Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Abnormal mainframe group detection method based on dynamic graph

A technology of abnormal host and detection method, which is applied in the direction of computer components, instruments, characters and pattern recognition, etc., can solve the problems of labor-intensive and time-consuming search, lack of analysis of network communication behavior, and inapplicability of communication structure characteristics, etc., to achieve structural Simple, ingenious design, innovative effect

Inactive Publication Date: 2017-12-29
叶晓鸣
View PDF2 Cites 12 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

When a network anomaly occurs, it takes a lot of manpower and time to find the hosts associated with the anomaly. When the abnormal hosts have group, cooperative, and aggregation behaviors, the traditional research on the network behavior characteristics of hosts is very important for the communication of such host groups. Analysis of structural properties is no longer applicable
Only analyze the individual network behavior of the host, and cannot effectively analyze the host interaction relationship and detect anomalies
Most of these research works observe the behavior characteristics of individual hosts, and lack the analysis of network communication behavior from the overall network environment, as well as the group interaction relationship constructed by the interaction behavior between hosts in the network.

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Abnormal mainframe group detection method based on dynamic graph
  • Abnormal mainframe group detection method based on dynamic graph
  • Abnormal mainframe group detection method based on dynamic graph

Examples

Experimental program
Comparison scheme
Effect test

Embodiment

[0045] Such as Figure 1 to Figure 8 As shown, the abnormal host group detection method based on the dynamic graph includes the following steps:

[0046] (1) Data collection: capture traffic data in the network, generate multi-dimensional session flow data, only need to use its source IP address and destination IP address, strong scalability, convenient collection, small amount of data, effectively control the system processing load .

[0047] (2) Graph formalization: Aggregate session flow data at a certain time interval, convert network connection data into a Spark Graphx graph model, and form a network connection dynamic graph by extracting corresponding time snapshot data, thereby converting IP The network connection relationship between addresses is formalized in the form of a graph model, so that the IP interaction behavior of this network communication is abstracted as the interaction between individual hosts, which is defined as a graph G=(V,E). A node represents the...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention discloses an abnormal mainframe group detection method based on a dynamic graph. The method comprises the steps of collecting flow, extracting a source IP address and a target IP address and converting the same into a graph model; recognizing a mainframe group set for each time snapshoot data set; setting an identification mainframe of each mainframe group, analyzing mainframe group data of adjacent time snapshots, and finding an abnormal mainframe group IP address set according to definition of abnormal events; performing detection according to a rule of the definition of the abnormal events, if abnormity does not belong to the abnormal events, the mainframe group is the sustained mainframe group which is regarded as the normal mainframe group, and otherwise, the mainframe group is regarded as the abnormal mainframe group. According to the method provided by the invention, the problem that mainframe network behaviors are difficult to describe in a formalized manner and high in abnormity detection complexity due to groupment, cooperativity and large-scale interaction behaviors of the mainframe network behaviors is solved, and a topological structure variation, such as the variation of network management configuration and group attack behaviors, of a network connection caused by the above problem can be detected; and real attack cases and the abnormal mainframe groups associated with the attacks can be accurately detected.

Description

technical field [0001] The present invention relates to the technical field of host network anomaly detection, in particular to a method for detecting an abnormal host group based on a dynamic graph, in particular to the IP address positioning of the network interaction behavior of a large-scale host with group and coordination abnormal detection. Background technique [0002] Host security is an important field of network security research. At present, the analysis of the behavior of hosts in the network is mainly carried out from the perspective of individual hosts, and the network behaviors of the social, functional, and application layers of each host in the network are studied. With the development of distributed computing technology, the service-oriented network application architecture provides network users such as Web services, forming network communication behaviors that aggregate services. A new type of coordinated attack mode, typical of distributed attacks, ha...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Applications(China)
IPC IPC(8): H04L12/24H04L12/26G06K9/62
CPCH04L41/0631H04L41/064H04L41/065H04L41/12H04L41/14H04L43/045H04L43/0888G06F18/231
Inventor 叶晓鸣杨力刘敦虎
Owner 叶晓鸣
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com