high detection complexity and unsatisfactory detection accuracy.

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Anomaly detection method based on network flow analysis
  • Anomaly detection method based on network flow analysis
  • Anomaly detection method based on network flow analysis

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0029] Attached below figure 1 Introduce the steps of the realization method of the present invention in detail:

[0030] See attached figure 1 , the present invention is a solution for detecting anomalies by analyzing network traffic. The detection scheme is divided into three modules: 1. data preprocessing module, 2. feature selection module, 3. anomaly detection module. The detection process is as follows:

[0031] 1) First, use the data preprocessing module to perform data preprocessing on the network traffic. Open the obtained network traffic (normal or abnormal) information file, and count the values ​​of each initial feature in the same time interval (such as 2s) according to the traffic features in the initial feature library (110 in total, see the initial feature set table), 110 One initial eigenvalue forms a sample, and multiple samples form a sample set (normal or abnormal), and the sample set is stored in the eigenvalue library. After processing, a normal sampl...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses an anomaly detection method based on network flow analysis. A complete network flow initial feature set is provided by deeply analyzing an IP (internet protocol) data packet, and the performance of an anomaly detection system can be fundamentally improved. A feature subset for anomaly detection is dynamically selected according to different types of network anomalies, finally, the class of an unknown sample is predicted according to the feature subset by a Bayes classifier, and the anomalies are prompted if the unknown sample is abnormal according to a prediction result. A data preprocessing module is used for processing preliminary data; a feature selecting module is used for selecting the proper feature subset for anomaly detection according to the types of the anomalies; and an anomaly detection module is used for prompting the anomalies after the anomalies are found. By the aid of dynamic feature selection algorithm, the optimal feature subset for detecting the anomalies can be dynamically selected according to the different types of anomalies, flow feature dimensions for detecting the anomalies can be reduced, and anomaly detection accuracy is improved.

Description

Technical field: [0001] The invention relates to an anomaly detection method based on network flow analysis, which belongs to the field of information security. Background technique: [0002] With the rapid development and wide application of computer and Internet technology, the security of computer network systems is seriously challenged, and threats from computer viruses, hacker attacks and other aspects are increasing. Therefore, it is difficult to detect anomalies when users go online. . First, there are all kinds of anomalies in the network. Abnormalities may come from network activities with malicious intentions, such as port scanning, distributed denial of service attacks, or user misoperations and network failures, such as link failures, routing problems, and buffer overflows of measurement devices. Second, there are abnormalities in high-dimensional traffic characteristics. In the detection process, if the selected feature subset is low-dimensional, it is not en...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): H04L12/26H04L29/06
Inventor 赖英旭李秀龙杨震刘静李健
Owner BEIJING UNIV OF TECH
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap