Network abnormal traffic automatic detection method based on time sequence mining

A network anomaly and time series technology, applied in transmission systems, electrical components, etc., can solve problems such as cumbersome data processing modes, complex data collection methods, and complex network architectures

Active Publication Date: 2020-10-27
SHANDONG UNIV +1
View PDF8 Cites 2 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

However, as the network scale continues to increase, the network architecture becomes more complex, network security incidents continue to increase, and abnormal network traffic occurs frequently, the usual practice is no longer suitable for the current network development requirements.
[0004] The existing automatic detection technology for abno...

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Network abnormal traffic automatic detection method based on time sequence mining
  • Network abnormal traffic automatic detection method based on time sequence mining
  • Network abnormal traffic automatic detection method based on time sequence mining

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0094] Embodiment 1: Abnormal network traffic detection process

[0095] An automatic detection method for abnormal network traffic based on time series mining, such as figure 2 shown, including:

[0096] Step 1: Use the data import module to read the data value of the standard network traffic data. The standard network traffic data includes the data import template and the network traffic data exported by the third-party system, and then extract the core fields to form the initial time series model;

[0097] In step 1, the data import module can be developed in Java language. The data import template includes excel template, csv template, etc., and the template fields include: time stamp, total flow, inflow flow, outflow flow, and remarks. The data value is read, the core field is the time stamp t and the flow value v (including total flow, inflow flow, and outflow flow), and the read data is the network flow data value with time stamp, which is consistent with the time ser...

Embodiment 2

[0116] Example 2: Drill-down detection of abnormal network traffic

[0117] Step i: use the monthly abnormal data sequence detected by the automatic detection system for network abnormal traffic based on time series mining involved in the present invention as the input data to be detected, enter the data buffer space, and use the sliding window to divide the monthly data sequence into each day data subsequence;

[0118] Step ii: Use the fast learning method to learn the optimal front and back slack spaces, and obtain the optimal front and back slack spaces OPSRS for the abnormal subsequence of daily data. The operation process is consistent with the above step 4.

[0119] Step iii: Use the dynamic time warping method of the front and rear slack spaces to calculate the distance between the abnormal subsequences of the daily data, obtain the similarity matrix of the data subsequences, and then calculate the abnormality score of the data subsequences in the current data buffer sp...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention relates to a network abnormal traffic automatic detection method based on time sequence mining. The method belongs to the technical field of data mining, big data analysis and pattern recognition. The method comprises the steps of importing data, forming an initial time sequence model, segmenting the data to obtain data sub-sequences, obtaining optimal front and back relaxation spaces of the to-be-detected data sub-sequences by utilizing a rapid learning method, calculating distances among the data sub-sequences, obtaining a data sub-sequence similarity matrix, calculating abnormal degree scores, performing comparing and determining and the like. By a standard data access interface, a data import module reads the data value of the standard network traffic data so that data import and data standardization are conveniently realized, and the data is converted into a time sequence model and a data acquisition mode is simplified. The abnormal traffic sequence is researched andanalyzed from a plurality of data dimensions by utilizing the provided time sequence abnormal data detection method, so that the complexity of the data is reduced, and meanwhile, the time correlationcharacteristic of the original data of the network traffic is reserved.

Description

technical field [0001] The present invention relates to a method for automatic detection of network abnormal traffic based on time series mining, in particular to a dynamic time warping (Dynamic Time Warping, DTW) similarity measurement algorithm based on relaxation of endpoint constraints (Relaxed Endpoint Constraint) and a method for identifying abnormal Anomaly Score algorithm for traffic. The invention belongs to the technical field of data mining, big data analysis and pattern recognition. Background technique [0002] Today's technology and information technology are developing rapidly, and the application of the network has penetrated into people's lives. At present, the network is developing towards high speed and integration. With the increase of information in the network and the dependence of work and life on the network, the problem of network security has gradually become prominent, and the situation has become increasingly severe. Network security means that ...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
IPC IPC(8): H04L29/06
CPCH04L63/1425
Inventor 展鹏李学庆许浩然胡宇鹏
Owner SHANDONG UNIV
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap