An Automatic Detection Method of Network Abnormal Traffic Based on Time Series Mining

A technology for network traffic and network anomalies, applied in the field of dynamic time warp similarity measurement algorithm and anomaly scoring algorithm for identifying abnormal traffic, which can solve problems such as inapplicability, complex data collection methods, and increase in network security incidents, and simplify data collection. method, improve the effect of abnormal detection, and improve the effect of learning efficiency

Active Publication Date: 2021-09-24
SHANDONG UNIV +1
View PDF6 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

However, as the network scale continues to increase, the network architecture becomes more complex, network security incidents continue to increase, and abnormal network traffic occurs frequently, the usual practice is no longer suitable for the current network development requirements.
[0004] The existing automatic detection technology for abnormal network traffic can realize the identification and analysis of abnormal situations in network traffic, but the existing technology has complex data collection methods or requires special hardware device access, cumbersome data processing mode, difficult to determine detection parameters, and difficult installation and implementation. big problem

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • An Automatic Detection Method of Network Abnormal Traffic Based on Time Series Mining
  • An Automatic Detection Method of Network Abnormal Traffic Based on Time Series Mining
  • An Automatic Detection Method of Network Abnormal Traffic Based on Time Series Mining

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0094] Embodiment 1: Abnormal network traffic detection process

[0095] An automatic detection method for abnormal network traffic based on time series mining, such as figure 2 shown, including:

[0096] Step 1: Use the data import module to read the data value of the standard network traffic data. The standard network traffic data includes the data import template and the network traffic data exported by the third-party system, and then extract the core fields to form the initial time series model;

[0097] In step 1, the data import module can be developed in Java language. The data import template includes excel template, csv template, etc., and the template fields include: time stamp, total flow, inflow flow, outflow flow, and remarks. The data value is read, the core field is the time stamp t and the flow value v (including total flow, inflow flow, and outflow flow), and the read data is the network flow data value with time stamp, which is consistent with the time ser...

Embodiment 2

[0116] Example 2: Drill-down detection of abnormal network traffic

[0117] Step i: use the monthly abnormal data sequence detected by the automatic detection system for network abnormal traffic based on time series mining involved in the present invention as the input data to be detected, enter the data buffer space, and use the sliding window to divide the monthly data sequence into each day data subsequence;

[0118] Step ii: Use the fast learning method to learn the optimal front and back slack spaces, and obtain the optimal front and back slack spaces OPSRS for the abnormal subsequence of daily data. The operation process is consistent with the above step 4.

[0119] Step iii: Use the dynamic time warping method of the front and rear slack spaces to calculate the distance between the abnormal subsequences of the daily data, obtain the similarity matrix of the data subsequences, and then calculate the abnormality score of the data subsequences in the current data buffer sp...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention relates to an automatic detection method for abnormal network traffic based on time series mining, which belongs to the technical field of data mining, big data analysis and pattern recognition, including data import, formation of initial time series model, data segmentation to obtain data subsequences, and fast The learning method obtains the optimal front and rear relaxation spaces of the data subsequences to be detected, calculates the distance between each data subsequence and obtains the similarity matrix of the data subsequences, calculates the abnormality score, compares and judges, and other steps. Through the standard data access interface, the data import module reads the data value of the standard network traffic data, conveniently realizes data import and data standardization, and converts it into a time series model, which simplifies the data collection method. The present invention utilizes the proposed The time series abnormal data detection method researches and analyzes the abnormal traffic sequence from multiple data dimensions, which reduces the complexity of the data and retains the time connection characteristics of the original network traffic data.

Description

technical field [0001] The present invention relates to a method for automatic detection of network abnormal traffic based on time series mining, in particular to a dynamic time warping (Dynamic Time Warping, DTW) similarity measurement algorithm based on relaxation of endpoint constraints (Relaxed Endpoint Constraint) and a method for identifying abnormal Anomaly Score algorithm for traffic. The invention belongs to the technical field of data mining, big data analysis and pattern recognition. Background technique [0002] Today's technology and information technology are developing rapidly, and the application of the network has penetrated into people's lives. At present, the network is developing towards high speed and integration. With the increase of information in the network and the dependence of work and life on the network, the problem of network security has gradually become prominent, and the situation has become increasingly severe. Network security means that ...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Patents(China)
IPC IPC(8): H04L29/06
CPCH04L63/1425
Inventor 展鹏李学庆许浩然胡宇鹏
Owner SHANDONG UNIV
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap