Adaptive boundary abnormity detection method based on multistage strategies

Abstract

The invention relates to an adaptive boundary abnormity detection method based on multistage strategies. The method comprises steps that, a peak value and a valley value of a network flow at each time segment in a normal operation state are taken as acquisition bases, log information and network flow data of equipment are acquired; according to the message type of the network flow data, a datum line of the network flow data in the normal index operation state is established, and whether the network flow data is abnormal is determined; the abnormal network flow data and the log information corresponding to the abnormal network flow data are stored by employing an HASH algorithm; a normal network behavior database and an abnormal network behavior database are established, and matching for the abnormal network flow data is carried out; the network flow data which can not be matched is analyzed by employing a BP nerve network method, and network behaviors of the network flow data are determined and are stored to the corresponding behavior database. Through the method, a step-by-step progressive discrimination mode is employed to realize detection on abnormal boundary behaviors, and thereby the error reporting rate and the report missing rate of abnormality detection are reduced.

Description

technical field [0001] The invention relates to the field of information network security, in particular to an adaptive boundary anomaly detection method based on multi-level strategies. Background technique [0002] With the rapid development of technologies such as computers, the Internet, information communication and control, the innovation of industrial chains such as mobile applications and smart terminals, and the continuous emergence of new technologies such as cloud computing, the Internet of Things and big data, network security threats and security issues are constantly increasing. Come on. Aiming at the vulnerability of basic network equipment in the network environment, malicious attacks by hackers and the wanton proliferation of viruses and Trojan horses, network equipment has become a springboard for attacks, paralyzing important information systems and stealing data. All kinds of security incidents are common, the security situation is worrying, and informat...

AI Technical Summary

Problems solved by technology

The detection based on traffic size generally adopts the threshold-based detection method, which needs to manually set the threshold, and cannot adjust the threshold according to the peak and trough of network traffic, lacks intelligent dynamic update, and only monitors traffic; Detection, to find out the data packets that meet the characteristics. This method needs to know the characteristics of each abnormal traffic in advance, and the characteristics of new abnormal data packets cannot be detected; the detection of network bandwidth contours is performed by analyzing the data packets during network operation. Analyze traffic, ports, and number of connections to establish a reference range of parameters under normal conditions or ...

Images