Network abnormal flow detection method, device and equipment

A network abnormality and traffic detection technology, applied in the field of network security, can solve the problems of inability to efficiently and accurately analyze and process abnormal traffic, and high capacity limitations

Active Publication Date: 2020-11-13
HANGZHOU ANHENG INFORMATION TECH CO LTD
View PDF9 Cites 22 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0005] The purpose of this application is to provide a network abnormal traffic detection method, device, equipment and readable storage medium to solve the problem that traditional network security protection schemes have high limitations and cannot efficiently and accurately analyze and process abnormal traffic

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Network abnormal flow detection method, device and equipment
  • Network abnormal flow detection method, device and equipment
  • Network abnormal flow detection method, device and equipment

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0057] The following introduces Embodiment 1 of a method for detecting abnormal network traffic provided by the present application, see figure 1 , embodiment one includes:

[0058] S101. Collect network traffic of the target device to obtain traffic data;

[0059] S102. Extract traffic rule features of each session packet in the traffic data;

[0060] S103. Using the traffic rule feature of each session packet as a data object, perform clustering using a K-value clustering algorithm to obtain an initial clustering result;

[0061] S104. Using the initial clustering result as an input, perform clustering again using a hierarchical clustering algorithm to obtain a target clustering result;

[0062] S105. Determine abnormal session packets in the traffic data according to the target clustering result.

[0063] Specifically, this embodiment can run at the exit where the subnet is connected to the backbone network, and access the switching device at the border in a bypass mode....

Embodiment 2

[0075] see figure 2 , embodiment two specifically includes:

[0076] S201. Collect network traffic from the switching device to obtain traffic data, wherein the switching device is located at an exit where the subnet is connected to the backbone network;

[0077] S202. According to the protocol specification of the current communication protocol, filter the complete session message from the traffic data;

[0078] S203. For each complete session message, judge whether the behavior of the session message is normal according to the preset finite state machine of the current communication protocol, wherein the finite state machine is used to describe a normal session under the current communication protocol Behavior and / or abnormal session behavior; if normal, then release; if not normal, then enter S204;

[0079] S204. Determine the deviation range of the traffic rule feature of the session packet according to the pre-established relationship function between the traffic rule ...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses a network abnormal flow detection method. According to the method, the traffic data of the target equipment can be collected, the traffic rule characteristics of each session message in the traffic data are extracted, the session messages are clustered by adopting the K value clustering algorithm in combination with the hierarchical clustering algorithm, the reliability ofthe clustering process is improved, and finally, the abnormal session messages in the traffic data are detected according to the clustering result. The purpose of automatically detecting the network abnormal flow is achieved, and the safety of network equipment is improved. In addition, the invention further provides a network abnormal flow detection device and equipment and a readable storage medium, and the technical effect of the network abnormal flow detection device and equipment corresponds to the technical effect of the method.

Description

technical field [0001] The present application relates to the technical field of network security, in particular to a method, device, equipment and readable storage medium for detecting abnormal network traffic. Background technique [0002] Traditional security detection products or platforms cannot detect new types of threats more effectively. In addition, with the rapid development of Internet technology, various application technologies in the network environment are becoming more complex, making the boundaries of Internet networks and application systems more tend to be Animate and blur. [0003] At the same time, in the face of increasingly frequent network attacks, network attack methods have become more concealed and advanced, while traditional network security and threat analysis technologies have relatively high processing capabilities, resulting in the inability to obtain, analyze and utilize threat intelligence information more efficiently and accurately, and can...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): H04L29/06G06F16/35G06K9/62
CPCH04L63/1416H04L63/1425G06F16/353G06F18/231G06F18/23213
Inventor 王亚国范渊
Owner HANGZHOU ANHENG INFORMATION TECH CO LTD
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap