Search

CN-122001793-A - Network flow prediction and intelligent analysis method based on time sequence

CN122001793ACN 122001793 ACN122001793 ACN 122001793ACN-122001793-A

Abstract

The invention belongs to the technical field of network flow prediction analysis, and particularly discloses a time sequence-based network flow prediction and intelligent analysis method, which comprises the steps of firstly respectively generating short-term and long-term prediction sequences based on recent and long-term historical data, and establishing a reference for network flow; the method comprises the steps of collecting flow data in real time, calculating deviation between the flow data and two prediction sequences to form short-term deviation sequences and long-term deviation sequences, judging abnormal states of the deviation sequences based on cooperative judging rules, distinguishing abnormal types, generating abnormal event records, storing the abnormal event records in a knowledge base, triggering corresponding early warning, carrying out clustering analysis on the abnormal events regularly to form a related event set, judging a periodicity rule by calculating the similarity of flow fragments among the events, and generating a predictive adjustment strategy by combining the abnormal types and average prediction deviation of the event set with the periodicity rule, so that transition from passive warning to active prediction and optimization operation and maintenance is realized.

Inventors

  • WANG RONG
  • XIANG NANGANG
  • CHANG MING
  • WANG YAQIN
  • Li Ne
  • SHEN ZHUOQING
  • BAO LINHUI
  • LI XIAOQING

Assignees

  • 国网山西省电力有限公司长治供电分公司

Dates

Publication Date
20260508
Application Date
20260210

Claims (10)

