Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Network traffic anomaly detection method based on historical time point taking method

A technology of network traffic and historical time, which is applied in the field of network traffic anomaly detection based on historical time point method, can solve the problems of high false positive rate, high computing cost, and difficult training samples, and reduce computing cost and storage cost , Solve the huge amount of calculation, solve the effect of contour mutation

Active Publication Date: 2018-12-07
CHENGDU UNIV OF INFORMATION TECH +1
View PDF11 Cites 16 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0003] However, due to the huge amount of network data, real-time monitoring and analysis of traffic has extremely high requirements for computer analysis, storage, and calculation. Network traffic anomaly detection methods are becoming more and more important. Most of the current network traffic anomaly detection technologies have some shortcomings, such as Signature-based anomaly detection technology to analyze and identify unexpected network behaviors, but this detection technology can only rely on predefined signature rule bases to discover network anomalies, and cannot detect unknown network anomalies; the same widely used machine-based Learning algorithm to classify network traffic as normal or abnormal. However, this classification method faces problems such as difficulty in obtaining training samples, high computing costs, and high false alarm rate, and cannot adapt to the dynamically changing complex network environment.

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Network traffic anomaly detection method based on historical time point taking method
  • Network traffic anomaly detection method based on historical time point taking method
  • Network traffic anomaly detection method based on historical time point taking method

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0029] The present invention will be further described below with reference to the accompanying drawings and embodiments, and the mode of the present invention includes but not limited to the following embodiments.

[0030] Such as figure 1 As shown, the present invention discloses a network traffic anomaly detection method based on the historical time point method, and the method includes the following steps:

[0031] (1) Deploy port mirroring routing at the network traffic collection point to capture full-flow data packets and form a network flow timing data source;

[0032] (2) Use a fixed time window to perform statistics on network traffic behavior characteristics of network flow time series data sources, form a network behavior time series feature vector, describe the network behavior portrait of the current time window, and construct network behavior time series feature vectors through multiple time windows Time series portrait of network behavior;

[0033] Here, the ...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention discloses a network traffic anomaly detection method based on a historical time point taking method, comprising the following steps: 1, deploying port mirroring routes at network trafficcollection points to capture full-traffic data packets to form a network traffic time series data source; 2, performing behavior feature statistics of network traffic on the network traffic time series data source by using a fixed time window to form network behavior time series feature vectors; 3, taking the Witt vector of each network behavior time series feature vector as input, selecting historical data by using the historical time point taking method, and cumulatively calculating abnormal deviation values by using an quantitative method of absolute changes, relative changes and trend changes respectively; and 4, cumulating the abnormal deviation values by using an evidence cumulating method, setting a threshold according to the abnormal deviation data distribution trend, and making an anomaly decision on the state of the current time window network behavior. The method reduces the calculation cost while continuously monitoring threat events and trends of the network, and improvesthe accuracy of network abnormal behavior monitoring.

Description

technical field [0001] The invention relates to a method for detecting abnormality of network flow, in particular to a method for detecting abnormality of network flow based on the historical time point method. Background technique [0002] With the development of the Internet, the network environment is becoming more and more diverse and complex. In addition to normal network traffic, various abnormal traffic on the network threatens the security and use of user hosts. How to monitor and manage network traffic in real time and detect abnormal network behavior has become a problem that needs to be solved in network security. [0003] However, due to the huge amount of network data, real-time monitoring and analysis of traffic has extremely high requirements for computer analysis, storage, and calculation. Network traffic anomaly detection methods are becoming more and more important. Most of the current network traffic anomaly detection technologies have some shortcomings, s...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
IPC IPC(8): H04L12/26H04L29/06
CPCH04L43/0876H04L63/1425
Inventor 叶晓鸣杨力
Owner CHENGDU UNIV OF INFORMATION TECH
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com