Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Method and system for classifying and predicting network security incidents

A network security and prediction method technology, applied in the field of network security event classification and prediction methods and systems, can solve the problem of lack of detection of attack behavior characteristics, and achieve the effect of improving classification detection accuracy, improving efficiency, and network security assurance.

Active Publication Date: 2020-01-21
ZHEJIANG PONSHINE INFORMATION TECH CO LTD
View PDF14 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0005] The technical problem to be solved by the present invention is to provide a network security event classification and prediction method and system to solve the lack of the ability to detect attack behavior characteristics in time and accurately classify attack behavior in the prior art

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Method and system for classifying and predicting network security incidents
  • Method and system for classifying and predicting network security incidents
  • Method and system for classifying and predicting network security incidents

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0070] This embodiment provides a method for classifying and predicting network security events, such as figure 1 shown, including steps:

[0071] S11: Obtain the http metadata in the web access log and the full traffic log of the users of the whole network;

[0072] S12: Segment the URL of the web access log and http metadata and match it with the network attack illegal character feature library;

[0073] S13: use word2vector to construct word vectors and document vectors from the segmented url;

[0074] S14: The document vector is used as feature input and the naive Bayesian model is used to classify the attack behavior.

[0075] The analysis object of this embodiment is the http metadata in the user's web access log and the global traffic log. After parsing and analyzing the data, it is found that the key features of mainstream network attacks are mainly reflected in the url. Since the url usually contains a large number of characters, it is necessary to perform natural la...

Embodiment 2

[0090] This embodiment provides a method for classifying and predicting network security events, such as figure 2 shown, including steps:

[0091] S21: Obtain the http metadata in the web access log and the full traffic log of the users of the whole network;

[0092] S22: collect web access logs and full-flow http metadata samples of various attack behaviors;

[0093] S23: Segment the web access log of the attack behavior and the full-traffic http metadata sample;

[0094] S24: count characters whose frequency is greater than a preset frequency;

[0095] S25: Construct a network attack illegal character feature library based on characters;

[0096] S26: Segment the URL of the web access log and http metadata and match it with the network attack illegal character feature library;

[0097] S27: use word2vector to construct word vector and document vector from the url after word segmentation;

[0098] S28: The document vector is used as a feature input and the naive Bayesia...

Embodiment 3

[0120] This embodiment provides a method for classifying and predicting network security events, such as image 3 shown, including steps:

[0121] S31: Obtain the http metadata in the web access log and the full traffic log of the users of the whole network;

[0122] S32: Segment the URL of the web access log and http metadata and match it with the network attack illegal character feature library;

[0123] S33: Statistically counting the illegal keywords of the network attack illegal character feature library;

[0124] S34: Using one-hot-vector to convert illegal keywords into n-dimensional vectors;

[0125] S35: Fully connect the input layer of the n-dimensional vector with the hidden layer;

[0126] S36: Obtain the final vector by backward transfer and multiply the initial word vector to obtain the final word vector;

[0127] S37: add the word vectors corresponding to the attack keywords appearing in each url to obtain the document vector;

[0128] S38: The document vecto...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention discloses a network security accident classification and predicting method and a system, which are used for solving the problems of the prior art on lacking the capability of timely finding the characteristics of attack behaviors and accurately classifying the attack behaviors. The method comprises the following steps: S1. acquiring web access log of users in a whole network and http metadata in full-flow log; S2. segmenting the web access log and the url of the http metadata, and matching with a network attach illegal character feature library; S3. constructing a word vector and a document vector of the segmented url by utilizing word2vector; and S4. inputting the document vector as a feature and classifying the attack behavior by adopting a naive bayes model. The real-time monitoring of key points can be realized, the abnormal behavior carrying mainstream attack feature can be found by means of machine learning, the classification efficiency of network attack behaviors can be improved, and the time cost of manual check can be lowered, continuously changed attack behaviors can be adapted, and the classification detection accuracy can be enhanced, thus providing guarantee for network security.

Description

technical field [0001] The invention relates to the field of computer networks, in particular to a method and system for classifying and predicting network security events. Background technique [0002] In recent years, with the continuous popularization of web applications, attacks against web service applications have become a widely spread attack method on the network. Due to the lack of security awareness of many network application service developers, there are a large number of security holes in the network service program, which makes the web server one of the main targets of hacker attacks. [0003] The most important attack methods on the Internet are cross-site scripting (XSS), SQL injection (SQL-inject), remote file inclusion (RFI) and other network attacks on the http protocol. In order to defend against web attacks, various security defense technologies have been proposed and applied. Mainly including data encryption, secure routing, access control, and messag...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Patents(China)
IPC IPC(8): H04L29/06
CPCH04L63/1416H04L63/1425H04L63/1441
Inventor 陈晓莉徐菁丁一帆刘亭林建洪
Owner ZHEJIANG PONSHINE INFORMATION TECH CO LTD
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products