Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Mining method of normal Server IP white list based on K-Means

A white list, normal technology, applied in the direction of instruments, character and pattern recognition, electrical components, etc., can solve the problems of too much manpower, the inability to fully consider the characteristics of traffic, and difficulty in updating, so as to reduce the detection pressure.

Active Publication Date: 2021-03-05
SICHUAN UNIV
View PDF7 Cites 1 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

In the above method, the rule writing is cumbersome, and the characteristics of the traffic cannot be fully considered, while the establishment of a complete white list takes a long time, requires more manpower, and is difficult to update
[0004] The mainstream filtering method can indeed reduce the amount of traffic to be detected, but due to its limitations, the filtering effect is not ideal, so this paper proposes a normal Server IP whitelist mining method based on K-Means

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Mining method of normal Server IP white list based on K-Means
  • Mining method of normal Server IP white list based on K-Means
  • Mining method of normal Server IP white list based on K-Means

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0015] like figure 1 As shown, the overall process of the present invention includes traffic collection, bidirectional flow generation, establishment of an initial whitelist, flow information statistics, flow feature extraction, K-Means clustering, category analysis, and finally obtains a normal Server IP whitelist, as follows These steps are described in detail.

[0016] 1. Traffic collection

[0017] The present invention needs to pre-collect the network traffic generated by normal users operating computers for a period of time, and save the collected traffic as a pcap file (a datagram storage format) for subsequent processing by using technologies such as Wireshark and Streamdump.

[0018] 2. Initial white list

[0019] Use Wireshark to analyze the pcap file obtained in step 1, analyze all the communication records in it, and then extract the relevant Server Name and Server IP of 27 well-known Internet companies and save it as a csv file. The saved content is like "git***...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention relates to the technical field of computer network traffic analysis, and aims to mine a normal Server IP white list by clustering network traffic through a K-Means clustering algorithm.The method comprises the following steps: firstly, acquiring required communication traffic, restoring bidirectional traffic between two IPs from the required communication traffic, and extracting aninitial white list; then analyzing and storing bidirectional traffic statistical traffic basic information; then performing feature extraction according to the statistical traffic basic information, and clustering features by using a K-Means algorithm to obtain a clustering result; and finally, obtaining the distribution of the initial white list in the clustering result so as to obtain a normal Server IP white list. According to the invention, the normal Server IP white list can be conveniently extracted from the network traffic, the workload of establishing the white list is reduced, and theupdate is convenient.

Description

technical field [0001] The present invention relates to the technical field of computer network traffic analysis, and aims to capture network traffic and recombine it into two-way streams, then take Server IP as the research object to extract the relevant features of the corresponding streams, and use the K-Means clustering algorithm to cluster the feature data , and then analyze the distribution of the pre-built whitelist in the clustering results, so as to dig out the normal Server IP whitelist. After obtaining the whitelist, it can filter out the traffic generated by many normal network behaviors and reduce the detection of intrusion detection systems. pressure. Background technique [0002] With the continuous development and popularization of computer technology and Internet of Things technology, the number of networked devices is increasing rapidly, and the traffic generated by networked devices is also increasing, which poses a huge challenge to intrusion detection sy...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Applications(China)
IPC IPC(8): H04L29/06G06K9/62
CPCH04L63/1425H04L63/0236H04L63/101G06F18/23213
Inventor 刘亮李凯郑荣锋
Owner SICHUAN UNIV
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com