Malicious behavior mining method and device

Abstract

The invention provides a malicious behavior mining method and device, and relates to the technical field of cloud computing. The malicious behavior mining method includes: collecting multi-dimensional heterogeneous data; performing distributed real-time processing on the multi-dimensional heterogeneous data to generate a real-time data stream; based on a pre-established malicious behavior attack feature library, judging the real-time data stream Whether there is any malicious behavior in it; if not, standardize the real-time data flow to form a behavior data chain and input it into the database for mining. The present invention obtains the attack feature library by training the extracted data features in each dimension, can quickly judge whether it is malicious behavior data when processing real-time data, and can continuously update the feature library through these data, so that the model can be used in the judgment result. It is more accurate and can make complete and rapid judgments on a large amount of complex data more continuously.

Description

technical field [0001] The present invention relates to the technical field of cloud computing, in particular to a malicious behavior mining method and device. Background technique [0002] With the advent of the era of big data, the rapid development of other network trends such as mobile communication, cloud computing, and virtualization has brought new problems to traditional network information security, especially with the expansion of the scale of cloud computing platforms or data centers and The network traffic of the cloud platform is growing rapidly, and many malicious attacks (such as APT) are hidden in large-scale network traffic to attack or steal the cloud platform or the number of cores. Therefore, how to effectively detect malicious behaviors on the cloud platform and carry out effective protection, so as to ensure the security of confidential data on the platform, is a key issue that needs to be solved urgently in the field of information security. [0003] ...

AI Technical Summary

Problems solved by technology

[0005] The above-mentioned methods are all based on traditional data mining techniques. In today's era of big data, the existing mining methods for malicious behaviors do not take into account the unobvious features, strong correlations, and dimensions of network attacks under the new situation. Due to its advanced characteristics, traditional mining algorithms for malicious behavior cannot be directly transplanted to the cloud computing big data model, which cannot make full use of the high-dimensional and deep correlation characteristics of big data, and cannot guarantee information security in the era of big data

In the context of big data, the scale and speed of network traffic are astonishing. In this case, it is difficult to capture and analyze the correlation of content in network data streams in a timely manner, and network attacks in network data streams are easily mixed into the system; In addition, due to the good latent characteristics of network attacks in the new situation, it is very difficult to dig out the attack behavior of potential platforms

Images