Malicious traffic detection method and device in high-bandwidth scene based on frequency domain analysis

Abstract

The invention provides a malicious traffic detection method in a high-bandwidth scene based on frequency domain analysis. The method comprises the following steps: carrying out data packet granularity feature extraction on network traffic to obtain a data packet granularity feature; encoding the features of the data packet granularity to obtain matrix representation, performing fitting operation to obtain a plurality of frames, and performing frequency domain analysis on each frame to obtain a corresponding frequency domain feature; calculating the power of the frequency domain features to obtain power representation, performing logarithmic transformation to obtain frequency domain feature representation, cutting and averaging the frequency domain feature representation to serve as the input of a statistical clustering algorithm, and outputting a clustering center; and calculating the distance between the frequency domain feature representation and the corresponding nearest clustering center, if the distance is greater than a predetermined multiple of a training error, determining that the flow corresponding to the frequency domain feature representation is abnormal flow, otherwise, determining that the flow is normal flow. The method has the advantages of high detection throughput, high precision, low time delay and the like, and malicious traffic can be accurately detected in a high-bandwidth scene while calculation overhead and storage overhead are considered.

Description

technical field [0001] The present application relates to the technical field of network security, in particular to a method and device for detecting malicious traffic in a high-bandwidth scenario based on frequency domain analysis. Background technique [0002] In recent years, network security has gradually become an important part of national security. The phrase "there is no national security without network security" fully demonstrates the important position of Internet security construction in national security construction. However, a large number of new types of cyber attacks are proposed every year. How to quickly detect new network attacks has become an important issue in the field of network security research. [0003] In high-bandwidth scenarios such as backbone networks or enterprise gateways, detecting and blocking malicious traffic can protect a large number of legitimate network users and significantly improve Internet security. In addition, tools for detec...

AI Technical Summary

Problems solved by technology

[0007] For this reason, the first purpose of this application is to propose a malicious traffic detection method in high bandwidth scenarios based on frequency domain analysis, which solves the problem that the existing methods cannot be applied to high bandwidth scenarios and the detection accuracy is not high, and at the same time It also solves the problem that the existing methods work in low-bandwidth scenarios, or work in the form of offline analysis, which does not guarantee real-time detection, and uses frequency domain analysis to extract the characteristics of network traffic, which is realized under the condition of ensuring high processing efficiency. Effectively extract the characteristics of network traffic, and use statistical clustering algorithms to detect malicious traffic accurately and in real time, while ensuring high detection throughput and low time delay, with extremely high detection accuracy

Images