Network abnormal traffic detection method based on PAM (Partitioning Around Medoids) clustering algorithm

A network anomaly and traffic detection technology, applied in transmission systems, electrical components, etc., can solve problems such as inconspicuous distances, cluster center deviation, and difficulty in outlier detection, so as to avoid inaccurate results and reduce the amount of data.

Active Publication Date: 2016-11-09
EAST CHINA NORMAL UNIV
View PDF5 Cites 34 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

Of course, this algorithm also has many shortcomings, especially the selected cluster centers are easily affected by outliers. When calculating the mean, if there are some outliers, it is easy to deviate t...

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Network abnormal traffic detection method based on PAM (Partitioning Around Medoids) clustering algorithm
  • Network abnormal traffic detection method based on PAM (Partitioning Around Medoids) clustering algorithm
  • Network abnormal traffic detection method based on PAM (Partitioning Around Medoids) clustering algorithm

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0026] The present invention will be further described in detail in conjunction with the following specific embodiments and accompanying drawings. The process, conditions, experimental methods, etc. for implementing the present invention, except for the content specifically mentioned below, are common knowledge and common knowledge in this field, and the present invention has no special limitation content.

[0027] The network traffic anomaly detection method based on feature selection and density peak clustering of the present invention includes the following four stages:

[0028] In the traffic collection phase, monitor the network through wireshark, collect the monitored data packets locally, and adjust the time format for the next step;

[0029] In the feature extraction stage, the information entropy value of several major features of the flow is calculated within a certain time range to form a new data record;

[0030] In the center selection stage, the data sample is s...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses a network abnormal traffic detection method based on a PAM (Partitioning Around Medoids) clustering algorithm. The method comprises a traffic collection stage of monitoring a network to obtain network data packets through a network analysis tool; a feature extraction stage of extracting attributes of the network data packets, and carrying out information entropy calculation on the attributes of the network data packets in a time period, thereby obtaining multiple multi-dimensional data records; a center selection stage of clustering data points of the network data packets by employing the PAM clustering algorithm according to the multi-dimensional data records, and selecting precise clustering centers through approximate clustering after approximate clustering centers are obtained; and an outlier judgment state of setting a threshold value, and screening data points of which precise clustering center distance and partial outlier factors are greater than the threshold value, thereby obtaining outlier abnormal data. According to the method, the improved PAM clustering algorithm is applied to abnormal traffic detection, the advantage that clustering is unnecessarily marked is inherited, moreover, the operation time required by the algorithm is reduced, and the capability of processing more data can be realized.

Description

technical field [0001] The invention relates to a network anomaly detection technology, in particular to a network anomaly flow detection method based on a PAM clustering algorithm. Background technique [0002] When malicious behaviors such as snooping and intrusion occur, certain characteristics of the traffic transmitted on the network, such as traffic size, data packet length, and the content of a specific area of ​​the data packet, will show dissimilarity from normal traffic. If it can be detected as early as possible With these abnormal traffic, actions can be taken in advance to protect network security. It is of great significance to study the detection of these abnormal traffic, locate the abnormal host, and then deal with the abnormal host to avoid network congestion, ensure network performance, avoid abuse of network resources and protect network information security. [0003] Clustering is a general unsupervised learning method that aims to classify objects into...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
IPC IPC(8): H04L29/06
CPCH04L63/1425
Inventor 何道敬倪谢俊
Owner EAST CHINA NORMAL UNIV
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap