Abnormal flow behavior discrimination method and device

A technology of abnormal traffic and identification method, which is applied in the field of information security, can solve problems such as difficult identification of identification methods, and achieve the effect of efficient and accurate identification of abnormal traffic behavior

Active Publication Date: 2018-10-30
BEIJING UNIV OF POSTS & TELECOMM
View PDF4 Cites 10 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0004] Embodiments of the present invention provide a method and device for identifying abnormal traffic behaviors, which are used to solve the problem that the existing methods for identifying abnormal traffic behaviors are difficult to quickly and accurately identify

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Abnormal flow behavior discrimination method and device
  • Abnormal flow behavior discrimination method and device
  • Abnormal flow behavior discrimination method and device

Examples

Experimental program
Comparison scheme
Effect test

example 1

[0057] When malicious code injection occurs, attackers are good at using specific combinations of non-alphanumeric as injections. Therefore, specific combinations of non-alphanumeric characters should be preserved when obtaining textual features of HTTP requests through the n-gram model. All letters, numbers and Chinese are regarded as the same symbols, and the conversion rules are shown in Table 3. Through the above conversion, while significantly reducing the dimensionality of text features, the relevant feature information for identifying abnormal traffic behaviors is effectively preserved.

[0058] Table 3. Character conversion rule table

[0059]

example 2

[0061] The method of obtaining character distribution features is as follows:

[0062] The HTTP request can output a total of 256 characters. The HTTP request "id=34232" is converted into a reverse order, and the distribution of related characters is 0.25, 0.25, 0.125, 0.125, 0.125, 0.125, followed by 248 0s.

[0063] For the character distribution feature, the above 256 characters can also be divided into 6 sets according to Table 4 in advance, so as to reduce the dimension of the character distribution feature.

[0064] Table 3. Character conversion rule table

[0065]

[0066] Based on any of the above method embodiments, image 3 It is a schematic structural diagram of an abnormal traffic behavior discrimination device according to an embodiment of the present invention, as shown in image 3 As shown, a device for discriminating abnormal traffic behavior includes:

[0067] A feature acquisition unit 301, configured to acquire textual features and statistical features...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The embodiment of the invention provides an abnormal flow behavior discrimination method and device. The method comprises the steps that text features and statistical features of HTTP requests in to-be-discriminated flow are obtained; according to the text features and the statistical features, abnormal flow behavior discrimination is conducted on the to-be-discriminated flow, wherein the text features are output results obtained by inputting the HTTP requests in an n-gram model, and the statistical features comprise at least one of request path statistical features, request parameter statistical features, character distribution features, character frequency features, character entropy and keyword features of the HTTP requests. According to the abnormal flow behavior discrimination methodand device, by means of the text features and the statistical features which are obtained in the HTTP requests, the to-be-discriminated flow is subjected to abnormal flow behavior discrimination, efficient and accurate abnormal flow behavior discrimination is achieved, and important significance on information security protection and vulnerability discovery is achieved.

Description

technical field [0001] The embodiments of the present invention relate to the field of information security technology, and in particular, to a method and device for identifying abnormal traffic behavior. Background technique [0002] With the rapid development of the Internet, a large amount of data is also generated. Conventional security protection methods are often difficult to achieve the expected results, which leads to increasingly prominent information security issues. Among them, attacks against servers are one of the most serious threats in the field of information security. Attackers use cross-site scripting attacks (XSS), SQL injection attacks, session hijacking, malicious code execution, and SSRF server-side request forgery and other attack methods to use Computer systems become more vulnerable. [0003] Therefore, intrusion detection is crucial to ensure the security of network servers. However, the existing technology mainly detects by setting the threshold ...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): H04L29/06H04L29/08
CPCH04L63/1425H04L67/02
Inventor 王小娟张勇金磊王得福宋佳明陈墨宋梅
Owner BEIJING UNIV OF POSTS & TELECOMM
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap