A network traffic anomaly detection and location method based on symmetry sketch

A network traffic and anomaly detection technology, applied in data exchange networks, digital transmission systems, electrical components, etc., can solve problems such as inability to apply online, and achieve accurate host connection symmetry, good detection, and high processing efficiency.

Active Publication Date: 2019-12-27
XI AN JIAOTONG UNIV
View PDF3 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

This method is currently mainly used for offline processing and cannot be applied online

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • A network traffic anomaly detection and location method based on symmetry sketch
  • A network traffic anomaly detection and location method based on symmetry sketch
  • A network traffic anomaly detection and location method based on symmetry sketch

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0070] The present invention will be further described in detail below in conjunction with specific embodiments, which are to explain rather than limit the present invention.

[0071] The present invention is based on the following basic assumptions:

[0072] 1. The behavior of network users has inertia, and the characteristics of network traffic also have inertia;

[0073] 2. In adjacent time windows, the flow characteristics should not change greatly;

[0074] 3. The purpose of network design and development is information exchange. For a network user, when searching for relevant information on the Internet, there must be data packets in both directions.

[0075] The present invention is based on the following basic definitions and theorems

[0076] Definition 1: In the time window T, the number of different destination hosts actively connected by a host is called the out-connection degree of the host.

[0077] Definition 2: In the time window T, the number of different s...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses a network traffic abnormality detection and positioning method based on a symmetry degree sketch. An abnormal behavior is detected through adoption of connection symmetry degree. The detection granularity and precision are higher than those of a traditional method based on traffic feature statistics. The invention provides a calculation method-connection degree sketch of the connection symmetry degree, an IP address is divided into four segments according to structure features of the IP address, and each segment is mapped through adoption of a corresponding hash function group, so the length of a hash table is effectively reduced, a conflict generation probability is effectively reduced, and the relatively precise host connection symmetry degree is obtained. A method for obtaining a threshold value according to distribution condition of self features of the traffic is provided, and the obtained threshold value is changed in real time according to the network traffic features, so the features of the abnormal behavior can be captured relatively accurately, and a relatively good effect is obtained. Through design of a core hash function group of the sketch and utilization of the Chinese remainder theorem, an abnormal source is analyzed and solved, and a solution process is simple and efficient, and a result is accurate.

Description

technical field [0001] The invention belongs to the technical field of data flow analysis and processing, and relates to a network traffic abnormality detection and positioning method based on the symmetry degree Sketch. Background technique [0002] With the development and application of computer network technology, the rapid growth of network bandwidth and network traffic, massive network traffic data has brought great challenges to the real-time and effective measurement and monitoring of large-scale networks. Real-time and effective network measurement is of great significance to network management, traffic planning, and network billing. For example, network operators need to count network bandwidth usage or traffic statistics for billing, and network managers need to update routers based on traffic statistics. It can detect and deal with abnormal network events in time through effective analysis of network traffic. For this reason, the real-time measurement and monito...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Patents(China)
IPC IPC(8): H04L29/06H04L12/26
CPCH04L43/16H04L63/1425H04L63/1458
Inventor 秦涛刘艳雨王平辉王博沈壮管晓宏
Owner XI AN JIAOTONG UNIV
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap