CN102655465B - Method for quickly detecting time-frequency domains of abnormal network traffic - Google Patents
Method for quickly detecting time-frequency domains of abnormal network traffic Download PDFInfo
- Publication number
- CN102655465B CN102655465B CN201210142390.7A CN201210142390A CN102655465B CN 102655465 B CN102655465 B CN 102655465B CN 201210142390 A CN201210142390 A CN 201210142390A CN 102655465 B CN102655465 B CN 102655465B
- Authority
- CN
- China
- Prior art keywords
- time
- abnormal
- stream
- coefficient
- frequency
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Expired - Fee Related
Links
Abstract
The invention discloses a method for quickly detecting time-frequency domains of abnormal network traffic, which belongs to the field of network abnormality detection in a large-scale network environment. The method can be used for extracting abnormal characteristics by virtue of a processing way of related coefficients, thereby improving the detection accuracy; and simultaneously, the time-frequency domain analysis is performed on the abnormal characteristics by virtue of short-time Fourier transform, thereby detecting the abnormality relatively accurately and judging the occurrence time of the abnormality. The method can be used for analyzing data on the time-frequency domains, and in theory, the more layers are analyzed, the more accurate frequency division is, and finally, the obtained effect is relatively good.
Description
Technical field
The present invention belongs to large-scale network environment lower network abnormity detecting field, particularly a kind of time-frequency domain rapid detection method of exception flow of network.
Background technology
Along with the development of network, Network anomalous behaviors comprises network failure, user misoperation, network attack and Network Virus Propagation etc., and these abnormal behaviours usually cause in network that on wall scroll or multilink, network traffics depart from normal phenomenon.Although abnormal flow does not show obvious off-note on wall scroll or multilink, in network, the abnormal flow summation of multilink is larger.Thereby Traffic Anomaly has great harmfulness and destructiveness to network and the various device that runs on network thereof.Because Traffic Anomaly disguise is extremely strong, outbreak suddenly, unknown characteristic, can bring great harm (for example by specific network attack program or network worm virus, to break out caused burst flow and cause network paralysis in the short time at the utmost point operational outfit on network or network, communication disruption), therefore accurately and rapidly detect exception of network traffic behavior, judgement causes the reason of Traffic Anomaly and takes rapidly correct responsive measures is the important prerequisite that guarantees the efficient operation of network security, and become the Front Scientific Problems of the common concern of academia and industrial quarters both at home and abroad at present.
Along with the development of information technology, exception of network traffic disguise is more and more stronger.From the relative normal discharge very greatly and in continuous variation, very little abnormal flow relatively detected, as " looking for a needle in a haystack ", must adopt new detection techniques, method and mechanism.
The difficulty of Traffic anomaly detection is mainly reflected on the Time precision of abnormity detecting.Only have and adopt Time-frequency method to analyze to abnormal signal, give prominence to the feature of abnormity point, could detect exactly the moment of abnormal appearance.
Chen-Mou Cheng etc. has proposed a kind of frequency spectrum analysis method and has identified normal TCP flow, they found to RTT(round-trip time) normal TCP stream is bound to demonstrate periodically in relevant bag transmission, and attack stream does not have this characteristic conventionally; Calendar year 2001 V.Alarcon-Aquino etc. has proposed a kind of based on detecting and locating the faint change in variance and frequency of given time series, but the yardstick of this algorithm picks is limited and algorithm idea is complicated; P.Barford etc. have proposed a kind ofly network traffics to be carried out to multiple dimensioned dyadic wavelet decomposes and reconstruct is comprehensive becomes high, medium and low three frequency ranges respectively with departing from the method that mark detects, this algorithm can be good at detecting the Flash Crowds that occurs in the past period and Short-time Anomalies etc., but the self adaptation that there is no well to solve a Wavelet Detection yardstick is chosen the problem with Real-Time Monitoring.Therefore present stage, exception of network traffic method for detecting still faces the problems such as adaptive problem, detecting real-time problem and detecting precision of method for detecting.
Summary of the invention
The deficiency existing for existing method, the present invention proposes a kind of time-frequency domain rapid detection method of exception flow of network, to reach detecting real-time, to improve the object of detecting precision.
Technical scheme of the present invention is achieved in that a kind of time-frequency domain rapid detection method of exception flow of network, comprises the following steps:
Step 1: in network topology structure, catch and contain abnormal data on flows, as time-domain signal to be analyzed;
Step 2: extract the data on flows on the OD stream in time-domain signal with identical destination node, carry out correlation analysis, calculate each OD stream and there is the coefficient correlation between the OD stream of identical destination node with him, calculated some coefficient correlations are averaged as the average correlation coefficient of this OD stream; Accumulation using the average correlation coefficient sum of all OD streams as coefficient correlation;
Step 3: the Accumulation of step 2 is carried out to joint time frequency analysis: adopt Short Time Fourier Transform, determine the time-frequency characteristics parameter of time-domain signal under certain time window; Change time window size, calculate the time-frequency characteristics parameter under time windows, by the above-mentioned time-frequency characteristics parameter stack calculating, obtain the accumulation time-frequency characteristics parameter of outstanding abnormal signal feature;
Step 4: set decision threshold, if accumulation time-frequency characteristics parameter surpasses this decision threshold, determine that this place exists abnormal flow.
Wherein, the decision threshold described in step 4, the method for determining is: calculate average and the variance of accumulation time-frequency characteristics parameter, get variance and be multiplied by a coefficient, then be added and obtain threshold value with average.
Described coefficient is a natural number within the scope of 1-10.
Advantage of the present invention: the time-frequency domain rapid detection method of exception flow of network of the present invention, the method that proposes the processing of employing coefficient correlation is extracted off-note, has improved the accuracy of detecting; Utilize Short Time Fourier Transform to carry out Time-Frequency Analysis to off-note simultaneously, detect more accurately abnormal and realize abnormal generation judgement constantly.The inventive method is to data analysis on time-frequency domain, and the number of plies of decomposing is in theory more, and more accurate to the division of frequency, the effect finally obtaining will be better.
Accompanying drawing explanation
Fig. 1 is the execution mode general flow chart that provides the time-frequency domain rapid detection method of exception flow of network of the present invention;
Fig. 2 is that one embodiment of the present invention destination node is 6 OD stream data from the sample survey bag schematic diagram, wherein, (a) represents that source node is 1; (b) represent that source node is 2; (c) represent that source node is 3; (d) represent that source node is 4; (e) represent that source node is 5; (f) represent that source node is 6; (g) represent that source node is 7; (h) represent that source node is 8; (i) represent that source node is 9; (j) represent that source node is 10; (k) represent that source node is 11; (l) represent that source node is 12;
Fig. 3 is that one embodiment of the present invention destination node is that in 6 OD stream, each OD stream, with the average correlation coefficient schematic diagram of other OD streams, wherein, (a) represents that source node is 1; (b) represent that source node is 2; (c) represent that source node is 3; (d) represent that source node is 4; (e) represent that source node is 5; (f) represent that source node is 6; (g) represent that source node is 7; (h) represent that source node is 8; (i) represent that source node is 9; (j) represent that source node is 10; (k) represent that source node is 11; (l) represent that source node is 12;
Fig. 4 is the Accumulation schematic diagram of each OD stream average correlation coefficient of one embodiment of the present invention;
Fig. 5 is the extraction schematic flow sheet of one embodiment of the present invention time-frequency characteristics parameter;
Fig. 6 is the time-frequency characteristics parameter distribution schematic diagram that the window of the different sizes of one embodiment of the present invention obtains;
Fig. 7 is the Accumulation schematic diagram of the time-frequency characteristics parameter of the different big or small windows acquisitions of one embodiment of the present invention;
Fig. 8 is the Energy distribution schematic diagram of one embodiment of the present invention characteristic parameter Accumulation;
Fig. 9 is one embodiment of the present invention Accumulation abnormity detecting result schematic diagram;
Figure 10 is that one embodiment of the present invention adopts and to depart from fraction method and each OD stream is carried out to the result schematic diagram of abnormity detecting, wherein, (a) represents the OD stream that source node is 1, destination node is 6; (b) represent the OD stream that source node is 2, destination node is 6; (c) represent the OD stream that source node is 3, destination node is 6; (d) represent the OD stream that source node is 4, destination node is 6; (e) represent the OD stream that source node is 5, destination node is 6; (f) represent the OD stream that source node is 6, destination node is 6; (g) represent the OD stream that source node is 7, destination node is 6; (h) represent the OD stream that source node is 8, destination node is 6; (i) represent the OD stream that source node is 9, destination node is 6; (j) represent the OD stream that source node is 10, destination node is 6; (k) represent the OD stream that source node is 11, destination node is 6; (l) represent the OD stream that source node is 12, destination node is 6.
Embodiment
Below in conjunction with accompanying drawing, embodiments of the present invention are described in further detail.
Fig. 1 is the general flow chart of execution mode of the time-frequency domain rapid detection method of exception flow of network.This flow process starts from step 101.In step 102, in network topology structure, catch and contain abnormal data on flows, as time-domain signal to be analyzed.In normal situation, the data on flows of network is more stably, and when there is abnormal flow, somewhere, flow value sometime depart from normal value, such as some flow value of constantly locating increases suddenly or reduces suddenly, can tentatively judge that this place may occur extremely.Present embodiment adopts the method for calculating similitude to give prominence to off-note, the party's ratio juris is: proper network data have certain similitude, can estimate data below with one piece of data above, if but in data below, had extremely, utilizing so certain segment data would above be to be unable to estimate out data below.The method of calculating by similitude is given prominence to off-note, is convenient to utilize Short Time Fourier Transform to process the similitude of accumulation.
In step 103, first adopt the method for structure OD stream and source, destination node relational matrix, extract the data on flows on the OD stream in time-domain signal with identical destination node, method is:
If total p node in network topology structure, exists p*p bar OD stream, establishing selected destination node is q, structure source, destination node relational matrix F
(OD), formula is as follows:
In formula,
represent that source node is that j destination node is the OD stream of i, wherein, 1≤i≤p, 1≤j≤p, for example, in the matrix shown in formula (1),
represent that source node is that 1 destination node is 1 OD stream,
represent that source node is that 2 destination nodes are 1 OD stream, the like, until
represent that source node is that p destination node is the OD stream of p.
By formula (1), obtain the OD stream that all destination nodes are q.Extract all p bar OD stream, if the length of every OD stream is K, obtain traffic matrix F
q, formula is:
In formula, F
qbe the traffic matrix of a p*K, wherein,
be illustrated in the t OD stream that constantly source node is 1, destination node is q, the like,
being illustrated in t moment source node is the OD stream that p, destination node are q.
Secondly, carry out correlation analysis, calculate each OD stream and have the coefficient correlation between the OD stream of identical destination node with him, calculated some coefficient correlations are averaged as the average correlation coefficient of this OD stream, method is:
Ask traffic matrix F
qin any two OD stream
coefficient correlation.First the covariance matrix of calculated flow rate matrix
formula is as follows:
In formula,
e represents to ask mathematic expectaion, and has j ≠ i.According to formula (3), determine OD stream
between coefficient correlation
formula is:
In conjunction with formula (4) calculated flow rate matrix F
qin the average correlation coefficient of each OD stream between flowing with other OD, formula is as follows:
In formula,
represent that k bar OD stream is with the average correlation coefficient of other p-1 bar OD stream.
Finally, the coefficient correlation sum between all OD stream is as the Accumulation of coefficient correlation: the Accumulation C that calculates the coefficient correlation between all OD stream
∑, formula is as follows:
Accumulation C
∑in fact can portray well the minutia of original anomaly flow signal, increase below and utilized Short Time Fourier Transform to carry out the accuracy of abnormity detecting.
In present embodiment, in network topology structure, there are 12 nodes, totally 144 OD stream, selected destination node is 6, according to can obtain destination node according to the relational matrix of formula (1) structure, is that 6 OD stream is respectively
totally 12, the figure of corresponding every OD stream, as shown in Figure 2.By formula (2), (3), solving every OD stream is averaged with coefficient correlation summation between other 11 OD streams, obtain result as described in Figure 3, the stack of 12 OD stream is obtained to the Accumulation of coefficient correlation, as shown in Figure 4, this Accumulation can reflect the minutia of abnormal data well, therefore can use Short Time Fourier Transform to analyze judgement to this minutia.
