Systems and Methods for Rule-Based Anomaly Detection on IP Network Flow
    2.
    发明申请
    Systems and Methods for Rule-Based Anomaly Detection on IP Network Flow 有权
    基于规则的IP网络异常检测系统与方法

    公开(公告)号:US20160105462A1

    公开(公告)日:2016-04-14

    申请号:US14969591

    申请日:2015-12-15

    Abstract: A system to detect anomalies in internet protocol (IP) flows uses a set of machine-learning (ML) rules that can be applied in real time at the IP flow level. A communication network has a large number of routers equipped with flow monitoring capability. A flow collector collects flow data from the routers throughout the communication network and provides them to a flow classifier. At the same time, a limited number of locations in the network monitor data packets and generate alerts based on packet data properties. The packet alerts and the flow data are provided to a machine learning system that detects correlations between the packet-based alerts and the flow data to thereby generate a series of flow-level alerts. These rules are provided to the flow time classifier. Over time, the new packet alerts and flow data are used to provide updated rules generated by the machine learning system.

    Abstract translation: 检测互联网协议(IP)流中的异常的系统使用一组机器学习(ML)规则,可以在IP流级别实时应用。 通信网络具有大量具有流量监控功能的路由器。 集流器在通信网络中收集来自路由器的流数据,并将其提供给流分类器。 同时,网络中有限数量的位置监视数据包,并根据数据包数据属性生成警报。 分组警报和流数据被提供给机器学习系统,其检测基于分组的警报和流数据之间的相关性,从而生成一系列流级别警报。 这些规则提供给流时间分类器。 随着时间的推移,新的数据包警报和流数据用于提供机器学习系统生成的更新规则。

Patent Agency Ranking