Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Network traffic data analysis method and system

A technology of network traffic and network flow, applied in digital transmission systems, transmission systems, data exchange networks, etc., can solve the problems of poor generalization performance, low detection rate, and reduced false alarm rate of network security anomaly detection technology

Active Publication Date: 2021-02-23
NAT SPACE SCI CENT CAS
View PDF6 Cites 40 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0007] The purpose of the present invention is to solve the problems of poor generalization performance of network security anomaly detection technology, low detection rate and high false alarm rate in existing network traffic data analysis methods. The present invention proposes a method based on sparse autoencoder and An extreme random tree network traffic data analysis method. This method can start from network flow data and select corresponding automatic encoding methods for different types of features. It can not only reduce the feature dimension, but also can analyze features such as IP addresses and protocols. Effective distance calculation provides a basis for traditional distance-based or density-based anomaly detection techniques; then, for the processed numerical features, a feature selection method based on an extreme random tree is used, which can not only reduce dimensionality, but also ensure the selected The features still have practical significance, which provides the possibility for subsequent analysis; the extracted feature set can be combined with supervised classification technology or unsupervised outlier anomaly detection technology. Experiments show that the accuracy rate has been effectively improved, and the false positive rate It is greatly reduced, and due to the recoding of data and feature engineering processing, the calculation speed becomes much faster

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Network traffic data analysis method and system
  • Network traffic data analysis method and system
  • Network traffic data analysis method and system

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0088] The present invention will be further described now in conjunction with accompanying drawing.

[0089] The present invention proposes a method for abnormality detection of network traffic data, the method comprising:

[0090] Step 1) Grab raw network traffic data in real time;

[0091] Specifically, an open source tool is used to capture the original network traffic data from the network environment in real time, and save it as a file in PCAP format; in this embodiment, the TCPDUMP tool is mainly used to capture the original network traffic data from the network environment in real time ;

[0092] Step 2) extracting available data features from the obtained original network traffic data, and obtaining network traffic feature data;

[0093] Specifically, such as figure 2 As shown, the Argus tool is used to extract the first feature from the obtained original network traffic data, and the first feature includes: source IP address, source port number, target IP address...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention belongs to the technical field of network flow data analysis and particularly relates to a network flow data exception detection method. The method comprises the following steps of processing original network flow data captured in real time to obtain network flow data; if the network flow data is abnormal data, outputting an exception, inputting the exception data into a pre-trainedfirst exception classifier, judging that the attack type of the exception data is a known attack type, and outputting the attack type of the exception data; if the network flow data is not abnormal data, further detecting whether the network flow data is abnormal or not by adopting an unsupervised anomaly detection method; if the network flow data is abnormal data, inputting the abnormal data intoa pre-trained second abnormal classifier, judging that the type of the abnormal data is an unknown attack type, and marking the abnormal data as the unknown attack type; and if the network flow datais not abnormal data, the output being normal.

Description

technical field [0001] The present invention belongs to the field of abnormality detection technology and network traffic data analysis technology based on machine learning and big data, and in particular relates to a network traffic data analysis method and system, in particular, a network traffic analysis method based on sparse autoencoder and extreme random tree Data analysis method and system. Background technique [0002] In recent decades, with the rapid development of the Internet, people's communication methods, consumption patterns, and even the economic form of the entire country have been reshaped time and time again from the Internet of Consumers, the Internet of Industry, and the Internet of Everything. As a result, network security issues have become more and more difficult, and the endless network attacks have made traditional defense methods powerless in the face of new attack methods. From the basic data link layer to the network layer and transport layer, ...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Applications(China)
IPC IPC(8): H04L29/06H04L12/24
CPCH04L63/1425H04L63/1408H04L41/145
Inventor 方少峰孙鹏科闫振中郑岩马福利佟继周
Owner NAT SPACE SCI CENT CAS
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com