CN114221800B - NetFlow flow restoration method and device - Google Patents
NetFlow flow restoration method and device Download PDFInfo
- Publication number
- CN114221800B CN114221800B CN202111512414.9A CN202111512414A CN114221800B CN 114221800 B CN114221800 B CN 114221800B CN 202111512414 A CN202111512414 A CN 202111512414A CN 114221800 B CN114221800 B CN 114221800B
- Authority
- CN
- China
- Prior art keywords
- flow
- netflow
- sliding window
- data
- message
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
- H04L63/1458—Denial of Service
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L43/00—Arrangements for monitoring or testing data switching networks
- H04L43/08—Monitoring or testing based on specific metrics, e.g. QoS, energy consumption or environmental parameters
- H04L43/0876—Network utilisation, e.g. volume of load or congestion level
- H04L43/0888—Throughput
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L47/00—Traffic control in data switching networks
- H04L47/70—Admission control; Resource allocation
- H04L47/80—Actions related to the user profile or the type of traffic
-
- Y—GENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y02—TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
- Y02D—CLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
- Y02D30/00—Reducing energy consumption in communication networks
- Y02D30/50—Reducing energy consumption in communication networks in wire-line communication networks, e.g. low power modes or reduced link rate
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Environmental & Geological Engineering (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention discloses a method and a device for reducing NetFlow flow, wherein the method comprises the following steps: buffering NetFlow flow data in self-defined time in a sliding window built in the Flink flow calculation engine; marking the NetFlow flow time sequence data in the sliding window with a weight label; and calculating the flow average value in the current sliding window by using the NetFlow flow data in the sliding window through a weighted average algorithm, and multiplying the flow average value by the sampling ratio to output the flow of the current network of the client. The method and the device can restore the flow of the current network of the client to the greatest extent.
Description
Technical Field
The invention relates to the field of DDOS flow detection, in particular to a method and a device for reducing NetFlow flow.
Background
The existing DDOS (distributed denial of service attack) flow detection is realized by analyzing a NetFlow message sent by a network router and then restoring the NetFlow message, and the network DDOS attack detection is realized in most cases by acquiring the sampling ratio in the network router in advance, then analyzing the original NetFlow V5 or V9 version message, then acquiring the flow rate data BPS or the packet rate PPS in the current message through the analyzed message, and then multiplying the analyzed flow rate data or packet data by the sampling ratio to further restore the flow data of a client. The problem with this flow reduction approach is that it may be at some 1000: the size of the packet obtained from the sampling ratio of 1 cannot truly reflect the customer flow, so that the customer flow is restored inaccurately, and a certain error exists.
Disclosure of Invention
In order to solve the problems of traffic distortion and the like caused by hard restoration in DDOS traffic calculation based on NetFlow, the invention provides a method and a device for NetFlow traffic restoration, which can restore the traffic of a current network of a client to the greatest extent.
In order to achieve the above purpose, the present invention adopts the following technical scheme:
in an embodiment of the present invention, a NetFlow flow restoration method is provided, where the method includes:
buffering NetFlow flow data in self-defined time in a sliding window built in the Flink flow calculation engine;
marking the NetFlow flow time sequence data in the sliding window with a weight label;
and calculating the flow average value in the current sliding window by using the NetFlow flow data in the sliding window through a weighted average algorithm, and multiplying the flow average value by the sampling ratio to output the flow of the current network of the client.
Further, buffering NetFlow flow traffic data within a custom time in a sliding window built in the Flink flow computation engine, including:
after collecting the NetFlow message through the UDP protocol, the collecting and analyzing program analyzes and encapsulates the NetFlow message into a JSON object and sends the JSON object to a message queue of a message middleware;
and the program of the Flink flow calculation engine pulls the NetFlow flow data in the information queue in real time, stores the NetFlow flow data in the sliding window, and stores the NetFlow flow data by using a data model with a self-defined sliding distance and window length.
Further, labeling the NetFlow traffic timing data in the sliding window with a weight, including:
and marking weight labels according to the time sequence before and after the sliding window is stored and the weight is from small to large.
Further, the weighted average algorithm is as follows:
m=(k1*a1+k2*a2+k3*a3+....+kn*an)/(k1+k2+k3+...+kn)
where k represents the weight magnitude, a represents the flow magnitude within the current sliding window, and m represents the average flow rate within the current sliding window.
In an embodiment of the present invention, there is also provided an apparatus for NetFlow flow restoration, including:
the NetFlow flow data preprocessing module is used for caching NetFlow flow data in self-defined time in a sliding window built in the Flink flow calculation engine and marking the NetFlow flow time sequence data in the sliding window with a weight label;
and the NetFlow flow calculation module is used for calculating the flow average value in the current sliding window by using the NetFlow flow data in the sliding window through a weighted average algorithm, and then multiplying the flow average value by the sampling ratio to output the flow of the current network of the client.
Further, buffering NetFlow flow traffic data within a custom time in a sliding window built in the Flink flow computation engine, including:
after collecting the NetFlow message through the UDP protocol, the collecting and analyzing program analyzes and encapsulates the NetFlow message into a JSON object and sends the JSON object to a message queue of a message middleware;
and the program of the Flink flow calculation engine pulls the NetFlow flow data in the information queue in real time, stores the NetFlow flow data in the sliding window, and stores the NetFlow flow data by using a data model with a self-defined sliding distance and window length.
Further, labeling the NetFlow traffic timing data in the sliding window with a weight, including:
and marking weight labels according to the time sequence before and after the sliding window is stored and the weight is from small to large.
Further, the weighted average algorithm is as follows:
m=(k1*a1+k2*a2+k3*a3+....+kn*an)/(k1+k2+k3+...+kn)
where k represents the weight magnitude, a represents the flow magnitude within the current sliding window, and m represents the average flow rate within the current sliding window.
In an embodiment of the present invention, a computer device is further provided, including a memory, a processor, and a computer program stored in the memory and capable of running on the processor, where the processor implements the method for NetFlow flow restoration when executing the computer program.
In an embodiment of the present invention, a computer readable storage medium is also presented, where the computer readable storage medium stores a computer program for performing the NetFlow flow traffic restoration method.
The beneficial effects are that:
1. according to the invention, the NetFlow flow data in a period of time can be stored through the sliding window, and the number of the collected target samples can be increased.
2. According to the invention, the NetFlow flow time sequence data in the sliding window is marked with different weight labels, so that the real-time flow can be perceived to the greatest extent.
3. According to the invention, the calculated NetFlow flow data weighted average value within a certain time range of the sliding window is used, so that the actual flow of the client can be reflected to a greater extent, the calculated error between the client flow and the original actual flow is smaller, and the data is more accurate.
Drawings
FIG. 1 is a flow chart of a method for NetFlow flow reduction of the present invention;
FIG. 2 is a schematic diagram of the device structure for NetFlow flow restoration according to the present invention;
FIG. 3 is a schematic diagram of a computer device according to the present invention.
Detailed Description
The principles and spirit of the present invention will be described below with reference to several exemplary embodiments, with the understanding that these embodiments are merely provided to enable those skilled in the art to better understand and practice the invention and are not intended to limit the scope of the invention in any way. Rather, these embodiments are provided so that this disclosure will be thorough and complete, and will fully convey the scope of the disclosure to those skilled in the art.
Those skilled in the art will appreciate that embodiments of the invention may be implemented as a system, apparatus, device, method, or computer program product. Accordingly, the present disclosure may be embodied in the following forms, namely: complete hardware, complete software (including firmware, resident software, micro-code, etc.), or a combination of hardware and software.
According to the embodiment of the invention, a method and a device for reducing NetFlow flow are provided, based on the existing Flink flow calculation engine, the NetFlow flow data in a period of time are cached in a sliding window of the Flink flow calculation engine, the NetFlow flow time sequence data in the sliding window are marked with weight labels, and finally the flow average value in the current sliding window is calculated through a weighted average algorithm.
The principles and spirit of the present invention are explained in detail below with reference to several representative embodiments thereof.
FIG. 1 is a flow chart of the method for NetFlow flow reduction of the present invention. As shown in fig. 1, the method includes:
1. the router configures the sampling ratio of the collected NetFlow flow data, and sends the sampling ratio to the collection analysis program through a UDP (User Datagram Protocol, user data message protocol) protocol.
2. After collecting the NetFlow message by the collecting and analyzing program, judging the version number of the current NetFlow message, analyzing the NetFlow V5 or V9 version message, obtaining the flow rate data BPS field in the current message by the analyzed NetFlow message, packaging the analyzed NetFlow message into a JSON object by the collecting and analyzing program, and sending the JSON object to a message queue of a message middleware kafka.
3. The program of the Flink flow calculation engine pulls the NetFlow flow data in the Topic theme corresponding to the kafka in real time, stores the NetFlow flow data in the sliding window of the sliding window, and the Flink program stores the NetFlow flow data by using a data model (for example, a data model of which the sliding time is 30 seconds after 5 seconds) with a self-defined sliding distance and window length.
4. Because the NetFlow flow data in the sliding window of the Flink flow calculation engine are all time-series, the NetFlow flow time sequence data in the sliding window is marked with a weight label, and the weight of the stored data, namely the data which is close to the sliding window and triggers the calculation output time (the data which is close to the current time), is relatively large.
5. When a sliding window of the Flink flow calculation engine triggers calculation, the NetFlow flow data in the sliding window is calculated according to a weighted average algorithm, the NetFlow flow average value in the current sliding window is calculated, and the current network flow of the client can be output by multiplying the sampling ratio after the NetFlow flow average value is calculated, wherein the weighted average algorithm is as follows:
m=(k1*a1+k2*a2+k3*a3+....+kn*an)/(k1+k2+k3+...+kn)
where k represents the weight magnitude, a represents the flow magnitude within the current sliding window, and m represents the average flow rate within the current sliding window.
It should be noted that although the operations of the method of the present invention are described in a particular order in the above embodiments and the accompanying drawings, this does not require or imply that the operations must be performed in the particular order or that all of the illustrated operations be performed in order to achieve desirable results. Additionally or alternatively, certain steps may be omitted, multiple steps combined into one step to perform, and/or one step decomposed into multiple steps to perform.
In order to more clearly explain the above NetFlow flow reduction method, a specific embodiment is described below, however, it should be noted that this embodiment is only for better illustrating the present invention and is not meant to limit the present invention unduly.
Examples:
the format of the analyzed NetFlow flow data sample is as follows:
[{"srcaddr":10.112.12.1,"dstaddr":10.112.12.3,"dPkts":"200","dOctets":40,"srcport":8090,"dstport":80,"tcp_flags":6,"eventTime":2021-10-2110:40:10},{"srcaddr":10.112.12.1,"dstaddr":10.112.12.3,"dPkts":"130","dOctets":50,"srcport":8090,"dstport":80,"tcp_flags":6,"eventTime":2021-10-2110:40:15}]
1. after collecting the NetFlow message through the UDP protocol, the collecting and analyzing program analyzes and packages the NetFlow message into a JSON object, and sends the JSON object to a message queue of a message middleware Kafka.
2. The program of the Flink flow calculation engine processes the NetFlow flow data in the message middleware kafka in real time, stores the NetFlow flow data in the already set sliding window, marks weight labels according to the time sequence before and after storing the NetFlow flow data in the sliding window, and the weight of the later entered data is larger, for example: the data weight five seconds ago was set to 10 and the data weight for the current time into the sliding window was set to 50.
3. When a sliding window of the Flink flow calculation engine executes trigger operation, calculating the NetFlow flow data in the sliding window, and realizing a weighted average algorithm on the data in the sliding window for a certain period of time;
and after receiving the calculated average flow rate of the current window, the Flink flow calculation engine program multiplies the average flow rate of the current window by the sampling ratio to obtain the flow rate of the current network of the client.
Based on the same inventive concept, the invention also provides a device for reducing the NetFlow flow. The implementation of the device can be referred to as implementation of the above method, and the repetition is not repeated. The term "module" as used below may be a combination of software and/or hardware that implements the intended function. While the means described in the following embodiments are preferably implemented in software, implementation in hardware, or a combination of software and hardware, is also possible and contemplated.
Fig. 2 is a schematic diagram of the device structure for NetFlow flow restoration according to the present invention. As shown in fig. 2, the apparatus includes:
the NetFlow flow data preprocessing module 101 is configured to cache NetFlow flow data in a custom time in a sliding window built in the link flow calculation engine, and tag the NetFlow flow time sequence data in the sliding window with weights; the method comprises the following steps:
after collecting the NetFlow message through the UDP protocol, the collecting and analyzing program analyzes and encapsulates the NetFlow message into a JSON object and sends the JSON object to a message queue of a message middleware;
the program of the Flink flow calculation engine pulls the NetFlow flow data in the information queue in real time, stores the NetFlow flow data in a sliding window, and stores the NetFlow flow data by using a data model with a self-defined sliding distance and window length;
and marking weight labels according to the time sequence before and after the sliding window is stored and the weight is from small to large.
The NetFlow flow calculation module 102 is configured to calculate, by using a weighted average algorithm, a flow average value in the current sliding window from NetFlow flow data in the sliding window, and multiply the flow average value by a sampling ratio, so as to output a flow of the current network of the client, where the weighted average algorithm is as follows:
m=(k1*a1+k2*a2+k3*a3+....+kn*an)/(k1+k2+k3+...+kn)
where k represents the weight magnitude, a represents the flow magnitude within the current sliding window, and m represents the average flow rate within the current sliding window.
It should be noted that although several modules of the NetFlow traffic restoration device are mentioned in the detailed description above, this partitioning is merely exemplary and not mandatory. Indeed, the features and functions of two or more modules described above may be embodied in one module in accordance with embodiments of the present invention. Conversely, the features and functions of one module described above may be further divided into a plurality of modules to be embodied.
Based on the foregoing inventive concept, as shown in fig. 3, the present invention further proposes a computer device 200, including a memory 210, a processor 220, and a computer program 230 stored in the memory 210 and capable of running on the processor 220, where the processor 220 implements the method of NetFlow flow restoration when executing the computer program 230.
Based on the foregoing inventive concept, the present invention also proposes a computer-readable storage medium storing a computer program for executing the method of NetFlow flow restoration described above.
According to the method and the device for reducing the NetFlow flow, the NetFlow flow data in a period of time can be stored through the sliding window, and the number of the collected target samples can be increased; the real-time flow can be perceived to the greatest extent by marking the NetFlow flow time sequence data in the sliding window with different weight labels; the method has the advantages that the NetFlow flow data weighted average value within a certain time range of the sliding window is calculated, the actual flow of the client can be reflected to a greater extent, the calculated error between the client flow and the original actual flow is smaller, and the data are more accurate.
While the spirit and principles of the present invention have been described with reference to several particular embodiments, it is to be understood that the invention is not limited to the disclosed embodiments nor does it imply that features of the various aspects are not useful in combination, nor are they useful in any combination, such as for convenience of description. The invention is intended to cover various modifications and equivalent arrangements included within the spirit and scope of the appended claims.
It should be apparent to those skilled in the art that various modifications or variations can be made in the present invention without requiring any inventive effort by those skilled in the art based on the technical solutions of the present invention.
Claims (8)
1. A method for NetFlow traffic restoration, the method comprising:
buffering NetFlow flow data in self-defined time in a sliding window built in the Flink flow calculation engine;
marking the NetFlow flow time sequence data in the sliding window with a weight label, and marking the weight label according to the time sequence before and after the NetFlow flow time sequence data is stored in the sliding window from the small weight to the large weight;
and calculating the flow average value in the current sliding window by using the NetFlow flow data in the sliding window through a weighted average algorithm, and multiplying the flow average value by the sampling ratio to output the flow of the current network of the client.
2. The method for NetFlow traffic restoration according to claim 1, wherein buffering NetFlow traffic data within a custom time in a sliding window built in a Flink flow computation engine comprises:
after collecting the NetFlow message through the UDP protocol, the collecting and analyzing program analyzes and encapsulates the NetFlow message into a JSON object and sends the JSON object to a message queue of a message middleware;
and the program of the Flink flow calculation engine pulls the NetFlow flow data in the information queue in real time, stores the NetFlow flow data in the sliding window, and stores the NetFlow flow data by using a data model with a self-defined sliding distance and window length.
3. The NetFlow traffic restoration method according to claim 1, wherein the weighted average algorithm is as follows:
m=(k1*a1+k2*a2+k3*a3+....+kn*an)/(k1+k2+k3+...+kn)
where k represents the weight magnitude, a represents the flow magnitude within the current sliding window, and m represents the average flow rate within the current sliding window.
4. An apparatus for NetFlow flow traffic restoration, the apparatus comprising:
the NetFlow flow data preprocessing module is used for caching NetFlow flow data in self-defined time in a sliding window arranged in the Flink flow calculation engine, marking the NetFlow flow time sequence data in the sliding window with weight labels, and marking the sliding window with weight labels from small to large according to the time sequence before and after the sliding window is stored;
and the NetFlow flow calculation module is used for calculating the flow average value in the current sliding window by using the NetFlow flow data in the sliding window through a weighted average algorithm, and then multiplying the flow average value by the sampling ratio to output the flow of the current network of the client.
5. The apparatus for NetFlow traffic restoration according to claim 4, wherein buffering NetFlow traffic data within a custom time in a sliding window built in a Flink flow computation engine, comprises:
after collecting the NetFlow message through the UDP protocol, the collecting and analyzing program analyzes and encapsulates the NetFlow message into a JSON object and sends the JSON object to a message queue of a message middleware;
and the program of the Flink flow calculation engine pulls the NetFlow flow data in the information queue in real time, stores the NetFlow flow data in the sliding window, and stores the NetFlow flow data by using a data model with a self-defined sliding distance and window length.
6. The apparatus for NetFlow traffic restoration according to claim 4, wherein the weighted average algorithm is as follows:
m=(k1*a1+k2*a2+k3*a3+....+kn*an)/(k1+k2+k3+...+kn)
where k represents the weight magnitude, a represents the flow magnitude within the current sliding window, and m represents the average flow rate within the current sliding window.
7. A computer device comprising a memory, a processor and a computer program stored on the memory and executable on the processor, characterized in that the processor implements the method of any of claims 1-3 when executing the computer program.
8. A computer readable storage medium, characterized in that the computer readable storage medium stores a computer program for executing the method of any one of claims 1-3.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111512414.9A CN114221800B (en) | 2021-12-08 | 2021-12-08 | NetFlow flow restoration method and device |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111512414.9A CN114221800B (en) | 2021-12-08 | 2021-12-08 | NetFlow flow restoration method and device |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN114221800A CN114221800A (en) | 2022-03-22 |
| CN114221800B true CN114221800B (en) | 2023-08-08 |
Family
ID=80701060
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202111512414.9A Active CN114221800B (en) | 2021-12-08 | 2021-12-08 | NetFlow flow restoration method and device |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN114221800B (en) |
Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN108289125A (en) * | 2018-01-26 | 2018-07-17 | 华南理工大学 | TCP sessions recombination based on Stream Processing and statistical data extracting method |
| CN109800129A (en) * | 2019-01-17 | 2019-05-24 | 青岛特锐德电气股份有限公司 | A kind of real-time stream calculation monitoring system and method for processing monitoring big data |
Family Cites Families (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US10404732B2 (en) * | 2016-06-14 | 2019-09-03 | Sdn Systems, Llc | System and method for automated network monitoring and detection of network anomalies |
-
2021
- 2021-12-08 CN CN202111512414.9A patent/CN114221800B/en active Active
Patent Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN108289125A (en) * | 2018-01-26 | 2018-07-17 | 华南理工大学 | TCP sessions recombination based on Stream Processing and statistical data extracting method |
| CN109800129A (en) * | 2019-01-17 | 2019-05-24 | 青岛特锐德电气股份有限公司 | A kind of real-time stream calculation monitoring system and method for processing monitoring big data |
Non-Patent Citations (1)
| Title |
|---|
| 基于Hadoop和Spark的可扩展性大数据分析系统设计;刘昕林;邓巍;黄萍;刘睿臻;;自动化与仪器仪表(第03期);全文 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN114221800A (en) | 2022-03-22 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US8402543B1 (en) | Machine learning based botnet detection with dynamic adaptation | |
| CN109600363B (en) | Internet of things terminal network portrait and abnormal network access behavior detection method | |
| Cordero et al. | Analyzing flow-based anomaly intrusion detection using replicator neural networks | |
| CN110784481A (en) | DDoS detection method and system based on neural network in SDN network | |
| Liu et al. | The detection method of low-rate DoS attack based on multi-feature fusion | |
| WO2001001272A3 (en) | Method and apparatus for monitoring traffic in a network | |
| CN110334105B (en) | Stream data abnormity detection method based on Storm | |
| CN111814192B (en) | Training sample generation method and device and sensitive information detection method and device | |
| CN112511383A (en) | Network traffic monitoring method and device | |
| CN108289125A (en) | TCP sessions recombination based on Stream Processing and statistical data extracting method | |
| Purnama et al. | Features extraction on IoT intrusion detection system using principal components analysis (PCA) | |
| CN109698798B (en) | Application identification method and device, server and storage medium | |
| CN110661807A (en) | Automatic acquisition method and device for IPv6 address | |
| CN114221800B (en) | NetFlow flow restoration method and device | |
| CN111526141A (en) | Web anomaly detection method and system based on Word2vec and TF-IDF | |
| CN105357071B (en) | A kind of network complexity method for recognizing flux and identifying system | |
| CN110365659B (en) | Construction method of network intrusion detection data set in small sample scene | |
| EP4084410A1 (en) | Method, apparatus and system for training fault detection model | |
| CN116405261A (en) | Malicious flow detection method, system and storage medium based on deep learning | |
| Hagos et al. | Recurrent neural network-based prediction of tcp transmission states from passive measurements | |
| CN110781950B (en) | Message processing method and device | |
| CN108874646A (en) | The method and apparatus for analyzing data | |
| CN114553579A (en) | Novel malicious flow detection method based on image | |
| EP4084408A1 (en) | Fault detection method, apparatus and system | |
| CN111209789B (en) | Method for carrying out image acquisition and analysis on key item points instantly |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |