Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Efficient multistage anomaly flow detection method based on TCP

A technology of abnormal flow and detection method, which is applied in the direction of digital transmission system, electrical components, transmission system, etc., and can solve the problems of inaccurate detection results, high false alarm rate, and large limitations in the use of detection methods.

Active Publication Date: 2015-06-24
CHONGQING UNIV OF POSTS & TELECOMM
View PDF3 Cites 17 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0005] At present, the anomaly detection methods that have been proposed, such as the nonlinear abnormal flow detection method (NLPP), the abnormal flow detection method based on wavelet analysis, and the abnormal flow detection method based on the ARMA model, can detect the abnormality quickly in real time, but the computational The complexity is high, and the detection results are not accurate enough, and there is often a large false alarm rate, and the detection method can only be used when the traffic data has long-term correlation characteristics
However, when most flow data are collected, the correlation characteristics are not obvious, and the fluctuation trend often presents a non-stationary state, which makes the scope of use of the detection method very limited.

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Efficient multistage anomaly flow detection method based on TCP
  • Efficient multistage anomaly flow detection method based on TCP
  • Efficient multistage anomaly flow detection method based on TCP

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0026] The technical solutions in the embodiments of the present invention will be clearly and completely described below in conjunction with the drawings in the embodiments of the present invention. Apparently, the described embodiment is only one embodiment of the present invention, not all of them.

[0027] figure 1 It is a schematic diagram of the multi-level anomaly detection process of the present invention. The present invention is proposed based on the TCP three-way handshake connection protocol of Internet communication. During the communication process, the client makes a request, requests access to the server, and establishes a connection. When the access is normal, the access process is as follows:

[0028] S1: The client initiates a request, and the sent request packet is forwarded to the firewall through the router. After receiving the request packet, the firewall collects statistics on the traffic and performs primary detection, that is, differential traffic ...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention discloses an efficient multistage anomaly flow detection method based on a TCP. A multistage anomaly detection mechanism is added in a traditional anomaly flow detection process. The method is used for anomaly detection for data flow sent by a client side in the network, the difference mean value method is used for carrying out difference stabilization processing on original flow produced by the client side, meanwhile, analysis and statistics are carried out on existing flow in the network, a self-adaptive threshold value interval is dynamically set, self-adaptive threshold value difference flow detection is carried out on the stabilized flow, and further anomaly detection is carried out on a data package which passes primary detection. The further anomaly detection is mainly used for analyzing the data package transmitted by a router, the key field is extracted, and whether the data package sent by the client side is abnormal or not is judged further by judging the key field. The efficient multistage anomaly flow detection method improves detection precision, and is easy and convenient to implement.

Description

technical field [0001] The invention belongs to the technical field of communication anomaly detection, relates to fast and real-time anomaly detection technology for various anomalies on the Internet, and specifically designs a high-efficiency multi-level abnormal traffic detection method based on the TCP protocol. Background technique [0002] Network abnormal traffic detection is an important part of network monitoring. Abnormal network traffic refers to the situation where the traffic behavior in the network deviates from the normal behavior. In the network, there are many reasons for abnormal network traffic. For example, equipment failure in the network leads to abnormal communication and abnormality; abnormal network operation, sudden access (Flash crowd), network intrusion, etc. will cause network abnormality. At the same time, network anomaly detection is an important guarantee for communication security during the continuous development of the network, the plannin...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Applications(China)
IPC IPC(8): H04L12/26
Inventor 徐光侠吴群刘宴兵常光辉李娜梁绍飞胡杰李来军高诗意
Owner CHONGQING UNIV OF POSTS & TELECOMM
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com