首页>
外国专利>
A METHOD FOR THE DETECTION OF NETWORK TRAFFIC ANOMALIES USING NETFLOW DATA
A METHOD FOR THE DETECTION OF NETWORK TRAFFIC ANOMALIES USING NETFLOW DATA
展开▼
机译:基于NETFLOW数据的网络流量异常检测方法
展开▼
页面导航
摘要
著录项
相似文献
摘要
A method for detecting a network traffic anomaly by using netflow information is provided to use a correlation between the number of flows and the number of bytes obtainable from netflow information through regression analysis when detecting an anomaly, thereby expanding utility of the netflow information. A system receives flows per second and bytes per second from a flow collector daemon(S401). The system obtains regression coefficients based on a current time from a regression coefficient generator(S402). The system calculates an upper limit and a lower limit of a reliable section from a regression model based on the flows per second(S403). The system decides whether the number of the bytes is between the upper limit and the lower limit(S404). If not, the system outputs a network traffic anomaly(S405).
展开▼