  1. 1. The network traffic prediction and intelligent analysis method based on the time sequence is characterized by comprising the following steps: Generating a short-term prediction sequence and a long-term prediction sequence respectively based on the recent historical network flow data and the long-term time sequence data with the same historical period; collecting real-time network flow data, and respectively calculating the deviation of the real-time network flow data from a short-term prediction sequence and a long-term prediction sequence to generate a short-term deviation sequence and a long-term deviation sequence; According to a preset cooperative judgment rule, judging the abnormal state of the short-term deviation sequence and the long-term deviation sequence, determining the abnormal type according to the judgment result, generating an abnormal event record containing an abnormal time stamp and the abnormal type, and storing the abnormal event record into an abnormal event knowledge base; Triggering corresponding real-time early warning according to the abnormal type; And (3) carrying out cluster analysis on records in the abnormal event knowledge base regularly to form associated abnormal event sets, carrying out periodic rule judgment on each associated abnormal event set, and if the periodic rule is judged to exist, generating a predictive adjustment strategy according to the periodic rule.
  2. 2. The method for time series based network traffic prediction and intelligent analysis of claim 1, wherein generating the short term prediction sequence comprises: Acquiring historical network flow time sequence data of a time window before a predicted starting time point from recent historical network flow data, and performing linear fitting on the historical network flow time sequence data to obtain a slope of the historical network flow time sequence data; Comparing the absolute value of the slope with a preset dynamic threshold, if the absolute value of the slope is smaller than or equal to the preset dynamic threshold, judging that no significant trend exists, performing smoothing on time sequence to obtain a network flow level estimated value at the current moment, and setting predicted values of all time points in a future prediction window as the network flow level estimated value to form a short-term prediction sequence; If the absolute value of the slope is larger than a preset dynamic threshold, judging that a significant trend exists, determining a network flow level estimated value and a trend change value at the current moment in a linear fitting or recursive smoothing mode, and calculating predicted values of all time points in a future prediction window based on a time linear extrapolation formula to form a short-term prediction sequence.
  3. 3. The method for time series based network traffic prediction and intelligent analysis of claim 1, wherein generating the long-term prediction sequence comprises: Acquiring a plurality of historical network traffic subsequences which have the same period attribute as the future period to be predicted in a historical time range from long-term time sequence data; for each time point in the future period, calculating a concentrated trend characteristic value based on network flow values of all the historical subsequences at the corresponding time point; And (5) arranging the characteristic values of the central tendency at each time point in the future period according to time sequence to generate a long-term prediction sequence.
  4. 4. The method for time series based network traffic prediction and intelligent analysis of claim 1, wherein generating the short-term bias sequence and the long-term bias sequence comprises: Extracting actual network traffic corresponding to a short-term prediction sequence and a long-term prediction sequence time point from the real-time network traffic data; Respectively calculating a first difference value of the actual observed value and the corresponding short-term predicted value at each time point, and calculating a second difference value of the actual observed value and the corresponding long-term predicted value at each time point; the first difference value and the second difference value of each time point are arranged according to time sequence, and a short-term deviation sequence and a long-term deviation sequence are respectively generated.
  5. 5. The method for predicting and intelligently analyzing network traffic based on time series according to claim 1, wherein said determining abnormal state comprises: setting a dynamic judgment threshold value based on the historical fluctuation characteristic of the short-term deviation sequence and the long-term deviation sequence respectively; checking whether the deviation values of the continuous N time points in the short-term deviation sequence exceed the corresponding dynamic judgment threshold values, if so, judging that the short-term deviation sequence is in an abnormal state, otherwise, judging that the short-term deviation sequence is in a normal state; And (5) performing similar analysis according to the analysis method for judging the state of the short-term deviation sequence to obtain a state judgment result of the long-term deviation sequence.
  6. 6. The method for time series based network traffic prediction and intelligent analysis of claim 1, wherein determining the anomaly type comprises: if only the short-term deviation sequence is judged to be in an abnormal state, determining that the abnormal type is sudden abnormal; If only the long-term deviation sequence is judged to be in an abnormal state, determining the abnormal type as a long-term baseline shift abnormality; if the short-term deviation sequence and the long-term deviation sequence are both judged to be in an abnormal state, determining that the abnormal type is progressive deviation abnormality; If neither the short-term deviation sequence nor the long-term deviation sequence is judged to be in an abnormal state, determining that no abnormal event exists in the current prediction time window.
  7. 7. The method for time series based network traffic prediction and intelligent analysis of claim 1, wherein forming the set of associated anomaly events comprises: Extracting attribute features of each abnormal event from all abnormal event records in a preset analysis time period from an abnormal event knowledge base, wherein the attribute features comprise abnormal types, abnormal time stamps, network flow deviation amplitudes and durations; Based on the attribute characteristics, the abnormal event records are divided into abnormal event clusters by adopting a clustering algorithm, and all abnormal events in the abnormal event clusters are used as an associated abnormal event set.
  8. 8. The method for predicting and intelligently analyzing network traffic based on time series according to claim 1, wherein the step of performing the periodicity law determination comprises the steps of: For the associated abnormal event set, extracting flow time sequence data in a fixed time window before and after each abnormal time stamp from historical network flow data according to the abnormal time stamp recorded by each abnormal event to form a plurality of abnormal flow fragments; Calculating the shape similarity between all abnormal flow fragments in the associated abnormal event set; And comparing the shape similarity with a preset shape similarity threshold, if the shape similarity is larger than the preset shape similarity threshold, judging that the abnormal event set has a periodicity rule, otherwise, judging that the abnormal event set has no periodicity rule.
  9. 9. The method for predicting and intelligently analyzing network traffic based on time series as recited in claim 8, wherein the step of calculating the shape similarity comprises the steps of: for any two flow segments to be compared, calculating the optimal matching distance on the shape by adopting a dynamic time warping algorithm; and calculating the optimal matching distance between every two abnormal flow fragments in the associated abnormal event set, and defining the reciprocal of the arithmetic average value of the distance values as the shape similarity of the associated abnormal event set.
  10. 10. The method for time series based network traffic prediction and intelligent analysis of claim 1, wherein generating the predictive adjustment strategy comprises: aiming at the associated abnormal event set with the periodicity rule, determining a prediction correction direction and a prediction correction coefficient according to the abnormal type of the associated abnormal event set and the average prediction deviation of the abnormal event in the associated abnormal event set, and generating a preliminary predictive adjustment strategy; If multiple preliminary strategies are generated based on different associated abnormal event sets and potential conflicts exist in expected execution time or execution actions, the multiple preliminary strategies are coordinated and combined according to preset arbitration rules to form a predictive adjustment strategy.

Description

Network flow prediction and intelligent analysis method based on time sequence Technical Field The invention belongs to the technical field of network flow prediction analysis, and relates to a time sequence-based network flow prediction and intelligent analysis method. Background The monitoring, prediction and anomaly analysis of the network traffic are the core technology foundation for guaranteeing the network service quality and improving the operation and maintenance efficiency. However, the conventional and mainstream network traffic anomaly detection methods face two inherent challenges, namely, the rule based on the static threshold is difficult to adapt to inherent dynamic and periodic fluctuation of the network traffic, so that the false alarm rate is high and the adaptability is poor. Secondly, the detection method based on the single prediction model lacks a multi-dimensional reference standard, so that the accuracy and the interpretability of the abnormality discrimination are insufficient. In order to improve the prediction precision, the prior art is improved. For example, chinese patent of publication No. CN1545245A discloses an online data network traffic prediction method, which decomposes network traffic into a time-dependent component and a time-independent component by constructing a periodic network traffic model, and updates model parameters using an online learning algorithm to implement online network traffic prediction in a short period. This approach focuses on improving the accuracy of a single predictor by model improvement. However, the prior art scheme taking the improvement of the prediction precision as the core has the obvious limitations that firstly, the method is basically based on single prediction deviation or static threshold value to perform abnormality judgment, and the prediction information of different time scales cannot be effectively fused and cooperatively analyzed, so that the root cause of the flow change cannot be accurately identified, and the malignant attack and the normal service period fluctuation are difficult to distinguish, so that the alarm precision is low and the operability is not strong. Secondly, the scheme regards network flow prediction and anomaly detection as mutually independent or disposable events, a closed loop system capable of continuously accumulating and excavating anomaly knowledge cannot be constructed, and further effective association, clustering and deep mode excavation cannot be carried out on historical anomaly events, so that operation and maintenance work stays in a passive mode of event triggering and manual response all the time, and therefore strategy self-optimization based on historical data and predictive resource adjustment before failure occurs cannot be achieved. Therefore, a network traffic analysis method capable of integrating multiple time scale prediction information, having a collaborative intelligent determination capability and realizing self-evolution and optimization prediction through continuous learning is needed to solve the above technical problems. Disclosure of Invention In view of this, in order to solve the problems presented in the above background art, a method for predicting network traffic and analyzing intelligent based on time series is now proposed. The invention provides a network traffic prediction and intelligent analysis method based on a time sequence, which comprises the steps of respectively generating a short-term prediction sequence and a long-term prediction sequence based on recent historical network traffic data and long-term time sequence data with the same historic period. And acquiring real-time network flow data, and respectively calculating the deviation of the real-time network flow data from a short-term prediction sequence and a long-term prediction sequence to generate a short-term deviation sequence and a long-term deviation sequence. And according to a preset cooperative judgment rule, judging the abnormal state of the short-term deviation sequence and the long-term deviation sequence, determining the abnormal type according to the judgment result, generating an abnormal event record containing an abnormal time stamp and the abnormal type, and storing the abnormal event record into an abnormal event knowledge base. And triggering corresponding real-time early warning according to the abnormal type. And (3) carrying out cluster analysis on records in the abnormal event knowledge base regularly to form associated abnormal event sets, carrying out periodic rule judgment on each associated abnormal event set, and if the periodic rule is judged to exist, generating a predictive adjustment strategy according to the periodic rule. Compared with the prior art, the method has the beneficial effects that (1) the method provides a double-dimension reference reflecting the instant trend and the historical base line for the real-time flow by simultaneously generating the short-te