Method and system for detecting abnormal network traffic

A network anomaly and detection method technology, applied in the field of network information security, can solve the problem of difficult detection of local outliers, and achieve the effect of narrowing the feature space

Active Publication Date: 2021-02-09
ZHENGZHOU SEANET TECH CO LTD
View PDF5 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

However, it is difficult to detect local outliers using the isolation forest algorithm alone

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Method and system for detecting abnormal network traffic
  • Method and system for detecting abnormal network traffic
  • Method and system for detecting abnormal network traffic

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0056] The present invention will be further described now in conjunction with accompanying drawing.

[0057] Such as figure 1 As shown, the present invention provides a method for detecting abnormal network traffic, the method comprising:

[0058] Step 1) obtaining traffic data, preprocessing the traffic data, extracting traffic features, and forming a data feature set; including the following steps:

[0059] Step 1-1) intercept the data flow packet from the network, gather a series of data with the same source address, destination address, source port, destination port and protocol into a data flow, usually gather the data packet into a bidirectional flow;

[0060] Step 1-2) construct training data set X={X 1 , X 2 ,...,X n}, where each flow data sample X i Include feature dimension A={a 1 , a 2 ,...,a m}, where all features a k It is the normalized value, 1≤k≤m.

[0061] Features include: flow duration, time between two packets in forward flow, time between two pa...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses a method and system for detecting abnormal network traffic. The method includes: step 1) acquiring traffic data and extracting traffic characteristics, and constructing a data set; step 2) performing rough clustering on the data set in step 1), Divide the data set into several clusters; step 3) divide the samples in the clusters whose number of samples is less than the threshold as global outliers, and determine them as network abnormal traffic. For the clusters whose number of samples is not less than the threshold Class, use the isolation forest algorithm to detect the cluster, if a cluster sample is a local outlier, it is determined to be abnormal network traffic. The method for detecting abnormal network flow of the invention has the advantages of being fast, comprehensive and effective.

Description

technical field [0001] The invention relates to the field of network information security, in particular to a method and system for detecting abnormal network traffic. Background technique [0002] With the rapid development of network technology, the explosive growth of Internet applications, and with the gradual maturity of the mobile Internet, the network environment is becoming more and more complex. The rapid growth of network traffic contains a large number of harmful network intrusions to users, which brings great pressure to network quality of service (QoS) and network security. Common intrusion detection systems mainly include feature detection and anomaly detection. Anomaly detection judges whether the system contains abnormal behaviors that are harmful to network security by analyzing network traffic-related data. Designing a high-precision network anomaly traffic detection model has gradually become a research hotspot. [0003] The current network abnormal traff...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Patents(China)
IPC IPC(8): H04L29/06
CPCH04L63/1425H04L63/1441
Inventor 陈晓余树文郭志川唐政治
Owner ZHENGZHOU SEANET TECH CO LTD
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap