Unlock instant, AI-driven research and patent intelligence for your innovation.

Method and system for detecting abnormal network traffic based on Spark

A traffic detection and network anomaly technology, applied in the transmission system, file system, digital transmission system, etc., to achieve the effect of optimizing the network security environment, efficiently obtaining real-time data, and reducing work pressure

Pending Publication Date: 2022-03-01
SHANDONG LANGCHAO YUNTOU INFORMATION TECH CO LTD
View PDF0 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

Every time data is inserted or updated, the data is carried out in real time, so the operation and maintenance personnel need to observe and maintain continuously

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Method and system for detecting abnormal network traffic based on Spark

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0059] The method for network abnormal traffic detection based on Spark of the present invention, the method is that the log data collected by the Flume NG convergence node passes through the Kafka cluster, and the log data is collected and analyzed based on Spark, and is performed by a trained logical regression model. Log data identification, and finally display and output the processing results of the Spark Streaming real-time calculation program to the user; the details are as follows:

[0060] S1. Define Spark to read the log data access process of the current system from the log file, obtain the parameters of the total number of requests, number of visitors, resource flow size, and log size from the log file, and Spark obtains the current access according to the real-time status code ratio preProcessing The status code method of the access record information is preprocessed and marked;

[0061] S2, Spark loads the processed log data for processing, and obtains the ngram ...

Embodiment 2

[0087] The system of Spark-based network abnormal traffic detection in the present embodiment, the system includes,

[0088] The definition module is used to define the log data access process of the current system that Spark reads from the log file, obtains the parameters of the total number of requests, the number of visitors, the size of resource flow, and the size of the log from the log file, and Spark preProcessing according to the real-time status code ratio The method of obtaining the status code of the current visit, performing data preprocessing on the visit record information and adding tags;

[0089] The loading module is used for Spark to load and process the processed log data to obtain the ngram sequence;

[0090] The extraction module is used to load data into Spark and extract features from the data through TF-IDF. It performs hash word frequency statistics and discrimination degree estimation, and uses a classifier to perform logistic regression operations to...

Embodiment 3

[0103] The embodiment of the present invention also provides an electronic device, including: a memory and a processor;

[0104] Wherein, the memory stores computer-executable instructions;

[0105] A processor executes the computer-executed instructions stored in the memory, so that a processor executes the Spark-based network abnormal traffic detection method described in any one of the present invention.

[0106] The processor can be a central processing unit (CPU), and can also be other general-purpose processors, digital signal processors (DSPs), application-specific integrated circuits (ASICs), off-the-shelf programmable gate arrays (FPGAs) or other programmable logic devices, Discrete gate or transistor logic devices, discrete hardware components, etc. The processor may be a microprocessor or the processor may be any conventional processor or the like.

[0107] The memory can be used to store computer programs and / or modules, and the processor implements various funct...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention discloses a Spark-based network anomaly traffic detection method and system, belongs to the technical field of a distributed computing framework Spark and a big data storage framework HDFS, and aims to solve the technical problem of how to quickly change a security policy according to a real-time record, relieve the working pressure of operation and maintenance personnel and improve the safety of the operation and maintenance personnel. According to the technical scheme, the method comprises the steps that log data collected by Flume NG sink nodes passes through a Kafka cluster, feature collection and analysis are conducted on the log data based on Spark, log data recognition is conducted through a trained logistic regression model, and therefore abnormal attack recognition and distribution are achieved. And finally, displaying and outputting a processing result of the SparkStreaming real-time calculation program to a user. The system comprises a definition module, a loading module, an extraction module and an acquisition module.

Description

technical field [0001] The invention relates to the technical field of a distributed computing framework Spark and a large data storage framework HDFS, in particular to a method and a system for detecting abnormal network traffic based on Spark. Background technique [0002] At present, the legal status of electronic evidence has been clarified, so there is a legal basis for using logs as electronic evidence. The evidence collection process of computer forensics is mainly carried out in host systems, network systems and other digital devices. It fetches system logs, security logs, and application logs as well as some data files and temporary files from the host system. Obtain logs of switches and routers, logs of security devices such as firewalls and intrusion detection, and all related log records of access systems and networks from the network system. Other digital files are data files generated by some computer-assisted or controlled equipment, such as images, videos, ...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Applications(China)
IPC IPC(8): H04L9/40H04L67/1097G06F16/14G06F16/182G06F16/35G06F40/216G06F40/284G06N20/00
CPCH04L63/1416H04L63/1425H04L63/1441H04L67/1097G06F16/353G06F40/216G06F40/284G06F16/148G06F16/182G06N20/00
Inventor 房彤胡清
Owner SHANDONG LANGCHAO YUNTOU INFORMATION TECH CO LTD