CN105049291B - A method of detection exception of network traffic - Google Patents
A method of detection exception of network traffic Download PDFInfo
- Publication number
- CN105049291B CN105049291B CN201510513055.7A CN201510513055A CN105049291B CN 105049291 B CN105049291 B CN 105049291B CN 201510513055 A CN201510513055 A CN 201510513055A CN 105049291 B CN105049291 B CN 105049291B
- Authority
- CN
- China
- Prior art keywords
- message
- array
- unit time
- time quantity
- history
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Expired - Fee Related
Links
Landscapes
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
本发明公开了一种检测网络流量异常的方法。该方法包括:接收报文;记录所述报文的数量;根据当前报文数量与预设历史时段前的历史报文数量之间的差值,计算出所述报文当前的单位时间数量;根据所述单位时间数量,结合动态基线和固定阈值,判断网络流量是否发生异常。本发明实施例通过采取上述方案,将报文分类统计与动态基线和固定阈值相结合对网络流量进行检测,一方面,可以对每类报文的流量进行准确监测,另一方面,结合动态基线和固定阈值,可以减少信息的漏报和误报,提高网络流量异常检测的准确率。
The invention discloses a method for detecting abnormality of network traffic. The method includes: receiving a message; recording the number of the message; calculating the current unit time quantity of the message according to the difference between the current number of messages and the number of historical messages before a preset historical period; According to the unit time quantity, combined with the dynamic baseline and the fixed threshold, it is determined whether the network traffic is abnormal. By adopting the above solution, the embodiment of the present invention detects network traffic by combining packet classification statistics with dynamic baselines and fixed thresholds. On the one hand, the traffic of each type of packets can be accurately monitored; on the other hand, combined with dynamic baselines and fixed thresholds, which can reduce false negatives and false positives, and improve the accuracy of network traffic anomaly detection.
Description
Technical field
The present invention relates to field of communication technology more particularly to a kind of methods for detecting exception of network traffic.
Background technique
With the fast development and extensive use of computer and Internet technology, the system of computer network is counted safely
Various threats such as calculation machine virus and hacker attack are increasing, will lead to Network Abnormal, often in order to ensure network is normal
The normal development of stable operation and business, operator must be detected and be cleaned to flow.
That cause high risks to network at present is distributed denial of service attack (DDoS, Distributed Denial
Of Service), and in a variety of ddos attack modes, and based on flood type (FLOOD) attack, it is characterized in that message amount or
Person's flow increases amplitude becomes very big suddenly, it not only will affect the server attacked, it is also possible to feed through to and by attack mesh
The other servers being marked in consolidated network, therefore detect that the attack of FLOOD type is most important in time.
It is in the prior art to count total message and total flow merely to the attack detection method of FLOOD type, then establishes dynamic
State baseline is directly made comparisons with a fixed threshold to obtain testing result.The shortcomings that above method, is: on the one hand, only
Consider total message and total flow, the flow that will lead to even if some message increases, but total message and total flow may be in steady
State, therefore still inspection do not measure attack;Or even if total flow increases, but belong to the growth of regular traffic, this can
It can generate wrong report;On the other hand, merely use fixed threshold, threshold value set to obtain it is too low can be easy wrong report, if high easy leakage
Report, and Dynamic Baseline is merely used, in the case that certain original flows of target are relatively low, even if the value that flow increases is not
Can be very big, the state presented on flow dynamics baseline may be that curve rises, to also result in wrong report.
Summary of the invention
In view of this, the embodiment of the present invention provides a kind of method for detecting exception of network traffic, to solve in the prior art
It is high that rate of failing to report is reported by mistake by the total message of simple statistics and total flow and merely using fixed threshold or Dynamic Baseline bring
The problems such as, to improve the accuracy rate of detection.
The embodiment of the invention provides a kind of methods for detecting exception of network traffic, comprising:
Receive message;
Record the quantity of the message;
According to the difference between the history message amount before current message quantity and default historical period, the report is calculated
The current unit time quantity of text;
Judge whether network flow is abnormal in conjunction with Dynamic Baseline and fixed threshold according to the unit time quantity.
A kind of method detecting exception of network traffic provided in an embodiment of the present invention, this method are counted by message classification and are tied
It closes Dynamic Baseline and fixed threshold network flow is detected, on the one hand, accurate measurements can be carried out to the flow of every class message,
On the other hand, in conjunction with Dynamic Baseline and fixed threshold, it is possible to reduce information being failed to report and reporting by mistake, and exception of network traffic detection is improved
Accuracy rate.
Detailed description of the invention
By reading a detailed description of non-restrictive embodiments in the light of the attached drawings below, of the invention other
Feature, objects and advantages will become more apparent upon:
Fig. 1 is a kind of flow chart of the method for detection exception of network traffic that the embodiment of the present invention one provides;
Fig. 2 is a kind of flow chart of method for detecting exception of network traffic provided by Embodiment 2 of the present invention.
Specific embodiment
The present invention is described in further detail with reference to the accompanying drawings and examples.It is understood that this place is retouched
The specific embodiment stated is used only for explaining the present invention rather than limiting the invention.It also should be noted that in order to just
In description, only some but not all contents related to the present invention are shown in the drawings.
Embodiment one
Fig. 1 is a kind of flow chart of the method for detection exception of network traffic that the embodiment of the present invention one provides, this method energy
Enough detections realized to exception of network traffic, can be executed by server or terminal.
As shown in Figure 1, this method comprises:
S110, message is received;
The data cell with transmission is exchanged in message, that is, network, wherein containing the complete data information to be sent, is wrapped
Include its type, version, length etc.;CPU can constantly receive various types of message to system in the process of running,
Such as, syn (synchronous, the agreement interconnected between transmission control protocol/network establish the handshake used when connection) report
Text, icmp (Internet Control Message Protocol, Internet Control Message Protocol) message etc..
S120, the quantity for recording the message;
Specifically, carrying out type identification, and the number of the message according to the class record of the message to received message
Amount.Be stored with the code of all kinds of messages in systems, when there is a kind of message, system can according to its corresponding code to its into
Row classification processing, and correspondingly record the quantity of the type message.It, can be with monitor by carrying out statistic of classification to message
The changes in flow rate of every class message, so as to accurately judge that Traffic Anomaly occurs in which class type of message.
S130, according to the difference between the history message amount before current message quantity and default historical period, calculate
The current unit time quantity of the message;
The preset period of time is pre-set sometime length as needed, be system automatic collection message information and
The minimum period of all kinds of message amounts is counted, i.e., at interval of this time length, the quantity of system meeting all kinds of messages of programming count.This
The setting of time span can be arbitrary, such as 1 second, 2 seconds, 1 minute etc., but be arranged time span will with it is actually detected
Demand be adapted, setting it is too long, be easy to cause and fail to report, the too short of setting can be to the excessive load of system, without practical
Value.Preferably, the time span of the default historical period is 1 second.Before the current message quantity and default historical period
History message amount between difference be current message quantity and ground difference between history message amount, as institute before 1 second
State the current quantity per second of message.By the quantity that the calculating message is per second, too big load will not be not only brought to system, but also
Message amount can be counted in real time, reduce the probability failed to report, to improve the accuracy rate of detection.
S140, according to the difference between the history message amount before current message quantity and default historical period, calculate
The current unit time quantity of the message;
The baseline is flow baseline, and for characterizing the growth rate of flow, i.e., using the time as axis of abscissas, flow value is
In the coordinate system of axis of ordinates, curve that the flow made changes over time.Dynamic Baseline is dynamic flow baseline, i.e. flow
Growth rate constantly updating, and the corresponding flow growth rate of same time difference message is also different.According to Dynamic Baseline
Judge Traffic Anomaly, i.e., makees attack judgement according to the growth rate of every class message, net individually will cause according to dynamic flow baseline
The erroneous judgement of network Traffic anomaly detection.(Internet Protocol, the agreement interconnected between network) is common for example, IP
Every second flow seldom only has 1kbps (bit rate indicates the transmission speed of network), if lower second flow of the IP rises to
100kbps, although flow is seldom, but growth rate has but reached 10000%, this flow baseline can be in clearly upper
The trend of liter, but a possibility that flow of 100kbps is attacked is very small, so the probability judged by accident at this time is just very greatly.
The fixed threshold, that is, a certain flow value set then judge exception of network traffic more than this value.It is different types of
Its threshold value of message is generally different, such as (HTTP-Hypertext transfer protocol, hypertext pass an offer http
Send agreement) IP of service, under normal circumstances, received icmp message is generally than syn message much less, therefore icmp is reported
The threshold value of the threshold value ratio syn message of text is much smaller.Specifically, the flow that the threshold value of every class message can according to need detection is big
Small setting also has more common setting, such as the flow threshold of syn message is set as 1000 etc..Merely using fixed threshold
Value judges whether flow is abnormal, threshold value set it is too low can be easy to cause wrong report, if excessively high be easy to cause fail to report.
In the technical scheme, according to the unit time quantity combination Dynamic Baseline and fixed threshold, judge network flow
Whether amount is abnormal, it is possible to reduce the probability failed to report or reported by mistake, while the quantity of every class message can be accurately detected, it improves
The accuracy rate of detection.
Embodiment two
Fig. 2 is a kind of flow chart of method for detecting exception of network traffic provided by Embodiment 2 of the present invention, the present embodiment
On the basis of embodiment 1, step S140 is further refined as:
Judge whether network flow is abnormal in conjunction with Dynamic Baseline and fixed threshold according to the unit time quantity
Include:
Judge whether the unit time quantity whether not for 0, and is less than or equal to the setting multiple of current Dynamic Baseline value;
If so, the history message amount is added the unit time quantity, then divided by the summary journal time, by result
It is updated to current Dynamic Baseline value;
If it is not, it is different to determine that the flow of the message occurs when then judging that the unit time quantity is greater than fixed threshold
Often.
The method of the present embodiment specifically includes:
S210, creation history total amount array, normal total amount array, unit time quantity array, baseline array and number of threshold values
Group;
The history total amount array is used for log history message amount;
The normal total amount array is for recording current message quantity;
The unit time quantity array is for recording the unit time quantity;
The baseline array is for recording Dynamic Baseline value;
The threshold value array is for recording fixed threshold.
The array is created in each ground IP, the quantity for stored messages, wherein array title is arbitrary, such as
First second array of array etc. can also be indicated with any different English alphabet.Preferably, the data that title is stored with it
Feature is consistent, respectively indicates history total amount array, normal total amount array, unit time quantity number with English alphabet C, N, S, D, M
Group, baseline array and threshold value array, and the quantity for characterizing message different characteristic is stored in corresponding array.Using title with
The data characteristics that it is stored is consistent, it is easier to be identified and operate.
S220, message is received;
S230, the quantity for recording the message;
Type identification is carried out to received message, type can be indicated with certain symbols, such as a letter, number, the Chinese
Word etc., it is preferred that the message of a certain type is indicated with T.Specifically, recording the quantity of the message to the normal total amount number
In group, that is, record the current total number of the message.The current total number of the message can be expressed as N [T].
S240, according to the difference between the history message amount before current message quantity and default historical period, calculate
The current unit time quantity of the message;
Current message quantity is stored in normal total amount array, and history message amount is stored in history total amount array, when
Preceding unit time quantity is stored in unit time quantity array, in the present embodiment, specifically, from the normal total amount array
When extracting current value respectively in history total amount array, subtract each other to calculate the unit time quantity, and storing to the unit
Between in quantity array.
S250, judge whether the unit time quantity whether not for 0, and is less than or equal to the setting of current Dynamic Baseline value
Multiple;
If so, the history message amount is added the unit time quantity, then divided by the summary journal time, by result
It is updated to current Dynamic Baseline value;
If it is not, it is different to determine that the flow of the message occurs when then judging that the unit time quantity is greater than fixed threshold
Often.
Set multiple, that is, a certain reasonable numerical value set, this numerical value can by experiment conclusion or other way into
Row reasonable set.Preferably, for the multiple that sets as 4 times, this multiple is the more reasonable numerical value obtained in a large number of experiments.
When the unit time quantity, when less than or equal to 4 times of current Dynamic Baseline value, flow growth rate is not very big, network
Flow is not in exception, needs to calculate current flow baseline, i.e., current flow growth rate (current flow total amount at this time
Divided by total time);When the unit time quantity is greater than 4 times of current Dynamic Baseline value, growth rate is with regard to bigger, at this time
Network is most likely subject to attack, it is therefore desirable to further judge whether its value is greater than corresponding fixed threshold, if so, determining net
Otherwise network Traffic Anomaly is considered as normal and continues step S220.
Based on above-mentioned steps, the unit time quantity, Dynamic Baseline value, history message amount, fixed threshold, summary journal
Time uses S [T], D [T], C [T], M [T], t to indicate that then step S250 is represented by, but is not expressed as uniquely respectively,
If S [T] ≠ 0 and S [T]≤4*D [T], it is updated to current Dynamic Baseline value D [T]=(C [T]+S [T])/t.
If S [T] > M [T], it is determined that the flow of the message is abnormal.
In the present embodiment, according to the unit time quantity combination Dynamic Baseline and fixed threshold, judge that network flow is
It is no to be abnormal, it is possible to reduce the probability failed to report or reported by mistake, while the quantity of every class message can be accurately detected, improve inspection
The accuracy rate of survey.
Note that the above is only a better embodiment of the present invention and the applied technical principle.It will be appreciated by those skilled in the art that
The invention is not limited to the specific embodiments described herein, be able to carry out for a person skilled in the art it is various it is apparent variation,
It readjusts and substitutes without departing from protection scope of the present invention.Therefore, although being carried out by above embodiments to the present invention
It is described in further detail, but the present invention is not limited to the above embodiments only, without departing from the inventive concept, also
It may include more other equivalent embodiments, and the scope of the invention is determined by the scope of the appended claims.
Claims (4)
1. a kind of method for detecting exception of network traffic characterized by comprising
Receive message;
Type identification, and the quantity of the message according to the class record of the message are carried out to received message;
According to the difference between the history message amount before current message quantity and default historical period, calculates the message and work as
Preceding unit time quantity, wherein the time span of the default historical period is 1 second;
Judge whether network flow is abnormal in conjunction with Dynamic Baseline and fixed threshold according to the unit time quantity;
Wherein, judge whether network flow is abnormal in conjunction with Dynamic Baseline and fixed threshold according to the unit time quantity
Include:
Judge whether the unit time quantity whether not for 0, and is less than or equal to the setting multiple of current Dynamic Baseline value;
If so, the history message amount is added the unit time quantity, then divided by the summary journal time, result is updated
For current Dynamic Baseline value;
If it is not, determining that the flow of the message is abnormal when then judging that the unit time quantity is greater than fixed threshold.
2. according to the method described in claim 1, it is characterized by: the multiple that sets is 4 times.
3. the method according to claim 1, wherein further include:
Create history total amount array, normal total amount array, unit time quantity array, baseline array and threshold value array;
The history total amount array is used for log history message amount;
The normal total amount array is for recording current message quantity;
The unit time quantity array is for recording the unit time quantity;
The baseline array is for recording Dynamic Baseline value;
The threshold value array is for recording fixed threshold.
4. according to the method described in claim 3, it is characterized by:
The quantity for recording the message includes: to record the quantity of the message into the normal total amount array;
According to the difference between the history message amount before current message quantity and default historical period, calculates the message and work as
Preceding unit time quantity includes: to extract current value respectively from the normal total amount array and history total amount array, subtract each other with
The unit time quantity is calculated, and is stored into the unit time quantity array.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510513055.7A CN105049291B (en) | 2015-08-20 | 2015-08-20 | A method of detection exception of network traffic |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510513055.7A CN105049291B (en) | 2015-08-20 | 2015-08-20 | A method of detection exception of network traffic |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN105049291A CN105049291A (en) | 2015-11-11 |
| CN105049291B true CN105049291B (en) | 2019-01-04 |
Family
ID=54455512
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201510513055.7A Expired - Fee Related CN105049291B (en) | 2015-08-20 | 2015-08-20 | A method of detection exception of network traffic |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN105049291B (en) |
Families Citing this family (20)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107438262B (en) * | 2016-05-25 | 2019-12-13 | 中国移动通信集团设计院有限公司 | abnormal user identification method and device |
| CN106254159A (en) * | 2016-09-26 | 2016-12-21 | 杭州迪普科技有限公司 | Link method for detecting abnormality and device |
| CN106991145B (en) * | 2017-03-23 | 2021-03-23 | 中国银联股份有限公司 | Data monitoring method and device |
| CN108668311B (en) * | 2017-03-29 | 2021-07-30 | 中国移动通信集团四川有限公司 | Residential area traffic early warning method and device |
| CN107086944B (en) * | 2017-06-22 | 2020-04-21 | 北京奇艺世纪科技有限公司 | Anomaly detection method and device |
| CN107689967B (en) * | 2017-10-23 | 2020-03-03 | 中国联合网络通信集团有限公司 | DDoS attack detection method and device |
| CN107911375A (en) * | 2017-11-28 | 2018-04-13 | 四川长虹电器股份有限公司 | Operation system safety protecting method based on flow monitoring |
| CN111092849B (en) * | 2018-10-24 | 2022-01-25 | 中移(杭州)信息技术有限公司 | Traffic-based detection method and device for distributed denial of service |
| CN109587167B (en) * | 2018-12-28 | 2021-09-21 | 杭州迪普科技股份有限公司 | Message processing method and device |
| CN110784458B (en) * | 2019-10-21 | 2023-04-18 | 新华三信息安全技术有限公司 | Flow abnormity detection method and device and network equipment |
| CN111262750B (en) * | 2020-01-09 | 2021-08-27 | 中国银联股份有限公司 | Method and system for evaluating baseline model |
| CN111817909B (en) * | 2020-06-12 | 2022-01-21 | 中国船舶重工集团公司第七二四研究所 | Equipment health management method based on behavior set template monitoring |
| CN112600828B (en) * | 2020-12-07 | 2022-08-12 | 中国南方电网有限责任公司超高压输电公司 | Attack detection and protection method and device for power control system based on data message |
| CN113595784B (en) * | 2021-07-26 | 2024-05-31 | 招商银行股份有限公司 | Network traffic detection method, device, equipment, storage medium and program product |
| CN113645215B (en) * | 2021-08-03 | 2023-05-26 | 恒安嘉新(北京)科技股份公司 | Abnormal network traffic data detection method, device, equipment and storage medium |
| CN114172708A (en) * | 2021-11-30 | 2022-03-11 | 北京天一恩华科技股份有限公司 | Method for identifying network flow abnormity |
| CN114297657A (en) * | 2021-12-31 | 2022-04-08 | 深信服科技股份有限公司 | File behavior detection baseline determination and file behavior abnormal detection method and device |
| CN116366278A (en) * | 2022-12-23 | 2023-06-30 | 天翼安全科技有限公司 | A network traffic cleaning method, device, equipment and medium |
| CN116938769B (en) * | 2023-09-15 | 2023-12-05 | 深圳开鸿数字产业发展有限公司 | Flow anomaly detection method, electronic device, and computer-readable storage medium |
| CN117955733B (en) * | 2024-03-21 | 2024-06-18 | 北京航空航天大学 | Vehicle-mounted CAN network intrusion detection method and system |
Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102104611A (en) * | 2011-03-31 | 2011-06-22 | 中国人民解放军信息工程大学 | Promiscuous mode-based DDoS (Distributed Denial of Service) attack detection method and device |
| CN104348811A (en) * | 2013-08-05 | 2015-02-11 | 深圳市腾讯计算机系统有限公司 | Method and device for detecting attack of DDoS (distributed denial of service) |
Family Cites Families (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US7668966B2 (en) * | 2001-11-02 | 2010-02-23 | Internap Network Services Corporation | Data network controller |
| CN101572701B (en) * | 2009-02-10 | 2013-11-20 | 中科信息安全共性技术国家工程研究中心有限公司 | Security gateway system for resisting DDoS attack for DNS service |
| CN102111307B (en) * | 2009-12-29 | 2013-09-04 | 亿阳信通股份有限公司 | Method and device for monitoring and controlling network risks |
| CN102821081B (en) * | 2011-06-10 | 2014-12-17 | 中国电信股份有限公司 | Method and system for monitoring DDOS (distributed denial of service) attacks in small flow |
| CN103973663A (en) * | 2013-02-01 | 2014-08-06 | 中国移动通信集团河北有限公司 | Method and device for dynamic threshold anomaly traffic detection of DDOS (distributed denial of service) attack |
| CN103412911B (en) * | 2013-08-02 | 2016-08-10 | 中国工商银行股份有限公司 | The method for monitoring performance of Database Systems and device |
| CN103532940B (en) * | 2013-09-30 | 2016-06-08 | 广东电网公司电力调度控制中心 | network security detection method and device |
-
2015
- 2015-08-20 CN CN201510513055.7A patent/CN105049291B/en not_active Expired - Fee Related
Patent Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102104611A (en) * | 2011-03-31 | 2011-06-22 | 中国人民解放军信息工程大学 | Promiscuous mode-based DDoS (Distributed Denial of Service) attack detection method and device |
| CN104348811A (en) * | 2013-08-05 | 2015-02-11 | 深圳市腾讯计算机系统有限公司 | Method and device for detecting attack of DDoS (distributed denial of service) |
Also Published As
| Publication number | Publication date |
|---|---|
| CN105049291A (en) | 2015-11-11 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN105049291B (en) | A method of detection exception of network traffic | |
| US10686814B2 (en) | Network anomaly detection | |
| US9860278B2 (en) | Log analyzing device, information processing method, and program | |
| JP5767617B2 (en) | Network failure detection system and network failure detection device | |
| CN108521408B (en) | Method and device for resisting network attack, computer equipment and storage medium | |
| CN111277570A (en) | Data security monitoring method and device, electronic equipment and readable medium | |
| US20230018908A1 (en) | Feedback-based control system for software defined networks | |
| US10257213B2 (en) | Extraction criterion determination method, communication monitoring system, extraction criterion determination apparatus and extraction criterion determination program | |
| US20130263259A1 (en) | Analyzing response traffic to detect a malicious source | |
| CN106534068B (en) | Method and device for cleaning counterfeit source IP in DDOS defense system | |
| CN106506242A (en) | A kind of Network anomalous behaviors and the accurate positioning method and system of flow monitoring | |
| CN114189361B (en) | Situation awareness method, device and system for defending threat | |
| EP3242240B1 (en) | Malicious communication pattern extraction device, malicious communication pattern extraction system, malicious communication pattern extraction method and malicious communication pattern extraction program | |
| CN106452941A (en) | Network anomaly detection method and device | |
| CN112422554A (en) | Method, device, equipment and storage medium for detecting abnormal traffic external connection | |
| CN110213254A (en) | A kind of method and apparatus that Internet protocol IP packet is forged in identification | |
| CN105282152A (en) | Abnormal flow detection method | |
| CN114584356A (en) | Network security monitoring method and network security monitoring system | |
| JP2007179131A (en) | Event detection system, management terminal and program, and event detection method | |
| CN109413022B (en) | Method and device for detecting HTTP FLOOD attack based on user behavior | |
| CN117955729A (en) | A method, device and electronic device for detecting malicious software based on flow | |
| KR100651746B1 (en) | Apparatus and method for displaying network status using traffic flow radar | |
| Holl | Exploring DDoS defense mechanisms | |
| JP2017211806A (en) | Communication monitoring method, security management system and program | |
| CN113660223B (en) | Network security data processing method, device and system based on alarm information |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| CB02 | Change of applicant information |
Address after: 705-708, room two, No. 121, north south of the Five Ridges Avenue, Chancheng District, Guangdong, Foshan, 528000 Applicant after: GUANGDONG EFLYCLOUD COMPUTING Co.,Ltd. Address before: Chancheng District of Guangdong city of Foshan province south of the Five Ridges 528000 Avenue North 121 East International A District Office 7-8 Applicant before: Guangdong Ruijiang Technology Co.,Ltd. |
|
| COR | Change of bibliographic data | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant | ||
| EE01 | Entry into force of recordation of patent licensing contract | ||
| EE01 | Entry into force of recordation of patent licensing contract |
Application publication date: 20151111 Assignee: Guangdong Yaoda Financial Leasing Co.,Ltd. Assignor: GUANGDONG EFLYCLOUD COMPUTING Co.,Ltd. Contract record no.: X2020980005383 Denomination of invention: A method of detecting abnormal network traffic Granted publication date: 20190104 License type: Exclusive License Record date: 20200826 |
|
| PE01 | Entry into force of the registration of the contract for pledge of patent right | ||
| PE01 | Entry into force of the registration of the contract for pledge of patent right |
Denomination of invention: A method of detecting abnormal network traffic Effective date of registration: 20200904 Granted publication date: 20190104 Pledgee: Guangdong Yaoda Financial Leasing Co.,Ltd. Pledgor: GUANGDONG EFLYCLOUD COMPUTING Co.,Ltd. Registration number: Y2020980005729 |
|
| CF01 | Termination of patent right due to non-payment of annual fee | ||
| CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20190104 |