Flow anomaly detection method based on multi-order Markov chain

A technology of Markov chain and detection method, which is applied in the direction of instruments, character and pattern recognition, digital transmission system, etc., and can solve the problems of limited scope of application and high computing overhead

Active Publication Date: 2019-11-15
SHENZHEN GRADUATE SCHOOL TSINGHUA UNIV
View PDF8 Cites 5 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

Although this method has strong robustness, its computational overhead is relatively large, and its scope of application is relatively limited.

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Flow anomaly detection method based on multi-order Markov chain
  • Flow anomaly detection method based on multi-order Markov chain
  • Flow anomaly detection method based on multi-order Markov chain

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0023] The present invention will be further described below in conjunction with the accompanying drawings and specific embodiments.

[0024] A network flow is a sequence of packets with the same quintuple over a period of time. Therefore, the behavior of network traffic can be described by packets. The present invention adopts the clustering method to determine the state of each data packet in the network flow and generate a state sequence, the Markov chain of the Markov model is represented by the network flow, and the Markov chain is represented by the state of the data packet in the network flow The state of the traffic, so as to construct the normal behavior profile of the traffic, which can well identify the abnormal network traffic.

[0025] For this reason, the specific embodiment of the present invention proposes a kind of traffic anomaly detection method based on multi-order Markov chain, refer to figure 1 , including the following steps S1-S4:

[0026] S1. Using th...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses a flow anomaly detection method based on a multi-order Markov chain, and the method comprises the steps: building a flow normal behavior contour based on a Markov model throughnormal historical flow data, and obtaining the parameters of the Markov model through training; based on the EWMA and a sliding window mechanism, constructing a judgment threshold value at the momentt by utilizing the predicted value at the moment t and the standard deviation of the occurrence probability of the network flow in the sliding window; judging the state of a data packet of the network flow at the moment t so as to convert the network flow at the moment t into a state sequence It; calculating the occurrence probability Pr(It) of the state sequence It by using a trained Markov model, and comparing the occurrence probability Pr(It) with a judgment threshold sigma t at the moment t; if Pr(It) is larger than sigma t, judging that the network flow at the moment t is normal flow; otherwise, judging that the network flow at the moment t is abnormal flow.

Description

technical field [0001] The invention relates to the technical field of computer network management, in particular to a flow anomaly detection method based on a multi-order Markov chain. Background technique [0002] The Internet and information technology are one of the fastest-growing technologies in the world of science and technology research. Because of their convenience, mobility, and low price, they are changing people's way of life. Everything from chatting, shopping, and entertainment to aerospace, weapons and missiles cannot be separated from the Internet. The rapid development of the Internet has promoted profound changes in globalized production and lifestyles. With the development of network theory and technology and the continuous enhancement of network hardware performance, the traffic scale of the entire Internet is also continuously increasing. The rapid expansion of network applications in the Internet age is conducive to the efficient and convenient life ...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
IPC IPC(8): H04L12/24H04L29/06G06K9/62
CPCH04L41/0876H04L41/145H04L41/147H04L63/1408H04L63/30G06F18/2321G06F18/2415
Inventor 肖喜毛科龙夏树涛郑海涛江勇
Owner SHENZHEN GRADUATE SCHOOL TSINGHUA UNIV
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap