Network port traffic abnormality detection method and system

A technology for traffic anomalies and network ports, which is applied in the field of network port traffic anomaly detection, and can solve problems such as website and equipment loss

Active Publication Date: 2018-09-04
长安通信科技有限责任公司 +1
View PDF5 Cites 33 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

For example, distributed denial of service (DDoS, DistributedDenial of Service) attacks have caused serious damage to the websites and equipment of many organizations

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Network port traffic abnormality detection method and system
  • Network port traffic abnormality detection method and system
  • Network port traffic abnormality detection method and system

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0076] In order to make the above objects, features and advantages of the present invention more comprehensible, the present invention will be further described in detail in conjunction with the accompanying drawings and specific embodiments.

[0077] The traffic collection module of cNetS is implemented by a high-performance server, loaded with multiple 10 network cards, and runs the DPDK framework to realize high-speed traffic collection. The network traffic is exported by the backbone network router and imported through mirroring. The traffic collection module summarizes the traffic into a NetFlow summary format and outputs it to the cPortMon and cHostMon modules, exports summary fields such as the domain name, source and destination IP, and timestamp for the DNS response packet and outputs them to the cNameMon module, and exports URL, source and destination IP and other summaries for the HTTP request packet The information is output to the cLinkMon module.

[0078] The su...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses a network port traffic abnormality detection method and system. The method comprises the following steps: 1) reading communication session log traffics in a target data platform, summarizing the traffics according to source port numbers and target port number by group, and carrying out statistics on traffic indicator data of each port to generate a traffic sequence of the corresponding port; 2) generating an input vector of each port according to the corresponding traffic sequence, inputting the corresponding input vector into an LSTM network to obtain a predicted traffic value of the current port at a time t, comparing the predicted traffic value of the current port at the time t with an observed traffic value of the current port at the time t, and determining a traffic abnormality of the current port if the difference between the predicted traffic value and the observed traffic value is larger than a set condition; and 3) determining the nature of the trafficabnormality of the current port according to all recent traffic logs of the current port and preset rules, and determining a traffic abnormality event of the current port; and if the traffic abnormality event of the current port cannot be determined, inputting the extracted traffic logs into a pre-trained machine learning model for classification of traffic abnormalities of the current port, and identifying the traffic abnormality event of the current port.

Description

technical field [0001] The invention relates to the fields of big data, network security, deep learning, etc., and relates to a method and system for detecting network port traffic anomalies, which uses passive analysis methods of wide area network traffic to discover and profile network abnormal events such as DDoS, botnets, and virus propagation. Background technique [0002] Today's Internet faces many security threats. For example, Distributed Denial of Service (DDoS, Distributed Denial of Service) attacks have caused serious losses to the websites and devices of many organizations. DDoS refers to the use of client / server technology to combine multiple computers as an attack platform to launch DDoS attacks on one or more targets, thereby multiplying the power of denial of service attacks. [0003] DDoS attacks are often initiated by a botnet. A botnet is a controlled network of hosts infected with bots. The attacker sends instructions to the zombie host through the co...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): H04L29/06G06K9/62G06N99/00
CPCH04L63/1425H04L63/1441G06F18/23
Inventor 李明哲涂波刘丙双戴帅夫张建宇李少华闻博梅锋李莉蒋志鹏周模冯婷婷尚秋里张洛什李传海方喆君孙中豪
Owner 长安通信科技有限责任公司
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap