Abnormal traffic detection method and device

A technology of abnormal traffic and detection methods, applied in the field of network security, can solve the problems of large investment and inability to prevent, and achieve the effect of saving operating costs and improving operating efficiency

Pending Publication Date: 2017-07-21
BEIJING KUANGEN NETWORK TECH
View PDF0 Cites 14 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

The blacklist method relies on manual analysis, which requires a huge amount of manpower. I

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Abnormal traffic detection method and device
  • Abnormal traffic detection method and device
  • Abnormal traffic detection method and device

Examples

Experimental program
Comparison scheme
Effect test

Example Embodiment

[0025] The exemplary embodiments will be described in detail here, and examples thereof are shown in the accompanying drawings. When the following description refers to the accompanying drawings, unless otherwise indicated, the same numbers in different drawings represent the same or similar elements. The implementation manners described in the following exemplary embodiments do not represent all implementation manners consistent with the present invention. Rather, they are merely examples of devices and methods consistent with some aspects of the present invention as detailed in the appended claims.

[0026] figure 1 It is a flowchart of a method for detecting abnormal traffic according to an exemplary embodiment, such as figure 1 As shown, the abnormal flow detection method may include the following steps.

[0027] In step S11, the characteristic value of the data stream to be detected is extracted.

[0028] For example, the characteristic value can be set according to the charac...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The present disclosure relates to a method and device for detecting abnormal traffic. The method includes: extracting a characteristic value of the data flow to be detected; generating a vector to be detected corresponding to the data flow to be detected according to the characteristic value; calculating the detected data flow The similarity between the vector and each reference vector in the reference vector set, the reference vector corresponds to the normal data flow; according to the similarity between the vector to be detected and each reference vector in the reference vector set, determine the Whether the data flow to be detected is an abnormal data flow. The technical solution in the present invention does not need to rely on protocol standards, and can be applied to public protocols and private protocols, and the technical solution in the present invention can be automatically executed by equipment without personnel participating in the analysis, which improves operating efficiency and saves operating costs.

Description

Technical field [0001] The present disclosure relates to the field of network security, and in particular to methods and devices for detecting abnormal traffic. Background technique [0002] With the development of information technology, industrial control systems have gradually become open, interconnected and versatile. Many industrial control protocols are gradually running on industrial Ethernet, and on industrial Ethernet, attacks on industrial control systems are more common. Therefore, it is necessary to provide a technical solution capable of detecting abnormal traffic in the network. [0003] In related technologies, the technical solution for detecting abnormal traffic in the network includes two methods: whitelist detection and blacklist detection. In the white list detection, a white list is generated according to the protocol standard specification as the behavior standard, and then the network traffic is parsed according to the protocol format, and the analysis resu...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
IPC IPC(8): H04L29/06
CPCH04L63/1425
Inventor 肖海涛陈庶樵
Owner BEIJING KUANGEN NETWORK TECH
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap