Real-time detection method for security event abnormity

A security event and anomaly technology, which is applied in the field of real-time detection of security event anomalies, can solve the problems that the autoregressive model cannot learn periodicity, difficult learning costs, poor fitting of decomposition model data, etc. The effect of reducing the possibility of fitting, reducing the complexity of the network, and scientifically and accurately anomaly judgment mechanism

Active Publication Date: 2019-07-02
山东九州信泰信息科技股份有限公司
View PDF5 Cites 8 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

At present, although there are a variety of models and tools that can be used to build predictive models of security event count sequences (which are time series in nature), such as autoregressive models, periodic decomposition models, and recurrent neural networks, etc., most existing so

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0017] The present invention will be further described below.

[0018] A method for real-time detection of security event anomalies, comprising the steps of:

[0019] a) via the formula Calculate the periodic item s whose preset periodic time dimension is P and whose sequence channel is m m,p The Fourier series of (t), by the formula β m,p =(α m,p,0 ,α m,p,1 ,b m,p,1 ,...,α m,p,N ,b m,p,N ) is fitted on the training data set with time stamp, and the series coefficient vector β of the mth channel on the time period dimension P is obtained by fitting m,p , where O is the order, P is the period length, k is the item of the Fourier series, and t is the current moment. By constructing a periodic model, the principle of the model is to construct the periodic item s of the sequence channel m according to the preset periodic time dimension P (such as month and week). m,p (t) Corresponding Fourier series and fitted on the time-stamped training dataset. The specific implement...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses a real-time detection method for security event abnormity. The periodicity of a multi-channel security event counting sequence on a plurality of time dimensions (such as years,months, weeks and days) can be quickly and effectively extracted and quantized into periodic items (namely, contributions of the time dimensions to security event counting values). A high-precision and real-time prediction model can be constructed for a multi-channel and long-period safety event counting sequence in a low training cost manner; due to the fact that the multi-time-dimension periodic items are introduced into the prediction model to serve as additional input, the time step length for training the recurrent neural network prediction model can be greatly shortened, the network complexity is reduced, the training cost and the over-fitting possibility are reduced, and meanwhile the prediction precision is improved. A prediction model is combined with a probabilistic anomaly judgment method based on deviation distribution estimation, so that a more scientific and accurate anomaly judgment mechanism is realized compared with a judgment mode based on an absolute threshold value, relative change, simple prediction and the like at present.

Description

technical field [0001] The invention relates to the technical field of server (cluster) abnormal / attacked monitoring and detection, in particular to a real-time detection method for abnormal security events. Background technique [0002] Server system security monitoring and network security monitoring are the basis for realizing the security protection of the production environment, and are the most important part of the operation and maintenance work. Server / network security monitoring has always been highly valued by IT companies, but long-term practice shows that malicious attacks and security anomalies often occur irregularly, and the effects of attacks / anomalies (mainly referring to the state changes of the target system) are unpredictable , making it very difficult to detect them in security monitoring. [0003] At present, there are a lot of anomaly / attack (hereinafter collectively referred to as anomaly) determination technologies used in the field of server system...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
IPC IPC(8): G06F11/30G06Q10/04G06N3/04
CPCG06F11/3089G06N3/049G06Q10/04
Inventor 崔煜华何黎刚吴文泰
Owner 山东九州信泰信息科技股份有限公司
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap