Method, Apparatus, and System for Identifying Abnormal IP Data Stream

摘要

A method, an apparatus, and a system for identifying an abnormal IP data stream, which are used to improve identification accuracy. The method provided by the embodiments of the present invention includes: receiving Y elements sent by a data collection node; mapping the Y elements to N buckets; acquiring a bucket in the N buckets as a target bucket; acquiring r upper traffic limits of a first object in r buckets within the current time interval, the first object is any object mapped to the target bucket; and identifying, according to a preset abnormal object type and the r upper traffic limits within the current time interval, whether the first object is an abnormal object, where the preset abnormal object type is a heavy hitter or a heavy changer.

主权项

1. A method for identifying an abnormal Internet Protocol (IP) data stream, wherein the method is applied to a work node, and comprises:
receiving, within a current time interval, Y elements sent by a data collection node, wherein Y is greater than or equal to 1, and wherein Y is an integer; mapping the Y elements to N buckets according to a mapping algorithm, wherein N is greater than or equal to 1, and wherein N is an integer; acquiring a bucket in the N buckets as a target bucket, wherein total traffic of all elements mapped to the bucket is greater than or equal to a first threshold; acquiring r upper traffic limits of a first object in r buckets within the current time interval, wherein the r buckets are buckets to which the first object is mapped, wherein the first object is any object mapped to the target bucket, wherein each bucket in the r buckets comprises one upper traffic limit for the first object, wherein r is greater than or equal to 1, and wherein r is an integer; and identifying, according to a preset abnormal object type and the r upper traffic limits within the current time interval, whether the first object is an abnormal object, wherein the preset abnormal object type is one of a heavy hitter type and a heavy changer type.