Malicious behavior mining method and device

A behavioral and malicious technology, applied in the field of cloud computing, can solve problems such as inability to guarantee information security, difficulty in attack behavior, and easy access to network attacks, and achieve the effect of rapid judgment and accurate judgment results.

Active Publication Date: 2018-05-04
HUAZHONG NORMAL UNIV
View PDF13 Cites 22 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0005] The above-mentioned methods are all based on traditional data mining techniques. In today's era of big data, the existing mining methods for malicious behaviors do not take into account the unobvious features, strong correlations, and dimensions of network attacks under the new situation. Due to its advanced characteristics, traditional mining algorithms for malicious behavior cannot be directly transplanted to the cloud computing big data model, which cannot make full use of the high-dimensional and deep correlation chara...

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Malicious behavior mining method and device
  • Malicious behavior mining method and device
  • Malicious behavior mining method and device

Examples

Experimental program
Comparison scheme
Effect test

no. 1 example

[0032] Please refer to figure 2 , This embodiment provides a malicious behavior mining method, the method includes:

[0033] Step S200: Collect multi-dimensional heterogeneous data;

[0034] In this embodiment, multi-dimensional heterogeneous data can be collected in real time from SDN, VMI, and entities. The multi-dimensional heterogeneous data can include: network data, access logs, data in virtual machines, and system logs. The multi-dimensional heterogeneous data can be common network intrusion monitoring information, which can specifically come from: system and network log files, network data, virtual machine data (through virtual machine introspection technology), directories and files Unexpected behavior; undesired behavior in program execution; physical form of intrusion information and data flow information in a certain period of time, etc.

[0035] Various behavior types are recorded in the log file, and each type contains different information, such as a network process ...

no. 2 example

[0078] Please refer to Picture 9 , This embodiment provides a malicious behavior mining device 900, which includes:

[0079] The collection module 910 is configured to collect multi-dimensional heterogeneous data, where the multi-dimensional heterogeneous data includes: network data, access logs, data in virtual machines, and system logs;

[0080] The processing module 920 is configured to perform distributed real-time processing of the multi-dimensional heterogeneous data to generate a real-time data stream;

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention provides a malicious behavior mining method and a malicious behavior mining device and relates to the technical field of cloud computing. The malicious behavior mining method includes the steps of collecting multi-dimensional heterogeneous data, conducting the distributed real-time processing of the multi-dimensional heterogeneous data and generating real-time data flows, determiningwhether malicious behavior exists in the real-time data flows based on a pre-established malicious behavior attack feature library, standardizing the real-time data flows and forming a behavioral data link to be input into a database to conduct mining if no malicious behavior exists in the real-time data flows. The malicious behavior mining method has the advantages that the attack feature library can be obtained through the training of extracted data features in each dimension, and whether malicious behavioral data exists can be quickly determined when real time data is dealt with; furthermore, the feature library can be constantly updated through the data, the method model is accurate in result determination, and a large amount of complex data can be completely, quickly and continuouslyjudged.

Description

Technical field [0001] The invention relates to the technical field of cloud computing, and in particular to a method and device for mining malicious behavior. Background technique [0002] With the advent of the big data era, the rapid development of other network trends such as mobile communications, cloud computing, and virtualization has brought new problems to traditional network information security, especially as the scale of cloud computing platforms or data centers expands and The network traffic of the cloud platform is growing rapidly, and many malicious attacks (such as APT) are hidden in the large-scale network traffic to attack or steal the cloud platform or core data. Therefore, how to effectively detect malicious behaviors under the cloud platform and carry out effective protection, thereby ensuring the security of confidential data under the platform, is a key issue that needs to be solved urgently in the field of information security. [0003] Traditional data mi...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
IPC IPC(8): G06F21/55G06F17/30
CPCG06F21/552G06F21/554G06F16/2465G06F16/283
Inventor 张浩黄涛刘三女牙杨华利李永丹
Owner HUAZHONG NORMAL UNIV
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap