LSTM (Long Short-Term Memory) based time sequence network anomaly detection method and device

A time series and network anomaly technology, applied in the field of information security, can solve the problems of the traditional network anomaly detection application being in the early stage of exploration, and achieve the effect of intuitive and obvious distinction, complete development and fitting, and good effect.

Inactive Publication Date: 2018-11-27
HANGZHOU ANHENG INFORMATION TECH CO LTD
View PDF4 Cites 54 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

In addition, LSTM-based systems can learn tasks such as translating languages, controlling robots, image analysis, document summarization, speech recognition image recognition, handwriting recognition, controlling chatbots, predicting diseases, click-through rates and stocks, synthesizing music, etc. The application of anomaly detection is in the early stage of exploration

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • LSTM (Long Short-Term Memory) based time sequence network anomaly detection method and device
  • LSTM (Long Short-Term Memory) based time sequence network anomaly detection method and device
  • LSTM (Long Short-Term Memory) based time sequence network anomaly detection method and device

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0065] The embodiment of the present invention provides an LSTM-based time series network anomaly detection method, which is applied to the server, see figure 1 As shown, the method includes the following steps:

[0066] S101: Obtain an actual measured value of network traffic to be detected.

[0067] During specific implementation, firstly, the server obtains the actual measurement value of the network traffic to be detected.

[0068] S102: Input the actual measured value of the network traffic to be detected into the LSTM-based time series network traffic prediction model to obtain the predicted value of the network traffic to be detected.

[0069] Input the actual measurement value of the network traffic to be detected obtained above into the pre-trained model to obtain the predicted value of the network traffic to be detected. The model is an LSTM-based time series network anomaly detection model, which specifically includes: RNN cycle Neural network and valve nodes of e...

Embodiment 2

[0113] An embodiment of the present invention provides an LSTM-based time series network anomaly detection device, see Figure 7 As shown, the device includes: a first data acquisition module 51 , a model prediction module 52 , and an anomaly detection module 53 .

[0114] Among them, the first data acquisition module 51 is used to obtain the actual measured value of the network traffic to be detected; the model prediction module 52 is used to input the actual measured value of the network traffic to be detected into the time series network traffic prediction model based on LSTM, and obtain The predicted value of the network traffic to be detected; the abnormal detection module 53 is used to compare the actual measurement value of the network traffic to be detected with the predicted value of the network traffic to be detected, and obtain the abnormal data detection result of the network traffic to be detected.

[0115] In addition, it also includes: a second data acquisition ...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention provides LSTM (Long Short-Term Memory) based time sequence network anomaly detection method and device, and relates to the technical field of information security. The method comprises the following steps: acquiring an actual measured value of the to-be-detected network traffic; inputting the actual measured value of the to-be-detected network traffic into a LSTM based time sequencenetwork traffic prediction model, to obtain a predicted value of the to-be-detected network traffic; comparing the actual measured value of the to-be-detected network traffic with the predicted valueof the to-be-detected network traffic, to obtain an anomaly data detection result of the to-be-detected network traffic. The LSTM based time sequence network anomaly detection method provided by the invention can detect one-dimensional time sequence traffic data anomaly data and provide early warning in a large-scale network environment, thus improves the network anomaly detection efficiency, realizes a good effect of identifying network traffic anomaly, ensures relatively complete development fitting and can visually and obviously distinguish the anomaly information.

Description

technical field [0001] The present invention relates to the technical field of information security, in particular to an LSTM-based method and device for time series network anomaly detection. Background technique [0002] With the development of machine learning in recent years, there are many applications of machine learning algorithms in multidimensional outlier detection. One-dimensional time series outlier detection is still in its infancy, and exploration and research are relatively lacking. [0003] The manual method is not applicable to the detection of network outliers. The manual method can only find traffic information that is obviously different from the normal situation. It cannot judge the network anomalies that are not obvious, and the network traffic data volume is huge. unreasonable. [0004] For one-dimensional network outlier detection, the current common method is to use two methods: exploration based on the attributes of the data itself and time series...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): H04L29/06H04L12/24
CPCH04L41/142H04L41/145H04L41/147H04L63/1425
Inventor 史卓颖范渊黄进
Owner HANGZHOU ANHENG INFORMATION TECH CO LTD
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap