A Network Anomaly Detection Method Based on Relative Position Metric

A network anomaly and relative position technology, applied in data exchange networks, digital transmission systems, electrical components, etc., can solve the problems of poor scalability, unclear alarm meaning, low real-time and accuracy, and achieve effective detection and improvement. The effect of detection efficiency

Active Publication Date: 2019-01-22
UNIV OF ELECTRONICS SCI & TECH OF CHINA
View PDF2 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0006] Existing network traffic anomaly detection technologies have some shortcomings, such as unclear alarm meaning, poor scalability, real-time performance and accuracy are still not high, etc.

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • A Network Anomaly Detection Method Based on Relative Position Metric
  • A Network Anomaly Detection Method Based on Relative Position Metric
  • A Network Anomaly Detection Method Based on Relative Position Metric

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0031] The present invention will be further elaborated below in conjunction with the accompanying drawings and specific embodiments.

[0032] Such as figure 1 As shown, the network anomaly detection method based on the relative position measurement of the present invention comprises the following steps:

[0033] Step 1, the flow in the backbone communication network is sampled; The data sampled in the said step 1 has No. (the numbering of data packet in this information flow), Time (and the interception time of the first data packet of this information flow relative time), doctets (the total number of network layer bytes in the packet), srcaddr (source IP address), dstaddr (destination IP address), srcport (TCP / UDP source port number), dstport (TCP / UDP destination port number), prot (IP protocol type), tcp_flags (TCP flag bit).

[0034] Step 2, introduce Shannon entropy and sample data is preprocessed; The data that Shannon entropy processes in described step 2 has doctets ...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses a network anomaly detection method based on relative position measurement, which samples the traffic in the backbone communication network; introduces Shannon entropy to preprocess the sampled data; introduces a relative position measurement method of z score to process the preprocessed data Perform calculations; build a z-score map based on the Shannon entropy value; use Shannon entropy changes combined with the z-score map to analyze whether the network is abnormal. Beneficial effects of the present invention: through the introduction of Shannon entropy, the aggregated and discrete trends of attributes in network traffic can be represented, and then by introducing z-scores, according to the rules of thumb in statistics, a z-score map based on Shannon entropy can be built. Intuitively judge whether there is a suspected abnormality, as well as the time and degree of the suspected abnormality; by comparing the degree of suspected abnormality and related attributes, and comparing the characteristics of common abnormalities in the network, the detection range of suspected abnormalities can be further narrowed to achieve The purpose of effective detection and improving detection efficiency.

Description

technical field [0001] The invention belongs to the field of network detection, in particular to a network anomaly detection method based on relative position measurement. Background technique [0002] With the development of the Internet and the continuous growth of business volume, large-scale communication networks are developing in the direction of high speed, diversification, and complexity. The amount of data exchanged in the network is increasing, and the harm of abnormal network traffic is also increasing. . [0003] Anomalies in network traffic are characterized by sudden onset, unknown aura characteristics, and massive consumption of network resources, resulting in network congestion, decreased network link utilization, and significantly reduced network service quality, which may cause extreme damage to network operators and customers in a short period of time. Therefore, detecting and responding to traffic anomalies in real time is an important means to prevent a...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Patents(China)
IPC IPC(8): H04L12/26
Inventor 张焕娜胡航宇胡光岷
Owner UNIV OF ELECTRONICS SCI & TECH OF CHINA
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap