Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

An Abnormal Traffic Detection Method Based on Feature Selection and Density Peak Clustering

A feature selection and density peak technology, applied in the transmission system, electrical components, etc., can solve the problems of long analysis time, limited data, and inability to apply large-scale data volume, so as to avoid inaccurate results and reduce the amount of data.

Active Publication Date: 2019-02-15
EAST CHINA NORMAL UNIV +1
View PDF4 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0004] 1. Due to the large amount of data, the extracted feature dimensions are high and there are irrelevant features, which makes abnormal traffic detection occupy high computing resources and take a long time to analyze. Therefore, effective methods are needed to extract the most suitable features
[0005] 2. The current supervised classification method requires a large amount of manual labeling of unknown traffic, which obviously cannot be applied to large-scale data volumes. Although some unsupervised clustering methods do not require labeling, the clustering accuracy and the required Time is sensitive to some parameters, such as the number of cluster centers, and it is difficult to achieve satisfactory results
An existing clustering method, the clustering algorithm based on the density peak, although it combines the advantages of the distance-based and density-based clustering methods, but in the selection stage of its cluster centers, it is necessary to establish a two-dimensional Matrix, in order to record the distance between the two, on a single machine, the data that can be processed is very limited

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • An Abnormal Traffic Detection Method Based on Feature Selection and Density Peak Clustering
  • An Abnormal Traffic Detection Method Based on Feature Selection and Density Peak Clustering
  • An Abnormal Traffic Detection Method Based on Feature Selection and Density Peak Clustering

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0036] The present invention will be further described in detail in conjunction with the following specific embodiments and accompanying drawings. The process, conditions, experimental methods, etc. for implementing the present invention, except for the content specifically mentioned below, are common knowledge and common knowledge in this field, and the present invention has no special limitation content.

[0037] The meanings of relevant technical terms in this embodiment are as follows:

[0038] 1. tcpdump: tcpdump can completely intercept the headers of data packets transmitted in the network for analysis. It supports filtering for network layer, protocol, host, network or port, and provides logical statements such as and, or, not to help you remove useless information.

[0039] 2.MIC: maximum information coefficient.

[0040] 3. Local Density which function parameter d c >0 is the cut-off distance, I s is the set of data points involved in the density calculation,...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention discloses a method for detecting network traffic anomaly based on feature selection and density peak clustering. The method comprises the following stages: a stage of acquiring the traffic: monitoring a network through a network analysis tool, and acquiring monitored data packets in the local; a stage of extracting features: extracting the data packets belonging to the same stream from the data packets, performing feature extraction of the data packets, and normalizing the extracted features; a stage of selecting the features: evaluating the importance of each feature on classification decision by utilizing a maximal information coefficient, simply clustering the features according to the redundancy among the features, selecting one feature having the highest importance, and adding the feature having the highest importance into a feature sub-set; and a stage of clustering and analyzing: clustering the features by adopting an improved clustering method based on a density peak so as to obtain clusters in a plurality of traffic types, performing little sampling of the cluster in each traffic type, performing class detection, and covering the traffic types of the clusters in the whole traffic types by utilizing the modal classified traffic types in a sampled sample, such that the anomaly traffic can be detected.

Description

technical field [0001] The invention belongs to the intersecting fields of data mining and abnormality detection, and in particular relates to an abnormal flow detection method based on feature selection and density peak clustering. Background technique [0002] When malicious behaviors such as snooping and intrusion occur, certain characteristics of the traffic transmitted on the network, such as traffic size, data packet length, and the content of a specific area of ​​the data packet, will show dissimilarity from normal traffic. If it can be detected as early as possible With these abnormal traffic, actions can be taken in advance to protect network security. It is of great significance to study the detection of these abnormal traffic, locate the abnormal host, and then deal with the abnormal host to avoid network congestion, ensure network performance, avoid abuse of network resources and protect network information security. [0003] The ease of use and automation of da...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Patents(China)
IPC IPC(8): H04L29/06
CPCH04L63/1425
Inventor 何道敬倪谢俊黄琳
Owner EAST CHINA NORMAL UNIV
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com