Network data flow detection method and device

A detection device and detection method technology, applied in the computer field, can solve the problems of non-adaptability of the network and high requirements for black and white traffic training sets, and achieve the effects of cost reduction and low dependence

Active Publication Date: 2019-09-06
HUAWEI TECH CO LTD +1
View PDF7 Cites 17 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0004] However, this method has high requirements for the black-and-white traffic training set, and the labeling of black-and-white traffic still requires a high level of manual experience. There will be great differences in the traffic models in different network scenarios, and traffic detection with a high degree of dependence on network scenarios ( Such as penetration test traffic), model training is required in different network scenarios to achieve better detection results, and it does not have network adaptability

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Network data flow detection method and device
  • Network data flow detection method and device
  • Network data flow detection method and device

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0037] The embodiment of the present application provides a network data flow detection method and device, which are used to judge the type of the cluster by the size of the cluster, which can not rely on the extensiveness and accuracy of the training set, but requires the support of a high-quality training set, effectively reducing the The cost problem brought about by high-quality training sets has realized adaptive malicious traffic identification in different network environments, and is less dependent on human experience and has network adaptability.

[0038] In order to enable those skilled in the art to better understand the solution of the present application, the technical solution in the embodiment of the application will be described below in conjunction with the drawings in the embodiment of the application. Obviously, the described embodiment is only a part of the application Examples, but not all examples. Based on the embodiments in this application, all should ...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The embodiment of the invention discloses a network data flow detection method and device. The method can be applied to a malicious traffic detection scene. According to the method, through judging the type of a cluster according to the size of the cluster, the method does not depend on the universality and accuracy of a training set, does not need the support of a high-quality training set, and effectively reduces the cost problem caused by the high-quality training set. The method achieves the self-adaptive malicious traffic recognition in different network environments, and is less dependent on human experience, and is more adaptive to the network. The method comprises the following steps: extracting feature vectors of a plurality of network data streams for the plurality of network data streams; then clustering the plurality of data streams based on a preset clustering algorithm and the feature vectors of the plurality of network data streams to obtain one or more clusters; and determining the type of each cluster by comparing the feature information of the cluster with a first preset condition.

Description

technical field [0001] The present application relates to the field of computers, in particular to a method and device for detecting network data flow. Background technique [0002] At present, there are more and more application scenarios of Internet encrypted traffic. As mainstream browser providers such as Google begin to define hypertext transfer protocol (HTTP) as "unsafe", more and more websites begin to upgrade Deploy the HTTPS encryption protocol. Therefore, the penetration test traffic facing the website system objectively realizes data encryption, which poses a challenge to the network detection of attack behavior. At the same time, the communication methods of various malicious software, such as Trojan horse virus, etc. are gradually adopting encryption methods (mainly referring to the communication between the controlled node and the CC control server), which also poses a challenge for the network detection of malicious traffic. [0003] A method for network de...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): H04L29/06
CPCH04L63/1416
Inventor 万荣飞蔡启申段海新李鸿培
Owner HUAWEI TECH CO LTD
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap