Network anomaly detection method based on traffic data sample statistics and balanced information entropy estimation

A technology for traffic data and network anomalies, applied in transmission systems, electrical components, etc., can solve the problems of short data collection time and inability to use directly, and achieve the effect of facilitating subsequent calculation processing, strong applicability, and reducing the degree of deviation

Active Publication Date: 2019-02-19
UNIV OF ELECTRONIC SCI & TECH OF CHINA
View PDF5 Cites 9 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0010] In the network traffic data whose overall distribution is unknown, usually due to the short time of data collection, it is generally judged that the collected data belongs to a small sample data

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Network anomaly detection method based on traffic data sample statistics and balanced information entropy estimation
  • Network anomaly detection method based on traffic data sample statistics and balanced information entropy estimation
  • Network anomaly detection method based on traffic data sample statistics and balanced information entropy estimation

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0052] As one of the most basic implementations of the present invention, this embodiment discloses a network anomaly detection method based on flow data sample statistics and balanced information entropy estimation, such as figure 1 shown, including the following steps:

[0053] Traffic data collection, collect the traffic data of the core layer ingress and egress ports and the access layer ingress and egress ports where malicious terminals are located, and collect public benchmark data at the same time;

[0054] Unify the data format, and unify the data obtained by collecting traffic data into JSON format;

[0055] Data feature analysis, using the information entropy balance estimation method to estimate the overall distribution information for the traffic data features after the data format is unified;

[0056] Network anomaly judgment, based on the information obtained from the analysis of network traffic data characteristics, adopts the method of K-S statistical test to ...

Embodiment 2

[0059] As one of the most basic implementations of the present invention, this embodiment discloses a network anomaly detection method based on flow data sample statistics and balanced information entropy estimation, such as figure 1 shown, including the following steps:

[0060] Flow Data Collection

[0061] Collect the traffic data of the core layer ingress and egress ports and the access layer ingress and egress ports where the malicious terminal is located, and at the same time collect public benchmark data; the traffic data acquisition is to use open source tools TCPtrace, Wireshark, Ethereal, Snort or commercial software and hardware systems Cisco Netflow, network One or more of time machine NTM and Huawei Netstream, collect and obtain the flow data of the core layer ingress and egress ports and the access layer ingress and egress ports where the malicious terminal is located, as well as public benchmark data by means of serial connection, bypass or port mirroring; The ...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses a network anomaly detection method based on traffic data sample statistics and balanced information entropy estimation. The invention belongs to the technical field of networksecurity, comprises the steps of flow data collection, data format unification, data feature analysis and network anomaly determination, and is a detection method for estimating the overall situationby using a balance method of the sample information entropy based on network traffic small sample data features to identify the DoS and Port Scan attack rejection in the network.

Description

technical field [0001] The invention belongs to the technical field of computer network security, and in particular relates to a network anomaly detection method based on flow data sample statistics and balanced information entropy estimation. Background technique [0002] Network behavior anomaly detection (NBAD, network behavior anomaly detection) can continuously monitor the unusual events or trends of the private network. Network Behavior Anomaly Inspection is a major part of Network Behavior Analysis (NBA). [0003] Network behavior anomaly detection (NBAD, network behavior anomaly detection) can continuously monitor the unusual events or trends of the private network. Network behavior anomaly inspection is a major part of network behavior analysis (NBA), which provides security protection in addition to the security provided by traditional anti-threat applications such as firewalls, antivirus software, and spyware detection software. [0004] The Network Behavior Ano...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
IPC IPC(8): H04L29/06
CPCH04L63/1416H04L63/1441H04L63/1458
Inventor 周琨汪文勇唐勇黄鹂声张骏
Owner UNIV OF ELECTRONIC SCI & TECH OF CHINA
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap