首页> 外国专利> METHOD FOR DETECTING ABNORMAL PATTERNS OF NETWORK TRAFFIC BY ANALYZING LINEAR PATTERNS AND INTENSITY FEATURES

METHOD FOR DETECTING ABNORMAL PATTERNS OF NETWORK TRAFFIC BY ANALYZING LINEAR PATTERNS AND INTENSITY FEATURES

机译：线性模式和强度特征分析的网络流量异常模式检测方法

页面导航

摘要
著录项
相似文献

摘要

The present invention relates to a method for detecting abnormal patterns of network traffic by analyzing linear patterns and intensity features and more particularly, to a method for detecting an IP address and a port from traffic data transmitted on the network, mapping the extracted IP address and port into points of a 2D image and calculating a feature value which detects abnormal patterns of the network using linear patterns formed by points in the 2D image by including: a step of extracting the IP address and port of an originator and the IP address and port of a recipient from each header file of a plurality of traffic data; a step of mapping the IP address and the port into one point in the coordinate of a 2D image wherein the 2D image comprises: an IP address image of the originator; an IP address image of the recipient; and a port image, and both axes of the IP address image correspond to a class of each IP address and both axes of the port image correspond to each port of the originator and the recipient; a step of extracting linear patterns formed by the points mapped on the 2D image; and a step of calculating the feature value which detects abnormal patterns of the network using the length or the number of linear patterns. According to the method for detecting abnormal patterns of network traffic as mentioned above, abnormal patterns such as DDoS, Dos, et cetera or normal traffic can be quickly and automatically detected by a simple comparison and a high accuracy of detection rate can be achieved by mapping the IP address/port of the network traffic into a 2D image, and extracting and analyzing the patterns in the image.;COPYRIGHT KIPO 2014; [Reference numerals] (AA) Start; (BB) End; (S10) Extract IP address/port of originator/recipient from a header file of traffic data; (S20) Visualize the IP address/port into a 2D image; (S30) Extract linear patterns from the 2D image; (S40) Calculate pattern feature value using the length or number of the linear patterns; (S50) Detect abnormality of network using the pattern feature values

机译：通过分析线性模式和强度特征来检测网络流量异常模式的方法技术领域本发明涉及一种通过分析线性模式和强度特征来检测网络流量异常模式的方法，更具体地，涉及一种从网络上传输的流量数据中检测IP地址和端口，映射提取的IP地址和方法的方法。包括以下步骤：提取2D图像中的点并使用由2D图像中的点形成的线性模式计算检测网络异常模式的特征值，该步骤包括：提取发起方的IP地址和端口以及IP地址和端口的步骤来自多个流量数据的每个头文件的接收者;在2D图像的坐标中将IP地址和端口映射到一个点的步骤，其中，2D图像包括：发起者的IP地址图像;收件人的IP地址图像; IP地址图像的两个轴对应于每个IP地址的类别，端口图像的两个轴对应于发起方和接收方的每个端口。提取由映射到2D图像上的点形成的线性图案的步骤;计算特征值的步骤，该特征值使用线性图案的长度或数量检测网络的异常图案。根据如上所述的用于检测网络流量的异常模式的方法，可以通过简单的比较快速而自动地检测诸如DDoS，Dos等的异常模式或正常流量，并且通过映射可以实现高精度的检测率。 COPYRIGHT KIPO 2014;将网络流量的IP地址/端口转换为2D图像，并提取和分析图像中的模式。 [参考数字]（AA）开始; （BB）结束; （S10）从话务数据的头文件中提取发起者/接收者的IP地址/端口; （S20）将IP地址/端口可视化为2D图像; （S30）从2D图像中提取线性图案; （S40）使用线性图案的长度或数量计算图案特征值; （S50）使用模式特征值检测网络异常

著录项

公开/公告号KR20140014784A

专利类型
公开/公告日2014-02-06

原文格式PDF
申请/专利权人 SOONGSIL UNIVERSITY RESEARCH CONSORTIUM TECHNO-PARK;
展开▼

申请/专利号KR20120081757
发明设计人 KIM GYE YOUNG;JANG SEOK WOO;
展开▼

申请日2012-07-26
分类号H04L12/26;H04L29/06;
国家 KR
入库时间 2022-08-21 15:43:42

相似文献

专利
外文文献
中文文献