Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Network-wide Anomaly Detection and Localization Method Based on Robust Multivariate Probability Calibration Model

A technology for calibrating models and network anomalies, applied in data exchange networks, electrical components, digital transmission systems, etc., to solve problems affecting the accuracy of normal models, incomplete data, and accelerated network speeds

Active Publication Date: 2018-04-17
中国人民解放军防空兵学院
View PDF3 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

The network-wide anomaly detection method based on traffic statistics improves detection performance by introducing network information with a wider range and more dimensions. The increase of collection equipment and the acceleration of network speed make it necessary to consider the lack of collection data caused by some equipment failures, or the lack of flow data during transmission, which will make the above abnormal detection method fail due to incomplete data. The second is that the actual backbone network traffic is not only huge in data volume, but also very complex. The hidden abnormal traffic will affect the accuracy of normal model construction, making it difficult to select model parameters and the stability of anomaly detection methods is extremely difficult. guarantee, and some deliberate attack traffic can seriously poison the detector; third, the above method can find anomalies, but there are still deficiencies in anomaly location
Ringberg et al. researched and analyzed the shortcomings of PCA-based network-wide anomaly detection methods in anomaly location; Eriksson et al. proposed a network-wide anomaly detection and location method based on basis detect, but this method can only locate To the border router, more detailed abnormal location information cannot be provided

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Network-wide Anomaly Detection and Localization Method Based on Robust Multivariate Probability Calibration Model
  • Network-wide Anomaly Detection and Localization Method Based on Robust Multivariate Probability Calibration Model
  • Network-wide Anomaly Detection and Localization Method Based on Robust Multivariate Probability Calibration Model

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0166] The network-wide anomaly detection and localization method based on the robust multivariate probabilistic calibration model (robust multivariate probabilistic calibration model, RMPCM) contains the following steps:

[0167] Step 1. Normal traffic modeling: use the collected traffic data to establish a normal model;

[0168] Step 2. Traffic anomaly detection: use the Mahalanobis distance between the sample and the normal model to measure whether the sample is abnormal;

[0169] Step 3. Abnormal OD location: locate the location where the abnormality occurs by analyzing the contribution to the OD flow of abnormal samples.

[0170] The relationship between abnormal events in the network and network anomaly detection and location is (such as figure 2 shown): Abnormal events will affect the statistics of some flows in the network, and the change of the corresponding statistics of the overall network flow triggers the alarm of the anomaly detector. After receiving the alarm,...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The present invention relates to a full network anomaly detection positioning method based on a robust multivariate probability calibration model. The full network anomaly detection positioning method comprises a normal flow modeling step 1 of using the acquired flow data to establish a normal state model, wherein the normal flow modeling comprises the normal model construction containing the abnormal noise data and the normal model construction on the condition of missing the flow data; a flow anomaly detection step 2 of utilizing a mahalanobis distance of a sample and the normal state model to measure whether the sample is abnormal; an abnormal OD positioning step 3 of positioning the anomaly position by the contribution analysis on an abnormal sample OD flow. The full network anomaly detection positioning method based on the robust multivariate probability calibration model can process the complete data, also can process the data missing condition, and is stronger in abnormal noise interference resistance, lower in model parameter sensitivity and stable in performance.

Description

(1) Technical field [0001] The invention relates to a network anomaly detection method, in particular to a network-wide anomaly detection and positioning method based on a robust multivariate probability calibration model. (two), background technology [0002] In the current Internet environment, various network abnormal events emerge in endlessly. Large-scale network intrusions such as DDos attacks and botnets pose serious threats to the safe operation of the Internet, and network congestion and network failures will also seriously affect the quality of Internet services. Therefore, , the detection and location of network abnormal behavior is very necessary. At the same time, there are many types of network anomalies, which change rapidly, and are often hidden in complex and huge background traffic, which brings great difficulties to the detection and location of network anomalies. [0003] There are also many studies on network anomaly detection. Some use host system logs...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Patents(China)
IPC IPC(8): H04L12/24H04L12/26H04L29/06
CPCH04L41/142H04L41/145H04L43/0823H04L63/1425
Inventor 钱叶魁叶立新朱少卫李宇翀杜江黄浩杨瑞朋雒朝峰
Owner 中国人民解放军防空兵学院
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com