Full-network traffic abnormality extraction method

A network traffic and abnormal technology, applied in the field of information security, can solve problems such as unsatisfactory real-time performance and detection effect, complex algorithm process, and reduced efficiency, so as to achieve intuitive and clear detection effect, improve computing efficiency, and improve accuracy.

Active Publication Date: 2016-11-09
中国人民解放军防空兵学院
View PDF6 Cites 20 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

However, the efficiency of non-statistical anomaly detection methods is greatly reduced when the number of samples is large, and the complexity of the algorithm process makes them difficult to deploy on the online real-time anomaly detection system. Unsatisfactory real-time performance and detection

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Full-network traffic abnormality extraction method
  • Full-network traffic abnormality extraction method
  • Full-network traffic abnormality extraction method

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0045] In order to facilitate understanding of the present invention, the present invention will be described in more detail below with reference to the accompanying drawings and specific embodiments. Preferred embodiments of the invention are shown in the accompanying drawings. However, the present invention may be embodied in many different forms and is not limited to the embodiments described in this specification. Rather, these embodiments are provided so that a thorough and complete understanding of the present disclosure is provided.

[0046] It should be noted that, unless otherwise defined, all technical and scientific terms used in this specification have the same meaning as commonly understood by those skilled in the technical field of the present invention. The terms used in the description of the present invention are only for the purpose of describing specific embodiments, and are not used to limit the present invention.

[0047] figure 1 It is a flowchart of a...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses a full-network traffic abnormality extraction method. The method comprises the following steps: step one, selecting monitoring nodes of an autonomous system; step two, segmenting network data stream of each monitoring node with the fixed time interval within a determined time slot, wherein each monitoring node obtain data stream files of multiple continuous periods; step three, constructing and applying a traffic abnormality detector to pre-detect the data stream files of each monitoring node, and determining the abnormal data stream file; step four, performing iterative calculation on the data stream in the abnormal data stream file of each monitoring node to pre-select candidate abnormal data stream sets; step five, summarizing all candidate abnormal data stream sets to form a full-network candidate abnormal data stream set; step six, excavating the full-network candidate abnormal data stream sets using association rules so as to find the real abnormal data stream set. Through the adoption of the method disclosed by the invention, the abnormal data stream can be efficiently and accurately captured based on the MapReduce parallel programming model.

Description

technical field [0001] The invention relates to the technical field of information security, in particular to a method for extracting abnormal data streams from the entire network traffic. Background technique [0002] With the development of the network, abnormal network behaviors include network failures, user misoperations, network attacks, and network virus propagation. These abnormal behaviors often cause the network traffic on one or more links in the network to deviate from the normal phenomenon. Although abnormal data traffic does not show obvious abnormal characteristics on a single or multiple links, the sum of abnormal data traffic of multiple links in the network is relatively large. Therefore, traffic anomalies are extremely harmful and destructive to the network and various devices running on the network. [0003] In the prior art, methods for detecting abnormal network data traffic include non-statistical-based anomaly detection methods such as: based on neur...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): H04L29/06
CPCH04L63/1425
Inventor 钱叶魁刘凤荣叶立新赵鑫李宇翀王丙坤李柏楠张兆光邹富春杜江王文娟黄浩蒋文峰李涛马雪红
Owner 中国人民解放军防空兵学院
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap