Flow-based network node abnormity detection method and system

A network node, anomaly detection technology, applied in transmission systems, digital transmission systems, data exchange networks, etc., can solve the problems of unstable normal traffic, the difficulty of refining the normal traffic detection process of victim nodes, and low accuracy, to avoid Insufficient detection indicators, good anomaly detection performance, and high accuracy

Active Publication Date: 2017-12-15
NAT COMP NETWORK & INFORMATION SECURITY MANAGEMENT CENT
View PDF9 Cites 35 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

The method based on statistical analysis is more effective for large-scale traffic anomaly detection, but the traditional method has a single detection index and poor applicability. It lacks detection capabilities for slow attacks and scans and anomalies with no obvious difference in protocol characteristics, especially, The observed traffic contains a large number of unstable normal traffic, which has an obvious hidden effect on abnormal traffic
The method based on signal processing regards network traffic as information flow, and then uses signal processing technology to detect anomalies, usually based on the amplitude of traffic characteristics, and the ability to detect concealed attacks with insignificant ch

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Flow-based network node abnormity detection method and system
  • Flow-based network node abnormity detection method and system
  • Flow-based network node abnormity detection method and system

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0059] In order to further explain the technical means and effects adopted by the present invention to achieve the intended purpose of the invention, the following is a specific implementation of a stream-based network node anomaly detection method and system proposed according to the present invention in conjunction with the accompanying drawings and preferred embodiments The method and its effect are described in detail below.

[0060] The present invention provides a flow-based network node anomaly detection method, as shown in the attached figure 1 As shown, the method includes:

[0061] Step 1. Obtain a stable communication object set according to the historical network traffic data of the node to be detected, and the stable communication object set includes a stable communication port set and a stable communication peer set;

[0062] Step 2, according to the stable communication object set and the historical network traffic data of the node to be detected, obtain the mu...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention relates to a flow-based network node abnormity detection method and system. The method includes according to the historical network flow data of the node to be detected, acquiring a stable communication target set that includes a stable communication port set and a stable communication peer set; acquiring the multidimensional characteristic statistic threshold according to the stable communication target set and the historical network flow data of the node to be detected; and acquiring the real-time network flow data of the node to be detected, and detecting and evaluating the node to be detected according to the multi-dimensional feature statistical threshold. The method and system can detect the abnormal events such as the possible network attack in real time through the detailed division of the network flow features according to the network nodes forming the network flow data, thereby being high in detection accuracy.

Description

technical field [0001] The invention relates to the technical field of computer network security, in particular to a flow-based network node anomaly detection method and system. Background technique [0002] With the rapid development of computer and network technology, the scale of Internet users is increasing day by day. According to a report released by China Internet Network Information Center (CNNIC), as of December 2015, the number of Internet users in my country has reached 688 million, and the Internet penetration rate is 50.3%. At the same time, 89.0% of enterprises across the country use the Internet to work, and the Internet has become an indispensable and important infrastructure in people's production and life. At the same time, network security issues have become increasingly prominent, and frequent network security incidents have brought a huge threat to the Internet. Among them, network attacks and network theft are important threats to information systems. ...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
IPC IPC(8): H04L29/06H04L12/24
CPCH04L41/142H04L63/1425H04L2463/146
Inventor 严寒冰李志辉李书豪周昊张永铮饶毓张帅贾子骁吕志泉韩志辉姚力
Owner NAT COMP NETWORK & INFORMATION SECURITY MANAGEMENT CENT
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap