Search

CN-122027221-A - Flow detection method

CN122027221ACN 122027221 ACN122027221 ACN 122027221ACN-122027221-A

Abstract

The invention relates to the technical field of network flow monitoring and discloses a flow detection method which comprises the following steps of collecting flow static data and flow dynamic data, wherein the flow static data comprises basic flow parameters of network equipment in an idle state, the flow dynamic data comprises real-time flow parameters of the network equipment in a data transmission state, carrying out multidimensional feature extraction processing on the flow static data and the flow dynamic data to generate static feature vectors and dynamic feature vectors, and setting multidimensional feature extraction standards for different network states by collecting the flow static data and the flow dynamic data when carrying out network flow detection, so that the consistency of static and dynamic data collection is ensured, simultaneously, intelligent fusion processing is carried out on the extracted features, the problems of data alignment deviation and time sequence inconsistency can be corrected in real time, the accuracy of flow pattern identification is ensured, the abnormal detection error is reduced, and the reliability of detection results is improved.

Inventors

  • SUN JIAZI
  • SUN CHUANYOU
  • JI YUNLONG
  • SHAO YABIN
  • LI LUKUN
  • WANG WEIHE
  • HOU QINGLONG

Assignees

  • 黑龙江亿林网络股份有限公司

Dates

Publication Date
20260512
Application Date
20260112

Claims (10)

  1. 1. A flow detection method is characterized by comprising the following steps: S1, acquiring flow static data and flow dynamic data, wherein the flow static data comprise basic flow parameters of network equipment in an idle state, and the flow dynamic data comprise real-time flow parameters of the network equipment in a data transmission state; s2, carrying out multidimensional feature extraction processing on the flow static data and the flow dynamic data to generate a static feature vector and a dynamic feature vector; S3, performing feature fusion processing according to the static feature vector and the dynamic feature vector to generate a fusion feature matrix; S4, carrying out flow pattern recognition processing based on the fusion feature matrix to generate an initial flow pattern recognition result; S5, carrying out reliability evaluation processing on the initial flow pattern recognition result to generate a pattern reliability score; s6, performing self-adaptive detection adjustment processing according to the mode credibility score and the fusion feature matrix to generate optimized detection parameters; and S7, detecting the real-time network flow by using the optimized detection parameters to generate a final flow detection result.
  2. 2. The method for detecting flow according to claim 1, wherein the step of collecting flow static data and flow dynamic data in S1 comprises the steps of: S11, acquiring basic flow parameters of network equipment through a network probe, and generating an original static data set; s12, acquiring real-time flow parameters of the network equipment by using the flow monitoring equipment, and generating an original dynamic data set; S13, carrying out data preprocessing on the original static data set and the original dynamic data set, including data cleaning, outlier rejection and data standardization processing.
  3. 3. The method for traffic detection according to claim 1, wherein generating the static feature vector and the dynamic feature vector in S2 comprises the steps of: s21, performing time domain feature extraction on the preprocessed static data to generate a static time domain feature subset; s22, carrying out frequency domain feature extraction on the preprocessed dynamic data to generate a dynamic frequency domain feature subset; s23, extracting statistical features of static data and dynamic data to generate a statistical feature subset; S24, combining the time domain feature subset, the frequency domain feature subset and the statistical feature subset to generate a complete feature vector.
  4. 4. The method for traffic detection according to claim 1, wherein generating the fusion feature matrix in S3 comprises the steps of: s31, constructing a feature attention weight matrix, and calculating importance scores of all features; s32, weighting the feature vectors based on the importance scores; S33, performing dimension stitching on the weighted feature vectors to generate a fusion feature matrix; S34, performing dimension reduction treatment on the fusion feature matrix, and retaining main feature components.
  5. 5. The method for traffic detection according to claim 1, wherein generating the initial traffic pattern recognition result in S4 comprises the steps of: s41, constructing a deep neural network classification model, wherein the deep neural network classification model comprises an input layer, a plurality of hidden layers and an output layer; s42, inputting the fusion feature matrix into a classification model to classify the flow modes; S43, calculating probability distribution of each flow mode through a softmax function; s44, generating an initial flow pattern recognition result based on the probability distribution.
  6. 6. The method of claim 1, wherein generating a pattern confidence score in S5 comprises the steps of: s51, calculating confidence indexes of the classification result, wherein the confidence indexes comprise probability maximum values and probability distribution entropy values; s52, evaluating characteristic quality indexes including characteristic distinction degree and characteristic stability; s53, comprehensively evaluating the accuracy of the combination history detection result; s54, generating a mode credibility score, and establishing credibility level classification.
  7. 7. The method for detecting flow according to claim 1, wherein generating the optimized detection parameter in S6 comprises the steps of: s61, dynamically adjusting a detection threshold according to the credibility score, wherein the detection threshold comprises the following specific contents: When the reliability score is higher than a first threshold, the detection threshold is reduced, and the detection sensitivity is improved; when the reliability score is lower than a second threshold, the detection threshold is increased, and false alarm is reduced; S62, optimizing detection algorithm parameters, including learning rate adjustment and weight attenuation coefficient optimization; S63, adaptively updating the detection model according to the network environment change.
  8. 8. The method for detecting flow according to claim 1, wherein generating the final flow detection result in S7 comprises the steps of: s71, constructing a real-time flow detection assembly line, wherein the real-time flow detection assembly line comprises a data acquisition module, a feature extraction module and a mode identification module; S72, carrying out parallel processing on the real-time flow by utilizing the optimized detection parameters; S73, generating a detailed detection report, wherein the detailed detection report comprises a flow classification result, an abnormal flow identifier and a performance index; and S74, providing visual display and early warning functions of the detection result.
  9. 9. The method for traffic detection according to claim 1, further comprising a step S8 of establishing a feedback optimization mechanism: S81, establishing a feedback optimization mechanism, and updating a detection model periodically; s82, realizing multi-granularity flow analysis, and supporting detection of different time granularities of second level, minute level and hour level; S83, providing an API interface, and supporting integration with the existing network management system.
  10. 10. The method for traffic detection according to claim 1, further comprising the step of optimizing query performance in a columnar storage format S9: s91, performing persistent storage and intelligent archiving treatment on the final flow detection result, wherein the method specifically comprises the steps of writing the detection result into a distributed database system, optimizing query performance by adopting a column type storage format, setting a data retention strategy, and automatically cleaning historical data exceeding a preset period; S92, realizing real-time monitoring and performance tracking of a detection process, collecting system running indexes including CPU utilization rate, memory utilization rate and network delay by deploying a monitoring agent, and triggering an automatic alarm mechanism based on a threshold value; s93, providing multidimensional data analysis and visual display functions, supporting data drilling according to time ranges, flow types and equipment dimensions, and generating interactive charts and statistical reports.

Description

Flow detection method Technical Field The invention relates to the technical field of network flow monitoring, in particular to a flow detection method. Background Along with the wider and wider application of the network, the scale is also increased gradually, and the service carried in the network is also more and more abundant, so that in order to ensure the network security, in some application scenarios, the data traffic transmitted in the network is detected to determine whether viruses and attack messages exist in the data stream, and the data affecting the network security is caused. At present, in the existing network flow detection method, due to the lack of a cooperative control mechanism for the acquisition quality of multi-source heterogeneous data, when network flow anomaly detection is carried out, the problems of sampling frequency difference and feature dimension mismatch exist between acquired static flow data and dynamic flow data, so that data alignment deviation occurs in the feature fusion process, and when the existing time sequence inconsistency problem fails to be identified and corrected in time, flow pattern identification accuracy is reduced, and the accuracy of abnormal flow detection cannot be ensured. Therefore, a method of flow detection has been proposed to solve the above problems. Disclosure of Invention Aiming at the defects of the prior art, the invention provides a flow detection method, which solves the problems that the accuracy of flow pattern recognition is reduced and the accuracy of abnormal flow detection cannot be ensured in the prior art. In order to achieve the above purpose, the invention provides a flow detection method, which comprises the following steps: S1, acquiring flow static data and flow dynamic data, wherein the flow static data comprise basic flow parameters of network equipment in an idle state, and the flow dynamic data comprise real-time flow parameters of the network equipment in a data transmission state; s2, carrying out multidimensional feature extraction processing on the flow static data and the flow dynamic data to generate a static feature vector and a dynamic feature vector; S3, performing feature fusion processing according to the static feature vector and the dynamic feature vector to generate a fusion feature matrix; S4, carrying out flow pattern recognition processing based on the fusion feature matrix to generate an initial flow pattern recognition result; S5, carrying out reliability evaluation processing on the initial flow pattern recognition result to generate a pattern reliability score; s6, performing self-adaptive detection adjustment processing according to the mode credibility score and the fusion feature matrix to generate optimized detection parameters; and S7, detecting the real-time network flow by using the optimized detection parameters to generate a final flow detection result. Preferably, the collecting the flow static data and the flow dynamic data in S1 includes the following steps: S11, acquiring basic flow parameters of network equipment through a network probe, and generating an original static data set; s12, acquiring real-time flow parameters of the network equipment by using the flow monitoring equipment, and generating an original dynamic data set; S13, carrying out data preprocessing on the original static data set and the original dynamic data set, including data cleaning, outlier rejection and data standardization processing. Preferably, the generating the static feature vector and the dynamic feature vector in S2 includes the following steps: s21, performing time domain feature extraction on the preprocessed static data to generate a static time domain feature subset; s22, carrying out frequency domain feature extraction on the preprocessed dynamic data to generate a dynamic frequency domain feature subset; s23, extracting statistical features of static data and dynamic data to generate a statistical feature subset; S24, combining the time domain feature subset, the frequency domain feature subset and the statistical feature subset to generate a complete feature vector. Preferably, the generating the fusion feature matrix in S3 includes the following steps: s31, constructing a feature attention weight matrix, and calculating importance scores of all features; s32, weighting the feature vectors based on the importance scores; S33, performing dimension stitching on the weighted feature vectors to generate a fusion feature matrix; S34, performing dimension reduction treatment on the fusion feature matrix, and retaining main feature components. Preferably, the generating the initial traffic pattern recognition result in S4 includes the following steps: s41, constructing a deep neural network classification model, wherein the deep neural network classification model comprises an input layer, a plurality of hidden layers and an output layer; s42, inputting the fusion feature matrix into a classification mod