Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Abnormal flow detection system and method

A technology of abnormal flow and detection system, applied in transmission systems, instruments, biological neural network models, etc., can solve the problems that flow data cannot be well divided into data, reduce detection accuracy, increase calculation loss, etc.

Pending Publication Date: 2020-10-27
SHANGHAI JIAO TONG UNIV +1
View PDF6 Cites 22 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

Considering the huge data volume of network traffic in the ubiquitous power Internet of Things system, using the original traffic features for classification and recognition will increase the calculation loss on the one hand, and on the other hand will introduce unnecessary redundant features and reduce the detection accuracy
However, the complexity of traffic data makes it difficult for commonly used linear dimensionality reduction methods such as PCA to divide the data well.

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Abnormal flow detection system and method
  • Abnormal flow detection system and method
  • Abnormal flow detection system and method

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0057] The abnormal traffic detection system provided according to the present invention includes:

[0058] Traffic feature analysis and selection module: filter the traffic features according to the traffic characteristics of the ubiquitous power Internet of Things, and use the KPCA algorithm to reduce the dimensionality of the traffic features;

[0059] Traffic benchmark model construction module: extract the traffic features after dimensionality reduction, construct a restricted Boltzmann machine model based on the RBM model and SOM clustering algorithm and conduct training, and complete the construction of the benchmark model;

[0060] Traffic benchmark model training module: according to the contrastive divergence algorithm, the abnormality of the trained benchmark model is divided into normal benchmark model and abnormal benchmark model;

[0061] Abnormal traffic detection module: extract and calculate the traffic characteristics to be detected, and detect abnormal traff...

Embodiment 2

[0066] Such as figure 1 As shown, this embodiment specifically includes the following steps: traffic feature analysis and selection, traffic benchmark model construction, traffic benchmark model training, and abnormal traffic detection.

[0067] First of all, when analyzing and selecting traffic characteristics, the data response time in the ubiquitous power Internet of Things system is short, the network data has obvious periodicity and timing, the IP address is relatively fixed, and the length of the message data is short and the length is within a certain range. , high frequency of data transmission, specific network protocol and other characteristics, from the perspective of actual network characteristics, initially select source IP address, destination IP address, source port, destination port, traffic response time, function information field and other characteristics as the traffic characteristics to be selected .

[0068] The service types of the traffic data include ...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention provides an abnormal flow detection system and method, and the system comprises a flow feature analysis and selection module which screens flow features according to the flow features ofa ubiquitous power IOT, and carries out the dimension reduction of the flow features through a KPCA algorithm; a flow reference model construction module which is used for extracting flow characteristics after dimension reduction, constructing a restricted Boltzmann machine model based on an RBM model and an SOM clustering algorithm and training to complete construction of a reference model; a flow benchmark model training module which is used for carrying out anomaly degree division on the trained benchmark model according to a comparison divergence degree algorithm, and dividing the benchmark model into a normal benchmark model and an abnormal benchmark model; and an abnormal flow detection module which is used for extracting and calculating flow characteristics to be detected, and carrying out abnormal flow detection according to the similarity between the output of the reference model and the original input characteristic data. According to the invention, the automatic category labeling of the traffic data can be completed, and the network traffic anomaly detection accuracy is relatively high.

Description

technical field [0001] The invention relates to the technical field of network intrusion detection, in particular to a system and method for detecting abnormal traffic. In particular, it relates to an abnormal traffic detection system based on a restricted Boltzmann machine model and a SOM clustering algorithm. Background technique [0002] Network traffic anomaly detection is an important technical protection method for the ubiquitous power Internet of Things system, and its main implementation method is to use the network traffic anomaly detection technology based on the benchmark model. Specifically, different types of benchmark models are established according to the characteristics of historical traffic, and whether abnormalities occur are judged by matching real-time traffic with each benchmark model. With its excellent generalization and robustness, the machine learning model has gradually become the preferred solution of the benchmark model. However, the machine le...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
IPC IPC(8): G06K9/62G06N3/04H04L29/06
CPCH04L63/1425G06N3/045G06F18/23211G06F18/2135
Inventor 王嘉略李生红李怡晨董之微王刚于同伟朱钰原义栋
Owner SHANGHAI JIAO TONG UNIV
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com