CN108200006A - A kind of net flow assorted method and device based on the study of stratification space-time characteristic - Google Patents

A kind of net flow assorted method and device based on the study of stratification space-time characteristic Download PDF

Info

Publication number
CN108200006A
CN108200006A CN201711164948.0A CN201711164948A CN108200006A CN 108200006 A CN108200006 A CN 108200006A CN 201711164948 A CN201711164948 A CN 201711164948A CN 108200006 A CN108200006 A CN 108200006A
Authority
CN
China
Prior art keywords
network
data
network flow
flow
traffic
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201711164948.0A
Other languages
Chinese (zh)
Other versions
CN108200006B (en
Inventor
王劲林
王伟
曾学文
叶晓舟
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Zhengzhou Xinrand Network Technology Co ltd
Institute of Acoustics CAS
Original Assignee
Institute of Acoustics CAS
Beijing Intellix Technologies Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Institute of Acoustics CAS, Beijing Intellix Technologies Co Ltd filed Critical Institute of Acoustics CAS
Priority to CN201711164948.0A priority Critical patent/CN108200006B/en
Publication of CN108200006A publication Critical patent/CN108200006A/en
Application granted granted Critical
Publication of CN108200006B publication Critical patent/CN108200006B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F18/00Pattern recognition
    • G06F18/20Analysing
    • G06F18/24Classification techniques
    • G06F18/241Classification techniques relating to the classification model, e.g. parametric or non-parametric approaches
    • G06F18/2413Classification techniques relating to the classification model, e.g. parametric or non-parametric approaches based on distances to training or reference patterns
    • G06F18/24133Distances to prototypes
    • G06F18/24137Distances to cluster centroïds
    • G06F18/2414Smoothing the distance, e.g. radial basis function networks [RBFN]
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06NCOMPUTING ARRANGEMENTS BASED ON SPECIFIC COMPUTATIONAL MODELS
    • G06N3/00Computing arrangements based on biological models
    • G06N3/02Neural networks
    • G06N3/04Architecture, e.g. interconnection topology
    • G06N3/045Combinations of networks
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06NCOMPUTING ARRANGEMENTS BASED ON SPECIFIC COMPUTATIONAL MODELS
    • G06N3/00Computing arrangements based on biological models
    • G06N3/02Neural networks
    • G06N3/08Learning methods
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • H04L63/1425Traffic logging, e.g. anomaly detection
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/50Network service management, e.g. ensuring proper service fulfilment according to agreements

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • Data Mining & Analysis (AREA)
  • Computing Systems (AREA)
  • General Physics & Mathematics (AREA)
  • Life Sciences & Earth Sciences (AREA)
  • Artificial Intelligence (AREA)
  • Evolutionary Computation (AREA)
  • Molecular Biology (AREA)
  • Software Systems (AREA)
  • Health & Medical Sciences (AREA)
  • Biomedical Technology (AREA)
  • Biophysics (AREA)
  • Computational Linguistics (AREA)
  • General Health & Medical Sciences (AREA)
  • Signal Processing (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Mathematical Physics (AREA)
  • Computer Hardware Design (AREA)
  • Bioinformatics & Cheminformatics (AREA)
  • Evolutionary Biology (AREA)
  • Bioinformatics & Computational Biology (AREA)
  • Computer Vision & Pattern Recognition (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The embodiment of the present invention provides a kind of net flow assorted method and device based on the study of stratification space-time characteristic, the method includes:The space characteristics of network flow data are obtained by first nerves network;The temporal aspect of the network flow data is obtained by nervus opticus network;Classified according to the space characteristics and the temporal aspect to the network flow.More comprehensive and accurate traffic characteristic information can be obtained, net flow assorted ability can be effectively improved;False alarm rate can be effectively reduced using better traffic characteristic collection.

Description

A kind of net flow assorted method and device based on the study of stratification space-time characteristic
Technical field
The present embodiments relate to data processing more particularly to a kind of network flows based on the study of stratification space-time characteristic Sorting technique and device.
Background technology
Net flow assorted refers to sort out network flow to certain target classification according to specific business need, is network management With a basic task of network safety filed.Can be different preferential by traffic classification for example, in field of network management Grade, to realize that better service quality controls;In network safety filed, flow can be divided into normal discharge and malicious traffic stream, To realize Network anomaly detection and take safeguard procedures.
The traffic classification method of mainstream includes at present:Method based on port, based on deep layer packet detection method, based on system The method of meter, the method for Behavior-based control.Due to the extensive application of random port and camouflage port technique, pass through the side of port classifications Method accuracy rate is relatively low.Method based on the detection of deep layer packet can not decrypt flow content, and very big obstacle is encountered in classification task.Mesh It is the method for Statistics-Based Method and Behavior-based control that preceding research is more, they belong to traditional machine learning classification method, Feature is to need hand-designed traffic characteristic.The classifying quality of this method is highly dependent on the design of traffic characteristic collection, using not With the classifying quality of feature set, often difference is very big, therefore, how to design a kind of feature set that can accurately portray traffic behavior Method become urgent need to resolve the problem of.
Invention content
An embodiment of the present invention provides it is a kind of based on stratification space-time characteristic study net flow assorted method and device, To solve the problems, such as accurately to portray the feature set of traffic behavior.
In a first aspect, an embodiment of the present invention provides a kind of net flow assorted sides based on the study of stratification space-time characteristic Method, including:
The space characteristics of network flow data are obtained by first nerves network;
The temporal aspect of the network flow data is obtained by nervus opticus network;
Classified according to the space characteristics and the temporal aspect to the network flow.
In a possible embodiment, network flow data is converted to the data of two dimensional image form.
In a possible embodiment, network flow data progress flow cutting is obtained into multiple data on flows lists Member;The quantity of the traffic data unit in unified each network flow data and unified each traffic data unit Length;By after quantity and length are uniformly processed traffic data unit carry out flow encode to obtain the number of two dimensional image form According to.
In a possible embodiment, using the data of two dimensional image form described in first nerves e-learning, obtain with The corresponding data packet vector of traffic data unit and data packet sequence vector corresponding with the network flow data;Its In, the first nerves network includes:Convolutional neural networks.
In a possible embodiment, the network is learnt on the basis of the space characteristics using nervus opticus network The temporal aspect of data on flows obtains network flow vector corresponding with the network flow data;Wherein, the nervus opticus net Network includes:Recognition with Recurrent Neural Network.
Second aspect, the embodiment of the present invention provide a kind of net flow assorted dress based on the study of stratification space-time characteristic It puts, including:
First acquisition module, for passing through the space characteristics that first nerves network obtains network flow data;
Second acquisition module, for passing through the temporal aspect that nervus opticus network obtains the network flow data;
Sort module, for being classified according to the space characteristics and the temporal aspect to the network flow.
In a possible embodiment, modular converter, for network flow data to be converted to the number of two dimensional image form According to.
In a possible embodiment, the modular converter, for network flow data progress flow cutting to be obtained To multiple traffic data units;The quantity of the traffic data unit in unified each network flow data and unification are each The length of the traffic data unit;It traffic data unit progress flow will encode to obtain two after quantity and length are uniformly processed Tie up the data of picture format.
In a possible embodiment, first acquisition module, for using two dimension described in first nerves e-learning The data of picture format, obtain corresponding with traffic data unit data packet vector and with the network flow data pair The data packet sequence vector answered;Wherein, the first nerves network includes:Convolutional neural networks.
In a possible embodiment, second acquisition module, for special in the space using nervus opticus network Learn the temporal aspect of the network flow data on the basis of sign, obtain network flow direction corresponding with the network flow data Amount;Wherein, the nervus opticus network includes:Recognition with Recurrent Neural Network.
Net flow assorted method provided in an embodiment of the present invention based on the study of stratification space-time characteristic passes through convolution god It is completed through network and Recognition with Recurrent Neural Network, eliminates a large amount of Feature Engineering workload;It is special by the space of convolutional neural networks Learning ability and the temporal aspect learning ability of Recognition with Recurrent Neural Network are levied, on the basis of the space characteristics of learning network flow lower floor The temporal aspect on upper further learning network flow upper strata, finally obtains more comprehensive and accurate traffic characteristic information, Neng Gouyou Effect improves net flow assorted ability;False alarm rate can be effectively reduced using better traffic characteristic collection, this method uses two Kind neural network obtains more comprehensive and accurate traffic characteristic collection, can be effectively reduced exception of network traffic detection or network The false alarm rate of intrusion detection.
Description of the drawings
Fig. 1 is a kind of net flow assorted method based on the study of stratification space-time characteristic provided in an embodiment of the present invention Flow chart;
Fig. 2 is the feature learning of the net flow assorted method provided in this embodiment based on the study of stratification space-time characteristic Flow chart;
Fig. 3 is a kind of net flow assorted device based on the study of stratification space-time characteristic provided in an embodiment of the present invention Structure chart.
Specific embodiment
Purpose, technical scheme and advantage to make the embodiment of the present invention are clearer, below in conjunction with the embodiment of the present invention In attached drawing, the technical solution in the embodiment of the present invention is clearly and completely described, it is clear that described embodiment is Part of the embodiment of the present invention, instead of all the embodiments.Based on the embodiments of the present invention, those of ordinary skill in the art All other embodiments obtained without making creative work shall fall within the protection scope of the present invention.
For ease of the understanding to the embodiment of the present invention, it is further explained below in conjunction with attached drawing with specific embodiment Bright, embodiment does not form the restriction to the embodiment of the present invention.
Fig. 1 is a kind of net flow assorted method based on the study of stratification space-time characteristic provided in an embodiment of the present invention Flow chart.As shown in Figure 1, the method specifically includes:
S101, the data that network flow data is converted to two dimensional image form.
Specifically, network flow data progress flow cutting is obtained into multiple traffic data units;Unified each net The length of the quantity of the traffic data unit in network data on flows and unified each traffic data unit;It will be through number Amount and length are uniformly processed rear traffic data unit progress flow and encode to obtain the data of two dimensional image form.
Wherein, network flow data progress flow cutting being obtained multiple traffic data units can include:According to Data on flows cutting is multiple traffic data units by the form of two-way network flow, wherein two-way network flow refers to according to five Tuple { source IP, source port, destination IP, destination interface, transport layer protocol } and the beginning transmission time of first data packet are jointly true Fixed two-way network flow data unit, each data packet requirement in two-way network flow include all Protocol layer datas, Traffic classes mark is carried out to each flow cell after cutting later.
The quantity of the traffic data unit in unified each network flow data and unified each flow number It can include according to the length of unit:Data packet number in each network flow is unified for n.If the data packet in former network flow Number is more than n, then abandons other data packets;If the data packet number in former network flow is less than n, several content phases are increased newly Same data packet is until n data packet of polishing.The length of each data packet is unified for m bytes.If the word in former data packet Joint number is more than m, then abandons other bytes;If the byte number in former data packet is less than m, it is straight to increase several identical bytes newly To polishing m bytes.
Such as:Data packet number in each network flow is unified for 6.If the data packet number in former network flow is more than 6, Then abandon all data packets after 7;If the data packet number in former network flow is less than 6, increasing several contents newly is The data packet of 0x00 is until 6 data packets of polishing.The length of each data packet is unified for 100 bytes.If in former data packet Byte number be more than 100, then abandon 101 after all bytes;If the byte number in former data packet is less than 100, increase newly Several 0x00 bytes are until 100 byte of polishing.
By after quantity and length are uniformly processed traffic data unit carry out flow encode to obtain the number of two dimensional image form According to can include:Bytes all in network flow are encoded, coding mode is one-hot coding either embedded coding or picture Element coding, wherein, one-hot coding and embedded coding the result is that the byte vector of fixed dimension, multiple vector composition X-Y schemes Picture, pixel coder refer to byte be considered as gray-scale pixel values and by flow byte align be two dimensional image.
S102, the space characteristics that network flow data is obtained by first nerves network.
Specifically, it using the data of two dimensional image form described in first nerves e-learning, obtains and the data on flows The corresponding data packet vector of unit and data packet sequence vector corresponding with the network flow data;Wherein, described first Neural network includes:Convolutional neural networks.
Convolutional neural networks can be one-dimensional convolutional neural networks, or two-dimensional convolution neural network;Form data During packet vector, a convolutional neural networks can be used to directly generate final data packet vector, can also use has difference Multiple convolutional neural networks of size convolution kernel generate multiple ephemeral data packet vectors, and they are spliced into final data packet Vector;Between convolutional layer and convolutional layer, 0 to n pond layer can be added.The space characteristics of convolutional neural networks study refer to Space characteristics in flow two dimensional image.
Such as:S1021, the generation interim vector v 1 of data packet.Using size be 128 and 256 convolution kernel learning data packet to It measures, uses one layer of full articulamentum later using one layer of maximum pond layer, the last one convolutional layer between different convolutional layers, finally Obtain the interim vector v 1 of each data packet;S1022, the generation interim vector v 2 of data packet.Use the volume that size is 192 and 320 Product core learning data packet is vectorial, is used later using one layer of maximum pond layer, the last one convolutional layer between different convolutional layers One layer of full articulamentum finally obtains the interim vector v 2 of each data packet;S1023, generation data packet vector v.By two data It wraps interim vector and is spliced into final data packet vector.That is,S1024, generation data packet sequence vector v1, v2,…,vn}.Above three sub-step is carried out for each data packet in network flow, ultimately generates a data packet vector Sequence, the input as Recognition with Recurrent Neural Network.
S103, the temporal aspect that the network flow data is obtained by nervus opticus network.
Specifically, learnt on the basis of the space characteristics using nervus opticus network the network flow data when Sequence characteristics obtain network flow vector corresponding with the network flow data;Wherein, the nervus opticus network includes:Cycle Neural network.
Such as:Learn temporal aspect on the basis of network flow space characteristics using Recognition with Recurrent Neural Network, it is specifically used Recognition with Recurrent Neural Network is long Memory Neural Networks in short-term, successively from forward and reverse both direction scan data packet sequence vector Practise temporal aspect.
Recognition with Recurrent Neural Network can be the Recognition with Recurrent Neural Network of general Recognition with Recurrent Neural Network or special construction, Such as long short-term memory Recognition with Recurrent Neural Network or bidirectional circulating neural network;The temporal aspect of Recognition with Recurrent Neural Network study refers to Sequence signature between multiple data packet vectors.
Fig. 2 is the feature learning flow chart of net flow assorted method provided in this embodiment, and specific S102 and S103 can With reference to Fig. 2.
S104, classified according to the space characteristics and the temporal aspect to the network flow.
The temporal aspect on upper strata is established on the space characteristics basis of lower floor, is finally held using the space-time characteristic of stratification Row net flow assorted can be used grader and perform the step, and grader can be the grader inside neural network, such as Softmax or independent grader, such as SVM or decision tree.
Such as:Final classification is performed to network flow vector using softmax graders, one layer of full connection is used before grader Network.The network flow of grader final output input belongs to the probability distribution of 5 class target network flows, probability distribution it is maximum one Class flow is output category, if classification results are one of four kinds of malicious traffic streams, illustrates to detected exception of network traffic.
It should be noted that in step S102-S104, four convolutional layers, four pond layers, two LSTM have been used altogether Layer and three full articulamentums, table 1 show the parameter that convolutional neural networks and Recognition with Recurrent Neural Network use.
The number of plies Operation Convolution kernel/neuron Step-length Polishing
1 conv+tanh 128 1 valid
2 max pool 2 2 valid
3 conv+tanh 256 1 valid
4 max pool 2 2 valid
5 dense 128 -- none
6 conv+tanh 192 1 valid
7 max pool 2 2 valid
8 conv+tanh 320 1 valid
9 max pool 2 2 valid
10 dense 128 --- none
11 lstm 92 --- none
12 lstm 92 --- none
13 dense 5 --- none
14 softmax --- --- none
Table 1
Net flow assorted method provided in an embodiment of the present invention based on the study of stratification space-time characteristic passes through convolution god It is completed through network and Recognition with Recurrent Neural Network, eliminates a large amount of Feature Engineering workload;It is special by the space of convolutional neural networks Learning ability and the temporal aspect learning ability of Recognition with Recurrent Neural Network are levied, on the basis of the space characteristics of learning network flow lower floor The temporal aspect on upper further learning network flow upper strata, finally obtains more comprehensive and accurate traffic characteristic information, Neng Gouyou Effect improves net flow assorted ability;False alarm rate can be effectively reduced using better traffic characteristic collection, this method uses two Kind neural network obtains more comprehensive and accurate traffic characteristic collection, can be effectively reduced exception of network traffic detection or network The false alarm rate of intrusion detection.
Fig. 3 is a kind of net flow assorted device based on the study of stratification space-time characteristic provided in an embodiment of the present invention Structure chart.As shown in figure 3, described device specifically includes:
First acquisition module 301, for passing through the space characteristics that first nerves network obtains network flow data;
Second acquisition module 302, for passing through the temporal aspect that nervus opticus network obtains the network flow data;
Sort module 303, for being classified according to the space characteristics and the temporal aspect to the network flow.
Optionally, described device further includes:Modular converter 304, for network flow data to be converted to two dimensional image lattice The data of formula.
Optionally, the modular converter 304, for network flow data progress flow cutting to be obtained multiple flows Data cell;The quantity of the traffic data unit in unified each network flow data and unified each flow number According to the length of unit;It traffic data unit progress flow will encode to obtain two dimensional image form after quantity and length are uniformly processed Data.
Optionally, first acquisition module 301, for using two dimensional image form described in first nerves e-learning Data obtain data packet vector corresponding with the traffic data unit and data packet corresponding with the network flow data Sequence vector;Wherein, the first nerves network includes:Convolutional neural networks.
Optionally, second acquisition module 302, for using nervus opticus network on the basis of the space characteristics Learn the temporal aspect of the network flow data, obtain network flow vector corresponding with the network flow data;Wherein, institute Nervus opticus network is stated to include:Recognition with Recurrent Neural Network.
Net flow assorted device provided in an embodiment of the present invention based on the study of stratification space-time characteristic passes through convolution god It is completed through network and Recognition with Recurrent Neural Network, eliminates a large amount of Feature Engineering workload;It is special by the space of convolutional neural networks Learning ability and the temporal aspect learning ability of Recognition with Recurrent Neural Network are levied, on the basis of the space characteristics of learning network flow lower floor The temporal aspect on upper further learning network flow upper strata, finally obtains more comprehensive and accurate traffic characteristic information, Neng Gouyou Effect improves net flow assorted ability;False alarm rate can be effectively reduced using better traffic characteristic collection, this method uses two Kind neural network obtains more comprehensive and accurate traffic characteristic collection, can be effectively reduced exception of network traffic detection or network The false alarm rate of intrusion detection.
Professional should further appreciate that, be described with reference to the embodiments described herein each exemplary Unit and algorithm steps can be realized with the combination of electronic hardware, computer software or the two, hard in order to clearly demonstrate The interchangeability of part and software generally describes each exemplary composition and step according to function in the above description. These functions are performed actually with hardware or software mode, specific application and design constraint depending on technical solution. Professional technician can realize described function to each specific application using distinct methods, but this realization It is it is not considered that beyond the scope of this invention.
The step of method or algorithm for being described with reference to the embodiments described herein, can use hardware, processor to perform The combination of software module or the two is implemented.Software module can be placed in random access memory (RAM), memory, read-only memory (ROM), electrically programmable ROM, electrically erasable ROM, register, hard disk, moveable magnetic disc, CD-ROM or technical field In any other form of storage medium well known to interior.
Above-described specific embodiment has carried out the purpose of the present invention, technical solution and advantageous effect further It is described in detail, it should be understood that the foregoing is merely the specific embodiment of the present invention, is not intended to limit the present invention Protection domain, all within the spirits and principles of the present invention, any modification, equivalent substitution, improvement and etc. done should all include Within protection scope of the present invention.

Claims (10)

  1. A kind of 1. net flow assorted method based on the study of stratification space-time characteristic, which is characterized in that including:
    The space characteristics of network flow data are obtained by first nerves network;
    The temporal aspect of the network flow data is obtained by nervus opticus network;
    Classified according to the space characteristics and the temporal aspect to the network flow.
  2. 2. according to the method described in claim 1, it is characterized in that, the method further includes:
    Network flow data is converted to the data of two dimensional image form.
  3. 3. according to the method described in claim 2, it is characterized in that, described be converted to two dimensional image form by network flow data Data, including:
    Network flow data progress flow cutting is obtained into multiple traffic data units;
    The quantity of the traffic data unit in unified each network flow data and unified each data on flows list The length of member;
    By after quantity and length are uniformly processed traffic data unit carry out flow encode to obtain the data of two dimensional image form.
  4. 4. according to the method described in claim 3, it is characterized in that, described obtain network flow data by first nerves network Space characteristics, including:
    Using the data of two dimensional image form described in first nerves e-learning, number corresponding with the traffic data unit is obtained According to packet vector and data packet sequence vector corresponding with the network flow data;
    Wherein, the first nerves network includes:Convolutional neural networks.
  5. 5. the method according to claim 1 or 4, which is characterized in that described that the network is obtained by nervus opticus network The temporal aspect of data on flows, including:
    Learn the temporal aspect of the network flow data on the basis of the space characteristics using nervus opticus network, obtain Network flow vector corresponding with the network flow data;
    Wherein, the nervus opticus network includes:Recognition with Recurrent Neural Network.
  6. 6. a kind of net flow assorted device based on the study of stratification space-time characteristic, which is characterized in that including:
    First acquisition module, for passing through the space characteristics that first nerves network obtains network flow data;
    Second acquisition module, for passing through the temporal aspect that nervus opticus network obtains the network flow data;
    Sort module, for being classified according to the space characteristics and the temporal aspect to the network flow.
  7. 7. device according to claim 6, which is characterized in that described device further includes:
    Modular converter, for network flow data to be converted to the data of two dimensional image form.
  8. 8. device according to claim 7, which is characterized in that the modular converter, for by the network flow data It carries out flow cutting and obtains multiple traffic data units;The number of the traffic data unit in unified each network flow data The length of amount and unified each traffic data unit;It traffic data unit will be carried out after quantity and length are uniformly processed Flow encodes to obtain the data of two dimensional image form.
  9. 9. device according to claim 8, which is characterized in that first acquisition module, for using first nerves net Network learns the data of the two dimensional image form, obtain data packet vector corresponding with the traffic data unit and with it is described The corresponding data packet sequence vector of network flow data;
    Wherein, the first nerves network includes:Convolutional neural networks.
  10. 10. the device according to claim 6 or 9, which is characterized in that second acquisition module, for using the second god Learn the temporal aspect of the network flow data on the basis of the space characteristics through network, obtain and the network flow The corresponding network flow vector of data;
    Wherein, the nervus opticus network includes:Recognition with Recurrent Neural Network.
CN201711164948.0A 2017-11-21 2017-11-21 Network traffic classification method and device based on hierarchical spatiotemporal feature learning Active CN108200006B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201711164948.0A CN108200006B (en) 2017-11-21 2017-11-21 Network traffic classification method and device based on hierarchical spatiotemporal feature learning

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201711164948.0A CN108200006B (en) 2017-11-21 2017-11-21 Network traffic classification method and device based on hierarchical spatiotemporal feature learning

Publications (2)

Publication Number Publication Date
CN108200006A true CN108200006A (en) 2018-06-22
CN108200006B CN108200006B (en) 2020-12-18

Family

ID=62573116

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201711164948.0A Active CN108200006B (en) 2017-11-21 2017-11-21 Network traffic classification method and device based on hierarchical spatiotemporal feature learning

Country Status (1)

Country Link
CN (1) CN108200006B (en)

Cited By (19)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108898015A (en) * 2018-06-26 2018-11-27 暨南大学 Application layer dynamic intruding detection system and detection method based on artificial intelligence
CN109620211A (en) * 2018-11-01 2019-04-16 吉林大学珠海学院 A kind of intelligent abnormal electrocardiogram aided diagnosis method based on deep learning
CN110138787A (en) * 2019-05-20 2019-08-16 福州大学 A kind of anomalous traffic detection method and system based on hybrid neural networks
CN110177122A (en) * 2019-06-18 2019-08-27 国网电子商务有限公司 A kind of method for establishing model and device identifying network security risk
CN110213244A (en) * 2019-05-15 2019-09-06 杭州电子科技大学 A kind of network inbreak detection method based on space-time characteristic fusion
CN110222795A (en) * 2019-07-26 2019-09-10 广东工业大学 The recognition methods of P2P flow based on convolutional neural networks and relevant apparatus
CN110751222A (en) * 2019-10-25 2020-02-04 中国科学技术大学 Online encrypted traffic classification method based on CNN and LSTM
CN111209933A (en) * 2019-12-25 2020-05-29 国网冀北电力有限公司信息通信分公司 Network traffic classification method and device based on neural network and attention mechanism
CN111404832A (en) * 2019-01-02 2020-07-10 中国移动通信有限公司研究院 Service classification method and device based on continuous TCP link
CN111431819A (en) * 2020-03-06 2020-07-17 中国科学院深圳先进技术研究院 Network traffic classification method and device based on serialized protocol flow characteristics
CN112134876A (en) * 2020-09-18 2020-12-25 中移(杭州)信息技术有限公司 Traffic identification system and method and server
CN112261063A (en) * 2020-11-09 2021-01-22 北京理工大学 Network malicious traffic detection method combined with deep hierarchical network
CN112367334A (en) * 2020-11-23 2021-02-12 中国科学院信息工程研究所 Network traffic identification method and device, electronic equipment and storage medium
CN112491894A (en) * 2020-11-30 2021-03-12 北京航空航天大学 Internet of things network attack flow monitoring system based on space-time feature learning
CN112583852A (en) * 2020-12-28 2021-03-30 华北电力大学 Abnormal flow detection method
CN112766596A (en) * 2021-01-29 2021-05-07 苏州思萃融合基建技术研究所有限公司 Building energy consumption prediction model construction method, energy consumption prediction method and device
CN113452810A (en) * 2021-07-08 2021-09-28 恒安嘉新(北京)科技股份公司 Traffic classification method, device, equipment and medium
CN113660196A (en) * 2021-07-01 2021-11-16 杭州电子科技大学 Network traffic intrusion detection method and device based on deep learning
CN114615093A (en) * 2022-05-11 2022-06-10 南京信息工程大学 Anonymous network traffic identification method and device based on traffic reconstruction and inheritance learning

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105160342A (en) * 2015-08-11 2015-12-16 成都数联铭品科技有限公司 HMM-GMM-based automatic word picture splitting method and system
US20160099010A1 (en) * 2014-10-03 2016-04-07 Google Inc. Convolutional, long short-term memory, fully connected deep neural networks
CN106911669A (en) * 2017-01-10 2017-06-30 浙江工商大学 A kind of DDOS detection methods based on deep learning
CN107016359A (en) * 2017-03-24 2017-08-04 同济大学 A kind of fast face recognition method being distributed under complex environment based on t

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20160099010A1 (en) * 2014-10-03 2016-04-07 Google Inc. Convolutional, long short-term memory, fully connected deep neural networks
CN105160342A (en) * 2015-08-11 2015-12-16 成都数联铭品科技有限公司 HMM-GMM-based automatic word picture splitting method and system
CN106911669A (en) * 2017-01-10 2017-06-30 浙江工商大学 A kind of DDOS detection methods based on deep learning
CN107016359A (en) * 2017-03-24 2017-08-04 同济大学 A kind of fast face recognition method being distributed under complex environment based on t

Cited By (23)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108898015B (en) * 2018-06-26 2021-07-27 暨南大学 Application layer dynamic intrusion detection system and detection method based on artificial intelligence
CN108898015A (en) * 2018-06-26 2018-11-27 暨南大学 Application layer dynamic intruding detection system and detection method based on artificial intelligence
CN109620211A (en) * 2018-11-01 2019-04-16 吉林大学珠海学院 A kind of intelligent abnormal electrocardiogram aided diagnosis method based on deep learning
CN111404832A (en) * 2019-01-02 2020-07-10 中国移动通信有限公司研究院 Service classification method and device based on continuous TCP link
CN110213244A (en) * 2019-05-15 2019-09-06 杭州电子科技大学 A kind of network inbreak detection method based on space-time characteristic fusion
CN110138787A (en) * 2019-05-20 2019-08-16 福州大学 A kind of anomalous traffic detection method and system based on hybrid neural networks
CN110177122A (en) * 2019-06-18 2019-08-27 国网电子商务有限公司 A kind of method for establishing model and device identifying network security risk
CN110222795A (en) * 2019-07-26 2019-09-10 广东工业大学 The recognition methods of P2P flow based on convolutional neural networks and relevant apparatus
CN110751222A (en) * 2019-10-25 2020-02-04 中国科学技术大学 Online encrypted traffic classification method based on CNN and LSTM
CN111209933A (en) * 2019-12-25 2020-05-29 国网冀北电力有限公司信息通信分公司 Network traffic classification method and device based on neural network and attention mechanism
CN111431819A (en) * 2020-03-06 2020-07-17 中国科学院深圳先进技术研究院 Network traffic classification method and device based on serialized protocol flow characteristics
CN112134876A (en) * 2020-09-18 2020-12-25 中移(杭州)信息技术有限公司 Traffic identification system and method and server
CN112261063A (en) * 2020-11-09 2021-01-22 北京理工大学 Network malicious traffic detection method combined with deep hierarchical network
CN112367334A (en) * 2020-11-23 2021-02-12 中国科学院信息工程研究所 Network traffic identification method and device, electronic equipment and storage medium
CN112491894A (en) * 2020-11-30 2021-03-12 北京航空航天大学 Internet of things network attack flow monitoring system based on space-time feature learning
CN112583852A (en) * 2020-12-28 2021-03-30 华北电力大学 Abnormal flow detection method
CN112583852B (en) * 2020-12-28 2022-05-13 华北电力大学 Abnormal flow detection method
CN112766596A (en) * 2021-01-29 2021-05-07 苏州思萃融合基建技术研究所有限公司 Building energy consumption prediction model construction method, energy consumption prediction method and device
CN112766596B (en) * 2021-01-29 2024-04-16 苏州思萃融合基建技术研究所有限公司 Construction method of building energy consumption prediction model, energy consumption prediction method and device
CN113660196A (en) * 2021-07-01 2021-11-16 杭州电子科技大学 Network traffic intrusion detection method and device based on deep learning
CN113452810A (en) * 2021-07-08 2021-09-28 恒安嘉新(北京)科技股份公司 Traffic classification method, device, equipment and medium
CN114615093A (en) * 2022-05-11 2022-06-10 南京信息工程大学 Anonymous network traffic identification method and device based on traffic reconstruction and inheritance learning
CN114615093B (en) * 2022-05-11 2022-07-26 南京信息工程大学 Anonymous network traffic identification method and device based on traffic reconstruction and inheritance learning

Also Published As

Publication number Publication date
CN108200006B (en) 2020-12-18

Similar Documents

Publication Publication Date Title
CN108200006A (en) A kind of net flow assorted method and device based on the study of stratification space-time characteristic
CN108199863B (en) Network traffic classification method and system based on two-stage sequence feature learning
Markovich Nonparametric analysis of univariate heavy-tailed data: research and practice
CN103858386B (en) For performing the method and apparatus for wrapping classification by the decision tree of optimization
CN108173704A (en) A kind of method and device of the net flow assorted based on representative learning
CN103973589B (en) Network traffic classification method and device
CN104125154B (en) Method for discovering network topology and equipment
US20190340507A1 (en) Classifying data
CN110796196A (en) Network traffic classification system and method based on depth discrimination characteristics
WO2015154484A1 (en) Traffic data classification method and device
CN101510841A (en) Method and system for recognizing end-to-end flux
KR102284356B1 (en) Data imbalance solution method using Generative adversarial network
CN104506356A (en) Method and device for determining credibility of IP (Internet protocol) address
CN103780435B (en) The method and system classified using port numbers mask to data stream
Salih et al. Detection and classification of covert channels in IPv6 using enhanced machine learning
CN110365603A (en) A kind of self adaptive network traffic classification method open based on 5G network capabilities
CN108427643A (en) Binary program fuzz testing method based on Multiple-population Genetic Algorithm
CN115049070A (en) Screening method and device of federal characteristic engineering data, equipment and storage medium
CN1223941C (en) Hierarchial invasion detection system based on related characteristic cluster
CN114282692A (en) Model training method and system for longitudinal federal learning
CN113660220A (en) Bimodal fusion detection method for improving identification precision of unbalanced malicious flow samples
CN116599720A (en) Malicious DoH flow detection method and system based on GraphSAGE
CN116500546A (en) Radar signal sorting method based on point cloud segmentation network
CN110414755A (en) The method and apparatus that a kind of pair of evaluation object is evaluated
CN104753934A (en) Method for separating known protocol multi-communication-parties data stream into point-to-point data stream

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant
TR01 Transfer of patent right
TR01 Transfer of patent right

Effective date of registration: 20210813

Address after: Room 1601, 16th floor, East Tower, Ximei building, No. 6, Changchun Road, high tech Industrial Development Zone, Zhengzhou, Henan 450001

Patentee after: Zhengzhou xinrand Network Technology Co.,Ltd.

Address before: 100190, No. 21 West Fourth Ring Road, Beijing, Haidian District

Patentee before: INSTITUTE OF ACOUSTICS, CHINESE ACADEMY OF SCIENCES

Effective date of registration: 20210813

Address after: 100190, No. 21 West Fourth Ring Road, Beijing, Haidian District

Patentee after: INSTITUTE OF ACOUSTICS, CHINESE ACADEMY OF SCIENCES

Address before: 100190, No. 21 West Fourth Ring Road, Beijing, Haidian District

Patentee before: INSTITUTE OF ACOUSTICS, CHINESE ACADEMY OF SCIENCES

Patentee before: BEIJING INTELLIX TECHNOLOGIES Co.,Ltd.