The invention discloses an
attack detection method and device based on an
attack detection model, a medium and equipment, relates to the field of
network security, and mainly aims to solve the problems that when an existing
machine learning
algorithm is used for
attack behavior detection, due to the fact that the number of training samples and the number of
feature selection are small, the accuracy of an attack detection result is low, and the efficiency is high. And the
false alarm rate is high. Comprising the steps of obtaining operation behavior data of a target user; the operation data are classified based on an attack detection model after model training is completed, a
classification result is obtained, the attack detection model is constructed based on a
support vector machine algorithm, model training is completed based on training samples and script language features, and the
classification result is obtained. The training sample is composed of an attack sample collected based on an attack tool and a normal sample generated based on an automatic test attack, and the script language feature is extracted based on the attack sample; and if the
classification result is an attack behavior, outputting an attack warning, and intercepting data generated by all operation behaviors of the target user.