Information entropy variance analysis-based abnormal traffic detection method

A technology of variance analysis and abnormal traffic, applied in the information field, can solve problems such as difficult to distinguish between sudden and normal traffic, traditional detection methods are difficult to work, and cannot bear the load, so as to save computing resource consumption, improve real-time detection efficiency, and improve accuracy Effect

Inactive Publication Date: 2016-08-10
深圳市傲天科技股份有限公司
View PDF6 Cites 72 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0015] 1. At present, the Internet is developing extremely fast and has become the era of big data, and the cost of user interaction data in the Internet is also increasing. Most of the original methods are to identify attacks by performing feature detection on the TCP packet protocol. And when the amount of data doubles, such a solution will not be able to carry
[0016] 2. The detection method is too cumbersome, and the real-time response speed of attack identification is relatively slow
[0017] 3. Due to the dis...

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Information entropy variance analysis-based abnormal traffic detection method
  • Information entropy variance analysis-based abnormal traffic detection method
  • Information entropy variance analysis-based abnormal traffic detection method

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0044] The specific steps of the abnormal traffic detection method based on the variance analysis of information entropy are as follows: figure 1 shown.

[0045] The backbone network abnormal traffic detection and abnormal flow identification method based on traffic behavior characteristics includes four steps: traffic behavior feature extraction, abnormal time point determination, abnormal destination IP determination, abnormal flow extraction and attack determination. The specific process is as follows:

[0046] (1). Obtain raw data from network equipment and extract traffic behavior characteristics from it;

[0047] (2). Process the coarse-grained traffic behavior characteristic parameters to determine the time point when the abnormal behavior occurs;

[0048] (3). Analyze the fine-grained traffic parameters of the sub-flows composed of the N destination IPs with the largest traffic at the time point when the abnormal behavior occurs in the historical time window, and det...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses an information entropy variance analysis-based abnormal traffic detection method. According to the method, a large quantity of Internet user access logs are obtained, and collected data is processed via a system; attack behaviors or abnormal behaviors can be rapidly identified and recorded via big data mining, association and statistical analysis; invasive attack alarm information data can be formed; a complete attack path can be constructed via relevant invasive attack data analysis, and therefore an object of invasion tracking and positioning can be attained. Via use of the abnormal traffic detection method, behavior after events can be traced and machine learning of user access behaviors can be realized, a false alarm rate of a system can be lowered, a network traffic detectability set is put forward, a baseline for normal network traffic is described, and reference is provided for abnormity detection.

Description

technical field [0001] The invention belongs to the field of information, in particular to an abnormal traffic detection method based on variance analysis of information entropy. Background technique [0002] Glossary: [0003] DDoS: Distributed Denial of Service (DDoS: Distributed Denial of Service) attack refers to the use of client / server technology to combine multiple computers as an attack platform to launch a DDoS attack on one or more targets. [0004] CC: (Challenge Collapsar) The attacker uses the proxy server to generate legitimate requests to the victim host to achieve DDOS and camouflage. [0005] CNNIC: China Internet Network Information Center (CNNIC for short). [0006] TCP: TCP (Transmission Control Protocol) is a connection-oriented, reliable, byte-stream-based transport layer communication protocol defined by RFC 793 of the IETF. [0007] With the rapid development of the Internet and the advent of the network society, the relationship between the networ...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
IPC IPC(8): H04L29/06
CPCH04L63/1441H04L63/1416H04L63/1425H04L63/1466
Inventor 黄霄
Owner 深圳市傲天科技股份有限公司
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap