Network attack abnormality detection method

An anomaly detection and network attack technology, applied in the field of information security, can solve problems such as high false alarm rate, difficulty in adapting to dynamic changes in network behavior, and reduce the credibility of the detection system, so as to achieve the effect of reducing the false alarm rate

Active Publication Date: 2016-05-04
NO 30 INST OF CHINA ELECTRONIC TECH GRP CORP
View PDF4 Cites 77 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0010] 1. For specific attacks, the current existing methods have a high false positive rate, and too many false positives reduce the credibility of the detection system, which to a certain extent leads to the unavailability of these detection methods
[0011] 2. In the era of big data, all we are faced with are high-speed massive data streams. Existing methods still have problems in quickly processing high-dimensional massive data streams.
[0012] 3. In terms of normal behavior modeling, the processed data is high-speed flow, and the behavior of the detection subject is also varied. Many existing detection methods use offline calibration and offline learning to model, which is difficult to adapt to dynamic changes. network behavior

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Network attack abnormality detection method
  • Network attack abnormality detection method
  • Network attack abnormality detection method

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0039] All features disclosed in this specification, or steps in all methods or processes disclosed, may be combined in any manner, except for mutually exclusive features and / or steps.

[0040] Any feature disclosed in this specification, unless specifically stated, can be replaced by other alternative features that are equivalent or have similar purposes. That is, unless expressly stated otherwise, each feature is one example only of a series of equivalent or similar features.

[0041] Such as figure 1 As shown, a kind of web attack anomaly detection method provided by the present invention comprises the following steps:

[0042] Step 1: Deploy traffic data collection equipment at network traffic convergence nodes;

[0043] Step 2: Extract network behavior characteristic values ​​from the collected traffic data;

[0044] Step 3: Dimensionality reduction and standardization of network behavior feature values;

[0045] Step 4: Determine the normal network behavior eigenvalu...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses a network attack abnormality detection method, and relates to the technical field of information security. The technical point of the network attack abnormality detection method disclosed by the invention is as follows: a step 1, deploying a traffic data collection device at a network traffic aggregation node; a step 2, extracting a network behavior feature value from the collected traffic data; a step 3, carrying out dimensionality reduction and standardization on the network behavior feature value; a step 4, determining normal network behavior feature values, and establishing a normal behavior model based on a set of the normal network behavior feature values; and a step 5, detecting other network behavior feature values based on the normal behavior model, and judging whether abnormal network behaviors occur; and when detecting abnormal network behaviors, updating the normal behavior model according to a new normal network behavior feature value.

Description

technical field [0001] The invention relates to the technical field of information security, in particular to a method for detecting abnormal network behaviors based on behavioral characteristics. Background technique [0002] With the rapid popularization of the Internet, while people feel the convenience brought by the Internet, they also face various attacks and threats: confidentiality leakage, data loss, network abuse, identity fraud, illegal intrusion, etc. Vulnerabilities in networks and systems provide opportunities for attackers to take advantage of. With the continuous development of computer technology, new attacks emerge in an endless stream, causing great losses to governments, banks and even military systems. According to the latest statistics, the average economic loss caused by security incidents caused by data leakage in the United States has reached more than 7 million US dollars. Cyberspace security has risen to the level of national security and even mil...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): H04L29/06
CPCH04L63/1425
Inventor 刘方饶志宏徐锐
Owner NO 30 INST OF CHINA ELECTRONIC TECH GRP CORP
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap