Unlock instant, AI-driven research and patent intelligence for your innovation.

Abnormal network flow detection method and device

A technology of network traffic and detection method, applied in the field of communication, can solve problems such as undetectable, inaccurate detection results, false alarms, etc., to achieve the effect of avoiding false alarms, improving detection efficiency, and improving accuracy

Pending Publication Date: 2021-12-07
中国移动通信集团重庆有限公司 +1
View PDF5 Cites 1 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0004] In summary, these detection methods in the prior art have the following disadvantages: First, they need to build a huge attack signature detection library (ie, the above-mentioned database), which will bring a lot of performance overhead to traffic detection, so they cannot target high-speed Second, it cannot detect different traffic-based variant attacks; third, the detection accuracy is low, the detection results are inaccurate, and errors and false alarms may occur

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Abnormal network flow detection method and device
  • Abnormal network flow detection method and device
  • Abnormal network flow detection method and device

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0027] Exemplary embodiments of the present invention will be described in more detail below with reference to the accompanying drawings. Although exemplary embodiments of the present invention are shown in the drawings, it should be understood that the invention may be embodied in various forms and should not be limited to the embodiments set forth herein. Rather, these embodiments are provided for more thorough understanding of the present invention and to fully convey the scope of the present invention to those skilled in the art.

[0028] figure 1 A flow chart showing an embodiment of an abnormal network traffic detection method of the present invention, as figure 1 As shown, the method includes the following steps:

[0029] S101: Obtain multiple traffic data packets, and extract data packet header information of the multiple traffic data packets.

[0030] In this embodiment, abnormal network traffic is defined as malicious traffic, which may include Internet worms, DDo...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention discloses an abnormal network traffic detection method and device, and the method comprises the steps of obtaining a plurality of traffic data packets, and extracting the data packet header information of the plurality of traffic data packets; according to the data packet header information, counting the traffic size and the data packet count corresponding to each transmission protocol in the plurality of traffic data packets; matching the data packet header information, the traffic size corresponding to each transmission protocol and / or the data packet count with a preset condition to obtain a first matching result; and generating a first abnormal network flow detection result according to the first matching result. According to the invention, by analyzing the data packet header information, the traffic size corresponding to each transmission protocol and the traffic parameters of the data packet count, the accuracy of abnormal network traffic detection is improved, and the generation of false alarms is effectively avoided; and meanwhile, abnormal network traffic detection can be automatically performed on a plurality of traffic data packets based on the data packet header information, so that the detection efficiency is greatly improved, and a high-speed and large-traffic application scene can be dealt with.

Description

technical field [0001] The invention relates to the field of communication technology, in particular to a method and device for detecting abnormal network traffic. Background technique [0002] With the rapid development of the Internet of Things, more and more IoT devices have become the targets of hacker attacks. Due to the large number of IoT devices and weak security protection, once a large number of IoT devices are controlled and traffic attacks are launched, the consequences will be is very serious. An existing network attack trend is to use network traffic to launch attacks instead of directly intruding hosts. For example, distributed denial of service (DDOS) attack, this type of attack will cause more damage to the attack target, and it is difficult to trace the intruder, and the bandwidth consumption caused by the attack will seriously affect the network performance . [0003] At present, the commonly used way to detect abnormal network traffic is based on the n...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
IPC IPC(8): H04L29/06
CPCH04L63/1425Y02D30/50
Inventor 高渊董宇翔张麾军江为强胡声秋
Owner 中国移动通信集团重庆有限公司