TWI510109B - The recursive method of network traffic anomaly detection - Google Patents
The recursive method of network traffic anomaly detection Download PDFInfo
- Publication number
- TWI510109B TWI510109B TW102134461A TW102134461A TWI510109B TW I510109 B TWI510109 B TW I510109B TW 102134461 A TW102134461 A TW 102134461A TW 102134461 A TW102134461 A TW 102134461A TW I510109 B TWI510109 B TW I510109B
- Authority
- TW
- Taiwan
- Prior art keywords
- signaling
- abnormal
- user
- traffic
- recursive
- Prior art date
Links
Landscapes
- Mobile Radio Communication Systems (AREA)
- Telephonic Communication Services (AREA)
Description
本專利屬於行動網路之信令異常分析技術,除了信令異常內容的解析外,亦能透過訊務的流量資訊,提供流量變化的評估值,以協助判定行動異常問題之癥結。再進一步透過雲端架構縮短流量預測時間,提升預測準確率與即時性,以適時掌握整體網路的狀況。綜合以上是本專利之技術特色。This patent belongs to the signaling anomaly analysis technology of the mobile network. In addition to the analysis of the abnormal content of the signaling, it can also provide the evaluation value of the traffic change through the traffic information of the traffic to assist in determining the crux of the abnormal operation problem. Further reduce the traffic prediction time through the cloud architecture, improve the prediction accuracy and immediacy, and timely grasp the overall network status. The above is the technical feature of this patent.
隨著智慧型手機、智慧型平板、影音媒體及APP應用程式的普及,行動網路的頻寬大小及傳輸品質也日趨重要,尤其是網路壅塞的問題一直為人所詬病。因此能夠掌握用戶上網的行為模式,以及各設備的流量趨勢,將有助於判定異常問題之癥結。With the popularity of smart phones, smart tablets, audio and video media and APP applications, the bandwidth and transmission quality of mobile networks are becoming more and more important, especially the problem of network congestion has been criticized. Therefore, it is possible to grasp the behavior pattern of the user's Internet access and the traffic trend of each device, which will help determine the crux of the abnormal problem.
目前坊間設備如基地台控制器(Base Station Controller,BSC)/無線電網路控制器(Radio Network Controller,RNC)等,其網管功能所提供的流量資訊多以設備流量為主;而設備如策略計費規則功能(Policy Charging and Rules Function,PCRF)/策略計費執行功能(Policy and Charging Enforcement Function,PCEF)則可以提供用戶的使 用流量,卻無法知悉接取設備的連線狀態;再者,對於異常流量的判斷,一般皆仰賴管理者或操作者的使用經驗或是直接採用系統預設值,較無法真實反應出流量的異常,更遑論動態地偵測異常變化。At present, the equipment such as the Base Station Controller (BSC)/Radio Network Controller (RNC), etc., the traffic information provided by the network management function is mainly based on device traffic; Policy Charging and Rules Function (PCRF)/Policy and Charging Enforcement Function (PCEF) can provide users with With traffic, it is impossible to know the connection status of the access device; in addition, the judgment of abnormal traffic generally depends on the experience of the administrator or the operator or directly adopts the system default value, which is less able to truly reflect the traffic. Anomalies, let alone dynamically detect anomalous changes.
「Congestion detection method and apparatus for cell in mobile network」世界專利WO2011144061,以Acquisition Unit及Cell設備間的RRT(Round Trip Time)作為壅塞偵測的主要辨別方式,並以一個預先設定的RRTH(Round Trip Time threshold value)為判斷依據,若RRT>RRTH代表Cell壅塞發生,反之則無。但是透過此預先設定的RRTH,雖然可以即時反應目前的連線狀態是否壅塞,卻無法顯示其異常的變化。"Congestion detection method and apparatus for cell in mobile network" world patent WO2011144061, using RRT (Round Trip Time) between Acquisition Unit and Cell device as the main identification method for congestion detection, and with a preset RRTH (Round Trip Time) Threshold value) is the basis for judgment. If RRT>RRTH indicates that the Cell congestion occurs, otherwise it does not. However, through this pre-set RRTH, although it is possible to immediately reflect whether the current connection state is blocked, it cannot display abnormal changes.
「即時行動網路數據服務速率查詢裝置」台灣專利M394652,提供行動用戶測試連線下載的服務,透過傳輸檔案來了解網路的連線狀態,因此僅能提供小範圍的個人流量測試,無法窺探整體的網路設備狀態以及流量的異常變化。"Immediate mobile network data service rate inquiry device" Taiwan patent M394652, which provides mobile user test connection download service, through the transmission file to understand the connection status of the network, so it can only provide a small range of personal traffic test, can not snoop The overall network device status and abnormal changes in traffic.
此外,透過行動核心網路設備的網管功能來取得流量資訊時,會消耗該設備的運算時間,進而影響系統效能,若設備運算已經滿載,將使得異常情形更難以排解。再者,設備的操作模式,也會因為製造廠商的不同相對地複雜,若要全面監控,勢必增加額外的客製化成本。另外,坊間設備幾乎沒有提供流量預測的功能,使得流量資料無法獲得有效利用,更無法作為未來設備容量擴增或修正之考量。In addition, when the traffic information is obtained through the network management function of the mobile core network device, the computing time of the device is consumed, which affects the system performance. If the device operation is fully loaded, the abnormal situation is more difficult to resolve. Moreover, the operation mode of the equipment will be relatively complicated due to the different manufacturers. If it is to be fully monitored, it will inevitably increase the additional customization cost. In addition, the equipment in the workshop has almost no function of providing traffic prediction, so that the traffic data cannot be effectively utilized, and it cannot be considered as the expansion or correction of the future equipment capacity.
總之,一般的行動通信網路監測設備雖然具備即時的流量資訊,但多以一固定門檻值作為壅塞判斷,較難反 應出異常流量之變化,更遑論用戶或設備流量評估與預測的功能;再者,設備操作模式與輸出資料格式,也因為製造廠商不同而迥異。因此在多種設備的網路環境下,較難以一馭萬,必須個別客製化。另外一方面,當設備進行流量資料擷取或分析時,連帶會影響系統效能,更無法進行巨量資料的運算。因此流量資料無法獲得有效利用,異常情形難以排解,往往是維運人員的心腹之患。In short, although the general mobile communication network monitoring equipment has instant traffic information, it is more difficult to counter with a fixed threshold. The change in abnormal traffic should be made, not to mention the user's or device traffic assessment and prediction functions; in addition, the device operating mode and output data format are also different because of the manufacturer. Therefore, in the network environment of a variety of devices, it is more difficult to be tens of thousands, and must be customized. On the other hand, when the device performs traffic data extraction or analysis, it will affect the system performance, and it is impossible to perform huge amounts of data calculation. Therefore, the flow data cannot be effectively utilized, and the abnormal situation is difficult to resolve, which is often the affliction of the maintenance personnel.
由此可見,上述習用方式仍有諸多缺失,實非一良善之設計,而亟待加以改良。It can be seen that there are still many shortcomings in the above-mentioned methods of use, which is not a good design, but needs to be improved.
本專利之目的在於監測行動通信網路的異常流量狀態,利用本專利所提出的方法,分析所擷取的信令及蒐集的流量資料,透過信令分析來判斷連線是否異常,並根據用戶或設備的歷史流量變化,佐以判斷目前網路的異常狀態,裨益判定異常問題之癥結,提昇維運查測效率與正確性。此外,本專利更進一步研判分析所得之信令,透過統計學習模型預測流量,以作為未來設備容量擴增或修正之依據。The purpose of this patent is to monitor the abnormal traffic status of the mobile communication network, and use the method proposed in this patent to analyze the captured signaling and collected traffic data, and determine whether the connection is abnormal through signaling analysis, and according to the user. Or the historical flow change of the equipment, together with judging the abnormal state of the current network, and determining the crux of the abnormal problem, improving the efficiency and correctness of the inspection. In addition, the patent further analyzes the signaling obtained by the analysis, and predicts the traffic through the statistical learning model as a basis for future device capacity amplification or correction.
達成上述發明目的之遞迴式異常網路流量偵測方法,提出一種異常分析與預估的技術。本專利所提出之遞迴式異常網路流量偵測方法,包含四個單元:(一)行動信令擷取模組、(二)信令異常偵測模組、(三)雲端伺服器與(四)異常評估參考模組。A recursive abnormal network traffic detection method that achieves the above object is proposed, and an abnormal analysis and prediction technique is proposed. The recursive abnormal network traffic detection method proposed by the patent comprises four units: (1) an action signaling acquisition module, (2) a signaling anomaly detection module, and (3) a cloud server and (4) Anomaly evaluation reference module.
行動信令擷取模組自行動核心網路設備間擷取信令,取得擷取時間,並透過解碼功能,取得用戶識別碼、設備識別碼、操作碼、連線狀態、用戶上下行流量、設備傳輸 流量等。信令異常偵測模組則進行連線狀態分析,若能直接判讀封包內容的狀態為異常,則立即異常警示。若無法直接判讀,再執行訊務流量比對,以遞迴運算出的流量預測值為參考值,如果實際量測值與參考值大於誤差門檻,則納入異常警示。最後,再將結果及對應的用戶及設備參數整理並儲存至雲端伺服器,以利下次遞迴運算的進行。The action signaling acquisition module captures signaling from the mobile core network device, obtains the acquisition time, and obtains the user identification code, the device identification code, the operation code, the connection status, the user uplink and downlink traffic, and the user through the decoding function. Device transmission Traffic, etc. The signaling anomaly detection module performs connection state analysis. If the status of the packet content is directly interpreted as abnormal, an abnormal warning is immediately issued. If the direct interpretation is not possible, the traffic flow comparison is performed, and the traffic prediction value calculated by the recursion is a reference value. If the actual measurement value and the reference value are greater than the error threshold, an abnormal warning is included. Finally, the results and corresponding user and device parameters are collated and stored in the cloud server for the next recursive operation.
異常評估參考模組則以該雲端伺服器儲存的流量資料為輸入,透過資料過濾功能,整理出有效訊務流量,可以增加異常分析的效率,亦可提升異常評估的準確率。同時因為雲端架構,能夠縮短巨量資料的運算時間,進而提升異常預估的即時性。此外,根據連線狀態轉化的學習模型,透過實際量測的流量值,能獲得修正後的異常指數,並作為下次異常評估的依據,以提升異常預測的準確率。The abnormality evaluation reference module takes the flow data stored by the cloud server as input, and through the data filtering function, sorts out the effective traffic flow, which can increase the efficiency of the abnormal analysis and improve the accuracy of the abnormality evaluation. At the same time, because of the cloud architecture, the computing time of huge amounts of data can be shortened, thereby improving the immediacy of abnormal predictions. In addition, according to the learning model of the connection state transition, the corrected abnormality index can be obtained through the actual measured flow value, and used as the basis for the next abnormality assessment to improve the accuracy of the abnormal prediction.
本專利之遞迴式異常網路流量偵測方法不同於坊間的監測設備,除了能解析設備流量,如Cell、RNC等;也能針對用戶流量進行分析,類似PCRF/PCEF之流量統計功能;同時針對連線內容進行分析,與其他習用技術相互比較時,更具備下列優點:The recursive abnormal network traffic detection method of this patent is different from the monitoring device in the workshop, except that it can parse device traffic, such as Cell, RNC, etc.; it can also analyze user traffic, similar to the traffic statistics function of PCRF/PCEF; Analysis of the connection content, when compared with other conventional technologies, has the following advantages:
1.本專利之行動信令擷取模組採用信令分流方式,自設備間擷取信令,不會影響行動核心網路設備的效能。1. The mobile signaling capture module of this patent uses a signaling offloading method to extract signaling from between devices without affecting the performance of the mobile core network device.
2.本專利之信令異常偵測模組能分析用戶及設備的連線狀態,當欄位出現異常資訊時可立即異常警示。2. The signaling anomaly detection module of this patent can analyze the connection status of the user and the device, and can immediately notify the abnormality when the abnormal information of the field occurs.
3.本專利之信令異常偵測模組能針對非異常或無法判定異常的連線,進行信令流量偵測。藉由用戶及設備識別碼來連結產生信令流量,並根據過去的流量 參考值來判斷是否異常。3. The signaling anomaly detection module of the patent can perform signaling flow detection for a connection that is not abnormal or cannot determine an abnormality. Linking the generated signaling traffic by user and device identification code, and based on past traffic The reference value is used to determine whether it is abnormal.
4.本專利之異常評估參考模組採用雲端伺服器來處理巨量資料,能整合運算資源及減少運算時間。4. The abnormality evaluation reference module of this patent uses a cloud server to process huge amounts of data, which can integrate computing resources and reduce computing time.
5.本專利之異常評估參考模組採用統計學習模型來估算流量,以作為異常流量的依據。5. The anomaly evaluation reference module of this patent uses a statistical learning model to estimate the flow as a basis for abnormal traffic.
10‧‧‧行動信令擷取模組10‧‧‧Action Signaling Capture Module
20‧‧‧信令異常偵測模組20‧‧‧Signal anomaly detection module
201‧‧‧信令分析201‧‧‧Signal Analysis
202‧‧‧狀態比對是否異常202‧‧‧Is the state comparison abnormal?
203‧‧‧異常警示203‧‧‧Abnormal warning
204‧‧‧連結流量資訊204‧‧‧Link traffic information
205‧‧‧流量比對是否大於誤差門檻205‧‧‧ Whether the flow comparison is greater than the error threshold
206‧‧‧流量整理206‧‧‧Traffic finishing
30‧‧‧雲端伺服器30‧‧‧Cloud Server
40‧‧‧異常評估參考模組40‧‧‧Anomaly Evaluation Reference Module
401‧‧‧資料過濾401‧‧‧ data filtering
402‧‧‧異常分析402‧‧‧Anomaly analysis
403‧‧‧異常評估403‧‧‧Anomaly assessment
404‧‧‧學習模型404‧‧‧ learning model
405‧‧‧訓練資料405‧‧‧ Training materials
請參閱有關本發明之詳細說明及其附圖,將可進一步瞭解本發明之技術內容及其目的功效;有關附圖為:Please refer to the detailed description of the present invention and the accompanying drawings, and the technical contents of the present invention and its effects can be further understood; the related drawings are:
圖1為本專利遞迴式異常網路流量偵測方法模組圖。FIG. 1 is a module diagram of the patent recursive abnormal network traffic detection method.
圖2為本專利信令異常偵測模組之運作流程圖。FIG. 2 is a flow chart of operation of the patent signaling abnormality detecting module.
圖3為本專利異常評估參考模組之功能程序圖。FIG. 3 is a functional program diagram of the abnormality evaluation reference module of the present patent.
為了使本發明的目的、技術方案及優點更加清楚明白,下面結合附圖及實施例,對本發明進行進一步詳細說明。應當理解,此處所描述的具體實施例僅用以解釋本發明,但並不用於限定本發明。The present invention will be further described in detail below with reference to the accompanying drawings and embodiments. It is understood that the specific embodiments described herein are merely illustrative of the invention and are not intended to limit the invention.
以下,結合附圖對本發明進一步說明:Hereinafter, the present invention will be further described with reference to the accompanying drawings:
本專利係一種遞迴式異常網路流量偵測方法,分析擷取的信令內容以偵測行動網路的連線狀態,並藉由比對過去流量的參考值來判斷網路是否異常,同時過濾誤差較大的量測值以收斂訓練數據,並遞迴地修正評估參數,以增加異常流量判斷的準確率。The patent is a recursive abnormal network traffic detection method, which analyzes the captured signaling content to detect the connection state of the mobile network, and determines whether the network is abnormal by comparing the reference value of the past traffic. The measurement value with large filtering error is used to converge the training data, and the evaluation parameters are corrected recursively to increase the accuracy of the abnormal flow judgment.
請參閱圖1,本專利包含四個單元:行動信令擷取模組10、信令異常偵測模組20、雲端伺服器30與異常評估參考模組40。Referring to FIG. 1 , the patent includes four units: an action signaling capture module 10 , a signaling anomaly detection module 20 , a cloud server 30 , and an abnormality evaluation reference module 40 .
行動信令擷取模組10於行動網路設備間擷取信令,取得擷取時間,並透過解碼產生用戶識別碼、設備識別碼、操作碼、連線狀態、用戶上下行流量、設備傳輸流量等,接著將結果輸出到信令異常偵測模組20。該行動網路設備為常見的行動核網設備,例如基地台控制器(BSC)/無線電網路控制器(RNC)、無線電接取網路(GSM/EDGE Radio Access Network,GERAN)/無線電接取網路(Universal Terrestrial Radio Access Network,UTRAN)、無線電接取網路(Evolved UTRAN,EUTRAN)、服務GPRS支援節點(Serving GPRS Support Node,SGSN)、閘道GPRS支援節點(Gateway GPRS Support Node,GGSN)、服務閘道(Serving Gateway,S-GW)、封包資料網路閘道(Packet Data Network Gateway,P-GW)或行動管理實體(Mobile Management Entity,MME)等。The action signaling capture module 10 captures signaling between the mobile network devices, obtains the acquisition time, and generates a user identification code, a device identification code, an operation code, a connection status, a user uplink and downlink traffic, and a device transmission through decoding. The traffic, etc., is then output to the signaling anomaly detection module 20. The mobile network equipment is a common mobile nuclear network equipment, such as a base station controller (BSC) / radio network controller (RNC), a radio access network (GSM/EDGE Radio Access Network, GERAN) / radio access Universal Terrestrial Radio Access Network (UTRAN), Evolved UTRAN (EUTRAN), Serving GPRS Support Node (SGSN), Gateway GPRS Support Node (GGSN) , Serving Gateway (S-GW), Packet Data Network Gateway (P-GW) or Mobile Management Entity (MME).
信令異常偵測模組20則進行連線狀態分析,若能直接判讀為異常則立即異常警示。若無法直接判讀,再執行流量比對,以異常評估參考模組40所產生的同時段預測值或不同時段平均值為參考值,如果量測值與參考值大於誤差門檻,則納入異常警示。最後,再將結果及對應的用戶及設備參數整理並儲存至雲端伺服器30。The signaling abnormality detecting module 20 performs the connection state analysis, and if it can directly interpret the abnormality, it immediately alerts abnormally. If the direct comparison is not possible, the flow comparison is performed, and the predicted value of the simultaneous segment generated by the abnormality evaluation reference module 40 or the average value of the different time periods is used as the reference value. If the measured value and the reference value are greater than the error threshold, the abnormal warning is included. Finally, the results and corresponding user and device parameters are collated and stored in the cloud server 30.
執行步驟請參閱圖二:首先由信令分析201讀取行動信令擷取模組10解碼的信令欄位,進行連線狀態比對202,如果用戶或設備的連線狀態能直接判讀為異常,則將該筆連線資訊傳送至異常警示203,並標示為異常。該連線狀態為3GPP文件所定義之任何可以辨識用戶或設備的狀態欄位,如無線電網路層原因(Radio Network Layer Cause)、傳輸層原因(Transport Layer Cause)、協定原因(Protocol Cause)及雜項
原因(Miscellaneous Cause)等。若不能直接判讀異常,則由連結資訊204根據用戶或設備識別碼,取得目前時段內的流量資訊,再由異常評估參考模組40讀取流量參考值;若流量參考值不存在,則略過流量比對205,進入流量整理206;反之,若存在流量參考值,則進行流量比對205。比對公式如下:
為異常評估參考模組40產生的流量參考值;M t 為行動信令擷取模組10取得的實際流量值;H 為相對誤差門檻值。若誤差範圍大於誤差門檻,則同樣將該筆連線資訊傳送至異常警示203,並標示為異常。若小於誤差門檻,則進入流量整理206。流量內容整理206,會將每筆連線內容進行預存動作,整理包含擷取時間、用戶識別碼、設備識別碼、操作碼、連線狀態、用戶上下行流量、設備傳輸流量、流量參考值及相對誤差值等,以利儲存至雲端伺服器。最後,再將結果輸出至雲端伺服器30。 The flow reference value generated by the reference module 40 is abnormally evaluated; M t is the actual flow value obtained by the action signaling acquisition module 10; H is the relative error threshold. If the error range is greater than the error threshold, the pen connection information is also transmitted to the abnormality alert 203 and marked as abnormal. If it is less than the error threshold, it enters flow grooming 206. The traffic content sorting 206 will pre-store each connection content, including the extraction time, user identification code, device identification code, operation code, connection status, user uplink and downlink traffic, device transmission traffic, traffic reference value and Relative error values, etc., to facilitate storage to the cloud server. Finally, the result is output to the cloud server 30.
雲端伺服器30以分散式資料庫儲存信令異常偵測模組20所產生的巨量流量資料及比對參數,採用MapReduce分散式運算環境,將巨量資料轉換成key跟value的序對,分別傳給不同的Mapper來處理,完成異常評估參考模組40的運算後亦會將結果整理成key跟value之序對,再傳給Reducer整理結果,提供整合運算資源及減少運算時間。The cloud server 30 stores the huge amount of traffic data and comparison parameters generated by the signaling abnormality detecting module 20 in a distributed database, and uses a MapReduce distributed computing environment to convert huge amounts of data into key pairs of values and values. They are respectively sent to different Mappers for processing. After the operation of the abnormality evaluation reference module 40 is completed, the results are also sorted into key pairs of values and values, and then transmitted to the Reducer to sort the results, providing integrated computing resources and reducing computation time.
異常評估參考模組40主要透過篩選後的用戶或設備正常歷史流量資料,建立統計學習的機率模型,以遞迴方式套用評估公式產生流量參考值,用以判斷用戶或設備的異常現況,並微調異常指數以增加評估準確率。The abnormality assessment reference module 40 mainly establishes a probability model of statistical learning through the filtered normal historical traffic data of the user or the device, and applies the evaluation formula to generate a traffic reference value in a recursive manner to determine the abnormal situation of the user or the device, and fine-tune Anomaly index to increase the accuracy of the assessment.
運作程序請參閱圖三:首先讀取雲端伺服器30儲存的流量配對資料,透過資料過濾401的篩選,取得同時段用戶或設備的流量資料,若查無同時段資料,則以單日平均流量代替,並儲存於訓練資料405。接著由異常分析402將篩選過後的用戶或設備連線流量資料,透過訓練資料405提供的特徵資料,根據學習模型404轉化為對應的統計模型,得到異常指數以作為異常評估403的判斷依據,並將評估公式產生的流量參考值傳送至信令異常偵測模組20。此異常評估403所產生的參考值,亦會回饋至學習模型404,由異常分析402比對下次資料過濾401篩選的實際量測值,以取得新的異常參數,並修正異常評估403的參考值,使得預測的參考值能更準確。其公式如下:
為異常評估403目前的估計值;為異常評估403前次的估計值;K t 為異常指數;M t 為資料過濾401篩選的實際量測值。透過該模組不斷地遞迴執行及微調,所產生的預測參考值,將更貼近實際量測的結果。 Estimate the current estimate of 403 for anomalies; The previous estimate of 403 is evaluated for the abnormality; K t is the abnormality index; M t is the actual measured value of the data filtering 401 screening. Through the module's continuous recursive execution and fine-tuning, the resulting predicted reference values will be closer to the actual measured results.
綜合以上,本專利的實施方式可舉例如下:行動信令擷取模組10於行動網路設備基地台控制器(BSC)或無線電網路控制器(RNC)與GPRS服務支援節點(Serving GPRS Support Node,SGSN)間,擷取IuPS(Interface UMTS Packet Switched)介面之RANAP(Radio Access Network Application Part)信令;並於信令異常偵測模組20中,發現欄位無線電網路層原因(Radio Network Layer Cause)的值為重置期間無法建立(Unable to Establish During Relocation),因此直接判讀為異常;若無該欄位或是訊息內容無法判定異常,則分析相同 無線電網路控制器號碼((Radio Network Controller,RNC-ID)的(GPRS Tunneling Protocol-Control,GTP-C)流量與異常評估參考模組40產生的流量參考值,比對兩者的誤差,若大於誤差門檻值10%則判定為異常,並將結果儲存於雲端伺服器30,以進行下次的估算。In summary, the embodiments of the present patent can be exemplified as follows: the mobile signaling acquisition module 10 is implemented in a mobile network device base station controller (BSC) or a radio network controller (RNC) and a GPRS service support node (Serving GPRS Support). Between the Node and the SGSN, the RANAP (Radio Access Network Application Part) signaling of the IuPS (Interface UMTS Packet Switched) interface is obtained; and the reason for the radio network layer of the field is found in the signaling abnormality detecting module 20 (Radio) The value of Network Layer Cause) is Unable to Establish During Relocation, so it is directly interpreted as an exception; if there is no such field or the content of the message cannot be determined abnormally, the analysis is the same. The reference value of the traffic generated by the Radio Network Controller (RNC-ID) (GPRS Tunneling Protocol-Control, GTP-C) traffic and abnormality evaluation reference module 40 is compared with the error between the two. If it is greater than the error threshold of 10%, it is determined to be abnormal, and the result is stored in the cloud server 30 for the next estimation.
上列詳細說明乃針對本發明之一可行實施例進行具體說明,惟該實施例並非用以限制本發明之專利範圍,凡未脫離本發明技藝精神所為之等效實施或變更,均應包含於本案之專利範圍中。The detailed description of the present invention is intended to be illustrative of a preferred embodiment of the invention, and is not intended to limit the scope of the invention. The patent scope of this case.
綜上所述,本案不僅於技術思想上確屬創新,並具備習用之傳統方法所不及之上述多項功效,已充分符合新穎性及進步性之法定發明專利要件,爰依法提出申請,懇請貴局核准本件發明專利申請案,以勵發明,至感德便。To sum up, this case is not only innovative in terms of technical thinking, but also has many of the above-mentioned functions that are not in the traditional methods of the past. It has fully complied with the statutory invention patent requirements of novelty and progressiveness, and applied for it according to law. Approved this invention patent application, in order to invent invention, to the sense of virtue.
10‧‧‧行動信令擷取模組10‧‧‧Action Signaling Capture Module
20‧‧‧信令異常偵測模組20‧‧‧Signal anomaly detection module
30‧‧‧雲端伺服器30‧‧‧Cloud Server
40‧‧‧異常評估參考模組40‧‧‧Anomaly Evaluation Reference Module
Claims (6)
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
TW102134461A TWI510109B (en) | 2013-09-25 | 2013-09-25 | The recursive method of network traffic anomaly detection |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
TW102134461A TWI510109B (en) | 2013-09-25 | 2013-09-25 | The recursive method of network traffic anomaly detection |
Publications (2)
Publication Number | Publication Date |
---|---|
TW201513690A TW201513690A (en) | 2015-04-01 |
TWI510109B true TWI510109B (en) | 2015-11-21 |
Family
ID=53437324
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
TW102134461A TWI510109B (en) | 2013-09-25 | 2013-09-25 | The recursive method of network traffic anomaly detection |
Country Status (1)
Country | Link |
---|---|
TW (1) | TWI510109B (en) |
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
TWI735594B (en) * | 2016-08-08 | 2021-08-11 | 香港商阿里巴巴集團服務有限公司 | Method, device and system for identifying and assisting in identifying false traffic |
TWI782645B (en) * | 2021-07-29 | 2022-11-01 | 中華電信股份有限公司 | System and method for evaluating network component quality degradation based on mobile network |
Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2002021774A1 (en) * | 2000-09-11 | 2002-03-14 | Nokia Corporation | System, device and method for automatic anomaly detection |
US20070064617A1 (en) * | 2005-09-15 | 2007-03-22 | Reves Joseph P | Traffic anomaly analysis for the detection of aberrant network code |
EP1772993A1 (en) * | 2005-10-05 | 2007-04-11 | Fujitsu Limited | Detecting anomalies internal to a network from traffic external to the network |
US20100138919A1 (en) * | 2006-11-03 | 2010-06-03 | Tao Peng | System and process for detecting anomalous network traffic |
US20130117282A1 (en) * | 2011-11-08 | 2013-05-09 | Verisign, Inc. | System and method for detecting dns traffic anomalies |
-
2013
- 2013-09-25 TW TW102134461A patent/TWI510109B/en not_active IP Right Cessation
Patent Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2002021774A1 (en) * | 2000-09-11 | 2002-03-14 | Nokia Corporation | System, device and method for automatic anomaly detection |
US20070064617A1 (en) * | 2005-09-15 | 2007-03-22 | Reves Joseph P | Traffic anomaly analysis for the detection of aberrant network code |
EP1772993A1 (en) * | 2005-10-05 | 2007-04-11 | Fujitsu Limited | Detecting anomalies internal to a network from traffic external to the network |
US20100138919A1 (en) * | 2006-11-03 | 2010-06-03 | Tao Peng | System and process for detecting anomalous network traffic |
US20130117282A1 (en) * | 2011-11-08 | 2013-05-09 | Verisign, Inc. | System and method for detecting dns traffic anomalies |
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
TWI735594B (en) * | 2016-08-08 | 2021-08-11 | 香港商阿里巴巴集團服務有限公司 | Method, device and system for identifying and assisting in identifying false traffic |
TWI782645B (en) * | 2021-07-29 | 2022-11-01 | 中華電信股份有限公司 | System and method for evaluating network component quality degradation based on mobile network |
Also Published As
Publication number | Publication date |
---|---|
TW201513690A (en) | 2015-04-01 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
JP6690011B2 (en) | System and method for measuring effective customer impact of network problems in real time using streaming analysis | |
US9888399B2 (en) | Adaptive monitoring for cellular networks | |
CN102685717B (en) | network service quality parameter identification method and device | |
JP5612696B2 (en) | Network management system and method for identifying and accessing quality of service results within a communication network | |
US9462486B2 (en) | Method and device for classifying wireless data service | |
WO2014040633A1 (en) | Identifying fault category patterns in a communication network | |
CN104427534B (en) | The soft detection method adopted of long term evolution and removable motion detection device | |
WO2017148130A1 (en) | Method and device for analyzing poor network quality problem | |
CN106559803A (en) | A kind of base station construction appraisal procedure and device | |
CN110856188B (en) | Communication method, apparatus, system, and computer-readable storage medium | |
WO2013185489A1 (en) | Method and apparatus for analyzing signaling traffic | |
CN105357699A (en) | Wireless network quality monitoring system and method | |
CN103955507A (en) | Early warning method and device based on perception of user | |
CN102256297B (en) | TD-SCDMA (Time Division-Synchronization Code Division Multiple Access) wireless communication network service user perception data collection method | |
CN113727092B (en) | Video monitoring quality inspection method and device based on decision tree | |
TWI510109B (en) | The recursive method of network traffic anomaly detection | |
CN104811959A (en) | Mobile network user perception analysis system and method based on big data | |
CN108667740A (en) | The method, apparatus and system of flow control | |
CN107820270B (en) | GPRS interface monitoring system based on GSM-R network | |
CN108063764B (en) | Network traffic processing method and device | |
WO2016188166A1 (en) | Data traffic management and control method and device | |
CN110972199B (en) | Flow congestion monitoring method and device | |
WO2023045365A1 (en) | Video quality evaluation method and apparatus, electronic device, and storage medium | |
JP2017208717A (en) | Analysis system for radio communication network | |
JP2023537119A (en) | Network data analysis method, network data analysis function network element, communication system, non-transitory computer readable storage medium and computer program |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
MM4A | Annulment or lapse of patent due to non-payment of fees |