Unlock instant, AI-driven research and patent intelligence for your innovation.
Abnormal flow identification method and apparatus
What is Al technical title?
Al technical title is built by PatSnap Al team. It summarizes the technical point description of the patent document.
A technology for abnormal traffic and identification devices, which is applied in the field of abnormal traffic identification and devices, which can solve problems such as loss, customer inability to communicate, business inability to proceed, etc., and achieve good real-time effects
Inactive Publication Date: 2017-12-29
四川紫皓云端科技有限责任公司
View PDF1 Cites 0 Cited by
Summary
Abstract
Description
Claims
Application Information
AI Technical Summary
This helps you quickly interpret patents by identifying the three key elements:
Problems solved by technology
Method used
Benefits of technology
Problems solved by technology
[0002] The network is essential to us, but everything has a negative side. There will also be many obstacles when using the network, and the most difficult to avoid is the abnormal behavior of the network. Abnormal behavior is equivalent to hacker attacks. It targets the network Attacks, steal confidential data, and bring us huge losses, customers cannot communicate, business cannot be carried out, and then ensuring the security of network traffic plays a vital role
Method used
the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more
Image
Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
Click on the blue label to locate the original text in one second.
Reading with bidirectional positioning of images and text.
Smart Image
Examples
Experimental program
Comparison scheme
Effect test
Embodiment
[0025] Such as figure 1 As shown, a method for identifying abnormal traffic includes the following steps:
[0026] Capture network traffic information through bypass packet capture, and generate traffic data according to the captured network traffic information; among them, the captured network traffic information includes time information, source address, source port, destination address, destination port, TCP / UDP Protocol, direction, length, header length, tcp header length, tcp flag bit, uplink flow, downlink flow, number of uplink packets, number of downlink packets.
[0027] Define the corresponding traffic characteristics according to the generated network traffic data;
[0028] Classify according to different traffic feature types, and define the same type of traffic features as feature modules;
[0029] Calculate the proportion of uplink and downlink traffic of encrypted links in the network, calculate the mean and variance, and focus on the analysis of links that ob...
Embodiment 2
[0033] A device for identifying abnormal traffic, including a packet capturing device, a traffic defining device, a feature module generating device, a feature point selecting device, and an abnormal user locating device; wherein:
[0034] Packet capture device: used to capture network traffic information through bypass packet capture, and generate traffic data according to the captured network traffic information;
[0035] Traffic definition device: used to define corresponding traffic characteristics according to the generated network traffic data;
[0036] Feature module generation device: used for classifying according to different traffic feature types, and defining the same type of traffic features as feature modules;
[0037] Feature point selection device: used to use the variance of the mean value of the uplink and downlink traffic ratio of the encrypted link, calculate the posterior probability according to the attribute vector, and then select the feature point;
...
the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More
PUM
Login to View More
Abstract
The invention discloses an abnormal flow identification method and apparatus. The abnormal flow identification method disclosed by the invention comprises the following steps: capturing network flow information via bypass packet capture, and generating flow data according to the captured network flow information; defining corresponding flow characteristics according to the generated network flow data; performing classification according to different flow characteristic types, and defining flow characteristics of the same type as a characteristic module; analyzing uplink and downlink flow ratios of encrypted links by using the data analysis technology, and calculating a mean and a variance; and when the uplink and downlink flow ratio and the historical mean of a certain link generate big deviation, locating a network user who may be subjected to abnormality. According to the abnormal flow identification method disclosed by the invention, identification is performed based on the behavior analysis technology, thereby having good instantaneity and being able to be applied to a plurality of occasions, and meanwhile by means of information accumulation, more abnormal flow can be further discovered.
Description
technical field [0001] The invention relates to a method and device for identifying abnormal flow. Background technique [0002] The network is essential to us, but everything has a negative side. There will also be many obstacles when using the network, and the most difficult to avoid is the abnormal behavior of the network. Abnormal behavior is equivalent to hacker attacks. It targets the network Attacks, steal confidential data, and bring us huge losses, customers cannot communicate, business cannot be carried out, and thus ensuring the security of network traffic plays a vital role. Aiming at the problems in the related technologies, no effective solution has been proposed yet. Contents of the invention [0003] In order to improve the above problems, the present invention provides a mobile power managementsystem and a control method thereof. [0004] In order to achieve the above object, the technical scheme adopted in the present invention is as follows: [0005]...
Claims
the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More
Application Information
Patent Timeline
Application Date:The date an application was filed.
Publication Date:The date a patent or application was officially published.
First Publication Date:The earliest publication date of a patent with the same application number.
Issue Date:Publication date of the patent grant document.
PCT Entry Date:The Entry date of PCT National Phase.
Estimated Expiry Date:The statutory expiry date of a patent right according to the Patent Law, and it is the longest term of protection that the patent right can achieve without the termination of the patent right due to other reasons(Term extension factor has been taken into account ).
Invalid Date:Actual expiry date is based on effective date or publication date of legal transaction data of invalid patent.
Login to View More 
Login to View More