首页> 外国专利> METHOD OF DETECTING ANOMALIES IN TRAFFIC OF MAIN INTERNET NETWORKS BASED ON MULTIFRACTAL HEURISTIC ANALYSIS

METHOD OF DETECTING ANOMALIES IN TRAFFIC OF MAIN INTERNET NETWORKS BASED ON MULTIFRACTAL HEURISTIC ANALYSIS

机译：基于多分形启发式分析的主要互联网业务流量异常检测方法

页面导航

摘要
著录项
相似文献

摘要

FIELD: information technology.;SUBSTANCE: invention relates to a method of detecting anomalies in main Internet traffic based on multifractal heuristic analysis. Method includes multifractal heuristic analysis of time series generated from parameters of network traffic collected from backbone routers and having undergone preliminary processing. At that, time series are formed from such parameters of network traffic as network packet size, number of network packets in stream, type of network protocol of transport level, number of network protocol packets of each type, number of outgoing and incoming connections for a host. Table with normal multifractal characteristics for each time series is generated in a database located on a database server. For each multifractal characteristic of each time series, the value of the maximum permissible deviation from the normal value is recorded in the database, after which the time series are distributed between the simultaneously operating computational nodes of the high-performance server. At each server computer unit, over each time series, multifractal characteristics are calculated, such as the width of the multifractal spectrum, the width of the left spectrum "branch", the width of right spectrum "branch", height of left spectrum "branch", height of right spectrum "branch". At that, for each time series there performed is checking for deviation of multifractal characteristics values from normal values. If the values of three or more multifractal characteristics deviate from the normal values by more than the value of the maximum allowable deviation, an anomaly warning is generated.;EFFECT: high accuracy of detecting network attacks owing to parallel calculation of multifractal characteristics of network traffic, which enable to estimate changes in main traffic, typical for different types of network attacks.;1 cl, 2 dwg, 1 tbl

机译：基于分形启发式分析的主要互联网流量异常检测方法技术领域本发明涉及一种基于分形启发式分析的主要互联网流量异常检测方法。该方法包括对时间序列的多重分形启发式分析，该时间序列是根据从骨干路由器收集并经过初步处理的网络流量参数生成的。那时，时间序列是由网络流量的参数形成的，例如网络数据包大小，流中网络数据包的数量，传输级别的网络协议的类型，每种类型的网络协议包的数量，网络的传出和传入连接的数量。主办。在位于数据库服务器上的数据库中，生成具有每个时间序列的正常多分形特征的表。对于每个时间序列的每个多重分形特征，将最大允许偏离正常值的值记录在数据库中，然后在高性能服务器的同时运行的计算节点之间分配时间序列。在每个服务器计算机单元上，在每个时间序列上都会计算多重分形特征，例如多重分形谱的宽度，左谱“分支”的宽度，右谱“分支”的宽度，左谱“分支”的高度”，右谱“分支”的高度。那时，对于每个时间序列，执行检查多重分形特征值与正常值的偏差。如果三个或多个多重分形特征的值与正常值的偏差大于最大允许偏差的值，则会生成异常警告。效果：由于并行计算网络流量的多重分形特征，因此可以高度准确地检测网络攻击，它可以估算主要流量的变化，这通常适用于不同类型的网络攻击。; 1 cl，2 dwg，1 tbl

著录项

公开/公告号RU2696296C1

专利类型
公开/公告日2019-08-01

原文格式PDF
申请/专利权人 FEDERALNOE GOSUDARSTVENNOE AVTONOMNOE OBRAZOVATELNOE UCHREZHDENIE VYSSHEGO OBRAZOVANIYA SANKT-PETERBURGSKIJ POLITEKHNICHESKIJ UNIVERSITET PETRA VELIKOGO (FGAOU VO SPBPU);
展开▼

申请/专利号RU20180138651
发明设计人 ZEGZHDA PETR DMITRIEVICH (RU);LAVROVA DARYA SERGEEVNA (RU);
展开▼

申请日2018-11-01
分类号H04L12/26;
国家 RU
入库时间 2022-08-21 11:46:02

相似文献

专利
外文文献
中文文献