Method of analysis of information flows and determine the status of a secure network based on adaptive FORECASTING AND DEVICE FOR ITS IMPLEMENTATION

摘要

1. A method of analyzing an information stream and determining the state of the network security based adaptive prediction, comprising the steps of network traffic that is isolated from the flow of information packets transmitted on the TCP / IP protocols, the selected packets extracted from the characteristic parameters for matching IP-address recipient and send a signal recorded on abnormal values ​​in IP-addresses, TCP packet count ratio defined flags SYN and FIN in unit time and record the obtained value as the first with The sign of the abnormal traffic, is calculated intensity information exchange TCP packets per unit time and record the obtained value as a second indication of an anomalous traffic calculated amount of TCP-packet arriving in a unit time and record the obtained value as the third sign of the abnormal traffic, is calculated ratio of the number of packets rejected came to the total number of packets and record the obtained value as the fourth sign of the abnormal traffic detection incorrect IP-addresses recorded signa Previous IP-address of the received characteristic values ​​anomalous traffic normalized and record obtained after the normalization value on the basis of the obtained values ​​is calculated numerical value of the level of traffic abnormality and displays this value on the device output information, characterized in that before allocation of packets of information stream recorded medium weighting values ​​features abnormal traffic prediction unit normalization after the abnormal traffic signs according to the current received