Eureka AIR delivers breakthrough ideas for toughest innovation challenges, trusted by R&D personnel around the world.

Access traffic anomaly detection method and device based on LOF and isolated forest

An access traffic and anomaly detection technology, which is applied in the field of access traffic anomaly detection based on LOF and isolated forest, can solve the problems of random data distribution, prone to misjudgment, low computational complexity, etc., and achieves less model training time and meets real-time Requirements, low time complexity effect

Pending Publication Date: 2022-03-01
NO 30 INST OF CHINA ELECTRONIC TECH GRP CORP
View PDF9 Cites 6 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

Clustering-based anomaly detection technology is mainly used for clustering, not for anomaly detection. It needs to label abnormal data on the basis of clustering, and it is computationally intensive and computationally complex. In normal samples Not applicable when categorical data is sparse
[0007] For access traffic anomaly detection, access traffic is often unlabeled data, and manual labeling is time-consuming and labor-intensive, so it is not suitable for supervised classification detection methods, and access traffic data is usually seriously unbalanced, and the data distribution is relatively random. It is difficult to form regular traffic analysis rules and statistical distributions, so anomaly detection methods based on information theory and statistical distributions are also difficult to apply
In access traffic anomaly detection, the abnormal data is usually a small sample data, and the normal sample data accounts for the majority, which is more suitable for the scenario of anomaly detection technology based on clustering algorithm, but it is necessary to consider the detection algorithm with low computational complexity
In addition, due to unsupervised detection, it is easy to misjudgment based on only one anomaly detection method, and multiple detection algorithms are required for joint analysis

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Access traffic anomaly detection method and device based on LOF and isolated forest
  • Access traffic anomaly detection method and device based on LOF and isolated forest

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0037]Nowadays, anomaly detection technology is widely used in network intrusion detection, fraud detection, crowd identification, etc., but it is rarely used in anomaly detection of unlabeled access traffic. This embodiment provides an access traffic anomaly detection method based on LOF and isolated forest, which uses the local outlier factor detection algorithm combined with the isolated forest to perform joint analysis, and performs anomaly detection on the collected access traffic categories to determine whether the traffic is abnormal and ensure System security. The access traffic anomaly detection method first preprocesses the access traffic data to obtain the traffic data set, uses LOF and isolation forest algorithms for model training, and finally tests according to the two trained models, and uses weighting factors for joint analysis .

[0038] Such as figure 1 As shown, the access traffic anomaly detection method includes:

[0039] Step 1. Traffic preprocessing: ...

Embodiment 2

[0059] This embodiment is on the basis of embodiment 1:

[0060] This embodiment provides a computer device, including a memory and a processor. The memory stores a computer program. When the processor executes the computer program, the steps of the method for detecting abnormal access traffic based on LOF and isolated forests in Embodiment 1 are implemented. Among them, the computer program may be in the form of source code, object code, executable file or some intermediate form.

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention discloses an access traffic anomaly detection method and device based on LOF and isolated forest, and the method comprises the steps: traffic preprocessing: preprocessing access traffic data to obtain a traffic data set, the preprocessing comprising traffic extraction, traffic cleaning and traffic normalization; machine learning model training: taking the traffic data set as model input to carry out machine learning training, respectively using a local outlier factor (LOF) detection algorithm and an isolated forest algorithm to carry out multiple iteration training, and obtaining two groups of trained anomaly detection models, namely N anomaly detection models, and storing the anomaly detection models; and performing combined intelligent analysis: performing target flow detection by using the two groups of anomaly detection models trained in the step 2, and performing result screening by using a bagging Bagging algorithm. According to the method, a local outlier factor LOF detection algorithm is combined with an isolated forest to perform conjoint analysis, anomaly detection is performed on the collected access traffic category, whether the traffic is abnormal or not is judged, and the security of the system is ensured.

Description

technical field [0001] The invention relates to the technical field of traffic anomaly detection, in particular to a method and equipment for detecting traffic anomalies based on LOF and isolated forest. Background technique [0002] The Internet plays an important role in various fields of social life, but it also faces security risks brought about by its own openness and complexity. Hackers can use Trojan horses, botnets and other technologies to manipulate tens of thousands or even millions of compromised computers, release malicious codes, send spam, and implement distributed denial of service attacks to carry out attacks and intrusions. Anomaly detection of access traffic is of great significance to timely discovering network anomalies and ensuring normal network operation. At present, the main traffic anomaly detection technologies include anomaly detection technology based on information theory, anomaly detection technology based on statistics, anomaly detection tech...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
IPC IPC(8): H04L9/40G06N3/00G06K9/62
CPCH04L63/1408H04L63/1425G06N3/006H04L63/1416G06F18/23
Inventor 唐晋廖游黎臻成霞
Owner NO 30 INST OF CHINA ELECTRONIC TECH GRP CORP
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com