A network abnormal traffic detection method based on pam clustering algorithm

A network anomaly and traffic detection technology, applied in transmission systems, electrical components, etc., can solve problems such as inconspicuous distances, cluster center deviation, and difficulty in outlier detection, so as to avoid inaccurate results and reduce the amount of data.
CN106101102BActive Publication Date: 2019-07-26EAST CHINA NORMAL UNIV
5 Cites 0 Cited by

Patent Information

Authority / Receiving Office
CN Β· China
Patent Type
Patents(China)
Current Assignee / Owner
EAST CHINA NORMAL UNIV
Publication Date
2019-07-26

Smart Images

  • Figure 1
    Figure 1
  • Figure 2
    Figure 2
  • Figure 3
    Figure 3
Patent Text Reader

Abstract

The invention discloses a network abnormal traffic detection method based on a PAM (Partitioning Around Medoids) clustering algorithm. The method comprises a traffic collection stage of monitoring a network to obtain network data packets through a network analysis tool; a feature extraction stage of extracting attributes of the network data packets, and carrying out information entropy calculation on the attributes of the network data packets in a time period, thereby obtaining multiple multi-dimensional data records; a center selection stage of clustering data points of the network data packets by employing the PAM clustering algorithm according to the multi-dimensional data records, and selecting precise clustering centers through approximate clustering after approximate clustering centers are obtained; and an outlier judgment state of setting a threshold value, and screening data points of which precise clustering center distance and partial outlier factors are greater than the threshold value, thereby obtaining outlier abnormal data. According to the method, the improved PAM clustering algorithm is applied to abnormal traffic detection, the advantage that clustering is unnecessarily marked is inherited, moreover, the operation time required by the algorithm is reduced, and the capability of processing more data can be realized.
Need to check novelty before this filing date? Find Prior Art

Description

technical field

[0001] The invention relates to a network anomaly detection technology, in particular to a network anomaly flow detection method based on a PAM clustering algorithm. Background technique

[0002] When malicious behaviors such as snooping and intrusion occur, certain characteristics of the traffic transmitted on the network, such as traffic size, data packet length, and the content of a specific area of ​​the data packet, will show dissimilarity from normal traffic. If it can be detected as early as possible With these abnormal traffic, actions can be taken in advance to protect network security. It is of great significance to study the detection of these abnormal traffic, locate the abnormal host, and then deal with the abnormal host to avoid network congestion, ensure network performance, avoid abuse of network resources and protect network information security.

[0003] Clustering is a general unsupervised learning method that aims to classify objects into...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More