Whole-network abnormal flow identification method based on flow characteristic distribution

A technology for traffic characteristics and network anomalies, applied in electrical components, transmission systems, etc., to solve the problems of inability to identify abnormal flows in the entire network, inability to determine the cause of network anomalies, and difficulty in the entire network, to achieve the effect of improving the accuracy.

Active Publication Date: 2017-02-22
中国人民解放军防空兵学院
View PDF6 Cites 21 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0006] The technical problem mainly solved by the present invention is to provide a network-wide abnormal flow identification method based on the distribution of traffic characteristics, which solves t

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Whole-network abnormal flow identification method based on flow characteristic distribution
  • Whole-network abnormal flow identification method based on flow characteristic distribution
  • Whole-network abnormal flow identification method based on flow characteristic distribution

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0055] see figure 1 , figure 1 It is a flow chart of Embodiment 1 of the method for identifying abnormal flows in the entire network based on the distribution of traffic characteristics in the present invention, as shown in figure 1 As shown, the method includes:

[0056] Step S1, conduct coarse-grained anomaly identification on the network data flow in the entire network, extract node pairs with abnormal traffic from the entire network, and determine the characteristic category of the abnormal traffic.

[0057] The entire network of an ISP (Internet Service Provider, Internet Service Provider) includes the backbone network and the LAN connected to the backbone network. The network range is large and there is a lot of traffic data. If you want to directly identify abnormal traffic and determine the characteristics of the abnormal traffic value, the amount of data to be collected will be very large, and how to identify abnormal traffic and characteristic values ​​of abnormal ...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses a whole-network abnormal flow identification method based on flow characteristic distribution. The method comprises the following steps: firstly performing coarse-grained abnormality identification on network data flow in the whole network, extracting node pairs having abnormal flow from the whole network, determining a characteristic category of the abnormal flow, then performing fine-grained abnormality identification based on the extracted characteristic category and the abnormal nodes, determining an abnormal flow characteristic value, and finally collecting an abnormal flow set from the abnormal nodes based on the determined abnormal flow characteristic value. According to the method disclosed by the invention, the abnormal flow identification is performed on the network data flow in the whole network by adopting a hierarchical method, thereby not only improving the accuracy, but also bringing no huge measurement and calculation workload, the abnormal nodes in the whole network are accurately located, and the IP address, the port number and other flow characteristic values of the abnormal flow in the normal node pairs are obtained, and by adoption of the method disclosed by the invention, the abnormal flow can be classified so as to judge the reasons causing the network abnormality.

Description

technical field [0001] The invention relates to the technical field of detecting network anomalies, in particular to a network-wide abnormal flow identification method based on flow characteristic distribution. Background technique [0002] At present, various network anomalies often occur in the Internet environment, such as botnets. Botnets constitute an attack platform, which can be used to effectively launch various attacks, which can cause the entire basic information network or important application systems to Paralysis can also lead to a large amount of confidentiality or personal privacy leaks; such as worm outbreaks, worms that spread through loopholes often cause serious damage in the early stages of the outbreak, and a large number of attacks and network detections will seriously affect the speed of the network and even cause Network paralysis; another example is network congestion. When the network is congested, data loss, delay increase, and throughput decrease ...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
IPC IPC(8): H04L29/06
CPCH04L63/1416H04L63/1425
Inventor 钱叶魁刘凤荣李宇翀赵鑫张兆光邹富春杜江黄浩蒋文峰王丙坤杨瑞朋夏军波
Owner 中国人民解放军防空兵学院
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap