Frequent subgraph mining based abnormal intrusion detection method

A technology of frequent subgraphs and intrusion detection, which is applied in the fields of instruments, digital data processing, platform integrity maintenance, etc., can solve the problems of difficulty in obtaining variable-length feature patterns, difficult trade-offs, etc., so as to reduce the dependence on training data and improve the The effect of discriminating ability

Active Publication Date: 2011-02-16
SICHUAN UNIV
View PDF4 Cites 23 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

However, in terms of method, there is a certain difficulty in obtaining variab

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Frequent subgraph mining based abnormal intrusion detection method
  • Frequent subgraph mining based abnormal intrusion detection method
  • Frequent subgraph mining based abnormal intrusion detection method

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0050] The detection model and basic idea of ​​the present invention:

[0051] The traditional intrusion detection method based on the system call sequence, whether it is the initial research on the call sequence, or the introduction of mathematical models such as hidden Markov or artificial immunity, the core idea has basically not changed, and it is an enumeration matching method. . The enumeration matching method divides the original system call sequence in various preset forms, and finally takes the sequence fragments that meet the requirements—called short system call sequences—as the most basic data processing unit and classifies them into feature pattern set. Therefore, although the technical means used in the construction of the intrusion detection model have their own characteristics, the feature patterns obtained by most traditional methods have inevitable limitations, that is, they only reflect the local characteristics of a certain trained system call sequence. ....

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses a frequent subgraph mining based abnormal intrusion detection method, which belongs to an intrusion detection method for network security. In the invention, a frequent subgraph mining theory is introduced; and by using the peculiar generative capacity of a system call sequence transformed into digraph structure, a considerable quantity of effective generative characteristic patterns can be obtained by a small scale of training data, which greatly reduces the dependence of an offline learning process on training data quantity, thereby dealing with various conditions in real-time detection more easily; and meanwhile, an expanded characteristic pattern set has an ability to identify unknown program behaviors, which can effectively reduces the false alarm rate of detecting results.

Description

technical field [0001] The invention relates to an intrusion detection method in network security, in particular to a method for detecting abnormal intrusion in the network by combining frequent subgraph mining theory with system call sequence. Background technique [0002] With the rapid development of computer networks and the widening of application fields, the security of computers has attracted more and more attention. As an effective means to protect computer security, intrusion detection technology has gradually developed into a core research direction in the field of computer network security. [0003] The system call sequence generated when the system process is executed contains some specific behavior patterns of the process, extracting and analyzing the patterns exhibited by these system calls, and matching the pattern with the system call sequence generated by the process in real time, can effectively supervise Privileged program activities and identifying abnor...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
IPC IPC(8): H04L29/06G06N99/00G06F21/00G06F21/55
Inventor 王俊峰刘辉高翔佘春东邢李泉
Owner SICHUAN UNIV
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap