Local sensitivity counting summary method and system for network anomaly detection

A network anomaly and sensitivity technology, applied in the field of network communication, can solve problems such as judgment errors, reducing the effectiveness of counting summary queries, and query result deviations

Active Publication Date: 2019-07-30
NAT UNIV OF DEFENSE TECH
View PDF7 Cites 4 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

Query errors seriously reduce the query effectiveness of count summaries, and the application of query results may cause deviations and cause judgment errors

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Local sensitivity counting summary method and system for network anomaly detection

Examples

Experimental program
Comparison scheme
Effect test

specific Embodiment

[0053] figure 1 A specific embodiment of a local sensitivity counting summary method for network anomaly detection of the present invention is shown, including the following steps:

[0054] Step 1: Obtain the offline network flow data set D from the network, and perform offline training and initialization on the local sensitivity summary data structure LSS(X) through the offline network flow data set D; use the network flow offline data for offline training to obtain a The data packet flow clustering model is used to guide the online insertion process of each local sensitivity summary data structure; the offline training in this embodiment regularly performs network flow data training, so as to update the data packet clustering model in time, and can also Avoid the cluster center shift caused by the real-time update process.

[0055] Step 1.1: Obtain the offline network flow data set D from the network, use the key key of each data packet in the network flow data as the uniqu...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses a local sensitivity counting summary method for network anomaly detection, which comprises the following steps: 1, acquiring an offline network flow data set, performing offline training on the offline network flow data set to obtain a local sensitivity summary data structure, and 2, endowing each host required to be protected with a data structure; 3, obtaining a data message from the network flow, extracting a destination address of the data message, matching the destination address with the protection host list, and if the matching is successful, turning to 4; 4, extracting a source address of the data message, and inserting the source address into a data structure corresponding to the destination address on line; 5, counting the number of inserted source addresses every t seconds, if the number is greater than a threshold value, triggering a network abnormity alarm, and turning to 6; and 6, inquiring a data structure, and carrying out approximate counting and outputting on all inserted source addresses. Data messages with similar sizes are mapped to the same counting array in the offline training process, the barrel mean value counting variance is remarkably reduced, and the approximate error is reduced by more than 100 times within the same storage space size.

Description

technical field [0001] The invention belongs to the field of network communication, and in particular relates to a local sensitivity counting abstract method and system for network anomaly detection. [0002] and system. Background technique [0003] Network anomaly detection can detect network attacks and victims of attacks in a timely manner, and can help to carry out information security protection as soon as possible and minimize the impact of network damage. Distributed denial of service attack (DDOS) causes serious damage to the network and users. A DDOS attack uses a large number of distributed hosts to launch a DOS (denial of service) attack on a designated host, causing the number of connections of the victim host to exceed the number that can be tolerated within a certain period of time. , causing the service of the victim host to be unavailable, and detecting distributed denial-of-service attacks is an important network anomaly detection task. At present, DDOS a...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): H04L29/06G06K9/62
CPCH04L63/1425H04L63/1458G06F18/23213
Inventor 符永铨李东升黄春沈思淇
Owner NAT UNIV OF DEFENSE TECH
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap