Eureka AIR delivers breakthrough ideas for toughest innovation challenges, trusted by R&D personnel around the world.

Storage abnormal detecting method based on artificial immunity

An anomaly detection and artificial immunization technology, which is applied in the fields of instruments, calculations, electrical digital data processing, etc., can solve problems such as inability to diagnose users, inability to achieve storage anomaly active defense capabilities, and failure to reach

Inactive Publication Date: 2009-06-17
HUAZHONG UNIV OF SCI & TECH
View PDF0 Cites 13 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

But none of them can diagnose the user's access behavior
For example, if an intruder uses a stolen account, the authentication subsystem in the storage system will regard the user as a legitimate user, and the intruder will pose a threat to the storage system and even destroy existing stored data, that is, the traditional authentication system Unable to form an effective detection of legitimate users' ultra vires behavior
[0003] In recent years, some researchers have proposed new technologies such as rule-based filtering, statistical analysis, pattern matching, hidden Markov model, and data mining, which have improved the traditional storage anomaly detection technology that cannot detect user behavior and detection rate to a certain extent. Inferiority and other flaws, but they are all technically congenitally deficient
For example, rule-based filtering is to define a set of rules in advance, and then use this set of rules to match the user's access behavior, that is, it adopts a preset and feature analysis working principle. It is an update that lags behind the attack means, so it cannot achieve active defense against storage anomalies, and does not have real-time and adaptive functions
For more statistical analysis methods, such as Bayesian statistical methods, there is also the problem that the threshold is difficult to effectively determine. Here, the threshold refers to the critical value for judging whether the behavior is abnormal. If the threshold is too small, a large number of false positives will be generated, and if the threshold is too large A large number of false negatives will be generated. They are all passive security protection measures, which can only detect abnormal characteristics under predefined rules, and are powerless to new types of storage anomalies. Therefore, the detection rate cannot be guaranteed and cannot reach the true sense. Storage Security System Requirements

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Storage abnormal detecting method based on artificial immunity
  • Storage abnormal detecting method based on artificial immunity
  • Storage abnormal detecting method based on artificial immunity

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0017] In large-scale storage systems, it is difficult to detect anomalies in all data because the data volume is usually huge. Metadata is the information describing other data, that is, the data of the data. We will identify abnormal read / write access requests by monitoring the relevant metadata of user access. This method can reduce the calculation and design complexity of the detection system . A metaphor for the immune principle of the biological immune system, drawing on the immune mechanism of generating antibodies and matching antigens in organisms, and finally identifying 'self' and 'others'. Below in conjunction with accompanying drawing and example the present invention is described in further detail.

[0018] How to get storage metadata? The first is to intercept the system call of the access request, and then combine the access control mode and MD5 value of the requested file to form a figure 1 The storage metadata data structure shown includes file name, user ...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention discloses a storage abnormality detection method based on artificial immunity, which adopts non-self detection mechanism of natural immunity system to judge the legality of data read / write request, realizes immunity abnormality detection on the data of storage element via monitoring the data of storage element formed by data read / write request, induces self learning and forgetting mechanism and the like in natural immunity system to refresh the weight value of a detector after each detection on user's read / write request and periodically eliminate or rebuild the detector according to the weight value, to adapt new non-self ones continuously appearing in storage system. Via the detector refresh mechanism, the method is different from prior storage abnormality detection technology, to realize actual intelligent abnormality detection, and the method has artificial intelligence as self learning and self adaptive characteristics, to effectively recognize new appeared abnormalities.

Description

technical field [0001] The invention belongs to the field of computer storage security, and in particular relates to a storage anomaly detection method based on artificial immunity. This method achieves the abnormal detection purpose of the storage system by analyzing the storage metadata. It not only has the characteristics of artificial intelligence such as self-learning, self-adaptation, and computing parallelism, but also can achieve high detection rate and low false alarm rate detection effect. Background technique [0002] Anomaly detection usually refers to storing the user's normal behavior characteristics in the characteristic database, and then comparing the user's current behavior characteristics with the characteristics in the characteristic database. If the deviation between the two exceeds a certain range, it is considered that an abnormality has occurred. Here, the relevant behaviors or phenomena such as violating access rules and destroying integrity in the s...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Applications(China)
IPC IPC(8): G06F21/00G06F17/30G06F21/78
Inventor 谢长生黄建忠陈云亮方允福李欣
Owner HUAZHONG UNIV OF SCI & TECH
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com