Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

WEB abnormal traffic monitoring method based on integrated learning

An integrated learning and abnormal traffic technology, applied in the field of machine learning, can solve problems such as noise data interference, denial of service attacks, manual update of feature database, etc., and achieve high precision, integrity and reliability

Active Publication Date: 2017-10-24
CHONGQING UNIV OF POSTS & TELECOMM
View PDF5 Cites 25 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0004] 1) Using fixed rules for real-time monitoring of violation behavior patterns leads to a high false positive rate;
[0005] 2) When using feature matching, the feature library needs to be manually updated, and unknown attack methods cannot be detected;
[0006] 3) The huge number of rules greatly affects the detection performance of the system, and the maintenance of the rule base becomes difficult to maintain;
[0007] 4) When the abnormal traffic detection system with blocking function detects normal communication behavior by mistake, normal communication will be blocked;
[0008] 5) When there is a bottleneck in the data storage capacity of the monitoring system, it is vulnerable to denial of service attacks and communication will be blocked
[0012] However, a single machine learning cannot perfectly solve the problem
The statistical method considers that all events are generated by the statistical model, which ignores the risk that the pre-set distribution model in the parameter method may not match the real data, resulting in a large deviation from the expected results
In addition, most systems composed of statistical models work offline and cannot meet the requirements of real-time monitoring. Therefore, very efficient performance is required to achieve high accuracy; and statistical methods are very difficult to determine the threshold. will lead to an increase in the false negative rate
[0013] Although the machine learning algorithm can seamlessly combine the prior knowledge and the posterior knowledge, and overcome the shortcomings of the unintuitive framework, the simple classification and clustering algorithms will lead to overkill due to noise data interference, wrong sampling methods, and too many modeling variables. Fitting, can not achieve a good monitoring effect
Moreover, the accuracy of the model depends on certain assumptions, which are reflected in the behavior patterns of the target system and network, and violations of the assumptions will result in a significant drop in accuracy

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • WEB abnormal traffic monitoring method based on integrated learning
  • WEB abnormal traffic monitoring method based on integrated learning
  • WEB abnormal traffic monitoring method based on integrated learning

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0046] The technical solutions in the embodiments of the present invention will be described clearly and in detail below with reference to the drawings in the embodiments of the present invention. The described embodiments are only some of the embodiments of the invention.

[0047] The technical scheme that the present invention solves the problems of the technologies described above is:

[0048] The present invention proposes a model for solving abnormal traffic monitoring. figure 1 Shown is a flowchart of the entire model. Preprocess the data set, such as segmenting symbols such as "&" and "=", and extract valid information in URLs to improve processing efficiency. figure 2 Cutting examples for URLs. The processed data are feature extracted by statistical methods such as mutual information and information entropy. After the construction of the feature engineering, according to the different nature of the visit, the data sets with different characteristics are constructed ...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention sets forth a WEB abnormal traffic monitoring method based on integrated learning. The method comprises five processes of data preprocessing, construction of feature engineering, data set reconstruction, establishment and fusion of a model and model test. The data preprocessing refers to valid information extraction on URL (Uniform Resource Locator) data. The construction of feature engineering refers to extraction and construction of URL features by adopting a statistical method of information entropy, mutual information or the like. After the feature engineering is constructed, a data set is adjusted for different access properties, and input to four machine learning algorithms of XGBost, LightGBM and the like for supervised learning. After learning devices are constructed, the learning devices are integrated by adopting a Bagging framework. Based on the original data set, a data set is reselected for classified prediction, labels are decided in a most voting manner, and the accuracy of the model is inspected. In the process of using the model, a URL is input to the model, five sub-models in the model give respective label probability, and the label having the highest probability is given as a final label.

Description

technical field [0001] The invention belongs to the technical field of machine learning, and specifically relates to various statistical algorithms and machine learning algorithms. The algorithm adopts a new feature extraction method, innovatively integrates statistics and machine learning algorithms, and realizes the monitoring of WEB abnormal traffic. Background technique [0002] 1. Network security issues in the information age [0003] Today, with the explosion of information, the scale of computer networks and the number of Internet users have reached an unprecedented scale, and what follows is that the problem of network security has become more prominent. As the most important means of defending against network attacks, the development and upgrading of abnormal traffic monitoring is imminent. After more than 20 years of development, the research on traffic monitoring has evolved into many branches. However, in practical applications, the effect is not satisfactory. ...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
IPC IPC(8): H04L29/06
CPCH04L63/1416H04L63/1425
Inventor 李智星沈柯于洪张冠群代南瑶胡聪胡峰王进雷大江欧阳卫华
Owner CHONGQING UNIV OF POSTS & TELECOMM
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com