首页>
外国专利>
METHOD FOR DETECTING ABNORMAL PATTERNS OF NETWORK TRAFFIC BY ANALYZING LINEAR PATTERNS AND INTENSITY FEATURES
METHOD FOR DETECTING ABNORMAL PATTERNS OF NETWORK TRAFFIC BY ANALYZING LINEAR PATTERNS AND INTENSITY FEATURES
展开▼
机译:线性模式和强度特征分析的网络流量异常模式检测方法
展开▼
页面导航
摘要
著录项
相似文献
摘要
The present invention relates to a method for detecting abnormal patterns of network traffic by analyzing linear patterns and intensity features and more particularly, to a method for detecting an IP address and a port from traffic data transmitted on the network, mapping the extracted IP address and port into points of a 2D image and calculating a feature value which detects abnormal patterns of the network using linear patterns formed by points in the 2D image by including: a step of extracting the IP address and port of an originator and the IP address and port of a recipient from each header file of a plurality of traffic data; a step of mapping the IP address and the port into one point in the coordinate of a 2D image wherein the 2D image comprises: an IP address image of the originator; an IP address image of the recipient; and a port image, and both axes of the IP address image correspond to a class of each IP address and both axes of the port image correspond to each port of the originator and the recipient; a step of extracting linear patterns formed by the points mapped on the 2D image; and a step of calculating the feature value which detects abnormal patterns of the network using the length or the number of linear patterns. According to the method for detecting abnormal patterns of network traffic as mentioned above, abnormal patterns such as DDoS, Dos, et cetera or normal traffic can be quickly and automatically detected by a simple comparison and a high accuracy of detection rate can be achieved by mapping the IP address/port of the network traffic into a 2D image, and extracting and analyzing the patterns in the image.;COPYRIGHT KIPO 2014; [Reference numerals] (AA) Start; (BB) End; (S10) Extract IP address/port of originator/recipient from a header file of traffic data; (S20) Visualize the IP address/port into a 2D image; (S30) Extract linear patterns from the 2D image; (S40) Calculate pattern feature value using the length or number of the linear patterns; (S50) Detect abnormality of network using the pattern feature values
展开▼