Unlock instant, AI-driven research and patent intelligence for your innovation.
Method and system for detecting and analyzing abnormal network behavior
What is Al technical title?
Al technical title is built by PatSnap Al team. It summarizes the technical point description of the patent document.
A network abnormality and behavior technology, applied in the field of computer network, can solve the problems of unbalanced training data, inability to attack behavior in training effect, and exhaustion of attack methods.
Active Publication Date: 2020-10-30
ZHEJIANG PONSHINE INFORMATION TECH CO LTD
View PDF7 Cites 0 Cited by
Summary
Abstract
Description
Claims
Application Information
AI Technical Summary
This helps you quickly interpret patents by identifying the three key elements:
Problems solved by technology
Method used
Benefits of technology
Problems solved by technology
[0006] The technical problem to be solved by the present invention is to provide a method and system for network abnormal behavior detection and analysis, which is used to solve the problem that the unbalanced training data in the prior art affects the training effect and cannot exhaustively analyze all kinds of attack behaviors and attack means. raised question
Method used
the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more
Image
Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
Click on the blue label to locate the original text in one second.
Reading with bidirectional positioning of images and text.
Smart Image
Examples
Experimental program
Comparison scheme
Effect test
Embodiment 1
[0052] This embodiment provides a method for detecting and analyzing abnormal network behaviors, such as figure 1 shown, including steps:
[0053] S11: Statistical data on access behavior characteristics of security users;
[0055] S13: Use a type of support vector machine model to predict and analyze the access behavior characteristics of users on the entire network to identify abnormal access behaviors.
[0056] In this embodiment, first, the web access log of the security user is extracted to extract the user features, and the feature data is preprocessed into a feature vector, and then a type of support vector machine learning is performed on the data to find the boundary of the behavior feature of the security user, which is The boundary between safe user behavior and abnormal user behavior, the safe user is inside the boundary, and the abnormal user is outside the boundary. T...
Embodiment 2
[0112] This embodiment provides a method for detecting and analyzing abnormal network behaviors, such as image 3 shown, including steps:
[0113] S31: Statistical data on access behavior characteristics of security users;
[0114] S32: Construct a type of support vector machine model according to the characteristic data;
[0115] S33: Use a type of support vector machine model to predict and analyze the access behavior characteristics of users on the entire network to identify abnormal access behaviors;
[0116] S34: Determine whether the behavior characteristics of the abnormal access behavior are known, and if so, perform corresponding processing; otherwise, study the abnormal access behavior and formulate corresponding measures.
[0117] The difference from the first embodiment is that step S34 is also included.
[0118]Specifically, after identifying the abnormal access behavior and the abnormal IP, further, the abnormal access behavior is divided into common attack be...
the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More
PUM
Login to View More
Abstract
The invention discloses a network abnormal behavior detection and analysis method and system for solving the problems that the imbalance of training data affects the training effect and that all kinds of attack behaviors and attack means cannot be exhausted in the prior art. The method comprises the following steps: S1, counting the access behavior feature data of secure users; S2, constructing a type of support vector machine models of the feature data; and S3, using the type of support vector machine models to perform predictive analysis on the access behavior features of whole network users to identify abnormal access behaviors. The network abnormal behavior detection and analysis method and system are based on machine learning, are used for better detecting network abnormal behaviors, discovering different types of attacks, and analyzing and detecting online network abnormal behaviors according to the properties of data mining, so as to make effective decision making response and improve the network security and resource utilization rate.
Description
technical field [0001] The invention relates to the field of computer networks, in particular to a method and system for detecting and analyzing abnormal network behaviors. Background technique [0002] With the continuous development of Internet technology, the problem of network security has become increasingly serious. Network attack has gradually become a low-cost and high-yield industry. The attack methods of hacker organizations are becoming more and more advanced, making traditional attack detection technology and defense equipment Caught off guard and unable to adapt to changes in attack technology in a timely manner, it will bring huge losses to individuals and enterprises. Therefore, how to better detect abnormal behaviors on the network, discover attacks or even new attacks in time, and take effective measures to enhance network security is an important issue facing modern enterprises. [0003] The detection and analysis of network abnormal behavior is an importa...
Claims
the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More
Application Information
Patent Timeline
Application Date:The date an application was filed.
Publication Date:The date a patent or application was officially published.
First Publication Date:The earliest publication date of a patent with the same application number.
Issue Date:Publication date of the patent grant document.
PCT Entry Date:The Entry date of PCT National Phase.
Estimated Expiry Date:The statutory expiry date of a patent right according to the Patent Law, and it is the longest term of protection that the patent right can achieve without the termination of the patent right due to other reasons(Term extension factor has been taken into account ).
Invalid Date:Actual expiry date is based on effective date or publication date of legal transaction data of invalid patent.
Login to View More 
Login to View More