Anomaly detection method for various kinds of intrusion

A technology of anomaly detection and service type, applied in the field of anomaly detection, to achieve the effect of fast classification performance, less training samples, and short training time

Inactive Publication Date: 2012-04-18
NANJING UNIV OF POSTS & TELECOMM
View PDF2 Cites 45 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

At present, the existing methods include one-to-many method, one-to-one method, linear programming solution method, directed acyclic graph multi-class SVM algorithm (DAG-SVM), error correction coded SVM (ECC-SVM)

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Anomaly detection method for various kinds of intrusion
  • Anomaly detection method for various kinds of intrusion
  • Anomaly detection method for various kinds of intrusion

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0037] figure 1 Shown is a general flowchart of network anomaly detection, embedding the feature extraction and feature processing modules proposed by the present invention into figure 1 In, the general framework of the present invention is obtained, such as image 3 shown. The implementation of each module component is as follows:

[0038] 1. Pretreatment

[0039] The data source or original data set is preprocessed before the features are extracted to identify the complete request message, and then divide the network connection by service type, so as to extract relevant features from the connection for training and detection. In the training phase, pure data is generally used to obtain a normal model. In the detection phase, a data set with attacks is used to determine whether the data is abnormal by calculating the deviation from the normal model.

[0040] 2. Feature extraction

[0041] Sign extraction must be complete, accurate, and concise in order to improve the det...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses an anomaly detection method for various kinds of intrusion. The method comprises the following steps of: 1) pre-processing an original data set, identifying a complete request message, and dividing network connection through service type to extract relevant characteristics; 2) by analyzing the characteristics of all kinds of attack by a characteristic extraction unit, and by using application layer information during consideration of relevant fields on the head of a data packet, extracting three characteristics, namely basic characteristics, flow characteristics and content characteristics; 3) by using an attribute reduction algorithm based on a discernibility matrix, processing attributes of a great number of extracted data characteristics, deleting redundant attributes in the attributes to obtain a reduced attribute set, extracting data from original training data according to the reduced attribute set to obtain new training data, and transmitting the new training data to a support vector machine (SVM) module for training and classification; and 4) by using a multi-classification SVM method based on a binary tree, classifying minimum attribute sub-sets after reduction of a rough set to realize a quick classification function of intrusion detection.

Description

technical field [0001] The present invention is an anomaly detection technical solution. Based on the consideration of the diversity of network attacks, the method extracts the header and application layer data of the data packet, and uses rough set attribute reduction and support vector machine technology to perform anomaly detection, which belongs to computer network security. technology field. Background technique [0002] With the increasing frequency and types of network intrusions, designing a good intrusion detection scheme has become a research hotspot. From the perspective of intrusion detection strategy, there are two main intrusion detection models: misuse detection and anomaly detection. Misuse detection is to use a certain rule or pattern to pre-identify a specific intrusion behavior, and on this basis, compare the captured traffic related to the target to be detected with the intrusion rule or pattern, in order to find out from the traffic that is related to t...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
IPC IPC(8): H04L12/26H04L29/06
Inventor 任勋益陈丹伟祁正华余洋颜芳
Owner NANJING UNIV OF POSTS & TELECOMM
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap