Attack traffic classification method based on SVM

A classification method and attack traffic technology, which is applied in the direction of instruments, character and pattern recognition, electrical components, etc., can solve the problems of feature confusion, low classification accuracy, and large amount of calculation, so as to reduce the amount of calculation, reduce the amount of calculation, and facilitate expansion Effect

Active Publication Date: 2020-05-05
CHINA ELECTRONICS TECH CYBER SECURITY CO LTD
View PDF4 Cites 6 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

However, in the face of multi-classification problems, machine learning algorithms have exposed the shortcomings of existing multi-classification mechanisms, such as excessive calculation and low classification accuracy due to feature confusion.

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Attack traffic classification method based on SVM

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0029] The technical solution of the present invention will be further described in detail below in conjunction with the accompanying drawings, but the protection scope of the present invention is not limited to the following description.

[0030] In order to make the purpose, technical solutions and advantages of the embodiments of the present invention clearer, the technical solutions in the embodiments of the present invention will be clearly and completely described below in conjunction with the accompanying drawings in the embodiments of the present invention. Obviously, the described embodiments It is some embodiments of the present invention, but not all of them. Based on the implementation manners in the present invention, all other implementation manners obtained by persons of ordinary skill in the art without creative efforts fall within the protection scope of the present invention. Accordingly, the following detailed description of the embodiments of the invention ...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses an attack traffic classification method based on SVM. The method comprises the steps: giving Nt as a training sample in malicious traffic detection, and enabling a single sample xi to belong to Rd and represent a d-dimensional network traffic; in the flow classification step, a decision function f (x) = wx + b is solved in a d-dimensional space, so that a boundary is found,samples are mapped to corresponding flow classification labels, and the samples are distributed on the two sides of the boundary; in the two-dimensional plane, the boundary is a straight line; in thehigh-dimensional space, the boundary is a hyperplane; the core of the SVM-based classification problem is to find a boundary obeying the minimum misclassification ratio; after the parameters of the quadratic programming problem are solved, unknown flow samples can be classified by calculating a decision function. The device is wide in application range and convenient to expand. And the method canbe extended to abnormal flow detection scenes of protocols such as FTP, telnet and SMTP. Abnormal flow detection is carried out by utilizing data packet loads, and attack flow classification is realized.

Description

technical field [0001] The invention relates to an attack flow classification method based on SVM. Background technique [0002] Abnormal network traffic detection can effectively defend against network security threats. The core of this method lies in the collection and analysis of traffic data. The network traffic data used for malicious traffic detection can be divided into 4 categories, namely: 1). Packet level-traffic header and load information; 2). Data flow level-network flow statistics; 3). Connection level - connection data information between two IPs; 4). Host data - host activity information. Among them, the data packet information is the most abundant. By analyzing the load information, the traffic can be classified more accurately, which greatly reduces system security risks and improves system security. At present, the detection of malicious traffic at the data packet level mainly uses the deep packet detection technology. The commonly used software is: SNOR...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): H04L29/06G06K9/62
CPCH04L63/1425H04L63/1416H04L63/1466G06F18/2411
Inventor 和达刘杰王一凡陈剑锋徐锐饶志宏
Owner CHINA ELECTRONICS TECH CYBER SECURITY CO LTD
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap