Abnormal flow detection method, device and equipment

A technology of abnormal traffic and detection method, applied in the field of communication, can solve problems such as busy network

Inactive Publication Date: 2019-04-05
NEW H3C SECURITY TECH CO LTD
View PDF14 Cites 3 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0004] However, excessive traffic value does not necessarily mean that there must be abnormal traffic. It may just be that the network is busy. Therefore, the above method only judges whether there is abnormal traffic based on whether the traffic value is greater than the traffic threshold, and there is a large error.

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Abnormal flow detection method, device and equipment
  • Abnormal flow detection method, device and equipment
  • Abnormal flow detection method, device and equipment

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0026] The terms used in the embodiments of the present application are only for the purpose of describing specific embodiments, rather than limiting the present application. As used in this application and the claims, the singular forms "a", "the" and "the" are intended to include the plural forms as well, unless the context clearly dictates otherwise. It should also be understood that the term "and / or" as used herein is meant to include any and all possible combinations of one or more of the associated listed items.

[0027] It should be understood that although the embodiments of the present application may use terms such as first, second, and third to describe various information, such information should not be limited to these terms. These terms are only used to distinguish information of the same type from one another. For example, without departing from the scope of the present application, first information may also be called second information, and similarly, second ...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention provides an abnormal flow detection method, device and equipment. The method comprises that a first flow value of flow transmitted in each preset time slot by network equipment in the preset time length is obtained; a first flow sequence including all the first flow values is determined; a first group of wavelet coefficients corresponding to the first flow sequence is calculated; a first Hurst index corresponding to the first group of wavelet coefficients is calculated; if the absolute value of a difference between the first Hurst index and a standard Hurst index is greater thana first threshold, it is determined there is abnormal flow; and otherwise, it is determined that there is no abnormal flow. Thus, existence of the abnormal flow can be detected more accurately, incorrect detection results can be reduced, and false alarm and neglected alarm can be reduced.

Description

technical field [0001] The present invention relates to the technical field of communications, in particular to a method, device and equipment for detecting abnormal traffic. Background technique [0002] There are more and more attacks on the network, such as port scanning attacks, DDoS (Distributed Denial of Service, distributed denial of service) attacks, worm attacks, etc. These attacks will lead to network performance degradation, interfere with normal network behavior, and even cause The network is interrupted or paralyzed. Therefore, it is necessary to detect abnormal traffic in the network (that is, traffic generated by attack behavior) in time, and control the abnormal traffic. [0003] In order to detect abnormal traffic in the network, traffic thresholds can be set. At any time, if the traffic volume in the network is greater than the traffic threshold, it is considered that there is abnormal traffic at this time. If the traffic value in the network is not grea...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
IPC IPC(8): H04L29/06
CPCH04L63/1416H04L63/1425H04L63/145H04L63/1458
Inventor 顾成杰贾若然孔松
Owner NEW H3C SECURITY TECH CO LTD
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap