A Method of Abnormal Traffic Detection

An abnormal flow and abnormal technology, applied in the direction of electrical components, transmission systems, etc., can solve the problems of uncleanness, performance reduction, manslaughter cleaning, etc., to achieve the effect of improving the effect and improving the performance.

Active Publication Date: 2018-08-28
GUANGDONG EFLYCLOUD COMPUTING CO LTD
View PDF9 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0005] The current abnormal traffic detection method generally adopts the method of deploying detection equipment in bypass and deploying cleaning equipment in series. The detection equipment generally not only detects the abnormal target IP, but also tries to find out the IP of the attack, that is, the source IP, and then announces to the cleaning equipment Abnormal, the cleaning device performs a simple filtering and cleaning with a specific cleaning strategy for the abnormal. The defect of this method is that the detection device needs to perform statistical detection on a large number of targets, which consumes a lot of performance. In addition, trying to find out the attack IP , not only will greatly reduce the performance, but also the accuracy rate is not ideal, and the cleaning strategy of the cleaning equipment is too simple, which will cause accidental killing or unclean cleaning, and have a bad experience for users in the network

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • A Method of Abnormal Traffic Detection
  • A Method of Abnormal Traffic Detection
  • A Method of Abnormal Traffic Detection

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0018] figure 1 It is a flowchart of a method for detecting abnormal traffic provided in Embodiment 1 of the present invention. The method is suitable for detecting and cleaning abnormal flow in a large flow environment. For example, some operators can use this method to detect and clean the traffic, so as to ensure the normal and stable operation of the network and the normal development of services. The method is executed by a detection device for abnormal flow detection and a cleaning device. The device can be set in the terminal, and can be implemented in the form of software and / or hardware.

[0019] like figure 1 As shown, the method includes:

[0020] S110. The detection device performs statistics and detection on the destination IP of the packet.

[0021] The execution equipment of the abnormal flow detection method includes detection equipment and cleaning equipment. First, the detection device receives the message from the server, and the detection device comple...

Embodiment 2

[0046] figure 2 It is a flow chart of a detection device collecting statistics on target IPs provided by Embodiment 2 of the present invention. Based on the first embodiment, this embodiment specifically exemplifies the process of the detection device collecting statistics on the target IP address of the message. like figure 2 shown, including:

[0047] S210. Create an array DH (including units PKG, PS, NOR, AVG, ATT).

[0048] Establish a hash array DH, which contains five subunits: PKG, PS, NOR, AVG and ATT, and then these subunits are a large array, and each position in the array belongs to the corresponding target IP, that is, each target IP has There are corresponding array bits.

[0049] S220. Receive the packet PKT, and extract the DIP from it.

[0050] The PKT contains the information of the target IP, that is, the DIP. When the detection device receives the PKT from the server, it takes out the DIP from it.

[0051] S230. Determine whether the DIP exists in th...

Embodiment 3

[0058] image 3 It is a specific flowchart of a method for detecting abnormal traffic provided by Embodiment 3 of the present invention. This embodiment is based on the above-mentioned embodiments. The detection device detects the target IP and the cleaning device performs source IP statistics on the abnormal target IP packets notified by the detection device, statistics of signatures and probability statistics of packet length. The whole process is described in detail. like image 3 shown, including:

[0059] S301. Create a thread PT.

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses an abnormal flow detection method. The method comprises steps that detection equipment counts and detects target IPs of messages; the detection equipment selects an abnormal target IP and sends a notice to cleaning equipment; and the cleaning equipment performs IP statistics, feature code statistics and message length probability statistics of the message including the abnormal target IP and then performs cleaning and filtering. The invention solves the problem that a conventional abnormal flow detection device is poor in detection performance and unsatisfactory in cleaning effect, and improves the detection and cleaning accuracy.

Description

technical field [0001] The invention relates to the field of statistical analysis of network traffic, in particular to a method for detecting abnormal traffic. Background technique [0002] Denial of Service attack (DoS, Denial of Service) refers to using various service requests to exhaust the system resources of the attacked network, so that the attacked network cannot process the requests of legitimate users. With the rise of botnets, and due to the characteristics of simple attack methods, large impact, and difficulty in tracing, distributed denial of service attacks (DDoS, Distributed Denial of Service) have grown rapidly and become increasingly rampant. A botnet composed of tens of thousands of hosts provides the required bandwidth and hosts for DDoS attacks, forming a huge attack and network traffic, causing great harm to the attacked network. [0003] With the continuous improvement and development of DDoS attack technology, operators such as Internet Service Provid...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Patents(China)
IPC IPC(8): H04L29/06
CPCH04L41/14H04L63/1416
Inventor 梁润强麦剑闵宇曾宪力黄劲聪杨燕青
Owner GUANGDONG EFLYCLOUD COMPUTING CO LTD
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap