Abnormal flow detection method based on periodicity and moving window baseline algorithm

• Main Authors: LIU JIAXIANG, HUANG LONGFEI, ZHAO KUNYANG, SHI XIAOCHUAN, LIU QI, CHEN YULIANG, ZHANG JING
• Format: Patent
• Language: Chinese; English
• Published: 19.06.2020
• Subjects: ELECTRIC COMMUNICATION TECHNIQUE; ELECTRICITY; TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHICCOMMUNICATION

An abnormal flow detection method based on periodicity and a moving window baseline algorithm comprises the steps of collecting UDP original data once every five minutes, and endowing characteristic values according to three dimensions of a communication port, time and a byte number of the UDP original data; establishing a similarity comparison model according to the feature value of the UDP original data; inputting the UDP original data into a similarity comparison model, and screening and removing the UDP original data with a large deviation value; arranging the processed UDP data accordingto time; dividing a plurality of time periods, and calculating an average value of variables in each time period; connecting the average values into a line to obtain an AWR reference baseline; generating a plurality of AWR reference baselines according to different time periods; setting the storage time of the AWR reference baseline; setting a specified period, comparing the actual value with a reference baseline, and jud