首页>
外国专利>
METHOD OF DETECTING ANOMALIES IN TRAFFIC OF MAIN INTERNET NETWORKS BASED ON MULTIFRACTAL HEURISTIC ANALYSIS
METHOD OF DETECTING ANOMALIES IN TRAFFIC OF MAIN INTERNET NETWORKS BASED ON MULTIFRACTAL HEURISTIC ANALYSIS
展开▼
机译:基于多分形启发式分析的主要互联网业务流量异常检测方法
展开▼
页面导航
摘要
著录项
相似文献
摘要
FIELD: information technology.;SUBSTANCE: invention relates to a method of detecting anomalies in main Internet traffic based on multifractal heuristic analysis. Method includes multifractal heuristic analysis of time series generated from parameters of network traffic collected from backbone routers and having undergone preliminary processing. At that, time series are formed from such parameters of network traffic as network packet size, number of network packets in stream, type of network protocol of transport level, number of network protocol packets of each type, number of outgoing and incoming connections for a host. Table with normal multifractal characteristics for each time series is generated in a database located on a database server. For each multifractal characteristic of each time series, the value of the maximum permissible deviation from the normal value is recorded in the database, after which the time series are distributed between the simultaneously operating computational nodes of the high-performance server. At each server computer unit, over each time series, multifractal characteristics are calculated, such as the width of the multifractal spectrum, the width of the left spectrum "branch", the width of right spectrum "branch", height of left spectrum "branch", height of right spectrum "branch". At that, for each time series there performed is checking for deviation of multifractal characteristics values from normal values. If the values of three or more multifractal characteristics deviate from the normal values by more than the value of the maximum allowable deviation, an anomaly warning is generated.;EFFECT: high accuracy of detecting network attacks owing to parallel calculation of multifractal characteristics of network traffic, which enable to estimate changes in main traffic, typical for different types of network attacks.;1 cl, 2 dwg, 1 tbl
展开▼