Abnormal flow detection method, device and equipment

A technology of abnormal traffic and detection method, applied in the field of communication, can solve problems such as busy network
CN109587104AInactive Publication Date: 2019-04-05NEW H3C SECURITY TECH CO LTD
14 Cites 3 Cited by

Patent Information

Authority / Receiving Office
CN Β· China
Current Assignee / Owner
NEW H3C SECURITY TECH CO LTD
Publication Date
2019-04-05
Estimated Expiration
Not applicable Β· inactive patent

Smart Images

  • Figure 1
    Figure 1
  • Figure 2
    Figure 2
  • Figure 3
    Figure 3
Patent Text Reader

Abstract

The invention provides an abnormal flow detection method, device and equipment. The method comprises that a first flow value of flow transmitted in each preset time slot by network equipment in the preset time length is obtained; a first flow sequence including all the first flow values is determined; a first group of wavelet coefficients corresponding to the first flow sequence is calculated; a first Hurst index corresponding to the first group of wavelet coefficients is calculated; if the absolute value of a difference between the first Hurst index and a standard Hurst index is greater thana first threshold, it is determined there is abnormal flow; and otherwise, it is determined that there is no abnormal flow. Thus, existence of the abnormal flow can be detected more accurately, incorrect detection results can be reduced, and false alarm and neglected alarm can be reduced.
Need to check novelty before this filing date? Find Prior Art

Description

technical field

[0001] The present invention relates to the technical field of communications, in particular to a method, device and equipment for detecting abnormal traffic. Background technique

[0002] There are more and more attacks on the network, such as port scanning attacks, DDoS (Distributed Denial of Service, distributed denial of service) attacks, worm attacks, etc. These attacks will lead to network performance degradation, interfere with normal network behavior, and even cause The network is interrupted or paralyzed. Therefore, it is necessary to detect abnormal traffic in the network (that is, traffic generated by attack behavior) in time, and control the abnormal traffic.

[0003] In order to detect abnormal traffic in the network, traffic thresholds can be set. At any time, if the traffic volume in the network is greater than the traffic threshold, it is considered that there is abnormal traffic at this time. If the traffic value in the network is not grea...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More