In step 104, the Accumulation of step 103 is carried out to joint time frequency analysis: adopt Short Time Fourier Transform, determine the time-frequency characteristics parameter of time-domain signal under certain time window; Change time window size, calculate the time-frequency characteristics parameter under time windows, by the above-mentioned time-frequency characteristics parameter stack calculating, obtain the accumulative total time-frequency characteristics parameter of outstanding abnormal signal feature;
Short Time Fourier Transform is defined as:
In formula, STFT
z(t, f) represents time-frequency characteristics parameter, and z (t') represents pending signal, refers in the present embodiment Accumulation C
∑; η (t) is a window function that time width is very short, η (t '-t) represents a window function centered by t, η * (t '-t) represents the conjugation of η (t '-t), wherein, * represent conjugate operation symbol, (t '-t) represents the time delay of window function, and, centered by t, length is the time period of (t '-t); F represents the frequency values for the signal at a t preset time place, and z (t') η * (t '-t) represents near the section of signal putting t analysis time.Sliced section is being carried out after Fourier transform, and all signal properties in corresponding its width of window centered by time t all can be by time-frequency characteristics parameter S TFT
z(t, f) shows.In sum, the selection that can find out window function has a significant impact the performance of Short Time Fourier Transform.In the present embodiment, choice for use Hanning window η (t), formula is as follows:
In formula, N represents window size.
According to Heisenberg uncertainty principle, temporal resolution Δ t and frequency resolution Δ f can not be simultaneously arbitrarily small, and their product meets
therefore will improve temporal resolution will reduce frequency resolution, and vice versa.In the present embodiment, we select different window sizes to carry out Short Time Fourier Transform, and finally in order to obtain result more accurately, the transformation results summation that can obtain different windows size is processed.Calculate time-frequency characteristics parameter S TFT
z(t, f), Hanning window is
time, obtain following formula:
Can obtain as calculated the time-frequency characteristics parameter S TFT of signal z (t')
z(t, f).
One group of time-frequency characteristics parameter S TFT of the z (t') that each window correspondence obtains
z,i(t, f), executes all windows and can obtain many stack features parameter, will after parameter delivery, superpose, and extracts the accumulation time-frequency characteristics parameter s um_STFT of outstanding abnormal signal feature for abnormal detecting, has improved the accuracy of result.
In present embodiment, as shown in Figure 5, wherein signal is input as coefficient correlation in the extraction of time-frequency characteristics parameter, and signal is output as the characteristic ginseng value sum that different size windows are carried out the different frequency that Short Time Fourier Transform correspondence obtains, as shown in Figure 6.In figure, different shades represents different frequency value, to after the parameter delivery of synchronization different frequency, superpose, extract the parameter s um_STFT of outstanding abnormal signal feature for abnormal detecting, improved the accuracy of detecting result, the figure of sum_STFT as shown in Figure 7.
Coefficient correlation, after having passed through Short Time Fourier Transform, obtains a series of time-frequency characteristics parameter vector.Abnormal detection method is actually and operates in time-frequency characteristics parameter, in step 104, extract the parameter s um_STFT of outstanding abnormal signal feature, due to the energy at abnormal signal place large (Energy distribution of coefficient correlation as seen from Figure 8), in figure, more to deeply feel the energy at bright this place larger for color.
In step 105, in present embodiment, adopt traditional self-adaptive decision threshold method to obtain threshold value threshold: to calculate average and the variance of Accumulation parameter, get variance and be multiplied by a coefficient, then be added and obtain threshold value threshold with average.Described coefficient is a natural number within the scope of 1-10.With characteristic parameter sum_STFT comparison, if surpassing the moment of decision threshold, sum_STFT intermediate value judges that this exists abnormal flow signal constantly again.As shown in Figure 9.
In actual emulation process, for the advantage of this algorithm is described better, in present embodiment, use simultaneously and depart from fraction method and carry out abnormity detecting and compare.In present embodiment, selecting detection window size is 20, sizes of history window is 30, the coefficient correlation obtaining in calculation procedure 103 depart from mark, it is 0.5 that alarm threshold is set adaptively, coefficient of deviation by more all 12 OD streams all has many places higher than alarm threshold, therefore judges that each OD stream all has abnormal.In order to detect abnormal generation constantly, it is 0.9 that abnormal threshold value is set in embodiment of the present invention adaptively, if phase relation numerical value is higher than abnormal threshold value, this phase relation numerical value is made as to 1.4, find in coefficient correlation and be 1.4 initial time continuously and stop constantly, be abnormal starting point and terminal, and by all be that 1.4 value resets 1 continuously, other zero setting, as Figure 10, wherein white dashed line represents abnormal thresholding, black dotted lines shows abnormity detecting result, from Figure 10, can find significantly, depart from fraction method can only detect whether have abnormal, cannot detect abnormal generation constantly.
