All-network abnormal data stream classification method

A network anomaly and classification method technology, applied to electrical components, transmission systems, etc., can solve the problems of network anomaly complexity, variability, and difficulty in ensuring accuracy

Active Publication Date: 2016-12-21
中国人民解放军防空兵学院
View PDF6 Cites 16 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0003] In the prior art, the sampling method based on IP flow is generally used to extract abnormal data flow, and then the abnormal data flow is classified using supervised pattern recognition, that is, a group of samples of known categories are used as a training set to establish a mathematical model, and then use The established model ...

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • All-network abnormal data stream classification method
  • All-network abnormal data stream classification method
  • All-network abnormal data stream classification method

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0049] In order to facilitate the understanding of the present invention, the present invention will be described in more detail below in conjunction with the accompanying drawings and specific embodiments. Preferred embodiments of the invention are shown in the accompanying drawings. However, the present invention can be implemented in many different forms and is not limited to the embodiments described in this specification. On the contrary, these embodiments are provided to make the understanding of the disclosure of the present invention more thorough and comprehensive.

[0050] It should be noted that, unless otherwise defined, all technical and scientific terms used in this specification have the same meaning as commonly understood by those skilled in the technical field of the present invention. Terms used in the description of the present invention are only for the purpose of describing specific embodiments, and are not used to limit the present invention.

[0051] ...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses an all-network abnormal data stream classification method. The method comprises: step one, abnormal data stream extraction is carried out on an all-network data stream and an abnormal data stream set in the abnormal data stream is outputted; step two, an average value S-P of an abnormal data stream size during per-package counting of the abnormal data stream is calculated, wherein the P is larger than or equal to 1 and is less than or equal to i, an average value B-P of a package size during per-byte counting of the abnormal data stream is calculated, wherein the P is larger than or equal to 1 and is less than or equal to I, at least one feature of the abnormal data stream is extracted, statistics of a distribution entropy H of the extracted feature is carried out, and feature vectorization of the abnormal data stream is carried out by using the S-P, the B-P, and the distribution entropy H of the extracted features as coordinate values to form a point set of a multi-dimensional space; step three, coarse clustering is carried out on the point set by using a Canopy method to obtain a cluster center and a number K value of central points; and step four, according to the cluster center, and the K value, fine clustering is carried out on the abnormal data stream after feature vectorization by using a K-means calculation method and thus a precise classification result of the abnormal data stream is obtained.

Description

technical field [0001] The invention relates to the technical field of information security, in particular to a method for classifying abnormal data streams across the entire network. Background technique [0002] With the development of the network, abnormal network behaviors include network failures, user misoperations, network attacks, and network virus propagation. These abnormal behaviors often cause network traffic on single or multiple links in the network to deviate from the normal phenomenon. When any one of them causes abnormal network traffic, it has its fixed behavior pattern. For example, DOS / DDOS and other denial-of-service attacks are characterized by the convergence of traffic from a large number of controlled hosts to the target host, and all the controlled hosts have the same destination address; worms It is a common computer virus related to network security. It uses the network to replicate and spread. When spreading, it usually uses the host machine as t...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
IPC IPC(8): H04L29/06
CPCH04L63/1416H04L63/1425H04L63/1458
Inventor 钱叶魁刘凤荣叶立新赵鑫李宇翀张兆光邹富春杜江黄浩李柏楠王丙坤蒋文峰陈敏雅张茜萍孟岩斌李九林
Owner 中国人民解放军防空兵学院
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap