Multi-layer anomaly detection method based on network traffic

An anomaly detection and network traffic technology, applied in the field of network security, can solve the problem that the detection effect of the anomaly detection classifier cannot be well satisfied, the attack behavior of small traffic cannot be well identified, and the attack behavior cannot be detected well and other problems, to achieve the effect of improving classification accuracy, compact data, and reasonable selection of parameters

Active Publication Date: 2018-10-09
BEIJING INSTITUTE OF TECHNOLOGYGY +1
View PDF5 Cites 33 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0008] However, most of the existing research on intrusion detection is carried out on the KDD99 data set or NSL_KDD data set. This data set was experimented in 1998. The network environment and attack methods at that time were outdated. In this data set The detection effect of the anomaly detection classifier trained on the above cannot satisfy the modern network well, and at the same time,

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Multi-layer anomaly detection method based on network traffic
  • Multi-layer anomaly detection method based on network traffic
  • Multi-layer anomaly detection method based on network traffic

Examples

Experimental program
Comparison scheme
Effect test

Example Embodiment

[0038] The present invention will be described in detail below with reference to the drawings and embodiments.

[0039] The invention provides a multi-layer anomaly detection method based on network traffic, which combines linear discriminant analysis method LDA, genetic algorithm, KNN outlier detection algorithm and random forest algorithm, and is a fusion adaptive method.

[0040] The present invention is based on the benchmark data set KDD99, the improved data set NSL_KDD of KDD99, and the NUSW_NB15 data set that is more in line with modern networks. Among them, the NUSW_NB15 data set is a network anomaly detection data set published in 2015 and contains 9 new attacks Type, the data set can better reflect the current network traffic characteristics and attack methods.

[0041] The method of the present invention can be divided into two aspects: data processing and abnormality detection. Data processing mainly uses LDA, genetic algorithm and KNN outlier detection algorithm. First,...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses a multi-layer anomaly detection method based on network traffic. The invention is capable of detecting the small traffic attack behavior well with high detection accuracy, andmay adapt to different data sets. The invention comprises: firstly adopting a binary representation of symbol attributes in the data preprocessing stage to eliminate the negative influence of the traditional numerical size on the classification, and raising the attribute set of the data set to a relatively high dimension, so that the subsequent data classification effect is more accurate; then using the dimension reduction method to extract features and reduce the amount of data, so that the running speed is faster and the memory consumption is lower during the subsequent steps; subsequently,using the KNN outlier detection method and genetic algorithm combination method for data selection, so that different types of data are more balanced, each type of data is separated as far as possible, and the classification result is fairer; finally, using the constructed multi-layer classifier, thereby enabling more accurate identification of large-flow attacks and small-flow attacks.

Description

technical field [0001] The invention relates to the technical field of network security, in particular to a multi-layer anomaly detection method based on network traffic. Background technique [0002] With the continuous development of network technology produced by the combination of computer technology and communication technology, it has had a great impact on people's study and life style. While the growth of the network brings convenience to people, it also brings great threats. Various attacks (0day attacks, worms and network viruses, etc.) continue to occur, bringing huge economic losses to the economic life of the country and the people. Therefore, network security is an important problem to be solved urgently. Network intrusion detection technology can judge whether network behavior is abnormal according to network traffic, and is an important detection technology in the field of network security. Currently, intrusion detection techniques are mainly divided into t...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
IPC IPC(8): H04L29/06
CPCH04L63/1416
Inventor 胡昌振任家东王倩刘新倩单纯赵小林
Owner BEIJING INSTITUTE OF TECHNOLOGYGY
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap