Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Real-time flux abnormity detection method on basis of host activity and communication pattern analysis

A technology for abnormal traffic and communication mode, applied in digital transmission systems, electrical components, transmission systems, etc., to solve problems such as the inability to meet the real-time response needs of network administrators, insufficient information on abnormal network traffic events, and inability to identify abnormal traffic types.

Inactive Publication Date: 2011-03-16
BEIJING VENUS INFORMATION TECH
View PDF0 Cites 2 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

However, the traditional abnormal traffic monitoring method has the following two disadvantages: 1) it is impossible to detect those abnormal traffic events that do not cause obvious mutations in the network traffic curve, such as network scanning events, because it is often overwhelmed by normal network traffic; 2 ) detected abnormal network traffic event information is not sufficient, for example, most of the traditional abnormal traffic detection tools cannot identify the specific type of abnormal traffic (is it a denial of service attack or a normal sudden access?), and the specific circumstances of the abnormal traffic event Location (Which IP host did the abnormal traffic event occur on?), therefore, cannot meet the real-time response needs of network administrators

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Real-time flux abnormity detection method on basis of host activity and communication pattern analysis
  • Real-time flux abnormity detection method on basis of host activity and communication pattern analysis
  • Real-time flux abnormity detection method on basis of host activity and communication pattern analysis

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0022] The invention relates to an abnormal traffic detection method based on host activity and communication mode analysis, which can determine the time when an abnormal traffic event occurs in real time in a high-speed network environment, identify the type of the abnormal traffic event, and detect the abnormal traffic event physical location.

[0023] The overall idea of ​​the abnormal traffic detection method described in the present invention: divide the overall network message space into a plurality of message subspaces according to the message types related to abnormal flow events: for each message subspace, carry out active host message transmission statistics and automatic To adapt to message sampling, the active host (TopN) in each message subspace is extracted by mining the statistical results of active host message transmission, and then reports the sampled message set related to the active host in the message sampling buffer. Statistical analysis of text feature d...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention relates to a detection method of analyzing the real-time anomaly traffic based on the host activeness and the communication mode; the invention can determine the occurring time of the anomaly traffic, identify the event type of the anomaly traffic and process physical positioning towards the anomaly traffic event under the high-speed network environment. The invention includes the WAN provides various network services, a region network and a LAN connected with the WAN and a concentration detection device on which a sampling unit, an extracting and computing unit, a comparing unit and a knowledge base unit are arranged; the detection method establishes the communication modes of various types of anomaly traffic based on the prior knowledge; the communication mode of an activehost in the network is extracted to be compared with the communication modes of various types of anomaly traffic event so that the anomaly traffic event occurred on the active host can be identified; the supported anomaly traffic detection events include the Alfa traffic, various Flood events, the Flash-Crowd, the port scanning, the network scanning, the equipment failure and the worm scanning event.

Description

technical field [0001] The present invention relates to a real-time abnormal traffic detection method based on host activity and communication mode analysis, which is applied to the processing and transmission of digital data in network systems, and belongs to a core key technology applied to related network security products in the field of network traffic monitoring— - Abnormal traffic monitoring, type identification and physical location methods. Background technique [0002] Network traffic anomaly detection refers to collecting network traffic data (including network packets and data flows) in the monitored network, and discovering various abnormal traffic events hidden in normal network traffic through data statistics or mining technology, and generating abnormal traffic Alarm events are convenient for network administrators to respond in a timely manner. [0003] Traditional abnormal traffic detection methods often detect sudden changes in real traffic (including the...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Patents(China)
IPC IPC(8): H04L12/26H04L12/56H04L29/08H04L12/24
Inventor 叶润国赵东宾许金鹏华东明骆拥政
Owner BEIJING VENUS INFORMATION TECH
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com