Method of detecting distributed denial of service based on grey theory
First Claim
Patent Images
1. A method of network activity detection, comprising the following steps:
- receiving network flow and generating a first sequence and a second sequence therefrom, each comprising a plurality of consecutive traffic data elements, with at least one traffic data element in the second sequence a succession of the first sequence;
creating a first model according to the first sequence, comprising a first development coefficient and a first random factor;
generating a first predictive sequence corresponding to the second sequence by substituting the first sequence and the first model into the equation
wherein;
X0 represents the first traffic data element in the first sequence; and
yk represents traffic data in predictive sequence;
k is a natural number indexing traffic data in predictive sequence;
analyzing malicious network activities by comparing the first predictive sequence and the second sequence; and
implementing a defense procedure when an analyzing result meets a predetermined condition.
4 Assignments
0 Petitions
Accused Products
Abstract
A method of malicious network activity detection. An intrusion detection system provides defense against distributed denial of service (DDOS) attacks through an efficient modeling process based on grey theory.
-
Citations
18 Claims
-
1. A method of network activity detection, comprising the following steps:
-
receiving network flow and generating a first sequence and a second sequence therefrom, each comprising a plurality of consecutive traffic data elements, with at least one traffic data element in the second sequence a succession of the first sequence;
creating a first model according to the first sequence, comprising a first development coefficient and a first random factor;
generating a first predictive sequence corresponding to the second sequence by substituting the first sequence and the first model into the equation
wherein;
X0 represents the first traffic data element in the first sequence; and
yk represents traffic data in predictive sequence;
k is a natural number indexing traffic data in predictive sequence;
analyzing malicious network activities by comparing the first predictive sequence and the second sequence; and
implementing a defense procedure when an analyzing result meets a predetermined condition. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. A network device providing network activity detection, comprising:
-
a network flow collector for generating a first sequence by receiving network flow comprising a plurality of traffic data element;
a grey analyzer for creating a first model comprising a first development coefficient and a first random factor according to the first sequence, generating a first predictive corresponding to the first sequence by substituting the first model and the first sequence into a formula of
and assessing an intrusion by analyzing the first sequence and the first predictive sequence, wherein;
X0 represents the first traffic data element in the substituted sequence;
y represents traffic data element of the predictive sequence; and
k is a natural number indexing traffic data element in sequence; and
a security trigger for implementing a defense procedure when an analysis result meets a predetermined condition. - View Dependent Claims (12, 13, 14, 15, 16, 17)
-
-
18. A storage device, comprising a program for making a computer to process steps as follows:
-
receiving network flow to generate a first sequence and a second sequence, each of which comprises a plurality of consecutive traffic data elements, with at least one traffic data element in the second sequence a succession of the first sequence;
creating a first model according to the first sequence, comprising a first development coefficient and a first random factor;
generating a first predictive sequence corresponding to the second sequence by substituting the first sequence and the first model into the equation
wherein;
X0 represents the first traffic data element in the substituted sequence; and
yk represents traffic data element in predictive sequence;
k is a natural number indexing traffic data element in sequence;
analyzing the network flow by comparing the first predictive sequence and the second sequence; and
implementing a defense procedure when an analysis result meets a predetermined condition.
-
Specification