A load-independent method for detecting network abuse

A network and behavior technology, applied in data exchange networks, digital transmission systems, electrical components, etc., can solve problems such as large amount of calculation, large system resources, violation of user privacy, etc., and achieve the effect of small amount of calculation and less computing resources.

Inactive Publication Date: 2011-12-21
PEKING UNIV
View PDF0 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0004] The traditional signature matching method to detect network abuse has a good detection rate and real-time performance. However, this method needs to analyze the payload (application layer content) of each data packet in the TCP stream, and extract the signature of each application protocol for further analysis. Matching, the amount of calculation is large, and it takes up more system resources when deploying and running
In addition, since many current application protocols adopt encryption measures in data transmission, it becomes more and more difficult to extract and verify protocol signatures.
Finally, the load information of the extracted data also involves legal issues of violating user privacy to a certain extent

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • A load-independent method for detecting network abuse
  • A load-independent method for detecting network abuse
  • A load-independent method for detecting network abuse

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0045] The method for detecting network abuse based on traffic information of the present invention will be described in detail below with reference to the accompanying drawings, but the present invention is not limited to the following embodiments.

[0046] The flow process of the inventive method is as figure 1 As shown, its working process is as follows:

[0047] (1) Traffic log collection. Use gateway facilities such as firewalls to collect network traffic log information. This step includes two aspects of work, one is to collect normal traffic logs, and the other is to collect traffic logs of various types of network abuse behavior hosts. During the collection process, each type is marked with a type label, and then the normal traffic log and the traffic log with network abuse behavior are collected to form a traffic log information training set.

[0048] Sample traffic log:

[0049] 2007-10-19 00:00:04 Local7.Debug 172.31.4.44 id=firewall time="2007-10-19

[0050] 0...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses a load-independent method for detecting network abuse, which belongs to the technical field of computer network and data communication. The method of the present invention is as follows: first collect the normal traffic log and the traffic log with network abuse behavior to form the traffic log information training set; extract the feature vector of the network abuse behavior from the traffic log information training set to form the feature vector set; then use the machine learning algorithm The feature vector set is learned to obtain the abuse detection classifier; finally, the network abuse detection classifier is arranged to detect the traffic log online and detect the network abuse. Compared with the prior art, the present invention has the advantages of small calculation amount, less calculation resource occupation, no influence of data encryption and legal problems of privacy infringement, and can timely and accurately discover network abuse.

Description

technical field [0001] The invention relates to a method for detecting network abuse, in particular to a load-independent method for detecting network abuse, which belongs to the technical field of computer network and data communication. Background technique [0002] As P2P is widely used and widely used, it consumes a lot of network resources, and its harm to the network is increasing, so that the detection of network abuse is getting more and more attention. [0003] There are two main harms manifested by network abuse: first, it will occupy a large amount of traffic and consume a large amount of network bandwidth; second, it will establish a large number of TCP / UDP connections with high divergence, and many of them are only transmitted A short connection with several datagrams. Since gateways, firewalls and other devices are configured at the network border, these network border devices must maintain or monitor all connections between local network machines and external...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Patents(China)
IPC IPC(8): H04L12/24H04L29/06
Inventor 龚晓锐陈昱黄春芳朴爱花陈斌平夏雨
Owner PEKING UNIV
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap