Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Method for detecting anomaly traffic based on feature selection and density peak clustering

A feature selection and density peak technology, applied in transmission systems, electrical components, etc., can solve the problems of long analysis time, limited data, and high computing resources, avoiding inaccurate results and reducing the amount of data.

Active Publication Date: 2016-05-11
EAST CHINA NORMAL UNIV +1
View PDF4 Cites 40 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0004] 1. Due to the large amount of data, the extracted feature dimensions are high and there are irrelevant features, which makes abnormal traffic detection occupy high computing resources and take a long time to analyze. Therefore, effective methods are needed to extract the most suitable features
[0005] 2. The current supervised classification method requires a large amount of manual labeling of unknown traffic, which obviously cannot be applied to large-scale data volumes. Although some unsupervised clustering methods do not require labeling, the clustering accuracy and the required Time is sensitive to some parameters, such as the number of cluster centers, and it is difficult to achieve satisfactory results
An existing clustering method, the clustering algorithm based on the density peak, although it combines the advantages of the distance-based and density-based clustering methods, but in the selection stage of its cluster centers, it is necessary to establish a two-dimensional Matrix, in order to record the distance between the two, on a single machine, the data that can be processed is very limited

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Method for detecting anomaly traffic based on feature selection and density peak clustering
  • Method for detecting anomaly traffic based on feature selection and density peak clustering
  • Method for detecting anomaly traffic based on feature selection and density peak clustering

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0036] The present invention will be further described in detail with reference to the following specific embodiments and drawings. The process, conditions, experimental methods, etc. for implementing the present invention, except for the content specifically mentioned below, are common knowledge and common knowledge in the field, and the present invention has no special limitations.

[0037] The meanings of the relevant technical terms in this embodiment are as follows:

[0038] 1. tcpdump: tcpdump can completely intercept the header of the data packet transmitted in the network to provide analysis. It supports filtering for network layers, protocols, hosts, networks or ports, and provides logical sentences such as and, or, not to help you remove useless information.

[0039] 2. MIC: Maximum information coefficient.

[0040] 3. Local density ρ i = X j A I S \ { i } χ ( d ij - d c ) , Where the function χ ( x ) ...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention discloses a method for detecting network traffic anomaly based on feature selection and density peak clustering. The method comprises the following stages: a stage of acquiring the traffic: monitoring a network through a network analysis tool, and acquiring monitored data packets in the local; a stage of extracting features: extracting the data packets belonging to the same stream from the data packets, performing feature extraction of the data packets, and normalizing the extracted features; a stage of selecting the features: evaluating the importance of each feature on classification decision by utilizing a maximal information coefficient, simply clustering the features according to the redundancy among the features, selecting one feature having the highest importance, and adding the feature having the highest importance into a feature sub-set; and a stage of clustering and analyzing: clustering the features by adopting an improved clustering method based on a density peak so as to obtain clusters in a plurality of traffic types, performing little sampling of the cluster in each traffic type, performing class detection, and covering the traffic types of the clusters in the whole traffic types by utilizing the modal classified traffic types in a sampled sample, such that the anomaly traffic can be detected.

Description

Technical field [0001] The invention belongs to the cross field of data mining and abnormal detection, and particularly relates to an abnormal flow detection method based on feature selection and density peak clustering. Background technique [0002] When malicious behaviors such as snooping and intrusion occur, certain characteristics of the traffic transmitted on the network, such as the size of the traffic, the length of the data packet, and the content of the specific area of ​​the data packet, will show differences from the normal traffic. If it can be detected as soon as possible With these abnormal traffic, actions can be taken in advance to protect network security. The study of detecting and locating abnormal hosts caused by abnormal traffic, and then processing abnormal hosts, is of great significance to avoid network congestion, ensure network performance, avoid abuse of network resources, and protect network information security. [0003] The ease of use and automation...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Applications(China)
IPC IPC(8): H04L29/06
CPCH04L63/1425
Inventor 何道敬倪谢俊黄琳
Owner EAST CHINA NORMAL UNIV
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com