Data stream anomaly detection system based on empirical features and convolution neural network

A convolutional neural network and anomaly detection technology, applied in the field of information security, can solve problems such as large amount of calculation and processing time, consume a lot of computing resources, and the model does not conform to the new data distribution, so as to improve the detection effect and processing efficiency Effect

Active Publication Date: 2019-01-29
ARMY ENG UNIV OF PLA
View PDF6 Cites 27 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

However, due to network attacks, hackers often hide their attacks, such as using payloads to place attack codes or hiding attack codes in fields that are not commonly used, so non-cooperative active attacks often have a high rate of missed detection
The second is to analyze all the information of the data stream, but the disaster of dimensionality caused by the high-dimensionality of the data stream will cause the accuracy rate of the machine learning method to drop, so we can only adopt the matching method, and the global data processing will also consume a lot of computing resources. , the problem of low time efficiency, does not meet the real-time requirements of data flow anomaly detection
Due to the dynamic nature of network data flow, data drift is prone to occur. In this case, the original model does not conform to the new data distribution. Traditional methods often need to retrain new models, so it is difficult to meet the real-time requirements of data flow anomaly detection.
[0006] A large amount of network data is constantly pouring in, so data flow detection has high requirements for real-time performance, and the existing algorithms for checking all information of network data flow require a large amount of calculation and processing time, making it difficult to deploy on a large scale

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Data stream anomaly detection system based on empirical features and convolution neural network
  • Data stream anomaly detection system based on empirical features and convolution neural network
  • Data stream anomaly detection system based on empirical features and convolution neural network

Examples

Experimental program
Comparison scheme
Effect test

Embodiment

[0070] Step 1: Perform data preprocessing on the network data stream, and divide the original mass packets into data streams. For details, see figure 1 .

[0071] According to the five-tuple information (protocol, source address, destination address, source port number, destination port number) of the original message header, the original message with the same five-tuple information and within a certain period of time is aggregated into flow data. Step 2: The empirical feature extraction module extracts artificial empirical features from the data stream, see figure 2 .

[0072] (1) Query the data flow statistical information database to obtain the effective statistics of the data flow layer for detecting abnormal data flow, such as the port number of the four-layer protocol, the number of packets of the flow, the size of the packet, and the time interval between packets, etc. features are extracted.

[0073] (2) Query the packet header information database to obtain the se...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses a data stream anomaly detection system based on empirical characteristics and convolution neural network. The system includes an empirical feature extraction module, which is used to identify statistical features and header features as features based on artificial experience, which play a more important role in data packet anomaly recognition; a bit stream conversion picture module used to convert the data stream into the form of two-dimensional gray-scale picture, and then through the convolutional neural network perception, the global high-level perception features are extracted; a fusion splicing module used for fusing the above modules as the data stream characteristics and identifying abnormal data streams by using the full connection layer of the neural network; a distillation model module that replaces complex networks in actual deployment; a concept drift fine-tuning module updates the detection model of concept drift; an update experience database module adding new network attacks or hidden attack instructions to the artificial experience database. The invention accurately and efficiently detects abnormal behaviors such as network failure, user misoperation, network attack and the like.

Description

technical field [0001] The invention relates to an information security technology, in particular to a data flow anomaly detection system based on empirical features and a convolutional neural network. Background technique [0002] With the rapid development and wide application of the Internet, incidents such as network attacks and network failures are becoming more and more frequent, and the importance of information security in the cyberspace domain to personal life, economic and social stability, and even national security is increasing day by day. In cyberspace, the vast majority of attacks are based on network data streams, such as DOS and other denial-of-service attacks, Trojan horses, worms, etc.; and abnormal events such as 1.21DNS resolution failure events, network failures will also be reflected in the The state of the network data flow. Therefore, the data flow anomaly detection technology based on observing the pattern of network data flow for anomaly detection...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): G06F21/55G06K9/62G06N3/04G06N3/08
CPCG06F21/55G06N3/08G06N3/045G06F18/2411
Inventor 潘志松唐斯琪陈飞琼白玮张艳艳李云波夏士明马鑫
Owner ARMY ENG UNIV OF PLA
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products