Mining method of normal Server IP white list based on K-Means

A white list, normal technology, applied in the direction of instruments, character and pattern recognition, electrical components, etc., can solve the problems of too much manpower, the inability to fully consider the characteristics of traffic, and difficulty in updating, so as to reduce the detection pressure.
CN112448911AActive Publication Date: 2021-03-05SICHUAN UNIV
7 Cites 1 Cited by

Patent Information

Authority / Receiving Office
CN · China
Patent Type
Applications(China)
Current Assignee / Owner
SICHUAN UNIV
Publication Date
2021-03-05

Smart Images

  • Figure 1
    Figure 1
  • Figure 2
    Figure 2
  • Figure 3
    Figure 3
Patent Text Reader

Abstract

The invention relates to the technical field of computer network traffic analysis, and aims to mine a normal Server IP white list by clustering network traffic through a K-Means clustering algorithm.The method comprises the following steps: firstly, acquiring required communication traffic, restoring bidirectional traffic between two IPs from the required communication traffic, and extracting aninitial white list; then analyzing and storing bidirectional traffic statistical traffic basic information; then performing feature extraction according to the statistical traffic basic information, and clustering features by using a K-Means algorithm to obtain a clustering result; and finally, obtaining the distribution of the initial white list in the clustering result so as to obtain a normal Server IP white list. According to the invention, the normal Server IP white list can be conveniently extracted from the network traffic, the workload of establishing the white list is reduced, and theupdate is convenient.
Need to check novelty before this filing date? Find Prior Art

Description

technical field

[0001] The present invention relates to the technical field of computer network traffic analysis, and aims to capture network traffic and recombine it into two-way streams, then take Server IP as the research object to extract the relevant features of the corresponding streams, and use the K-Means clustering algorithm to cluster the feature data , and then analyze the distribution of the pre-built whitelist in the clustering results, so as to dig out the normal Server IP whitelist. After obtaining the whitelist, it can filter out the traffic generated by many normal network behaviors and reduce the detection of intrusion detection systems. pressure. Background technique

[0002] With the continuous development and popularization of computer technology and Internet of Things technology, the number of networked devices is increasing rapidly, and the traffic generated by networked devices is also increasing, which poses a huge challenge to intrusion detection sy...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More