Although more than described the specific embodiment of the present invention, one skilled in the art should be appreciated that these only illustrate, and can make various changes or modifications to these execution modes, and not deviate from principle of the present invention and essence.Scope of the present invention is only limited by appended claims.
Claims (3)
1. a time-frequency domain rapid detection method for exception flow of network, is characterized in that: comprise the following steps:
Step 1: in network topology structure, catch and contain abnormal data on flows, as time-domain signal to be analyzed;
Step 2: extract the data on flows on the OD stream in time-domain signal with identical destination node, carry out correlation analysis, calculate each OD stream and there is the coefficient correlation between the OD stream of identical destination node with him, calculated some coefficient correlations are averaged as the average correlation coefficient of this OD stream; Accumulation using the average correlation coefficient sum of all OD streams as coefficient correlation;
Step 3: the Accumulation of step 2 is carried out to joint time frequency analysis: adopt Short Time Fourier Transform, determine the time-frequency characteristics parameter of time-domain signal under certain time window; Change time window size, calculate the time-frequency characteristics parameter under time windows, by the above-mentioned time-frequency characteristics parameter stack calculating, obtain the accumulation time-frequency characteristics parameter of outstanding abnormal signal feature, extract the parameter s um_STFT of outstanding abnormal signal feature for abnormal detecting;
Step 4: set decision threshold, if accumulation time-frequency characteristics parameter surpasses this decision threshold, determine that this place exists abnormal flow, then with characteristic parameter sum_STFT comparison, if sum_STFT intermediate value surpasses the moment of decision threshold, judge that this exists abnormal flow signal constantly;
Step 5: it is 0.9 that abnormal threshold value is set adaptively, if phase relation numerical value, higher than abnormal threshold value, is made as 1.4 by this phase relation numerical value, finds in coefficient correlation to be 1.4 initial time continuously and to stop constantly, i.e. abnormal starting point and terminal.
2. the time-frequency domain rapid detection method of exception flow of network according to claim 1, it is characterized in that: the decision threshold described in step 4, the method of determining is: calculate average and the variance of accumulation time-frequency characteristics parameter, get variance and be multiplied by a coefficient, then be added and obtain threshold value with average.
3. the time-frequency domain rapid detection method of exception flow of network according to claim 2, is characterized in that: described coefficient, span is a natural number in 1-10.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201210142390.7A CN102655465B (en) | 2012-05-09 | 2012-05-09 | Method for quickly detecting time-frequency domains of abnormal network traffic |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201210142390.7A CN102655465B (en) | 2012-05-09 | 2012-05-09 | Method for quickly detecting time-frequency domains of abnormal network traffic |
Publications (2)
Publication Number | Publication Date |
---|---|
CN102655465A CN102655465A (en) | 2012-09-05 |
CN102655465B true CN102655465B (en) | 2014-12-10 |
Family
ID=46730992
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201210142390.7A Expired - Fee Related CN102655465B (en) | 2012-05-09 | 2012-05-09 | Method for quickly detecting time-frequency domains of abnormal network traffic |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN102655465B (en) |
Families Citing this family (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN103078668B (en) * | 2013-02-01 | 2016-03-16 | 北京曼若科技有限公司 | Power line communication method and device |
CN103138805B (en) * | 2013-02-01 | 2015-02-18 | 北京曼若科技有限公司 | Transmission method and device and system of power line carrier waves |
CN103200043B (en) * | 2013-03-14 | 2015-07-29 | 东北大学 | Non-stationary network flow programming method method is become time a kind of |
CN106161241B (en) * | 2016-08-25 | 2019-02-15 | 北京科技大学 | A kind of detection method of wireless sensor network routing layer low speed flood attack |
CN107294794A (en) * | 2017-07-31 | 2017-10-24 | 国网辽宁省电力有限公司 | A kind of large-scale ip communication service matrix estimation method and system |
Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101106487A (en) * | 2007-08-31 | 2008-01-16 | 华为技术有限公司 | A method and device for detecting exception of network traffic |
CN101252482A (en) * | 2008-04-07 | 2008-08-27 | 华为技术有限公司 | Network flow abnormity detecting method and device |
CN101388885A (en) * | 2008-07-23 | 2009-03-18 | 成都市华为赛门铁克科技有限公司 | Detection method and system for distributed denial of service |
CN102130798A (en) * | 2011-03-25 | 2011-07-20 | 中国电子科技集团公司第三十研究所 | Method and device for detecting multidimensional flow anomalies of distributed network |
-
2012
- 2012-05-09 CN CN201210142390.7A patent/CN102655465B/en not_active Expired - Fee Related
Patent Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101106487A (en) * | 2007-08-31 | 2008-01-16 | 华为技术有限公司 | A method and device for detecting exception of network traffic |
CN101252482A (en) * | 2008-04-07 | 2008-08-27 | 华为技术有限公司 | Network flow abnormity detecting method and device |
CN101388885A (en) * | 2008-07-23 | 2009-03-18 | 成都市华为赛门铁克科技有限公司 | Detection method and system for distributed denial of service |
CN102130798A (en) * | 2011-03-25 | 2011-07-20 | 中国电子科技集团公司第三十研究所 | Method and device for detecting multidimensional flow anomalies of distributed network |
Non-Patent Citations (6)
Title |
---|
A Network-wide Traffic Anomaly Detection Method Based on HSMM;Li Min等;《Communications,Circuits and Systems Proceedings》;20060628;第3卷;全文 * |
Communication-Efficient Online Detection of Network-Wide Anomalies;Ling Huang等;《26th IEEE International Conference on Computer Communication》;20070512;全文 * |
Li Min等.A Network-wide Traffic Anomaly Detection Method Based on HSMM.《Communications,Circuits and Systems Proceedings》.2006,第3卷全文. * |
Ling Huang等.Communication-Efficient Online Detection of Network-Wide Anomalies.《26th IEEE International Conference on Computer Communication》.2007,全文. * |
周汝强.基于网络业务量建模的流量异常检测.《万方学位论文数据库》.2007,全文. * |
基于网络业务量建模的流量异常检测;周汝强;《万方学位论文数据库》;20070816;全文 * |
Also Published As
Publication number | Publication date |
---|---|
CN102655465A (en) | 2012-09-05 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN102655465B (en) | Method for quickly detecting time-frequency domains of abnormal network traffic | |
CN101286897B (en) | Network flow rate abnormality detecting method based on super stochastic theory | |
CN103454528B (en) | Based on power system component fault detect and the recognition methods of form singular entropy | |
Kallache et al. | Trend assessment: applications for hydrology and climate research | |
CN101388885B (en) | Detection method and system for distributed denial of service | |
CN100486179C (en) | A detection method and detection device for exceptional network flow | |
CN102014031A (en) | Method and system for network flow anomaly detection | |
CN101252482A (en) | Network flow abnormity detecting method and device | |
CN105245503A (en) | Method of using hidden Markov model to detect LDoS (Low-Rate Denial of Service) attack | |
CN104717106A (en) | Distributed network traffic abnormity detection method based on multi-variable sequential analysis | |
CN102664772B (en) | Multi-scale detecting method of network flow anomaly in dynamic environment | |
CN103607370B (en) | A kind of credibility assessment method of the multiple blind result of bpsk signal | |
CN106357574A (en) | BPSK (Binary Phase Shift Keying)/QPSK (Quadrature Phase Shift Keying) signal modulation blind identification method based on order statistic | |
CN104270167A (en) | Signal detection and estimation method based on multi-dimensional characteristic neural network | |
CN102130798A (en) | Method and device for detecting multidimensional flow anomalies of distributed network | |
CN105093196A (en) | Coherent detection method under complex Gaussian model based on inverse gamma texture | |
CN105100017A (en) | LDoS attack detection method based on signal cross correlation | |
CN109951420A (en) | A kind of multistage flow method for detecting abnormality based on entropy and dynamic linear relationship | |
CN103530660B (en) | A kind of strip tension sensor fault method of early diagnosis | |
CN106209868A (en) | A kind of large-scale network traffic exception detecting method and system | |
CN105049105B (en) | A kind of frequency extraction method of frequency diverse signals | |
Jin et al. | Abnormal detection and correlation analysis of communication network traffic based on behavior | |
CN113256977B (en) | Traffic data processing method based on image tensor decomposition | |
CN109840386A (en) | Damnification recognition method based on factorial analysis | |
CN101572564B (en) | Locally optimal detector based method for capturing pseudocode under weakly dependent non-Gaussian environment |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
C14 | Grant of patent or utility model | ||
GR01 | Patent grant | ||
CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20141210 Termination date: 20150509 |
|
EXPY | Termination of patent right or utility model |