Unlock instant, AI-driven research and patent intelligence for your innovation.

Abnormal network flow detection method based on automatic coding

A network traffic and automatic coding technology, applied in the field of network security, can solve problems such as insufficient recognition rate, low efficiency in processing massive data, poor adaptive ability, etc., to improve accuracy and precision, reduce training and testing time, The effect of delay time

Active Publication Date: 2019-11-15
NANJING UNIV OF POSTS & TELECOMM
View PDF5 Cites 15 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0007] The purpose of the present invention is to provide a light-weight automatic coding intrusion detection method to solve the defects in the prior art that the above-mentioned recognition rate is not high enough, the adaptive ability is poor, and the efficiency of processing massive data is too low.

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Abnormal network flow detection method based on automatic coding
  • Abnormal network flow detection method based on automatic coding
  • Abnormal network flow detection method based on automatic coding

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0046] A method for detecting abnormal network traffic based on automatic coding, said method comprising the steps of:

[0047] Step 1 extracts effective features from the original features; specifically, extracts features from the network traffic packet pcap, stores them in a file using pandas.DataForm, performs advanced feature extraction operations, and adds them to the original features to obtain a new data set; Build 1,000 decision trees to build a random forest algorithm. Each tree in the random forest is sampled with replacement from the original data set to construct a sub-dataset; use the sub-dataset to build a sub-decision tree, and the sub-data The set is placed in each sub-decision tree, and each sub-decision tree outputs a result; by voting on the judgment results of the sub-decision tree, the output result of the random forest is obtained; for the decision tree T in the random forest, it is calculated that it is outside its own bag (out of bag) the number of clas...

Embodiment 2

[0052] The overall thinking of the present invention is, firstly carry out effective feature selection to original feature by random forest algorithm, then use Affinity Propagation clustering algorithm (AP) to compare the similarity of the best feature with the normal data of feature selection, Find the features with strong correlation, and then use AutoEncoder as the network structure, use the three-layer network structure and fewer parameters to reconstruct the new data, so as to calculate the root mean square error between the original data and the dimensionality reduction data (RMSE). During this period, we also use the extreme learning machine to optimize the weight and bias, so that the difference between the normal sample and the reconstructed data is equal to 0, so that our model has good expressive ability in the training phase. Finally, in the test phase, we only need to input the data that has been selected through the feature into our model to calculate the root me...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention discloses an abnormal network flow detection method based on automatic coding, and the method is characterized in that the method comprises the following steps: 1) extracting effective features from original features; (2) combining the effective features to obtain a plurality of feature subsets, (3) solving root-mean-square errors of the feature subsets, and (4) clustering the root-mean-square errors to obtain a result value, so that the training and testing time is greatly shortened, the calculation complexity is reduced, and the lightweight purpose is achieved.

Description

technical field [0001] The invention relates to an automatic coding-based abnormal network flow detection method, which belongs to the technical field of network security. Background technique [0002] Network security has become one of the most important issues in the world today, and network data is vulnerable to various types of attacks, resulting in reduced efficiency of the network or system. As one of the important technologies to ensure network security, intrusion detection system has always been concerned by people in the industry. An intrusion detection system is a computer and network security management system, the core of which is to collect and analyze information in various areas of the computer or network, and check whether the behavior in the computer or network is safe. As a proactive security defense technology, intrusion detection can effectively guarantee the security of the network. [0003] With the progress of the times and the development of the net...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
IPC IPC(8): H04L29/06G06K9/62
CPCH04L63/1425G06F18/23213G06F18/24323
Inventor 陈伟李胥蝰张倩茹
Owner NANJING UNIV OF POSTS & TELECOMM