CN1617512A - Adaptive network flow forecasting and abnormal alarming method - Google Patents
Adaptive network flow forecasting and abnormal alarming method Download PDFInfo
- Publication number
- CN1617512A CN1617512A CN 200410009855 CN200410009855A CN1617512A CN 1617512 A CN1617512 A CN 1617512A CN 200410009855 CN200410009855 CN 200410009855 CN 200410009855 A CN200410009855 A CN 200410009855A CN 1617512 A CN1617512 A CN 1617512A
- Authority
- CN
- China
- Prior art keywords
- flow
- network
- value
- historical
- prediction
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Landscapes
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
This invention provide a network flow performance prediction and abnormal alarming technology and a method based on the genetic algorithms, which utilizes genetic algorithms to predict the flow state of the next time from the horizontal time degree then to utilize the statistics method to judge the abnormal situation of said flow based on the flow sample in a related time period of each day in the historical flow information from the longitudinal time degree. The method is realized by four steps of network flow data collection, process and storage, prediction and abnormal alarming.
Description
Technical field
The present invention relates to technical field of computer network management, particularly a kind of self adaptive network traffic prediction and abnormal alarm method.
Background technology
The continuous expansion of rapid development of network technology and scale, the Network complexity improves day by day.In this environment, resource distribution degree and degree of share all enlarge rapidly, the failure that any small fault all may cause the user to use.In order to improve service quality and to reduce operating cost, find that timely and effectively the abnormal conditions of network traffics become more and more important in network management.Prediction and warning are two effective means.
Time series to network traffics is predicted, the statistical model method of the classical Poisson process that is based on.Under the environment that current network new business continues to bring out, great change has taken place in traffic characteristic, the network behavior of the reaction reality that this random statistical model can not be authentic and valid.
Network traffics warning aspect, traditional warning system generally just simply judges according to a fixed threshold of system configuration whether present flow rate is in normal condition, if flow less than the threshold value of this setting then think that the present flow rate state is normal, is reported to the police otherwise then produce.And in the real network environment, the setting of threshold value is very difficult, and threshold value too greatly then loss improves, and the too little then false drop rate of threshold value improves.
(Genetic Algorithm GA) is the intelligent optimization algorithm of an analoglike biological evolution to genetic algorithm, often is used to the optimization problem in the industrial process.It has used the viewpoint of biogenetics, by mechanism of action such as natural selection, heredity, variations, realizes the adaptive raising of each individuality, and this point has embodied the evolutionary process of occurring in nature " survival of the fittest in natural selection, the survival of the fittest ".Compare with conventional method, the specific field with the problem of not relying on of genetic algorithm has very strong advantages such as robustness to the kind of problem.Genetic algorithm has become an important branch of evolutionary computation research.
Genetic algorithm is an example with a group individuality, and they all have the DNA of oneself.Weigh each individual adaptability (it is regarded as the function that is applicable to DNA of individual weighs) then, and those individualities that more adapt to are more likely multiplied.And the individuality that least adapts to will be exterminated.Each survivor can have an opportunity to multiply (importantly any survivor may multiply, if not too adapt to, only is to have reduced possibility).The DNA that merges parents, the DNA after being combined use random variation with the simulation procreation.Get on very well in theory, new individuality is the same with parents to be adapted to, because variation or increase or subtract and have a slightly little variation.Circulation can go round and begin again then.
Selecting, intersecting and make a variation is operator the most frequently used among the GA: (1) selects operator (Selection/Reproduction): select operator to select individuality in pairs by a certain probability from colony, certain individual x
iSelecteed Probability p
iBe directly proportional with its fitness value.The most common implementation method is roulette (Roulette Wheel) model.(2) crossover operator (Crossover/Recombine): crossover operator is pressed Probability p with the gene strand of two selected individualities
cIntersect, generate two new individualities, crossover location is at random.P wherein
cIt is a system parameters.(3) mutation operator (Mutation): every Probability p of pressing of the gene strand that mutation operator will be newly individual
mMaking a variation, promptly is negate to two-value gene strand (0,1 coding).
Summary of the invention
Purpose of the present invention and task are: to concrete heterogeneous networks, on the basis of the historical flow performance information of network, after utilizing genetic algorithm to dope next flow status constantly from horizontal time degree earlier, again from the flow sample of vertical time degree according to this identical period of every day the historical flow information, utilize statistical method to judge the abnormal conditions of this flow, and carry out classifying alarm, thereby reach the purpose of early warning.
The self adaptive network traffic predicted application that the present invention proposes genetic algorithm.But the present invention is on computer and computer network, the transmission of data, and data processing has been used the technical scheme and the technological means of claims, reaches and realize the purpose and the effect of predicting network flow and abnormal alarm.
Following mask body is set forth the specific implementation mechanism of prediction of this self adaptive network traffic and abnormal alarm method:
Definition
Coding: convert the actual value of historical flow information to each operator of genetic algorithm operable binary string.
Population: some actual values of historical flow information can form a population.System is with current time
Nei flow information is an initial population for the previous period.
Chromosome (individuality): the flow actual value is called chromosome through the individuality that the coding back generates.
Gene: chromosomal each factor of binary representation is called gene.
The ideal adaptation degree: be to chromosome to network environment just when assessment, the big more surface of ideal adaptation degree is should individuality big more to the contribution of prediction.
In order to reach desired purpose, prediction of this self adaptive network traffic and abnormal alarm method, solution realizes by network traffics data acquisition, network traffics data processing and storage, predicting network flow, exception of network traffic warning four-stage on the theoretical foundation that is as above proposed.
Concrete steps are as follows:
One, network traffics data acquisition
Adopt the GET method of SNMP to gather the mib information of router, thereby obtain the real traffic performance information of network.SNMP basic principle structure is as figure (4).System only needs to get final product every 5 minutes collection one secondary data under the general networking situation.(annotate: utilizing SNMP to gather the flow primary data information (pdi) is an international standard agreement)
Two, network traffics data processing and storage
To be converted into flow rate (bps) from the initial data that router collects and be stored in the database.Need write down following essential information:
ID | Router_IP | OID | Traffic | Get_time |
ID: the identification field of every record;
Router_IP: data source router IP.
OID: the MIB storehouse object value of being gathered has identified port numbers and the turnover attribute of this flow value from router.For example: 1.3.6.1.2.1.2.2.1.10.5 represents it is the influent stream value of router five port;
1.3.6.1.2.1.2.2.1.16.5 expression is the outflow value of router five port.
Traffic: flow rate (bps).
Get_time: flow data collector constantly.
Three, predicting network flow
Native system adopts genetic algorithm from horizontal time degree network traffics to be predicted, described in background content, the embodiment that the employing genetic algorithm is carried out volume forecasting is as follows:
1) coding
It is the key issue of genetic algorithm that separating of problem is converted to the chromosome that coding expresses, and the purpose of coding is that the phenotype with population data is converted into chromosomal genotype and represents.Binary string length depends on needed precision, and the general networking volume forecasting only need be accurate to kbps, such as in a gigabit LAN, then needs 20 string long.Suppose current population flow maximum Max and minimum M in, the corresponding binary coding of flow value x is that then the two relational expression is as follows for b:
2) initial population generates
Network traffics general with ought be for the previous period in the network performance situation be closely connected.With the historical flow gathered in n before the current time minute is sample, and each individuality is encoded; System with current time before 5 * n minute (sample size can be decided according to concrete network condition) historical flow of being gathered be sample, with each data on flows x
1, x
2..., x
nConvert corresponding binary representation to, so just obtained initial chromosome group b
1, b
2..., b
n
3) the ideal adaptation degree calculates
Calculate each chromosomal fitness value in the population.Ideal adaptation degree value be to chromosome just when assessment, be that algorithm is selected the individual important evidence of heredity, the individuality that fitness is big promptly has bigger procreation probability.For next prediction of network traffics constantly, the ideal adaptation degree depends primarily on two factors: the size of flow value and with the current time difference, the flow value fitness in expected range more is big more, the flow value fitness of abnormal conditions is then little.In addition, the flow value approaching more with current time is also big more to the predicted impact of flow value.Therefore, structure ideal adaptation degree function model following (building method of fitness function is not unique):
F(x
i)=ρ(x
i)·t(x
i)
Wherein, we can assumed density function ρ (x
i) and function of time t (x
i) as follows:
ρ(x
i)=(Max-Min)-|x
i-E(X)|
α is a time correlation degree coefficient, sets (generally between 0.7~0.9) according to concrete network condition.
4) select
A distinguishing feature of genetic algorithm be it in space encoder and solution space, working of replacing, in space encoder, chromosome is carried out hereditary computing, and in solution space, assesses and select separating.The selection operation of system adopts wheel commentaries on classics method, thus the chromosome complex that selection makes new advances.Specifically
Execution mode is as follows:
(1) according to the result of calculation of front ideal adaptation degree, all are chromosomal just when sum (pop_size is the population size) to calculate all populations:
(2) to each chromosome x
i, calculate and select probability:
(3) each chromosome is calculated cumulative probability:
(4) at [0,1] interval interior equally distributed pseudo random number r that produces, as if r≤q
1, then select first chromosome x
1Otherwise, select k chromosome x
k(2≤k≤pop_size) makes q
k-1<r≤q
kSet up.
(5) the new chromosome population after can obtaining selecting to recombinate behind circulation step 4pop_size time.
5) intersect
Crossover algorithm is an important means that keeps the population diversity of individuals, makes algorithm travel through whole solution space as much as possible.Some interior extrapolation methods that the interlace operation employing is the most frequently used are promptly set a crosspoint at random in choosing individuality, carry out when intersecting, and will choose two part-structures of these some front and back of chromosome to exchange respectively, generate two new individualities.The crossing-over rate that supposing the system is set is p
c, concrete
Execution mode is as follows:
(1) at [0,1] interval interior equally distributed pseudo random number r that produces, if r<p
cThen select one of parents of intersecting; Otherwise execution in step 3;
(2) if select parents, then produce a random integers pos (1≤pos≤chromosome length) as breakpoint, all positions behind the intersection parents breakpoint generate two new chromosomes.
For example, selecting parents is
x
1=[10011011010010101110]
x
2=[11010010100110011100]
The new chromosome that produces after the 9th intersection of breakpoint at random is:
x
1=[10011011100110011100]
x
2=[11010010010010101110]
(3) then do not return 1, circulation pop_size time if do not satisfy end condition.
6) variation
The basic thought of variation is to each complies with the variation Probability p on the chromosome
mCarry out mutation operation: in the two-value gene strand, if this position be 0 then become 1, be 1 and become 0.The specific implementation method is as follows:
Suppose that the variation probability is p
m, the gene of population is counted m and is: population size * chromosome string is long.For making each gene have identical probability to morph, chromosome is arranged in order, and produced equally distributed random number sequence r between [0,1]
k(k=1,2..., m), if r
k≤ p
m, then extrapolate the chromosome number and the item of variation according to address k, mutation operation is carried out in this position.
7) stop judging
So far, just finished an iteration of genetic algorithm.Then do not jump to 3 continuation if do not satisfy end condition, otherwise finish, the value of output fitness the best is as predicted value f
T+1End condition has two, and satisfying any one can stop: the genetic algebra that has arrived default; The genetic prognosis flow value has been tending towards convergence.
Four, three grades of abnormal alarms of network traffics 3 σ (elementary, intermediate, senior)
The current network flow performance state is carried out statistical analysis, and finding potential Traffic Anomaly situation and providing alert is the free-revving engine of system.The network flow value f that utilizes genetic algorithm to dope
T+1After, system adopts method of analysis of variance to carry out the network performance early warning from vertical time degree.Variance analysis is analyzed according to the network prediction result exactly, differentiates a kind of statistical analysis technique of each related factors to the network performance influence.
The flow value in network every day in a certain moment of stable operation is a sample, and the flow value in a certain day this moment is a stochastic variable, its Normal Distribution adopts method of analysis of variance to weigh the departure degree of predicted value and actual value, and produces the rank warning message on this basis.
Use the method for moving average and obtain next predicted value f of network traffics constantly
T+1After, whether for checking this predicted value in normal range (NR), we can estimate with the flow sample variance, and produce three grades of warning messages of 3 σ in view of the above.Embodiment is as follows:
T days historical flow actual value y with the identical moment to be predicted before supposing
1, y
2..., yt is a sample, can obtain the variance s of this sample according to the variance computing formula
tThe computing formula that flow moves sample variance and sample standard deviation is:
Wherein
Then have:
(1) as | f
T+1-y
t|≤s
tThe time: network condition is normal, and the historical relatively flow deviation of next moment predicting network flow value is in allowed band.
(2) work as s
t<| f
T+1-y
t| during≤2st: produce elementary early warning, the historical relatively flow of next moment predicting network flow value has less deviation.
(3) work as 2s
t<| f
T+1-y
t|≤3s
tThe time: produce intermediate early warning, the historical relatively flow of next moment predicting network flow value has than large deviation.
(4) work as 3s
t<| f
T+1-y
t| the time: produce senior early warning, the historical relatively traffic conditions of next moment predicting network flow value has very large deviation.
Characteristics of the present invention and good effect are: (1) adopts genetic algorithm that network traffics are predicted, relative other prediction algorithms, the search of genetic algorithm starts from a population of historical data on flows, adopt transition rule probability rather than definite state, and has a stronger adaptivity, in forecasting process, can initiatively remove the abnormal data in the historical flow, thereby dope network traffics desired value more accurately.(2) carry out volume forecasting from horizontal time degree respectively,, improved sensitivity and accuracy greatly, have lower rate of failing to report and rate of false alarm the network traffics variation tendency from the abnormal conditions that vertical time degree comes the early warning net flow.
Description of drawings
Fig. 1 is the overview flow chart of self adaptive network traffic prediction and abnormal alarm method.
Fig. 2 is the predicting network flow flow chart.
Fig. 3 is a network abnormal alarm flow chart.
Fig. 4 is SNMP basic principle figure.
Embodiment
In the overview flow chart of Fig. 1, system passes through S1-1, network traffics data acquisition, S1-2, and network traffics storage and processing, S1-3, predicting network flow, S1-4, exception of network traffic warning four-stage step realizes.
Fig. 2 predicting network flow flow process, system predicts to network traffics that from horizontal time degree its step is as follows:
S2-1: coding
The general networking volume forecasting only need be accurate to kbps, such as in a gigabit LAN, then needs 20 string long.Suppose current population flow maximum Max and minimum M in, the corresponding binary coding of flow value x is that then the two relational expression is as follows for b:
S2-2: flow sample initial population generates
System with current time before 5 * n minute (sample size can be decided according to concrete network condition) historical flow of being gathered be sample, with each data on flows x
1, x
2..., x
nConvert corresponding binary representation to, so just obtained initial chromosome group b
1, b
2..., b
n
S2-3: ideal adaptation degree value is calculated
The individuality that fitness is big promptly has bigger procreation probability.The ideal adaptation degree depends primarily on two factors: flow value the size and with the current time difference, the structure ideal adaptation degree function model following (building method of fitness function is not unique):
F(x
i)=ρ(x
i)·t(x
i)
Wherein, we can assumed density function ρ (x
i) and function of time t (x
i) as follows:
ρ(x
i)=(Max-Min)-|x
i-E(X)|
α is a time correlation degree coefficient, sets (generally between 0.7~0.9) according to concrete network condition.
S2-4: select reorganization
The selection operation of system adopts wheel commentaries on classics method, thus the chromosome complex that selection makes new advances.
(1) according to the result of calculation of front ideal adaptation degree, all are chromosomal just when sum (pop_size is the population size) to calculate all populations:
(2) to each chromosome x
i, calculate and select probability:
(3) each chromosome is calculated cumulative probability:
(4) at [0,1] interval interior equally distributed pseudo random number r that produces, as if r≤q
1, then select first chromosome x
1Otherwise, select k chromosome x
k(2≤k≤pop_size) makes q
K-1<r≤q
kSet up.
(5) the new chromosome population after can obtaining selecting to recombinate behind circulation step 4pop_size time.
S2-5: intersect
Choose and set a crosspoint in the individuality at random, carry out when intersecting, will choose two part-structures of these some front and back of chromosome to exchange respectively, generate two new individualities.The crossing-over rate that supposing the system is set is p
c, embodiment is as follows:
(1) at [0,1] interval interior equally distributed pseudo random number r that produces, if r<p
cThen select one of parents of intersecting; Otherwise execution in step 3;
(2) if select parents, then produce a random integers pos (1≤pos≤chromosome length) as breakpoint, all positions behind the intersection parents breakpoint generate two new chromosomes.
(3) then do not return 1, circulation pop_size time if do not satisfy end condition.
S2-6: variation
The basic thought of variation is to each complies with the variation Probability p on the chromosome
mCarry out mutation operation: in the two-value gene strand, if this position be 0 then become 1, be 1 and become 0.The specific implementation method is as follows:
Suppose that the variation probability is p
m, the gene of population is counted m and is: population size * chromosome string is long.For making each gene have identical probability to morph, chromosome is arranged in order, and produced equally distributed random number sequence r between [0,1]
k(k=1,2..., m), if r
k≤ p
m, then extrapolate the chromosome number and the item of variation according to address k, mutation operation is carried out in this position.
S2-7: stop judging
So far, just finished an iteration of genetic algorithm.Then do not jump to the S2-3 continuation if do not satisfy end condition, otherwise finish, the value of output fitness the best is as predicted value f
T+1End condition has two, and satisfying any one can stop: the genetic algebra that has arrived default; The genetic prognosis flow value has been tending towards convergence.
Fig. 3 network abnormal alarm flow process, its step is as follows:
S3-1: the flow sample of t days synchronizations before extracting
T days is sample with the historical flow actual value in the identical moment to be predicted (such as the 13:40 period in preceding 30 days) before extracting from the flow information historical record, supposes that sample is y
1, y
2..., y
t
S3-2: calculate sample variance and standard deviation
Can obtain the variance s of this sample according to the variance computing formula
tThe computing formula that flow moves sample variance and sample standard deviation is:
Wherein
S3-3: anomaly analysis
(1) as | f
T+1-y
t|≤s
tThe time: network condition is normal, and the historical relatively flow deviation of next moment predicting network flow value is in allowed band.
(2) work as s
t<| f
T+1-y
t|≤2s
tThe time: produce elementary early warning, the historical relatively flow of next moment predicting network flow value has less deviation.
(3) work as 2s
t<| f
T+1-y
t| during≤3st: produce intermediate early warning, the historical relatively flow of next moment predicting network flow value has than large deviation.
(4) work as 3s
t<| f
T+1-y
t| the time: produce senior early warning, the historical relatively traffic conditions of next moment predicting network flow value has very large deviation.
Fig. 4 SNMP basic principle figure.It is proposed by IETF, along with TCP/IP on coming true consensus standard and extensively be used.SNMP mainly is made up of three parts: manager, agency and MIB.MIB defers to SMI (Structure of Management Information), the information of storage equipment or network operation state.The manager passes through GetRequest, GetNextRequest, and SetRequest, GetResponse, operations such as Trap obtain and are provided with the parameter value of MIB by the agency.
Claims (9)
1. a self adaptive network traffic is predicted and the abnormal alarm method, it is characterized in that, after utilizing genetic algorithm to dope next flow status constantly from horizontal time degree, again from vertical time degree according to every day the historical flow information should be in the period the flow sample, utilize statistical method to judge the abnormal conditions of this flow.
2. according to prediction of the self adaptive network traffic of claim 1 and abnormal alarm method, it is characterized in that the step by network traffics data acquisition, network traffics data processing and storage, predicting network flow, exception of network traffic warning four-stage realizes.
3. according to the self adaptive network traffic prediction and the abnormal alarm method of claim 1 or 2, it is characterized in that the network traffics data acquisition is adopted the GET method of SNMP to gather the mib information of router, thereby obtained the real traffic performance information of network.
4. according to prediction of the self adaptive network traffic of claim 1 or 2 and abnormal alarm method, it is characterized in that network traffics data processing and storage will be converted into flow rate and be stored in the database from the initial data that router collects.
5. according to the self adaptive network traffic prediction and the abnormal alarm method of claim 1 or 2, it is characterized in that predicting network flow adopts genetic algorithm from horizontal time degree network traffics to be predicted.
6. according to the self adaptive network traffic prediction and the abnormal alarm method of claim 1 or 2, it is characterized in that exception of network traffic is reported to the police, and the current network flow performance state is carried out statistical analysis, the network flow value f that utilizes genetic algorithm to dope
T+1After, system adopts method of analysis of variance to carry out the network performance early warning from vertical time degree.
7. according to prediction of the self adaptive network traffic of claim 2 or 5 and abnormal alarm method, it is characterized in that predicting network flow comprises: 1) encoding, is that phenotype with population data is converted into chromosomal genotype and represents; 2) initial population generates, and is sample with the historical flow of being gathered in n before the current time minute, and each individuality is encoded; 3) the ideal adaptation degree calculates, and calculates each chromosomal fitness value in the population; 4) select,, in space encoder, chromosome is carried out hereditary computing, and in solution space, assess and select separating in space encoder and solution space, working of replacing; 5) intersect, the most frequently used some interior extrapolation methods are adopted in interlace operation; 6) variation is to each complies with the variation Probability p on the chromosome
mCarry out mutation operation; 7) stop judging, to 6) finished an iteration of genetic algorithm, then do not jump to 3 if do not satisfy end condition) continue, otherwise finish, the value of output fitness the best is as predicted value f
T+1
8. according to prediction of the self adaptive network traffic of claim 2 or 5 and abnormal alarm method, it is characterized in that, predicting network flow, its concrete steps are as follows: S2-1: encoding, is that phenotype with population data is converted into chromosomal genotype and represents; S2-2: initial population generates, and is sample with the historical flow of being gathered in n before the current time minute, and each individuality is encoded; S2-3: the ideal adaptation degree calculates, and calculates each chromosomal fitness value in the population; S2-4: select, system adopts wheel commentaries on classics method to select, thereby produces new chromosome complex; S2-5: intersect, the most frequently used some interior extrapolation methods are adopted in interlace operation; S2-6: variation, to each carries out mutation operation according to variation Probability p m on the chromosome; S2-7: stop judging, to S2-6, just finished an iteration of genetic algorithm, then do not jump to S2-3 if do not satisfy end condition: continue, otherwise finish, the value of output fitness the best is as predicted value f
T+1
9. according to the self adaptive network traffic prediction and the abnormal alarm method of claim 2 or 6, it is characterized in that exception of network traffic is reported to the police, S3-1: t days is sample with the historical flow actual value in the identical moment to be predicted before extracting from the flow information historical record; S3-2: calculate sample variance and standard deviation; S3-3: The Analysis of Abnormal State: (1) is as | f
T+1-y
t|≤s
tThe time: network condition is normal, and the historical relatively flow deviation of next moment predicting network flow value is in allowed band; (2) work as s
t<| f
T+1-y
t|≤2s
tThe time: produce elementary early warning, the historical relatively flow of next moment predicting network flow value has less deviation; (3) work as 2s
t<| f
T+1-y
t|≤3s
tThe time: produce intermediate early warning, the historical relatively flow of next moment predicting network flow value has than large deviation; (4) work as 3s
t<| f
T+1-y
t| the time: produce senior early warning, the historical relatively traffic conditions of next moment predicting network flow value has very large deviation.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN 200410009855 CN1617512A (en) | 2004-11-25 | 2004-11-25 | Adaptive network flow forecasting and abnormal alarming method |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN 200410009855 CN1617512A (en) | 2004-11-25 | 2004-11-25 | Adaptive network flow forecasting and abnormal alarming method |
Publications (1)
Publication Number | Publication Date |
---|---|
CN1617512A true CN1617512A (en) | 2005-05-18 |
Family
ID=34763117
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN 200410009855 Pending CN1617512A (en) | 2004-11-25 | 2004-11-25 | Adaptive network flow forecasting and abnormal alarming method |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN1617512A (en) |
Cited By (30)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102355452A (en) * | 2011-08-09 | 2012-02-15 | 北京网御星云信息技术有限公司 | Method and device for filtering network attack traffic |
CN102638842A (en) * | 2012-04-11 | 2012-08-15 | 深圳市中兴移动通信有限公司 | Network traffic displaying and prewarning method for mobile terminal |
CN101729301B (en) * | 2008-11-03 | 2012-08-15 | 中国移动通信集团湖北有限公司 | Monitor method and monitor system of network anomaly traffic |
CN101714255B (en) * | 2006-02-17 | 2012-08-22 | 株式会社日立制作所 | Abnormal behavior detection device |
WO2013010404A1 (en) * | 2011-07-18 | 2013-01-24 | 中兴通讯股份有限公司 | Device performance prediction processing method and apparatus |
CN103003790A (en) * | 2010-05-17 | 2013-03-27 | 国际索拉温兹公司 | Progressive charting |
CN103392176A (en) * | 2011-02-24 | 2013-11-13 | 国际商业机器公司 | Network event management |
CN103580905A (en) * | 2012-08-09 | 2014-02-12 | 中兴通讯股份有限公司 | Method and system for flow forecasting and method and system for flow monitoring |
CN103634226A (en) * | 2012-08-20 | 2014-03-12 | 凌群电脑股份有限公司 | An operation module which automatically adjusts a data throughput and a method thereof |
CN103780445A (en) * | 2012-10-22 | 2014-05-07 | 北京临近空间飞行器系统工程研究所 | Threshold-self-adaptive-correcting network flow monitoring system and method |
CN103856344A (en) * | 2012-12-05 | 2014-06-11 | 中国移动通信集团北京有限公司 | Alarm event information processing method and device |
CN104394538A (en) * | 2014-11-28 | 2015-03-04 | 重庆大学 | Mobile network data flow analysis and prediction method |
CN104811499A (en) * | 2015-05-14 | 2015-07-29 | 广东中烟工业有限责任公司 | Network file transmission optimization method |
CN105049279A (en) * | 2015-06-19 | 2015-11-11 | 国家电网公司 | Communication trend flexibility configuration method and system |
CN105281966A (en) * | 2014-06-13 | 2016-01-27 | 腾讯科技(深圳)有限公司 | Method and device for identifying abnormal traffic of network equipment |
CN105740989A (en) * | 2016-02-03 | 2016-07-06 | 杭州电子科技大学 | Water supply pipe network abnormal event detection method based on VARX (a Vector Auto-Regressive with eXogenous variables) models |
CN106203630A (en) * | 2009-04-28 | 2016-12-07 | 思腾科技(巴巴多斯)有限公司 | For asset management and the Distributed evolutionary of transaction |
CN107171968A (en) * | 2017-06-27 | 2017-09-15 | 柳州知明资讯科技有限公司 | A kind of router |
CN107888441A (en) * | 2016-09-30 | 2018-04-06 | 全球能源互联网研究院 | A kind of network traffics baseline self study adaptive approach |
CN107992395A (en) * | 2017-11-28 | 2018-05-04 | 江苏方天电力技术有限公司 | A kind of alarm threshold method to set up based on genetic algorithm |
CN105049279B (en) * | 2015-06-19 | 2018-08-31 | 国家电网公司 | A kind of communication trend flexible collocation method and system |
CN108880931A (en) * | 2018-05-29 | 2018-11-23 | 北京百度网讯科技有限公司 | Method and apparatus for output information |
CN108920310A (en) * | 2018-05-23 | 2018-11-30 | 携程旅游网络技术(上海)有限公司 | The rejecting outliers method and system of interface data |
CN110086649A (en) * | 2019-03-19 | 2019-08-02 | 深圳壹账通智能科技有限公司 | Detection method, device, computer equipment and the storage medium of abnormal flow |
CN110445680A (en) * | 2019-07-29 | 2019-11-12 | 新华三大数据技术有限公司 | Network flow abnormal detecting method, device and server |
CN112330074A (en) * | 2020-12-02 | 2021-02-05 | 公安部交通管理科学研究所 | Bayonet traffic early warning method based on mobile police service |
CN112910728A (en) * | 2021-01-22 | 2021-06-04 | 苏州浪潮智能科技有限公司 | Data security monitoring method and device |
CN114070655A (en) * | 2022-01-18 | 2022-02-18 | 北京领御中安科技有限公司 | Network flow detection rule generation method and device, electronic equipment and storage medium |
CN114745310A (en) * | 2022-03-31 | 2022-07-12 | 工银科技有限公司 | Method and device for determining flow threshold based on genetic algorithm |
CN116206427A (en) * | 2023-05-06 | 2023-06-02 | 安徽智寰科技有限公司 | Hierarchical alarm method based on universal index self-adaptive threshold |
-
2004
- 2004-11-25 CN CN 200410009855 patent/CN1617512A/en active Pending
Cited By (49)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101714255B (en) * | 2006-02-17 | 2012-08-22 | 株式会社日立制作所 | Abnormal behavior detection device |
CN101729301B (en) * | 2008-11-03 | 2012-08-15 | 中国移动通信集团湖北有限公司 | Monitor method and monitor system of network anomaly traffic |
CN106203630A (en) * | 2009-04-28 | 2016-12-07 | 思腾科技(巴巴多斯)有限公司 | For asset management and the Distributed evolutionary of transaction |
CN103003790A (en) * | 2010-05-17 | 2013-03-27 | 国际索拉温兹公司 | Progressive charting |
US9049111B2 (en) | 2010-05-17 | 2015-06-02 | Solarwinds Worldwide, Llc | Progressive charting of network traffic flow data |
CN103003790B (en) * | 2010-05-17 | 2016-05-11 | 国际索拉温兹公司 | Progressive drafting method and device |
US9239988B2 (en) | 2011-02-24 | 2016-01-19 | International Business Machines Corporation | Network event management |
CN103392176A (en) * | 2011-02-24 | 2013-11-13 | 国际商业机器公司 | Network event management |
US9191296B2 (en) | 2011-02-24 | 2015-11-17 | International Business Machines Corporation | Network event management |
WO2013010404A1 (en) * | 2011-07-18 | 2013-01-24 | 中兴通讯股份有限公司 | Device performance prediction processing method and apparatus |
CN102355452B (en) * | 2011-08-09 | 2014-11-26 | 北京网御星云信息技术有限公司 | Method and device for filtering network attack traffic |
CN102355452A (en) * | 2011-08-09 | 2012-02-15 | 北京网御星云信息技术有限公司 | Method and device for filtering network attack traffic |
CN102638842B (en) * | 2012-04-11 | 2015-01-07 | 深圳市中兴移动通信有限公司 | Network traffic displaying and prewarning method for mobile terminal |
CN102638842A (en) * | 2012-04-11 | 2012-08-15 | 深圳市中兴移动通信有限公司 | Network traffic displaying and prewarning method for mobile terminal |
CN103580905B (en) * | 2012-08-09 | 2017-05-31 | 中兴通讯股份有限公司 | A kind of method for predicting, system and flow monitoring method, system |
WO2014023245A1 (en) * | 2012-08-09 | 2014-02-13 | 中兴通讯股份有限公司 | Flow prediction method and system and flow monitoring method and system |
CN103580905A (en) * | 2012-08-09 | 2014-02-12 | 中兴通讯股份有限公司 | Method and system for flow forecasting and method and system for flow monitoring |
CN103634226B (en) * | 2012-08-20 | 2016-12-21 | 凌群电脑股份有限公司 | Automatically computing module and the method thereof of data throughout are adjusted |
CN103634226A (en) * | 2012-08-20 | 2014-03-12 | 凌群电脑股份有限公司 | An operation module which automatically adjusts a data throughput and a method thereof |
CN103780445B (en) * | 2012-10-22 | 2017-10-27 | 北京临近空间飞行器系统工程研究所 | A kind of network flow monitoring system and method for threshold adaptive amendment |
CN103780445A (en) * | 2012-10-22 | 2014-05-07 | 北京临近空间飞行器系统工程研究所 | Threshold-self-adaptive-correcting network flow monitoring system and method |
CN103856344B (en) * | 2012-12-05 | 2017-09-15 | 中国移动通信集团北京有限公司 | A kind of alarm event information processing method and device |
CN103856344A (en) * | 2012-12-05 | 2014-06-11 | 中国移动通信集团北京有限公司 | Alarm event information processing method and device |
CN105281966A (en) * | 2014-06-13 | 2016-01-27 | 腾讯科技(深圳)有限公司 | Method and device for identifying abnormal traffic of network equipment |
CN104394538A (en) * | 2014-11-28 | 2015-03-04 | 重庆大学 | Mobile network data flow analysis and prediction method |
CN104394538B (en) * | 2014-11-28 | 2017-10-17 | 重庆大学 | A kind of mobile network data flow analysis and Forecasting Methodology |
CN104811499A (en) * | 2015-05-14 | 2015-07-29 | 广东中烟工业有限责任公司 | Network file transmission optimization method |
CN105049279B (en) * | 2015-06-19 | 2018-08-31 | 国家电网公司 | A kind of communication trend flexible collocation method and system |
CN105049279A (en) * | 2015-06-19 | 2015-11-11 | 国家电网公司 | Communication trend flexibility configuration method and system |
CN105740989A (en) * | 2016-02-03 | 2016-07-06 | 杭州电子科技大学 | Water supply pipe network abnormal event detection method based on VARX (a Vector Auto-Regressive with eXogenous variables) models |
CN105740989B (en) * | 2016-02-03 | 2019-09-27 | 杭州电子科技大学 | A kind of water supply network anomalous event method for detecting based on VARX model |
CN107888441B (en) * | 2016-09-30 | 2022-03-18 | 全球能源互联网研究院 | Network traffic baseline self-learning self-adaption method |
CN107888441A (en) * | 2016-09-30 | 2018-04-06 | 全球能源互联网研究院 | A kind of network traffics baseline self study adaptive approach |
CN107171968A (en) * | 2017-06-27 | 2017-09-15 | 柳州知明资讯科技有限公司 | A kind of router |
CN107992395A (en) * | 2017-11-28 | 2018-05-04 | 江苏方天电力技术有限公司 | A kind of alarm threshold method to set up based on genetic algorithm |
CN108920310A (en) * | 2018-05-23 | 2018-11-30 | 携程旅游网络技术(上海)有限公司 | The rejecting outliers method and system of interface data |
CN108920310B (en) * | 2018-05-23 | 2022-05-03 | 携程旅游网络技术(上海)有限公司 | Abnormal value detection method and system of interface data |
CN108880931A (en) * | 2018-05-29 | 2018-11-23 | 北京百度网讯科技有限公司 | Method and apparatus for output information |
CN108880931B (en) * | 2018-05-29 | 2020-10-30 | 北京百度网讯科技有限公司 | Method and apparatus for outputting information |
CN110086649A (en) * | 2019-03-19 | 2019-08-02 | 深圳壹账通智能科技有限公司 | Detection method, device, computer equipment and the storage medium of abnormal flow |
CN110086649B (en) * | 2019-03-19 | 2023-06-16 | 深圳壹账通智能科技有限公司 | Abnormal flow detection method, device, computer equipment and storage medium |
CN110445680A (en) * | 2019-07-29 | 2019-11-12 | 新华三大数据技术有限公司 | Network flow abnormal detecting method, device and server |
CN112330074A (en) * | 2020-12-02 | 2021-02-05 | 公安部交通管理科学研究所 | Bayonet traffic early warning method based on mobile police service |
CN112910728A (en) * | 2021-01-22 | 2021-06-04 | 苏州浪潮智能科技有限公司 | Data security monitoring method and device |
CN114070655A (en) * | 2022-01-18 | 2022-02-18 | 北京领御中安科技有限公司 | Network flow detection rule generation method and device, electronic equipment and storage medium |
CN114745310A (en) * | 2022-03-31 | 2022-07-12 | 工银科技有限公司 | Method and device for determining flow threshold based on genetic algorithm |
CN114745310B (en) * | 2022-03-31 | 2024-01-12 | 工银科技有限公司 | Flow threshold determining method and device based on genetic algorithm |
CN116206427A (en) * | 2023-05-06 | 2023-06-02 | 安徽智寰科技有限公司 | Hierarchical alarm method based on universal index self-adaptive threshold |
CN116206427B (en) * | 2023-05-06 | 2023-06-30 | 安徽智寰科技有限公司 | Hierarchical alarm method based on universal index self-adaptive threshold |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN1617512A (en) | Adaptive network flow forecasting and abnormal alarming method | |
CN108540330A (en) | A kind of network fault diagnosis method based on deep learning under heterogeneous network environment | |
CN114465874B (en) | Fault prediction method, device, electronic equipment and storage medium | |
CN106330533A (en) | Real-time topology establishment method of large-scale network alarms | |
TWI684139B (en) | System and method of learning-based prediction for anomalies within a base station | |
CN101035041A (en) | Node invalidation and pre-alarming method of radio sensor network based on Bays method | |
CN114511112A (en) | Intelligent operation and maintenance method and system based on Internet of things and readable storage medium | |
CN113435547A (en) | Water quality index fusion data anomaly detection method and system | |
CN101043656A (en) | Method and system for monitoring suspicious user of rubbish SMS | |
CN101854652A (en) | Telecommunications network service performance monitoring system | |
Ghalehgolabi et al. | Intrusion detection system using genetic algorithm and data mining techniques based on the reduction | |
Zhang et al. | Self-organizing cellular radio access network with deep learning | |
Rajesh et al. | Achieving QoS in GSM Network by Efficient Anomaly Mitigation and Data Prediction Model | |
CN1770700A (en) | Intimidation estimating method for computer attack | |
CN110222505A (en) | Industrial control attack sample expansion method and system based on genetic algorithm | |
CN101068273A (en) | Telecommunicatioin network management prewarning system and method | |
CN117216713A (en) | Fault delimiting method, device, electronic equipment and storage medium | |
CN116701846A (en) | Hydropower station dispatching operation data cleaning method based on unsupervised learning | |
TWI704782B (en) | Method and system for backbone network flow anomaly detection | |
TWI474210B (en) | A method of applying a genetic algorithm to automatically group and filter the independent variables to synchronize the regression model parameters | |
Kassan et al. | A Hybrid machine learning based model for congestion prediction in mobile networks | |
CN115314395A (en) | Method for optimizing NR signal coverage drive test | |
CN1641637A (en) | On-line analysing and treating system and method | |
Ming et al. | Ensemble learning based sleeping cell detection in cloud radio access networks | |
CN112131069B (en) | Equipment operation monitoring method and system based on clustering |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
C12 | Rejection of a patent application after its publication | ||
RJ01 | Rejection of invention patent application after publication |