Abnormal flow detection method and device

A technology of abnormal traffic and detection methods, applied in the field of network security, can solve the problems of absolute output results, difficulty in obtaining abnormal samples, etc., and achieve the effect of convenient detection

Inactive Publication Date: 2019-12-10
BEIJING TOPSEC NETWORK SECURITY TECH +2
View PDF4 Cites 2 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0005] The technical problem to be solved by the present invention is to solve the technical problems in the prior art that the use of classification algorithms to detect abnormal traffic has difficulty in obtaining abnormal samples and the output results are too absolute. The present invention proposes a method and device for detecting abnormal traffic

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Abnormal flow detection method and device
  • Abnormal flow detection method and device
  • Abnormal flow detection method and device

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0044] In order to further explain the technical means and functions adopted by the present invention to achieve the intended purpose, the present invention will be described in detail below in conjunction with the accompanying drawings and preferred embodiments.

[0045] like figure 1 As shown, the method for detecting abnormal traffic according to the embodiment of the present invention includes:

[0046] S101: Extract feature data of the data stream, and generate feature vectors based on the feature data;

[0047] S102: Input the feature vector into the pre-trained anomaly detection model for calculation;

[0048] S103: output the detection result of the data stream;

[0049] Among them, the anomaly detection model adopts the local anomaly factor algorithm model, that is, the LOF model.

[0050] It should be noted that, in related technologies, a classification algorithm is used to detect abnormal traffic. Classification algorithms require a large amount of abnormal tra...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention provides an abnormal flow detection method and device, and the method comprises the steps: extracting the feature data of a data flow, and generating a feature vector based on the feature data; inputting the feature vector into a pre-trained anomaly detection model for calculation; outputting a detection result of the data stream, wherein the anomaly detection model adopts a local anomaly factor algorithm model. According to the method for detecting the abnormal flow, the LOF algorithm is adopted for detecting the abnormal flow, the LOF algorithm is an unsupervised algorithm, training samples do not need to be labeled, and training and abnormal detection can be carried out under the condition that no abnormal sample exists. Therefore, the abnormal flow can be detected more conveniently. Moreover, the LOF algorithm finally outputs a classification result capable of reflecting the abnormal degree value of the sample instead of a normal or abnormal classification result, sothat the output result can reflect the detection condition of the abnormal flow more intuitively.

Description

technical field [0001] The invention relates to the technical field of network security, in particular to a method and device for detecting abnormal traffic. Background technique [0002] With the development of information technology, the network has become an indispensable part of people's daily life, bringing great convenience to work, life and study. But everything has two sides, and the openness of the network also brings many security problems. Abnormal network traffic refers to the situation where the traffic behavior of the network deviates from the normal behavior, for example, there is a sudden abnormal major change in the network traffic. There are many reasons for abnormal network traffic, such as abnormal network equipment, abnormal network operation, abnormal flash congestion, network attack behavior, etc. Abnormal network traffic not only affects the normal use of the network and business systems, but also threatens the information security of network users,...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): H04L29/06G06K9/62
CPCH04L63/1425G06F18/24133
Inventor 张新薛智慧张旭
Owner BEIJING TOPSEC NETWORK SECURITY TECH
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap