CN111224890A - Traffic classification method and system of cloud platform and related equipment - Google Patents
Traffic classification method and system of cloud platform and related equipment Download PDFInfo
- Publication number
- CN111224890A CN111224890A CN201911089881.8A CN201911089881A CN111224890A CN 111224890 A CN111224890 A CN 111224890A CN 201911089881 A CN201911089881 A CN 201911089881A CN 111224890 A CN111224890 A CN 111224890A
- Authority
- CN
- China
- Prior art keywords
- network
- traffic
- flow
- classification
- port number
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 41
- 238000012549 training Methods 0.000 claims description 29
- 238000004590 computer program Methods 0.000 claims description 9
- 230000006399 behavior Effects 0.000 claims description 8
- 238000003066 decision tree Methods 0.000 claims description 7
- 230000009286 beneficial effect Effects 0.000 abstract description 3
- 230000008569 process Effects 0.000 description 5
- 230000009471 action Effects 0.000 description 3
- 230000006854 communication Effects 0.000 description 2
- 238000012986 modification Methods 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 239000002699 waste material Substances 0.000 description 2
- 238000004891 communication Methods 0.000 description 1
- 238000010586 diagram Methods 0.000 description 1
- 230000014509 gene expression Effects 0.000 description 1
- 230000009545 invasion Effects 0.000 description 1
- 230000007246 mechanism Effects 0.000 description 1
- 238000012544 monitoring process Methods 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 238000005457 optimization Methods 0.000 description 1
- 230000000750 progressive effect Effects 0.000 description 1
- 238000012360 testing method Methods 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L47/00—Traffic control in data switching networks
- H04L47/10—Flow control; Congestion control
- H04L47/24—Traffic characterised by specific attributes, e.g. priority or QoS
- H04L47/2441—Traffic characterised by specific attributes, e.g. priority or QoS relying on flow classification, e.g. using integrated services [IntServ]
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F18/00—Pattern recognition
- G06F18/20—Analysing
- G06F18/21—Design or setup of recognition systems or techniques; Extraction of features in feature space; Blind source separation
- G06F18/214—Generating training patterns; Bootstrap methods, e.g. bagging or boosting
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F18/00—Pattern recognition
- G06F18/20—Analysing
- G06F18/24—Classification techniques
- G06F18/243—Classification techniques relating to the number of classes
- G06F18/24323—Tree-organised classifiers
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1416—Event detection, e.g. attack signature detection
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/10—Protocols in which an application is distributed across nodes in the network
Landscapes
- Engineering & Computer Science (AREA)
- Data Mining & Analysis (AREA)
- Theoretical Computer Science (AREA)
- General Engineering & Computer Science (AREA)
- Signal Processing (AREA)
- Computer Networks & Wireless Communication (AREA)
- Bioinformatics & Cheminformatics (AREA)
- Evolutionary Biology (AREA)
- Evolutionary Computation (AREA)
- Physics & Mathematics (AREA)
- Computer Vision & Pattern Recognition (AREA)
- General Physics & Mathematics (AREA)
- Bioinformatics & Computational Biology (AREA)
- Artificial Intelligence (AREA)
- Life Sciences & Earth Sciences (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The application provides a traffic classification method of a cloud platform, which comprises the following steps: capturing network flow; judging whether the destination port number of the network traffic is a known port number; if so, classifying the network traffic according to the behavior of the known port number corresponding to the network traffic; if not, determining the type of the network flow by using a network model. According to the method and the device, the port number of the captured network traffic is identified, if the port number is not known, the network traffic type is determined by using the network model, the network traffic can be identified and the characteristics can be extracted, so that the control is performed, the network resources can be optimized according to the network traffic, and the safety service performance of the network is improved. The application also provides a flow classification system of the cloud platform, a computer readable storage medium and a cloud platform server, and has the beneficial effects.
Description
Technical Field
The present application relates to the field of cloud computing, and in particular, to a method and a system for classifying traffic of a cloud platform, and a related device.
Background
In the cloud computing era, a large number of virtual machines can communicate with one another, network services are various, and a large number of proprietary protocols are available, which is not beneficial to flow monitoring and effective management of a platform. Even because network traffic is various, illegal invasion information such as hacker traffic can be mixed, and network security hidden danger is easily caused.
Disclosure of Invention
The application aims to provide a traffic classification method and system of a cloud platform, a computer readable storage medium and a cloud platform server, which can improve the security service capability of a network.
In order to solve the technical problem, the application provides a traffic classification method for a cloud platform, which has the following specific technical scheme:
capturing network flow;
judging whether the destination port number of the network traffic is a known port number;
if so, classifying the network traffic according to the behavior of the known port number corresponding to the network traffic;
if not, determining the type of the network flow by using a network model.
Before determining whether the destination port number of the network traffic is a known port number, the method further includes:
acquiring 5-tuple information of the network traffic header; the 5-tuple information comprises source IP information, destination IP information, the destination port number, a source MAC address and a destination MAC address.
Before determining the category of the network traffic by using the network model, the method further includes:
training the network model;
specifically, training the network model includes:
A. determining a classification probability formula according to a decision tree classifier;
B. obtaining a residual error corresponding to the classification probability formula according to an actual classification result;
C. iterating the classification probability formula by using the residual error to obtain a fitting formula, and returning to the step A as the classification probability formula;
and after the preset times of loop execution A, B, C, obtaining the network model.
Wherein determining the category of the network traffic using a network model comprises:
determining the probability of the network flow respectively belonging to each category by using a network model;
and determining the class with the highest probability as the actual type of the network traffic.
After determining the category of the network traffic by using the network model, the method further includes:
if the network traffic is hacker traffic, discarding the network traffic;
and if the network flow is normal flow, forwarding the network flow to a corresponding server according to the type of the network flow.
The application also provides a flow classification system of the cloud platform, which comprises:
the flow grabbing module is used for grabbing network flow;
the port judging module is used for judging whether the destination port number of the network flow is a known port number or not;
the first classification module is used for classifying the network traffic according to the behavior of the known port number corresponding to the network traffic when the judgment result of the port judgment module is yes;
and the second classification module is used for determining the classification of the network flow by using a network model when the judgment result of the port judgment module is negative.
The model training module is used for the flow capturing module and is used for training the network model;
wherein the model training module is specifically configured to perform the following: A. determining a classification probability formula according to a decision tree classifier; B. obtaining a residual error corresponding to the classification probability formula according to an actual classification result; C. iterating the classification probability formula by using the residual error to obtain a fitting formula, and returning to the step A as the classification probability formula; and after the preset times of loop execution A, B, C, obtaining the network model.
Wherein, still include:
the flow control module is used for discarding the network flow if the network flow is hacker flow; and if the network flow is normal flow, forwarding the network flow to a corresponding server according to the type of the network flow.
The present application also provides a computer-readable storage medium having stored thereon a computer program which, when being executed by a processor, carries out the steps of the method as set forth above.
The application also provides a cloud platform, which comprises a memory and a processor, wherein the memory stores a computer program, and the processor realizes the steps of the method when calling the computer program in the memory.
The application provides a traffic classification method of a cloud platform, which comprises the following steps: capturing network flow; judging whether the destination port number of the network traffic is a known port number; if so, classifying the network traffic according to the behavior of the known port number corresponding to the network traffic; if not, determining the type of the network flow by using a network model.
According to the method and the device, the port number of the captured network traffic is identified, if the port number is not known, the network traffic type is determined by using the network model, the network traffic can be identified and the characteristics can be extracted, so that the control is performed, the network resources can be optimized according to the network traffic, and the safety service performance of the network is improved. The application also provides a flow classification system of the cloud platform, a computer readable storage medium and a cloud platform server, which have the beneficial effects, and are not repeated herein.
Drawings
In order to more clearly illustrate the embodiments of the present application or the technical solutions in the prior art, the drawings needed to be used in the description of the embodiments or the prior art will be briefly introduced below, it is obvious that the drawings in the following description are only embodiments of the present application, and for those skilled in the art, other drawings can be obtained according to the provided drawings without creative efforts.
Fig. 1 is a flowchart of a traffic classification method of a cloud platform according to an embodiment of the present disclosure;
FIG. 2 is a flow chart of network model training provided by an embodiment of the present application;
fig. 3 is a schematic structural diagram of a traffic classification system of a cloud platform according to an embodiment of the present disclosure.
Detailed Description
In order to make the objects, technical solutions and advantages of the embodiments of the present application clearer, the technical solutions in the embodiments of the present application will be clearly and completely described below with reference to the drawings in the embodiments of the present application, and it is obvious that the described embodiments are some embodiments of the present application, but not all embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present application.
Referring to fig. 1, fig. 1 is a flowchart of a traffic classification method of a cloud platform according to an embodiment of the present disclosure
S101: capturing network flow;
s102: judging whether the destination port number of the network traffic is a known port number; if yes, entering S103; if not, entering S104;
s103: classifying the network traffic according to the behavior of the known port number corresponding to the network traffic;
s104: determining a class of the network traffic using a network model.
The network traffic is captured first, and how to capture the network traffic is not limited herein, and the capturing is usually performed in units of traffic packets. After the network traffic is obtained, whether the destination port number of the network traffic is a known port number is judged. Specifically, 5-tuple information of the network traffic header may be obtained; the 5-tuple information comprises source IP information, destination IP information, the destination port number, a source MAC address and a destination MAC address, and then whether the destination port number in the 5-tuple information is a known port number can be judged. By known port number, it is generally meant a port number between 0-1023. The port numbers between 0-1023 are common port numbers, which are typically ports for regular behavior, and once the destination port number is between 0-1023, it can be determined that the network traffic is trusted and not hacked traffic. The network traffic can be classified directly according to the actual port number.
If the destination port number is not a known port number, the network model is further used to determine the type of the network traffic. Of course, the known port number may be other commonly used port numbers, and is not limited herein.
As is readily understood, the network model also needs to be trained before determining the class of the network traffic using the network model;
specifically, training the network model may include:
A. determining a classification probability formula according to a decision tree classifier;
B. obtaining a residual error corresponding to the classification probability formula according to an actual classification result;
C. iterating the classification probability formula by using the residual error to obtain a fitting formula, and returning to the step A as the classification probability formula;
and after the preset times of loop execution A, B, C, obtaining the network model.
The above process is described below in specific mathematical expressions:
assuming that the prediction result has K classes, for the training sample X, an N-dimensional vector is used to represent the classification result, where 0 represents not belonging to the class and 1 represents belonging to the class. The base classifier here selects the decision tree:
the first iteration: after training the samples, K trees T1(x), T2(x),, Tk (x) are generated, so in this training, the probability that sample x belongs to the kth class is
Assuming that the training sample x actually belongs to the mth class, where 1. ltoreq. m.ltoreq.K, then the residual error produced by the first iteration is:
and (3) second iteration: continuously training K trees by using the first iteration (x, y1K) on the basis of the residual error obtained by the first iteration, and thus continuously iteratingPresetting times, training K trees in each turn, and when a new sample comes after training is finished, the probability that the sample belongs to the kth category is
The one with the highest probability is identified as 1 and the others as 0. It should be noted that the preset number is not limited herein, but should not be too large, otherwise the network model is overfit, or too small, otherwise the network model is easy to be lightly fitted, for example, 4 times, 5 times, or 6 times, and so on.
In addition, the used training sample X is preferably a cleaned sample, namely, data with high relevance or repeated data in the sample is screened out, and repeated data is prevented from influencing a training model. If the training sample is not cleaned, that is, there are several repeated data therein, the probability of the corresponding category obtained through the network model is large, which affects the judgment of the network traffic category.
In particular, after data training, the network traffic of which the category can be actually determined can be used for testing so as to detect the accuracy of the network model. If the accuracy is low, iteration can be performed again on the basis of the obtained network model, or the training sample is cleaned again, so that the accuracy of the network model is improved. The specific data training process may refer to fig. 2, and fig. 2 is a network model training flowchart provided in the embodiment of the present application.
After the network model is obtained, the network model can be used for determining the category of the network traffic, and specifically, the network model is used for determining the probability that the network traffic belongs to each category; the class with the highest probability is determined as the actual type of network traffic. Therefore, the probability that the actually obtained network traffic belongs to each category is difficult to be the same by adopting a voting mechanism in the network model, so that the network model can directly identify the network traffic with the highest probability as 1, namely, the network traffic belongs to the category, and the rest of the network traffic can be identified as 0.
According to the method and the device, the port number of the captured network traffic is identified, if the port number is not known, the network traffic type is determined by using the network model, the network traffic can be identified and the characteristics of the network traffic can be extracted, so that the network traffic can be controlled, the network resources can be optimized according to the network traffic, and the safety service performance of the network can be improved.
Further, on the basis of the above embodiment, after determining the category of the network traffic by using the network model after step S103 or step S104, corresponding operations may be performed according to the category of the network traffic:
if the network flow is the hacker flow, the network flow is abandoned;
and if the network flow is normal flow, forwarding the network flow to a corresponding server according to the type of the network flow.
The present embodiment aims to achieve network resource optimization according to different traffic classes. And if the network traffic is determined to be the hacker traffic, directly discarding the network traffic. If the traffic is normal traffic, forwarding the network traffic to a corresponding server, for example, if the network traffic is mail, directly forwarding the network traffic to a mail server. In the normal flow communication process, the mail does not necessarily directly reach the mail server, wherein the mail may need to be forwarded by a plurality of servers, which wastes a certain network resource, and in the whole network communication, the similar flow waste ratio is all the same, so that the network resource can be optimized to a certain extent through the embodiment, and the network security service performance is improved.
The traffic classification system of the cloud platform provided in the embodiments of the present application is introduced below, and the traffic classification system described below and the traffic classification method described above may be referred to in a corresponding manner.
Referring to fig. 3, fig. 3 is a schematic structure of a traffic classification system of a cloud platform provided in an embodiment of the present application, and the present application further provides a traffic classification system of a cloud platform, including:
a traffic grabbing module 100, configured to grab network traffic;
a port determining module 200, configured to determine whether a destination port number of the network traffic is a known port number;
a first classification module 300, configured to classify the network traffic according to a behavior of a known port number corresponding to the network traffic when the determination result of the port determination module is yes;
and a second classification module 400, configured to determine the category of the network traffic by using a network model when the determination result of the port determination module is negative.
Based on the above embodiment, as a preferred embodiment, the method may further include:
the model training module is used for the flow capturing module and is used for training the network model;
wherein the model training module is specifically configured to perform the following: A. determining a classification probability formula according to a decision tree classifier; B. obtaining a residual error corresponding to the classification probability formula according to an actual classification result; C. iterating the classification probability formula by using the residual error to obtain a fitting formula, and returning to the step A as the classification probability formula; and after the preset times of loop execution A, B, C, obtaining the network model.
Based on the above embodiment, as a preferred embodiment, the method may further include:
the flow control module is used for discarding the network flow if the network flow is hacker flow; and if the network flow is normal flow, forwarding the network flow to a corresponding server according to the type of the network flow.
The present application also provides a computer readable storage medium having stored thereon a computer program which, when executed, may implement the steps provided by the above-described embodiments. The storage medium may include: various media capable of storing program codes, such as a usb disk, a removable hard disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), a magnetic disk, or an optical disk.
The application also provides a cloud platform server, which may include a memory and a processor, wherein the memory stores a computer program, and the processor may implement the steps provided by the above embodiments when calling the computer program in the memory. Of course, the cloud platform may also include various network interfaces, power supplies, and other components.
The embodiments are described in a progressive manner in the specification, each embodiment focuses on differences from other embodiments, and the same and similar parts among the embodiments are referred to each other. For the system provided by the embodiment, the description is relatively simple because the system corresponds to the method provided by the embodiment, and the relevant points can be referred to the method part for description.
The principles and embodiments of the present application are explained herein using specific examples, which are provided only to help understand the method and the core idea of the present application. It should be noted that, for those skilled in the art, it is possible to make several improvements and modifications to the present application without departing from the principle of the present application, and such improvements and modifications also fall within the scope of the claims of the present application.
It is further noted that, in the present specification, relational terms such as first and second, and the like are used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions. Also, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising an … …" does not exclude the presence of other identical elements in a process, method, article, or apparatus that comprises the element.
Claims (10)
1. A traffic classification method of a cloud platform is characterized by comprising the following steps:
capturing network flow;
judging whether the destination port number of the network traffic is a known port number;
if so, classifying the network traffic according to the behavior of the known port number corresponding to the network traffic;
if not, determining the type of the network flow by using a network model.
2. The traffic classification method according to claim 1, wherein before determining whether a destination port number of the network traffic is a known port number, the method further comprises:
acquiring 5-tuple information of the network traffic header; the 5-tuple information comprises source IP information, destination IP information, the destination port number, a source MAC address and a destination MAC address.
3. The traffic classification method according to claim 1 or 2, wherein before determining the class of the network traffic using the network model, the method further comprises:
training the network model;
specifically, training the network model includes:
A. determining a classification probability formula according to a decision tree classifier;
B. obtaining a residual error corresponding to the classification probability formula according to an actual classification result;
C. iterating the classification probability formula by using the residual error to obtain a fitting formula, and returning to the step A as the classification probability formula;
and after the preset times of loop execution A, B, C, obtaining the network model.
4. The traffic classification method according to claim 3, characterized in that determining the class of the network traffic using a network model comprises:
determining the probability of the network flow respectively belonging to each category by using a network model;
and determining the class with the highest probability as the actual type of the network traffic.
5. The traffic classification method according to claim 1, wherein after determining the class of the network traffic using a network model, the method further comprises:
if the network traffic is hacker traffic, discarding the network traffic;
and if the network flow is normal flow, forwarding the network flow to a corresponding server according to the type of the network flow.
6. A traffic classification system of a cloud platform, comprising:
the flow grabbing module is used for grabbing network flow;
the port judging module is used for judging whether the destination port number of the network flow is a known port number or not;
the first classification module is used for classifying the network traffic according to the behavior of the known port number corresponding to the network traffic when the judgment result of the port judgment module is yes;
and the second classification module is used for determining the classification of the network flow by using a network model when the judgment result of the port judgment module is negative.
7. The flow classification system of claim 6, further comprising:
the model training module is used for the flow capturing module and is used for training the network model;
wherein the model training module is specifically configured to perform the following: A. determining a classification probability formula according to a decision tree classifier; B. obtaining a residual error corresponding to the classification probability formula according to an actual classification result; C. iterating the classification probability formula by using the residual error to obtain a fitting formula, and returning to the step A as the classification probability formula; and after the preset times of loop execution A, B, C, obtaining the network model.
8. The flow classification system of claim 6, further comprising:
the flow control module is used for discarding the network flow if the network flow is hacker flow; and if the network flow is normal flow, forwarding the network flow to a corresponding server according to the type of the network flow.
9. A computer-readable storage medium, on which a computer program is stored which, when being executed by a processor, carries out the steps of the traffic classification method according to any one of claims 1 to 5.
10. A cloud platform server comprising a memory having a computer program stored therein and a processor that when invoked on the computer program in the memory implements the steps of the traffic classification method according to any of claims 1 to 5.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201911089881.8A CN111224890A (en) | 2019-11-08 | 2019-11-08 | Traffic classification method and system of cloud platform and related equipment |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201911089881.8A CN111224890A (en) | 2019-11-08 | 2019-11-08 | Traffic classification method and system of cloud platform and related equipment |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN111224890A true CN111224890A (en) | 2020-06-02 |
Family
ID=70832056
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201911089881.8A Pending CN111224890A (en) | 2019-11-08 | 2019-11-08 | Traffic classification method and system of cloud platform and related equipment |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN111224890A (en) |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112003850A (en) * | 2020-08-14 | 2020-11-27 | 北京浪潮数据技术有限公司 | Flow monitoring method, device, equipment and storage medium based on cloud network |
| CN114189480A (en) * | 2021-11-18 | 2022-03-15 | 郑州云海信息技术有限公司 | Flow sampling method and device, electronic equipment and medium |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101026502A (en) * | 2007-04-09 | 2007-08-29 | 北京天勤信通科技有限公司 | Broad band network comprehensive performance management flatform |
| US20130100849A1 (en) * | 2011-10-20 | 2013-04-25 | Telefonaktiebolaget Lm Ericsson (Publ) | Creating and using multiple packet traffic profiling models to profile packet flows |
| CN108615044A (en) * | 2016-12-12 | 2018-10-02 | 腾讯科技(深圳)有限公司 | A kind of method of disaggregated model training, the method and device of data classification |
-
2019
- 2019-11-08 CN CN201911089881.8A patent/CN111224890A/en active Pending
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101026502A (en) * | 2007-04-09 | 2007-08-29 | 北京天勤信通科技有限公司 | Broad band network comprehensive performance management flatform |
| US20130100849A1 (en) * | 2011-10-20 | 2013-04-25 | Telefonaktiebolaget Lm Ericsson (Publ) | Creating and using multiple packet traffic profiling models to profile packet flows |
| CN108615044A (en) * | 2016-12-12 | 2018-10-02 | 腾讯科技(深圳)有限公司 | A kind of method of disaggregated model training, the method and device of data classification |
Non-Patent Citations (1)
| Title |
|---|
| 王攀: "IP网络业务识别关键技术研究", 《中国博士学位论文全文数据库 科技信息辑》 * |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112003850A (en) * | 2020-08-14 | 2020-11-27 | 北京浪潮数据技术有限公司 | Flow monitoring method, device, equipment and storage medium based on cloud network |
| CN114189480A (en) * | 2021-11-18 | 2022-03-15 | 郑州云海信息技术有限公司 | Flow sampling method and device, electronic equipment and medium |
| CN114189480B (en) * | 2021-11-18 | 2024-04-02 | 郑州云海信息技术有限公司 | A flow sampling method, device, electronic equipment and medium |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN109960729B (en) | Method and system for detecting HTTP malicious traffic | |
| US9769190B2 (en) | Methods and apparatus to identify malicious activity in a network | |
| CN105024877B (en) | A kind of Hadoop malicious node detecting systems based on user's behaviors analysis | |
| US10038706B2 (en) | Systems, devices, and methods for separating malware and background events | |
| CN111478920A (en) | Method, device and equipment for detecting communication of hidden channel | |
| CN108200054A (en) | A kind of malice domain name detection method and device based on dns resolution | |
| CN110602029A (en) | Method and system for identifying network attack | |
| CN107547490B (en) | Scanner identification method, device and system | |
| CN114357447B (en) | Attacker threat scoring method and related device | |
| CN112988670B (en) | Log data processing method and device | |
| CN108600270A (en) | A kind of abnormal user detection method and system based on network log | |
| CN109088903A (en) | A kind of exception flow of network detection method based on streaming | |
| CN111935185B (en) | Method and system for constructing large-scale trapping scene based on cloud computing | |
| CN113497797A (en) | Method and device for detecting abnormality of ICMP tunnel transmission data | |
| CN111224890A (en) | Traffic classification method and system of cloud platform and related equipment | |
| CN113032774B (en) | Training method, device and equipment of anomaly detection model and computer storage medium | |
| CN112436969A (en) | Internet of things equipment management method, system, equipment and medium | |
| CN115242436B (en) | A malicious traffic detection method and system based on command line characteristics | |
| CN111314326A (en) | Method, device, equipment and medium for confirming HTTP vulnerability scanning host | |
| CN111064719A (en) | Method and device for detecting abnormal downloading behavior of file | |
| CN113220949A (en) | Construction method and device of private data identification system | |
| CN113783920A (en) | Method and apparatus for identifying web access portal | |
| CN114205146B (en) | Processing method and device for multi-source heterogeneous security log | |
| CN109190408B (en) | Data information security processing method and system | |
| CN111291078A (en) | Domain name matching detection method and device |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20200602 |
|
| RJ01 | Rejection of invention patent application after publication |