Journal of Beijing University of Posts and Telecommunications

  • EI核心期刊

Journal of Beijing University of Posts and Telecommunications ›› 2022, Vol. 45 ›› Issue (3): 19-25.doi: 10.13190/j.jbupt.2021-271

• PAPERS • Previous Articles     Next Articles

Application of Flow Spectrum Theory in Network Defense

GUO Shize1, Lü Renjian1, HE Mingshu2, ZHANG Jie2, YU Saisai3   

  1. 1. School of Cyberspace Security, Beijing University of Posts and Telecommunications, Beijing 100876, China;
    2. School of Electronic Engineering, Beijing University of Posts and Telecommunications, Beijing 100876, China;
    3. No.30 Institute of China Electronics Technology Group Corporation, Chengdu 610041, China
  • Received:2021-11-04 Online:2022-06-28 Published:2022-06-01

Abstract: In the process of network data processing and analysis, to solve the problems of large observation, poor interpretability and high difficulty of feature separation in traditional methods, the basic method of mapping network flow data from the original "flow" space to the "flow spectrum" space is proposed. The proposed method satisfies and thus the requirements of interpretability, observability, express ability and disposal of network behavior, and thus the downstream tasks can be weel completed. Based on the matrix compression principle of the low rank of high-dimensional objectives, the low-dimensional description of data is realized, and the mapping of the original network flow from "flow" to data characteristic matrix is completed. Based on matrix theory, information theory and metric space theory, multiple base spectral spaces that are expressed as isomorphically as possible are established to complete the separable isomorphic mapping of a characteristic matrix in "spectral" space. The background network flow, network threat, malicious attack and abnormal behavior are descrebed through the "flow spectrum", which is applied in network defense to improve the defense ability of cyberspace and provide new ideas for the defense system of cyberspace.

Key words: network traffic, flow spectrum, network defense, malicious behavior analysis, threat indication

CLC Number: