Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Network flow multi-module clustering anomaly detection method based on grouping conditional entropy

A technology for network traffic and anomaly detection, applied in electrical components, computer parts, character and pattern recognition, etc., to achieve the effect of enhanced interpretability, strong interpretability, and easy adjustment

Pending Publication Date: 2022-04-22
NANJING UNIV OF SCI & TECH
View PDF0 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

In view of the defects of the previous abnormal traffic detection method, this project will use the statistical characteristics of the traffic during the transmission process to detect. The normal network traffic generated based on different protocols will show different characteristics, but when the network When there is malicious traffic in the traffic, the network traffic will show a similar situation of large batches of data traffic on the time series scale

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Network flow multi-module clustering anomaly detection method based on grouping conditional entropy
  • Network flow multi-module clustering anomaly detection method based on grouping conditional entropy
  • Network flow multi-module clustering anomaly detection method based on grouping conditional entropy

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0026] The method of the present invention first performs data cleaning on the original network traffic characteristic data, filters the characteristics, and converts the data format; then performs data preprocessing, and after feature analysis and selection, puts the training data into corresponding clustering models to generate cluster labels, and calculates The conditional entropy of the label; finally, continue to cluster the conditional entropy to obtain the final network traffic classification result.

[0027] The present invention will be further described below in conjunction with the accompanying drawings.

[0028] Such as figure 1 As shown, a network traffic multi-module clustering anomaly detection method based on grouping conditional entropy in the embodiment of the present invention, the specific implementation process may include the following steps:

[0029] Step 1. Data preprocessing. For this embodiment, the original traffic data uses the public CIC-IDS2018 d...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention discloses a grouping conditional entropy-based network flow multi-module clustering anomaly detection method, which comprises the following steps of: preprocessing original network flow data, segmenting the data into feature groups, performing preliminary clustering on the feature groups, solving the confidence coefficient of a clustering result, and solving conditional entropy; and then each group of conditional entropies are further clustered to determine whether the network packet has the characteristic of abnormal traffic. According to the network flow data processing method, the network flow data is abstracted to the maximum extent, a grouping multi-module clustering algorithm is designed to carry out network flow anomaly detection, and originally dispersed features with small influence factors are combined together and converted into groups which are converged and have greater influence on classification results. And the abstraction degree of the data can be more effectively improved, so that various types of abnormal traffic can show a closer convergence effect in a clustering result.

Description

technical field [0001] The invention belongs to the technical field of network traffic anomaly detection, in particular to a network traffic multi-module clustering anomaly detection method based on grouping condition entropy. Background technique [0002] Traffic identification technology has important applications in network monitoring and management, traffic accounting, and user behavior analysis. For example, intrusion prevention systems and firewalls use this technology to identify malicious traffic and block malicious connections in time; network service providers use it to analyze network traffic distribution to assist QoS (Quality of Service) management; enterprises use traffic identification technology to control application access; related Organizations infer user information and behavior by identifying user mobile device traffic. In view of the above requirements, it is extremely important to realize accurate and efficient traffic identification. In view of the ...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Applications(China)
IPC IPC(8): H04L47/2441H04L41/142H04L9/40G06K9/62
CPCH04L47/2441H04L63/1425H04L41/142G06F18/23
Inventor 杨威张泽栋魏松杰张文哲
Owner NANJING UNIV OF SCI & TECH
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com