A METHOD FOR DETECTING ABNORMAL PATTERNS OF NETWORK TRAFFIC BY ANALYZING LINEAR PATTERNS AND INTENSITY FEATURES

摘要

The present invention relates to a method for detecting an abnormal phenomenon on a network traffic based a linear pattern and intensity features, which detects the abnormal phenomenon of a network with a linear pattern formed by dots in a two dimensional image, by extracting an IP address and a port from traffic data transmitted on the network and mapping the extracted IP address and port as dots of the two dimensional image. The method of the present invention includes the steps of: (a) extracting an IP address and a port of a transmitter and an IP address and a port of a receiver from each header file of numerous traffic data; (b) mapping the IP address and the port to one dot of a two dimensional image, where the two dimensional image comprises an IP address image of the transmitter, an IP address image of the receiver and a port image, and both coordinate axes of the IP address image correspond to a class of each IP address, and both coordinate axes of the port image correspond to a class of each IP address; (c) extracting a straight line pattern formed by dots mapped in the two dimensional image; and (d) obtaining a feature value of detecting the abnormal phenomenon of the network, using the length or number of linear patterns. By the method for detecting the abnormal phenomenon of the network traffic like the above, it is possible to detect normal traffic and an abnormal phenomenon such as DDoS and Dos etc rapidly with a very high accurate detection rate automatically through simple comparison of patterns, by extracting and analyzing the patterns in the two dimensional image by mapping the IP address/port of the network traffic to the image.