Network abnormity flow monitoring system based on density peak value cluster

A network anomaly and traffic monitoring technology, applied in transmission systems, electrical components, etc., can solve problems such as algorithm failure and algorithm detection efficiency reduction, and achieve good compatibility and scalability.

Active Publication Date: 2016-03-02
CHONGQING UNIV OF POSTS & TELECOMM
View PDF3 Cites 22 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

If the label of the training data is incorrect, the normal or abnormal model obtained through algorithm training will be

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Network abnormity flow monitoring system based on density peak value cluster
  • Network abnormity flow monitoring system based on density peak value cluster
  • Network abnormity flow monitoring system based on density peak value cluster

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0032] Below in conjunction with accompanying drawing, the present invention will be further described:

[0033] Such as figure 1 As shown, 101 feature selection module: for feature extraction and selection of original network traffic data, new feature space data is aggregated in unit time according to keywords; the length of unit time determines the granularity of feature selection, according to the optimal principle , where the unit time length is selected as one minute. The keyword selects the source IP address or the destination IP address, aggregates the captured network traffic data in units of each minute according to the timestamp, and calculates and extracts the following 21 feature vectors: the number of records per unit time, the amount of source IP addresses, Source IP address number entropy, source port number, source port number entropy, destination IP address number, destination IP address number entropy, destination IP address edit distance, destination IP add...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses a network abnormal flow monitoring system based on a density peak value cluster, comprising a characteristic selection module, a subspace mapping module, an abnormal weight assignment module, an abnormal weight value integration module, an abnormal weight value threshold determination module, and an abnormal flow detection module. The characteristic selection module chooses a new characteristic space module through a key character source IP address collected in a unit time of one minute; the subspace mapping module maps a high dimension characteristic space to a plurality of low dimension spaces to form a plurality of new characteristic space data; the abnormal weight assignment module calculates the abnormal weight of each data point in each subspace on the basis of distance weight assignment method of the density and the distance; the abnormal weight value integration module calculates the abnormal weight values in the subspace to perform integration to obtain the ultimate abnormal weight of the original space data point; the abnormal weight threshold determination module takes the gradient abrupt change position as a detection threshold after sorting the ultimate abnormal weights according to the reverse order; and the network flow, the abnormal weight of which is greater than the threshold, is abnormal flow, and otherwise, the network flow is the normal flow. The network abnormity flow monitoring system based on the density peak value cluster is applicable to various network environments and can improve the accuracy of the detection precision.

Description

technical field [0001] The invention relates to the fields of network intrusion detection, machine learning and the like, and in particular to an unsupervised network abnormal traffic detection method based on multi-space abnormal weighting. Background technique [0002] Network intrusion detection technology is mainly divided into two categories: misuse detection (MisuseDetection) and anomaly detection (AnomalyDetection). Misuse detection is a feature matching method that compares computer behavior with known application or attack features. This method has a relatively high detection rate, but it can only detect known attack types and known system weaknesses. An unknown attack was detected. Relatively speaking, anomaly detection is to observe the activities of the subject according to the abnormal monitor, and then generate outlines that describe these activities. Each outline saves and records the current behavior of the subject, and regularly merges the current behavior ...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
IPC IPC(8): H04L29/06
CPCH04L63/1408H04L63/1425H04L63/1466
Inventor 王国胤赵烜强李智星彭思源
Owner CHONGQING UNIV OF POSTS & TELECOMM
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap