Real-time network abnormal behavior detecting system and method based on big data

A real-time network and detection system technology, applied in the field of network security management, can solve the problems of not being able to provide data for full flow analysis, unsatisfactory stream processing performance, and low collection efficiency, so as to facilitate management, retrieval and query, and detection Intuitive results

Active Publication Date: 2018-05-15
SOUTH CHINA UNIV OF TECH
View PDF5 Cites 30 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

Most of the existing network traffic anomaly detection platforms rely on collection methods such as SNMP or Netflow. SNMP relies more on the performance of routers, and the collection efficiency is relatively low. However, Netflow only provides flow statistics and does not have information on the data packets themselves. After the collection, the data cannot be provided for the subsequent analysis of the full flow
Secondly, in the process of streaming computing, the existing big data-based network traffic ano

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Real-time network abnormal behavior detecting system and method based on big data
  • Real-time network abnormal behavior detecting system and method based on big data

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0073] A real-time network abnormal behavior detection system based on big data, such as Figure 1~2 As shown, it includes the traffic collection layer, data pipeline layer, real-time computing layer, data storage layer, data analysis layer, and application layer.

[0074] As a preferred solution, the traffic collection layer includes a mirrored traffic collection module that collects traffic mirrored from the switch, a local file collection module that collects local files, and a network probe that collects sensor data Acquisition module. The three modules can all provide traffic collection services. The traffic collection services include data packet capture services, data packet analysis services, local order placement services, data feature extraction services, data stream serialization services, and data sending services.

[0075] The traffic collection layer captures data packets through the data packet capture service, and then preprocesses the collected data, and then tran...

Embodiment 2

[0116] A real-time network abnormal behavior detection method based on big data includes a traffic collection layer, a data pipeline layer, a real-time computing layer, a data storage layer, a data analysis layer, and an application layer, and specifically includes the following steps:

[0117] S1: The traffic collection layer collects traffic data from the data source and preprocesses the data, then sends the preprocessed data to the distributed messaging system in the data pipeline layer, and saves the original data packets in the data storage layer;

[0118] S2: The real-time computing layer obtains preprocessed data from the distributed messaging system, obtains basic features from the data and extracts statistical features, and then adds the statistical features and protocol features to the basic features to form a total Features, and then save the total features in the data storage layer;

[0119] S3: The data analysis layer obtains the total features from the data storage laye...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention provides a real-time network abnormal behavior detecting system based on big data. The real-time network abnormal behavior detecting system comprises a flow collecting layer, a data pipeline layer, a real-time calculation layer, a data storage layer, a data analysis layer and an application layer, wherein the flow collecting layer comprises a collecting device; the data pipeline layer comprises a data pipeline service module adopting a distributed message system; the real-time calculation layer comprises a stream-oriented computation module; the data storage layer comprises a distributed file service module, a distributed database module and an retrieval service module; the data analysis layer comprises a model training module and a real-time detection module; the applicationlayer comprises a visual warning module. The invention also discloses a real-time network abnormal behavior detecting method based on big data. The data collection efficiency is high; the data transmission is stable and reliable; the advanced persistent threat can be efficiently detected and analyzed; the traceability evidence can be realized; the retrieval by analysts is convenient; the model training efficiency is high; the false alarm rate is low.

Description

Technical field [0001] The invention belongs to the technical field of network security management, and specifically relates to a real-time network abnormal behavior detection system and method based on big data. Background technique [0002] With the continuous development of network applications, how to find abnormal behaviors from network data messages and give early warnings has become an important research field in current network security management. Most of the existing network traffic anomaly detection platforms rely on collection methods such as SNMP or Netflow. SNMP relies on the performance of routers, and the collection efficiency is relatively low. Netflow only provides statistics on the flow, and does not have information on the data packet itself. Collected, it cannot provide data for subsequent full flow analysis. Secondly, in the process of streaming computing, the existing big data-based network traffic anomaly detection platform uses a streaming computing engi...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
IPC IPC(8): H04L29/06G06N99/00
CPCG06N20/00H04L63/1416H04L63/1425
Inventor 高英靳亚洽刘煜李若鹏
Owner SOUTH CHINA UNIV OF TECH
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap