lstm model and network attack identification method and system based on the model

A network attack and model technology, applied in the field of network security, can solve problems such as manslaughter of normal business traffic, false positives or false negatives, rule conflicts, etc., to avoid feature engineering, less feature coding, and small weight files.

Active Publication Date: 2021-06-22
XIAMEN FUYUN INFORMATION TECH CO LTD
View PDF3 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

This rule-based protection method often leads to false positives or false negatives in the face of flexible and changeable network attacks, and the formulation and maintenance of rules requires professional security-related personnel to be responsible. However, it is still difficult to cover attacks With various deformations, it is difficult to effectively deal with unknown attacks and 0day attacks, and there may even be conflicts between rules. In addition, it is difficult to grasp the balance between misjudgments and missed judgments in the formulation of rules. Too strict rules can easily kill normal business by mistake. flow, misjudgment
Rules that are too loose are easily bypassed, resulting in missed judgments

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • lstm model and network attack identification method and system based on the model
  • lstm model and network attack identification method and system based on the model
  • lstm model and network attack identification method and system based on the model

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0036] refer to Figure 1~3 As shown, the present invention provides a kind of LSTM cycle neural network model that is used for network attack category recognition, and the establishment process of described LSTM cycle neural network model comprises the following steps:

[0037] S100: Collect multiple network request data in text format as a training data set, and set a label category for each network request data according to the content of the network request data.

[0038] The multiple refers to a large amount of data in this field, and the larger the amount of data, the more accurate the final model.

[0039] The network request data can be divided into multiple categories according to the type of network attack, mainly divided into normal network request data and attack category network request data, in this embodiment, mainly to distinguish SQL injection attack and XSS attack, therefore, the The above label categories include three types, namely category 1: normal netwo...

Embodiment 2

[0077] A network attack identification method, based on the LSTM cyclic neural network model for network attack category identification described in Embodiment 1, the method includes: preprocessing the network request data to obtain digital sequence data of a preset length, using The LSTM cyclic neural network model identifies the probability of the label category of the digital sequence data to obtain the category probability of each label category, and uses the label category corresponding to the dimension with the largest probability value in the category probability as the label category of the network request data. Choose whether to intercept according to the predicted results.

[0078] The identification of whether to intercept can specifically set a probability threshold, and intercept when the probability of category 2 or category 3 is greater than or equal to the probability threshold, otherwise, do not intercept.

[0079] In this embodiment, the probability threshold...

Embodiment 3

[0081] like Figure 5 As shown, a network attack identification system, based on the network attack identification method described in Embodiment 2, includes a data input unit, a data conversion unit, an LSTM model unit and a decision unit, and the data input unit receives the network request data Send to the data conversion unit, after the data conversion unit preprocesses and converts the network request data, after obtaining the digital sequence data of a preset length, sends the digital sequence data to the LSTM model unit, and the LSTM model unit The probability of the label category of the digital sequence data is identified, and the category probability of each label category is output to the decision-making unit, and the decision-making unit judges whether the probability that the data is an attack category is greater than or equal to a preset probability threshold, and if so, If it is intercepted, otherwise, it is not intercepted.

[0082] The attack category is a ca...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The present invention relates to an LSTM cyclic neural network model and a network attack identification method based on the model. The establishment process of the LSTM cyclic neural network model includes the following steps: S100: Collecting a plurality of network request data in text format as a training data set, and according to The content of the network request data sets the label category for each network request data; S200: Preprocess the network request data in the training data set and convert it into digital sequence data of a preset length; S300: According to the digital sequence in the training data set Type data, training, and constructing LSTM recurrent neural network model. The invention transforms the network request data into digital sequence data, and then uses the training data set composed of the data for training, constructs an LSTM cycle neural network model, and then realizes the prediction of the category of the network request data.

Description

technical field [0001] The invention relates to the technical field of network security, in particular to an LSTM cycle neural network model and a network attack identification method based on the model. Background technique [0002] With the continuous advancement of information strategy and the vigorous development of technologies such as the Internet and cloud computing, more and more enterprise-related businesses have completed digital transformation and moved their business to the network. However, due to the openness and uncontrollability of network applications and the limitations of network application developers, network applications are very likely to have network vulnerabilities that can be exploited. Hackers can use these vulnerabilities to carry out network attacks such as SQL injection and XSS attacks, which bring risks such as website paralysis, information leakage, web page tampering, and Trojan horses, and bring huge losses to the main body of the website an...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Patents(China)
IPC IPC(8): G06K9/62G06N3/02H04L12/24H04L29/06
CPCH04L41/145H04L63/1441H04L63/306G06N3/02G06F18/2415G06F18/214
Inventor 姚鸿富陈奋陈荣有程长高
Owner XIAMEN FUYUN INFORMATION TECH CO LTD
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products